Processed: your mail
Processing commands for cont...@bugs.debian.org: > tags 808850 patch Bug #808850 [src:xfonts-wqy] xfonts-wqy: FTBFS: Type of arg 1 to shift must be array (not constant item) at ./bdfmerge.pl line 35, near "ARGV)" Added tag(s) patch. > -- Stopping processing here. Please contact me if you need assistance. -- 808850: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808850 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: severity of 849830 is normal
Processing commands for cont...@bugs.debian.org: > severity 849830 normal Bug #849830 [src:digikam] [src:digikam] Some sources are not included in your package Severity set to 'normal' from 'serious' > thanks Stopping processing here. Please contact me if you need assistance. -- 849830: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849830 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: your mail
Processing commands for cont...@bugs.debian.org: > severity 849836 serious Bug #849836 [zekr] zekr: Missing dependency on libwebkitgtk-1.0-0 Severity set to 'serious' from 'important' > End of message, stopping processing here. Please contact me if you need assistance. -- 849836: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849836 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#796197: marked as done (CVE-2015-5395)
Your message dated Sun, 01 Jan 2017 04:34:11 + with message-id and subject line Bug#796197: fixed in sogo 3.2.4-0.1 has caused the Debian Bug report #796197, regarding CVE-2015-5395 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 796197: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796197 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: sogo Severity: grave Tags: security CVE-2015-5395: http://www.openwall.com/lists/oss-security/2015/07/07/10 Cheers, Moritz --- End Message --- --- Begin Message --- Source: sogo Source-Version: 3.2.4-0.1 We believe that the bug you reported is fixed in the latest version of sogo, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 796...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jordi Mallach (supplier of updated sogo package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 01 Jan 2017 05:01:49 +0100 Source: sogo Binary: sogo sogo-common Architecture: source all amd64 Version: 3.2.4-0.1 Distribution: experimental Urgency: medium Maintainer: Jeroen Dekkers Changed-By: Jordi Mallach Description: sogo - Scalable groupware server sogo-common - Scalable groupware server - common files Closes: 796197 827812 848489 Changes: sogo (3.2.4-0.1) experimental; urgency=medium . * Non-maintainer upload. * New upstream release. - includes fix for CVE-2015-5395: CSRF attack. Closes: #796197 * Refresh patches. * Add python to Build-Depends, to be able to run gen-saml2-exceptions.py. * Move to dbgsym package, and ensure migration via dh_strip --ddeb-migration. * Make testsuite not fatal, for now. Closes: #827812 * Update dependency on mysql-server to default-mysql-server. Closes: #848489 * Add database scripts for upgrades to 3.x to docs. * Use the vendored ckeditor for now. * Remove js deps that are no longer needed. * Update copyright. * Add /var/run/sogo to tmpfiles.d file. * Add a systemd service based on upstream's. * Use secure URLs for Vcs-* and Homepage fields. * Add dependency on lsb-base for init script. Checksums-Sha1: b9f40dcfbb8a8ad30b4c4de7c182c2b1525a7cdb 2034 sogo_3.2.4-0.1.dsc d178b547939c2a2f9bc838f3aff397f77081d031 32324033 sogo_3.2.4.orig.tar.gz e7a809216be15fe315ad045cabf1caa7cdf6d0fe 20556 sogo_3.2.4-0.1.debian.tar.xz 31593af1d7a478a75c46471f8bfc7b81c2f1d78f 17943388 sogo-common_3.2.4-0.1_all.deb 67608cf8fd9154764441300767be5436f9735b02 1518692 sogo-dbgsym_3.2.4-0.1_amd64.deb 004476a383e9c8f64291302b975adc0a8af6f844 8395 sogo_3.2.4-0.1_amd64.buildinfo 78e0b716ec66b197df79aec317e81499cdc9edb4 2274972 sogo_3.2.4-0.1_amd64.deb Checksums-Sha256: ed2620a17fe241f13af7c447be0a7afdf827fc32b357c2ec5f8b5e7c390b83a8 2034 sogo_3.2.4-0.1.dsc a843f1c62e775b5e571ffd991b055536349923ad9b590c0f9503def6f7582967 32324033 sogo_3.2.4.orig.tar.gz 13be2d093827146dd82c2aae99c7b3464b346934c79ee15ae216747cd7c5d311 20556 sogo_3.2.4-0.1.debian.tar.xz 91c402e5bbb538fc828854977068b9fb3f6347c7da914f55407b6ed51df09001 17943388 sogo-common_3.2.4-0.1_all.deb eda7a6f4c1d45272a16f5c6bfabf13194a6b7aa44e416d0073101f2a5e6b787d 1518692 sogo-dbgsym_3.2.4-0.1_amd64.deb 4b47dcd066c55096c44cd58cc34f203d7f7919e023624b427b062fe7504834c0 8395 sogo_3.2.4-0.1_amd64.buildinfo 1f143a7f6f66bbde24114158eb4270e9e278522659ff6dda7d76fc46dc43667a 2274972 sogo_3.2.4-0.1_amd64.deb Files: f72a63551ed562fa30692c6c5c660acc 2034 mail optional sogo_3.2.4-0.1.dsc 56a477c1e9115bfd6d6bdcdaeb089102 32324033 mail optional sogo_3.2.4.orig.tar.gz b8e1475a7b9d894a3dbe0c2384dbacca 20556 mail optional sogo_3.2.4-0.1.debian.tar.xz e766ad3296a3e869e8810b1a552db37d 17943388 mail optional sogo-common_3.2.4-0.1_all.deb 03a150b7970c102581e6e3814a06faa5 1518692 debug extra sogo-dbgsym_3.2.4-0.1_amd64.deb 09d1002decc493294370fde20f65d6ac 8395 mail optional sogo_3.2.4-0.1_amd64.buildinfo 0e102d00010aa76d8c4f9fc0d9707857 2274972 mail optional sogo_3.2.4-0.1_amd64.deb -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE6BdUhsApKYN8KGoWJVAvb8vjywQFAlhof/YACgkQJVAvb8vj ywQU7w/5ARjibkL4cozB76n7jyMzlKMLCZnFLqAovpFPECsVFz40XXR/vxrC
Bug#827812: marked as done (sogo: FTBFS: Ran 13 tests FAILED (4 failures, 0 errors))
Your message dated Sun, 01 Jan 2017 04:34:12 + with message-id and subject line Bug#827812: fixed in sogo 3.2.4-0.1 has caused the Debian Bug report #827812, regarding sogo: FTBFS: Ran 13 tests FAILED (4 failures, 0 errors) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 827812: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827812 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: sogo Version: 2.2.17a-1.1 Severity: serious Justification: fails to build from source User: reproducible-bui...@lists.alioth.debian.org Usertags: ftbfs X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org Dear Maintainer, sogo fails to build from source in unstable/amd64: [..] if [ -r "" ]; then \ plmerge SchedulerUI.SOGo/Resources/Info-gnustep.plist ; \ fi make[4]: Leaving directory '/home/lamby/temp/cdt.20160621105635.AgOHzUmkUU.sogo/sogo-2.2.17a/UI/Scheduler' Making all in AdministrationUI ... make[4]: Entering directory '/home/lamby/temp/cdt.20160621105635.AgOHzUmkUU.sogo/sogo-2.2.17a/UI/AdministrationUI' cd .; \ /usr/share/GNUstep/Makefiles/mkinstalldirs ./obj Making all for bundle AdministrationUI... cd .; \ /usr/share/GNUstep/Makefiles/mkinstalldirs ./obj/AdministrationUI.obj/ /usr/share/GNUstep/Makefiles/mkinstalldirs AdministrationUI.SOGo/. gcc AdministrationUIProduct.m -c \ -MMD -MP -Wdate-time -D_FORTIFY_SOURCE=2 -DSAML2_CONFIG=1 -DGNUSTEP -DGNUSTEP_BASE_LIBRARY=1 -DGNU_RUNTIME=1 -DGNUSTEP_BASE_LIBRARY=1 -fno-strict-aliasing -fexceptions -fobjc-exceptions -D_NATIVE_OBJC_EXCEPTIONS -pthread -fPIC -DDEBUG -fno-omit-frame-pointer -Wall -DGSWARN -DGSDIAGNOSE -Wno-import -g -fstack-protector-strong -Wformat -Werror=format-security -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -fgnu-runtime -fconstant-string-class=NSConstantString -I.. -I../.. -I../../.. -I../../SoObjects -I../../SOPE -I../../SOPE/ -I. -I/usr/local/include/GNUstep -I/usr/include/GNUstep \ -o obj/AdministrationUI.obj/AdministrationUIProduct.m.o gcc UIxAdministration.m -c \ -MMD -MP -Wdate-time -D_FORTIFY_SOURCE=2 -DSAML2_CONFIG=1 -DGNUSTEP -DGNUSTEP_BASE_LIBRARY=1 -DGNU_RUNTIME=1 -DGNUSTEP_BASE_LIBRARY=1 -fno-strict-aliasing -fexceptions -fobjc-exceptions -D_NATIVE_OBJC_EXCEPTIONS -pthread -fPIC -DDEBUG -fno-omit-frame-pointer -Wall -DGSWARN -DGSDIAGNOSE -Wno-import -g -fstack-protector-strong -Wformat -Werror=format-security -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -fgnu-runtime -fconstant-string-class=NSConstantString -I.. -I../.. -I../../.. -I../../SoObjects -I../../SOPE -I../../SOPE/ -I. -I/usr/local/include/GNUstep -I/usr/include/GNUstep \ -o obj/AdministrationUI.obj/UIxAdministration.m.o gcc UIxAdministrationFilterPanel.m -c \ -MMD -MP -Wdate-time -D_FORTIFY_SOURCE=2 -DSAML2_CONFIG=1 -DGNUSTEP -DGNUSTEP_BASE_LIBRARY=1 -DGNU_RUNTIME=1 -DGNUSTEP_BASE_LIBRARY=1 -fno-strict-aliasing -fexceptions -fobjc-exceptions -D_NATIVE_OBJC_EXCEPTIONS -pthread -fPIC -DDEBUG -fno-omit-frame-pointer -Wall -DGSWARN -DGSDIAGNOSE -Wno-import -g -fstack-protector-strong -Wformat -Werror=format-security -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -fgnu-runtime -fconstant-string-class=NSConstantString -I.. -I../.. -I../../.. -I../../SoObjects -I../../SOPE -I../../SOPE/ -I. -I/usr/local/include/GNUstep -I/usr/include/GNUstep \ -o obj/AdministrationUI.obj/UIxAdministrationFilterPanel.m.o UIxAdministrationFilterPanel.m: In function '+[UIxAdministrationFilterPanel initialize]': UIxAdministrationFilterPanel.m:39:2: warning: #warning how useful is this? [-Wcpp] #warning how useful is this? ^ gcc -shared -rdynamic -Wl,--rpath,/usr/lib/sogo -Wl,-z,relro -Wl,-z,now -pthread -fexceptions -o ./AdministrationUI.SOGo/./AdministrationUI ./obj/AdministrationUI.obj/AdministrationUIProduct.m.o ./obj/AdministrationUI.obj/UIxAdministration.m.o ./obj/AdministrationUI.obj/UIxAdministrationFilterPanel.m.o -L./../../SOPE/NGCards/obj -L./../../SoObjects/SOGo/SOGo.framework/sogo/ -L./../SOGoUI/obj -L../../SOPE/GDLContentStore/obj/-L/usr/local/lib -L/usr/lib -L/usr/local/lib -L/usr/lib -lSOGoUI -lSOGo-lgnustep-base -lobjc -lm /usr/share/GNUstep/Makefiles/mkinstalldirs AdministrationUI.SOGo/Resources for f in product.plist Toolbars/UIxAdministration.toolbar; do \ if [ -f .//$f -o -d .//$f ]; then \ cp -fr .//$f ./AdministrationUI.SOGo/Resources/; \ else \ echo "Warning: .//$f not found - ignoring"; \ fi; \ done
Bug#808850: xfonts-wqy: FTBFS: Type of arg 1 to shift must be array (not constant item) at ./bdfmerge.pl line 35, near "ARGV)"
tags 808850 patch -- This is a patch so that the Makefile will not invoke bdfmerge.pl. Thus the bug in bdfmerge.pl can be downgraded to "Normal" (so it is no longer RC) once this patch is applied. The invocations to bdfmerge.pl specify a range of code points, so that only code points in that range are included in the output. But the Makefile specifies ranges of 0--0x. In other words, it specifies using every glyph that can exist in the BDF source files, removing no code points from them. Thus it is a null operation in this instance, and can be bypassed with no side effects (except for postponing fixing the bug in bdfmerge.pl). With this patch, bdftopcf is invoked directly on the original BDF font files. The resulting PCF files are identical to those produced by the original Makefile, minus the bdfmerge.pl warning. Because the Makefile has not changed in years, this should be a relatively stable solution. Patch follows. Paul Hardy -cut here--- --- Makefile2016-12-31 17:49:57.0 -0800 +++ Makefile-new2016-12-31 17:49:57.0 -0800 @@ -39,8 +39,7 @@ all_pcf:= $(all_range:%=%.pcf) %.pcf: %.bdf -$(SLICE) $(RANGE) $*.bdf > $*_cjk.bdf -$(B2P) $*_cjk.bdf > $*.pcf +$(B2P) $*.bdf > $*.pcf all: b2p $(all_pcf) cjk: RANGE=$(CJKALL)
Bug#849841: [src:linux] bpfcc-tools don't work on 4.8 signed kernels
Package: src:linux Version: linux-image-4.8.0-2-amd64 Severity: serious Hi, I found bpfcc-tools don't work on linux-image-4.8.0-2-amd64 and linux-image-4.8.0-2-rt-amd64, for these kernels are signed kernel, I think bpfcc-tools don't work on all signed kernels on x86_64 platform. bpfcc-tools works on linux-image-4.8.0-2-amd64-unsigned, linux-image-4.8.0-2-rt-amd64-unsigned and linux-image-4.7.0-1-amd64, following is my detailed test log: ##linux-image-4.8.0-2-amd64 root@bcat:~# python /usr/share/doc/bpfcc-tools/examples/hello_world.py bpf: Invalid argument Traceback (most recent call last): File "/usr/share/doc/bpfcc-tools/examples/hello_world.py", line 11, in BPF(text='int kprobe__sys_clone(void *ctx) { bpf_trace_printk("Hello, World!\\n"); return 0; }').trace_print() File "/usr/lib/python2.7/dist-packages/bcc/__init__.py", line 203, in __init__ self._trace_autoload() File "/usr/lib/python2.7/dist-packages/bcc/__init__.py", line 679, in _trace_autoload fn = self.load_func(func_name, BPF.KPROBE) File "/usr/lib/python2.7/dist-packages/bcc/__init__.py", line 243, in load_func raise Exception("Failed to load BPF program %s" % func_name) Exception: Failed to load BPF program kprobe__sys_clone root@bcat:~# uname -a Linux bcat 4.8.0-2-amd64 #1 SMP Debian 4.8.11-1 (2016-12-02) x86_64 GNU/Linux root@bcat:~# dpkg -l |grep linux-image ic linux-image-4.7.0-1-amd64 4.7.8-1 amd64Linux 4.7 for 64-bit PCs (signed) ii linux-image-4.8.0-1-amd64 4.8.7-1 amd64Linux 4.8 for 64-bit PCs (signed) ii linux-image-4.8.0-2-amd64 4.8.11-1 amd64Linux 4.8 for 64-bit PCs (signed) ii linux-image-amd64 4.8+77 amd64Linux for 64-bit PCs (meta-package) ## linux-image-4.8.0-2-rt-amd64-unsigned root@bcat:~# python /usr/share/doc/bpfcc-tools/examples/hello_world.py sshd-1225 [001] d...2..86.931062: : Hello, World! sshd-2855 [007] d...2..86.937056: : Hello, World! sshd-1225 [002] d...2..92.551224: : Hello, World! sshd-2869 [004] d...2..92.557394: : Hello, World! systemd-udevd-454 [003] d...2..92.721318: : Hello, World! ^Croot@bcat:~ root@bcat:~# uname -a Linux bcat 4.8.0-2-rt-amd64 #1 SMP PREEMPT RT Debian 4.8.15-1 (2016-12-19) x86_64 GNU/Linux root@bcat:~# dpkg -l |grep linux-image ic linux-image-4.7.0-1-amd64 4.7.8-1 amd64Linux 4.7 for 64-bit PCs (signed) rc linux-image-4.8.0-1-amd64 4.8.7-1 amd64Linux 4.8 for 64-bit PCs (signed) ii linux-image-4.8.0-2-amd64 4.8.11-1 amd64Linux 4.8 for 64-bit PCs (signed) ii linux-image-4.8.0-2-rt-amd64-unsigned 4.8.15-1 amd64Linux 4.8 for 64-bit PCs, PREEMPT_RT ii linux-image-amd64 4.8+77 amd64Linux for 64-bit PCs (meta-package) ##linux-image-4.8.0-2-amd64-unsigned root@bcat:~# python /usr/share/doc/bpfcc-tools/examples/hello_world.py sshd-1108 [005] d... 218.666546: : Hello, World! sshd-2701 [007] d... 218.672187: : Hello, World! sshd-1108 [005] d... 223.546367: : Hello, World! sshd-2707 [007] d... 223.551765: : Hello, World! console-kit-dae-2622 [002] d... 223.723321: : Hello, World! console-kit-dae-2622 [002] d... 223.726497: : Hello, World! console-kit-dae-2622 [002] d... 223.729037: : Hello, World! sshd-2707 [000] d... 223.771321: : Hello, World! bash-2712 [003] d... 223.773793: : Hello, World! bash-2713 [004] d... 223.774088: : Hello, World! bash-2712 [003] d... 223.792414: : Hello, World! bash-2715 [004] d... 223.792811: : Hello, World! ^Croot@bcat:~# uname -a Linux bcat 4.8.0-2-amd64 #1 SMP Debian 4.8.15-1 (2016-12-19) x86_64 GNU/Linux root@bcat:~# dpkg -l |grep linux-image ic linux-image-4.7.0-1-amd64 4.7.8-1 amd64Linux 4.7 for 64-bit PCs (signed) rc linux-image-4.8.0-1-amd64 4.8.7-1 amd64Linux 4.8 for 64-bit PCs (signed) rc linux-image-4.8.0-2-amd64 4.8.11-1 amd64Linux 4.8 for 64-bit PCs (signed) ii linux-image-4.8.0-2-amd64-unsigned4.8.15-1 amd64Linux 4.8 for 64-bit PCs ii linux-image-4.8.0-2-rt-amd64-unsigned 4.8.15-1 amd64Li
