Bug#677650: proposed fix for this bug
Le mardi 04 déc. 2012 à 13:34:12 (+0100 CET), Cédric Boutillier a écrit : > Control: tag -1 patch > > Hi! > > Since this tool is working fine with Ruby 1.8, a solution would be to > change the shebang to /usr/bin/ruby1.8 and depend on ruby1.8 instead of > ruby. This would be worfing at least for Wheezy, since ruby1.8 belongs > to the repository, and will give time to upstream to adapt unhide.rb for > Ruby 1.9 or higher. > > Attached is a proposed patch to fix this issue. If there is no > objection, I am considering updloading it in a couple of days. Please do it now if you have time! unhide.rb is about to be removed from testing if this bug isn't closed within the next few days. Thanks for your work! Cheers, Julien -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#653691: closed by Julien Valroff (Closing bug)
Le samedi 07 avril 2012 à 12:13:19 (+0200 CEST), YOSHINO Yoshihito a écrit : > package hohot > repoen 653691 > thanks > > Hi, > > The package in the Debian archive is still broken since the fixed > version of the package is not uploaded. > Please close this bug only when/after the fix is uploaded. you're 100% right - not sure what I've done, thanks for spotting this Cheers, Julien -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#644392: dspam truncates mail
Hi Laurence, Le mardi 01 nov. 2011 à 21:57:04 (+0100 CET), Stevan Bajić a écrit : [...] > Can you try to (keep in mind that the message will show up on the > original date (aka 05.10.2011) in your inbox): > cat /path/to/the/raw/message/you/sent/me | sendmail -oi l...@lwithers.me.uk > > Do you still see the message being truncated? > > Can you try to look what DSPAM would do with the message? > dspam --user l...@lwithers.me.uk --mode=notrain --process > --deliver=stdout < /path/to/the/raw/message/you/sent/me > > Do you see the whole message or do you see a truncation? (I assume > no truncation because it is a delivery to stdout and not to a > SMTPD). > > Could you post your dspam.conf so that we can see what and how you > use the delivery agent inside DSPAM? Have you been able to test the various commands suggested by Stevan? Without answer from you, I will downgrade the severity of this bug. Cheers, Julien -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#662588: unhide: incorrect use of alternatives
Hi Piotr, Le lundi 05 mars 2012 à 09:09:48 (+0100 CET), Piotr Engelking a écrit : > The unhide postinst script switches the unhide alternative to manual > mode, which is a violation of section 3 of the wheezy RC policy. The > manual mode is provided for the system administrator. > > The use of the alternative is also broken: it decides which binary to > run based on which kernel was used at the package install time, which > is not necessarily the kernel that is used at run time. > > Please remove the alternatives. One correct replacement would be to use a > wrapper to choose the binary. This is, however, no longer necessary, since > Debian doesn't support pre-2.6 Linux kernels anymore, so a simpler solution > is to just use the 2.6 features unconditionally on Linux systems. Thanks for spotting this - will work on this during the week-end, latest within the end of next week. Cheers, Julien -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#657103: rkhunter: Invalid BINDIR configuration option: Invalid directory found: ~/bin
package rkhunter severity 657103 important thanks Le mardi 24 janv. 2012 à 02:38:05 (+0100 CET), Jesse Molina a écrit : > Package: rkhunter > Version: 1.3.8-10 > Severity: grave > Justification: renders package unusable Lowering the severity as it seems the package is unusable only in specific circumstances. > When doing "sudo rkhunter --propupd", error; > Invalid BINDIR configuration option: Invalid directory found: ~/bin > > Both the user and root user have ~/bin in their $PATH, which seems to trigger > the issue. > > Note that; > > -->egrep "^BINDIR" /etc/rkhunter.conf > BINDIR="/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin > /usr/libexec /usr/local/libexec" > > But, it complains and fails anyway. This indeed shouldn't happen as $PATH should only be used when BINDIR configuration option doesn't exist. What is your default shell? I'm surprised it leaves ~/bin in $PATH - it should be automagically changed to an absolute path. % grep PATH ~/.zshrc ## PATH definition [ -d ~/scripts ] && PATH=$PATH:~/scripts [ -d ~/bin ] && PATH=$PATH:~/bin % echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/home/julien/scripts:/home/julien/bin rkhunter then complains as it only accepts bin directories beginning with / to avoid any relative paths being used. > Additional opinionated dribble: At this point, the package, which offers > limited value to me anyway, becomes too much trouble to be worth > configuring so I'll just not deal with it. If the designer wishes for a > security package like this to be effective, it needs to be useful in it's > default configuration so that minimal manual intervention is required to > do the job. Very hard to make a default configuration for every possible system while keeping everything as secure as possible - just as with any other piece of software, you have to spend some time to configure it. If you want to help in improving the Debian package, you are welcome to join the pkg-forensics team. Upstream also welcomes patches. Cheers, Julien -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#652170: new libprocps0 package
Le mercredi 11 janv. 2012 à 23:50:12 (+0100 CET), Craig Small a écrit : > Hello, > Apologies for the rough ride around the libprocps library change. > The latest procps now has split out the shared library into its own > package. This should mean that there is less of this problem in future. > You will need to download libprocps0-dev and re-link the program to > -lprocps. There is also a pkg-config file if you need that. > > I've tested it with xmem and it builds fine with 2 small changes. > > In future, there will be a large API change but that will be in a new > library version package so it won't be like the programs suddenly stop > working like before. Thanks Craig for your work, I have just built guymager against libprocps0-dev and uploaded it to the archive. Cheers, Julien -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#634412: ext3grep: FTBFS: superblock.h:35:99: error: 'EXT2_FRAG_SIZE' was not, declared in this scope
Le dimanche 08 janv. 2012 à 03:07:39 (+0100 CET), peter green a écrit : > > >Thanks again for your patch. Everything seems to work OK but as I normally > >don't use ext3grep, I let regular users test by themselves and will then > >upload the package. > It doesn't seem any regular users responded to your request, I tried to put > the word out wider on debian-user and the debian forums but noone responded > there either. > > Where do we go from here? I have pinged other members of the forensics team. As a user of ext3grep, do you want me to build packages that you could test? If so, which architecture? > P.S. a duplicate of this bug has been filed, I guess the filer didn't > spot this one because it was marked as pending. > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654201 I have just forcibly merged these bugs. Cheers, Julien -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#653691: still missing in Depends field
Le samedi 31 déc. 2011 à 05:15:26 (+0100 CET), YOSHINO Yoshihito a écrit : > Hi, > > Building git HEAD still lacks Depends field. > Attached patch should fix the problem. > I do not know a correct way to "generate" Depends field > when packaging python apps ... My bad, I had added python-dbus to the Build-Depends field - this is now fixed in git. Cheers, Julien -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#634412: ext3grep: FTBFS: superblock.h:35:99: error: 'EXT2_FRAG_SIZE' was not, declared in this scope
Le samedi 10 déc. 2011 à 14:07:46 (+0100 CET), peter green a écrit : > Julien Valroff wrote: > >Hi Peter, > > > >Le samedi 10 déc. 2011 à 08:14:27 (+0100 CET), peter green a écrit : > >[...] > >>+#ifndef i_reseved2 > >>+//i_reseved2 has been split into two fields in recent > > > >Shouldn't it be i_reserved2? > Yes, sorry for the typos. I have fixed this in git. > The ifndef isn't really nessacery I just thought was nicer to only > apply the trick when it was actually needed. Thanks again for your patch. Everything seems to work OK but as I normally don't use ext3grep, I let regular users test by themselves and will then upload the package. Cheers, Julien -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#634412: ext3grep: FTBFS: superblock.h:35:99: error: 'EXT2_FRAG_SIZE' was not, declared in this scope
Hi Peter, Le samedi 10 déc. 2011 à 08:14:27 (+0100 CET), peter green a écrit : [...] > +#ifndef i_reseved2 > +//i_reseved2 has been split into two fields in recent Shouldn't it be i_reserved2? Cheers, Julien -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#634412: ext3grep: FTBFS: superblock.h:35:99: error: 'EXT2_FRAG_SIZE' was not, declared in this scope
tags 634412 + pending thanks Hi Peter, Le samedi 10 déc. 2011 à 08:14:27 (+0100 CET), peter green a écrit : > I just did a test build on current sid and ran into failures but > they were different from the failure reported in the bug report. I > guess the headers have changed again since this bug was reported. > > Anyway the attatched patch makes the code build in current sid. Thanks Peter for your help. I have pushed your patch to the git repository for the upcoming package upload. Could anyone familiar with ext3grep test the new release so that we can upload it to sid ASAP? Cheers, Julien -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#648144: iceweasel-l10n-de: incompatible with iceweasel 8.0
Le mercredi 09 nov. 2011 à 10:19:49 (+0100 CET), Sebastian Steinhuber a écrit : > Hi there, > exactly the same behavior here after upgrading iceweasel to 8.0-2, but I > even couldn't start the browser with -save-mode and had to uninstall > iceweasel-l10n-de. Launching iceweasel with `LANG=C iceweasel' allows me to start it (in English of course). Cheers, Julien -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#644392: dspam truncates mail
Hi Laurence, Le mercredi 05 oct. 2011 à 14:49:24 (+0200 CEST), Laurence Withers a écrit : > Package: dspam > Version: 3.10.1+dfs > Severity: critical > Justification: causes serious data loss > > > I have discovered that dspam is truncating inbound email after it has been > scanned. Please consider the size field (S=) in the following exim log > entries: > > 2011-10-05 01:58:48 1RBGky-0007w4-3k <= linux-omap-ow...@vger.kernel.org > H=mail2.jellyfishnet.co.uk [93.91.20.10] P=esmtps X=TLS1.0:RSA_ARCFOUR_MD5:16 > S=6021 id=2a3dcf3da181ad40bde86a3150b27b6b03b4fb3...@dbde02.ent.ti.com > 2011-10-05 01:58:48 1RBGky-0007wE-9z <= linux-omap-ow...@vger.kernel.org > U=dspam P=spam-scanned S=3591 > id=2a3dcf3da181ad40bde86a3150b27b6b03b4fb3...@dbde02.ent.ti.com > 2011-10-05 01:58:48 1RBGky-0007w4-3k => guralp > R=spamscan T=spamcheck > 2011-10-05 01:58:48 1RBGky-0007w4-3k Completed > > As you can see, there is a significant drop in size between the mail being > received from a remote SMTP server (6021 bytes) and after it has been scanned > by DSPAM (3591 bytes). You use the backport, am I right? Would you please describe your setup? Do you use DSPAM in daemon mode? Do you have 'Broken lineStripping' enabled in your dspam.conf? Cheers, Julien -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#624464: rsakeyfind: invalid maintainer address
Le vendredi 22 juil. 2011 à 12:15:52 (+0200 CEST), Niels Thykier a écrit : > Hi, > > Any news on this? > > ~Niels > > PS: I decided to explicitly CC forensics-de...@lists.alioth.debian.org, > since the broken maintainer address might prevent the bug email to reach > otherwise. I have just uploaded an updated package, thanks for thinking of CC'ing the list. Cheers, Julien -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#627035: [rkhunher] rkhunter always fails with "Invalid BINDIR configuration option:"
package rkhunter
tags 627035 + unreproducible morinfo
severity 627035 important
thanks
Le mardi 17 mai 2011 à 08:43:28 (+0200 CEST), Tomas Davidek a écrit :
> Package: rkhunher
> Version: 1.3.8-6
> Severity: grave
Lowering the severity as this problem seems to be a misconfiguration on your
side.
> --- Please enter the report below this line. ---
> This version always fails with
> ipnp21:/home/davidek# rkhunter -c --rwo
> Invalid BINDIR configuration option: Invalid directory found: .
>
> Even specifying the --bindir option does not help, e.g.:
> ipnp21:/home/davidek# rkhunter --bindir /sbin -c --rwo
> Invalid '--bindir' option: Invalid directory found: .
I can't reproduce this issue.
What is the output of the following command:
grep ^BINDIR /etc/rkhunter.conf{,.local}
What is in your $PATH?
Did you have the exact same configuration with previous version (1.3.8-5)?
> It sounds like the package is badly compiled
rkhunter is a shell script, hence cannot be 'badly compiled'.
