Processed: tagging 740842
Processing commands for cont...@bugs.debian.org: tags 740842 + sid stretch Bug #740842 [libpam-usb] Move to udisks2, udisks 1 is deprecated Added tag(s) sid and stretch. thanks Stopping processing here. Please contact me if you need assistance. -- 740842: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740842 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: python-greenlet FTBFS on arm* is fixed in Sid as well
Processing control commands: fixed -1 0.4.6-1 Bug #751498 {Done: Laszlo Boszormenyi (GCS) g...@debian.org} [src:python-greenlet] python-greenlet: FTBFS on arm* due to test failures Marked as fixed in versions python-greenlet/0.4.6-1. -- 751498: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751498 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#751498: python-greenlet FTBFS on arm* is fixed in Sid as well
Control: fixed -1 0.4.6-1 On Sat, May 16, 2015 at 9:29 PM, Ivo De Decker iv...@debian.org wrote: On Sat, May 16, 2015 at 05:06:28PM +0200, László Böszörményi (GCS) wrote: It was fixed a while ago for Sid as well. If this bug is actually fixed in sid, you have to add the correct fixed version, because currently the BTS thinks the version in sid is still affected (as you can see in the version graph on the bug page). OK, just done. Laszlo/GCS -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#750743: gspiceui: Please update to use wxwidgets3.0
On Fri, May 15, 2015 at 07:40:46PM +0200, Gudjon I. Gudjonsson wrote: Thanks, in fact I do need some assistance. I have compiled version 1.1.00 and the source can be found at dget http://gudjon.org/debian/source/gspiceui_1.1.00+dfsg-1.dsc http://gudjon.org/debian/source/gspiceui_1.1.00+dfsg.orig.tar.gz is 404... Cheers, Olly -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785066: marked as done (-m32 no longer supported on ppc64el; cannot build a kernel)
++ Library v3 (documentation files) libstdc++-4.9-pic - GNU Standard C++ Library v3 (shared library subset kit) libstdc++6-4.9-dbg - GNU Standard C++ Library v3 (debugging files) libx32gcc-4.9-dev - GCC support library (x32 development files) libx32gfortran-4.9-dev - Runtime library for GNU Fortran applications (x32 development fil libx32go5 - Runtime library for GNU Go applications (x32) libx32go5-dbg - Runtime library for GNU Go applications (x32 debug symbols) libx32objc-4.9-dev - Runtime library for GNU Objective-C applications (x32 development libx32stdc++-4.9-dev - GNU Standard C++ Library v3 (development files) libx32stdc++6-4.9-dbg - GNU Standard C++ Library v3 (debugging files) Closes: 785066 Changes: gcc-4.9 (4.9.2-17) unstable; urgency=medium . * Update to SVN 20150516 (r223238) from the gcc-4_9-branch. * Again, configure with --enable-targets=powerpcle-linux on ppc64el. Closes: #785066. * Remove old CFLAGS/LDFLAGS settings to build gdc. * Remove reference to .ico file in NEWS.html. * Fix -base dependency for the gcj cross packages. Checksums-Sha1: 0a629409d4e741f9ad403a8e74ca3a3da4f363b5 10693 gcc-4.9_4.9.2-17.dsc 1b78dafc3e07239ef3c2af17cdc5023100b068d0 1257424 gcc-4.9_4.9.2-17.diff.gz 5a1c49c482b0b5061004e5726cf30e0fb82c007f 74567864 gcc-4.9-source_4.9.2-17_all.deb cc87388772cc1a3d0181031658a6af2281a66619 10349660 gcj-4.9-jre-lib_4.9.2-17_all.deb bb7ac21dd5313212e0a330dfaa3692b3593391a7 11663050 gcj-4.9-source_4.9.2-17_all.deb abac59448b7203b7e6d7998b0f739e7749b54167 8225736 libstdc++-4.9-doc_4.9.2-17_all.deb 0150d821db724699cdf8e35b3e23b471db20426d 1445072 gcc-4.9-locales_4.9.2-17_all.deb ae491d86df6c52abe37c03852fb821c7be1006c1 161378 gcc-4.9-base_4.9.2-17_ppc64el.deb 0b753045bac00fda10ef8ad933bb63bfe14a3e16 264134 libgcc-4.9-dev_4.9.2-17_ppc64el.deb f364c1bc483b9416eab4a3bba49eeb1608042c5f 4752490 cpp-4.9_4.9.2-17_ppc64el.deb 534d5163156097fd0d4b809d82037d881fbe8221 4980038 gobjc++-4.9_4.9.2-17_ppc64el.deb 0f77fbecb07bee96b0265e7024e8459202b1 4592512 gobjc-4.9_4.9.2-17_ppc64el.deb d34020084da70295c9d2e5f503a3fe6cff28e08c 391892 libobjc-4.9-dev_4.9.2-17_ppc64el.deb 6e0267e6ab094db413bb6863e1e2f2694e4f4f06 2529696 libgo5_4.9.2-17_ppc64el.deb 3e38391aeaf1e10b7809188639526efba69f4e35 2957510 libgo5-dbg_4.9.2-17_ppc64el.deb 3179c47a885dde5c9229ee8ee990e49d7341a7a8 8078914 gccgo-4.9_4.9.2-17_ppc64el.deb fd725d8b8b3f11a4d277247426d8e2ba071c19df 49376 gcj-4.9-jre-headless_4.9.2-17_ppc64el.deb 7e6c82e570096f1c6dbfcc9c5a3889773ddef589 9268602 libgcj15_4.9.2-17_ppc64el.deb 8736330fd3447dda510d5471eb69ce8380e53ddc 64670 libgcj15-awt_4.9.2-17_ppc64el.deb 40cdb84443e761f915987b158411844855d63df6 1270 gcj-4.9-jre_4.9.2-17_ppc64el.deb 42a150ef862c6d9b8d66d5bf5766f9249ada89a3 444890 gcj-4.9-jdk_4.9.2-17_ppc64el.deb 144e18a91fad69256391239d989b8104b4d22a49 607788 libgcj15-dev_4.9.2-17_ppc64el.deb 53f26064e39d129195e6886961892579eba057d6 16749614 libgcj15-dbg_4.9.2-17_ppc64el.deb ab7b5e7e0671b2d14a6e0383ce5e9d6e80397c10 4559044 gcj-4.9_4.9.2-17_ppc64el.deb 412e5bd4dd42e1139e22059e50ac856e69026d4d 5167074 g++-4.9_4.9.2-17_ppc64el.deb 9352b128ce58f33aa336b94918867bd1bf661eab 924 libstdc++-4.9-dev_4.9.2-17_ppc64el.deb 053dae1142dc4616fd441fdda48c9a5c2aa91626 315596 libstdc++-4.9-pic_4.9.2-17_ppc64el.deb 512d605b04ccbaea8e3769ebab57aac1eae52c28 2846428 libstdc++6-4.9-dbg_4.9.2-17_ppc64el.deb 6d6b5eaf571e26f7de08a4b6978c9811f2affde7 243976 libgfortran-4.9-dev_4.9.2-17_ppc64el.deb dde410dfb740746d2013a6cb981eb4e99f27c3a1 5048204 gfortran-4.9_4.9.2-17_ppc64el.deb b68c98777de598444d23aec5daecc0bd2085d208 5266780 gdc-4.9_4.9.2-17_ppc64el.deb d7891a4a9d907931711f9e8e7268eb7e800298b9 791160 gcc-4.9-plugin-dev_4.9.2-17_ppc64el.deb ef2510adc285edf827bd5570ba2fcb7eb3701c51 4929238 gcc-4.9_4.9.2-17_ppc64el.deb Checksums-Sha256: dae6b4cc7830a8b2696f1534eb1325d7aea912092ecb645e84847eab9853df5c 10693 gcc-4.9_4.9.2-17.dsc e2886d6daa079a42bea3798ebbed407d21250c71f6a29103e455d2ff8fbd02ad 1257424 gcc-4.9_4.9.2-17.diff.gz 318d2ec04328bf4b962f22fbd66b228214edaca64eb8034d5e91e44f80d45888 74567864 gcc-4.9-source_4.9.2-17_all.deb 0048d5ba3aba333a80ea5145d2c9be2c9a9404c03b653085abc52ae9fbd22582 10349660 gcj-4.9-jre-lib_4.9.2-17_all.deb 4e9ba020371112c1fc05516c6315ddf05e3aeefd7ab19474be80bec3724e7b4d 11663050 gcj-4.9-source_4.9.2-17_all.deb 7350743b61376c4216835b4714678e7a42a4f4b491a0b364a52f11dd9514e3e9 8225736 libstdc++-4.9-doc_4.9.2-17_all.deb e02b6c623ffa2a854550812db17c3ac29b418f7c147bad6790c19218168a50aa 1445072 gcc-4.9-locales_4.9.2-17_all.deb e0d35beca26904653f565f50976c6bcb0e6c738ef4d428adb24f6da06df0ab29 161378 gcc-4.9-base_4.9.2-17_ppc64el.deb 328bd8a89c2bc70fd46dc5d56f3bc849dbc5e14382400a10a0a36bd3bfa2bb01 264134 libgcc-4.9-dev_4.9.2-17_ppc64el.deb 72dde2ee74c3e70a52894f85fe448a74462fe7fa24819538ccf396743ff2371c 4752490 cpp-4.9_4.9.2-17_ppc64el.deb 80cffdfd9ee1cdc7d81e8e93455d925bcc750399393936384568b7840853b25f
Bug#785476: segfault when building against libhiredis0.13 due to vendored header files
Package: webdis Version: 0.1.1-2 Severity: serious Hello, I'm trying to transition the hiredis package from libhiredis0.10 to libhiredis0.13, but some issues with the packaging (specifically the vendored sources) of webdis are causing me some problems. Specifically, the vendored hiredis and jansson headers are used instead of the headers from libhiredis-dev and libjansson-dev. The most noisy symptom is a segfault when building webdis against libhiredis0.13, which gdb shows is pool_connect trying to call strlen(...) on a null pointer: (gdb) set follow-fork-mode child (gdb) run /tmp/tmp.swHGJysNL5/webdis.json Starting program: /home/tom/Source/debian/webdis-0.1.1/webdis /tmp/tmp.swHGJysNL5/webdis.json [Thread debugging using libthread_db enabled] Using host libthread_db library /lib/x86_64-linux-gnu/libthread_db.so.1. [New process 25152] [Thread debugging using libthread_db enabled] Using host libthread_db library /lib/x86_64-linux-gnu/libthread_db.so.1. [New Thread 0x76585700 (LWP 25153)] [New Thread 0x75d84700 (LWP 25154)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x76585700 (LWP 25153)] strlen () at ../sysdeps/x86_64/strlen.S:106 106 ../sysdeps/x86_64/strlen.S: No such file or directory. (gdb) bt #0 strlen () at ../sysdeps/x86_64/strlen.S:106 #1 0x0040798f in pool_connect (p=0x623940, db_num=0, attach=attach@entry=1) at pool.c:134 #2 0x004031a3 in worker_pool_connect (w=0x623b70, w=0x623b70) at worker.c:133 #3 worker_main (p=0x623b70) at worker.c:153 #4 0x7715a0a4 in start_thread (arg=0x76585700) at pthread_create.c:309 #5 0x76e8f04d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Stepping through gdb a little more carefully, we can trace the issue down to the call out to redisAsyncConnectUnix in pool_connect. Inside redisAsyncConnectUnix (all the way up until the final retq instruction on amd64) the redisAsyncContext looks something like this: p *ac $4 = {c = {err = 1, errstr = No such file or directory, '\000' repeats 102 times, fd = -1, flags = 0, obuf = 0x7f68 , reader = 0x7f80, connection_type = REDIS_CONN_UNIX, timeout = 0x0, tcp = { host = 0x0, source_addr = 0x0, port = 0}, unix_sock = { path = 0x78c0 /tmp/tmp.ltIFMqN271/redis.sock}}, err = 1, errstr = 0x700011e4 No such file or directory, data = 0x0, ev = {data = 0x0, addRead = 0x0, delRead = 0x0, addWrite = 0x0, delWrite = 0x0, cleanup = 0x0}, onDisconnect = 0x0, onConnect = 0x0, replies = {head = 0x0, tail = 0x0}, sub = {invalid = {head = 0x0, tail = 0x0}, channels = 0x7e80, patterns = 0x7ec0}} *The moment the retq instruction in this function returns* the struct layout changes in gdb (e.g. the connection_type field disappears): p *ac $6 = {c = {err = 1, errstr = No such file or directory, '\000' repeats 102 times, fd = -1, flags = 0, obuf = 0x7f68 , reader = 0x7f80}, err = 1, errstr = 0x0, data = 0x0, ev = {data = 0x0, addRead = 0x0, delRead = 0x78c0, addWrite = 0x1, delWrite = 0x700011e4, cleanup = 0x0}, onDisconnect = 0x0, onConnect = 0x0, replies = {head = 0x0, tail = 0x0}, sub = {invalid = {head = 0x0, tail = 0x0}, channels = 0x0, patterns = 0x0}} So the layout of the redisContext struct used to build libhiredis-dev 0.13.1-1 differs from one used to build webdis. This can be explained by the vendored headers can be further verified with strace when building the package with gbp: $ strace -e open -f -o ../strace.txt gbp buildpackage --git-debian-branch=debian --git-upstream-branch=master Any possibility you could sort that out? If it were up to me I'd use a patch to blow away the vendored sources, but I'm not sure if that's the best way to handle this sort of situation. gbp's support for filtering may also be an option. libhiredis0.13 and libhiredis-dev 0.13.1-1 have been uploaded to the experimental distribution if you'd like to reproduce this for yourself. Cheers, Tom -- *Tom Lee */ http://tomlee.co / @tglee http://twitter.com/tglee
Processed: Re: python-greenlet FTBFS on arm* is fixed in Sid as well
Processing control commands: tags -1 - jessie Bug #751498 {Done: Laszlo Boszormenyi (GCS) g...@debian.org} [src:python-greenlet] python-greenlet: FTBFS on arm* due to test failures Removed tag(s) jessie. -- 751498: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751498 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#751498: python-greenlet FTBFS on arm* is fixed in Sid as well
Control: tags -1 - jessie Hi, On Sat, May 16, 2015 at 05:06:28PM +0200, László Böszörményi (GCS) wrote: Subject: python-greenlet FTBFS on arm* is fixed in Sid as well Control: -1 - sid stretch Hi Ivo, It was fixed a while ago for Sid as well. Actually, there should be no version tags on this bug at all, so I removed the remaining jessie tag. Version tracking should be enough to find out which versions are affected. If this bug is actually fixed in sid, you have to add the correct fixed version, because currently the BTS thinks the version in sid is still affected (as you can see in the version graph on the bug page). Cheers, Ivo -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 740841
Processing commands for cont...@bugs.debian.org: tags 740841 + sid stretch Bug #740841 {Done: georg...@debian.org} [scolasync] Move to udisks2, udisks 1 is deprecated Added tag(s) sid and stretch. thanks Stopping processing here. Please contact me if you need assistance. -- 740841: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740841 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: python-greenlet FTBFS on arm* is fixed in Sid as well
Processing control commands: tags -1 - sid stretch Bug #751498 {Done: Laszlo Boszormenyi (GCS) g...@debian.org} [src:python-greenlet] python-greenlet: FTBFS on arm* due to test failures Removed tag(s) sid and stretch. -- 751498: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751498 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#751498: python-greenlet FTBFS on arm* is fixed in Sid as well
Control: tags -1 - sid stretch -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 784769
Processing commands for cont...@bugs.debian.org: tags 784769 + sid stretch Bug #784769 [libqcustomplot-dev] libqcustomplot-dev: Transition to cmake 3.2 Added tag(s) sid and stretch. thanks Stopping processing here. Please contact me if you need assistance. -- 784769: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784769 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 783553
Processing commands for cont...@bugs.debian.org: # Distributable, copyright already fixed in sid+stretch tags 783553 + jessie-ignore Bug #783553 {Done: Paolo Greppi paolo.gre...@libpf.com} [numdiff] numdiff: debian/copyright file is not complete Added tag(s) jessie-ignore. thanks Stopping processing here. Please contact me if you need assistance. -- 783553: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783553 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 783838
Processing commands for cont...@bugs.debian.org: tags 783838 + sid stretch Bug #783838 {Done: m...@debian.org (Matteo F. Vescovi)} [src:blender] blender: FTBFS in Jessie Added tag(s) sid and stretch. thanks Stopping processing here. Please contact me if you need assistance. -- 783838: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783838 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c
On 2015-05-15 15:22:28, Alessandro Ghedini wrote: On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: Version: 6:11.3-1 On 2015-05-14 20:41:15, Arne Wichmann wrote: Package: libavcodec56 Version: 6:11.3-2 Severity: grave Tags: security Justification: user security hole Hi, as far as I can see this has not yet been reported or fixed: CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data [1] I marked this as grave as the impact is unclear and might include arbitrary code execution. Feel free do downgrade if this can be ruled out. (Actually I would like to have a look at the test case to check a bit more thoroughly, but AFAICS I would need to talk to google for this.) [1] https://security-tracker.debian.org/tracker/CVE-2014-7937 https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html A similar commit to the one maintained in this mailing list post was applied to 11.3. So closing with that version. Do you mean the patch at [0]? Honestly it doesn't look like the ffmpeg patch at all, and the commit message doesn't even mention the bug fix. How can you be so sure that the bug is fixed? I might have read the commit wrong. Do you have a sample for this CVE? Cheers -- Sebastian Ramacher signature.asc Description: Digital signature
Bug#785091: marked as done (spatialite-bin: spatialite gives a Segmentation fault.)