Bug#849531: [Logwatch-devel] Bug#849531: Possible security problem,new logwatch sends mails with charset UTF-8
> -Original Message- > From: Klaus Ethgen > Sent: Saturday, December 31, 2016 08:48 > To: Willi Mann > Cc: Jason Pyeron; 849...@bugs.debian.org; logwatch-de...@lists.sourceforge.net > > Hi, > > Am Sa den 31. Dez 2016 um 14:28 schrieb Willi Mann: > > thanks for your test cases. However, I don't think that > binmode provides > > an acceptable solution, at least not alone. While it > ensures that the > > strings are valid utf-8 strings, it will convert any valid utf-8 > > character to two "garbage" characters. Try Not exactly a valid test, besides it works for me. The issue is internal ascii data being written as ascii but instructing consumers it is uft8. $ cat utf8_test.pl #!/usr/bin/perl # use strict; use File::Slurp; my $inputfile = @ARGV[0]; my $logfilecontent = read_file($inputfile); binmode(STDOUT, ":utf8"); print $logfilecontent; $ ./utf8_test.pl testlog.txt übersät $ ./utf8_test.pl testlog.txt | hexdump -C c3 bc 62 65 72 73 c3 a4 74 0a|..bers..t.| 000a $ hexdump.exe -C testlog.txt fc 62 65 72 73 e4 74 0a |.bers.t.| 0008 > > Well, that "garbage" is by design for UTF-8. If you don't want that, > stay on latin1. > > It is a no-go to set the mime type to UTF-8 but still send latin1. (As > it does the current version.) Setting header to UTF-8 doesn't > change the > content of the mail. It just open up for troubles. > > Regards >Klaus > - -- > Klaus Ethgen > http://www.ethgen.ch/ > pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen > > Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C > -BEGIN PGP SIGNATURE- > Comment: Charset: ISO-8859-1 > > iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlhntxMACgkQpnwKsYAZ > 9qyD4gv/ThmNQDCI9QeXYGvwafNDzcDtaHUpeGhOqJI4NjE/UxvPDGIJsMAmS3fI > w69zDuHmy9d1AsCm4I8ipF9l1LD1GHo8Fh9g2Uiv4l6d5e4jYmMi/L/pJxqbAqIt > A1LjNQUNGMLk97OHLqR5/9lnfOzahdzgEVNP/Fi5ygVXi3vJFdwfFFbWk39CfYUy > jcKQUdDzbQUzyFLl7I+1pZm19HCDH4v5fIzqwQW8bz4VXpTIUZjXJSV2n5gN1Lo9 > 99utKdR1b1UQScdGs2zV/QhVN/IJJsNNzK4Zylisdjw0ZgvnSW3gt461d62FAH1o > R4UwerUZYWzCGLZHpGwPw/1/s7YOAlPlO46UzSslqC0J0mmcCPG5eBz4iX2F03U3 > uoz3gscPsjFAf/eqlkp6MHXeNqSV2cCwQLnqZ17/py5DiMUxS61dFXRmcrLOotC0 > KmDBRC7Gft8dcr4bjqYG3jIv0ppOEdvA1izQQ+q2WNQ4E7AprDPJ94MgibQ8BBYX > iGbaxnj2 > =af5+ > -END PGP SIGNATURE- >
Bug#849696: libogre-1.9.0v5: Ogre games abort on startup with “basic_string::_M_construct null not valid” / freeimage API issues
Hi, On 31/12/16 17:49, Manuel A. Fernandez Montecelo wrote: > 2016-12-30 02:33 James Cowgill: >> On 29/12/16 21:52, Thibaut Girka wrote: >>> This started happening since upgrading libfreeimage3, so this might >>> be a bug in >>> it rather than in Ogre itself, but I haven't investigated any further >>> yet. >> >> This appears to be a regression in the Debian patch applied in >> libfreeimage3 3.17.0+ds1-4. >> >> Ogre contains this (OgreMain/src/OgreFreeImageCodec.cpp:98): >>> for (int i = 0; i < FreeImage_GetFIFCount(); ++i) >>> { >>> // Skip DDS codec since FreeImage does not have the option >>> // to keep DXT data compressed, we'll use our own codec >>> if ((FREE_IMAGE_FORMAT)i == FIF_DDS) >>> continue; >>> >>> String exts(FreeImage_GetFIFExtensionList((FREE_IMAGE_FORMAT)i)); >> [loop body continues] >> [String is typedefed to std::string] >> >> This code assumes that FreeImage_GetFIFExtensionList will never return >> NULL for values of i between 0 and FreeImage_GetFIFCount(). However in >> the most recent Debian version of freeimage, >> FreeImage_GetFIFExtensionList(27 / FIF_FAXG3) does return NULL. >> >> It is unclear to me who is wrong here. The documentation does not >> suggest anything about when FreeImage_GetFIFExtensionList can fail, >> although the examples always check FreeImage_FIFSupportsReading before >> calling it. Can any freeimage maintainer suggest the best way to fix >> this? > > Thanks for the analysis. > > The comment on the patch seems to add some light as to the cause of this > breakage: > > > https://anonscm.debian.org/cgit/debian-science/packages/freeimage.git/commit/?id=a67fe8c111d0de919b7a6710d4dd5efe05fbf380 > > > ++//allows adding a NULL node in order to not mess up plugin > ++//numbering when some are disabled. Otherwise there will be a > ++//discrepancy between FREE_IMAGE_FORMAT enumerator values and the > ++//actual format. > ++m_plugin_map[(const int)m_plugin_map.size()] = 0; > > > If freeimage plans to ship with this change and not revert it somehow, > the OGRE plugin for freeimage needs to check for the possibility of > having null nodes in this structure. vvt Yes, but my question is whether the freeimage API allows for this patch. Either the patch is correct according to the API and OGRE should be patched in both Debian and upstream, or the patch is wrong and an alternate solution in freeimage should be found which doesn't return NULLs. It seems like a bit of an unmaintainable hack to patch OGRE in Debian only. Also, I just did a search of the archive and cegui-mk2 is probably broken by this bug as well: http://sources.debian.net/src/cegui-mk2/0.8.7-1.3/cegui/src/ImageCodecModules/FreeImage/ImageCodec.cpp/?hl=58#L58 Thanks, James signature.asc Description: OpenPGP digital signature
Bug#843163: marked as done (dpkg: -V fails on files with \ in the name)
Your message dated Sat, 31 Dec 2016 21:48:42 + with message-id and subject line Bug#843163: fixed in debhelper 10.2.3 has caused the Debian Bug report #843163, regarding dpkg: -V fails on files with \ in the name to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 843163: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843163 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: dpkg Severity: normal Version: 1.18.10 hi, open-vm-tools-desktop contains a systemd mount unit with a maybe unusal filename: /lib/systemd/system/run-vmblock\x2dfuse.mount \x2d is the systemd way to escape characters, see systemd.unit(5): Basically, given a path, "/" is replaced by "-", and all other characters which are not ASCII alphanumerics are replaced by C-style "\x2d" escapes (except that "_" is never replaced and "." is only replaced when it would be the first character in the escaped path). dpkg -V fails on that: # dpkg -V open-vm-tools-desktop dpkg: error: control file 'md5sums' missing value separator Reason for that seems to be that md5sum - similar as sha256sum and others, seems to start such lines with a \: \dde14951417e0e9f73b80f871e6540d1 lib/systemd/system/run-vmblock\\x2dfuse.mount Removing the \ from the beginning of the line make dpkg -V verify the package successfull. So either dh_md5sums should remove \-es, or dpkg should handle the format md5sum produces. Thanks, Bernd -- Mit freundlichen Grüßen Bernd Zeimetz Systems Engineer Debian Developer conova communications GmbH Web| http://www.conova.com/ E-Mail | b.zeim...@conova.com Zentrale Salzburg Karolingerstraße 36A 5020 Salzburg Tel | +43 (0) 662 22 00 - 313 Fax | +43 (0) 662 22 00 - 209 Es gelten die Allgemeinen Geschäftsbedingungen der conova communications GmbH, http://www.conova.com/de/agb/ smime.p7s Description: S/MIME cryptographic signature --- End Message --- --- Begin Message --- Source: debhelper Source-Version: 10.2.3 We believe that the bug you reported is fixed in the latest version of debhelper, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 843...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Niels Thykier (supplier of updated debhelper package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 31 Dec 2016 21:27:54 + Source: debhelper Binary: debhelper dh-systemd Architecture: source Version: 10.2.3 Distribution: unstable Urgency: medium Maintainer: Debhelper Maintainers Changed-By: Niels Thykier Description: debhelper - helper programs for debian/rules dh-systemd - debhelper add-on to handle systemd unit files - transitional pack Closes: 805878 830208 839655 843163 843813 Changes: debhelper (10.2.3) unstable; urgency=medium . [ Axel Beckert ] * Fix wrong German translation of dh_systemd_start man page. Thanks to Thorsten Alteholz for spotting the mistake! (Closes: #839655) . [ Mattia Rizzolo ] * dh_auto_test: Apply patch from Mattia Rizzolo to update documentation about running tests during cross-building. . [ Niels Thykier ] * Bump dependency on dh-strip-nondeterminism to ensure stable-backports uses a functional version. Thanks to Christoph Biedl for the report. (Closes: #843813) * Massage md5sum output to avoid GNU-specific escaping extension while we wait for dpkg-gendigests for a more compatible tool. Thanks to Bernd Zeimetz for the report. (Closes: #843163) . [ Felipe Sateler ] * dh_systemd_start: Fix a bug where --restart-after-upgrade with --no-start would still start the service. (Closes: #805878) * dh_installinit: Leave the handling of debian/pkg.service and debian/pkg.tmpfiles to dh_systemd_*. (Closes: #830208) Checksums-Sha1: 91342a75746822bdc243077d1587b8afa606d133 1733 debhelper_10.2.3.dsc 55393c7999f7f0511199e7aa6ebc0be446cad721 355864 debhelper_10.2.3.tar.xz Checksums-Sha256: 04da89e3144143ddcbe9a898ef607064c5800428690ccba020f95af990750c39 1733 debhelper_10.2.3.dsc 80a31c22a5c3041b785844dae1b18c436872bdc64221fbd1d1a6c900b40b358b 355864 debhelper_10.
Processed: clone and affect
Processing commands for cont...@bugs.debian.org: > clone 813054 -1 -2 -3 Bug #813054 [src:firefox] firefox: contains JSHint work under non-free licence Bug 813054 cloned as bugs 849831-849833 > reassign -1 firefox-esr Bug #849831 [src:firefox] firefox: contains JSHint work under non-free licence Bug reassigned from package 'src:firefox' to 'firefox-esr'. No longer marked as found in versions firefox/46.0~b5-1, icedove/42.0~b2-1, icedove/31.8.0-1~deb7u1, icedove/40.0~b1-1, iceweasel/38.7.1esr-1~deb8u1, icedove/31.5.0-1~deb7u1, firefox/45.0.1-1, iceweasel/38.5.0esr-1~deb7u2, iceweasel/31.8.0esr-1~deb7u1, icedove/31.8.0-1~deb8u1, and firefox-esr/45.0.1esr-1. Ignoring request to alter fixed versions of bug #849831 to the same values previously set > reassign -2 icedove Bug #849832 [src:firefox] firefox: contains JSHint work under non-free licence Bug reassigned from package 'src:firefox' to 'icedove'. No longer marked as found in versions firefox-esr/45.0.1esr-1, icedove/31.8.0-1~deb8u1, iceweasel/38.5.0esr-1~deb7u2, firefox/45.0.1-1, iceweasel/31.8.0esr-1~deb7u1, icedove/31.5.0-1~deb7u1, iceweasel/38.7.1esr-1~deb8u1, icedove/31.8.0-1~deb7u1, icedove/40.0~b1-1, icedove/42.0~b2-1, and firefox/46.0~b5-1. Ignoring request to alter fixed versions of bug #849832 to the same values previously set > reassign -3 iceweasel Bug #849833 [src:firefox] firefox: contains JSHint work under non-free licence Bug reassigned from package 'src:firefox' to 'iceweasel'. No longer marked as found in versions firefox/46.0~b5-1, icedove/42.0~b2-1, icedove/31.8.0-1~deb7u1, icedove/40.0~b1-1, iceweasel/38.7.1esr-1~deb8u1, icedove/31.5.0-1~deb7u1, iceweasel/31.8.0esr-1~deb7u1, iceweasel/38.5.0esr-1~deb7u2, firefox/45.0.1-1, icedove/31.8.0-1~deb8u1, and firefox-esr/45.0.1esr-1. Ignoring request to alter fixed versions of bug #849833 to the same values previously set > End of message, stopping processing here. Please contact me if you need assistance. -- 813054: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813054 849831: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849831 849832: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849832 849833: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849833 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#849830: [src:digikam] Some sources are not included in your package
Package: src:digikam Version: 4:5.3.0-1 user: lintian-ma...@debian.org usertags: source-is-missing severity: serious X-Debbugs-CC: ftpmas...@debian.org Hi, your package includes some files that seem to lack sources in preferred forms of modification (even if removed during clean target). I have copied the lintian override that is bogus # The following two files are removed in clean target, so not part of the build. digikam source: source-is-missing core/data/about/js/bootstrap.min.js digikam source: source-is-missing core/data/about/js/jquery.min.js According to Debian Free Software Guidelines [1] (DFSG) #2: "The program must include source code, and must allow distribution in source code as well as compiled form." In some cases this could also constitute a license violation for some copyleft licenses such as the GNU GPL. (While sometimes the licence allows not to ship the source, the DFSG always mandates source code.) In order to solve this problem, you could: 1. add the source files to "debian/missing-sources" directory. 2. repack the origin tarball and add the missing source files to it. Both way satisfy the requirement to ship all source code. The second option might be preferable due to the following reasons [2]: - Upstream can do it too and you could even supply a patch to them, thus full filling our social contract [3], see particularly §2. - If source and non-source are in different locations, ftpmasters may miss the source and (needlessly) reject the package. - The source isn't duplicated in every .diff.gz/.debian.tar.* (though this only really matters for larger sources). You could also ask debian...@lists.debian.org or #debian-qa for more guidance. [1] https://www.debian.org/social_contract.en.html#guidelines [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736873#8 [3] https://www.debian.org/social_contract signature.asc Description: This is a digitally signed message part.