Cheers,
Julien
--
.''`. Julien Valroff ~ ~
: :' : Debian Developer & Free software contributor
`. `'` http://www.kirya.net/
`- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#622556: Keyring no longer remembers passwords
Package: libgnome-keyring0 Followup-For: Bug #622556 > Upgrading gnome-keyring to 3.0.0-1 (from experimental) fixes the problem. You are 100% right. I had tried without closing my session, and it hadn't worked. Cheers, Julien -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (400, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-2-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libgnome-keyring0 depends on: ii libc6 2.11.2-13 Embedded GNU C Library: Shared lib ii libdbus-1-3 1.4.6-1simple interprocess messaging syst ii libgcrypt11 1.4.6-5LGPL Crypto library - runtime libr ii libglib2.0-0 2.28.6-1 The GLib library of C routines libgnome-keyring0 recommends no packages. Versions of packages libgnome-keyring0 suggests: ii gnome-keyring 3.0.0-1GNOME keyring services (daemon and -- no debconf information -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#622556: Keyring no longer remembers passwords
Package: libgnome-keyring0 Followup-For: Bug #622556 This also breaks gajim, python-keyring, python-gnomekeyring and possibly all other packages using libgnome-kerying (73 packages according to the reverse dependency, some of them being of the same source package of course). I don't think it is possible to fix all these packages in a timely manner, hence this should be fixed in libgnome-kerying0 though might not be that easy (I realise this after reading quickly upstream changelog). Cheers, Julien -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (400, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-2-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libgnome-keyring0 depends on: ii libc6 2.11.2-13 Embedded GNU C Library: Shared lib ii libdbus-1-3 1.4.6-1simple interprocess messaging syst ii libgcrypt11 1.4.6-5LGPL Crypto library - runtime libr ii libglib2.0-0 2.28.4-1 The GLib library of C routines libgnome-keyring0 recommends no packages. Versions of packages libgnome-keyring0 suggests: ii gnome-keyring 2.30.3-5 GNOME keyring services (daemon and -- no debconf information -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#577661: Status of DSPAM in Debian
Hi Stevan, Good to hear from you! Le lundi 28 mars 2011 à 01:31:34 (+0200 CEST), Stevan Bajić a écrit : > On Sat, 26 Mar 2011 22:20:48 +0100 > Ana Guerrero wrote: > > > On Sat, Mar 26, 2011 at 10:16:00PM +0100, Julien Valroff wrote: > > > > > > I plan to upload current git snapshot to experimental very soon - not > > > everything was tested as much as I would have expected, and I think some > > > documentation would need to be checked/rephrased/updated but the package > > > has > > > been in use on several production servers for some time now, which makes > > > me > > > confident for the future. > > > > > > > Experimental is experimental after all :-) > > > Maybe the Debian package is experimental but the product it self is not > experimental. Ana and I were refering to the Debian package - you know I am using several instances of DSPAM in production, and I am totally confident with the product itself. The big challenge with packaging it for Debian is that it must suit to most setups and the aim of the package is to make it as easy as possible for the sysadmin. I alone cannot test everything, but I was waiting to get more feedbacks from the various users of "my" unofficial packages before uploading it to the official archive. The experimental archive is actually for this kind of package - and as I am now certain the package is not totally broken, I'll upload it there to get even more feedback. > I know the codebase pretty well and I would say that the current 3.9.x > series of DSPAM is by far the best DSPAM you can get today. I might be > biased but I think by looking at the GIT commit history you will see > yourself that many bug fixes, memory leaks and stability issues have been > resolved. At first, I was also waiting for 3.9.1 to be released ;) I'll upload a snapshot of the current HEAD to Debian as it also adds a few fixes and improvements. [...] > I am no Debian user and maybe I don't understand the whole thing but > why is it so hard to get an updated version of DSPAM into Debian? What is > the problem? How can I help? What needs to be done in order to allow > Debian users to enjoy a more recent DSPAM version? I'd say the package is ready, though not widely tested and might still contain a few issues. Stevan, you also know I have almost no knowledge in C, which explains why I was at first reluctant in maintaing the package alone. You have offered your help several times in the past, and I know I can rely on you in case something important happens. This is more than what any Debian Developer can expect from any upstream developer. I also realise I have been maintaining my unofficial packages for 3 to 4 years without any major breakage (but with a much smaller userbase than Debian of course) [0]. > Regarding documentation: Tell me what needs to be rephrased or rewritten > or added and I will do it. Just send me patches for existing text or send > me new text and I will commit it. I think the DSPAM project never rejected > changes in the past regarding documentation. I was refering to the documentation of the Debian package itself. What most users expect is to get a fully working DSPAM setup very quickly. I know it is not possible to make it automatically, but I'd like to give them a good experience of both DSPAM and Debian. For example, the package now ships a sample of Apache configuration - I need to check it works on a clean install etc. > Regarding confidence: The Rice University is using DSPAM since ages for > all their students. I think they have about 65'000 mail boxes that they > filter with DSPAM. If DSPAM would be unstable or unusable then they would > for sure not use it. Beside that the DSPAM mailing list is full of users > using DSPAM in various scenarios. Just recently Nate Custer from > Hostgator.com said on the DSPAM mailing list that they filter mail for 3 > million mail boxes with DSPAM. If that does not speak for DSPAM then I > don't know what would? I use it at home for 3 users (including my 2yo son) which proves how scalable DSPAM is ;) Cheers, Julien [0] I had first begun working on backporting the existing packages for Sarge, then have packaged 3.8.0 a few months after it was released by SN. -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#577661: Status of DSPAM in Debian
Hi, Le lundi 28 mars 2011 à 00:24:26 (+0200 CEST), Christoph Haas a écrit : > >> Also, most of the DSPAM uploaders are MIA. Well, I think all are MIA except > >> Christoph Haas. Could you please update the list in your upload? Same with > >> the DM flag (!?). > > > > You're right - I have already sent several calls to them, with no answer. > > I only leave Christoph and Matthijs as I know they aren't MIA. > > We are alive indeed. :) But honestly I have never been using dspam in > production and my experience with it is close to zero. The reason I'm > listed as uploader is probably back from the time that Matthijs was no > DD yet and I was helping by sponsoring the package. I was evaluating > anti-spam software but was never enthusastic about dspam. OK, I understand now. > I assume that Matthijs is the main person to ask here. All I could offer > is sponsorship just like any other DD and I'm currently pretty busy with > another huge Debian package. I'd have to give the dspam package a > complete check and I doubt I'll find the time for that. Matthijs, I know you have lost interest in packaging DSPAM and are already busy with other things, should I remove you from the Uploaders? > I'd even like to ask to get me removed from debian/control if possible. Done. You are obviously welcome to join us (me?) at any time. In case I am alone in pkg-dspam after this, I'll close the pkg-dspam project on Alioth, and I'll take over the package. The RFH sent a few months ago is still valid, and I am happy to co-maintain the project with whoever is interested (Thomas, still there?). Cheers, Julien -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#577661: Status of DSPAM in Debian
Le samedi 26 mars 2011 à 22:20:48 (+0100 CET), Ana Guerrero a écrit : > On Sat, Mar 26, 2011 at 10:16:00PM +0100, Julien Valroff wrote: > > > > I plan to upload current git snapshot to experimental very soon - not > > everything was tested as much as I would have expected, and I think some > > documentation would need to be checked/rephrased/updated but the package has > > been in use on several production servers for some time now, which makes me > > confident for the future. > > > > Experimental is experimental after all :-) ;) > Also, most of the DSPAM uploaders are MIA. Well, I think all are MIA except > Christoph Haas. Could you please update the list in your upload? Same with > the DM flag (!?). You're right - I have already sent several calls to them, with no answer. I only leave Christoph and Matthijs as I know they aren't MIA. Let me review some of the older changes and I'll upload it latest next week. Cheers, Julien -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#577661: Status of DSPAM in Debian
Hi Ana, Le samedi 26 mars 2011 à 21:58:32 (+0100 CET), Ana Guerrero a écrit : > tags 577661 - pending > thanks > > On Sun, Oct 24, 2010 at 01:34:18PM +0200, Julien Valroff wrote: > > Hi Thomas, > > > > Le dimanche 24 oct. 2010 à 12:58:58 (+0800), Thomas Goirand a écrit : > > > Hi, > > > > > > I've seen this: > > > > > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577661 > > > > > > and I'm very surprised that, after such a discussion in last April, > > > there wasn't any new package for DSPAM in Debian. > > > > > > Julien, what's the status? After 6 months, you should have been able to > > > upload a new package, at least in Experimental, no? > > > > As expressed in the bug report you mention, I would like to wait until 3.9.1 > > is released, which might never happen given the upstream development is > > stalled since Stevan's decision to put his work on DSPAM on hold, at least > > temporary. > > > > [...] > > And almost 6 months after again, what is the status of DSPAM? It did not > make into Squeeze despite having 6 co-maintainers (!) and I am wondering > if it should be removed from the archive. I plan to upload current git snapshot to experimental very soon - not everything was tested as much as I would have expected, and I think some documentation would need to be checked/rephrased/updated but the package has been in use on several production servers for some time now, which makes me confident for the future. Cheers, Julien -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#606810: systraq: diff for NMU version 0.0.20081217-2.1
Le jeudi 23 déc. 2010 à 16:05:36 (+0100), Mehdi Dogguy a écrit : > On 23/12/2010 11:12, Julien Valroff wrote: > >Le jeudi 23 déc. 2010 à 09:36:08 (+0100), Joost van Baal a écrit : > >>Hi Julien, > >> > >>Op Thu 23 Dec 2010 om 06:35:19 +0100 schreef Julien Valroff: > >>>Le mardi 21 déc. 2010 à 09:08:45 (+0100), Joost van Baal a écrit : > >>>>Op Tue 21 Dec 2010 om 08:38:52 +0100 schreef Julien Valroff: > >>>>> > >>>>>systraq (versioned as 0.0.20081217-2.1) > >> > >>>Do you want to apply this patch to the version currently in testing and > >>>manage the upload to t-p-u with the Release Team yourself? > >> > >>I'm afraid I won't have the time to do that soon... > > > >I'll manage this for you, don't worry. > > > > Please upload your patch to t-p-u without delay. Done. Thanks for your confirmation. Cheers, Julien -- ,''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `' http://www.kirya.net/ `-4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#606810: systraq: diff for NMU version 0.0.20081217-2.1
Le jeudi 23 déc. 2010 à 09:36:08 (+0100), Joost van Baal a écrit : > Hi Julien, > > Op Thu 23 Dec 2010 om 06:35:19 +0100 schreef Julien Valroff: > > Le mardi 21 déc. 2010 à 09:08:45 (+0100), Joost van Baal a écrit : > > > Op Tue 21 Dec 2010 om 08:38:52 +0100 schreef Julien Valroff: > > > > > > > > systraq (versioned as 0.0.20081217-2.1) > > > Do you want to apply this patch to the version currently in testing and > > manage the upload to t-p-u with the Release Team yourself? > > I'm afraid I won't have the time to do that soon... I'll manage this for you, don't worry. Cheers, Julien -- ,''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `' http://www.kirya.net/ `-4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 signature.asc Description: Digital signature
Bug#606810: systraq: diff for NMU version 0.0.20081217-2.1
Hi Joost, Le mardi 21 déc. 2010 à 09:08:45 (+0100), Joost van Baal a écrit : > Hi Julien, > > Op Tue 21 Dec 2010 om 08:38:52 +0100 schreef Julien Valroff: > > tags 606810 + pending > > thanks > > > > Dear maintainer, > > > > I've prepared an NMU for systraq (versioned as 0.0.20081217-2.1) and > > uploaded it to DELAYED/2. Please feel free to tell me if I > > should delay it longer. > > DELAYED/2 is fine. Thanks for the NMU, it's appreciated. Thanks for your confirmation. Do you want to apply this patch to the version currently in testing and manage the upload to t-p-u with the Release Team yourself? Cheers, Julien -- ,''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `' http://www.kirya.net/ `-4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 signature.asc Description: Digital signature
Bug#606810: systraq: diff for NMU version 0.0.20081217-2.1
