Bug#429061: portsentry.conf permission
Hi, What does actually makes you (un)happy of the file permission? The owner? Seems right to me (root.root) The permissions? rw-r--r-- seems right to me too, comparing to other daemons, ssh, databases, etc. Or would you suggest something like rw---? If yes, why? -- "Midway upon the journey of our life, I found myself within a forest dark, For the straightforward pathway had been lost" signature.asc Description: This is a digitally signed message part
Bug#308200: blackbox-themes copyright file
On Sun, 2006-06-25 at 11:48 -0400, Andrew Moise wrote: > Bruno, would you object if I NMUed a new version of this package, with > the copyright file I attached earlier in this bug report? I would prefer if we can discuss the changes in IRC or through Email. What do you plan to do? I'm interested in to see that it can be done. Thanks, -- Midway upon the journey of our life, I found myself within a forest dark, For the straightforward pathway had been lost. signature.asc Description: This is a digitally signed message part
Bug#368222: dies after losing the game
Package: xbat Version: 1.11-9.1 Severity: grave Hi, xbat dies after losing the game. Here is the log: This GDB was configured as "powerpc-linux-gnu"...(no debugging symbols found) Using host libthread_db library "/lib/tls/libthread_db.so.1". (gdb) run Starting program: /usr/games/xbat (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) Program received signal SIGSEGV, Segmentation fault. 0x10009694 in ?? () That's not so much information, but well, as I said, after losing "1 Life" this game died with a Segmentation Fault message. -- Midway upon the journey of our life, I found myself within a forest dark, For the straightforward pathway had been lost. signature.asc Description: Digital signature
Bug#349653: xmame: exploitable buffer overflows [CVE-2006-0176]
On Wed, 2006-04-05 at 11:22 +0200, Moritz Muehlenhoff wrote: > Steve Langasek wrote: > > On Wed, Apr 05, 2006 at 11:00:16AM +0200, Moritz Muehlenhoff wrote: > > > Steve Langasek wrote: > > > > > > This bug has been pending for more than two months and no fix in > > > > > > Debian > > > > > > yet... Does Bruno still track his bugs? > > > > > > > > Here is two patches for both Sarge and Sid versions. > > > > > > > > Pierre Riteau > > > > > > > > (CC'ing [EMAIL PROTECTED] for the stable fix, and the > > > > > > Co-Maintainer as I don't know if he receives BTS replies) > > > > > > (Email address in previous message for tagging is wrong, I was > > > > > > playing > > > > > > with bts thinking it wouldn't commit the changes) > > > > > > > Xmame is non-free and thus not supported by the Security Team. > > > > > (Only the relatively obscure -svgalib version is affected, anyway.) > > > > > > Is it the case that this bug doesn't affect the other frontends *at > > > > all*, or > > > > just that, not being suid root, it's just an arbitrary code execution > > > > bug > > > > instead of a root exploit? > > > > > It's a local vulnerability, the only security ramification would be a > > > privilege escalation: > > > > If untrusted input can trigger arbitrary code execution, then that still has > > security implications. I don't think that most users only use trusted ROMs > > with xmame. :) > > Yeah, but according to the original advisory the overflows are in args > parsing. > (It could be possible that these values can somehow be influenced from a > crafted > ROM, though.) > > Cheers, > Moritz > Hi, Sorry for the delay in this reply. Timeline: 26 Mar 2006: I submitted a NEW package (xmame-1.0.4) with xmess-SDL. Sun, 02 Apr 2006: xmame_0.104-1_i386.changes REJECTED (Due to a minor mistake) Sun, 02 Apr 2006: xmame_0.104-1_i386.changes is NEW (Fixed the mistake and uploaded the new package). Changelog: * New upstream release. * Fixed exploitable buffer overflows [CVE-2006-0176]. (closes: #349653) * Added xmess-sdl binary package. (closes: #340460) Announcing to debian-devel-changes@lists.debian.org Closing bugs: 340460 349653 So, please be patient. Thanks, Bruno. -- "In this life, we are Kings or Pawns. Emperors or Fools." signature.asc Description: This is a digitally signed message part
Bug#359854: doesn't detect recv()=0
On Sat, 2006-04-01 at 01:49 -0500, Justin Pryzby wrote: > tag 359854 patch > thanks > > It is looping with recv()=0, which means "the remote end has shut > down". It is a special return value, and has to be handled as such. > Attached is functional and mildly tested patch. > > I also made some changes to fix some ugly stuff valgrind turned up. > > It still doesn't detect errors, but this didn't work before anyway. > > I would seriously reconsider maintenance of this package..trivially > fixed valgrind warnings, saved files aren't correct, overwrites files > which wget wouldn't, and improper use of recv. Could you please explain me what does "reconsider maintenance of this package" means? Are referering to my work or upstream?. FYI, I've written a lot of patches for aget and sent it directly to upstream as you can see in the bug reports before. Sadly, upstream is a bit slow replying and that's why I don't want to make this package fully of patches, because is a small program and we can introduce changes directly to the official source code. > > Alternatives: aria axel cget icecream > > The one thing it has going for it is that it is small, and if you > wanted to make relatively heavy modifications, you could do so without > much pain. Thanks for the patch. -- "In this life, we are Kings or Pawns. Emperors or Fools." signature.asc Description: This is a digitally signed message part