Bug#849829: [arc-gui-clients] Some sources are not included in your package
Package: arc-gui-clients Version: 0.4.6-3 user: lintian-ma...@debian.org usertags: source-is-missing severity: serious X-Debbugs-CC: ftpmas...@debian.org Hi, your package includes some files that seem to lack sources in preferred forms of modification: * docs/users_guide/build/html/_static/jquery.js line length is 517 characters (>512) *docs/users_guide/build/html/_static/underscore.js line length is 530 characters (>512) According to Debian Free Software Guidelines [1] (DFSG) #2: "The program must include source code, and must allow distribution in source code as well as compiled form." In some cases this could also constitute a license violation for some copyleft licenses such as the GNU GPL. (While sometimes the licence allows not to ship the source, the DFSG always mandates source code.) In order to solve this problem, you could: 1. add the source files to "debian/missing-sources" directory. 2. repack the origin tarball and add the missing source files to it. Both way satisfy the requirement to ship all source code. The second option might be preferable due to the following reasons [2]: - Upstream can do it too and you could even supply a patch to them, thus full filling our social contract [3], see particularly §2. - If source and non-source are in different locations, ftpmasters may miss the source and (needlessly) reject the package. - The source isn't duplicated in every .diff.gz/.debian.tar.* (though this only really matters for larger sources). You could also ask debian...@lists.debian.org or #debian-qa for more guidance. [1] https://www.debian.org/social_contract.en.html#guidelines [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736873#8 [3] https://www.debian.org/social_contract signature.asc Description: This is a digitally signed message part.
Bug#849365: marked as done (libphp-phpmailer: CVE-2016-10033)
Your message dated Sat, 31 Dec 2016 21:02:32 + with message-id and subject line Bug#849365: fixed in libphp-phpmailer 5.2.9+dfsg-2+deb8u2 has caused the Debian Bug report #849365, regarding libphp-phpmailer: CVE-2016-10033 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 849365: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849365 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libphp-phpmailer Version: 5.2.9+dfsg-2 Severity: grave Tags: security upstream Justification: user security hole Hi, the following vulnerability was published for libphp-phpmailer. CVE-2016-10033[0]: remote code execution Details though at the point of writing this bugreport are not yet available. It is fixed in the new upstream version 5.2.18. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-10033 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: libphp-phpmailer Source-Version: 5.2.9+dfsg-2+deb8u2 We believe that the bug you reported is fixed in the latest version of libphp-phpmailer, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 849...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thijs Kinkhorst (supplier of updated libphp-phpmailer package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 31 Dec 2016 10:44:49 +0100 Source: libphp-phpmailer Binary: libphp-phpmailer Architecture: source all Version: 5.2.9+dfsg-2+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian PHP PEAR Maintainers Changed-By: Thijs Kinkhorst Description: libphp-phpmailer - full featured email transfer class for PHP Closes: 849365 Changes: libphp-phpmailer (5.2.9+dfsg-2+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix CVE-2016-10033 (and CVE-2016-10045): apply commits 4835657c 9743ff5c 833c35fe from upstream. Closes: #849365. Checksums-Sha1: 91a429e2dcb8a0209e3906f79ead7cb5f2d7e7ef 1766 libphp-phpmailer_5.2.9+dfsg-2+deb8u2.dsc 4378845c3167b57a38dce2c16803f022ef4df350 6988 libphp-phpmailer_5.2.9+dfsg-2+deb8u2.debian.tar.xz cacd20630232c80e6d5af55dd0f9dd9f8826388e 130966 libphp-phpmailer_5.2.9+dfsg-2+deb8u2_all.deb Checksums-Sha256: 47494de87ec3b2459ad01592f07f37b85af87eea3a75d73ea39e9abbea17915f 1766 libphp-phpmailer_5.2.9+dfsg-2+deb8u2.dsc afa37d9654aa397fbf4fcede94675ed0742283dc7ef35166d00b3a074eb6e505 6988 libphp-phpmailer_5.2.9+dfsg-2+deb8u2.debian.tar.xz 59e1de75e1a4f5968fcac1bfbf48b3ad3f917f0f20e74dd78bff24bf877883b5 130966 libphp-phpmailer_5.2.9+dfsg-2+deb8u2_all.deb Files: bb11272cc2baf1b6e4d211d8d6f57b43 1766 php optional libphp-phpmailer_5.2.9+dfsg-2+deb8u2.dsc 425e2e355f46b7ce2bd7a5af6e16e540 6988 php optional libphp-phpmailer_5.2.9+dfsg-2+deb8u2.debian.tar.xz d4e5deb28ce38bf1a47093dab069eff2 130966 php optional libphp-phpmailer_5.2.9+dfsg-2+deb8u2_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBCAAGBQJYZ3/KAAoJEFb2GnlAHawExG0H/jqZbQi0FAPN8p9FmgYCIxjh p2pZYcpjzt/306I/in5HtXcHeQkWEzhD6Opt9F6A9ow+YONu8YHeKU20Eb+Fv4k1 658KP9N01fgUCH7D3JL49205BybNUE4eBiDw53S8IZyvJNozbMmR8qBGpYxHYYbt s8YEBAakoGSC4T/+IPa2z7qb6E+MBrBoJifVhhtCsJ2ro+yluTa3iRkX21Zhc41b rB7Vi3whyHgNQ+4Bdj9UyljL0bZAV73XfgLN/dR4b6+ND7oembO5f7QQSbENJ03a FVpwRFlKCnkeY4oNNdJPrBceZgOjSBPUfqcYYPDDyvqo8tqyO6Kj5o9isWuvehg= =PzAi -END PGP SIGNATURE End Message ---
Bug#834404: marked as done (ganeti-instance-debootstrap - uses unsupported losetup -s in default config)
Your message dated Sat, 31 Dec 2016 21:02:25 + with message-id and subject line Bug#834404: fixed in ganeti-instance-debootstrap 0.14-2+deb8u1 has caused the Debian Bug report #834404, regarding ganeti-instance-debootstrap - uses unsupported losetup -s in default config to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 834404: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834404 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: ganeti-instance-debootstrap Version: 0.14-2 Severity: grave Tags: jessie ganeti-instance-debootstrap in Jessie uses "losetup -s", which is not supported by the shipped losetup version or any newer. In Stretch it was fixed to use "--show". | # If the target device is not a real block device we'll first losetup it. | # This is needed for file disks. | if [ ! -b $blockdev ]; then | ORIGINAL_BLOCKDEV=$blockdev | blockdev=$(losetup -sf $blockdev) | CLEANUP+=("losetup -d $blockdev") | fi This makes the debootstrap os definition unusable in the default config, as losetup is used to access non-blockdevices. | Result: | - OpExecError | - - Could not install OS for instance 'instance.example.com' on node 'node.example.con': OS create script failed (exited with exit code 1), last lines in the log file: | -O, --outputspecify columns to output for --list | -n, --noheadings don't print headings for --list output | --raw use raw --list output format | | -h, --help display this help and exit | -V, --version output version information and exit | | Available --list columns: | NAME loop device name | AUTOCLEAR autoclear flag set | BACK-FILE device backing file | BACK-INO backing file inode number | BACK-MAJ:MIN backing file major:minor device number | MAJ:MIN loop device major:minor number |OFFSET offset from the beginning | PARTSCAN partscan flag set |RO read-only device | SIZELIMIT size limit of the file in bytes | | For more details see losetup(8). | Execution log: | - Time: 2016-08-15 10:57:33.882253 | Content: [1, message, - INFO: Running instance OS create scripts...] Please fix in Jessie. Bastian -- Bastian Blank Berater Telefon: +49 2166 9901-194 E-Mail: bastian.bl...@credativ.de credativ GmbH, HRB Mönchengladbach 12080, USt-ID-Nummer: DE204566209 Trompeterallee 108, 41189 Mönchengladbach Geschäftsführung: Dr. Michael Meskes, Jörg Folz, Sascha Heuer --- End Message --- --- Begin Message --- Source: ganeti-instance-debootstrap Source-Version: 0.14-2+deb8u1 We believe that the bug you reported is fixed in the latest version of ganeti-instance-debootstrap, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 834...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Apollon Oikonomopoulos (supplier of updated ganeti-instance-debootstrap package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 23 Dec 2016 10:48:28 +0200 Source: ganeti-instance-debootstrap Binary: ganeti-instance-debootstrap Architecture: source all Version: 0.14-2+deb8u1 Distribution: jessie Urgency: medium Maintainer: Debian Ganeti Team Changed-By: Apollon Oikonomopoulos Description: ganeti-instance-debootstrap - debootstrap-based instance OS definition for ganeti Closes: 834404 Changes: ganeti-instance-debootstrap (0.14-2+deb8u1) jessie; urgency=medium . * Replace losetup -s with losetup --show (Closes: #834404) Checksums-Sha1: 84fcbc4cb39551fdf460381df53e5fa2a3d352d3 2167 ganeti-instance-debootstrap_0.14-2+deb8u1.dsc 28ccff64027eebe58b70455dad524e818a737a51 4448 ganeti-instance-debootstrap_0.14-2+deb8u1.debian.tar.xz 10176ed758ccfc6d71e420137989450c08c3869e 18570 ganeti-instance-debootstrap_0.14-2+deb8u1_all.deb Checksums-Sha256: 1c5e59bae17a68a189be455cc5255583356888a49b7a20f0e91e021f5f10bb15 2167 ganeti-instance-debootstrap_0.14-2+deb8u1.dsc 2b79fa5fce8741c2a90027bc0c06d307492e20f49b5d08e66eb145580700ed64 4448 ganeti-instance-debootstrap_0.14-2+deb8u1.debian.tar.xz edeeb8ff53766be147372dee832a2
Bug#848830: marked as done (dcmtk: remote stack buffer overflow CVE-2015-8979)
Your message dated Sat, 31 Dec 2016 21:02:08 + with message-id and subject line Bug#848830: fixed in dcmtk 3.6.0-15+deb8u1 has caused the Debian Bug report #848830, regarding dcmtk: remote stack buffer overflow CVE-2015-8979 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 848830: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848830 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: dcmtk Severity: grave Version: 3.6.0-15 Tags: security Hi, the following vulnerability was published for dcmtk. CVE-2015-8979[0]: remote stack buffer overflow If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-8979 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8979 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: dcmtk Source-Version: 3.6.0-15+deb8u1 We believe that the bug you reported is fixed in the latest version of dcmtk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 848...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Gert Wollny (supplier of updated dcmtk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 23 Dec 2016 12:28:03 +0100 Source: dcmtk Binary: dcmtk libdcmtk2 libdcmtk2-dev dcmtk-www dcmtk-doc libdcmtk2-dbg Architecture: source all amd64 Version: 3.6.0-15+deb8u1 Distribution: stable Urgency: medium Maintainer: Debian Med Packaging Team Changed-By: Gert Wollny Description: dcmtk - OFFIS DICOM toolkit command line utilities dcmtk-doc - OFFIS DICOM toolkit documentation dcmtk-www - OFFIS DICOM toolkit worklist www server application libdcmtk2 - OFFIS DICOM toolkit runtime libraries libdcmtk2-dbg - OFFIS DICOM toolkit library debugging symbols libdcmtk2-dev - OFFIS DICOM toolkit development libraries and headers Closes: 848830 Changes: dcmtk (3.6.0-15+deb8u1) jessie-security; urgency=medium . * Team upload * d/p/0001: Add patch to fix CVE-2015-8979, Closes: #848830 The patch was taken from v 3.6.0-6+deb7u1 where the same security vunerability was fixed by the wheezy LST team. Checksums-Sha1: 607ccc7ff1df5e1ff62c89174c13740a1369378b 2108 dcmtk_3.6.0-15+deb8u1.dsc 9c34d047ace8a577011c37febf86940ed7d8cc0e 59900 dcmtk_3.6.0-15+deb8u1.debian.tar.xz af2bfbd2efcf9f6c25ff409c1dc94f3e019f0bcb 5361556 dcmtk-doc_3.6.0-15+deb8u1_all.deb adca8d855cb1bb2aed51a0c7868087d362fb71c8 942122 dcmtk_3.6.0-15+deb8u1_amd64.deb 62a7e1e599d7770c4e714f611520e82d9cea1361 2733536 libdcmtk2_3.6.0-15+deb8u1_amd64.deb e383fa5d34dbf1c7a42caebca33276b52218ee74 3291496 libdcmtk2-dev_3.6.0-15+deb8u1_amd64.deb 14b49b712cfa3564ce1b624982d962890316e69c 135616 dcmtk-www_3.6.0-15+deb8u1_amd64.deb 06fbe22f5354c7caba2e4df850d6e978d2e6ebbe 20935170 libdcmtk2-dbg_3.6.0-15+deb8u1_amd64.deb Checksums-Sha256: b7d995b5623bbd3437f3894f9ae46bcb66747e31404c883e46ca288c9a8fe07d 2108 dcmtk_3.6.0-15+deb8u1.dsc a40ecd9615d228dba886d70866891f8970329a4fa003417b76dc7c6e1c5362e0 59900 dcmtk_3.6.0-15+deb8u1.debian.tar.xz 6816336f9a37f2a017302215ff0bfad186f518728a5695fd3300314442a52ddd 5361556 dcmtk-doc_3.6.0-15+deb8u1_all.deb 7cb453f36e504fc9affe2096013e752444ef4291c01c444c414ac7de110bbf0b 942122 dcmtk_3.6.0-15+deb8u1_amd64.deb f9c3bd0fe358ec008283336ec4df1b9de28b405a6c7e5f62ab9e89fb5836f8d1 2733536 libdcmtk2_3.6.0-15+deb8u1_amd64.deb 88d594f6f953c6539dc2d4c88e38b96b92be23e2fa47b610aeb249cfaf669dc0 3291496 libdcmtk2-dev_3.6.0-15+deb8u1_amd64.deb 489a77b5734c603dc080aaba240d03bbb747ada7223305d588544a71704924c0 135616 dcmtk-www_3.6.0-15+deb8u1_amd64.deb 31b014fe2d0a6fafdefc660bbec2275d31a7c62bfa2a79910d56fa21361def95 20935170 libdcmtk2-dbg_3.6.0-15+deb8u1_amd64.deb Files: 9749be41697bbfdd37ece6df32c7b463 2108 science optional dcmtk_3.6.0-15+deb8u1.dsc f753e3fe0e98629396247f9e47663463 59900 science optional dcmtk_3.6.0-15+deb8u1.debian.tar.xz 335ddc8d909b69e832747c9d51f098a4 5361556 doc optional dcmtk-doc_3.6.0-15+deb8u1_all.deb
Bug#848132: marked as done (most: CVE-2016-1253: shell injection attack using LZMA-compressed files)