tags 606810 + pending thanks Dear maintainer, I've prepared an NMU for systraq (versioned as 0.0.20081217-2.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer. Regards. -- ,''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `' http://www.kirya.net/ `-4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 diff -u systraq-0.0.20081217/debian/changelog systraq-0.0.20081217/debian/changelog --- systraq-0.0.20081217/debian/changelog +++ systraq-0.0.20081217/debian/changelog @@ -1,3 +1,14 @@ +systraq (0.0.20081217-2.1) unstable; urgency=low + + * Non-maintainer upload. + * Don't rely on deluser --remove-home option to remove thte +debian-systraq user home directory (Closes: #606810) + * Ensure dpkg --compare-versions calls don't fail if the +"most-recently-configured-version" argument is not passed to +postinst + + -- Julien Valroff Tue, 21 Dec 2010 06:54:22 +0100 + systraq (0.0.20081217-2) unstable; urgency=low * debian/postrm: don't fail hard if perl-modules not installed during diff -u systraq-0.0.20081217/debian/postinst systraq-0.0.20081217/debian/postinst --- systraq-0.0.20081217/debian/postinst +++ systraq-0.0.20081217/debian/postinst @@ -20,7 +20,8 @@ if getent passwd $OLDSYSTRAQUSER > /dev/null 2>&1 && [ $USERMISSING = 1 ] then -if dpkg --compare-versions $2 le-nl $OLDVERSION + if [ -n "$2" ]; then +if dpkg --compare-versions "$2" le-nl "$OLDVERSION" then # we are upgraded from a package version where the systraq user # is called `systraq'. @@ -42,6 +43,7 @@ Make sure you have a /etc/cron.d/systraq file from systraq >> $OLDVERSION. EOT fi + fi fi test -f /var/lib/systraq/.forward || echo root > /var/lib/systraq/.forward @@ -96,9 +98,11 @@ cp /usr/share/doc/systraq/examples/systraq_is_unconfigured /etc/systraq/ fi -if dpkg --compare-versions $2 le-nl $MD5VERSION -then -cp /usr/share/doc/systraq/examples/systraq_is_not_upgraded /etc/systraq/ +if [ -n "$2" ]; then +if dpkg --compare-versions $2 le-nl $MD5VERSION +then +cp /usr/share/doc/systraq/examples/systraq_is_not_upgraded /etc/systraq/ +fi fi ;; diff -u systraq-0.0.20081217/debian/postrm systraq-0.0.20081217/debian/postrm --- systraq-0.0.20081217/debian/postrm +++ systraq-0.0.20081217/debian/postrm @@ -24,9 +24,8 @@ # see http://wiki.debian.org/AccountHandlingInMaintainerScripts # for rationale if [ -x "$(command -v deluser)" ]; then - # --remove-home needs package perl-modules - deluser --remove-home --system --quiet debian-systraq > /dev/null || - deluser --system --quiet debian-systraq > /dev/null || true + SYSTRAQ_USER_HOME=~debian-systraq + (deluser --system --quiet debian-systraq && rm -r $SYSTRAQ_USER_HOME) > /dev/null 2>&1 || true else echo >&2 "not removing debian-systraq system account because deluser command was not found" fi
Bug#606810: systraq: diff for NMU version 0.0.20081217-1+squeeze2.1
Le lundi 20 déc. 2010 à 17:10:27 (+0100), Julien Cristau a écrit : > On Wed, Dec 15, 2010 at 21:02:19 +0100, Julien Valroff wrote: > > > tags 606810 + patch > > thanks > > > > Hi, > > > > I've prepared an NMU for systraq (versioned as 0.0.20081217-1+squeeze2.1), > > as per the attached patch. > > > > Is it ok to upload the package to t-p-u? > > > > Should another NMU be made to fix the package in unstable? > > > The bug should definitely be fixed in unstable before considering an > upload to testing. OK, I will upload a fixed version to unstable. However, please note that the version currently in testing is different from the version in unstable [0], hence my request to upload to t-p-u Cheers, Julien [0] http://packages.debian.org/search?keywords=systraq -- ,''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `' http://www.kirya.net/ `-4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 signature.asc Description: Digital signature
Bug#606696: Patch to fix purge after dependencies removed
Le jeudi 16 déc. 2010 à 20:30:19 (+), Dmitrijs Ledkovs a écrit : > On 16 December 2010 19:08, Julien Valroff wrote: > > Hi Dmitrijs, > > > > Le jeudi 16 déc. 2010 à 12:53:38 (+), Dmitrijs Ledkovs a écrit : > >> Dear maintainer, > >> > >> I have prepared the fix for the three RC bugs reported > >> against poker-network's packages. This patch changes affected postrm > >> scripts to comply with Debian Policy and dbconfig-common > >> policy/documentation. > >> > >> Please consider applying these changes. I'm also seeking NMU to upload > >> these fixes. > > > > Please forgive me, I have just uploaded an NMU to DELAYED/4 and have only > > noticed afterwards you had already worked on this issue. > > > > no worries. Thanks for your understanding! > > The changes are the same as yours, I have also added a part removing backup > > files possibly left by ucf. > > > > I was under impression purge was rather generous and did rm -rf on > those. I will learn from your NMU ;-) If you refer to ucf --purge, then, no, ucf(1) states: "ucf does not actually touch the file on disk in this operation, so any file removals are still the responsibility of the calling package." Cheers, Julien -- ,''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `' http://www.kirya.net/ `-4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#606696: Patch to fix purge after dependencies removed
Hi Dmitrijs, Le jeudi 16 déc. 2010 à 12:53:38 (+), Dmitrijs Ledkovs a écrit : > Dear maintainer, > > I have prepared the fix for the three RC bugs reported > against poker-network's packages. This patch changes affected postrm > scripts to comply with Debian Policy and dbconfig-common > policy/documentation. > > Please consider applying these changes. I'm also seeking NMU to upload > these fixes. Please forgive me, I have just uploaded an NMU to DELAYED/4 and have only noticed afterwards you had already worked on this issue. The changes are the same as yours, I have also added a part removing backup files possibly left by ucf. Again, all my apologies for this. Cheers, Julien -- ,''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `' http://www.kirya.net/ `-4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 signature.asc Description: Digital signature
Bug#606810: systraq: diff for NMU version 0.0.20081217-1+squeeze2.1
tags 606810 + patch thanks Hi, I've prepared an NMU for systraq (versioned as 0.0.20081217-1+squeeze2.1), as per the attached patch. Is it ok to upload the package to t-p-u? Should another NMU be made to fix the package in unstable? Cheers, Julien -- ,''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `' http://www.kirya.net/ `-4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 diff -u systraq-0.0.20081217/debian/changelog systraq-0.0.20081217/debian/changelog --- systraq-0.0.20081217/debian/changelog +++ systraq-0.0.20081217/debian/changelog @@ -1,3 +1,13 @@ +systraq (0.0.20081217-1+squeeze2.1) testing-proposed-updates; urgency=low + + * Non-maintainer upload. + * Don't rely on deluser --remove-home option to remove thte +debian-systraq user home directory (Closes: #606810) + * Ensure dpkg --compare-versions calls don't fail if the +"most-recently-configured-version" argument is not passed to postinst + + -- Julien Valroff Wed, 15 Dec 2010 20:36:36 +0100 + systraq (0.0.20081217-1+squeeze2) testing-proposed-updates; urgency=low * Thanks Mehdi Dogguy مهدي الدڤي for help with this release. diff -u systraq-0.0.20081217/debian/postinst systraq-0.0.20081217/debian/postinst --- systraq-0.0.20081217/debian/postinst +++ systraq-0.0.20081217/debian/postinst @@ -20,7 +20,8 @@ if getent passwd $OLDSYSTRAQUSER > /dev/null 2>&1 && [ $USERMISSING = 1 ] then -if dpkg --compare-versions $2 le-nl $OLDVERSION + if [ -n "$2" ]; then +if dpkg --compare-versions "$2" le-nl "$OLDVERSION" then # we are upgraded from a package version where the systraq user # is called `systraq'. @@ -42,6 +43,7 @@ Make sure you have a /etc/cron.d/systraq file from systraq >> $OLDVERSION. EOT fi + fi fi test -f /var/lib/systraq/.forward || echo root > /var/lib/systraq/.forward @@ -96,9 +98,11 @@ cp /usr/share/doc/systraq/examples/systraq_is_unconfigured /etc/systraq/ fi -if dpkg --compare-versions $2 le-nl $MD5VERSION -then -cp /usr/share/doc/systraq/examples/systraq_is_not_upgraded /etc/systraq/ +if [ -n "$2" ]; then +if dpkg --compare-versions $2 le-nl $MD5VERSION +then +cp /usr/share/doc/systraq/examples/systraq_is_not_upgraded /etc/systraq/ +fi fi ;; diff -u systraq-0.0.20081217/debian/postrm systraq-0.0.20081217/debian/postrm --- systraq-0.0.20081217/debian/postrm +++ systraq-0.0.20081217/debian/postrm @@ -24,9 +24,8 @@ # see http://wiki.debian.org/AccountHandlingInMaintainerScripts # for rationale if [ -x "$(command -v deluser)" ]; then - # --remove-home needs package perl-modules - deluser --remove-home --system --quiet debian-systraq > /dev/null || - deluser --system --quiet debian-systraq > /dev/null || true + SYSTRAQ_USER_HOME=~debian-systraq + (deluser --system --quiet debian-systraq && rm -r $SYSTRAQ_USER_HOME) > /dev/null 2>&1 || true else echo >&2 "not removing debian-systraq system account because deluser command was not found" fi
Bug#385760: The dspam daemon should NOT be run by user dspam or default port needs to move
Le vendredi 29 oct. 2010 à 15:02:37 (+0200), Julien Cristau a écrit : > On Thu, Oct 28, 2010 at 06:45:52 +0200, Julien Valroff wrote: > > > tags 385760 + pending > > thanks > > > > Le jeudi 28 oct. 2010 à 00:55:18 (+0200), Martin Zobel-Helas a écrit : > > > Hi, > > > > Hi Martin, > > > > > in the default configuration of dspam, if daemon gets enabled, the > > > daemon wants to listen on tcp port 24. Starting dspam per default as > > > user dspam then will just not work. Linux prevents direct “reserved > > > port” assignments by any process other than system root. > > > > > > So you either let it run by root or fix the default port for this > > > application. > > > > > > Interim-Solution: fix the init-script to blow up if user tries this. > > > > This is already fixed in git. The default port is now 1024. > > > 1024 really doesn't sound like a good idea either, imo, there's every > chance somebody else will choose the first non-privileged port for some > other use. I can easily change this, what do you suggest? I also thought at 2424, what do you think? Cheers, Julien -- Julien Valroff http://www.kirya.net GPG key: 1024D/9F71D449 17F4 93D8 746F F011 B845 9F91 210B F2AB 9F71 D449 signature.asc Description: Digital signature
Bug#385760: The dspam daemon should NOT be run by user dspam or default port needs to move
tags 385760 + pending thanks Le jeudi 28 oct. 2010 à 00:55:18 (+0200), Martin Zobel-Helas a écrit : > Hi, Hi Martin, > in the default configuration of dspam, if daemon gets enabled, the > daemon wants to listen on tcp port 24. Starting dspam per default as > user dspam then will just not work. Linux prevents direct “reserved > port” assignments by any process other than system root. > > So you either let it run by root or fix the default port for this > application. > > Interim-Solution: fix the init-script to blow up if user tries this. This is already fixed in git. The default port is now 1024. Cheers, Julien -- Julien Valroff http://www.kirya.net GPG key: 1024D/9F71D449 17F4 93D8 746F F011 B845 9F91 210B F2AB 9F71 D449 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#601209: libdspam7-drv-db4: empty binary package
tags 601209 + pending thanks Hi Luca, Le dimanche 24 oct. 2010 à 13:37:20 (+0200), Luca Falavigna a écrit : > Package: libdspam7-drv-db4 > Version: 3.6.8-9.3 > Severity: serious > User: debian...@lists.debian.org > Usertags: empty-package > > > libdspam7-drv-db4_3.6.8-9.3 appears empty. This issue has been fixed in git by dropping this package. Cheers, Julien -- Julien Valroff http://www.kirya.net GPG key: 1024D/9F71D449 17F4 93D8 746F F011 B845 9F91 210B F2AB 9F71 D449 signature.asc Description: Digital signature
Bug#577661: Status of DSPAM in Debian
Hi Thomas, Le dimanche 24 oct. 2010 à 12:58:58 (+0800), Thomas Goirand a écrit : > Hi, > > I've seen this: > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577661 > > and I'm very surprised that, after such a discussion in last April, > there wasn't any new package for DSPAM in Debian. > > Julien, what's the status? After 6 months, you should have been able to > upload a new package, at least in Experimental, no? As expressed in the bug report you mention, I would like to wait until 3.9.1 is released, which might never happen given the upstream development is stalled since Stevan's decision to put his work on DSPAM on hold, at least temporary. I am particulary concerned about a bug affecting the hash driver (the default backend in the Debian package), which is explained at [0]. > As I see that many people seems to be interested in working on a DSPAM > package, I was wondering if the time to do a collab-maint project has > come, so that we aren't fixed to a single maintainer/uploader. There is already a pkg-dspam project on Alioth, most of the members of the team do not seem to have interest for it though. I have recently opened an RFH [1] for this package I cannot maintain alone, which also explains why nothing was uploaded for now. Thoms Preud'Homme recently joined the team and has already begin his work on the package. > We might use DSPAM in my company (eg: GPLHost), as a replacement for > Spamassassin that takes too much memory and CPU. If it works out well, > then I will for sure give a hand for this package. You are welcome to join the project if you wish so. The package sources are in git [2]. Bug triaging needs to be done, as well as a general check of the package, as I have changed so many things since the previous upload… Note that these packages are already being testing by a bunch of users (including myself). > Can anyone tells me > why DSPAM is better than spamassassin? They do work in totally different ways. Check the DSPAM home page as well as the README file in the tarball for more details. > Would I still need clamav if I > run DSPAM (our understanding is that we would)? DSPAM is an antispam filter, not an antirus thing. However, DSPAM can call clamav for virus checking. > How much memory DSPAM > uses in a normal production server? It really depends on the way you deploy it, and on the scale of your server… Just as an example, I wrote a small blog entry when I switched from SA to DSPAM on my home server (in 2006), and a graphic shows how the memory use is different [3]. Cheers, Julien [0] http://www.mail-archive.com/dspam-de...@lists.sourceforge.net/msg01760.html [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599498 [2] http://git.debian.org/?p=pkg-dspam/dspam.git;a=summary [3] http://www.kirya.net/weblog/2006/03/19/dspam-rocks/ -- Julien Valroff http://www.kirya.net GPG key: 1024D/9F71D449 17F4 93D8 746F F011 B845 9F91 210B F2AB 9F71 D449 signature.asc Description: Digital signature
Bug#578981: phpldapadmin: php class 'LDAPServers' not found when opening webpage
package phpldapadmin
tag 578981 + patch
thanks
Le dimanche 17 oct. 2010 à 19:18:01 (+0200), Julien Valroff a écrit :
>
> I can work on a patch but would need someone to carefully test the changes
> as I do not use LDAP myself.