Bug#308200: blackbox-themes: Copyright status still not resolved
On Fri, 2006-01-13 at 11:14 -0500, Andrew Moise wrote: > Has there been any more progress on this? 250 days is a long time for > Debian to be (apparently) distributing someone else's copyrighted works > without a license. Again, if you want me to do any of the work > associated with fixing this bug, say the word; I appreciate the work > you've done for Debian and I don't want to make more work for you. > Hi Andrew, I have been really busy these days. I will really appreciate if you can help me a bit with this issue. Thanks, -- Midway upon the journey of our life, I found myself within a forest dark, For the straightforward pathway had been lost. signature.asc Description: This is a digitally signed message part
Bug#322306:
tags 322306 unreproducible thanks Using: blackbox : 0.70.0-5 xserver-xorg : 6.8.2.dfsg.1-5 I wasn't able to reproduce your bug report (bbpager ran fine). Could you please send more details about this issue (versions, debug, etc.). -- Bruno Barrera C. "The most dangerous moment comes with victory." signature.asc Description: This is a digitally signed message part
Bug#308200: blackbox-themes: Copyright status still not resolved
The style file does say "My thanks to fli73, where I got this > wonderful background." > > === WhiteBox style & background >* Copyright: Volkan YAZICI <[EMAIL PROTECTED]> >* Upstream: http://freshmeat.net/projects/whitebox/ >* License: GPL > > -- System Information: > Debian Release: 3.1 > APT prefers unstable > APT policy: (500, 'unstable') > Architecture: i386 (i686) > Kernel: Linux 2.6.10-1-686-smp > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > > Versions of packages blackbox-themes depends on: > ii blackbox 0.70.0-2 Window manager for X > > -- no debconf information I see your point. Well, time ago, I contacted them to know if I could include their themes into the Debian package obviously, and I got answers like: From rom Carlos Oliva: 'That's fine. Please do. I'll be glad to share my theme into the Debian Package' Then I uploaded the package. Now, the true is that I will require all emails digitally-signed, otherwise it will not be legal because somebody could think that they are fake. I'm going to request the same thing that I've requested time ago, and I will change the debian/copyright, including his reply on the file. That do you think that would be correct? Thanks for your report, -- Bruno Barrera C. "I'm a soldier, not a monster. Even though if I sometimes work for monsters." signature.asc Description: This is a digitally signed message part
Bug#308157:
Yep, I knew. I'm uploading a new version. -- Bruno Barrera C. "I'm a soldier, not a monster. Even though if I sometimes work for monsters." signature.asc Description: This is a digitally signed message part
Bug#292806:
This problem is fixed in the new upstream version (0.92). Please, upload a new package in order to fix this problem. -- Bruno Barrera C. Debian Developer signature.asc Description: This is a digitally signed message part
Bug#292806:
Hi, Well, the reason of this issue is that pmksetup is broken (Segmentation Fault). A quick look on the sources and debugging shows that there is some problem with the strlen() function (seems like a NULL argument or something like that). I'm bit busy nowadays but I'll try to make some patch ASAP. Regards, -- Bruno Barrera C. Debian Developer signature.asc Description: This is a digitally signed message part
Bug#293624:
tags 293624 patch thanks Here is a little patch to fix this issue. -- Bruno Barrera C. Debian Developer --- ../fcitx-3.0.3.orig/debian/control 2005-02-05 17:53:58.0 -0300 +++ debian/control 2005-02-05 17:56:16.0 -0300 @@ -7,7 +7,8 @@ Package: fcitx Architecture: any -Depends: ${shlibs:Depends}, ttf-arphic-gbsn00lp | ttf-arphic-gkai00mp +Suggests: ttf-arphic-gbsn00lp | ttf-arphic-gkai00mp +Depends: ${shlibs:Depends} Description: Free Chinese Input Toy for X (XIM) fcitx is a simplified Chinese input server. It supports WuBi, Pinyin and QuWei input method. It's small and fast. signature.asc Description: This is a digitally signed message part
Bug#293624:
Hi, Those fonts that you installed are avalaible in Debian? Without installing those fonts I was able to use the program, so I was thinking into change that dependencies to some kind of 'Suggests'. What do you think? -- Bruno Barrera C. Debian Developer signature.asc Description: This is a digitally signed message part
Bug#291807:
Well, I think you mean the 'Verifying the message'? part. Indeed, this process takes some time and you can't check the body of message until the process is finished, but the question is, evolution gets freeze or something like that after that period? Please, detail your problem more finely with examples. -- Bruno Barrera C. Debian Developer signature.asc Description: This is a digitally signed message part