Your message dated Sat, 31 Dec 2016 21:02:32 + with message-id and subject line Bug#848132: fixed in most 5.0.0a-2.3+deb8u1 has caused the Debian Bug report #848132, regarding most: CVE-2016-1253: shell injection attack using LZMA-compressed files to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 848132: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848132 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: most Version: 5.0.0a-1 Severity: grave Tags: security patch Justification: user security hole Hello, the most pager can automatically open files compressed with gzip, bzip2 and (in Debian) LZMA. This is done using popen() and, in earlier releases of most, it was vulnerable to a shell injection attack. most fixed this in v5.0.0 (released in 2007), but the Debian patch that added LZMA support (bug #466574) remains vulnerable. It is trivial to generate a file with a certain name and content that, when opened with most, runs arbitrary commands in the user's computer. most is also launched by other programs as a pager for text files (example: an e-mail client that needs to open an attachment). If any of those programs generates a temporary file name that can be set by an attacker, then that can be used to break into the user's machine. I don't have any example of such program, however. All versions of most >= 5.0.0a-1 including 5.0.0a-2.5 in Debian (and derivatives that include the LZMA patch) are vulnerable (older versions are vulnerable in all distros as I explained earlier). https://security-tracker.debian.org/tracker/CVE-2016-1253 I'm attaching the debdiff with the patch. It simply replaces single quotes with double quotes in the command passed to popen(). Double quotes in the filename are escaped by most in order to prevent this kind of attacks, but this offers no protection if the file name is enclosed in single quotes. Regards, Berto -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages most depends on: ii libc6 2.24-7 ii libslang2 2.3.1-5 most recommends no packages. most suggests no packages. -- no debconf information diff -Nru most-5.0.0a/debian/changelog most-5.0.0a/debian/changelog --- most-5.0.0a/debian/changelog 2016-08-05 02:55:52.0 +0300 +++ most-5.0.0a/debian/changelog 2016-12-14 14:31:29.0 +0200 @@ -1,3 +1,12 @@ +most (5.0.0a-2.6) unstable; urgency=high + + * Non-maintainer upload. + * lzma-support.patch: +- Fix CVE-2016-1253 (shell injection attack when opening + lzma-compressed files). + + -- Alberto Garcia Wed, 14 Dec 2016 14:31:29 +0200 + most (5.0.0a-2.5) unstable; urgency=medium * Non-maintainer upload. diff -Nru most-5.0.0a/debian/patches/lzma-support.patch most-5.0.0a/debian/patches/lzma-support.patch --- most-5.0.0a/debian/patches/lzma-support.patch 2016-07-22 01:50:23.0 +0300 +++ most-5.0.0a/debian/patches/lzma-support.patch 2016-12-14 14:25:03.0 +0200 @@ -1,3 +1,5 @@ +Index: most-5.0.0a/src/file.c +=== --- most-5.0.0a.orig/src/file.c +++ most-5.0.0a/src/file.c @@ -77,7 +77,7 @@ static int create_gunzip_cmd (char *cmd, @@ -32,13 +34,15 @@ if (cmd != NULL) { +Index: most-5.0.0a/src/file.h +=== --- most-5.0.0a.orig/src/file.h +++ most-5.0.0a/src/file.h @@ -22,6 +22,7 @@ #define MOST_MAX_FILES 4096 #define MOST_GUNZIP_POPEN_FORMAT "gzip -dc \"%s\"" #define MOST_BZIP2_POPEN_FORMAT "bzip2 -dc \"%s\"" -+#define MOST_LZMA_POPEN_FORMAT "lzma -dc '%s'" ++#define MOST_LZMA_POPEN_FORMAT "lzma -dc \"%s\"" extern void most_reread_file (void); extern void most_read_to_line (int); --- End Message --- --- Begin Message --- Source: most Source-Version: 5.0.0a-2.3+deb8u1 We believe that the bug you reported is fixed in the latest version of most, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 848...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Benj
Bug#798862: marked as done (CVE-2015-0854: Insecure use of system())
Your message dated Sat, 31 Dec 2016 21:02:33 + with message-id and subject line Bug#798862: fixed in shutter 0.92-0.1+deb8u1 has caused the Debian Bug report #798862, regarding CVE-2015-0854: Insecure use of system() to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 798862: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798862 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: shutter Version: 0.85.1-2 Severity: grave Tags: security upstream patch Justification: user security hole Forwarded: https://bugs.launchpad.net/shutter/+bug/1495163 Using the "Show in folder" menu option while viewing a file with a specially-crafted path allows for arbitrary code execution with the permissions of the user running Shutter. STEPS TO REPRODUCE: 1. Put an image in a folder called "$(xeyes)" 2. Open the image in Shutter 3. Right-click the image and click "Show in Folder" The `xeyes` program (if installed on your system) should start. Lines 54-65 of share/shutter/resources/modules/Shutter/App/HelperFunctions.pm: sub xdg_open { my ( $self, $dialog, $link, $user_data ) = @_; system("xdg-open $link"); return TRUE; } Because `system` is used, the string is scanned for shell metacharacters[1], and if found the string is executed using a shell. [1]: http://perldoc.perl.org/functions/system.html # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: lfara...@debian.org-20150913015632-omhhhksdbz1j2jno # target_branch: bzr+ssh://bazaar.launchpad.net/+branch/shutter/ # testament_sha1: 657f895d801b5ee567032599e2f961f4537a25db # timestamp: 2015-09-13 01:59:36 + # base_revision_id: mario.kem...@googlemail.com-20141223230202-\ # b58zlfo5qb5e2cxt # # Begin patch === modified file 'share/shutter/resources/modules/Shutter/App/HelperFunctions.pm' --- share/shutter/resources/modules/Shutter/App/HelperFunctions.pm 2013-08-25 18:40:51 + +++ share/shutter/resources/modules/Shutter/App/HelperFunctions.pm 2015-09-13 01:56:32 + @@ -53,7 +53,8 @@ sub xdg_open { my ( $self, $dialog, $link, $user_data ) = @_; - system("xdg-open $link"); + @args = ("xdg-open", "$link"); + system(@args); if($?){ my $response = $self->{_dialogs}->dlg_error_message( sprintf( $self->{_d}->get("Error while executing %s."), "'xdg-open'"), # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWZZuoZoAAW9fgAAwVGf//1tE AwC///9wUAN1zXYu9esG49hKKaaU/Qyp+inpPSPSNGnk0htRkGTQBkiZNTyNDERMIAaDTQ0GgBJI CIyamntFNpAN0BtSmCk8psmU9NGo0Mag0BoB6g0Ekk0hPUzRtU09PVPaQ1DT1MmQNDQBBblC nItOGKCVEFKr4EB+TV5NqXlTTXPaxEQcN441NfLGUe1jMvoUPf93Zo8lTOpwrtjxqi6rujPaNUTV CagXS99rU4yR4fKPswKdWLkQ5VnuJbY6NKVyUAsM7nT6pQRQzXzlE23uIdEQUEMMZJKbdB5pRKIy WL1scnBLBNC4at+6OQjGy1T/mLa0YWkVTkCusoYWDle1hRXrGz2YOUzUVdaddmut7OCLS7MSRXeg caOMglpIqkaoqSvYLzbAsT+V20WStwoXb7rBRTYj4ycKqQLBHRkHWCVzJ0ibdSjXciltChrcqiQF YgsAZ7MNOYQGgVgpP8OwBDLnM61xWspggxkwGN1KjeLWHDOYBhoHuD7V0EzQRjE9+BzPN6pDFd4W 5mbO1dxUQMJZ1WQhVIGoXzjJtObPAzQaMYhdAk5NBoj5hObdpkZjteVvW9dHtjvycid4PkVRV2w+ 2SStovOFXNFQht4TkHBfKUS0mWA3bXY7THAPIN9FWaZKdBn2cr0qUcSkLlR3l5pvSyxEs7LxNIXS mvErI+rurPau4IOalJSpU81T54yIjOIoquDxU/BXqXpxb5/M6chvLB2a+xbMBmGrnRJp51kfOGzQ ia23MH3Yy0rg15C2iZbPmQ5RKSoIhYUn8mUK8M6GYsayXUYgwJ0sqga7syWoa3c+w4lJ9679VCcY iAGhmyI1BsB5lIhh41Vi0gp8qriUeKTQ3/yaeBAIqYzlwY6+Mel9IVBzLrDP5vovFKZXClW3DgEQ kKjWFoUBM4OT1vC4uG0Ru71+XFsMip2uGNAODnDSsTsxOKTPeYAnGezwmNc05BJ4k2DYocSE5hjD UtjJyTOMs0Ur+cMwmmFgFHLIK5cDrA4UrVR6tdSSvozJ5EYME6tTuwnxJy71DECoNbwLYORVloIE 0ojtLgetx9uCjjOYYObUq9UOcX9cZNobWDtirXS1ZsJhU0+MrslK3DBAEEBWNjaOeMS1wDwGIbJa ma5f3PtQMadvqUGhLdV0lL1WmatWtdlWxD5LyMmc/xdyRThQkJZuoZo= --- End Message --- --- Begin Message --- Source: shutter Source-Version: 0.92-0.1+deb8u1 We believe that the bug you reported is fixed in the latest version of shutter, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 798...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christoph Biedl (supplier of updated shutter package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 20 Dec 2016 19:00:20 +0100 Source: shutter B
Bug#825365: closing 825365
close 825365 0.10-1 thanks This was fixed upstream by having the gui module only imported when needed.
Processed: closing 825365
Processing commands for cont...@bugs.debian.org: > close 825365 0.10-1 Bug #825365 [src:assword] assword: FTBFS: ValueError: Namespace Gtk not available Marked as fixed in versions assword/0.10-1. Bug #825365 [src:assword] assword: FTBFS: ValueError: Namespace Gtk not available Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 825365: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825365 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: fixed 770492 in 3.2.84-1, fixed 770492 in 3.16.39-1
Processing commands for cont...@bugs.debian.org: > fixed 770492 3.2.84-1 Bug #770492 {Done: Salvatore Bonaccorso } [src:linux] linux-image-3.16.0-4-686-pae: chown removes security.capability xattr on other users' files (CVE-2015-1350) The source 'linux' and version '3.2.84-1' do not appear to match any binary packages Marked as fixed in versions linux/3.2.84-1. > fixed 770492 3.16.39-1 Bug #770492 {Done: Salvatore Bonaccorso } [src:linux] linux-image-3.16.0-4-686-pae: chown removes security.capability xattr on other users' files (CVE-2015-1350) Marked as fixed in versions linux/3.16.39-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 770492: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#836320: marked as done (mactelnet: CVE-2016-7115)
Your message dated Sat, 31 Dec 2016 18:51:25 + with message-id and subject line Bug#836320: fixed in mactelnet 0.4.4-4 has caused the Debian Bug report #836320, regarding mactelnet: CVE-2016-7115 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 836320: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836320 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: mactelnet Version: 0.4.0-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for mactelnet. CVE-2016-7115[0]: | Buffer overflow in the handle_packet function in mactelnet.c in the | client in MAC-Telnet 0.4.3 and earlier allows remote TELNET servers to | execute arbitrary code via a long string in an MT_CPTYPE_PASSSALT | control packet. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-7115 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: mactelnet Source-Version: 0.4.4-4 We believe that the bug you reported is fixed in the latest version of mactelnet, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 836...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Håkon Nessjøen (supplier of updated mactelnet package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 11 Oct 2016 14:36:00 +0200 Source: mactelnet Binary: mactelnet-client mactelnet-server Architecture: source amd64 Version: 0.4.4-4 Distribution: unstable Urgency: low Maintainer: Håkon Nessjøen Changed-By: Håkon Nessjøen Description: mactelnet-client - Console tools for telneting and pinging via MAC addresses mactelnet-server - Telnet daemon for accepting connections via MAC addresses Closes: 836320 Changes: mactelnet (0.4.4-4) unstable; urgency=low . * Updated debhelper build-depends version, to reflect compat level. . mactelnet (0.4.4-3) unstable; urgency=low . * Updated compat level * Changed vcs url to https * Added PIE hardening . mactelnet (0.4.4-2) unstable; urgency=low . * Updated standards version to 3.9.8 * Added automake/autoconf to build-depends . mactelnet (0.4.4-1) unstable; urgency=low . * Upstream release 0.4.4 * Includes upstream bugfix of CVE 2016-7115 (closes: #836320) Checksums-Sha1: aae48244d65e46eff31d21e26ce16b308ea539cc 2042 mactelnet_0.4.4-4.dsc d532e557e9eefced282bc405ab24200e18e396fb 231408 mactelnet_0.4.4.orig.tar.gz e33d389da0b2227fee5626fd84326acc8b84e7e4 6804 mactelnet_0.4.4-4.debian.tar.xz d8bd07b937ba2a0609e7b3f552b078d936768517 79188 mactelnet-client-dbgsym_0.4.4-4_amd64.deb e5f4f89770c1e9ce6e3173f8adefcb97c2a0ed49 26598 mactelnet-client_0.4.4-4_amd64.deb d3b9f3d65e65de7dbbf6d2eaaea321f7fa1dc00e 44048 mactelnet-server-dbgsym_0.4.4-4_amd64.deb 15a93fbd7dfdf07152957c4eb1a15e5544da8107 22472 mactelnet-server_0.4.4-4_amd64.deb 91a7b45f961e4f2ec2087a5261f07e0119d4c23d 6158 mactelnet_0.4.4-4_amd64.buildinfo Checksums-Sha256: 2e5ac3d898f5b56c802c5110321494fd908f15c810d22e0d5520e8e636a3a0f0 2042 mactelnet_0.4.4-4.dsc 5317847045d1cdc33f4b210ebc70b2bdd1755a860edbae52ef94693c846e 231408 mactelnet_0.4.4.orig.tar.gz ffb3fed47debf4b21556503252feab4407d9b9e5a0451a41381a3268dfc87543 6804 mactelnet_0.4.4-4.debian.tar.xz 7ff40b45d3840ca0e6564aad25f4b942318d013ea2fdd4363e55aad6884ffa49 79188 mactelnet-client-dbgsym_0.4.4-4_amd64.deb 99aec5a46bd28f01aa0fdcb012cf99789027ff75526bfe4d8c564ad953d76462 26598 mactelnet-client_0.4.4-4_amd64.deb fb7a374335d0eebeffbd4395274b47e82956a7115b5ab948b557ccf7b0c95192 44048 mactelnet-server-dbgsym_0.4.4-4_amd64.deb b284280f77c0877a935d4ffd8394376617f45a04fa1971d7cd95c9fd291074e4 22472 mactelnet-server_0.4.4-4_amd64.deb 3a7fcb3a929ef53a8f50663659bd252ae9f90b0a4025efef5464e8b00f0815c2 6158 mactelnet_0.4.4-4_amd64.buildinfo Files: d3e1d87b9dcfe07c4a04239aee31f4b2 2042 net extra mactelnet_0.4.4-4.dsc 0b8827c6aeee2daeb8fc4e3147567d6f 231408 net extra mactelnet_0.4.4.orig.tar.gz 9
Bug#842715: marked as done (skrooge: FTBFS with Qt 5.7.1)
Your message dated Sat, 31 Dec 2016 15:18:38 -0300 with message-id <1511245.fdtar5uDkI@tonks> and subject line Fixed long time ago has caused the Debian Bug report #842715, regarding skrooge: FTBFS with Qt 5.7.1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 842715: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842715 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: skrooge Version: 2.4.0-2 Severity: important Hi! Skrooge FTBFS with Qt 5.7.1. We are about to start the transition to get 5.7.1 into testing. The relevant build log part is: /<>/skgbasemodeler/skgdocument.cpp: In member function 'virtual SKGDocument::SKGModelTemplateList SKGDocument::getDisplaySchemas(const QString&) const': /<>/skgbasemodeler/skgdocument.cpp:2530:47: error: call of overloaded 'qAsConst(SKGStringListList&)' is ambiguous for (const auto& line : qAsConst(lines)) { ^ In file included from /usr/include/x86_64-linux-gnu/qt5/QtCore/qalgorithms.h:43:0, from /usr/include/x86_64-linux-gnu/qt5/QtCore/qlist.h:43, from /usr/include/x86_64-linux-gnu/qt5/QtCore/qstringlist.h:41, from /<>/skgbasemodeler/skgdocument.h:24, from /<>/skgbasemodeler/skgdocument.cpp:22: /usr/include/x86_64-linux-gnu/qt5/QtCore/qglobal.h:1130:58: note: candidate: constexpr typename QtPrivate::QAddConst::Type& qAsConst(T&) [with T = QList; typename QtPrivate::QAddConst::Type = const QList] Q_DECL_CONSTEXPR typename QtPrivate::QAddConst::Type &qAsConst(T &t) Q_DECL_NOTHROW { return t; } ^~~~ In file included from /<>/skgbasemodeler/skgerror.h:28:0, from /<>/skgbasemodeler/skgservices.h:31, from /<>/skgbasemodeler/skgdocument.h:30, from /<>/skgbasemodeler/skgdocument.cpp:22: /<>/skgbasemodeler/skgdefine.h:38:47: note: candidate: constexpr typename QAddConst::Type& qAsConst(T&) [with T = QList; typename QAddConst::Type = const QList] Q_DECL_CONSTEXPR typename QAddConst::Type& qAsConst(T& t) Q_DECL_NOTHROW { return t; } It might be possible that this is not a Qt5-related bug, will try to rebuild against current 5.6 to check. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'buildd-unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.7.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- Version: 2.5.0-1 This was clearly fixed by myselfbut forgot to close this bug, doing that now. -- You know you're brilliant, but maybe you'd like to understand what you did 2 weeks from now. Linus Benedict Torvalds. Lisandro Damián Nicanor Pérez Meyer http://perezmeyer.com.ar/ http://perezmeyer.blogspot.com/ signature.asc Description: This is a digitally signed message part. --- End Message ---
Bug#849696: libogre-1.9.0v5: Ogre games abort on startup with “basic_string::_M_construct null not valid” / freeimage API issues