I attach a NMU diff which I'd like someone test in "real conditions" before
announcing a real NMU to the maintainer.
lsdiff:
phpldapadmin-1.2.0.5/debian/changelog
phpldapadmin-1.2.0.5/debian/config
phpldapadmin-1.2.0.5/debian/control
phpldapadmin-1.2.0.5/debian/postinst
phpldapadmin-1.2.0.5/debian/postrm
diffstat:
changelog |8 ++
config| 181 ++
control |2
postinst | 45 +++
postrm| 15 -
5 files changed, 135 insertions(+), 116 deletions(-)
Cheers,
Julieen
--
Julien Valroff
http://www.kirya.net
GPG key: 1024D/9F71D449
17F4 93D8 746F F011 B845 9F91 210B F2AB 9F71 D449
diff -urN phpldapadmin-1.2.0.5/debian/changelog phpldapadmin-1.2.0.5.new//debian/changelog
--- phpldapadmin-1.2.0.5/debian/changelog 2010-10-17 21:02:08.0 +0200
+++ phpldapadmin-1.2.0.5.new//debian/changelog 2010-10-17 21:00:51.0 +0200
@@ -1,3 +1,11 @@
+phpldapadmin (1.2.0.5-1.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Handle /etc/phpldapadmin/config.php as a conffile using ucf and ensure
+user changes are preserved on package uprgade (Closes: #578981)
+
+ -- Julien Valroff Sun, 17 Oct 2010 20:59:30 +0200
+
phpldapadmin (1.2.0.5-1.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
diff -urN phpldapadmin-1.2.0.5/debian/config phpldapadmin-1.2.0.5.new//debian/config
--- phpldapadmin-1.2.0.5/debian/config 2010-10-17 21:02:08.0 +0200
+++ phpldapadmin-1.2.0.5.new//debian/config 2010-10-17 21:31:30.0 +0200
@@ -6,115 +6,112 @@
db_version 2.0 || [ $? -lt 30 ]
# Autoconfiguration for phpldapadmin
-if [ ! -f $CONFFILE ] || [ `md5sum $CONFFILE | awk '{print $1}'` = "49dc066603a3a22a24eb482181912c57" ]; then
- # Let's try to read default from slapd.conf, libnss-ldap.conf or libpam_ldap.conf
- if [ -f /etc/ldap/slapd.conf ]; then
- ldapserver="localhost"
- if grep "^TLS" /etc/ldap/slapd.conf > /dev/null 2>&1; then
- tls="true"
- else
- tls="false"
- fi
- basedn=`grep ^suffix /etc/ldap/slapd.conf | awk '{print $2}' | sed -e s/\"//g`
- binddn=`grep -e "by dn=.* write" /etc/ldap/slapd.conf | cut -d"\"" -f2 | head -n1`
- elif [ -f /etc/libnss-ldap.conf ]; then
- if grep "^host" /etc/libnss-ldap.conf > /dev/null 2>&1; then
- ldapserver=`grep ^host /etc/libnss-ldap.conf | awk '{print $2}'`
- elif grep "^uri" /etc/libnss-ldap.conf > /dev/null 2>&1; then
- ldapserver=`grep ^uri /etc/libnss-ldap.conf | sed -e s@/@@g | awk -F : '{print $2}'`
- fi
- if grep "^TLS" /etc/libnss-ldap.conf > /dev/null 2>&1; then
- tls="true"
- else
- tls="false"
- fi
- basedn=`grep -e "^base" /etc/libnss-ldap.conf | awk '{print $2}' | sed -e s/\"//g`
- binddn=`grep -e "^rootbinddn" /etc/libnss-ldap.conf | awk '{print $2}'`
- elif [ -f /etc/pam_ldap.conf ]; then
- if grep "^host" /etc/pam_ldap.conf > /dev/null 2>&1; then
- ldapserver=`grep ^host /etc/pam_ldap.conf | awk '{print $2}'`
- elif grep "^uri" /etc/pam_ldap.conf > /dev/null 2>&1; then
- ldapserver=`grep ^uri /etc/pam_ldap.conf | sed -e s@/@@g | awk -F : '{print $2}'`
- fi
- if grep "^TLS" /etc/pam_ldap.conf > /dev/null 2>&1; then
- tls="true"
- else
- tls="false"
- fi
- basedn=`grep -e "^base" /etc/pam_ldap.conf | awk '{print $2}' | sed -e s/\"//g`
- binddn=`grep -e "^rootbinddn" /etc/pam_ldap.conf | head -n1 | awk '{print $2}'`
+# Let's try to read default from slapd.conf, libnss-ldap.conf or libpam_ldap.conf
+if [ -f /etc/ldap/slapd.conf ]; then
+ ldapserver="localhost"
+ if grep "^TLS" /etc/ldap/slapd.conf > /dev/null 2>&1; then
+ tls="true"
+ else
+ tls="false"
fi
-
- if [ -f /etc/ldap.secret ]; then
- bindpw=`head -n1 /etc/ldap.secret`
+ basedn=`grep ^suffix /etc/ldap/slapd.conf | awk '{print $2}' | sed -e s/\"//g`
+ binddn=`grep -e "by dn=.* write" /etc/ldap/slapd.conf | cut -d"\"" -f2 | head -n1`
+elif [ -f /etc/libnss-ldap.conf ]; then
+ if grep "^host" /etc/libnss-ldap.conf > /dev/null 2>&1; then
+ ldapserver=`grep ^host /etc/libnss-ldap.conf | awk '{print $2}'`
+ elif grep "^uri" /etc/libnss-ldap.conf > /dev/null 2>&1; then
+ ldapserver=`grep ^uri /etc/libnss-ldap.conf | sed -e s@/
Bug#578981: phpldapadmin: php class 'LDAPServers' not found when opening webpage
Le dimanche 11 juil. 2010 à 16:34:55 (+0200), Thijs Kinkhorst a écrit : > Hi, > > As it seems config.php is not handled as a conffile, so the user is not > prompted on upgrades automatically. I indeed think it's necessary to add a > bit > better handling here to bring attention to the required change. You are right. Not only it is not handled as a conffile, but the postinst script also directly alters it without notification (see the various sed calls). The package should use ucf. I can work on a patch but would need someone to carefully test the changes as I do not use LDAP myself. Cheers, Julien -- Julien Valroff http://www.kirya.net GPG key: 1024D/9F71D449 17F4 93D8 746F F011 B845 9F91 210B F2AB 9F71 D449 signature.asc Description: Digital signature
Bug#577661: [Pkg-dspam-misc] Bug#577661: Bug#577661: dspam: should this package be removed?
Hi, We are in the process of reviewing packages of a recent git snapshot. We still work on them. Kind regards, Julien Le mardi 28 sep 2010 à 11:49:49 (+0200), Jan Hauke Rahm a écrit : > unarchive 577661 > reopen 577661 > thanks > > Hi Kurt, > > I'm reopening this bug now as nothing seems to have happened. > > On Tue, Apr 27, 2010 at 09:13:25PM -0400, Kurt B. Kaiser wrote: > > On Tue, 27 Apr 2010 10:21:53 +0200, "Jan Hauke Rahm" > > said: > > > > > > On Mon, Apr 26, 2010 at 06:33:31PM -0400, Kurt B. Kaiser wrote: > > > > > > First, determine which of the uploaders still have an interest in dspam. > > > > I think there are currently at least three people who would like to > > > > contribute to maintaining official Debian dspam packages. > > > > > > Are you going to pursue this, i.e. check on the other maintainers? > > > > I have just emailed the uploaders to see if they can continue. > > And did anyone reply? > > > > > Second, continue with the development of the experimental upload. I > > > > think Julien is pretty close. Since his work differs considerably from > > > > the current package, I think experimental is still warranted. > > > > > > > > Third, prepare an upload to unstable which takes the current package to > > > > 3.6.8-10, fixing the RC issues and bringing it back into policy > > > > compliance. I will work on that, if Julien has no objection. > > > > > > Sounds good. Any chance of a time line? Do you think this is something > > > to be done within the next four weeks (and thus to be considered for > > > squeeze)? > > > > I am working on it now, with the intention of getting back into squeeze. > > That didn't quite work out, did it? Admittedly, I didn't check behind > the scenes, i.e. in VCSs or what, but there hasn't been an upload and > I'd like you to keep this bug open now and close it with the next > upload. I hope you see something like this happening in future, > otherwise I still think a removal request might be better. > > Hauke > > -- > .''`. Jan Hauke Rahmwww.jhr-online.de > : :' : Debian Developer www.debian.org > `. `'` Member of the Linux Foundationwww.linux.com > `- Fellow of the Free Software Foundation Europe www.fsfe.org > ___ > Pkg-dspam-misc mailing list > pkg-dspam-m...@lists.alioth.debian.org > http://lists.alioth.debian.org/mailman/listinfo/pkg-dspam-misc -- Julien Valroff http://www.kirya.net GPG key: 1024D/9F71D449 17F4 93D8 746F F011 B845 9F91 210B F2AB 9F71 D449 signature.asc Description: Digital signature
Bug#590760: #590760 - Breaks Bonjour protocol support in Pidgin
Hi, I can also confirm this bug affects empathy (more precisely telepathy-salut) and rhythmbox (DAAP plugin). Reverting to the version currently in testing fixes all of these issues. Cheers, Julien -- Julien Valroff http://www.kirya.net GPG key: 4096R/290D20C5 092F 4CB5 5F19 E006 1CFD B489 D32B 8D66 290D 20C5 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#586733: nautilus-open-terminal doesn't open a terminal
package nautilus-open-terminal severity 586733 important thanks Le lundi 21 jun 2010 à 22:54:40 (-0300), Willian Gustavo Veiga a écrit : > Date: Mon, 21 Jun 2010 22:54:40 -0300 > From: Willian Gustavo Veiga > To: Debian Bug Tracking System > Subject: Bug#586733: nautilus-open-terminal doesn't open a terminal > Reply-To: Willian Gustavo Veiga , > 586...@bugs.debian.org > > Package: nautilus-open-terminal > Version: 0.18-1+b1 > Severity: grave Lowering severity as grave doesn't seem appropriate for your issue. > > I'm running XFCE 4 and Nautilus. When i click in "Context Menu -> Open in > Terminal" nothing happens. Is your preferred terminal application set? Check the gconf key desktop/gnome/application/terminal/exec. Set it to you preferred application (eg. xfce4-terminal.wrapper) and do not forget to change the exec_arg key accordingly (eg. -e). If you also use GNOME, these settings can be set from the System/Preferences/Preferred Applications menu. Cheers, Julien -- Julien Valroff http://www.kirya.net GPG key: 4096R/290D20C5 092F 4CB5 5F19 E006 1CFD B489 D32B 8D66 290D 20C5 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#577661: dspam: should this package be removed?