Your message dated Sat, 16 May 2015 16:29:48 + with message-id e1yteyc-ig...@franck.debian.org and subject line Bug#785091: fixed in spatialite-tools 4.1.1-5 has caused the Debian Bug report #785091, regarding spatialite-bin: spatialite gives a Segmentation fault. to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 785091: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785091 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: spatialite-bin Version: 4.1.1-4+b1 Severity: critical Justification: breaks unrelated software Dear Maintainer, * What led up to the situation? Recent testing update. * What exactly did you do (or not do) that was effective (or ineffective)? Simply type the command `spatialite` * What was the outcome of this action? Segfault -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (900, 'testing'), (300, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages spatialite-bin depends on: ii libc6 2.19-18 ii libexpat1 2.1.0-6+b3 ii libfreexl1 1.0.1-2 ii libgeos-c1 3.4.2-7 ii libproj94.9.1-1 ii libreadline66.3-8+b3 ii libreadosm1 1.0.0d-1 ii libspatialite5 4.1.1-10+b1 ii libsqlite3-03.8.9-2 ii zlib1g 1:1.2.8.dfsg-2+b1 spatialite-bin recommends no packages. spatialite-bin suggests no packages. -- no debconf information ---End Message--- ---BeginMessage--- Source: spatialite-tools Source-Version: 4.1.1-5 We believe that the bug you reported is fixed in the latest version of spatialite-tools, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 785...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bas Couwenberg sebas...@debian.org (supplier of updated spatialite-tools package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 16 May 2015 17:05:48 +0200 Source: spatialite-tools Binary: spatialite-bin Architecture: source amd64 Version: 4.1.1-5 Distribution: unstable Urgency: medium Maintainer: Debian GIS Project pkg-grass-de...@lists.alioth.debian.org Changed-By: Bas Couwenberg sebas...@debian.org Description: spatialite-bin - Geospatial extension for SQLite - tools Closes: 785091 Changes: spatialite-tools (4.1.1-5) unstable; urgency=medium . * Add patch to use spatialite_init_ex() instead of spatialite_init(), the latter segfaults now that libspatialite is built with libproj 4.9.1. (closes: #785091) * Update Vcs-Browser URL to use cgit instead of gitweb. * Bump Standards-Version to 3.9.6, no changes. Checksums-Sha1: 3e557a3d5b2969112b51bcf79b3643ad0f2eb565 2325 spatialite-tools_4.1.1-5.dsc 0db3abc4a1f180d83578a10c020dd8fb4865a5ec 13856 spatialite-tools_4.1.1-5.debian.tar.xz b66e5549e248f1bb298f60905e0980b7f0db6a13 142472 spatialite-bin_4.1.1-5_amd64.deb Checksums-Sha256: 9056b1dec49f8db3ff19b7b6121d58d28bf30e45972317f5a9d0312fe7f253ed 2325 spatialite-tools_4.1.1-5.dsc 7afcc8d0e64bc03f3b8bc06690a8a0f8a33214f0ef09fbf3ba02efc99603c1ec 13856 spatialite-tools_4.1.1-5.debian.tar.xz 7fd40b8712f99e5c11838db0bdfd65c5cc5b6e81b812d1c60ecfb0b4811ea372 142472 spatialite-bin_4.1.1-5_amd64.deb Files: 0c76c121b21ba7d15317526caa7af7c4 2325 science optional spatialite-tools_4.1.1-5.dsc e66a8abccee78ba2aca32a79e65703d6 13856 science optional spatialite-tools_4.1.1-5.debian.tar.xz 84c6be17e35079271b73533bb53fe4c1 142472 science optional spatialite-bin_4.1.1-5_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJVV16/AAoJEGdQ8QrojUrxVWsP/ROgIwM1pqLcY3zXKk49nqAN /FL/3vSZskeEGs0mKvmh4w0l4JBZ4olc+sgCMFgsYzSbSp4nxxkhujsibz8vibzV IWZjmt79/H3iqXZELh7MuiQOkwD4wGamrvlUDPHRtkAVznnVRNuJQFFaVeh26QjW yFgY8MUXz4uAr2x2KpjOfiBI0R4oYKNrd2zPoqJlZLluE1eZDjMhYF0g/TJqwz8g L3HOzwwSWxDAxNe9LmXJyRmP6NbRoUIaiO+f5qF1b5IVpIircrd0Byb2eVTYun5q /q8mfgOCzks2YQD+kh2zR90asWyMWImoy1HAUl0XF3WJ9Pr0r4tVPiRl0WxCOBBK
Bug#785281: [pkg-php-pear] Bug#785281: Split phpseclib?
Hi Mathieu, 3./ The php-phpseclib should provide all the libraries it ships. This would be the proper fix for #785281. Digging a bit, this would not be the proper fix for #785281. Here is an extract from the diff: * Here's an example of how to use this library: * code * ?php - *include('Math/BigInteger.php'); - * - *$a = new Math_BigInteger(2); - *$b = new Math_BigInteger(3); + *$a = new \phpseclib\Math\BigInteger(2); + *$b = new \phpseclib\Math\BigInteger(3); [...] +namespace phpseclib\Math; [...] Those are two different classes, with different namespaces. I cant see such difference between the currently packaged phpseclib and php-math-biginteger. The namespaces change is supposed to happen in the next 1. or 2. branch of phpseclib, but the latest upstream version as available in Debian, is not yet inside this new namespace. Ha, that reminds me of the good old times and https://github.com/phpseclib/phpseclib/issues/125 It seems They should probably be installed at a different path: /usr/share/php/Math/BigInteger.php /usr/share/php/phpseclib/Math/BigInteger.php Not yet, sorry. I prefer that the files are moved. But this may be a painfull transition. One well have to take care anyway, but I dont intend to start it before upstream publish a stable release with the new namespase (not even an alpha has been published yet). I'd welcome if the phpseclib package Provides php-phpseclib-file-asn1 Sure, Ill had the others too, but the previous question still stands: should I add another fake provides: php-math-biginteger (= 1.0.2-3) for example (i.e., a bit higher than the current php-math-biginteger real package), or [would] you [ ] patch php-horde-mapi to drop the versionned dependency for php-math-biginteger. ? Regards David -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 785020
Processing commands for cont...@bugs.debian.org: tags 785020 + sid stretch Bug #785020 {Done: gregor herrmann gre...@debian.org} [libmoosex-getopt-perl] libmoosex-getopt-perl: FTBFS: test failures Added tag(s) sid and stretch. thanks Stopping processing here. Please contact me if you need assistance. -- 785020: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785020 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785281: [pkg-php-pear] Bug#785281: Bug#785281: Split phpseclib?
Hi Mathieu, On Sat, May 16, 2015 at 09:22:48PM +0200, Mathieu Parent wrote: 2015-05-16 20:58 GMT+02:00 David Prévot taf...@debian.org: 3./ The php-phpseclib should provide all the libraries it ships. This would be the proper fix for #785281. I prefer the fake provide solution, maybe provides: php-math-biginteger (= 1.0.2+phpseclib) ? Sure, done. I added the other provides (php-seclib, as well as the 19 php-seclib-* packages from the phpseclib channel you pointed earlier) versionless, please shout (or directly fix in the VCS) if you prefer versioned Provides (not that I mind about seeing #761219 fixed first, but if versions are not needed, no need to add them). Upload in progress, you should be able to test it from incoming in a few minutes (I successfully installed php-horde-mapi with php-seclib, but didn’t test if it actually works). Regards David signature.asc Description: Digital signature
Bug#751498: python-greenlet FTBFS on arm* is fixed in Sid as well
Control: -1 - sid stretch Hi Ivo, It was fixed a while ago for Sid as well. Regards, Laszlo/GCS -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785281: [pkg-php-pear] Bug#785281: Bug#785281: Split phpseclib?