Hi, 2016-12-30 02:33 James Cowgill: Control: severity -1 grave Hi, This is RC because nothing using ogre will start anymore. On 29/12/16 21:52, Thibaut Girka wrote: Package: libogre-1.9.0v5 Version: 1.9.0+dfsg1-7+b2 Severity: important Any Ogre game/application (for instance, funguloids, available in Debian) crashes with the following output: Creating resource group General Creating resource group Internal Creating resource group Autodetect SceneManagerFactory for type 'DefaultSceneManager' registered. Registering ResourceManager for type Material Registering ResourceManager for type Mesh Registering ResourceManager for type Skeleton MovableObjectFactory for type 'ParticleSystem' registered. ArchiveFactory for archive type FileSystem registered. ArchiveFactory for archive type Zip registered. ArchiveFactory for archive type EmbeddedZip registered. DDS codec registering FreeImage version: 3.17.0 This program uses FreeImage, a free, open source image library supporting all common bitmap formats. See http://freeimage.sourceforge.net for details terminate called after throwing an instance of 'std::logic_error' what(): basic_string::_M_construct null not valid Abandon This started happening since upgrading libfreeimage3, so this might be a bug in it rather than in Ogre itself, but I haven't investigated any further yet. This appears to be a regression in the Debian patch applied in libfreeimage3 3.17.0+ds1-4. Ogre contains this (OgreMain/src/OgreFreeImageCodec.cpp:98): for (int i = 0; i < FreeImage_GetFIFCount(); ++i) { // Skip DDS codec since FreeImage does not have the option // to keep DXT data compressed, we'll use our own codec if ((FREE_IMAGE_FORMAT)i == FIF_DDS) continue; String exts(FreeImage_GetFIFExtensionList((FREE_IMAGE_FORMAT)i)); [loop body continues] [String is typedefed to std::string] This code assumes that FreeImage_GetFIFExtensionList will never return NULL for values of i between 0 and FreeImage_GetFIFCount(). However in the most recent Debian version of freeimage, FreeImage_GetFIFExtensionList(27 / FIF_FAXG3) does return NULL. It is unclear to me who is wrong here. The documentation does not suggest anything about when FreeImage_GetFIFExtensionList can fail, although the examples always check FreeImage_FIFSupportsReading before calling it. Can any freeimage maintainer suggest the best way to fix this? Thanks for the analysis. The comment on the patch seems to add some light as to the cause of this breakage: https://anonscm.debian.org/cgit/debian-science/packages/freeimage.git/commit/?id=a67fe8c111d0de919b7a6710d4dd5efe05fbf380 ++//allows adding a NULL node in order to not mess up plugin ++//numbering when some are disabled. Otherwise there will be a ++//discrepancy between FREE_IMAGE_FORMAT enumerator values and the ++//actual format. ++m_plugin_map[(const int)m_plugin_map.size()] = 0; If freeimage plans to ship with this change and not revert it somehow, the OGRE plugin for freeimage needs to check for the possibility of having null nodes in this structure. Cheers. -- Manuel A. Fernandez Montecelo
Processed: fixed 849802 in 0.7-1
Processing commands for cont...@bugs.debian.org: > fixed 849802 0.7-1 Bug #849802 [src:python-cryptography] python-cryptography: FTBFS in stable/jessie Marked as fixed in versions python-cryptography/0.7-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 849802: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849802 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#843319: FTBFS: libsexplib-camlp4-dev is no longer available
Hi, AFAIR the libsexplib dependency is only used for testing after building. It can safely be removed when the the tests are disabled (or when those files that depend on libsexplib have been removed from the Makefile). Bye, Hendrik
Bug#844045: marked as done (gr-radar: FTBFS (linking error))
Your message dated Sat, 31 Dec 2016 11:38:15 -0500 with message-id <87y3ywrr48@rockytop.rf.org> and subject line gr-radar: FTBFS (linking error) has caused the Debian Bug report #844045, regarding gr-radar: FTBFS (linking error) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 844045: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844045 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: src:gr-radar Version: 0.0.0.20160615-3 Severity: serious Dear maintainer: I tried to build this package in stretch with "dpkg-buildpackage -A" (which is what the "Arch: all" autobuilder would do to build it) but it failed: [...] debian/rules build-indep dh build-indep dh_testdir -i dh_update_autotools_config -i debian/rules override_dh_auto_configure make[1]: Entering directory '/<>' dh_auto_configure -- -DLIB_SUFFIX=/x86_64-linux-gnu -DCMAKE_BUILD_TYPE="RelWithDebInfo" cmake .. -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_BUILD_TYPE=None -DCMAKE_INSTALL_SYSCONFDIR=/etc -DCMAKE_INSTALL_LOCALSTATEDIR=/var -DLIB_SUFFIX=/x86_64-linux-gnu -DCMAKE_BUILD_TYPE=RelWithDebInfo -- The CXX compiler identification is GNU 6.2.0 -- The C compiler identification is GNU 6.2.0 -- Check for working CXX compiler: /usr/bin/c++ -- Check for working CXX compiler: /usr/bin/c++ -- works -- Detecting CXX compiler ABI info [... snipped ...] [ 58%] Building CXX object lib/CMakeFiles/gnuradio-radar.dir/os_cfar_2d_vc_impl.cc.o cd /<>/obj-x86_64-linux-gnu/lib && /usr/bin/c++ -DQT_CORE_LIB -DQT_GUI_LIB -DQT_NO_DEBUG -Dgnuradio_radar_EXPORTS -I/<>/lib -I/<>/include -I/<>/obj-x86_64-linux-gnu/lib -I/<>/obj-x86_64-linux-gnu/include -I/usr/include/qwt -I/usr/include/qt4 -I/usr/include/qt4/QtGui -I/usr/include/qt4/QtCore -g -O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -O2 -g -DNDEBUG -fPIC -std=gnu++98 -o CMakeFiles/gnuradio-radar.dir/os_cfar_2d_vc_impl.cc.o -c /<>/lib/os_cfar_2d_vc_impl.cc [ 59%] Building CXX object lib/CMakeFiles/gnuradio-radar.dir/estimator_ofdm_impl.cc.o cd /<>/obj-x86_64-linux-gnu/lib && /usr/bin/c++ -DQT_CORE_LIB -DQT_GUI_LIB -DQT_NO_DEBUG -Dgnuradio_radar_EXPORTS -I/<>/lib -I/<>/include -I/<>/obj-x86_64-linux-gnu/lib -I/<>/obj-x86_64-linux-gnu/include -I/usr/include/qwt -I/usr/include/qt4 -I/usr/include/qt4/QtGui -I/usr/include/qt4/QtCore -g -O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -O2 -g -DNDEBUG -fPIC -std=gnu++98 -o CMakeFiles/gnuradio-radar.dir/estimator_ofdm_impl.cc.o -c /<>/lib/estimator_ofdm_impl.cc [ 61%] Building CXX object lib/CMakeFiles/gnuradio-radar.dir/estimator_rcs_impl.cc.o cd /<>/obj-x86_64-linux-gnu/lib && /usr/bin/c++ -DQT_CORE_LIB -DQT_GUI_LIB -DQT_NO_DEBUG -Dgnuradio_radar_EXPORTS -I/<>/lib -I/<>/include -I/<>/obj-x86_64-linux-gnu/lib -I/<>/obj-x86_64-linux-gnu/include -I/usr/include/qwt -I/usr/include/qt4 -I/usr/include/qt4/QtGui -I/usr/include/qt4/QtCore -g -O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -O2 -g -DNDEBUG -fPIC -std=gnu++98 -o CMakeFiles/gnuradio-radar.dir/estimator_rcs_impl.cc.o -c /<>/lib/estimator_rcs_impl.cc [ 62%] Building CXX object lib/CMakeFiles/gnuradio-radar.dir/trigger_command_impl.cc.o cd /<>/obj-x86_64-linux-gnu/lib && /usr/bin/c++ -DQT_CORE_LIB -DQT_GUI_LIB -DQT_NO_DEBUG -Dgnuradio_radar_EXPORTS -I/<>/lib -I/<>/include -I/<>/obj-x86_64-linux-gnu/lib -I/<>/obj-x86_64-linux-gnu/include -I/usr/include/qwt -I/usr/include/qt4 -I/usr/include/qt4/QtGui -I/usr/include/qt4/QtCore -g -O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -O2 -g -DNDEBUG -fPIC -std=gnu++98 -o CMakeFiles/gnuradio-radar.dir/trigger_command_impl.cc.o -c /<>/lib/trigger_command_impl.cc [ 64%] Linking CXX shared library libgnuradio-radar.so cd /<>/obj-x86_64-linux-gnu/lib && /usr/bin/cmake -E cmake_link_script CMakeFiles/gnuradio-radar.dir/link.txt --verbose=1 /usr/bin/c++ -fPIC -g -O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -O2 -g -DNDEBUG -Wl,-z,relro -shared -Wl,-soname,libgnuradio-radar.so.3.7.10 -o libgnuradio-radar.so.3.7.10 CMakeFiles/gnuradio-radar.dir/moc_scatter_plot.cxx.o CMakeFiles/gnuradio-radar.dir/moc_time_plot.cxx.o CMak
Bug#848790: nvidia-legacy-304xx-driver: Gnome session doesnt start (Debian testing) - nvidia 304.134-1
Control: severity -1 important On 2016-12-22 13:10, Luca Boccassi wrote: > Given with other DEs it's reported to work (maybe an EGL regression?), > shall we lower the severity and let the package migrate so that at least > users with old cards with DEs other than Gnome can still run on Stretch? Ack Andreas
Processed: Re: nvidia-legacy-304xx-driver: Gnome session doesnt start (Debian testing) - nvidia 304.134-1
Processing control commands: > severity -1 important Bug #848790 [nvidia-legacy-304xx-driver] nvidia-legacy-304xx-driver: Gnome session doesnt start (Debian testing) - nvidia 304.134-1 Severity set to 'important' from 'grave' -- 848790: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848790 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#797855: spice-gtk:spice-common/common/generated_* not reliably generated from source
Processing control commands: > tag -1 + patch Bug #797855 [src:spice-gtk] spice-gtk: spice-common/common/generated_* not reliably Added tag(s) patch. -- 797855: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797855 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#797855: spice-gtk:spice-common/common/generated_* not reliably generated from source
Control: tag -1 + patch Hi, Liang Guo: > On Thu, Sep 3, 2015 at 3:00 PM, Chris Lamb wrote: >> Just as a summary, adding python-six is not complete fix - your package >> would still not being built from the generated sources. > spice_codegen.py is called in your build procedure, but not in mine. I think that's precisely the problem here: whether spice_codegen.py is called or not depends on details about the build environment, which means that sometimes we'll be building from the source (preferred form of modification), and sometimes not. > I remove spice-common/common/generated* to force build system regenerate > these files, […] I think it's the way to go (in addition to adding to Build-deps whatever the code generation tools need, which you already did). The attached patch seems to be enough to do so: without it my build system would use the already generated files, with it it generates them. Cheers, -- intrigeri >From d0de8fa654f67469c464a18b459c9591b32432c9 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sat, 31 Dec 2016 15:18:40 + Subject: [PATCH] debian/rules: delete generated files to ensure they're re-generated from source. --- debian/rules | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian/rules b/debian/rules index 68edba9..cfebeb8 100755 --- a/debian/rules +++ b/debian/rules @@ -28,6 +28,8 @@ build-gtk3-stamp: mkdir build-gtk3 ls |egrep -v '(debian|build-gtk)'|xargs -i cp -r {} build-gtk3/ cp .version .tarball-version build-gtk3/ + rm build-gtk3/spice-common/common/generated_* + rm build-gtk3/spice-common/tests/generated_* cd build-gtk3 && autoreconf cd build-gtk3 && ./configure --prefix=/usr --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \ --enable-smartcard=yes --with-gtk=3.0 --disable-static \ -- 2.11.0
Bug#741342: marked as done (grub2: LVM trouble at boot with several PVs)
Your message dated Sat, 31 Dec 2016 15:31:59 + with message-id <20161231153159.gt20...@riva.ucam.org> and subject line Re: Bug#735935: grub2: LVM trouble at boot with several PVs has caused the Debian Bug report #735935, regarding grub2: LVM trouble at boot with several PVs to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 735935: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735935 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: grub2-common Version: 2.02~beta2-7 Severity: critical File: /usr/sbin/update-grub Justification: breaks the whole system Hello, update-grub writes root=UUID=xx for LVM2 volumes to kernel command line. This renders the system unbootable since it is not supported as far as I can tell. Hence, if I replace root=UUID=af89a290-9c6f-4039-8d5c-95aa75654776 with root=/dev/mapper/mdxinventi-root, the system boots fine. P.S. It appears that 2.02~beta2-7 has been uploaded to unstable even if the changelog indicates that it was targeted to experimental. -- Package-specific info: *** BEGIN /proc/mounts /dev/mapper/mdxinventi-root / ext3 rw,relatime,errors=remount-ro,data=ordered 0 0 /dev/sda1 /boot ext2 rw,relatime 0 0 /dev/mapper/mdxinventi-home /home ext4 rw,relatime,data=ordered 0 0 *** END /proc/mounts *** BEGIN /boot/grub/device.map (hd0) /dev/disk/by-id/ata-ST9500423AS_5WR0GXYW *** END /boot/grub/device.map *** BEGIN /boot/grub/grub.cfg # # DO NOT EDIT THIS FILE # # It is automatically generated by grub-mkconfig using templates # from /etc/grub.d and settings from /etc/default/grub # ### BEGIN /etc/grub.d/00_header ### if [ -s $prefix/grubenv ]; then set have_grubenv=true load_env fi if [ "${next_entry}" ] ; then set default="${next_entry}" set next_entry= save_env next_entry set boot_once=true else set default="0" fi if [ x"${feature_menuentry_id}" = xy ]; then menuentry_id_option="--id" else menuentry_id_option="" fi export menuentry_id_option if [ "${prev_saved_entry}" ]; then set saved_entry="${prev_saved_entry}" save_env saved_entry set prev_saved_entry= save_env prev_saved_entry set boot_once=true fi function savedefault { if [ -z "${boot_once}" ]; then saved_entry="${chosen}" save_env saved_entry fi } function load_video { if [ x$feature_all_video_module = xy ]; then insmod all_video else insmod efi_gop insmod efi_uga insmod ieee1275_fb insmod vbe insmod vga insmod video_bochs insmod video_cirrus fi } if [ x$feature_default_font_path = xy ] ; then font=unicode else insmod part_msdos insmod lvm insmod ext2 set root='lvmid/nqfp4d-BOkJ-OIVj-Uigv-ysEo-NOTR-8Xy1pJ/0TBnxh-eEPl-YGJO-6Q4E-9MRF-6qic-fIRzyl' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint='lvmid/nqfp4d-BOkJ-OIVj-Uigv-ysEo-NOTR-8Xy1pJ/0TBnxh-eEPl-YGJO-6Q4E-9MRF-6qic-fIRzyl' af89a290-9c6f-4039-8d5c-95aa75654776 else search --no-floppy --fs-uuid --set=root af89a290-9c6f-4039-8d5c-95aa75654776 fi font="/usr/share/grub/unicode.pf2" fi if loadfont $font ; then set gfxmode=auto load_video insmod gfxterm set locale_dir=$prefix/locale set lang=lt_LT insmod gettext fi terminal_output gfxterm if [ "${recordfail}" = 1 ] ; then set timeout=-1 else if [ x$feature_timeout_style = xy ] ; then set timeout_style=menu set timeout=5 # Fallback normal timeout code in case the timeout_style feature is # unavailable. else set timeout=5 fi fi ### END /etc/grub.d/00_header ### ### BEGIN /etc/grub.d/05_debian_theme ### insmod part_msdos insmod lvm insmod ext2 set root='lvmid/nqfp4d-BOkJ-OIVj-Uigv-ysEo-NOTR-8Xy1pJ/0TBnxh-eEPl-YGJO-6Q4E-9MRF-6qic-fIRzyl' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint='lvmid/nqfp4d-BOkJ-OIVj-Uigv-ysEo-NOTR-8Xy1pJ/0TBnxh-eEPl-YGJO-6Q4E-9MRF-6qic-fIRzyl' af89a290-9c6f-4039-8d5c-95aa75654776 else search --no-floppy --fs-uuid --set=root af89a290-9c6f-4039-8d5c-95aa75654776 fi insmod png if background_image /usr/share/images/desktop-base/joy-grub.png; then set color_normal=white/black set color_highlight=black/white else set menu_color_normal=cyan/blue set menu_color_highlight=white/blue fi ### END /etc/grub.d/05_debian_theme ### ### BEGIN /etc/grub.d/10_linux ### function gfxmode { set gfxpayload="${1}" } set linux_gfx_mode= export linux_gfx_mode menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --clas
Bug#743126: marked as done (grub2: LVM trouble at boot with several PVs)