Hi Kurt, Jan, Le lundi 26 avril 2010 à 18:33 -0400, Kurt B. Kaiser a écrit : > On Tue, 13 Apr 2010 15:09:04 +0200, "Jan Hauke Rahm" > said: [...] > > while reviewing some packages, your package came up as a possible > > candidate for removal from Debian, because: > > > > * last maintainer upload 09/2008 > > * RC buggy > > * outdated > > * uploaders not interested or MIA (?) > > * not part of squeeze anyways and no solution in sight > > > > If you think that it should be orphaned instead of being removed from > > Debian, please reply to this bug and tell so. > > > > If you disagree and want to continue to maintain this package, please > > just close this bug and do an upload also fixing the other issues. > > Thank you for taking the time to review the dspam package status. I > apologize for causing this extra work. > > While the packages do not appear to have received adequate attention in > the last year and a half, Julien Valroff has in fact been working > diligently to prepare the new upstream release (from January) for upload > into experimental. This is the first solid release upstream release > in several years. I also must add that development has been very active since the project was taken over by the community. The core development team is still very motivated, as are the users. > I would like to request a stay of execution, and suggest the > following plan: > > First, determine which of the uploaders still have an interest in dspam. > I think there are currently at least three people who would like to > contribute to maintaining official Debian dspam packages. You can rely on me. Stevan Bajić (whom I add to the CC list) also shows a lot of interest in keeping DSPAM in Debian, as the lead upstream developer. He supports and helps me a lot in my work. It is also a chance for us to get this support from upstream, ensuring quality packages for Debian. > Second, continue with the development of the experimental upload. I > think Julien is pretty close. Since his work differs considerably from > the current package, I think experimental is still warranted. I agree. There is still a lot of work to be achieved (essentially testing and ... testing) but I think the current packages are in quite good state. I would like to wait until 3.9.1 is released to plan the upload to experimental, as most of my work is now made on the development branch which adds a lot of interesting features and fixes quite a bunch of bugs. Some of them would however be easy to backport, but this would add extra work. > Third, prepare an upload to unstable which takes the current package to > 3.6.8-10, fixing the RC issues and bringing it back into policy > compliance. I will work on that, if Julien has no objection. No objection at all ;) I think we just have to keep in mind that updated packages should be uploaded to unstable as soon as they prove to be reliable, as having this old 3.6.8 release still in Debian is a problem for both users and upstream developers. Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers
Le samedi 06 février 2010 à 08:52 +0100, Julien Valroff a écrit : > Le samedi 06 février 2010 à 01:25 -0600, Raphael Geissert a écrit : > > Hi Julien, > > > > On 6 February 2010 01:19, Julien Valroff wrote: > > > Hi Raphael, > > > > > > Le samedi 06 février 2010 à 01:04 -0600, Raphael Geissert a écrit : > > >> Hi, > > >> > > >> I plan to release a DSA fixing this issue with the attached patch. > > >> Please upload a new version to sid containing the fix. > > > > > > I'll work on this today. Thanks a lot for your work! > > > > > > Should I upload a version with the only change being this fix, or can I > > > also introduce other changes which I have planned? > > > > You can upload whatever other change you want (well, not "whatever", > > but you get it :). > > Ok, I will prepare a new package ASAP > > > > > > > What about security fixes for Lenny, should I prepare a package and > > > upload it somewhere? > > > > > > > There's no need, I've already prepared the packages and will release > > them later today. > > Great, I am happy to see this bug at least (about to be) close! It is now closed, I have uploaded a package containing your fix to unstable. Thanks again for your great help! Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers
Le samedi 06 février 2010 à 01:25 -0600, Raphael Geissert a écrit : > Hi Julien, > > On 6 February 2010 01:19, Julien Valroff wrote: > > Hi Raphael, > > > > Le samedi 06 février 2010 à 01:04 -0600, Raphael Geissert a écrit : > >> Hi, > >> > >> I plan to release a DSA fixing this issue with the attached patch. > >> Please upload a new version to sid containing the fix. > > > > I'll work on this today. Thanks a lot for your work! > > > > Should I upload a version with the only change being this fix, or can I > > also introduce other changes which I have planned? > > You can upload whatever other change you want (well, not "whatever", > but you get it :). Ok, I will prepare a new package ASAP > > > > What about security fixes for Lenny, should I prepare a package and > > upload it somewhere? > > > > There's no need, I've already prepared the packages and will release > them later today. Great, I am happy to see this bug at least (about to be) close! Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers
Hi Raphael, Le samedi 06 février 2010 à 01:04 -0600, Raphael Geissert a écrit : > Hi, > > I plan to release a DSA fixing this issue with the attached patch. > Please upload a new version to sid containing the fix. I'll work on this today. Thanks a lot for your work! Should I upload a version with the only change being this fix, or can I also introduce other changes which I have planned? What about security fixes for Lenny, should I prepare a package and upload it somewhere? Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#528938: next steps
Hi, Le jeudi 28 janvier 2010 à 16:19 +0100, Alexander Reichle-Schmehl a écrit : > Hi! > > * Kees Cook [100124 07:32]: > > > What makes the most sense for this bug? > > I would propose the following: > > 1) Clone this bug in a sepperate important, RFHed "server side needs > adjustment" bug. > 2) Upload the current client side solution closing this bug. > 3) Hope, that someone can fix the cloned bug ;) Would that be an acceptable solution as far as security is concerned? I really would like to be able to close this bug, but not if security is lowered. Thanks for your advice Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#556467: user ajaxterm should be part of tty group
Hi Evgeni, Le vendredi 20 novembre 2009 à 00:39 +0200, Evgeni Dobrev a écrit : > Hi Julien, > > > On Thu, 19 Nov 2009 at 20:41 +0100, Julien Valroff wrote: > > > package ajaxterm > > tags 556467 + unreproducible > > thanks > > > > Hi Evgeni, > > > > Le lundi 16 novembre 2009 à 23:16 +0200, Evgeni Dobrev a écrit : > > > Hi Julien, > > [...] > > > I have added my user to the tty group and it is working when the > > > --daemon option is not set. There is also a similar ticket in > Ubuntu. > > > > > > https://bugs.launchpad.net/ubuntu/+source/ajaxterm/+bug/397951 > > > [...] > > I guess your issue can have 2 origins: > > > > 1/ a misconfiguration on your system (would you please check the > rights > > on /dev/ptmx are 0666 as they should be?) > > These are the permissions of /dev/ptmx > > crw-rw-rw- 1 root root 5, 2 Nov 20 00:33 /dev/ptmx > > > > > 2/ a specificity on ppc - which I haven't been able to find while > > googling, but as I do not know anything about this platform... > > > > It should have nothing to do with the platform. I have not had much > time to look at it, but the fact that when run from the command > line without the --daemon command line option everything is ok means > something is wrong with the forking of the daemon process and the > permissions. I hope I will be able to take a look at it with pdb > during > the weekend. > Have you had a chance to look at this issue? After different tests on different systems, I still couldn't reproduce it. Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#561712: live-magic: helpers now installed in /usr/share/live-helper/helpers and not /usr/bin
Package: live-magic Version: 1.7 Severity: grave Justification: renders package unusable Hi, Helpers are now installed to /usr/share/live-helper/helpers instead of /usr/bin which causes live-magic to be totally unusable. $ live-magic Traceback (most recent call last): File "/usr/lib/pymodules/python2.5/LiveMagic/controllers/wizard.py", line 51, in on_wizard_apply self.model = Config(build_dir, **data) File "/usr/lib/pymodules/python2.5/DebianLive/__init__.py", line 48, in __init__ raise IOError, out IOError: sh: lh_config: not found Cheers, Julien -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (150, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.31-1-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages live-magic depends on: ii gksu 2.0.2-2+b1 graphical frontend to su ii live-helper 2.0~a3-1 Debian Live build scripts ii python2.5.4-4An interactive high-level object-o ii python-glade2 2.16.0-1 GTK+ bindings: Glade support ii python-gtk2 2.16.0-1 Python bindings for the GTK+ widge ii python-support1.0.6 automated rebuilding support for P ii python-vte1:0.22.5-1 Python bindings for the VTE widget ii xdg-utils 1.0.2-6.1 desktop integration utilities from Versions of packages live-magic recommends: ii cdebootstrap 0.5.5 Bootstrap a Debian system live-magic suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#556467: user ajaxterm should be part of tty group
package ajaxterm tags 556467 + unreproducible thanks Hi Evgeni, Le lundi 16 novembre 2009 à 23:16 +0200, Evgeni Dobrev a écrit : > Hi Julien, [...] > I have added my user to the tty group and it is working when the > --daemon option is not set. There is also a similar ticket in Ubuntu. > > https://bugs.launchpad.net/ubuntu/+source/ajaxterm/+bug/397951 Sorry for the late answer. I have now set up various VM's and tried various configurations, but none suffers from the issue you described. As I can only setup i386 VM's (and also run amd64 machines for which I have no problem with ajaxterm), I guess your issue can have 2 origins: 1/ a misconfiguration on your system (would you please check the rights on /dev/ptmx are 0666 as they should be?) 2/ a specificity on ppc - which I haven't been able to find while googling, but as I do not know anything about this platform... Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#556467: user ajaxterm should be part of tty group
Hi Evgeni, Le lundi 16 novembre 2009 à 13:36 +0200, Evgeni Dobrev a écrit : > Package: ajaxterm > Version: 0.10-4 > Severity: grave > Justification: renders package unusable > > > The ajaxterm user does not have permissions to open the tty device. As a > result pty.py throws "OSError: out of pty devices" (see Traceback after this > text). > > 'mount | grep pts' returns (gid 5 being tty) : > > devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620) > > When ajaxterm or the user it runs as is added to the tty group it runs ok. Would you please send your /etc/default/ajaxterm file? Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#555129: (no subject)
Subject: apache2-suexec: Should not set document root to /var/www - violates the FHS Package: apache2-suexec Version: 2.2.14-2 Justification: Policy 9.1.1 Severity: serious Hi, apache2-suexec is built with the following configure option: --with-suexec-docroot=/var/www This is not one of the /var directories in the File Hierarchy Standard and is under the control of the local administrator. Packages should not assume that it is the document root for a web server; it is very common for users to change the default document root and packages should not assume that users will keep any particular setting. Even http://www.debian.org/doc/debian-policy/ch-customized-programs.html#s-web-appl, which suggests /var/www should be used if **unavoidable**, states that this place can be a symlink to the location where the system administrator has put the real document root. If I am right, suexec doesn't allow symlinks for security reasons. Please also see the discussion at: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553498 which explains why I open this bug. Cheers, Julien -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (150, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.31-1-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#553498: [Pkg-dspam-misc] Bug#553498: dspam-webfrontend: dir-or-file-in-var-www /var/www/dspam/admin.cgi and 6 others