2015-05-16 20:58 GMT+02:00 David Prévot taf...@debian.org: Hi Mathieu, Hi David, 3./ The php-phpseclib should provide all the libraries it ships. This would be the proper fix for #785281. Digging a bit, this would not be the proper fix for #785281. Here is an extract from the diff: * Here's an example of how to use this library: * code * ?php - *include('Math/BigInteger.php'); - * - *$a = new Math_BigInteger(2); - *$b = new Math_BigInteger(3); + *$a = new \phpseclib\Math\BigInteger(2); + *$b = new \phpseclib\Math\BigInteger(3); [...] +namespace phpseclib\Math; [...] Those are two different classes, with different namespaces. I can’t see such difference between the currently packaged phpseclib and php-math-biginteger. The namespaces change is supposed to happen in the next 1. or 2. branch of phpseclib, but the latest upstream version as available in Debian, is not yet inside this new namespace. OK. Ha, that reminds me of the “good old times” and https://github.com/phpseclib/phpseclib/issues/125… I see. It seems They should probably be installed at a different path: /usr/share/php/Math/BigInteger.php /usr/share/php/phpseclib/Math/BigInteger.php Not yet, sorry. Indeed. I prefer that the files are moved. But this may be a painfull transition. One we’ll have to take care anyway, but I don’t intend to start it before upstream publish a stable release with the new namespase (not even an alpha has been published yet). I'd welcome if the phpseclib package Provides php-phpseclib-file-asn1 Sure, I’ll had the others too, but the previous question still stands: should I add another fake “provides: php-math-biginteger (= 1.0.2-3)” for example (i.e., a bit higher than the current php-math-biginteger real package), or [would] you […] patch php-horde-mapi to drop the versionned dependency for php-math-biginteger. ? I prefer the fake provide solution, maybe provides: php-math-biginteger (= 1.0.2+phpseclib) ? In parallel, I will remove php-math-integer source package from Debian. Regards -- Mathieu -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785429: icedove: FTBFS with new libvpx 1.4
tags 785429 +patch +pending thanks Hello Emilio, On Sat, May 16, 2015 at 08:55:38AM +0200, Emilio Pozuelo Monfort wrote: Package: icedove Version: 31.6.0-1 Severity: serious On a binNMU for the libvpx transition, your package failed to build with: ... [cut] See https://buildd.debian.org/status/fetch.php?pkg=icedovearch=amd64ver=31.6.0-1%2Bb1stamp=1431713936 These constants are now called VPX_*. thanks for pointing to the fix. I created a patch and added to this mail which hopefully works on all plaforms. Localy it works on amd64. Christoph is planning to upload the new released version 31.7.0 after the weekend to unstable, stable-security and old-stable-security.. Regards Carsten From 499b1981ae7eae1b252a4c141d91e3ee164ca376 Mon Sep 17 00:00:00 2001 From: Carsten Schoenert c.schoen...@t-online.de Date: Sat, 16 May 2015 20:04:35 +0200 Subject: [PATCH] rebuild patch queue from patch-queue branch added patches: debian-hacks/vp8_impl.cc-backporting-naming-for-constants.patch Closes: #785429 --- ..._impl.cc-backporting-naming-for-constants.patch | 36 ++ debian/patches/series | 1 + 2 files changed, 37 insertions(+) create mode 100644 debian/patches/debian-hacks/vp8_impl.cc-backporting-naming-for-constants.patch diff --git a/debian/patches/debian-hacks/vp8_impl.cc-backporting-naming-for-constants.patch b/debian/patches/debian-hacks/vp8_impl.cc-backporting-naming-for-constants.patch new file mode 100644 index 000..24d49f8 --- /dev/null +++ b/debian/patches/debian-hacks/vp8_impl.cc-backporting-naming-for-constants.patch @@ -0,0 +1,36 @@ +From: Carsten Schoenert c.schoen...@t-online.de +Date: Sat, 16 May 2015 20:00:30 +0200 +Subject: vp8_impl.cc: backporting naming for constants + +The libvpx package 1.4.0 brings new names for various constants. To +build against the libvpx some few constants have to be renamed. +--- + .../trunk/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc | 8 + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc b/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc +index 86591a2..dd50494 100644 +--- a/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc b/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc +@@ -180,7 +180,7 @@ int VP8EncoderImpl::InitEncode(const VideoCodec* inst, + // Creating a wrapper to the image - setting image data to NULL. Actual + // pointer will be set in encode. Setting align to 1, as it is meaningless + // (actual memory is not allocated). +- raw_ = vpx_img_wrap(NULL, IMG_FMT_I420, codec_.width, codec_.height, ++ raw_ = vpx_img_wrap(NULL, VPX_IMG_FMT_I420, codec_.width, codec_.height, + 1, NULL); + // populate encoder configuration with default values + if (vpx_codec_enc_config_default(vpx_codec_vp8_cx(), config_, 0)) { +@@ -349,9 +349,9 @@ int VP8EncoderImpl::Encode(const I420VideoFrame input_image, + } + // Image in vpx_image_t format. + // Input image is const. VP8's raw image is not defined as const. +- raw_-planes[PLANE_Y] = const_castuint8_t*(input_image.buffer(kYPlane)); +- raw_-planes[PLANE_U] = const_castuint8_t*(input_image.buffer(kUPlane)); +- raw_-planes[PLANE_V] = const_castuint8_t*(input_image.buffer(kVPlane)); ++ raw_-planes[VPX_PLANE_Y] = const_castuint8_t*(input_image.buffer(kYPlane)); ++ raw_-planes[VPX_PLANE_U] = const_castuint8_t*(input_image.buffer(kUPlane)); ++ raw_-planes[VPX_PLANE_V] = const_castuint8_t*(input_image.buffer(kVPlane)); + // TODO(mikhal): Stride should be set in initialization. + raw_-stride[VPX_PLANE_Y] = input_image.stride(kYPlane); + raw_-stride[VPX_PLANE_U] = input_image.stride(kUPlane); diff --git a/debian/patches/series b/debian/patches/series index af9ee96..2492b63 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -43,3 +43,4 @@ porting-powerpcspe/FTBFS-powerpcspe-disable-AltiVec-instructions.patch iceowl/adjust-calendar-google-provider-to-Google-Calendar-A.patch iceowl/get-rid-of-subdir-shim-in-gdata-provider.patch porting/ppc-fix-divide-page-size-in-jemalloc.patch +debian-hacks/vp8_impl.cc-backporting-naming-for-constants.patch -- 2.1.4
Processed: Re: Bug#785429: icedove: FTBFS with new libvpx 1.4
Processing commands for cont...@bugs.debian.org: tags 785429 +patch +pending Bug #785429 [icedove] icedove: FTBFS with new libvpx 1.4 Added tag(s) patch. Bug #785429 [icedove] icedove: FTBFS with new libvpx 1.4 Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 785429: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785429 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781888: [pkg-cinnamon] Bug#781888: cinnamon-session: session does not start
I am experiencing this bug on two different systems now. I have opened an upstream bug: https://github.com/linuxmint/Cinnamon/issues/4156 -- Frederik Himpe frede...@frehi.be -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c
On Sat, May 16, 2015 at 03:07:57PM +0200, Sebastian Ramacher wrote: On 2015-05-15 15:22:28, Alessandro Ghedini wrote: On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: Version: 6:11.3-1 On 2015-05-14 20:41:15, Arne Wichmann wrote: Package: libavcodec56 Version: 6:11.3-2 Severity: grave Tags: security Justification: user security hole Hi, as far as I can see this has not yet been reported or fixed: CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data [1] I marked this as grave as the impact is unclear and might include arbitrary code execution. Feel free do downgrade if this can be ruled out. (Actually I would like to have a look at the test case to check a bit more thoroughly, but AFAICS I would need to talk to google for this.) [1] https://security-tracker.debian.org/tracker/CVE-2014-7937 https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html A similar commit to the one maintained in this mailing list post was applied to 11.3. So closing with that version. Do you mean the patch at [0]? Honestly it doesn't look like the ffmpeg patch at all, and the commit message doesn't even mention the bug fix. How can you be so sure that the bug is fixed? I might have read the commit wrong. Do you have a sample for this CVE? Unfortunately the reproducer isn't public. I contacted ffmpeg-security about it, I'll keep you posted. Cheers signature.asc Description: Digital signature
Bug#785281: Split phpseclib?
[ Following up to #785281 only, all recipient should get the message from it (once). ] Hi Mathieu, Le 16/05/2015 08:07, Mathieu Parent a écrit : There are three problems here: […] 2./ The current package name from composer should be php-phpseclib instead. I will file a bug about this. There is already #757537. If that’s enough, I can try and work on it. 3./ The php-phpseclib should provide all the libraries it ships. This would be the proper fix for #785281. I can prepare that (with a temporary workaround for #757537 too). Since php-horde-mapi currently depends on php-math-biginteger (= 1.0.2), php-math-biginteger ( 2.0.0) (i.e. the older version from PEAR, but with a higher version), I’m not sure how we should move forward. A priori, versionless provides won’t be enough to satisfy the php-horde-mapi dependency, so just adding versionless provides for all the packages available from the phpseclib channel won’t be enough to fix this issue. Since versionless provides is not enough, using the phpseclib version (currently lower than 1) for all provided packages will not help satisfying the current php-horde-mapi dependency either. I could also add another fake “provides: php-math-biginteger (= 1.0.2-3)” for example (i.e., a bit higher than the current php-math-biginteger real package), or you could patch php-horde-mapi to drop the versionned dependency for php-math-biginteger. Please let me know if you prefer me to add this additional hack into phpseclib, or if you’re willing to drop the versionned dependency from php-horde-mapi. Regards David signature.asc Description: OpenPGP digital signature
Bug#783451: marked as done (libmodule-signature-perl: CVE-2015-3406 CVE-2015-3407 CVE-2015-3408 CVE-2015-3409)
Your message dated Sat, 16 May 2015 18:17:31 + with message-id e1ytger-0006tv...@franck.debian.org and subject line Bug#783451: fixed in libmodule-signature-perl 0.68-1+deb7u2 has caused the Debian Bug report #783451, regarding libmodule-signature-perl: CVE-2015-3406 CVE-2015-3407 CVE-2015-3408 CVE-2015-3409 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 783451: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783451 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: libmodule-signature-perl Version: 0.73-1 Severity: grave Tags: security upstream fixed-upstream Hi, the following vulnerabilities were published for libmodule-signature-perl. CVE-2015-3406[0]: unsigned files interpreted as signed in some circumstances CVE-2015-3407[1]: arbitrary code execution during test phase CVE-2015-3408[2]: arbitrary code execution when verifying module signatures CVE-2015-3409[3]: arbitrary modules loading in some circumstances If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-3406 [1] https://security-tracker.debian.org/tracker/CVE-2015-3407 [2] https://security-tracker.debian.org/tracker/CVE-2015-3408 [3] https://security-tracker.debian.org/tracker/CVE-2015-3409 Please adjust the affected versions in the BTS as needed. p.s.: for the pkg-perl team: I planned to look into it for all needed versions, but if somebody beats me to it, just go ahead! Regards, Salvatore ---End Message--- ---BeginMessage--- Source: libmodule-signature-perl Source-Version: 0.68-1+deb7u2 We believe that the bug you reported is fixed in the latest version of libmodule-signature-perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 783...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso car...@debian.org (supplier of updated libmodule-signature-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 14 May 2015 17:35:32 +0200 Source: libmodule-signature-perl Binary: libmodule-signature-perl Architecture: source all Version: 0.68-1+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Debian Perl Group pkg-perl-maintain...@lists.alioth.debian.org Changed-By: Salvatore Bonaccorso car...@debian.org Description: libmodule-signature-perl - module to manipulate CPAN SIGNATURE files Closes: 783451 Changes: libmodule-signature-perl (0.68-1+deb7u2) wheezy-security; urgency=high . * Team upload. * Add CVE-2015-3406_CVE-2015-3407_CVE-2015-3408.patch patch. CVE-2015-3406: Module::Signature parses the unsigned portion of the SIGNATURE file as the signed portion due to incorrect handling of PGP signature boundaries. CVE-2015-3407: Module::Signature incorrectly handles files that are not listed in the SIGNATURE file. This includes some files in the t/ directory that would execute when tests are run. CVE-2015-3408: Module::Signature uses two argument open() calls to read the files when generating checksums from the signed manifest, allowing to embed arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process. (Closes: #783451) * Add CVE-2015-3409.patch patch. CVE-2015-3409: Module::Signature incorrectly handles module loading allowing to load modules from relative paths in @INC. A remote attacker providing a malicious module could use this issue to execute arbitrary code during signature verification. (Closes: #783451) * Add Fix-signature-tests.patch patch. Fix signature tests by defaulting to verify(skip=1) when $ENV{TEST_SIGNATURE} is true. Checksums-Sha1: a66efd7d66a0864beee6eda77cf094000b77891f 2242 libmodule-signature-perl_0.68-1+deb7u2.dsc d7d640650d6917e30d46d50b9d8806c7abf88a6e 76485 libmodule-signature-perl_0.68.orig.tar.gz 0b29fb6e303e2aba8850a15991e2ecd189d97c5f 10160 libmodule-signature-perl_0.68-1+deb7u2.debian.tar.gz 032c38a36857e7f6cd86e96d3fc627da4c65a48a
Bug#783451: marked as done (libmodule-signature-perl: CVE-2015-3406 CVE-2015-3407 CVE-2015-3408 CVE-2015-3409)
Your message dated Sat, 16 May 2015 18:17:06 + with message-id e1ytge2-0006p9...@franck.debian.org and subject line Bug#783451: fixed in libmodule-signature-perl 0.73-1+deb8u1 has caused the Debian Bug report #783451, regarding libmodule-signature-perl: CVE-2015-3406 CVE-2015-3407 CVE-2015-3408 CVE-2015-3409 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 783451: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783451 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: libmodule-signature-perl Version: 0.73-1 Severity: grave Tags: security upstream fixed-upstream Hi, the following vulnerabilities were published for libmodule-signature-perl. CVE-2015-3406[0]: unsigned files interpreted as signed in some circumstances CVE-2015-3407[1]: arbitrary code execution during test phase CVE-2015-3408[2]: arbitrary code execution when verifying module signatures CVE-2015-3409[3]: arbitrary modules loading in some circumstances If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-3406 [1] https://security-tracker.debian.org/tracker/CVE-2015-3407 [2] https://security-tracker.debian.org/tracker/CVE-2015-3408 [3] https://security-tracker.debian.org/tracker/CVE-2015-3409 Please adjust the affected versions in the BTS as needed. p.s.: for the pkg-perl team: I planned to look into it for all needed versions, but if somebody beats me to it, just go ahead! Regards, Salvatore ---End Message--- ---BeginMessage--- Source: libmodule-signature-perl Source-Version: 0.73-1+deb8u1 We believe that the bug you reported is fixed in the latest version of libmodule-signature-perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 783...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso car...@debian.org (supplier of updated libmodule-signature-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 14 May 2015 12:58:30 +0200 Source: libmodule-signature-perl Binary: libmodule-signature-perl Architecture: source all Version: 0.73-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Perl Group pkg-perl-maintain...@lists.alioth.debian.org Changed-By: Salvatore Bonaccorso car...@debian.org Description: libmodule-signature-perl - module to manipulate CPAN SIGNATURE files Closes: 783451 Changes: libmodule-signature-perl (0.73-1+deb8u1) jessie-security; urgency=high . * Team upload. * Add CVE-2015-3406_CVE-2015-3407_CVE-2015-3408.patch patch. CVE-2015-3406: Module::Signature parses the unsigned portion of the SIGNATURE file as the signed portion due to incorrect handling of PGP signature boundaries. CVE-2015-3407: Module::Signature incorrectly handles files that are not listed in the SIGNATURE file. This includes some files in the t/ directory that would execute when tests are run. CVE-2015-3408: Module::Signature uses two argument open() calls to read the files when generating checksums from the signed manifest, allowing to embed arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process. (Closes: #783451) * Add CVE-2015-3409.patch patch. CVE-2015-3409: Module::Signature incorrectly handles module loading allowing to load modules from relative paths in @INC. A remote attacker providing a malicious module could use this issue to execute arbitrary code during signature verification. (Closes: #783451) * Add Fix-signature-tests.patch patch. Fix signature tests by defaulting to verify(skip=1) when $ENV{TEST_SIGNATURE} is true. Checksums-Sha1: b6990c71af5da61b71d4bd4bca27098a2958a8b7 2267 libmodule-signature-perl_0.73-1+deb8u1.dsc 0bb005a69aae5f7f7511f5d6b1a61762bca27173 77407 libmodule-signature-perl_0.73.orig.tar.gz efa31256e138a422964ef3d542398651b4204d82 9228 libmodule-signature-perl_0.73-1+deb8u1.debian.tar.xz 2efa2008b111775f84e708f50af5a1cf5138ec9a 30370
Bug#785281: [pkg-php-pear] Bug#785281: Split phpseclib?