Your message dated Sat, 31 Dec 2016 15:31:59 + with message-id <20161231153159.gt20...@riva.ucam.org> and subject line Re: Bug#735935: grub2: LVM trouble at boot with several PVs has caused the Debian Bug report #735935, regarding grub2: LVM trouble at boot with several PVs to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 735935: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735935 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: grub-pc Version: 2.02~beta2-7 Severity: normal Having run into #612402, I investigated. The system's fstab contained: /dev/mapper/vg_cac-root_cac / ext4errors=remount-ro 0 1 So that was not the cause of the UUID being passed to grub. The probing that is done in 10_linux finds lvm: + /usr/sbin/grub-probe --device /dev/mapper/vg_cac-root_cac --target=abstraction + abstraction=lvm + test xlvm = xlvm Note the extra whitespace in the above. This is the source of at least this manifestation of the bug. root@clam:/boot>if [ "$(/usr/sbin/grub-probe --device /dev/mapper/vg_cac-root_cac --target=abstraction)" = "lvm" ]; then echo good; fi root@clam:/boot>if [ "$(/usr/sbin/grub-probe --device /dev/mapper/vg_cac-root_cac --target=abstraction)" = "lvm " ]; then echo buggy; fi buggy grub-probe is outputting a whitespace delimited list, but the for loop in uses_abstraction sets IFS to newline. -- see shy jo signature.asc Description: Digital signature --- End Message --- --- Begin Message --- On Thu, Apr 14, 2016 at 07:45:36PM -0300, Iván Baldo wrote: > This bug should be closed, I think it appears as open? Indeed. It was reopened with a request to fix it in wheezy, but that's frankly rather unlikely at this point (I didn't notice the reopening at the time, over two years ago ...), and at any rate shouldn't cause the bug to appear as open. Re-closing with this message. Thanks, -- Colin Watson [cjwat...@debian.org]--- End Message ---
Bug#741652: marked as done (grub2: LVM trouble at boot with several PVs)
Your message dated Sat, 31 Dec 2016 15:31:59 + with message-id <20161231153159.gt20...@riva.ucam.org> and subject line Re: Bug#735935: grub2: LVM trouble at boot with several PVs has caused the Debian Bug report #735935, regarding grub2: LVM trouble at boot with several PVs to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 735935: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735935 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: grub-pc-bin Version: 2.02~beta2-7 Severity: critical Justification: breaks the whole system Dear Maintainer, * What led up to the situation? Upgrade from 2.00-22 to 2.02~beta2-7 * What exactly did you do (or not do) that was effective (or ineffective)? Found reference to bug 741464, not exactly the same but worth trying, nothing else found on Net Boot with installation disc, mount LVM partitions, chroot, downgrade to 2.00-22 using dpkg, update-grub * What was the outcome of this action? Booted OK, then downgraded related 2.02~beta2-7 packages Additional information: during boot, was dropped to an initramfs shell when root partition not found. Only two partitions found, the reiserfs sda1 /boot and the swap partition in LVM, problem seemed to be failure of reiserfs in LVM. Tried with rootdelay=30 seconds, no different -- Package-specific info: *** BEGIN /proc/mounts /dev/mapper/first-root / reiserfs rw,relatime 0 0 /dev/mapper/first-backup /backup reiserfs rw,relatime 0 0 /dev/sda1 /boot reiserfs rw,relatime,notail 0 0 /dev/mapper/first-home /home reiserfs rw,relatime 0 0 /dev/mapper/first-tmp /tmp reiserfs rw,relatime 0 0 /dev/mapper/first-usr /usr reiserfs rw,relatime 0 0 /dev/mapper/first-var /var reiserfs rw,relatime 0 0 *** END /proc/mounts *** BEGIN /boot/grub/device.map (hd0) /dev/disk/by-id/ata-Hitachi_HDT721032SLA360_STF204ML0XDJMP *** END /boot/grub/device.map *** BEGIN /boot/grub/grub.cfg # # DO NOT EDIT THIS FILE # # It is automatically generated by grub-mkconfig using templates # from /etc/grub.d and settings from /etc/default/grub # ### BEGIN /etc/grub.d/00_header ### if [ -s $prefix/grubenv ]; then set have_grubenv=true load_env fi set default="0" if [ x"${feature_menuentry_id}" = xy ]; then menuentry_id_option="--id" else menuentry_id_option="" fi export menuentry_id_option if [ "${prev_saved_entry}" ]; then set saved_entry="${prev_saved_entry}" save_env saved_entry set prev_saved_entry= save_env prev_saved_entry set boot_once=true fi function savedefault { if [ -z "${boot_once}" ]; then saved_entry="${chosen}" save_env saved_entry fi } function load_video { if [ x$feature_all_video_module = xy ]; then insmod all_video else insmod efi_gop insmod efi_uga insmod ieee1275_fb insmod vbe insmod vga insmod video_bochs insmod video_cirrus fi } if [ x$feature_default_font_path = xy ] ; then font=unicode else insmod part_msdos insmod lvm insmod reiserfs set root='lvm/first-usr' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint='lvm/first-usr' fcd5801a-eb3e-4eeb-b44c-fd00eb5cbab3 else search --no-floppy --fs-uuid --set=root fcd5801a-eb3e-4eeb-b44c-fd00eb5cbab3 fi font="/share/grub/unicode.pf2" fi if loadfont $font ; then set gfxmode=auto load_video insmod gfxterm set locale_dir=$prefix/locale set lang=en_GB insmod gettext fi terminal_output gfxterm if [ "${recordfail}" = 1 ] ; then set timeout=-1 else set timeout=5 fi ### END /etc/grub.d/00_header ### ### BEGIN /etc/grub.d/05_debian_theme ### insmod part_msdos insmod lvm insmod reiserfs set root='lvm/first-usr' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint='lvm/first-usr' fcd5801a-eb3e-4eeb-b44c-fd00eb5cbab3 else search --no-floppy --fs-uuid --set=root fcd5801a-eb3e-4eeb-b44c-fd00eb5cbab3 fi insmod png if background_image /share/images/desktop-base/joy-grub.png; then set color_normal=white/black set color_highlight=black/white else set menu_color_normal=cyan/blue set menu_color_highlight=white/blue fi ### END /etc/grub.d/05_debian_theme ### ### BEGIN /etc/grub.d/10_linux ### function gfxmode { set gfxpayload="${1}" } set linux_gfx_mode= export linux_gfx_mode menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-9bc3e03d-ce1a-403a-871b-fb7aa701b816' { load_video
Bug#735935: marked as done (grub2: LVM trouble at boot with several PVs)
Your message dated Sat, 31 Dec 2016 15:31:59 + with message-id <20161231153159.gt20...@riva.ucam.org> and subject line Re: Bug#735935: grub2: LVM trouble at boot with several PVs has caused the Debian Bug report #735935, regarding grub2: LVM trouble at boot with several PVs to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 735935: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735935 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: grub-pc Version: 2.02~beta2-3 Hi Colin, I have the strangest issue which I am not even entirely confident is a GRUB issue, but it started right after upgrading my system to GRUB 2.02 from experimental, and without other changes, and it's even reproducible when running my system inside kvm off a thumbdrive, so I'm going to provisionally blame it on the GRUB 2.02 beta build. I'm running a pretty standard LVM setup -- there's other stuff on this hard disk (like the preinstalled Windows), but one of the MS-DOS partitions is an LVM PV, containing a VG named "leveret", containing two LVs named "root" and "swap". /boot itself is located on the "root" LV. Every time I start up, since the upgrade, the initramfs fails to find my root hard disk via its /dev/disk/by-uuid path, and dumps me to a shell. If I look inside /dev/mapper, I see a node for "leveret-swap" but not "leveret-root". `lvm lvs` happily lists both nodes, though, and I can get my system to boot if I do `lvm vgchange -an`, `lvm vgchange -ay` (at which point both nodes appear, as well as the by-uuid symlink), and `exit`. (Resume-from-hibernate even worked after doing this, right after the upgrade.) There's nothing particularly suspicious-sounding in dmesg at any point. The machine is a Toshiba L635 laptop, a few years old, BIOS boot only, running a somewhat out-of-date Debian testing, amd64. I'm running linux-image-3.9-1-amd64 3.9.8-1 (from testing this past summer or so) and lvm2 2.02.95-7. I'm happy to try to upgrade these, but since I haven't upgraded anything else on the system for a few weeks, I figured I'd report this and leave the system alone in case you had more questions about the current setup. Let me know if you need any more information from me or want me to try anything. I'm at a bit of a loss how GRUB could have caused this, but I don't have any other ideas what's going on. Thanks, -- Geoffrey Thomas https://ldpreload.com geo...@ldpreload.com --- End Message --- --- Begin Message --- On Thu, Apr 14, 2016 at 07:45:36PM -0300, Iván Baldo wrote: > This bug should be closed, I think it appears as open? Indeed. It was reopened with a request to fix it in wheezy, but that's frankly rather unlikely at this point (I didn't notice the reopening at the time, over two years ago ...), and at any rate shouldn't cause the bug to appear as open. Re-closing with this message. Thanks, -- Colin Watson [cjwat...@debian.org]--- End Message ---
Bug#830988: marked as done (Fails to reinstall grub in efi system)
Your message dated Sat, 31 Dec 2016 15:24:30 + with message-id <20161231152430.gs20...@riva.ucam.org> and subject line Re: Bug#830988: Fails to reinstall grub in efi system has caused the Debian Bug report #830988, regarding Fails to reinstall grub in efi system to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 830988: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830988 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- package: grub2-common severity: grave Version: 2.02~beta2-22+deb8u1 After installing debian 8.5 jessie, I installed Windows. It removed grub from mbr, so booted into rescue mode using the same cd 1 image, but grub-install failed with this error. grub-install: error /usr/lib/grub/i386-pc/modinfo.sh doesn't exist. Please specify --target --directory. Same error when manually run # chroot /target # grub-install /dev/sda I can see /usr/lib/grub/x86_64-efi/modinfo.sh present instead. When I run grub-install -d /usr/lib/grub/x86_64-efi /dev/sda I get the following error grub-install: error: cannot find EFI directory After mounting efi partition /dev/sda4 under /mnt and passing --efi-directory /mnt The command succeeded and I could boot into debian after going to boot menu and choosing debian. --- End Message --- --- Begin Message --- On Wed, Jul 13, 2016 at 08:26:51PM +0530, Pirate Praveen wrote: > package: grub2-common > severity: grave > Version: 2.02~beta2-22+deb8u1 > > After installing debian 8.5 jessie, I installed Windows. It removed grub from > mbr, so booted into rescue mode using the same cd 1 image, but grub-install > failed with this error. > > grub-install: error /usr/lib/grub/i386-pc/modinfo.sh doesn't exist. Please > specify --target --directory. That happened because the rescue system was booted in BIOS mode rather than in UEFI mode. If it had been booted in UEFI mode, then grub-install would have done the right thing. Regards, -- Colin Watson [cjwat...@debian.org]--- End Message ---
Processed: Re: Bug#812574: grub-pc: wants to overwrite admin configuration on each upgrade
Processing control commands: > forcemerge -1 841889 Bug #812574 [grub-pc] grub-pc: wants to overwrite admin configuration on each upgrade Bug #841889 [grub-pc] grub-pc: ucf prompt that wants to change nothing except remove admin-defined config Severity set to 'serious' from 'important' Marked as found in versions grub2/2.02~beta2-35 and grub2/2.02~beta2-33. Bug #812574 [grub-pc] grub-pc: wants to overwrite admin configuration on each upgrade Marked as found in versions grub2/2.02~beta3-1. Merged 812574 841889 -- 812574: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812574 841889: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841889 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#812574: grub-pc: wants to overwrite admin configuration on each upgrade
Control: forcemerge -1 841889 On Mon, Jan 25, 2016 at 09:28:56AM +0100, Thorsten Glaser wrote: > On each upgrade, I get prompted by ucf, despite there never being > any diff introduced by grub-pc, i.e. all it wants is to remove my > local admin-provided changes and revert to the package’s default: [...] > Please ensure to use ucf only in a way that only asks the user or > merges when there are diffs between the package-provided versions > (old and new) of the package, not to revert the admin-made changes. The current postinst is certainly trying to use ucf in such a way, so let's try to debug this. Please could you: * attach /var/lib/ucf/cache/:etc:default:grub * attach /etc/default/grub * show the output of "grep /etc/default/grub /var/lib/ucf/hashfile" With any luck that will be enough to make some progress here. Thanks, -- Colin Watson [cjwat...@debian.org]
Bug#734837: Why is tk8.4 removal triggering autoremoval messages of not depending packages at this point in time (Was: staden is marked for autoremoval from testing)
On Sat, 2016-12-31 at 15:38 +0100, Thibaut Paumard wrote: > I would believe removing tk8.4 by hand from testing could fix the lot of > associated autoremovals. > > Dear release team, thoughts on that? tk8.4 and tcl8.4 were already re-removed from testing this morning. Regards, Adam
Bug#817448: marked as done (enscribe: Removal of debhelper compat 4)
