Bug#564629: pngcheck: the main program is not installed
Package: pngcheck Version: 2.3.0-2 Severity: grave The main pngcheck program is not installed: $ dpkg -L pngcheck /. /usr /usr/share /usr/share/man /usr/share/man/man1 /usr/share/man/man1/pngcheck.1.gz /usr/share/doc /usr/share/doc/pngcheck /usr/share/doc/pngcheck/changelog.Debian.gz /usr/share/doc/pngcheck/copyright /usr/share/doc/pngcheck/changelog.gz I think this is simply because dh_install is not called in the binary-arch rule of debian/rules. Regards -- System Information: Debian Release: squeeze/sid APT prefers stable APT policy: (800, 'stable'), (99, 'unstable'), (99, 'testing'), (10, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.32-desk-k7 (SMP w/1 CPU core; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages pngcheck depends on: ii libpng12-01.2.41-1 PNG library - runtime pngcheck recommends no packages. pngcheck suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#470863: ~/.fehbg: filenames are not "escaped" correctly which can lead to execution of malicious code
Package: feh Version: 1.3.4.dfsg.1-1 Severity: grave Justification: user security hole Tags: security This bug is related to bug #397125 which was asking to change the way ~/.fehbg is created. Bug #397125 had a priority of normal; however its priority should have been grave as this report, because the same security issues applied. In fact the patch supplied with the report of bug #397125 (which is not the one that has been applied to close it) did not solve the security problem either, which root cause is the recommendation of the feh manual page: add the line "eval ‘cat $HOME/.fehbg‘" to your X startup script, whereas the filename is put in it unescaped. The situation described next is the one in version 1.3.4.dfsg.1-1 with a new patch applied. Using the eval construct will make code execute that is part of the filename like this example shows: $ ls img.jpg $ ln -s img.jpg '`rm *`.jpg' $ feh --bg-scale '`rm *`.jpg' $ cat ~/.fehbg feh --bg-scale "`rm *`.jpg" $ eval `cat ~/.fehbg` rm: remove regular file `img.jpg'? n rm: remove symbolic link ``rm *`.jpg'? n feh WARNING: .jpg - File does not exist feh ERROR: Couldn't load image in order to set bg I see 2 options to solve this: * option1: change the manual page and recommend `cat $HOME/.fehbg` in the X startup script (and make users aware of the issue). This is sufficient to solve the secutity issue, but in addition, to allow spaces (or other characters in $IFS except newlines) in filenames, also apply the patch supplied with the report of bug #397125 (not the one actually applied at present). * option2: apply a patch that escapes the filenames correctly in ~/.fehbg (similar to the one applied at present). This implies that the filename be processed and its special characters escaped, even if the filename is enclosed in quotation marks. It is easier to use simple quotes to enclose the filename than double quotes because I _think_ only simple quotes in the filename have to be escaped then. With option1 filenames cannot contain newlines and the users have to change their configurations. With option2 the shell interprets the command which means that not "any" shell can be used. I do not know enough to say if it is a grave problem (Are all the shells compatible in regard to quotations?). I like option1 much better because it is much simpler, thus less prone to fail (in some years or in some exotic environment) and if it fails there are no security consequences as for option2. PS. As the situation is now and as it would be with option2, it is better to change the recommendation of the manual page to: add the line ". $HOME/.fehbg" to your X startup script, because it does, AFAICT, the same as the one given at present but is simpler to understand. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#443955: certain GTK themes seems to make audacity not crash during the start-up
You were right. audacity starts fine under KDE and GNOME/Openbox. I used gnome-appearance-properties to change the themes. Only a limited number of "Control themes" seem to allow audacity to start: Mist, Sphere Crystal, Crux and Raleigh (I might have missed a few). With certain themes the start-up message of audacity is `Segmentation fault'. Only those same themes allow also vlc to start (with the wxwidgets interface), so the problem must be related to wxwidgets. Joost Yervante Damad wrote: > Hello, > > I fail to reproduce this. I have a suspicion that on some people systems > indeed gtk and wxwidgets are causing problems. > > Could you try running audacity without GNOME? (e.g. in KDE) > > Joost > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#443955: audacity crashes during the start-up if the configuration file is non existent