Le dimanche 01 novembre 2009 à 01:55 -0600, Manoj Srivastava a écrit : > On Sun, Nov 01 2009, Julien Valroff wrote: > > > Hi Manoj, > > > > Le dimanche 01 novembre 2009 à 00:33 -0500, Manoj Srivastava a écrit : > >> On Sat, Oct 31 2009, Julien Valroff wrote: > >> > >> > >> > As dspam-webfrontend relies on apache2-suexec, which sets the document > >> > root to /var/www/, I fear there is nothing we can do about this for > >> > now. > >> > >> That is a serious bug in apache2-suexec, which is a blocking bug > >> for you, yes. > > > > Would you please report this bug? > > > > Also see the following bug I had reported for this issue: > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542950 > > I hady thought /srv/www was a good place to host web applications > > data. > > Well, since I do not actually work with web applications > currently, I am perhaps not the best person to file this bug. > > > > >> > >> > Furthermore, as per > >> > http://www.debian.org/doc/debian-policy/ch-customized-programs.html#s-web-appl: > >> > "If access to the web document root is unavoidable then use /var/www > >> > as the Document Root." > >> > >> That is not yet policy, and is merely a draft proposal. You may > >> not assume that /var/www is the document root under the official Debian > >> policy and the FHS. > > > > A draft? I don't understand. > > It is part of the Debian Policy 3.8.3, section 11.5, point 4 > > Yes, you are correct. It is late at night here ... > > > If not, then it is a bug in debian-policy... > > I think that is the case. Policy should not recommend violating > the FHS like this. Then, what has priority? FHS or Debian Policy? > > > >> > I would hence think using /var/www for dspam-webfrontend is correct, > >> > what do you think of it? > >> > >> I think it is a serious bug, and you may not be able to upload > >> your package unless this is fixed. > > > > I understand. I wish I could address this issue myself. > > Well, I think the way forward would be to move the directory out > of /var/www? Not that easy: dspam-webfrontend does rely on apache2-suexec, which sets the document root to /var/www Apache suexec obviously doesn't follow symlinks. apache2-suexec-custom allows to set ONE different document root. If it is set to eg. /usr/share/dspam-webfrontend/ then the sysadmin cannot use any other web application relying on suexec (and, as a side effect, it would require she edits the suexec configuration file before being able to use dspam-webfrontend). I think the main issue is that FHS doesn't set any document root for web applications data. That's why the Debian Policy agrees they are installed in the historic /var/www directory "if unavoidable" (I would tend to think this wording applies to dspam-webfrontend for now). Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#553498: [Pkg-dspam-misc] Bug#553498: dspam-webfrontend: dir-or-file-in-var-www /var/www/dspam/admin.cgi and 6 others
Hi Manoj, Le dimanche 01 novembre 2009 à 00:33 -0500, Manoj Srivastava a écrit : > On Sat, Oct 31 2009, Julien Valroff wrote: > > > > As dspam-webfrontend relies on apache2-suexec, which sets the document > > root to /var/www/, I fear there is nothing we can do about this for > > now. > > That is a serious bug in apache2-suexec, which is a blocking bug > for you, yes. Would you please report this bug? Also see the following bug I had reported for this issue: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542950 I had wrongly thought /srv/www was a good place to host web applications data. > > > Furthermore, as per > > http://www.debian.org/doc/debian-policy/ch-customized-programs.html#s-web-appl: > > "If access to the web document root is unavoidable then use /var/www > > as the Document Root." > > That is not yet policy, and is merely a draft proposal. You may > not assume that /var/www is the document root under the official Debian > policy and the FHS. A draft? I don't understand. It is part of the Debian Policy 3.8.3, section 11.5, point 4 If not, then it is a bug in debian-policy... > > I would hence think using /var/www for dspam-webfrontend is correct, > > what do you think of it? > > I think it is a serious bug, and you may not be able to upload > your package unless this is fixed. I understand. I wish I could address this issue myself. Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#553498: [Pkg-dspam-misc] Bug#553498: dspam-webfrontend: dir-or-file-in-var-www /var/www/dspam/admin.cgi and 6 others
Hi Manoj,
On Sat, 31 Oct 2009 14:10:33 -0500, Manoj Srivastava
wrote:
> Package: dspam-webfrontend
> Version: 3.6.8-9.3
> Severity: serious
> User: lintian-ma...@debian.org
> Usertags: dir-or-file-in-var-www
>
> Debian packages should not install files under /var/www. This is not
> one of the /var directories in the File Hierarchy Standard and is
> under the control of the local administrator. Packages should not
> assume that it is the document root for a web server; it is very
> common for users to change the default document root and packages
> should not assume that users will keep any particular setting.
>
> Packages that want to make files available via an installed web server
> should instead put instructions for the local administrator in a
> README.Debian file and ideally include configuration fragments for
> common web servers such as Apache.
>
> As an exception, packages are permitted to create the /var/www
> directory due to its past history as the default document root, but
> should at most copy over a default file in postinst for a new install.
>
> Refer to Filesystem Hierarchy Standard (The /var Hierarchy) for
> details.
>
> One solution that works is to put configuration files into
> /etc/, put static content, if any, into
> /usr/{share,lib}/, then create /var/lib/
> as home for the package, and symlink the files from /etc and /usr/
> into the /var/lib/. Then create a simple set of
> configuration snippets for popular web servers (for example, files one
> may link into /etc/apache2/conf.d) and put them into
> /etc/. This way user modifiable files stil live in /etc,
> and a simple operation can make the package go live.
>
> Filed as serious, since this is a violation of the FHS (which is part
> of policy), and also since a package with these files will currently
> get this package rejected. See
> http://lists.debian.org/debian-devel-announce/2009/10/msg4.html
> for details. This means the package has been deemed too buggy to be in
> Debian.
As dspam-webfrontend relies on apache2-suexec, which sets the document
root
to /var/www/, I fear there is nothing we can do about this for now.
Furthermore, as per
http://www.debian.org/doc/debian-policy/ch-customized-programs.html#s-web-appl:
"If access to the web document root is unavoidable then use /var/www as
the Document Root."
I would hence think using /var/www for dspam-webfrontend is correct,
what do you think of it?
Cheers,
Julien
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#544061: Uninstallable: polkit-session.c:144:polkit_session_set_uid(): session != NULL
Hi Joost, Le dimanche 30 août 2009 à 10:02 +0200, Joost Yervante Damad a écrit : > Hi Julien, > > On Friday 28 August 2009 21:12:51 Julien Valroff wrote: > > > > You are right, from the error message, it is related to PolicyKit. > > If timidity-daemon is not the origin of the problem, it should be fixed > > in policykit, feel free to reassign the bug to the appropriate package. > > > > > > See http://hal.freedesktop.org/docs/PolicyKit/ for a description of > > policykit. I use GNOME, hence have PolicyKit installed on my system. > > I am unable to reproduce this on my system. > Could you perhaps provide me with a process tree ( pstree -c ) of the > situation, so I can see which process is hanging? I was unable to reproduce this today. Must have been an issue on my system. I think you can safely close this bug. All my apologies! Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#522645: [Pkg-dspam-misc] Bug#544152: dspam FTBFS now
Le samedi 29 août 2009 à 10:42 +0200, Andreas Barth a écrit : > * Julien Valroff (jul...@kirya.net) [090829 10:40]: > > package dspam > > forcemerge 522645 544152 > > I hope my "closes" doesn't break anything. > > > > This is the same issue as for #522645 [1] > > > > A fix was committed upstream, and a fixed package is ready in pkg-dspam > > svn. > > Do you have an expectation when the fix will get uploaded? Or anything > I could do to help there? Or should I just NMU this bug away, and you > do the maintainer upload later? Well, I have asked other maintainers to check my fix and upload this package (I am DM and not DD and new member in the pkg-dspam team, hence I do not think I can upload it directly until an upload including me as uploaded has been made). Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#544152: [Pkg-dspam-misc] Bug#544152: dspam FTBFS now
package dspam forcemerge 522645 544152 thanks Hi Andreas, Le samedi 29 août 2009 à 10:10 +0200, Andreas Barth a écrit : > Package: dspam > Version: 3.6.8-9 > Severity: serious > > Hi, > > dspam now FTBFS on all arches, see e.g. > https://buildd.debian.org/fetch.cgi?&pkg=dspam&ver=3.6.8-9%2Bb1&arch=i386&stamp=1251482126&file=log > > The error is persistent (tried a second time on i386, still fails): This is the same issue as for #522645 [1] A fix was committed upstream, and a fixed package is ready in pkg-dspam svn. Cheers, Julien [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522645 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#544061: Uninstallable: polkit-session.c:144:polkit_session_set_uid(): session != NULL
Hi Joost,
Le vendredi 28 août 2009 à 21:02 +0200, Joost Yervante Damad a écrit :
>
> On Friday 28 August 2009 14:55:16 Julien Valroff wrote:
> > Package: timidity-daemon
> > Version: 2.13.2-32
> > Severity: grave
> > Justification: renders package unusable
> >
> > Hi,
> >
> > When I try to install timitdity-daemon, the daemon doesn't start, causing
> > the package to be in iF state (installed, Failed-config). You will note
> > that I have to stop the process with a ^C.
> >
> > # LANG=C aptitude install timidity-daemon
> > Reading package lists... Done
> > Building dependency tree
> > Reading state information... Done
> > Reading extended state information
> > Initializing package states... Done
> > The following NEW packages will be installed:
> > freepats{a} timidity{a} timidity-daemon
> > 0 packages upgraded, 3 newly installed, 0 to remove and 1 not upgraded.
> > Need to get 0B/29.6MB of archives. After unpacking 35.7MB will be used.
> > Do you want to continue? [Y/n/?]
> > Writing extended state information... Done
> > Selecting previously deselected package freepats.
> > (Reading database ... 133647 files and directories currently installed.)
> > Unpacking freepats (from .../freepats_20060219-1_all.deb) ...
> > Selecting previously deselected package timidity.
> > Unpacking timidity (from .../timidity_2.13.2-32_amd64.deb) ...
> > Selecting previously deselected package timidity-daemon.
> > Unpacking timidity-daemon (from .../timidity-daemon_2.13.2-32_all.deb) ...
> > Processing triggers for menu ...
> > Processing triggers for man-db ...
> > Setting up freepats (20060219-1) ...
> > Setting up timidity (2.13.2-32) ...
> > Setting up timidity-daemon (2.13.2-32) ...
> > Starting TiMidity++ ALSA midi emulation...No protocol specified
> > XOpenDisplay() failed
> > Home directory /etc/timidity not ours.
> > [WARN 3839] polkit-session.c:144:polkit_session_set_uid(): session != NULL
> > Not built with -rdynamic so unable to print a backtrace
> >
> > ^CTerminated sig=0x02
>
> This is not timidity failing.
> It seems to have something to do with "policykit", whatever that is.
You are right, from the error message, it is related to PolicyKit.
If timidity-daemon is not the origin of the problem, it should be fixed
in policykit, feel free to reassign the bug to the appropriate package.
See http://hal.freedesktop.org/docs/PolicyKit/ for a description of
policykit. I use GNOME, hence have PolicyKit installed on my system.
Cheers,
Julien
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#544061: Uninstallable: polkit-session.c:144:polkit_session_set_uid(): session != NULL
Package: timidity-daemon
Version: 2.13.2-32
Severity: grave
Justification: renders package unusable
Hi,
When I try to install timitdity-daemon, the daemon doesn't start, causing the
package to be in iF state (installed, Failed-config).
You will note that I have to stop the process with a ^C.
# LANG=C aptitude install timidity-daemon
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
The following NEW packages will be installed:
freepats{a} timidity{a} timidity-daemon
0 packages upgraded, 3 newly installed, 0 to remove and 1 not upgraded.
Need to get 0B/29.6MB of archives. After unpacking 35.7MB will be used.
Do you want to continue? [Y/n/?]
Writing extended state information... Done
Selecting previously deselected package freepats.
(Reading database ... 133647 files and directories currently installed.)
Unpacking freepats (from .../freepats_20060219-1_all.deb) ...
Selecting previously deselected package timidity.
Unpacking timidity (from .../timidity_2.13.2-32_amd64.deb) ...
Selecting previously deselected package timidity-daemon.
Unpacking timidity-daemon (from .../timidity-daemon_2.13.2-32_all.deb) ...
Processing triggers for menu ...
Processing triggers for man-db ...
Setting up freepats (20060219-1) ...
Setting up timidity (2.13.2-32) ...
Setting up timidity-daemon (2.13.2-32) ...
Starting TiMidity++ ALSA midi emulation...No protocol specified
XOpenDisplay() failed
Home directory /etc/timidity not ours.
[WARN 3839] polkit-session.c:144:polkit_session_set_uid(): session != NULL
Not built with -rdynamic so unable to print a backtrace
^CTerminated sig=0x02
dpkg: error processing timidity-daemon (--configure):
subprocess installed post-installation script killed by signal (Interrupt)
Processing triggers for menu ...