Your message dated Sat, 31 Dec 2016 15:03:44 + with message-id and subject line Bug#817448: fixed in enscribe 0.1.0-2 has caused the Debian Bug report #817448, regarding enscribe: Removal of debhelper compat 4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 817448: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817448 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: enscribe Severity: important Usertags: compat-4-removal Hi, The package enscribe uses debhelper with a compat level of 4, which is deprecated and scheduled for removal. * Please bump the debhelper compat at your earliest convenience. on the 15th of June. - Compat 9 is recommended - Compat 5 is the bare minimum - If the package has been relying on dh_install being lenient about missing files, please see "MIGRATING TO COMPAT 5 OR LATER" in [1]. * Compat level 4 will be removed on the first debhelper upload after the 15th of June. Thanks, ~Niels [1] https://lists.debian.org/debian-devel/2015/09/msg00257.html --- End Message --- --- Begin Message --- Source: enscribe Source-Version: 0.1.0-2 We believe that the bug you reported is fixed in the latest version of enscribe, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 817...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christoph Biedl (supplier of updated enscribe package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 25 Dec 2016 12:58:52 +0100 Source: enscribe Binary: enscribe Architecture: source powerpc Version: 0.1.0-2 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Christoph Biedl Description: enscribe - convert images into sounds Closes: 638843 669621 817448 Changes: enscribe (0.1.0-2) unstable; urgency=medium . * QA upload * Set maintainer field to Debian QA Group (see #839652) * Packaging cleanup. Closes: #669621, #817448 - Re-write debian/copyright in format 1.0 - Declare compliance with policy 3.9.8 - Convert to source format 3.0 (quilt) - Bump debhelper compat level to 10 - Use dh7-style debian/rules - Enable full hardening build - Fix typos * Reorder libraries to fix FTBFS with ld --as-needed. Closes: #638843, LP: #770933 Checksums-Sha1: e127bf6a6b3fbc24990b665e2035191d57e58c68 1727 enscribe_0.1.0-2.dsc 495c65b92f25c8d6ae718640ca9777ec5e844c08 4308 enscribe_0.1.0-2.debian.tar.xz 833a40d1f66e6bc03cbaef1ead75dc476bfbd464 27278 enscribe-dbgsym_0.1.0-2_powerpc.deb 6872d05d015cd65227b417eff00a13d1163e9dba 6400 enscribe_0.1.0-2_powerpc.buildinfo ccbd37666a2dd47d1c33160249e16a95e0c10e13 18044 enscribe_0.1.0-2_powerpc.deb Checksums-Sha256: 9eb93adea656450e594b39779064ee2249d0b5511ed1b469818ec1c70cd17991 1727 enscribe_0.1.0-2.dsc 96684403e507eb832714f78e03e2644b29cc7bbf037dd901084175a3a57afdbe 4308 enscribe_0.1.0-2.debian.tar.xz c3d0f7558e5e2fc8006823db9850dc07465af51b2dd3402a280ea2447270d271 27278 enscribe-dbgsym_0.1.0-2_powerpc.deb 70289802989554d8e1c4fb54b65737cb546c4da9eb7616ef5f0ca87e27015c40 6400 enscribe_0.1.0-2_powerpc.buildinfo 62953de302d33cc3ed16ba68b7fa5e5634dd31e9bab52be9d7f32521157ba6fe 18044 enscribe_0.1.0-2_powerpc.deb Files: 5789c28d3f3b9e79cafd6004f834761f 1727 sound extra enscribe_0.1.0-2.dsc 384fd758596421da236f5d80b9406482 4308 sound extra enscribe_0.1.0-2.debian.tar.xz 4dd9b476c2d6c361b09721813aa70029 27278 debug extra enscribe-dbgsym_0.1.0-2_powerpc.deb 5600252ca71528387008539e196b08db 6400 sound extra enscribe_0.1.0-2_powerpc.buildinfo 4f3c1b5075ec217826ac2ce3acdd6bdf 18044 sound extra enscribe_0.1.0-2_powerpc.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJYZ72xAAoJEMQsWOtZFJL9z7oP/jzHxcToVHoCsOTA+jPko5H9 Q53gQkiSwmLjjjmrSdToL9PGzMPSd++rJgiVVyA36LGGpziZ+9UTO/erCw9M0zkL /RNaeAJlaRCO88C/mqOW+e0Gx8hjnbbewLkroRN+z5qyZIzdAB8WAa5+LFzy8XCD Dp/GahkePRNFNVDp2jTLa1yYI1BpbdN/I+J8wRaLYlyBe1q0l10l3aXZWqoFO8c6 mg7Ax85YugdIrHar1q/ELY/cNKlVE4AafDMokdLAaT/u+NCKWsAwVEgxAZ6TjKfz adzhfe3VqYuuOY2ACbXwnrWWQDtIirPt1j6P458GKMaABgry4/o89ysK8dhjN4qx Civ4GUtyrKl4b/ezsWSu3rBaXGmjJKm4X2mwCsKfhHbmi4HP7kbi6k7E
Bug#849531: Possible security problem, new logwatch sends mails with charset UTF-8
Dear Security Team, I would like to get your input on bug #849531 [1]. A short summary: Logwatch is a log summarizer that parses various logfiles and reports a summary, either via e-mail or to stdout. Parts of the input are copied verbatim w.r.t. to their encoding to the output (e.g., usernames, URLs, etc.) However, e-mails were sent with a hard-coded Content-Type: ... encoding=ISO-8859-1. This meant that non-ascii UTF-8 characters were not displayed correctly. As part of a recent change that is already in Debian testing/unstable, the Content-Type line was modified to say that the encoding is UTF-8, obviously to ensure that utf-8 characters are displayed correctly. However, logwatch does not ensure that the output is correct utf-8, and that is claimed to be a security problem. So my question is: Is it a security issue if a script sends e-mails with encoding=utf-8, but potentially containing invalid utf-8 strings? If yes, what would be the (minimum) requirements to address this problem? thank you for your time Willi [1] https://bugs.debian.org/849531
Processed: found 849365 in 5.1-1
Processing commands for cont...@bugs.debian.org: > found 849365 5.1-1 Bug #849365 {Done: Thijs Kinkhorst } [src:libphp-phpmailer] libphp-phpmailer: CVE-2016-10033 Marked as found in versions libphp-phpmailer/5.1-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 849365: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849365 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#734837: Why is tk8.4 removal triggering autoremoval messages of not depending packages at this point in time (Was: staden is marked for autoremoval from testing)
Dear Andreas, Le 31/12/2016 à 08:23, Andreas Tille a écrit : > Hi, > > On Sat, Dec 31, 2016 at 04:40:32AM +, Debian testing autoremoval watch > wrote: >> staden 2.0.0+b11-2 is marked for autoremoval from testing on 2017-01-29 >> >> It (build-)depends on packages with these RC bugs: >> 734837: tk8.4: Time to remove from testing > > Staden Build-Depends: tk-dev (without any version) and the binary > package Depends: libtk8.6 (>= 8.6.0) so I do not understand this > autoremoval message in principle and I specifically wonder why this > happens at this point in time. I cannot tell you why this message appears, in particular for staden (no matter how hard I grep staden's dependencies, I cannot find tk8.4 in it). However I can tell you why it's happening now. This is due to the recent bogus run of testing migrations. 734837 is a sort of "pseudo" RC bug that was there to prevent tk8.4 from migrating again to testing. Yet a bug in the transition script let it go through. Now the auroremoval stuff rightly wants to remove it again, and for some reason misinterprets its reverse dependencies. I would believe removing tk8.4 by hand from testing could fix the lot of associated autoremovals. Dear release team, thoughts on that? Kind regards, Thibaut. > Staden is juat an example for a set of packages with the same problem. > > Kind regards > > Andreas. >
Processed: fixed 849365 in 5.1-1.2, fixed 849365 in 5.2.9+dfsg-2+deb8u2
Processing commands for cont...@bugs.debian.org: > fixed 849365 5.1-1.2 Bug #849365 {Done: Thijs Kinkhorst } [src:libphp-phpmailer] libphp-phpmailer: CVE-2016-10033 The source 'libphp-phpmailer' and version '5.1-1.2' do not appear to match any binary packages Marked as fixed in versions libphp-phpmailer/5.1-1.2. > fixed 849365 5.2.9+dfsg-2+deb8u2 Bug #849365 {Done: Thijs Kinkhorst } [src:libphp-phpmailer] libphp-phpmailer: CVE-2016-10033 Marked as fixed in versions libphp-phpmailer/5.2.9+dfsg-2+deb8u2. > thanks Stopping processing here. Please contact me if you need assistance. -- 849365: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849365 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: reassign of already fixed bug
Processing commands for cont...@bugs.debian.org: > unarchive 841600 Bug #841600 {Done: PICCA Frederic-Emmanuel } [src:pyfai] pyfai: FTBFS: Tests failures Unarchived Bug 841600 > reassign 841600 python-scipy Bug #841600 {Done: PICCA Frederic-Emmanuel } [src:pyfai] pyfai: FTBFS: Tests failures Bug reassigned from package 'src:pyfai' to 'python-scipy'. No longer marked as found in versions pyfai/0.12.0+dfsg-5. Ignoring request to alter fixed versions of bug #841600 to the same values previously set > affects 841600 src:pyfai Bug #841600 {Done: PICCA Frederic-Emmanuel } [python-scipy] pyfai: FTBFS: Tests failures Added indication that 841600 affects src:pyfai > thanks Stopping processing here. Please contact me if you need assistance. -- 841600: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841600 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#849531: [Logwatch-devel] Bug#849531: Possible security problem,new logwatch sends mails with charset UTF-8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Sa den 31. Dez 2016 um 14:28 schrieb Willi Mann: > thanks for your test cases. However, I don't think that binmode provides > an acceptable solution, at least not alone. While it ensures that the > strings are valid utf-8 strings, it will convert any valid utf-8 > character to two "garbage" characters. Try Well, that "garbage" is by design for UTF-8. If you don't want that, stay on latin1. It is a no-go to set the mime type to UTF-8 but still send latin1. (As it does the current version.) Setting header to UTF-8 doesn't change the content of the mail. It just open up for troubles. Regards Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -BEGIN PGP SIGNATURE- Comment: Charset: ISO-8859-1 iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlhntxMACgkQpnwKsYAZ 9qyD4gv/ThmNQDCI9QeXYGvwafNDzcDtaHUpeGhOqJI4NjE/UxvPDGIJsMAmS3fI w69zDuHmy9d1AsCm4I8ipF9l1LD1GHo8Fh9g2Uiv4l6d5e4jYmMi/L/pJxqbAqIt A1LjNQUNGMLk97OHLqR5/9lnfOzahdzgEVNP/Fi5ygVXi3vJFdwfFFbWk39CfYUy jcKQUdDzbQUzyFLl7I+1pZm19HCDH4v5fIzqwQW8bz4VXpTIUZjXJSV2n5gN1Lo9 99utKdR1b1UQScdGs2zV/QhVN/IJJsNNzK4Zylisdjw0ZgvnSW3gt461d62FAH1o R4UwerUZYWzCGLZHpGwPw/1/s7YOAlPlO46UzSslqC0J0mmcCPG5eBz4iX2F03U3 uoz3gscPsjFAf/eqlkp6MHXeNqSV2cCwQLnqZ17/py5DiMUxS61dFXRmcrLOotC0 KmDBRC7Gft8dcr4bjqYG3jIv0ppOEdvA1izQQ+q2WNQ4E7AprDPJ94MgibQ8BBYX iGbaxnj2 =af5+ -END PGP SIGNATURE-
Bug#849531: [Logwatch-devel] Bug#849531: Possible security problem,new logwatch sends mails with charset UTF-8
Hi Jason, thanks for your test cases. However, I don't think that binmode provides an acceptable solution, at least not alone. While it ensures that the strings are valid utf-8 strings, it will convert any valid utf-8 character to two "garbage" characters. Try $ ./utf8_test.pl testlog (see attached files) I'm not really sure what a proper solution is. But I'm actually not yet fully convinced that there is a problem logwatch should solve. I will ask Debian's security team for advice. WM Am 2016-12-30 um 20:26 schrieb Jason Pyeron: > A very rudimentary test: > > /projects/logwatch > $ perl -e 'for ($i=0; $i<256; ++$i) {print chr($i);}' | hexdump.exe -C > 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f || > 0010 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f || > 0020 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f | !"#$%&'()*+,-./| > 0030 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f |0123456789:;<=>?| > 0040 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f |@ABCDEFGHIJKLMNO| > 0050 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f |PQRSTUVWXYZ[\]^_| > 0060 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f |`abcdefghijklmno| > 0070 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f |pqrstuvwxyz{|}~.| > 0080 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f || > 0090 90 91 92 93 94 95 96 97 98 99 9a 9b 9c 9d 9e 9f || > 00a0 a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af || > 00b0 b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf || > 00c0 c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf || > 00d0 d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df || > 00e0 e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef || > 00f0 f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff || > 0100 > > /projects/logwatch > $ perl -e 'binmode(STDOUT, ":utf8"); for ($i=0; $i<256; ++$i) {print STDOUT > chr($i);}' | hexdump.exe -C > 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f || > 0010 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f || > 0020 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f | !"#$%&'()*+,-./| > 0030 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f |0123456789:;<=>?| > 0040 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f |@ABCDEFGHIJKLMNO| > 0050 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f |PQRSTUVWXYZ[\]^_| > 0060 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f |`abcdefghijklmno| > 0070 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f |pqrstuvwxyz{|}~.| > 0080 c2 80 c2 81 c2 82 c2 83 c2 84 c2 85 c2 86 c2 87 || > 0090 c2 88 c2 89 c2 8a c2 8b c2 8c c2 8d c2 8e c2 8f || > 00a0 c2 90 c2 91 c2 92 c2 93 c2 94 c2 95 c2 96 c2 97 || > 00b0 c2 98 c2 99 c2 9a c2 9b c2 9c c2 9d c2 9e c2 9f || > 00c0 c2 a0 c2 a1 c2 a2 c2 a3 c2 a4 c2 a5 c2 a6 c2 a7 || > 00d0 c2 a8 c2 a9 c2 aa c2 ab c2 ac c2 ad c2 ae c2 af || > 00e0 c2 b0 c2 b1 c2 b2 c2 b3 c2 b4 c2 b5 c2 b6 c2 b7 || > 00f0 c2 b8 c2 b9 c2 ba c2 bb c2 bc c2 bd c2 be c2 bf || > 0100 c3 80 c3 81 c3 82 c3 83 c3 84 c3 85 c3 86 c3 87 || > 0110 c3 88 c3 89 c3 8a c3 8b c3 8c c3 8d c3 8e c3 8f || > 0120 c3 90 c3 91 c3 92 c3 93 c3 94 c3 95 c3 96 c3 97 || > 0130 c3 98 c3 99 c3 9a c3 9b c3 9c c3 9d c3 9e c3 9f || > 0140 c3 a0 c3 a1 c3 a2 c3 a3 c3 a4 c3 a5 c3 a6 c3 a7 || > 0150 c3 a8 c3 a9 c3 aa c3 ab c3 ac c3 ad c3 ae c3 af || > 0160 c3 b0 c3 b1 c3 b2 c3 b3 c3 b4 c3 b5 c3 b6 c3 b7 || > 0170 c3 b8 c3 b9 c3 ba c3 bb c3 bc c3 bd c3 be c3 bf || > 0180 > > This confirms that binmode utf8 is needed to print out the full ASCII range. > >> -Original Message- >> From: Jason Pyeron [mailto:jpye...@pdinc.us] >> Sent: Friday, December 30, 2016 14:03 >> To: Jason Pyeron; 'Willi Mann'; logwatch-de...@lists.sourceforge.net >> Cc: 849...@bugs.debian.org; 849531-forwar...@bugs.debian.org; >> 'Klaus Ethgen' >> Subject: RE: [Logwatch-devel] Bug#849531: Possible security >> problem,new logwatch sends mails with charset UTF-8 >> >> I have opened https://sourceforge.net/p/logwatch/bugs/56/ . >> >> I am working a test case for this right now. >> >> As I see it, there are 3 paths to test. >> >> Output as STDOUT, file, and email. In each case does an 8bit >> value (0x00..0xff unsigned) result in a valid UTF-8 character. >> >> Is binmode(STDOUT, ":utf8") needed? Does it fix the issue if >> it was needed? >> -Original Message- From: Willi Mann Sent: Frid
Processed: bug 848800 is forwarded to https://issues.apache.org/jira/browse/TS-5107
Processing commands for cont...@bugs.debian.org: > forwarded 848800 https://issues.apache.org/jira/browse/TS-5107 Bug #848800 [src:trafficserver] trafficserver: FTBFS: AttributeError: Inliner instance has no attribute 'start_string_prefix' Set Bug forwarded-to-address to 'https://issues.apache.org/jira/browse/TS-5107'. > thanks Stopping processing here. Please contact me if you need assistance. -- 848800: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848800 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#849777: shutter: CVE-2016-10081: Insecure use of perl exec()
Christoph Biedl wrote... > The patch attached --- a/bin/shutter +++ b/bin/shutter @@ -7164,8 +7164,13 @@ elsif ( $pid == 0 ) { #see Bug #661424 -my $qfilename = quotemeta $session_screens{$key}->{'long'}; -exec( sprintf( "$^X $plugin_value %d $qfilename $session_screens{$key}->{'width'} $session_screens{$key}->{'height'} $session_screens{$key}->{'filetype'}\n", $socket->get_id ) ); +#my $qfilename = quotemeta $session_screens{$key}->{'long'}; +exec( $^X, $plugin_value, +$socket->get_id, +$session_screens{$key}->{'long'}, +$session_screens{$key}->{'width'}, +$session_screens{$key}->{'height'}, +$session_screens{$key}->{'filetype'} ); } $sdialog->show_all; @@ -7198,11 +7203,15 @@ my $plugin_process = Proc::Simple->new; #see Bug #661424 -my $qfilename = quotemeta $session_screens{$key}->{'long'}; +#my $qfilename = quotemeta $session_screens{$key}->{'long'}; $plugin_process->start( sub { -system("'$plugin_value' $qfilename '$session_screens{$key}->{'width'}' '$session_screens{$key}->{'height'}' '$session_screens{$key}->{'filetype'}' "); +system( $plugin_value, +$session_screens{$key}->{'long'}, +$session_screens{$key}->{'width'}, +$session_screens{$key}->{'height'}, +$session_screens{$key}->{'filetype'} ); POSIX::_exit(0); } ); signature.asc Description: Digital signature