2015-05-16 17:53 GMT+02:00 David Prévot taf...@debian.org: [ Following up to #785281 only, all recipient should get the message from it (once). ] Hi Mathieu, Le 16/05/2015 08:07, Mathieu Parent a écrit : There are three problems here: […] 2./ The current package name from composer should be php-phpseclib instead. I will file a bug about this. There is already #757537. If that’s enough, I can try and work on it. Yes, that would do it. 3./ The php-phpseclib should provide all the libraries it ships. This would be the proper fix for #785281. Digging a bit, this would not be the proper fix for #785281. Here is an extract from the diff: * Here's an example of how to use this library: * code * ?php - *include('Math/BigInteger.php'); - * - *$a = new Math_BigInteger(2); - *$b = new Math_BigInteger(3); + *$a = new \phpseclib\Math\BigInteger(2); + *$b = new \phpseclib\Math\BigInteger(3); [...] +namespace phpseclib\Math; [...] Those are two different classes, with different namespaces. It seems They should probably be installed at a different path: /usr/share/php/Math/BigInteger.php /usr/share/php/phpseclib/Math/BigInteger.php What do you think? [...] Please let me know if you prefer me to add this additional hack into phpseclib, or if you’re willing to drop the versionned dependency from php-horde-mapi. I prefer that the files are moved. But this may be a painfull transition. I'd welcome if the phpseclib package Provides php-phpseclib-file-asn1 -- Mathieu -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785472: parcellite: Parcellite fails to start after upgrading to Jessie
Hi Petr, Thanks for reporting bugs. Could you provide more informations about parcellite's crash ? What happens if you directly call parcellite from the CLI (with the 'parcellite' command) ? Best Regards, Hugo -- Hugo Lefeuvre (hugo6390)|www.hugo6390.org 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: Digital signature
Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c
On 2015-05-16 15:28:44, Arne Wichmann wrote: begin quotation from Sebastian Ramacher (in 20150516130757.ga21...@ramacher.at): On 2015-05-15 15:22:28, Alessandro Ghedini wrote: On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: Version: 6:11.3-1 On 2015-05-14 20:41:15, Arne Wichmann wrote: Package: libavcodec56 Version: 6:11.3-2 Severity: grave Tags: security Justification: user security hole Hi, as far as I can see this has not yet been reported or fixed: CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data [1] I marked this as grave as the impact is unclear and might include arbitrary code execution. Feel free do downgrade if this can be ruled out. (Actually I would like to have a look at the test case to check a bit more thoroughly, but AFAICS I would need to talk to google for this.) [1] https://security-tracker.debian.org/tracker/CVE-2014-7937 https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html A similar commit to the one maintained in this mailing list post was applied to 11.3. So closing with that version. Do you mean the patch at [0]? Honestly it doesn't look like the ffmpeg patch at all, and the commit message doesn't even mention the bug fix. How can you be so sure that the bug is fixed? I might have read the commit wrong. Do you have a sample for this CVE? There is one referenced in various messages relating to CVE-2014-7937: asan_heap-uaf_18dac2b_9_asan_heap-uaf_22eb375_208_beta3_test_small.ogg unfortunately it is not publicly available AFAICS. You might ask upstream about it. I did. libav developers do not seem to have it. So please provide a sample. Cheers -- Sebastian Ramacher signature.asc Description: Digital signature
Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 begin quotation from Sebastian Ramacher (in 20150516130757.ga21...@ramacher.at): On 2015-05-15 15:22:28, Alessandro Ghedini wrote: On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: Version: 6:11.3-1 On 2015-05-14 20:41:15, Arne Wichmann wrote: Package: libavcodec56 Version: 6:11.3-2 Severity: grave Tags: security Justification: user security hole Hi, as far as I can see this has not yet been reported or fixed: CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data [1] I marked this as grave as the impact is unclear and might include arbitrary code execution. Feel free do downgrade if this can be ruled out. (Actually I would like to have a look at the test case to check a bit more thoroughly, but AFAICS I would need to talk to google for this.) [1] https://security-tracker.debian.org/tracker/CVE-2014-7937 https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html A similar commit to the one maintained in this mailing list post was applied to 11.3. So closing with that version. Do you mean the patch at [0]? Honestly it doesn't look like the ffmpeg patch at all, and the commit message doesn't even mention the bug fix. How can you be so sure that the bug is fixed? I might have read the commit wrong. Do you have a sample for this CVE? There is one referenced in various messages relating to CVE-2014-7937: asan_heap-uaf_18dac2b_9_asan_heap-uaf_22eb375_208_beta3_test_small.ogg unfortunately it is not publicly available AFAICS. You might ask upstream about it. cu AW - -- [...] If you don't want to be restricted, don't agree to it. If you are coerced, comply as much as you must to protect yourself, just don't support it. Noone can free you but yourself. (crag, on Debian Planet) Arne Wichmann (a...@linux.de) -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJVV0YMAAoJEENYfBy4DUs++FAP/j6NA8gP37qu4hHTFK9rKc+3 ddj3sClTKQ3d8aC2xq3+rgxjUo35YiPgY3sdcTb4Sni5rm8acHpo0NdDlkpPdFS4 gR3nx3t0GEAqe55aLzUls6Rq9U9fWwHrhjl+Kbhr6zNR+XtXoDMj12GA3ICcJp7J ucvMZtpbJhaTJwvqsljn7IAvjgdikAdtxiRqPXHbeAAwKYJkU5Bdlu9eB+YtXABF IAHU8Qyc4PaJ4o/kbv+C5IBk8ILqhZPjTNSdljJryJTPBkH/R5P9VFjJs/rcSh8O nB2bUmXcRX/+tw5GFcLvYrpivylCpQPLebp2gQjoAUuj8ARS931pGEiFxThqffP+ 53F+lG/tIXpO53Yn/CpoOkGm0sjgApSRDgCwJsgy2HkUi8CN66mBt03nciEfPvG6 om60Oa0Mj+BoevtiQeaXRgXI/bsKDz57sUuhOlGY6LbfNbAWew90ns+q1CWTDW/8 uAsi8SgKjVKp3lM8f3TR73GIOMVn8lNAgnSyrbVVGke7nHO0AjwdeV/Ld6So6fWG 1ELvZyzkn/BI6V3W29IjcKlo7ncS9bv6CU1z+vToW2FPUitazS3P2cdr069KyKyH bU8hQPkqDp2jwMMk4DDojS5ue8VhFj0yazhMKYJB7KSzjf57qgegjipEvKQlN5HT FFVJBtD94jGVHzspGh0s =lqqu -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c
2015-05-16 15:31 GMT+02:00 Sebastian Ramacher sramac...@debian.org: On 2015-05-16 15:28:44, Arne Wichmann wrote: begin quotation from Sebastian Ramacher (in 20150516130757.ga21...@ramacher.at): On 2015-05-15 15:22:28, Alessandro Ghedini wrote: On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: Version: 6:11.3-1 On 2015-05-14 20:41:15, Arne Wichmann wrote: Package: libavcodec56 Version: 6:11.3-2 Severity: grave Tags: security Justification: user security hole Hi, as far as I can see this has not yet been reported or fixed: CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data [1] I marked this as grave as the impact is unclear and might include arbitrary code execution. Feel free do downgrade if this can be ruled out. (Actually I would like to have a look at the test case to check a bit more thoroughly, but AFAICS I would need to talk to google for this.) [1] https://security-tracker.debian.org/tracker/CVE-2014-7937 https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html A similar commit to the one maintained in this mailing list post was applied to 11.3. So closing with that version. Do you mean the patch at [0]? Honestly it doesn't look like the ffmpeg patch at all, and the commit message doesn't even mention the bug fix. How can you be so sure that the bug is fixed? I might have read the commit wrong. Do you have a sample for this CVE? There is one referenced in various messages relating to CVE-2014-7937: asan_heap-uaf_18dac2b_9_asan_heap-uaf_22eb375_208_beta3_test_small.ogg unfortunately it is not publicly available AFAICS. You might ask upstream about it. I did. libav developers do not seem to have it. So please provide a sample. Why don't you/they ask FFmpeg upstream directly? Cheers, Balint -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781888: [pkg-cinnamon] Bug#781888: cinnamon-session: session does not start
On 2015-05-16 15:16, Frederik Himpe wrote: I am experiencing this bug on two different systems now. I have opened an upstream bug: https://github.com/linuxmint/Cinnamon/issues/4156 # apt-get install -t experimental gir1.2-meta-muffin-0.0 fixed this problem. All muffin packages where still the 2.2 version. So this dependency seems to be missing. -- Frederik Himpe -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785472: parcellite: Parcellite fails to start after upgrading to Jessie
Package: parcellite Version: 1.1.9-1 Severity: grave Justification: renders package unusable -- System Information: Debian Release: 8.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.16.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages parcellite depends on: ii libappindicator1 0.4.92-3.1 ii libatk1.0-0 2.14.0-1 ii libc62.19-18 ii libcairo21.14.0-2.1 ii libdbusmenu-glib412.10.2-1 ii libfontconfig1 2.11.0-6.3 ii libfreetype6 2.5.2-3 ii libgdk-pixbuf2.0-0 2.31.1-2+b1 ii libglib2.0-0 2.42.1-1 ii libgtk2.0-0 2.24.25-3 ii libpango-1.0-0 1.36.8-3 ii libpangocairo-1.0-0 1.36.8-3 ii libpangoft2-1.0-01.36.8-3 ii libx11-6 2:1.6.2-3 parcellite recommends no packages. parcellite suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785091: spatialite-bin: spatialite gives a Segmentation fault.