Package: audacity Version: 1.3.3-1+b1 Severity: grave Justification: renders package unusable First I noticed that audacity was crashing when almost any menu item was used (notably the Preferences item). Moving the configuration file ~/.audacity aside made audacity refuse to start. Simply launching audacity outputs this message: *** glibc detected *** audacity: munmap_chunk(): invalid pointer: 0x08647ba0 *** followed by the Backtrace and Memory map that are in the attached file audacity.crash. I suspect there are incompatibilites between the versions of wxwidgets and gtk because all the programs using wxwidgets that I use crash a lot since the last GNOME upgrade, although I would not say that something in the file audacity.crash hints at that cause. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (990, 'unstable'), (850, 'testing'), (760, 'stable'), (10, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22-desk2-k7 (PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages audacity depends on: ii libasound2 1.0.14a-2ALSA library ii libc6 2.6.1-5 GNU C Library: Shared libraries ii libexpat1 1.95.8-4 XML parsing C library - runtime li ii libgcc1 1:4.2.1-5GCC support library ii libglib2.0-02.14.1-3 The GLib library of C routines ii libgtk2.0-0 2.12.0-2 The GTK+ graphical user interface ii libid3tag0 0.15.1b-10 ID3 tag reading library from the M ii libjack00.103.0-6JACK Audio Connection Kit (librari ii libmad0 0.15.1b-2.1 MPEG audio decoder library ii libogg0 1.1.3-2 Ogg Bitstream Library ii libsndfile1 1.0.17-4 Library for reading/writing audio ii libstdc++6 4.2.1-5 The GNU Standard C++ Library v3 ii libvorbis0a 1.2.0.dfsg-2 The Vorbis General Audio Compressi ii libvorbisenc2 1.2.0.dfsg-2 The Vorbis General Audio Compressi ii libvorbisfile3 1.2.0.dfsg-2 The Vorbis General Audio Compressi ii libwxbase2.6-0 2.6.3.2.1.5 wxBase library (runtime) - non-GUI ii libwxgtk2.6-0 2.6.3.2.1.5 wxWidgets Cross-platform C++ GUI t audacity recommends no packages. -- no debconf information *** glibc detected *** audacity: munmap_chunk(): invalid pointer: 0x08647ba0 *** === Backtrace: = /lib/i686/cmov/libc.so.6(cfree+0x1bb)[0xb74068ab] /usr/lib/libglib-2.0.so.0(g_free+0x31)[0xb6f6c961] /usr/lib/libwx_gtk2u_core-2.6.so.0[0xb79aabfe] /usr/lib/libwx_gtk2u_core-2.6.so.0(_ZN8wxButton10SetDefaultEv+0x74)[0xb79aacf4] audacity[0x80c6555] audacity[0x80c7363] audacity[0x808241d] audacity(_ZN12wxAppConsole10CallOnInitEv+0x11)[0x80832f1] /usr/lib/libwx_baseu-2.6.so.0(_Z7wxEntryRiPPw+0x40)[0xb776d430] /usr/lib/libwx_baseu-2.6.so.0(_Z7wxEntryRiPPc+0x36)[0xb776d506] audacity[0x807e280] /lib/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0xb73af050] audacity(_ZN16wxGridCellEditor13IsAcceptedKeyER10wxKeyEvent+0x31)[0x8072bb1] === Memory map: 08048000-083dc000 r-xp 08:07 739127 /usr/bin/audacity 083dc000-083fa000 rw-p 00393000 08:07 739127 /usr/bin/audacity 083fa000-086d6000 rw-p 083fa000 00:00 0 [heap] b637a000-b63a2000 rw-p b637a000 00:00 0 b6507000-b6509000 r-xp 08:07 606351 /usr/lib/pango/1.6.0/modules/pango-basic-fc.so b6509000-b650a000 rw-p 1000 08:07 606351 /usr/lib/pango/1.6.0/modules/pango-basic-fc.so b650a000-b656a000 rw-s 00:08 7602195/SYSV (deleted) b656a000-b6599000 r-xp 08:07 18051 /usr/lib/libgnomecanvas-2.so.0.2000.0 b6599000-b659a000 rw-p 0002f000 08:07 18051 /usr/lib/libgnomecanvas-2.so.0.2000.0 b659a000-b65d8000 r-xp 08:07 18386 /usr/lib/libgnomeprintui-2-2.so.0.1.0 b65d8000-b65da000 rw-p 0003d000 08:07 18386 /usr/lib/libgnomeprintui-2-2.so.0.1.0 b65da000-b66f1000 r-xp 08:07 17985 /usr/lib/libxml2.so.2.6.30 b66f1000-b66f6000 rw-p 00117000 08:07 17985 /usr/lib/libxml2.so.2.6.30 b66f6000-b66f7000 rw-p b66f6000 00:00 0 b66f7000-b670c000 r-xp 08:07 19060 /usr/lib/libart_lgpl_2.so.2.3.19 b670c000-b670d000 rw-p 00014000 08:07 19060 /usr/lib/libart_lgpl_2.so.2.3.19 b670d000-b6772000 r-xp 08:07 19066 /usr/lib/libgnomeprint-2-2.so.0.1.0 b6772000-b6774000 rw-p 00065000 08:07 19066 /usr/lib/libgnomeprint-2-2.so.0.1.0 b677a000-b677e000 r-xp 08:07 49481 /usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-png.so b677e000-b677f000 rw-p 3000 08:07 49481 /usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-png.so b677f000-b679 r--p 08:07 475920 /usr/share/fonts/truetype/ttf-bitstream-vera/Vera.ttf b679-b6793000 r--s 08:05 71892
Bug#427591: Bug #427591: enigmail 2:0.95.0+1-3 still doesn't work with icedove 2
I had the same problem. Removing extensions.ini from the user profile made icedove ignore the installed enigmail extension. Removing, then reinstalling enigmail made everything work fine. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#421988: Bug #421988: libming-util does not have a png2swf command
Everything is in the title -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