Errors were encountered while processing:
timidity-daemon
E: Sub-process /usr/bin/dpkg returned an error code (1)
A package failed to install. Trying to recover:
Setting up timidity-daemon (2.13.2-32) ...
Starting TiMidity++ ALSA midi emulation...No protocol specified
XOpenDisplay() failed
Home directory /etc/timidity not ours.
[WARN 3913] polkit-session.c:144:polkit_session_set_uid(): session != NULL
Not built with -rdynamic so unable to print a backtrace
^CTerminated sig=0x02
dpkg: error processing timidity-daemon (--configure):
subprocess installed post-installation script killed by signal (Interrupt)
Errors were encountered while processing:
timidity-daemon
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
Writing extended state information... Done
Cheers,
Julien
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (150, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages timidity-daemon depends on:
ii adduser 3.110 add and remove users and groups
ii timidity 2.13.2-32 Software sound renderer (MIDI sequ
timidity-daemon recommends no packages.
timidity-daemon suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#540420: gksu-polkit: FTBS due to libgee0 -> libgee1 transition, resulting in non installable package in sid
Package: gksu-polkit Version: 0.0.1-1 Severity: serious Justification: no longer builds from source Hi, gksu-polkit fails to build from source with the following errors: gksu-environment.c:21:25: error: gee/hashmap.h: No such file or directory gksu-environment.c:22:21: error: gee/map.h: No such file or directory gksu-environment.c:23:21: error: gee/set.h: No such file or directory gksu-environment.c:58: error: expected specifier-qualifier-list before 'GeeHashMap' You will find a complete build log attached (clean chroot). As a consequence, libgksu-polkit0 is currently not installable on sid. Cheers, Julien -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (150, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.30-1-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash dpkg-checkbuilddeps: Unmet build dependencies: libglib2.0-dev libdbus-glib-1-dev libpolkit-dbus-dev libgee-dev valac libstartup-notification0-dev libgtk2.0-dev W: Unmet build-dependency in source dpkg-buildpackage: set CFLAGS to default value: -g -O2 dpkg-buildpackage: set CPPFLAGS to default value: dpkg-buildpackage: set LDFLAGS to default value: dpkg-buildpackage: set FFLAGS to default value: -g -O2 dpkg-buildpackage: set CXXFLAGS to default value: -g -O2 dpkg-buildpackage: source package gksu-polkit dpkg-buildpackage: source version 0.0.1-1 dpkg-buildpackage: source changed by Gustavo Noronha Silva dpkg-checkbuilddeps: Unmet build dependencies: libglib2.0-dev libdbus-glib-1-dev libpolkit-dbus-dev libgee-dev valac libstartup-notification0-dev libgtk2.0-dev dpkg-buildpackage: warning: Build dependencies/conflicts unsatisfied; aborting. dpkg-buildpackage: warning: (Use -d flag to override.) dpkg-buildpackage: warning: This is currently a non-fatal warning with -S, but dpkg-buildpackage: warning: will probably become fatal in the future. fakeroot debian/rules clean dh clean dh_testdir dh_auto_clean dh_clean dpkg-source -b gksu-polkit-0.0.1 dpkg-source: info: using source format `1.0' dpkg-source: info: building gksu-polkit using existing gksu-polkit_0.0.1.orig.tar.gz dpkg-source: info: building gksu-polkit in gksu-polkit_0.0.1-1.diff.gz dpkg-source: info: building gksu-polkit in gksu-polkit_0.0.1-1.dsc dpkg-genchanges -S >../gksu-polkit_0.0.1-1_source.changes dpkg-genchanges: including full source code in upload dpkg-buildpackage: source only upload (original source is included) -> Copying COW directory forking: rm -rf /var/cache/pbuilder/build//cow.2 forking: cp -al /var/cache/pbuilder/base-unstable_amd64.cow /var/cache/pbuilder/build//cow.2 I: unlink for ilistfile /var/cache/pbuilder/build//cow.2/.ilist failed, it didn't exist? forking: chroot /var/cache/pbuilder/build//cow.2 cowdancer-ilistcreate /.ilist find . -xdev -path ./home -prune -o \( \( -type l -o -type f \) -a -links +1 -print0 \) | xargs -0 stat --format '%d %i ' -> Invoking pbuilder forking: pbuilder build --debbuildopts --buildplace /var/cache/pbuilder/build//cow.2 --buildresult /tmp --no-targz --internal-chrootexec chroot /var/cache/pbuilder/build//cow.2 cow-shell /tmp/gksu-polkit_0.0.1-1.dsc I: Running in no-targz mode I: using fakeroot in build. I: Current time: Fri Aug 7 21:32:14 CEST 2009 I: pbuilder-time-stamp: 1249673534 I: copying local configuration I: mounting /proc filesystem I: mounting /dev/pts filesystem I: policy-rc.d already exists I: Obtaining the cached apt archive contents I: Installing the build-deps -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy Version: 0.invalid.0 Architecture: amd64 Maintainer: Debian Pbuilder Team Description: Dummy package to satisfy dependencies with aptitude - created by pbuilder This package was created automatically by pbuilder and should Depends: debhelper (>= 7), autotools-dev, libglib2.0-dev, libdbus-glib-1-dev, libpolkit-dbus-dev, libgee-dev, valac, libstartup-notification0-dev, libgtk2.0-dev, intltool dpkg-deb: building package `pbuilder-satisfydepends-dummy' in `/tmp/satisfydepends-aptitude/pbuilder-satisfydepends-dummy.deb'. Reading package lists... Building dependency tree... Reading state information... aptitude is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Selecting previously deselected package pbuilder-satisfydepends-dummy. (Reading database ... 10048 files and directories currently installed.) Unpacking pbuilder-satisfydepends-dummy (from .../pbuilder-satisfydepends-dummy.deb) ... dpkg: dependency problems prevent configuration of pbuilder-satisfydepends-dummy: pbuilder-satisfydepends-dummy depends on debhelper (>= 7); however: Package debhelper is not installed. pbuilder-satisfydepends-dummy depends on autotools-dev; however: Package autotools-dev is not installed. pbuilder-s
Bug#528938: possible solutions
Hi Thomas, Le vendredi 31 juillet 2009 à 20:48 +0200, Thomas Viehmann a écrit : > Hi Julien, > > two quick comments > - is the security team aware that you are waiting on input? At least some members were aware, the bug was reported by on of them. But now, they are all ;) > - if you want to compute a session ID in python, the easy way >is to use ajaxterm.html only as a template, make sure it is not >cached and pass the (computed and put in the template) session id in >the instantiation there. I'll check what I can do, but as far as I can see, I will need help on this. Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#528938: suggested patch
Hello,
Le dimanche 17 mai 2009 à 20:23 +, The Fungi a écrit :
> Apologies--my previous message included a broken patch from an
> earlier attempt rather than the current one. Here is what I'm
> presently using on my sytems:
First, thanks for sending this patch, which is for now the only possible
fix I have seen for this issue.
Unfortunately, the upstream author hasn't answered to any of the
numerous mail he has received regarding this security issue, I think
however it is now urgent to fix the Debian package.
> --- /usr/share/ajaxterm/ajaxterm.js 2009-02-17 13:40:43.0 +
> +++ ajaxterm.js 2009-05-17 20:15:16.0 +
> @@ -3,7 +3,16 @@
> var ie=0;
> if(window.ActiveXObject)
> ie=1;
> - var sid=""+Math.round(Math.random()*10);
> +
> + // mitigate CVE-2009-1629
> + var sid_arr = (
> + "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
> + ).split("");
> + var sid = "";
> + for (sid_inc = 0 ; sid_inc < 9 ; sid_inc++){
> + sid += sid_arr[Math.floor(Math.random()*sid_arr.length)];
> + }
> +
> var query0="s="+sid+"&w="+width+"&h="+height;
> var query1=query0+"&c=1&k=";
> var buf="";
I am not a security expert, and I am not sure to understand how your
patch would make ajaxterm really secure. From what I could read,
Math.random() is said to be inherently insecure.
Would the proposed code add sufficient randomisation to guarantee
ajaxterm security?
As said, I am just trying to understand better before applying the patch
and upload this fix to Debian.
Any comment from the Security team would be welcome!
Cheers,
Julien
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#522645: dspam: FTBS in a clean chroot due to not found libsqlite libs
tags 522645 + patch thanks Le dimanche 05 avril 2009 à 17:52 +0200, Julien Valroff a écrit : > Le dimanche 05 avril 2009 à 17:13 +0200, Julien Valroff a écrit : > > Package: dspam > > Version: 3.6.8-9 > > Severity: serious > > Justification: no longer builds from source > > > > Hi, > > > > Trying to build dspam sources in a clean chroot using cowbuilder fails with > > the following > > error message: > [...] > > sqlite has been updated quite a lot recently, might be the cause of this > > issue. > > dspam still builds fine on lenny (which still has sqlite3 3.5, whereas > 3.6 has been uploaded to unstable) A patch was applied in GIT upstream (commit 41026d770cdb8cf0c8b0b359de2055f95dfe41f7): --- m4/sqlite3_drv.m4.org 2009-05-30 00:16:32.470345008 +0200 +++ m4/sqlite3_drv.m4 2009-06-01 22:05:47.912622542 +0200 @@ -210,7 +210,7 @@ continue fi - DS_LIBTOOL_RUN_IFELSE([AC_LANG_PROGRAM([[ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include #include #include Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#532453: nautilus-open-terminal: Doesn't work anymore - Problem with an option -c
package nautilus-open-terminal severity 532453 important tags 532453 + unreproducible moreinfo thanks Le mardi 09 juin 2009 à 15:48 +0200, Ghent a écrit : > Package: nautilus-open-terminal > Version: 0.13-2 > Severity: grave > Justification: renders package unusable I have lowered this severity as it seems it is a misconfiguration on your side. Still keeping it to important until not really sure. > Nothing takes place, when I click to open a terminal in a folder. I > tried with gnome-terminal and terminator as default terminal. > The log file .xsession-errors reports : > Unknown option -c (for gnome-terminal) > > or for terminator : > > terminator: error: no such option: -c > Usage: terminator [options] I guess you use the custom terminal emulator field in gnome-default-applications-properties? If so, please make sure the execution flag is set to '-x' (and not -c) when using gnome-terminal (sorry, I do not know what it can be for terminator). Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#522177: pulseaudio: no audio after an upgrade
Le dimanche 26 avril 2009 à 09:08 +0200, Julien Valroff a écrit : > Le vendredi 24 avril 2009 à 23:32 +0200, davide a écrit : > > Package: pulseaudio > > Version: 0.9.14-2 > > Severity: normal > > > > I tried version from sid (0.9.15) of pulseaudio, but none works. > > I have some clip and strange sound but no music. > > Totem player works with any problem, it just appears as muted. > > It works for me but I need to not load the module-*-restore modules. > > Try and commenting the following lines in your /etc/pulse/default.pa: > #load-module module-device-restore > #load-module module-stream-restore > #load-module module-card-restore > > When loading these modules, the master volume is at 0% and the channel > is muted after booting, but even after unmuting the channel and set it > at a standard volume level, I cannot hear any sound (I have checked > other channels but it seems all are ok). I have to use pavucontrol and mute/unmute the main output device (it is first shown as unmuted, but no sound can be heard) > Without these modules, everything works BUT the master volume is always > set at 100% after booting, which is not what I want. This is still the case now. Is there any news regarding this bug? Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#522177: pulseaudio: no audio after an upgrade
Le vendredi 24 avril 2009 à 23:32 +0200, davide a écrit : > Package: pulseaudio > Version: 0.9.14-2 > Severity: normal > > I tried version from sid (0.9.15) of pulseaudio, but none works. > I have some clip and strange sound but no music. > Totem player works with any problem, it just appears as muted. It works for me but I need to not load the module-*-restore modules. Try and commenting the following lines in your /etc/pulse/default.pa: #load-module module-device-restore #load-module module-stream-restore #load-module module-card-restore When loading these modules, the master volume is at 0% and the channel is muted after booting, but even after unmuting the channel and set it at a standard volume level, I cannot hear any sound (I have checked other channels but it seems all are ok). Without these modules, everything works BUT the master volume is always set at 100% after booting, which is not what I want. Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#522177: #522177 - pulseaudio: audio is not working with pa 0.9.15 (except adobe flash)
Le dimanche 19 avril 2009 à 12:00 +0200, Julien Valroff a écrit :
> Hi,
>
> I have got the exact same problem, except that pavucontrol doesn't
> segfault (amd64).