On Tue, 2015-05-12 at 12:13 +0100, Andy G Wood wrote: Hi Sebastiaan, On Tuesday 12 May 2015 12:03:43 Sebastiaan Couwenberg wrote: [...] Justification: breaks unrelated software This justification is not supported by your bugreport. Which unrelated software does this issue break? Sorry, perhaps this is not unrelated, but ogr2ogr -a_srs WGS84 -f SQLite -dsco SPATIALITE=YES \ -where 'PTT=143471' -nln 143471 -append \ wcp_2015.sqlite wcp.xml Segfaults too. Software designed to be able to use spatialite is fairly far away from the definition of unrelated to spatialite. :-) Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 783936
Processing commands for cont...@bugs.debian.org: tags 783936 + sid stretch Bug #783936 [src:libswe-doc] FTBFS: build-depends on removed python-uno Added tag(s) sid and stretch. thanks Stopping processing here. Please contact me if you need assistance. -- 783936: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783936 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 784744
Processing commands for cont...@bugs.debian.org: tags 784744 + sid stretch Bug #784744 {Done: Debian FTP Masters ftpmas...@ftp-master.debian.org} [src:xf86-video-msm] xf86-video-msm: FTBFS against xserver 1.17 Added tag(s) sid and stretch. thanks Stopping processing here. Please contact me if you need assistance. -- 784744: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784744 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 750511
Processing commands for cont...@bugs.debian.org: tags 750511 + sid stretch Bug #750511 [udisks-glue] Move to udisks2, udisks 1 is deprecated Added tag(s) sid and stretch. thanks Stopping processing here. Please contact me if you need assistance. -- 750511: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750511 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#785349: transition: hiredis
Processing control commands: block -1 by 785476 Bug #785349 [release.debian.org] transition: hiredis 785349 was not blocked by any bugs. 785349 was not blocking any bugs. Added blocking bug(s) of 785349: 785476 -- 785349: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785349 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785472: Acknowledgement (parcellite: Parcellite fails to start after upgrading to Jessie)
Sorry, I probably somehow lost the detailed information I put into the reporting tool. If I run parcellite in the daemon mode, it prints the clipboard and then spits out errors, approximately 2-3 per second, and this goes on forever: $ parcellite -d Flag 0x0001, status 0, EXIT 1 STAT 0 the clipboard content (parcellite:22789): GLib-CRITICAL **: Source ID 8 was not found when attempting to remove it (parcellite:22789): GLib-CRITICAL **: Source ID 11 was not found when attempting to remove it (parcellite:22789): GLib-CRITICAL **: Source ID 14 was not found when attempting to remove it ... ... and the application never starts. I tried to remove the configuration file in https://plus.maths.org/content/if-we-all-go-blonde, but that had no effect. I have somewhat unusual setup, I'm using Xmonad, but before upgrading to Jessie I had never had problems. Thanks, Petr so 16. 5. 2015 v 20:27 odesílatel Debian Bug Tracking System ow...@bugs.debian.org napsal: Thank you for filing a new Bug report with Debian. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. As you requested using X-Debbugs-CC, your message was also forwarded to petr@gmail.com, When, I'm (after having been given a Bug report number, if it did not have one). Your message has been sent to the package maintainer(s): Hugo Lefeuvre hugo6...@orange.fr If you wish to submit further information on this problem, please send it to 785...@bugs.debian.org. Please do not send mail to ow...@bugs.debian.org unless you wish to report a problem with the Bug-tracking system. -- 785472: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785472 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#784009: want to back out to get wget working again
[DOWNGRADE] libgnutls-deb0-28:i386 3.3.15-3 - 3.3.15-2 Working! Then today: [UPGRADE] libgnutls-deb0-28:i386 3.3.15-2 - 3.3.15-4 Broken AGAIN! I guess aptitude forbid-version is not strong enough. Looks like I will need aptitude hold. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785281: marked as done (php-seclib and php-math-biginteger: error when trying to install together)
Your message dated Sat, 16 May 2015 21:38:50 + with message-id e1ytjng-0006fl...@franck.debian.org and subject line Bug#785281: fixed in phpseclib 0.3.10-3 has caused the Debian Bug report #785281, regarding php-seclib and php-math-biginteger: error when trying to install together to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 785281: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785281 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: php-math-biginteger,php-seclib Version: php-math-biginteger/1.0.2-2 Version: php-seclib/0.3.10-2 Severity: serious User: trei...@debian.org Usertags: edos-file-overwrite Date: 2015-05-14 Architecture: amd64 Distribution: sid Hi, automatic installation tests of packages that share a file and at the same time do not conflict by their package dependency relationships has detected the following problem: Preconfiguring packages ... Selecting previously unselected package libperl4-corelibs-perl. (Reading database ... 10939 files and directories currently installed.) Preparing to unpack .../libperl4-corelibs-perl_0.003-1_all.deb ... Unpacking libperl4-corelibs-perl (0.003-1) ... Selecting previously unselected package lsof. Preparing to unpack .../lsof_4.86+dfsg-1_amd64.deb ... Unpacking lsof (4.86+dfsg-1) ... Selecting previously unselected package ucf. Preparing to unpack .../archives/ucf_3.0030_all.deb ... Moving old data out of the way Unpacking ucf (3.0030) ... Selecting previously unselected package psmisc. Preparing to unpack .../psmisc_22.21-2_amd64.deb ... Unpacking psmisc (22.21-2) ... Selecting previously unselected package php5-common. Preparing to unpack .../php5-common_5.6.7+dfsg-1_amd64.deb ... Unpacking php5-common (5.6.7+dfsg-1) ... Selecting previously unselected package php-math-biginteger. Preparing to unpack .../php-math-biginteger_1.0.2-2_all.deb ... Unpacking php-math-biginteger (1.0.2-2) ... Selecting previously unselected package php-seclib. Preparing to unpack .../php-seclib_0.3.10-2_all.deb ... Unpacking php-seclib (0.3.10-2) ... dpkg: error processing archive /var/cache/apt/archives/php-seclib_0.3.10-2_all.deb (--unpack): trying to overwrite '/usr/share/php/Math/BigInteger.php', which is also in package php-math-biginteger 1.0.2-2 Processing triggers for man-db (2.7.0.2-5) ... Errors were encountered while processing: /var/cache/apt/archives/php-seclib_0.3.10-2_all.deb E: Sub-process /usr/bin/dpkg returned an error code (1) This is a serious bug as it makes installation fail, and violates sections 7.6.1 and 10.1 of the policy. An optimal solution would consist in only one of the packages installing that file, and renaming or removing the file in the other package. Depending on the circumstances you might also consider Replace relations or file diversions. If the conflicting situation cannot be resolved then, as a last resort, the two packages have to declare a mutual Conflict. Please take into account that Replaces, Conflicts and diversions should only be used when packages provide different implementations for the same functionality. Here is a list of files that are known to be shared by both packages (according to the Contents file for sid/amd64, which may be slightly out of sync): /usr/share/php/Math/BigInteger.php This bug has been filed against both packages. If you, the maintainers of the two packages in question, have agreed on which of the packages will resolve the problem please reassign the bug to that package. You may then also register in the BTS that the other package is affected by the bug. -Ralf. PS: for more information about the detection of file overwrite errors of this kind see http://qa.debian.org/dose/file-overwrites.html. ---End Message--- ---BeginMessage--- Source: phpseclib Source-Version: 0.3.10-3 We believe that the bug you reported is fixed in the latest version of phpseclib, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 785...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Prévot taf...@debian.org (supplier of updated phpseclib package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8
Bug#785485: gtkmathview: FTBFS: error: template with C linkage
Source: gtkmathview Version: 0.8.0-10+nmu2 Severity: serious From my pbuilder build log (on amd64): ... /bin/bash ../../libtool --tag=CXX --mode=compile g++ -DHAVE_CONFIG_H -I. -I../.. -I../../auto -I../../auto -I../../src/common -I../../src/common/mathvariants -I../../src/frontend/common -I../../src/frontend/custom_reader -I../../src/frontend/libxml2_reader -I../../src/frontend/libxml2 -I../../src/frontend/gmetadom -I../../src/engine/common -I../../src/engine/mathml -I../../src/engine/boxml -I../../src/backend/common -I../../src/backend/gtk -I../../src/view -pthread -I/usr/include/gtk-2.0 -I/usr/lib/x86_64-linux-gnu/gtk-2.0/include -I/usr/include/gio-unix-2.0/ -I/usr/include/cairo -I/usr/include/pango-1.0 -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pixman-1 -I/usr/include/libpng12 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/libpng12 -I/usr/include/pango-1.0 -I/usr/include/harfbuzz -I/usr/include/pango-1.0 -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/freetype2 -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/libxml2 -I/usr/include/gmetadom/gdome_cpp_smart -I/usr/include/libgdome -I/usr/include/libxml2 -DGMV_Widget_DLL -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall -W -Wall -c -o libgtkmathview_libxml2_reader_la-gtkmathview_libxml2_reader.lo `test -f 'gtkmathview_libxml2_reader.cc' || echo './'`gtkmathview_libxml2_reader.cc libtool: compile: g++ -DHAVE_CONFIG_H -I. -I../.. -I../../auto -I../../auto -I../../src/common -I../../src/common/mathvariants -I../../src/frontend/common -I../../src/frontend/custom_reader -I../../src/frontend/libxml2_reader -I../../src/frontend/libxml2 -I../../src/frontend/gmetadom -I../../src/engine/common -I../../src/engine/mathml -I../../src/engine/boxml -I../../src/backend/common -I../../src/backend/gtk -I../../src/view -pthread -I/usr/include/gtk-2.0 -I/usr/lib/x86_64-linux-gnu/gtk-2.0/include -I/usr/include/gio-unix-2.0/ -I/usr/include/cairo -I/usr/include/pango-1.0 -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pixman-1 -I/usr/include/libpng12 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/libpng12 -I/usr/include/pango-1.0 -I/usr/include/harfbuzz -I/usr/include/pango-1.0 -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/freetype2 -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/libxml2 -I/usr/include/gmetadom/gdome_cpp_smart -I/usr/include/libgdome -I/usr/include/libxml2 -DGMV_Widget_DLL -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall -W -Wall -c gtkmathview_libxml2_reader.cc -fPIC -DPIC -o .libs/libgtkmathview_libxml2_reader_la-gtkmathview_libxml2_reader.o In file included from /usr/include/c++/4.9/ext/hash_map:60:0, from ../../src/common/HashMap.hh:24, from ../../src/common/Configuration.hh:30, from ../../src/view/Init.hh:24, from gtkmathview_common.cc:55, from gtkmathview_libxml2_reader.cc:20: /usr/include/c++/4.9/backward/backward_warning.h:32:2: warning: #warning This file includes at least one deprecated or antiquated header which may be removed without further notice at a future date. Please use a non-deprecated interface with equivalent functionality instead. For a listing of replacement headers and interfaces, consult the file backward_warning.h. To disable this warning use -Wno-deprecated. [-Wcpp] #warning \ ^ In file included from /usr/include/c++/4.9/bits/stringfwd.h:40:0, from /usr/include/c++/4.9/string:39, from /usr/include/x86_64-linux-gnu/unicode/std_string.h:30, from /usr/include/x86_64-linux-gnu/unicode/unistr.h:31, from /usr/include/x86_64-linux-gnu/unicode/strenum.h:14, from /usr/include/x86_64-linux-gnu/unicode/uenum.h:24, from /usr/include/x86_64-linux-gnu/unicode/ucnv.h:51, from /usr/include/libxml2/libxml/encoding.h:31, from /usr/include/libxml2/libxml/parser.h:810, from /usr/include/libxml2/libxml/globals.h:18, from /usr/include/libxml2/libxml/threads.h:35, from /usr/include/libxml2/libxml/xmlmemory.h:218, from /usr/include/libxml2/libxml/tree.h:1306, from /usr/include/libxml2/libxml/xmlreader.h:14, from gtkmathview_common.h:53, from gtkmathview_libxml2_reader.h:24, from gtkmathview_libxml2_reader.cc:19: /usr/include/c++/4.9/bits/memoryfwd.h:63:3: error: template with C linkage templatetypename ^ /usr/include/c++/4.9/bits/memoryfwd.h:66:3: error: template specialization with C linkage template ^ /usr/include/c++/4.9/bits/memoryfwd.h:70:3: error: template with C linkage
Bug#785472: Acknowledgement (parcellite: Parcellite fails to start after upgrading to Jessie)
I successfully reproduced this bug on an i3 Jessie laptop. After looking at it, I've noticed that this bug was due to some recent changes in glib. So I'll forward this bug as soon as possible. Regards, Hugo -- Hugo Lefeuvre (hugo6390)|www.hugo6390.org 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: Digital signature
Bug#779687: marked as done (libdevel-callchecker-perl: FTBFS on i386: DynaLoader bombs out)
Your message dated Sat, 16 May 2015 14:07:23 +0200 with message-id 20150516120723.6982.88...@bastian.jones.dk and subject line Re: Bug#779687: libdevel-callchecker-perl: FTBFS on i386: DynaLoader bombs out has caused the Debian Bug report #779687, regarding libdevel-callchecker-perl: FTBFS on i386: DynaLoader bombs out to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 779687: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779687 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: libdevel-callchecker-perl Version: 0.006-1 Severity: serious Justification: fails to build from source The automated build of libdevel-callchecker-perl failed (only) on i386 due to test suite errors (excerpted from https://buildd.debian.org/status/fetch.php?pkg=libdevel-callchecker-perlarch=i386ver=0.006-1stamp=1425399391 ): cd . ./Build test --verbose 1 Can't use an undefined value as a subroutine reference at /usr/lib/i386-linux-gnu/perl/5.20/DynaLoader.pm line 210. END failed--call queue aborted at lib/Devel/CallChecker.pm line 210. Compilation failed in require at t/WriteHeader.pm line 14. # Looks like your test exited with 2 before it could output anything. t/callck.t . 1..79 Dubious, test returned 2 (wstat 512, 0x200) Failed 79/79 subtests The portion of DynaLoader.pm leading up to line 210 (from DynaLoader::bootstrap) reads boot: my $xs = dl_install_xsub(${module}::bootstrap, $boot_symbol_ref, $file); # See comment block above push(@dl_shared_objects, $file); # record files loaded $xs(@args); I'm not sure if it's relevant, but the i386 build of perl has the unusual property that the perl binary links statically rather than dynamically to libperl for performance reasons. At any rate, could you please take a look? Thanks! ---End Message--- ---BeginMessage--- Version: 0.007-1 Quoting Niko Tyni (2015-03-04 14:25:26) Looks like this is #770767 in cdbs, cc'd. Possibly that one should be release critical instead. Confirmed. And fixed in CDBS. So really this is fixed there and would have needed a binNMU here... - Jonas -- * Jonas Smedegaard - idealist Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature ---End Message---
Bug#785281: Split phpseclib?
Hello David, phpseclib is provided upstream in two shapes: Composer (monolithic) and PEAR (splitted, see PS). Debian currently ships one binary package built from composer. Some PEAR packages may depend on one particular package (this is currently the case for php-horde-imp which recommends FIle_ASN1, and for php-horde-mapi which depends on Math_BigInteger, see #785281). There are three problems here: 1./ The PEAR calculated package name is weird: phpseclib.sourceforge.net/File_ASN1 - php-phpseclib-sourceforge-file-asn1 I will fix this in pkg-php-tools, to consider sourceforge.net like a TLD (we'll have php-phpseclib-file-asn1). This is #785446. 2./ The current package name from composer should be php-phpseclib instead. I will file a bug about this. 3./ The php-phpseclib should provide all the libraries it ships. This would be the proper fix for #785281. Regards -- Mathieu Parent PS: Here are the splitted packages $ sudo pear channel-add http://phpseclib.sourceforge.net/channel.xml Adding Channel phpseclib.sourceforge.net succeeded $ pear list-all -c phpseclib All packages [Channel phpseclib]: = PackageLatest Local phpseclib/Crypt_AES0.3.10 Pure-PHP implementation of AES phpseclib/Crypt_Base 0.3.10 Base class for symmetric key cryptographic algorithms phpseclib/Crypt_Blowfish 0.3.10 Pure-PHP implementation of Blowfish phpseclib/Crypt_DES0.3.10 Pure-PHP implementation of DES phpseclib/Crypt_Hash 0.3.10 Pure-PHP implementations of keyed-hash message authentication codes (HMACs) and various cryptographic hashing functions phpseclib/Crypt_Random 0.3.10 Random Number Generator phpseclib/Crypt_RC40.3.10 Pure-PHP implementation of RC4 phpseclib/Crypt_Rijndael 0.3.10 Pure-PHP implementation of Rijndael phpseclib/Crypt_RSA0.3.10 Pure-PHP PKCS#1 (v2.1) compliant implementation of RSA phpseclib/Crypt_TripleDES 0.3.10 Pure-PHP implementation of Triple DES phpseclib/Crypt_Twofish0.3.10 Pure-PHP implementation of Twofish phpseclib/File_ANSI0.3.10 Pure-PHP ANSI decoder phpseclib/File_ASN10.3.10 Pure-PHP ASN1 parser phpseclib/File_X5090.3.10 Pure-PHP X.509 encoder / decoder phpseclib/Math_BigInteger 0.3.10 Pure-PHP arbitrary precision integer arithmetic library phpseclib/Net_SFTP 0.3.10 Pure-PHP implementation of SFTP phpseclib/Net_SSH1 0.3.10 Pure-PHP implementation of SSHv1 phpseclib/Net_SSH2 0.3.10 Pure-PHP implementation of SSHv2 phpseclib/System_SSH_Agent 0.3.10 Pure-PHP ssh-agent client -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785449: [network-manager] NM daemon crashes after 4G dongle remove and plug again.