Bug#849777: shutter: CVE-2016-10081: Insecure use of perl exec()
Salvatore Bonaccorso wrote... > CVE-2016-10081[0]: > | /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote > | attackers to execute arbitrary commands via a crafted image name that > | is mishandled during a "Run a plugin" action. *sigh* Single-argument usage of system/exec through the shell (...) The patch attached uses the multi-argument invocation and also changes it in the code path for non-Perl plugins. I wasn't able to exploit the latter since it requires a file name without an extension (more precisely: without a dot) that shutter still is willing to open. So a file named (*in*cluding the quotes) ' ; xeyes ; ' on the offset plugin should do the trick but shutter didn't get that far. But that's no excuse for keeping it this way. Still requires more testing. Christoph signature.asc Description: Digital signature
Processed: affects
Processing commands for cont...@bugs.debian.org: > affects 848785 + src:dune-pdelab Bug #848785 {Done: Gert Wollny } [libvtk6-dev] libvtk6-dev cmake files hardcode nonexisting /usr/lib/libmpi.so Bug #848793 {Done: Gert Wollny } [libvtk6-dev] libvtk6-dev cmake files hardcode nonexisting /usr/lib/libmpi.so Bug #848794 {Done: Gert Wollny } [libvtk6-dev] libvtk6-dev cmake files hardcode nonexisting /usr/lib/libmpi.so Bug #848799 {Done: Gert Wollny } [libvtk6-dev] libvtk6-dev cmake files hardcode nonexisting /usr/lib/libmpi.so Bug #848802 {Done: Gert Wollny } [libvtk6-dev] asl: FTBFS: CMakeFiles/Makefile2:217: recipe for target 'src/CMakeFiles/aslvtk.dir/all' failed Bug #848804 {Done: Gert Wollny } [libvtk6-dev] gammaray: FTBFS: CMakeFiles/Makefile2:7170: recipe for target 'plugins/objectvisualizer/CMakeFiles/gammaray_objectvisualizer_ui_plugin.dir/all' failed Bug #848808 {Done: Gert Wollny } [libvtk6-dev] libvtk6-dev cmake files hardcode nonexisting /usr/lib/libmpi.so Bug #848815 {Done: Gert Wollny } [libvtk6-dev] camitk: FTBFS: make[2]: *** [sdk/libraries/core/CMakeFiles/library-camitkcore.dir/all] Error 2 Added indication that 848785 affects src:dune-pdelab Added indication that 848793 affects src:dune-pdelab Added indication that 848794 affects src:dune-pdelab Added indication that 848799 affects src:dune-pdelab Added indication that 848802 affects src:dune-pdelab Added indication that 848804 affects src:dune-pdelab Added indication that 848808 affects src:dune-pdelab Added indication that 848815 affects src:dune-pdelab > thanks Stopping processing here. Please contact me if you need assistance. -- 848785: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848785 848793: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848793 848794: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848794 848799: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848799 848802: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848802 848804: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848804 848808: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848808 848815: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848815 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#849568: marked as done (aufs-dkms: dkms install fails)
Your message dated Sat, 31 Dec 2016 09:33:26 + with message-id and subject line Bug#849568: fixed in aufs 4.8+20161219-2 has caused the Debian Bug report #849568, regarding aufs-dkms: dkms install fails to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 849568: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849568 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: aufs-dkms Version: 4.8+20161219-1 Severity: important Installing aufs-dkms doesn't compile and install the kernel module via dkms. I re-checked by running dkms on the command line: root@debian:~# dkms install -m aufs -v 4.8+20161219 Kernel preparation unnecessary for this kernel. Skipping... Building module: cleaning build area...(bad exit status: 2) make -j12 KERNELRELEASE=4.8.0-2-amd64 -C /var/lib/dkms/aufs/4.8+20161219/build aufs.ko KDIR=/lib/modules/4.8.0-2-amd64/build...(bad exit status: 2) Error! Bad return status for module build on kernel: 4.8.0-2-amd64 (x86_64) Consult /var/lib/dkms/aufs/4.8+20161219/build/make.log for more information. root@debian:~# cat /var/lib/dkms/aufs/4.8+20161219/build/make.log DKMS make.log for aufs-4.8+20161219 for kernel 4.8.0-2-amd64 (x86_64) Wed Dec 28 18:33:50 CET 2016 make: Entering directory '/var/lib/dkms/aufs/4.8+20161219/build' config.mk:54: *** hier. Stop. make: Leaving directory '/var/lib/dkms/aufs/4.8+20161219/build' It looks like you forgot to enable 0003-enable-CONFIG_AUFS_EXPORT.patch in debian/patches/series. At least, if I enable this patch and rebuild the package it correctly compiles and installs the kernel module via dkms. -- System Information: Debian Release: stretch/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.8.0-2-amd64 (SMP w/12 CPU cores) Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages aufs-dkms depends on: ii dkms 2.3-1 Versions of packages aufs-dkms recommends: ii aufs-tools 1:4.1+20161010-1 Versions of packages aufs-dkms suggests: pn aufs-dev -- no debconf information --- End Message --- --- Begin Message --- Source: aufs Source-Version: 4.8+20161219-2 We believe that the bug you reported is fixed in the latest version of aufs, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 849...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jan Luca Naumann (supplier of updated aufs package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 30 Dec 2016 18:02:22 +0100 Source: aufs Binary: aufs-dkms aufs-dev Architecture: source amd64 Version: 4.8+20161219-2 Distribution: sid Urgency: medium Maintainer: Filesystems Group Changed-By: Jan Luca Naumann Description: aufs-dev - Development files for aufs aufs-dkms - DKMS files to build and install aufs Closes: 849568 Changes: aufs (4.8+20161219-2) unstable; urgency=medium . * debian/patches: Remove erroneous debug line from patches. (Closes: #849568) Checksums-Sha1: 03aa01785c3d44a6805f75ff3585d4e93764f98b 2001 aufs_4.8+20161219-2.dsc 85c0afc8a82682bb19e5a35dbcf3f1e02daee9e4 3708 aufs_4.8+20161219-2.debian.tar.xz 64381d5ff86bbc17508ce10c8bea0a9b57b50601 5482 aufs-dev_4.8+20161219-2_amd64.deb bde01e9052e57547aadd2815ea37bb562d2e3fd5 168392 aufs-dkms_4.8+20161219-2_amd64.deb e071c16f65c47a11b0f867dcc692b0cb54854d83 4835 aufs_4.8+20161219-2_amd64.buildinfo Checksums-Sha256: 110f8b860d7ef1d3401b9d07ba8ad333ef41d0cd16ed084b32be7550bca3143a 2001 aufs_4.8+20161219-2.dsc b0f1be4a036528d7fc913f728bb0e419d3a2983ec46b0d497d014fd9dad671e7 3708 aufs_4.8+20161219-2.debian.tar.xz 97abb072ee17ed97d508eb025f4dcc55ae841a4e936df1d8e00976fc030dffa7 5482 aufs-dev_4.8+20161219-2_amd64.deb 0ff6bfe8c3e761e0c70e2486cb92438cb7d1eeb68baa8053687325fd652a1ab7 168392 aufs-dkms_4.8+20161219-2_amd64.deb 470e98bdeb51e72ca01dc736ff0a466d056d17a589ab1d88cfcf613b646cffae 4835 aufs_4.8+20161219-2_amd64.buildinfo Files: f8582f3210814cc9dfa0968866225d4a 2001 kernel opt
Bug#822017: marked as done (pykaraoke: Build arch:all+arch:any but is missing build-{arch,indep} targets)
Your message dated Sat, 31 Dec 2016 09:05:50 + with message-id and subject line Bug#822017: fixed in pykaraoke 0.7.5-1.2 has caused the Debian Bug report #822017, regarding pykaraoke: Build arch:all+arch:any but is missing build-{arch,indep} targets to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 822017: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822017 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: pykaraoke Severity: normal Usertags: arch-all-and-any-missing-targets Hi, The package pykaraoke builds an architecture independent *and* an architecture dependent package, but does not have the (now mandatory) "build-arch" and "build-indep" targets in debian/rules. We would like to phase out the hacks in dpkg, which are currently needed to ensure that pykaraoke builds despite its lack of these targets. * Please add build-arch and build-indep targets to pykaraoke at your earliest convenience. - This can also be solved by using e.g. the "dh"-style rules. * The work around will be removed in the first dpkg upload after the 1st of June. After that upload, pykaraoke will FTBFS if this bug has not been fixed before then. Thanks, See also: https://lists.debian.org/debian-devel/2016/04/msg00023.html --- End Message --- --- Begin Message --- Source: pykaraoke Source-Version: 0.7.5-1.2 We believe that the bug you reported is fixed in the latest version of pykaraoke, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 822...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dr. Tobias Quathamer (supplier of updated pykaraoke package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 31 Dec 2016 09:39:49 +0100 Source: pykaraoke Binary: pykaraoke pykaraoke-bin python-pykaraoke Architecture: source Version: 0.7.5-1.2 Distribution: unstable Urgency: medium Maintainer: Python Applications Packaging Team Changed-By: Dr. Tobias Quathamer Description: pykaraoke - free CDG/MIDI/MPEG karaoke player pykaraoke-bin - free CDG/MIDI/MPEG karaoke player python-pykaraoke - free CDG/MIDI/MPEG karaoke player Closes: 822017 Changes: pykaraoke (0.7.5-1.2) unstable; urgency=medium . * Non-maintainer upload. * Replace ttf-dejavu with fonts-dejavu * Add build-{arch,indep} targets to fix FTBFS. Thanks to Santiago Vila (Closes: #822017) Checksums-Sha1: 1ea3b160f77cb683621346cd5232688ecb824ca5 2177 pykaraoke_0.7.5-1.2.dsc 2d033d387348640a3111784254a01aeaf2e653ee 12215 pykaraoke_0.7.5-1.2.debian.tar.bz2 Checksums-Sha256: 5f013460b741fd71c4487170c65670d35252bb79fe5f88539bfb6d36036203ef 2177 pykaraoke_0.7.5-1.2.dsc 42a43586a2a458e8056207d092101040eda0eed84ec7b7a5df717d4038902420 12215 pykaraoke_0.7.5-1.2.debian.tar.bz2 Files: 1d21e0016ba38c1689be846736e23f01 2177 games optional pykaraoke_0.7.5-1.2.dsc 77a614fbd0c12ef2f8cc1b1514a35598 12215 games optional pykaraoke_0.7.5-1.2.debian.tar.bz2 -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYZ2+dAAoJEBMC8fA26+sZHOQP/18zsoLrfpZaVuZTha8XQG/c Bz3It1+yWjZLgXrtcxqG6TFPMgLZZ5IXQFJXxMkUM9VrPDafljYlmrsEerXhg3Uk 8LRTtw6a4MivvuYFynlf0fXeljKaMba9Yk0ynkiUhHJayWs77AeTUjZTZpOSASRm PhNSdCGvKHqsfwuT3dJylu5NoSzU4moLUq1ShfYlNuZp1lKnCKVk8LkF7c2pxXp0 9+f7JhX3Ewa47FNhevJ70Fty4Ss50Vq0A+J1cm2Mm2RGS4faKI91JAKiwFllDVxi Oc2ve0mraWdwEzsIqMyyi5QMSyUDY1xFpBbI8klXN2avJD9UY/s66wIaPxUrfRx2 hhN1DB60Ac3LXEoDOBpOl4HTwcGxmRipJqEtyn3wnzjq3s9grH019z3Y1dks8y05 Qj16o24gmgMDlEc+GAVEFbo47+wU1s63Zfk9AFSzz/ug9X0m1i3yRuq6fo6Hdc2C pToqfGHlqgNd+FgbcKh+SuNhm9LpW9nEqLt+Wv+vS8R4H2wrfMhnizBbOW6f/YGq YGFcKN58G0qrULR9C6RlQE6aZ3ooWS8Pdx1VMhg2CRtEWXhTzzz1H7bLVwrns+bD MQOFUKl2NA7GtxOa/D6NBP7z8T998sTfGin6AyCNyDR8EzBxOR7Oe13xpOiAB9Ep me++DQ+obZ2E5AwBbnq1 =Ly7q -END PGP SIGNATURE End Message ---
Bug#822017: NMU for pykaraoke
Hi, please find attached the patch for the NMU of pykaraoke, which I've just uploaded to unstable. Regards, Tobias diff -Nru pykaraoke-0.7.5/debian/changelog pykaraoke-0.7.5/debian/changelog --- pykaraoke-0.7.5/debian/changelog 2014-10-07 11:42:45.0 +0200 +++ pykaraoke-0.7.5/debian/changelog 2016-12-31 09:39:49.0 +0100 @@ -1,3 +1,12 @@ +pykaraoke (0.7.5-1.2) unstable; urgency=medium + + * Non-maintainer upload. + * Replace ttf-dejavu with fonts-dejavu + * Add build-{arch,indep} targets to fix FTBFS. +Thanks to Santiago Vila (Closes: #822017) + + -- Dr. Tobias Quathamer Sat, 31 Dec 2016 09:39:49 +0100 + pykaraoke (0.7.5-1.1) unstable; urgency=medium * Non-maintainer upload. @@ -14,7 +23,7 @@ * Upgraded Standards-Version from 3.8.4 to 3.9.2 * Transitioned to dh_python2 See: http://wiki.debian.org/Python/TransitionToDHPython2 - * Changed dependency from python-wxgtk2.6 + * Changed dependency from python-wxgtk2.6 to python-wxgtk2.8 | python-wxgtk2.6 -- Miriam Ruiz Thu, 24 Nov 2011 11:47:47 +0100 @@ -143,7 +152,7 @@ * New Upstream Release. + CDG: Much improved performance for running on lower spec machines. + New C file which gives the major performance boost to the CDG player. -+ It's still possible to have an ultra-portable install without the ++ It's still possible to have an ultra-portable install without the compilation for which Numeric is required, but otherwise Numeric is no longer required. + CDG: Smoother scrolling and fixed horizontal scrolling. @@ -153,7 +162,7 @@ + Added support for GP2X. + Many other internal changes. * Python 2.4 is needed. - + [Ana Beatriz Guerrero Lopez] * Updating compat to 5. * Updated to new Python Policy and NMU ack. (Closes: #380907) @@ -181,4 +190,3 @@ * Replaced vera.ttf font with a symbolic link to Debian's already packaged version. -- Miriam Ruiz Wed, 1 Feb 2006 22:55:48 +0100 - diff -Nru pykaraoke-0.7.5/debian/control pykaraoke-0.7.5/debian/control --- pykaraoke-0.7.5/debian/control 2014-08-31 23:02:47.0 +0200 +++ pykaraoke-0.7.5/debian/control 2016-12-31 09:35:34.0 +0100 @@ -39,7 +39,7 @@ Package: pykaraoke-bin Architecture: all Depends: ${python:Depends}, python-pykaraoke (>= ${source:Version}), - python-pygame, ttf-dejavu, ttf-dejavu-extra, ${misc:Depends} + python-pygame, fonts-dejavu, fonts-dejavu-extra, ${misc:Depends} Description: free CDG/MIDI/MPEG karaoke player PyKaraoke is a free karaoke player. You can use this program to play your collection of CDG, MIDI and MPEG karaoke songs. @@ -64,7 +64,7 @@ Package: python-pykaraoke Section: python Architecture: any -Depends: ${shlibs:Depends}, ${python:Depends}, python-pygame, ttf-dejavu, +Depends: ${shlibs:Depends}, ${python:Depends}, python-pygame, fonts-dejavu, ${misc:Depends} Recommends: timidity, freepats, python-mutagen Suggests: python-numpy diff -Nru pykaraoke-0.7.5/debian/rules pykaraoke-0.7.5/debian/rules --- pykaraoke-0.7.5/debian/rules 2011-11-24 11:51:00.0 +0100 +++ pykaraoke-0.7.5/debian/rules 2016-12-31 09:38:23.0 +0100 @@ -14,6 +14,8 @@ CFLAGS += -O2 endif +build-arch: build +build-indep: build build: patch build-stamp build-stamp: $(PYVERS:%=build-ext-%) touch $@ @@ -82,4 +84,4 @@ dh_builddeb -a binary: binary-indep binary-arch -.PHONY: build clean binary-indep binary-arch binary install +.PHONY: build build-arch build-indep clean binary-indep binary-arch binary install signature.asc Description: OpenPGP digital signature
Bug#849802: python-cryptography: FTBFS in stable/jessie
Source: python-cryptography Version: 0.6.1-1 Severity: serious Tags: jessie Justification: FTBFS in stable Hi python-cryptography 0.6.1-1 FTBFS on stable with the attached buildlog. I noticed this while investigating a potential fix for CVE-2016-9243 via either jessie-pu or jessie-security. Regards, Salvatore -- System Information: Debian Release: 8.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) python-cryptography_0.6.1-1_amd64.build.gz Description: application/gzip