Package: network-manager Version: 1.0.2-2 Severity: serious --- Please enter the report below this line. --- Dear Maintainer, if I remove then plug my Huawei E3272 4G dongle and try to connect, I get a lighting led on dongle (like a connection is up) and connecting look of applet icon. Permanently. I can't turn off connection by using an applet and I can't access to Inet. Moreower. I can't restart it via systemctl or even REBOOT MY LAPTOP (when a try it, I get black screen and when I press Ctrl+Alt+F1 I see login promt, but I can't type anything. Keyboard is disabled!) Please, fix this strange bug. P. S. Sorry for my English. It isn't my native language. Look at syslog. --- System information. --- Architecture: amd64 Kernel: Linux 4.0.0-1-amd64 Debian Release: stretch/sid 500 unstableftp.debian.org 500 stable dl.google.com --- Package information. --- Package's Depends field is empty. Package's Recommends field is empty. Package's Suggests field is empty. May 16 13:19:33 ente NetworkManager[539]: info (cdc-wdm0): device state change: activated - deactivating (reason 'connection-removed') [100 110 38] May 16 13:19:33 ente NetworkManager[539]: info NetworkManager state is now DISCONNECTING May 16 13:19:33 ente dhclient: receive_packet failed on wwan0: Network is down May 16 13:19:33 ente NetworkManager[539]: info (cdc-wdm0): modem state changed, 'connected' -- 'disconnecting' (reason: user-requested) May 16 13:19:34 ente NetworkManager[539]: info (cdc-wdm0): modem state changed, 'disconnecting' -- 'registered' (reason: user-requested) May 16 13:19:34 ente NetworkManager[539]: info (cdc-wdm0): device state change: deactivating - disconnected (reason 'connection-removed') [110 30 38] May 16 13:19:34 ente NetworkManager[539]: info (cdc-wdm0): deactivating device (reason 'connection-removed') [38] May 16 13:19:34 ente NetworkManager[539]: info (wwan0): canceled DHCP transaction, DHCP client pid 1490 May 16 13:19:34 ente NetworkManager[539]: info (wwan0): DHCPv4 state changed bound - done May 16 13:19:34 ente NetworkManager[539]: info NetworkManager state is now DISCONNECTED May 16 13:19:34 ente gnome-session[2926]: (gnome-shell:2954): libnm-glib-WARNING **: async_got_type: could not read properties for /org/freedesktop/NetworkManager/ActiveConnection/1: Method Get with signature ss on interface org.freedesktop.DBus.Properties doesn't exist May 16 13:19:52 ente blueman-mechanism: loading Network May 16 13:20:22 ente org.blueman.Mechanism[554]: loading Network May 16 13:23:37 ente blueman-mechanism: loading Network May 16 13:24:07 ente org.blueman.Mechanism[554]: loading Network May 16 13:39:45 ente NetworkManager[539]: info caught signal 15, shutting down normally. May 16 13:39:45 ente NetworkManager[539]: info (eth0): device state change: unavailable - unmanaged (reason 'unmanaged') [20 10 3] May 16 13:39:55 ente avahi-daemon[592]: Network interface enumeration completed. May 16 13:39:55 ente NetworkManager[570]: info NetworkManager (version 1.0.2) is starting... May 16 13:39:55 ente NetworkManager[570]: info Read config: /etc/NetworkManager/NetworkManager.conf May 16 13:39:55 ente NetworkManager[570]: info WEXT support is enabled May 16 13:39:55 ente NetworkManager[570]: info init! May 16 13:39:55 ente NetworkManager[570]: info update_system_hostname May 16 13:39:55 ente NetworkManager[570]: infointerface-parser: parsing file /etc/network/interfaces May 16 13:39:55 ente NetworkManager[570]: infointerface-parser: source line includes interfaces file(s) /etc/network/interfaces.d/* May 16 13:39:55 ente NetworkManager[570]: warn interfaces file /etc/network/interfaces.d/* doesn't exist May 16 13:39:55 ente NetworkManager[570]: infointerface-parser: finished parsing file /etc/network/interfaces May 16 13:39:55 ente NetworkManager[570]: info management mode: unmanaged May 16 13:39:55 ente NetworkManager[570]: info devices added (path: /sys/devices/pci:00/:00:1c.0/:02:00.0/net/eth0, iface: eth0) May 16 13:39:55 ente NetworkManager[570]: info device added (path: /sys/devices/pci:00/:00:1c.0/:02:00.0/net/eth0, iface: eth0): no ifupdown configuration found. May 16 13:39:55 ente NetworkManager[570]: info devices added (path: /sys/devices/pci:00/:00:1c.1/:03:00.0/bcma0:1/net/wlan0, iface: wlan0) May 16 13:39:55 ente NetworkManager[570]: info device added (path: /sys/devices/pci:00/:00:1c.1/:03:00.0/bcma0:1/net/wlan0, iface: wlan0): no ifupdown configuration found. May 16 13:39:55 ente NetworkManager[570]: info devices added (path: /sys/devices/pci:00/:00:1d.0/usb2/2-1/2-1.1/2-1.1:1.4/net/wwan0, iface: wwan0) May 16 13:39:55 ente NetworkManager[570]: info device added (path: /sys/devices/pci:00/:00:1d.0/usb2/2-1/2-1.1/2-1.1:1.4/net/wwan0, iface: wwan0): no ifupdown configuration found. May 16 13:39:55 ente NetworkManager[570]: info devices
Bug#763900: marked as done (iceweasel/ppc: jemallocCompile-time page size does not divide the runtime one.)
Your message dated Sun, 17 May 2015 03:42:19 + with message-id e1ytpt1-0008li...@franck.debian.org and subject line Bug#763900: fixed in iceweasel 38.0-2 has caused the Debian Bug report #763900, regarding iceweasel/ppc: jemallocCompile-time page size does not divide the runtime one. to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 763900: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763900 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: iceweasel Version: 31.1.0esr-1 I recently upgraded an iMac G5 to Debian/Jessie. Now iceweasel does not start anymore with the following error message: | jemallocCompile-time page size does not divide the runtime one. | Segmentation fault This seems to be a reoccurance of a rather old upstream bug[1] that can also be found on redhat's bugtracker[2]. This patch (inspired by the patch attached to the redhat bugtracker[3]) seems to fix the issue: --- a/memory/mozjemalloc/jemalloc.c 2014-08-25 15:17:22.0 +0200 +++ b/memory/mozjemalloc/jemalloc.c 2014-10-03 11:30:51.183346370 +0200 @@ -1088,7 +1088,7 @@ * controlling the malloc behavior are defined as compile-time constants * for best performance and cannot be altered at runtime. */ -#if !defined(__ia64__) !defined(__sparc__) !defined(__mips__) +#if !defined(__ia64__) !defined(__sparc__) !defined(__mips__) !defined(__powerpc__) #define MALLOC_STATIC_SIZES 1 #endif A local build with this patch applied works on my machine. -- Adi PS: I have the same error on Icedove too; will start a build with the same patch over the weekend and report the bug there too... [1] https://bugzilla.mozilla.org/show_bug.cgi?id=851859 [2] https://bugzilla.redhat.com/show_bug.cgi?id=852698 [3] https://bugzilla.redhat.com/attachment.cgi?id=610408 signature.asc Description: Digital signature ---End Message--- ---BeginMessage--- Source: iceweasel Source-Version: 38.0-2 We believe that the bug you reported is fixed in the latest version of iceweasel, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 763...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mike Hommey gland...@debian.org (supplier of updated iceweasel package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 17 May 2015 10:48:06 +0900 Source: iceweasel Binary: iceweasel iceweasel-dbg iceweasel-dev iceweasel-l10n-all iceweasel-l10n-ach iceweasel-l10n-af iceweasel-l10n-an iceweasel-l10n-ar iceweasel-l10n-as iceweasel-l10n-ast iceweasel-l10n-az iceweasel-l10n-be iceweasel-l10n-bg iceweasel-l10n-bn-bd iceweasel-l10n-bn-in iceweasel-l10n-br iceweasel-l10n-bs iceweasel-l10n-ca iceweasel-l10n-cs iceweasel-l10n-cy iceweasel-l10n-da iceweasel-l10n-de iceweasel-l10n-dsb iceweasel-l10n-el iceweasel-l10n-en-gb iceweasel-l10n-en-za iceweasel-l10n-eo iceweasel-l10n-es-ar iceweasel-l10n-es-cl iceweasel-l10n-es-es iceweasel-l10n-es-mx iceweasel-l10n-et iceweasel-l10n-eu iceweasel-l10n-fa iceweasel-l10n-ff iceweasel-l10n-fi iceweasel-l10n-fr iceweasel-l10n-fy-nl iceweasel-l10n-ga-ie iceweasel-l10n-gd iceweasel-l10n-gl iceweasel-l10n-gu-in iceweasel-l10n-he iceweasel-l10n-hi-in iceweasel-l10n-hr iceweasel-l10n-hsb iceweasel-l10n-hu iceweasel-l10n-hy-am iceweasel-l10n-id iceweasel-l10n-is iceweasel-l10n-it iceweasel-l10n-ja iceweasel-l10n-kk iceweasel-l10n-km iceweasel-l10n-kn iceweasel-l10n-ko iceweasel-l10n-lij iceweasel-l10n-lt iceweasel-l10n-lv iceweasel-l10n-mai iceweasel-l10n-mk iceweasel-l10n-ml iceweasel-l10n-mr iceweasel-l10n-ms iceweasel-l10n-nb-no iceweasel-l10n-nl iceweasel-l10n-nn-no iceweasel-l10n-or iceweasel-l10n-pa-in iceweasel-l10n-pl iceweasel-l10n-pt-br iceweasel-l10n-pt-pt iceweasel-l10n-rm iceweasel-l10n-ro iceweasel-l10n-ru iceweasel-l10n-si iceweasel-l10n-sk iceweasel-l10n-sl iceweasel-l10n-son iceweasel-l10n-sq iceweasel-l10n-sr iceweasel-l10n-sv-se iceweasel-l10n-ta iceweasel-l10n-te iceweasel-l10n-th iceweasel-l10n-tr iceweasel-l10n-uk iceweasel-l10n-uz iceweasel-l10n-vi iceweasel-l10n-xh iceweasel-l10n-zh-cn iceweasel-l10n-zh-tw Architecture: source all amd64 Version: 38.0-2 Distribution: unstable
Bug#758086: marked as done (CVE-2014-3577 Apache HttpComponents hostname verification bypass)
Your message dated Sat, 16 May 2015 06:03:38 + with message-id e1ytvce-00068h...@franck.debian.org and subject line Bug#758086: fixed in commons-httpclient 3.1-10.2+deb7u1 has caused the Debian Bug report #758086, regarding CVE-2014-3577 Apache HttpComponents hostname verification bypass to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 758086: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758086 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: commons-httpclient Version: 3.1-10.2 Severity: important Tags: security https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6153 It was found that the fix for CVE-2012-5783 was incomplete. The code added to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle (MITM) attack, where the attacker can spoof a valid certificate using a specially crafted subject. This issue was discovered by Florian Weimer of Red Hat Product Security. --- Henri Salo signature.asc Description: Digital signature ---End Message--- ---BeginMessage--- Source: commons-httpclient Source-Version: 3.1-10.2+deb7u1 We believe that the bug you reported is fixed in the latest version of commons-httpclient, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 758...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany a...@gambaru.de (supplier of updated commons-httpclient package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 15 Apr 2015 21:24:48 +0200 Source: commons-httpclient Binary: libcommons-httpclient-java libcommons-httpclient-java-doc Architecture: source all Version: 3.1-10.2+deb7u1 Distribution: wheezy Urgency: high Maintainer: Debian Java Maintainers pkg-java-maintain...@lists.alioth.debian.org Changed-By: Markus Koschany a...@gambaru.de Description: libcommons-httpclient-java - A Java(TM) library for creating HTTP clients libcommons-httpclient-java-doc - Documentation for libcommons-httpclient-java Closes: 758086 Changes: commons-httpclient (3.1-10.2+deb7u1) wheezy; urgency=high . * Team upload. * Add CVE-2014-3577.patch. (Closes: #758086) It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The fix for CVE-2012-6153 was intended to address the incomplete patch for CVE-2012-5783. The issue is now completely resolved by applying this patch and the 06_fix_CVE-2012-5783.patch. * Change java.source and java.target ant properties to 1.5, otherwise commons-httpclient will not compile with this patch. Checksums-Sha1: ca26cd0f2a5be0029a7b2e8d56cf85fb38c31d1e 2526 commons-httpclient_3.1-10.2+deb7u1.dsc 0c6dfbf3d0d47cfc70595d2b15223a59f264795b 13684 commons-httpclient_3.1-10.2+deb7u1.debian.tar.gz 301f4d1a8f1e400f257c13cd222981d60696584c 299718 libcommons-httpclient-java_3.1-10.2+deb7u1_all.deb b87b0f77aba48d6177092356e96e2b149f840283 1547514 libcommons-httpclient-java-doc_3.1-10.2+deb7u1_all.deb Checksums-Sha256: 219a2ecdf758361cec1ea85bce645115c14bf609dc7b565cd0ab5aee610f6cb1 2526 commons-httpclient_3.1-10.2+deb7u1.dsc e977a7922cff20c65fb6dcfbd9bb2f11e2f079245edddc68567055dd0e444cac 13684 commons-httpclient_3.1-10.2+deb7u1.debian.tar.gz 7bafb3dc4b04d2c0af8ecb8010eae11b63496c57184fe1bd6b812f824eee2037 299718 libcommons-httpclient-java_3.1-10.2+deb7u1_all.deb 47af253e18f750a10ff226c487aceadb056a78a913a6ab3c1d7022b620bd 1547514 libcommons-httpclient-java-doc_3.1-10.2+deb7u1_all.deb Files: 022067c70b0363ea2c1fa31542290b64 2526 java optional commons-httpclient_3.1-10.2+deb7u1.dsc 8a5862dc9b0b0898c61e438359eec285 13684 java optional commons-httpclient_3.1-10.2+deb7u1.debian.tar.gz 4deb3d76811d48c359dcbe0616f76b41 299718 java optional libcommons-httpclient-java_3.1-10.2+deb7u1_all.deb e1708de058fde033592dc11b9468294b 1547514 doc
Processed: Re: Please port to clutter-gst 2.0
Processing control commands: block 785430 by -1 Bug #785430 [ftp.debian.org] RM: clutter-gst -- ROM; superseded by clutter-gst-2.0 785430 was not blocked by any bugs. 785430 was not blocking any bugs. Added blocking bug(s) of 785430: 725303 severity -1 serious Bug #725303 [src:snappy-player] Please port to clutter-gst 2.0 Severity set to 'serious' from 'normal' -- 725303: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725303 785430: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785430 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785429: icedove: FTBFS with new libvpx 1.4
Package: icedove Version: 31.6.0-1 Severity: serious On a binNMU for the libvpx transition, your package failed to build with: /«PKGBUILDDIR»/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc: In member function 'virtual int webrtc::VP8EncoderImpl::InitEncode(const webrtc::VideoCodec*, int, uint32_t)': /«PKGBUILDDIR»/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc:183:29: error: 'IMG_FMT_I420' was not declared in this scope raw_ = vpx_img_wrap(NULL, IMG_FMT_I420, codec_.width, codec_.height, ^ /«PKGBUILDDIR»/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc: In member function 'virtual int webrtc::VP8EncoderImpl::Encode(const webrtc::I420VideoFrame, const webrtc::CodecSpecificInfo*, const std::vectorwebrtc::VideoFrameType*)': /«PKGBUILDDIR»/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc:352:16: error: 'PLANE_Y' was not declared in this scope raw_-planes[PLANE_Y] = const_castuint8_t*(input_image.buffer(kYPlane)); ^ /«PKGBUILDDIR»/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc:353:16: error: 'PLANE_U' was not declared in this scope raw_-planes[PLANE_U] = const_castuint8_t*(input_image.buffer(kUPlane)); ^ /«PKGBUILDDIR»/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc:354:16: error: 'PLANE_V' was not declared in this scope raw_-planes[PLANE_V] = const_castuint8_t*(input_image.buffer(kVPlane)); ^ make[7]: *** [vp8_impl.o] Error 1 See https://buildd.debian.org/status/fetch.php?pkg=icedovearch=amd64ver=31.6.0-1%2Bb1stamp=1431713936 These constants are now called VPX_*. Regards, Emilio -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#784009: want to back out to get wget working again
OK thanks. This worked, /var/log/aptitude: [REMOVE, NOT USED] libhogweed3:i386 [REMOVE, NOT USED] libnettle5:i386 [DOWNGRADE] libgnutls-deb0-28:i386 3.3.15-3 - 3.3.15-2 [DOWNGRADE] libgnutls-openssl27:i386 3.3.15-3 - 3.3.15-2 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#784565: [pkg-x2go-devel] Bug#784565: Bug#784565: nx-libs-lite: parts are derived from non-free code
Hi all, esp. Kevin, On Do 14 Mai 2015 06:58:09 CEST, Mike Gabriel wrote: I looked at dxpc releases (I obtained upstream tarballs from snapshot.debian.org). I currently have: [mike@minobo dxpc.nxrebase (upstream-nxrebase)]$ git log commit 0676a768a96383641a73a72ecd2e1083322e6abe Author: Mike Gabriel mike.gabr...@das-netzwerkteam.de Date: Sat May 16 10:52:24 2015 +0200 Imported Upstream version 3.9.2 commit 4ccf34b2c4763dfb01dceb8588b204b0d029cc3d Author: Mike Gabriel mike.gabr...@das-netzwerkteam.de Date: Sat May 16 10:51:04 2015 +0200 Imported Upstream version 3.9.1 commit dd8f60ce63c70ed605a2e1717feb7128e59fb8e6 Author: Mike Gabriel mike.gabr...@das-netzwerkteam.de Date: Sat May 16 10:49:19 2015 +0200 Imported Upstream version 3.9.0 commit 01c990099aea802405f8d39c0b819ee1742c185c Author: Mike Gabriel mike.gabr...@das-netzwerkteam.de Date: Sat May 16 10:32:06 2015 +0200 Imported Upstream version 3.8.2 commit 48df60b3b946a08541ee48371634f074e875adda Author: Mike Gabriel mike.gabr...@das-netzwerkteam.de Date: Sat May 16 10:31:57 2015 +0200 Imported Upstream version 3.8.0 commit 11d81444d0f86a67f9b8483cbfa33343714b26e9 Author: Mike Gabriel mike.gabr...@das-netzwerkteam.de Date: Sat May 16 10:31:53 2015 +0200 Imported Upstream version 3.7.0 commit e4f550abd4cd49ecc2381e717a55a9940087a376 Author: Mike Gabriel mike.gabr...@das-netzwerkteam.de Date: Sat May 16 10:31:44 2015 +0200 Imported Upstream version 3.5.0 @Kevin: I will take you off this mail thread's Cc: field with my next post. Feel free to follow-up via #784565 [1] on the Debian bug tracker. Thanks a lot for being so responsive and generous with providing information. With this post I actually reincluded you because it becomes technical from here on and I probably will need your expertise on DXPC. Not sure if you have time or prio or are willing to provide that. Would you be open for answering technical questions on DXPC and esp. the changes between 3.7.0 and 3.8.1/3.8.2? I'd highly appreciate that. As I have not heard back neither from Brian Pane, Zachary Vonler nor Gian Filippo Pinzari (we had Ascension Day and maybe a prolonged weekend that people used for going on VAC), I will try looking at the DXPC changes between 3.7.0 and 3.8.1. Obviously, NoMachine forked NXCOMP from DXPC some time between DXPC 3.7.0 and DXPC 3.8.0. Questions to Kevin: o Is there any SVN upstream repo still online (I saw it in one of the tarballs, that SVN was used for 3.9.0). o Do you have any tarballs documenting the changes between 3.7.0 and 3.8.0? Do you also have the 3.8.1 tarball? o Did the 3.8.0 version of DXPC break proto compatibility (i.e., you could not use client 3.7.0 and server 3.8.0 and vice versa with each other)? Any help on this is appreciated. Thanks. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpqd0Hs9b4Ol.pgp Description: Digitale PGP-Signatur
Processed: your mail
Processing commands for cont...@bugs.debian.org: unarchive 707850 Bug #707850 {Done: Emilio Pozuelo Monfort po...@debian.org} [gwibber] gwibber: depends on python-gtkspell which is going away Unarchived Bug 707850 thanks Stopping processing here. Please contact me if you need assistance. -- 707850: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707850 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#571512: marked as done (swap-cwm: FTBFS with Python 2.6 as default)
Your message dated Sat, 16 May 2015 12:26:10 +0200 with message-id 20150516102610.6982.58...@bastian.jones.dk and subject line bug no longer relevant: python2.6 is obsolete nowadays has caused the Debian Bug report #571512, regarding swap-cwm: FTBFS with Python 2.6 as default to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 571512: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571512 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: swap-cwm Version: 1.2.1-4 Severity: important User: debian-pyt...@lists.debian.org Usertags: python2.6 Hello, When rebuilt in an environment with Python 2.6 as the default version, your package failed to build from source. Here are the relevant parts of the build log: | cd . /usr/bin/python setup.py install --root=/build/user-swap-cwm_1.2.1-4-amd64-pLgW1x/swap-cwm-1.2.1/debian/python-swap --no-compile -O0 [...] | running install_scripts | creating /build/user-swap-cwm_1.2.1-4-amd64-pLgW1x/swap-cwm-1.2.1/debian/python-swap/usr/local/bin | copying build/scripts-2.6/cant.py - /build/user-swap-cwm_1.2.1-4-amd64-pLgW1x/swap-cwm-1.2.1/debian/python-swap/usr/local/bin | copying build/scripts-2.6/delta - /build/user-swap-cwm_1.2.1-4-amd64-pLgW1x/swap-cwm-1.2.1/debian/python-swap/usr/local/bin | copying build/scripts-2.6/cwm - /build/user-swap-cwm_1.2.1-4-amd64-pLgW1x/swap-cwm-1.2.1/debian/python-swap/usr/local/bin | changing mode of /build/user-swap-cwm_1.2.1-4-amd64-pLgW1x/swap-cwm-1.2.1/debian/python-swap/usr/local/bin/cant.py to 755 | changing mode of /build/user-swap-cwm_1.2.1-4-amd64-pLgW1x/swap-cwm-1.2.1/debian/python-swap/usr/local/bin/delta to 755 | changing mode of /build/user-swap-cwm_1.2.1-4-amd64-pLgW1x/swap-cwm-1.2.1/debian/python-swap/usr/local/bin/cwm to 755 | running install_egg_info | Writing /build/user-swap-cwm_1.2.1-4-amd64-pLgW1x/swap-cwm-1.2.1/debian/python-swap/usr/local/lib/python2.6/dist-packages/cwm-1.2.1.egg-info | dh_installdirs -pswap-cwm | mkdir -p debian/swap-cwm/usr | mv debian/python-swap/usr/bin debian/swap-cwm/usr/ If you need help with fixing this bug, don't hesitate to ask on #debian-python or debian-pyt...@lists.debian.org. -- Jakub Wilk signature.asc Description: Digital signature ---End Message--- ---BeginMessage--- Closing this bug, as python2.6 is no longer supported in any Debian suite. - Jonas -- * Jonas Smedegaard - idealist Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature ---End Message---
Bug#785491: xserver-xorg-video-siliconmotion FTBFS on arm64, implicit declarations of inb and outb
peter green wrote: In file included from ../../src/smi.h:317:0, from ../../src/smi_501.c:33: ../../src/regsmi.h: In function 'VGAIN8_INDEX': ../../src/regsmi.h:67:2: error: implicit declaration of function 'outb' [-Werror=implicit-function-declaration] outb(pSmi-PIOBase + indexPort, index); ^ I don't think any change in xserver-xorg-video-siliconmotion caused this. Please could you compare output of: $ gcc -I/usr/include/pixman-1 -E xorg-server-1.16.4/hw/xfree86/common/compiler.h a.txt $ gcc -I/usr/include/pixman-1 -E xorg-server-1.17.1/hw/xfree86/common/compiler.h b.txt on AArch64, with the sources from jessie and sid: http://httpredir.debian.org/debian/pool/main/x/xorg-server/xorg-server_1.16.4-1.dsc http://httpredir.debian.org/debian/pool/main/x/xorg-server/xorg-server_1.17.1-2.dsc There were changes in that header for arch-specific handling of outb() and friends. This could be a regression; or possibly wrong definitions were used before (allowing it to build when it should not have). Thanks, Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785491: xserver-xorg-video-siliconmotion FTBFS on arm64, implicit declarations of inb and outb
On 17/05/15 02:23, Steven Chamberlain wrote: I don't think any change in xserver-xorg-video-siliconmotion caused this. I agree (and stated so in my original mail), the failure first appeared in a binnmu so whatever change triggered it was outside the xserver-xorg-video-siliconmotion package. Please could you compare output of: $ gcc -I/usr/include/pixman-1 -E xorg-server-1.16.4/hw/xfree86/common/compiler.h a.txt $ gcc -I/usr/include/pixman-1 -E xorg-server-1.17.1/hw/xfree86/common/compiler.h b.txt on AArch64, with the sources from jessie and sid: http://httpredir.debian.org/debian/pool/main/x/xorg-server/xorg-server_1.16.4-1.dsc http://httpredir.debian.org/debian/pool/main/x/xorg-server/xorg-server_1.17.1-2.dsc Testing in my (far from up to date) sid arm64 qemu chroot I get the attatched diff. There were changes in that header for arch-specific handling of outb() and friends. This could be a regression; or possibly wrong definitions were used before (allowing it to build when it should not have). It looks like stub definitions (writes ignored, reads return 0) were removed. --- a.txt 2015-05-17 01:53:56.0 + +++ b.txt 2015-05-17 01:54:02.0 + @@ -1,12 +1,12 @@ -# 1 xorg-server-1.16.4/hw/xfree86/common/compiler.h +# 1 xorg-server-1.17.1/hw/xfree86/common/compiler.h # 1 built-in # 1 command-line # 1 /usr/include/stdc-predef.h 1 3 4 # 1 command-line 2 -# 1 xorg-server-1.16.4/hw/xfree86/common/compiler.h -# 73 xorg-server-1.16.4/hw/xfree86/common/compiler.h +# 1 xorg-server-1.17.1/hw/xfree86/common/compiler.h +# 73 xorg-server-1.17.1/hw/xfree86/common/compiler.h # 1 /usr/include/X11/Xfuncproto.h 1 3 4 -# 74 xorg-server-1.16.4/hw/xfree86/common/compiler.h 2 +# 74 xorg-server-1.17.1/hw/xfree86/common/compiler.h 2 # 1 /usr/include/pixman-1/pixman.h 1 @@ -1009,99 +1009,4 @@ const pixman_triangle_t *tris); -# 77 xorg-server-1.16.4/hw/xfree86/common/compiler.h 2 -# 248 xorg-server-1.16.4/hw/xfree86/common/compiler.h -struct __una_u64 { -uint64_t x __attribute__ ((packed)); -}; -struct __una_u32 { -uint32_t x __attribute__ ((packed)); -}; -struct __una_u16 { -uint16_t x __attribute__ ((packed)); -}; - - - -static __inline__ uint64_t -ldq_u(uint64_t * p) -{ -const struct __una_u64 *ptr = (const struct __una_u64 *) p; - -return ptr-x; -} - -static __inline__ uint32_t -ldl_u(uint32_t * p) -{ -const struct __una_u32 *ptr = (const struct __una_u32 *) p; - -return ptr-x; -} - -static __inline__ uint16_t -ldw_u(uint16_t * p) -{ -const struct __una_u16 *ptr = (const struct __una_u16 *) p; - -return ptr-x; -} - - - -static __inline__ void -stq_u(uint64_t val, uint64_t * p) -{ -struct __una_u64 *ptr = (struct __una_u64 *) p; - -ptr-x = val; -} - -static __inline__ void -stl_u(uint32_t val, uint32_t * p) -{ -struct __una_u32 *ptr = (struct __una_u32 *) p; - -ptr-x = val; -} - -static __inline__ void -stw_u(uint16_t val, uint16_t * p) -{ -struct __una_u16 *ptr = (struct __una_u16 *) p; - -ptr-x = val; -} -# 1462 xorg-server-1.16.4/hw/xfree86/common/compiler.h -static __inline__ void -outb(unsigned short port, unsigned char val) -{ -} - -static __inline__ void -outw(unsigned short port, unsigned short val) -{ -} - -static __inline__ void -outl(unsigned short port, unsigned int val) -{ -} - -static __inline__ unsigned int -inb(unsigned short port) -{ -return 0; -} - -static __inline__ unsigned int -inw(unsigned short port) -{ -return 0; -} - -static __inline__ unsigned int -inl(unsigned short port) -{ -return 0; -} +# 77 xorg-server-1.17.1/hw/xfree86/common/compiler.h 2
Bug#785403: libgd2: FTBFS with libvpx 1.4
Control: tags -1 + patch On 2015-05-15 19:24:35, Emilio Pozuelo Monfort wrote: Source: libgd2 Version: 2.1.0-5 Severity: serious Tags: sid stretch Your package fails to build against the new libvpx: webpimg.c: In function 'VPXEncode': webpimg.c:714:24: error: 'IMG_FMT_I420' undeclared (first use in this function) vpx_img_wrap(img, IMG_FMT_I420, ^ webpimg.c:714:24: note: each undeclared identifier is reported only once for each function it appears in webpimg.c:716:16: error: 'PLANE_Y' undeclared (first use in this function) img.planes[PLANE_Y] = (uint8*)(Y); ^ webpimg.c:717:16: error: 'PLANE_U' undeclared (first use in this function) img.planes[PLANE_U] = (uint8*)(U); ^ webpimg.c:718:16: error: 'PLANE_V' undeclared (first use in this function) img.planes[PLANE_V] = (uint8*)(V); ^ make[3]: *** [webpimg.lo] Error 1 These (and others you may be using in other files) should now be VPX_FOO. A patch fixing this issue can be found at [1]. Debdiff attached. Cheers [1] https://github.com/libgd/libgd/commit/d41eb72cd4545c394578332e5c102dee69e02ee8 -- Sebastian Ramacher diff -Nru libgd2-2.1.0/debian/changelog libgd2-2.1.0/debian/changelog --- libgd2-2.1.0/debian/changelog 2014-12-18 13:31:20.0 +0100 +++ libgd2-2.1.0/debian/changelog 2015-05-17 00:19:28.0 +0200 @@ -1,3 +1,11 @@ +libgd2 (2.1.0-5.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * debian/patches/libvpx-1.4.patch: Fix build against libvpx 1.4. (Closes: +#785403) + + -- Sebastian Ramacher sramac...@debian.org Sat, 16 May 2015 23:53:26 +0200 + libgd2 (2.1.0-5) unstable; urgency=high * Remove seanius from Uploaders. So Long, and Thanks for All the Fish. diff -Nru libgd2-2.1.0/debian/patches/libvpx-1.4.patch libgd2-2.1.0/debian/patches/libvpx-1.4.patch --- libgd2-2.1.0/debian/patches/libvpx-1.4.patch1970-01-01 01:00:00.0 +0100 +++ libgd2-2.1.0/debian/patches/libvpx-1.4.patch2015-05-17 00:18:44.0 +0200 @@ -0,0 +1,29 @@ +Description: Fix build with latest libvpx 1.4.0 +Author: Remi Collet fed...@famillecollet.com +Bug-Debian: https://bugs.debian.org/785403 +Last-Update: 2015-05-16 + +--- libgd2-2.1.0.orig/src/webpimg.c libgd2-2.1.0/src/webpimg.c +@@ -711,14 +711,14 @@ static WebPResult VPXEncode(const uint8* + codec_ctl(enc, VP8E_SET_STATIC_THRESHOLD, 0); + codec_ctl(enc, VP8E_SET_TOKEN_PARTITIONS, 2); + +-vpx_img_wrap(img, IMG_FMT_I420, ++vpx_img_wrap(img, VPX_IMG_FMT_I420, + y_width, y_height, 16, (uint8*)(Y)); +-img.planes[PLANE_Y] = (uint8*)(Y); +-img.planes[PLANE_U] = (uint8*)(U); +-img.planes[PLANE_V] = (uint8*)(V); +-img.stride[PLANE_Y] = y_stride; +-img.stride[PLANE_U] = uv_stride; +-img.stride[PLANE_V] = uv_stride; ++img.planes[VPX_PLANE_Y] = (uint8*)(Y); ++img.planes[VPX_PLANE_U] = (uint8*)(U); ++img.planes[VPX_PLANE_V] = (uint8*)(V); ++img.stride[VPX_PLANE_Y] = y_stride; ++img.stride[VPX_PLANE_U] = uv_stride; ++img.stride[VPX_PLANE_V] = uv_stride; + + res = vpx_codec_encode(enc, img, 0, 1, 0, VPX_DL_BEST_QUALITY); + diff -Nru libgd2-2.1.0/debian/patches/series libgd2-2.1.0/debian/patches/series --- libgd2-2.1.0/debian/patches/series 2014-12-18 13:31:20.0 +0100 +++ libgd2-2.1.0/debian/patches/series 2015-05-16 23:55:13.0 +0200 @@ -3,3 +3,4 @@ fix-compiled-in-version.patch subdir-objects.patch CVE-2014-2497.patch +libvpx-1.4.patch signature.asc Description: Digital signature
Processed: Re: Bug#785403: libgd2: FTBFS with libvpx 1.4
Processing control commands: tags -1 + patch Bug #785403 [src:libgd2] libgd2: FTBFS with libvpx 1.4 Added tag(s) patch. -- 785403: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785403 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785489: Useless in Debian
Package: php-zend-xml Version: 1.0.0-1 Severity: serious Tags: sid stretch [Filled as RC by the maintainer to see it autoremoved from testing if nobody disagrees. Please, do downgrade it with an explanation if you disagree.] I initially packaged php-zend-xml as used by owncloud-news, but the first packaged version, still in NEW, doesn’t use zendxml anymore (since January 2015). I would have requested its removal from testing if I had notice sooner… I intend to follow up with an RM request in a few months if nobody objects (but feel free to beat me to it). Regards David signature.asc Description: Digital signature
Bug#785491: xserver-xorg-video-siliconmotion FTBFS on arm64, implicit declarations of inb and outb
Package: xserver-xorg-video-siliconmotion Severity: serious Version: 1:1.7.7-2 Tags: sid x-debbugs-cc: debian-...@lists.debian.org /bin/bash ../libtool --tag=CC --mode=compile gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I../../src -I.. -D_FORTIFY_SOURCE=2 -fvisibility=hidden -I/usr/include/pixman-1 -I/usr/include/libdrm -I/usr/include/xorg -I/usr/include/X11/dri -Wall -Wpointer-arith -Wmissing-declarations -Wformat=2 -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Wbad-function-cast -Wold-style-definition -Wdeclaration-after-statement -Wunused -Wuninitialized -Wshadow -Wmissing-noreturn -Wmissing-format-attribute -Wredundant-decls -Wlogical-op -Werror=implicit -Werror=nonnull -Werror=init-self -Werror=main -Werror=missing-braces -Werror=sequence-point -Werror=return-type -Werror=trigraphs -Werror=array-bounds -Werror=write-strings -Werror=address -Werror=int-to-pointer-cast -Werror=pointer-to-int-cast -fno-strict-aliasing -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -c -o smi_501.lo ../../src/smi_501.c libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I../../src -I.. -D_FORTIFY_SOURCE=2 -fvisibility=hidden -I/usr/include/pixman-1 -I/usr/include/libdrm -I/usr/include/xorg -I/usr/include/X11/dri -Wall -Wpointer-arith -Wmissing-declarations -Wformat=2 -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Wbad-function-cast -Wold-style-definition -Wdeclaration-after-statement -Wunused -Wuninitialized -Wshadow -Wmissing-noreturn -Wmissing-format-attribute -Wredundant-decls -Wlogical-op -Werror=implicit -Werror=nonnull -Werror=init-self -Werror=main -Werror=missing-braces -Werror=sequence-point -Werror=return-type -Werror=trigraphs -Werror=array-bounds -Werror=write-strings -Werror=address -Werror=int-to-pointer-cast -Werror=pointer-to-int-cast -fno-strict-aliasing -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -c ../../src/smi_501.c -fPIC -DPIC -o .libs/smi_501.o In file included from ../../src/smi.h:317:0, from ../../src/smi_501.c:33: ../../src/regsmi.h: In function 'VGAIN8_INDEX': ../../src/regsmi.h:67:2: error: implicit declaration of function 'outb' [-Werror=implicit-function-declaration] outb(pSmi-PIOBase + indexPort, index); ^ ../../src/regsmi.h:67:2: warning: nested extern declaration of 'outb' [-Wnested-externs] ../../src/regsmi.h:68:2: error: implicit declaration of function 'inb' [-Werror=implicit-function-declaration] return(inb(pSmi-PIOBase + dataPort)); ^ ../../src/regsmi.h:68:2: warning: nested extern declaration of 'inb' [-Wnested-externs] cc1: some warnings being treated as errors https://buildd.debian.org/status/fetch.php?pkg=xserver-xorg-video-siliconmotionarch=arm64ver=1%3A1.7.8-1stamp=1431189468 This seems to have been triggered by either the xorg update or by some other change outside the package. The 1:1.7.7-2+b1 log and 1:1.7.8-1 log show the error but the non-binnmu 1:1.7.7-2 build was successful and the log does not mention inb or outb. From some googling it appears that the chipsets this driver supports were mostly if not entirely used as onboard graphics in laptops and were obsolete long before PCIe came in. So I think it's unlikely (but perhaps not impossible) that such a card would end up in a arm64 system. So maybe a binary removal request is the way to go. Putting arm porters in cc just in case anyone can think of a reason to keep this arround on arm64 (e.g I know that sometimes management controllers contain clones of obsolete graphics cards, the ones I've seen were matrox clones but I can't rule out that some may contain clones of older graphics cards) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Bug #785472 forwarded
Processing commands for cont...@bugs.debian.org: forwarded 785472 http://sourceforge.net/p/parcellite/bugs/143/ Bug #785472 [parcellite] parcellite: Parcellite fails to start after upgrading to Jessie Set Bug forwarded-to-address to 'http://sourceforge.net/p/parcellite/bugs/143/'. tags 785472 confirmed Bug #785472 [parcellite] parcellite: Parcellite fails to start after upgrading to Jessie Added tag(s) confirmed. thanks Stopping processing here. Please contact me if you need assistance. -- 785472: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785472 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: [Pkg-utopia-maintainers] Bug#785449: [network-manager] NM daemon crashes after 4G dongle remove and plug again.
Processing control commands: severity -1 important Bug #785449 [network-manager] [network-manager] NM daemon crashes after 4G dongle remove and plug again. Severity set to 'important' from 'serious' tags -1 moreinfo Bug #785449 [network-manager] [network-manager] NM daemon crashes after 4G dongle remove and plug again. Added tag(s) moreinfo. -- 785449: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785449 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785449: [Pkg-utopia-maintainers] Bug#785449: [network-manager] NM daemon crashes after 4G dongle remove and plug again.
Control: severity -1 important Control: tags -1 moreinfo Am 16.05.2015 um 14:27 schrieb IANSAV: Package: network-manager Version: 1.0.2-2 Severity: serious --- Please enter the report below this line. --- Dear Maintainer, if I remove then plug my Huawei E3272 4G dongle and try to connect, I get a lighting led on dongle (like a connection is up) and connecting look of applet icon. Permanently. I can't turn off connection by using an applet and I can't access to Inet. Moreower. I can't restart it via systemctl or even REBOOT MY LAPTOP (when a try it, I get black screen and when I press Ctrl+Alt+F1 I see login promt, but I can't type anything. Keyboard is disabled!) Please, fix this strange bug. Please install network-manager-dbg and provide a proper backtrace of when the NetworkManager daemon crashes. Your other problems (timeouts, no reboot etc) point to a more general problem which don't look directly related to NetworkManger. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#785496: subversion: FTBFS: Test failure in wc-queries-test
Source: subversion Version: 1.8.10-6 Severity: serious From my pbuilder build log: ... [40/99] wc-queries-test..FAILURE ... START: wc-queries-test DBG: Using Sqlite 3.8.10.1 PASS: lt-wc-queries-test 1: sqlite up-to-date PASS: lt-wc-queries-test 2: queries are parsable svn_tests: E26: STMT_SELECT_EXTERNALS_DEFINED: Uses externals with only 1 index component: (wc_id=? ) SELECT local_relpath, def_local_relpath FROM externals WHERE (wc_id = ?1 AND def_local_relpath = ?2)OR (wc_id = ?1 AND (((def_local_relpath) (CASE (?2) WHEN '' THEN '' ELSE (?2) || '/' END)) AND ((def_local_relpath) CASE (?2) WHEN '' THEN X'' ELSE (?2) || '0' END))) svn_tests: E200035: Additional errors: svn_tests: E200035: |SEARCH TABLE externals USING COVERING INDEX I_EXTERNALS_DEFINED (wc_id=?) FAIL: lt-wc-queries-test 3: test query expectations PASS: lt-wc-queries-test 4: test schema statistics END: wc-queries-test ELAPSED: wc-queries-test 0:00:00.105096 ... debian/rules:204: recipe for target 'debian/stamp-build-arch' failed make: *** [debian/stamp-build-arch] Error 1 dpkg-buildpackage: error: debian/rules build gave error exit status 2 -- Daniel Schepler -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org