>
> If Adobe Flash is working, I guess it is simply because it doesn't use
> pa - it doesn't work neither if I set the following asound.conf file:
> pcm.pulse {
> type pulse
> }
>
> ctl.pulse {
> type pulse
> }
>
> pcm.!default {
> type pulse
> }
> ctl.!default {
> type pulse
> }
>
> pavumeter shows activity when using all my usual applications (GNOME
> system sounds, rhythmbox etc.), which worked perfectly using pa 0.9.14
> Just that I cannot hear any sound...
>
> Nothing in the syslog.
>
> Note that pa 0.9.14 in sid is currently uninstallable due to a broken
> dependency (needs rebuild I guess).
> This means that people installing pa 0.9.15 are not able to downgrade
> afterwards!
OK it now works with kernel 2.6.29 (I previously used 2.6.26 due to a
bug in the snd_hda_instal module:
http://bugzilla.kernel.org/show_bug.cgi?id=12061)
Is this specific to snd-hda-intel or pa 0.9.15 needs kernel 2.6.29?
Cheers,
Julien
--
Membre de l'April - « promouvoir et défendre le logiciel libre » -
http://www.april.org
Rejoignez maintenant plus de 4 500 personnes, associations, entreprises
et collectivités qui soutiennent notre action
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#522177: #522177 - pulseaudio: audio is not working with pa 0.9.15 (except adobe flash)
Hi,
I have got the exact same problem, except that pavucontrol doesn't
segfault (amd64).
If Adobe Flash is working, I guess it is simply because it doesn't use
pa - it doesn't work neither if I set the following asound.conf file:
pcm.pulse {
type pulse
}
ctl.pulse {
type pulse
}
pcm.!default {
type pulse
}
ctl.!default {
type pulse
}
pavumeter shows activity when using all my usual applications (GNOME
system sounds, rhythmbox etc.), which worked perfectly using pa 0.9.14
Just that I cannot hear any sound...
Nothing in the syslog.
Note that pa 0.9.14 in sid is currently uninstallable due to a broken
dependency (needs rebuild I guess).
This means that people installing pa 0.9.15 are not able to downgrade
afterwards!
Cheers,
Julien
--
Membre de l'April - « promouvoir et défendre le logiciel libre » -
http://www.april.org
Rejoignez maintenant plus de 4 500 personnes, associations, entreprises
et collectivités qui soutiennent notre action
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#522645: dspam: FTBS in a clean chroot due to not found libsqlite libs
Le dimanche 05 avril 2009 à 17:13 +0200, Julien Valroff a écrit : > Package: dspam > Version: 3.6.8-9 > Severity: serious > Justification: no longer builds from source > > Hi, > > Trying to build dspam sources in a clean chroot using cowbuilder fails with > the following > error message: [...] > sqlite has been updated quite a lot recently, might be the cause of this > issue. dspam still builds fine on lenny (which still has sqlite3 3.5, whereas 3.6 has been uploaded to unstable) Cheers, Julien -- Membre de l'April - « promouvoir et défendre le logiciel libre » - http://www.april.org Rejoignez maintenant plus de 4 500 personnes, associations, entreprises et collectivités qui soutiennent notre action -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#522645: dspam: FTBS in a clean chroot due to not found libsqlite libs
Package: dspam Version: 3.6.8-9 Severity: serious Justification: no longer builds from source Hi, Trying to build dspam sources in a clean chroot using cowbuilder fails with the following error message: checking sqlite3.h usability... yes checking sqlite3.h presence... yes checking for sqlite3.h... yes checking SQLite header version... 3.6.12 checking how to link SQLite libraries... failure configure: error: Required version of libsqlite not found make: *** [configure-stamp] Error 1 sqlite has been updated quite a lot recently, might be the cause of this issue. Cheers, Julien -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (150, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages dspam depends on: ii libc6 2.9-6 GNU C Library: Shared libraries pn libdspam7 (no description available) ii libldap-2.4-2 2.4.15-1 OpenLDAP libraries pn procmail | sensible-mda(no description available) Versions of packages dspam recommends: pn clamav-daemon (no description available) pn dspam-doc (no description available) dspam suggests no packages. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#521564: python-cairo: Uninstallable (at least when using cowbuilder)
package python-cairo tags 521564 + tags thanks Le samedi 28 mars 2009 à 15:18 +0100, Julien Valroff a écrit : > Unpacking python-cairo (from .../python-cairo_1.8.4-2_amd64.deb) ... > pycentral: pycentral pkgremove: package python-cairo is not installed > pycentral pkgremove: package python-cairo is not installed > dpkg: error processing /var/cache/apt/archives/python-cairo_1.8.4-2_amd64.deb > (--unpack): > subprocess pre-installation script returned error exit status 1 [...] I guess the following patch should solve the issue: --- debian/python-cairo.preinst.orig2009-03-28 15:20:31.0 +0100 +++ debian/python-cairo.preinst 2009-03-28 15:20:36.0 +0100 @@ -5,7 +5,7 @@ PYCENTRAL=/usr/bin/pycentral case "$1" in -install|upgrade) +upgrade) if dpkg --compare-versions "$2" lt 1.8.4-2; then if [ -x $PYCENTRAL ]; then # explicitly remove old python-central files Cheers, Julien -- Membre de l'April - « promouvoir et défendre le logiciel libre » - http://www.april.org Rejoignez maintenant plus de 4 500 personnes, associations, entreprises et collectivités qui soutiennent notre action -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#521564: python-cairo: Uninstallable (at least when using cowbuilder)
Package: python-cairo Version: 1.8.4-2 Severity: grave Justification: renders package unusable Hi, When installing python-cairo in cowbuilder, I get the following error: Unpacking python-cairo (from .../python-cairo_1.8.4-2_amd64.deb) ... pycentral: pycentral pkgremove: package python-cairo is not installed pycentral pkgremove: package python-cairo is not installed dpkg: error processing /var/cache/apt/archives/python-cairo_1.8.4-2_amd64.deb (--unpack): subprocess pre-installation script returned error exit status 1 I haven't noticed any issue with this preinst script when python-cairo was updated in my system, I guess it is hence a problem on first install only. Cheers, Julien -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (150, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.29-1-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages python-cairo depends on: ii libc6 2.9-6 GNU C Library: Shared libraries ii libcairo2 1.8.6-2+b1 The Cairo 2D vector graphics libra ii python2.5.4-2An interactive high-level object-o ii python-support0.90.5 automated rebuilding support for P python-cairo recommends no packages. python-cairo suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#520594: python-coherence: Not installable due to wrong path to MochiKit.js
Package: python-coherence Version: 0.6.2-1 Severity: grave Justification: renders package unusable Hi, python-coherence is not installable: ... Setting up python-coherence (0.6.2-1) ... file does not exist: /usr/lib/python2.5/site-packages/coherence/web/static/MochiKit.js pycentral: pycentral pkginstall: error byte-compiling files (158) pycentral pkginstall: error byte-compiling files (158) dpkg: error processing python-coherence (--configure): subprocess post-installation script returned error exit status 1 ... Actually, /usr/lib/python2.5/site-packages/coherence/web/static/MochiKit.js points to /usr/share/pyshared/coherence/web/static/MochiKit.js whereas the actual location is /usr/share/coherence/coherence/web/static/MochiKit.js Cheers, Julien -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (150, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages python-coherence depends on: ii libjs-mochikit1.4.2-1JavaScript library inspired by Pyt ii python [python-ctypes]2.5.4-2An interactive high-level object-o ii python-axiom 0.5.30-1 Python object database ii python-celementtree 1.0.5-10 Light-weight toolkit for XML proce ii python-central0.6.11 register and build utility for Pyt ii python-configobj 4.5.2-2a simple but powerful config file ii python-elementtree1.2.6-12 Light-weight toolkit for XML proce ii python-gst0.100.10.14-2 generic media-playing framework (P ii python-louie 1.1-1.1Python signal dispatching mechanis ii python-nose 0.10.4-2 test discovery and running for Pyt ii python-pkg-resources 0.6c9-2Package Discovery and Resource Acc ii python-tagpy 0.94.5-4 Python module for manipulating tag ii python-twisted-core 8.2.0-1Event-based framework for internet ii python-twisted-web8.2.0-1An HTTP protocol implementation to ii python-zopeinterface 3.3.1-7The implementation of interface de ii python2.5 2.5.4-1An interactive high-level object-o python-coherence recommends no packages. python-coherence suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#518909: compiz: Fails to build from source: config.status: error: po/Makefile.in.in was not created by intltoolize.
Package: compiz Version: 0.7.6-7 Severity: serious Justification: no longer builds from source compiz can no longer be built from source, starting with intltool 0.40.5. Build fails with the following error: config.status: error: po/Makefile.in.in was not created by intltoolize. Cheers, Julien -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (100, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages compiz depends on: ii compiz-core 0.7.6-7OpenGL window and compositing mana pn compiz-gnome (no description available) pn compiz-gtk (no description available) ii compiz-plugins0.7.6-7OpenGL window and compositing mana compiz recommends no packages. Versions of packages compiz suggests: ii compizconfig-settings-manager 0.7.6-3Compizconfig Settings Manager -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#515734: xinit: changes keyboard layout at gdm login screen suddenly
Hi all, Are you sure this is not the new way of configuring xorg through hal? In my case, I have added a file /etc/hal/fdi/policy/10-keymap.fdi with the following contents for a French keymap: fr latin9 compose:lwin And it works - not sure however it was the same problem asi it is with xorg from experimental. In my case, and if I am right, it means that any pointer using mouse and kbd drivers are ignored and evdev is used. My xorg.conf file is now empty - yes, empty. Cheers, Julien -- Membre de l'April - « promouvoir et défendre le logiciel libre » - http://www.april.org Rejoignez maintenant plus de 4 000 personnes, associations, entreprises et collectivités qui soutiennent notre action -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#422800: Sometimes fails when dragging and dropping a message from one folder to another
Hi Josselin, Le jeudi 23 octobre 2008 à 11:33 +0200, Josselin Mouette a écrit : > reassign 422800 evolution-data-server 1.10.1-2 > found 422800 2.22.3-1 > tag 422800 + patch > thanks > > According to upstream, this bug should be fixed by applying the attached > patch, but it would require testing. > > Could you try applying this patch to evolution-data-server, upgrading it > and check whether it is fixed? Even without applying this patch, I was not able to reproduce the problem with the current version in sid. Cheers, Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#498679: dovecot FTBFS: unreproducible
Le lundi 22 septembre 2008 à 21:59 +0100, Adam D. Barratt a écrit : > On Wed, 2008-09-17 at 22:57 +0100, Adam D. Barratt wrote: > > On Thu, 2008-09-18 at 00:36 +0300, Riku Voipio wrote: > > > tags 498679 + unreproducible > > > thanks > > > > > > I can't reproduce this with pbuilder. > > > > fwiw, I couldn't reproduce it either when I first tried it in an amd64 > > pbuilder. After running apt-get update inside the chroot and retrying, > > the problem appeared so it must be related to a recent(ish) change in > > either the toolchain or a dependency. > > and after doing so again today, predictably it builds fine. Unfortunately, I have tested again with clean chroots (newly created to avoid any misconfiguration): build always fails in sid (i386 and amd64) but succeeds in testing (i386 and amd64). I am always using pdebuild with cowbuilder (on a machine running unstable on amd64). I am not sure what the problem can be, but it is real. Cheers, Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#496375: The possibility of attack with the help of symlinks in some Debian packages
Hi Alexander, Many thanks for your email. I have been willing to review rkhunter bugs before submitting it. Le mercredi 27 août 2008 à 04:00 +0400, Solar Designer a écrit : > FWIW, I happened to independently notice this and report it upstream a > week ago: > > https://sourceforge.net/tracker/?func=detail&atid=794190&aid=1971965&group_id=155034 > > "While I am at it, I suggest that you change /tmp/rkhunter-debug to > /var/run/rkhunter-debug. Right now, you have a security hole allowing for > local root compromise, although indeed the race condition is hard to > trigger in practice. > > To those reading this: please note that this suggestion by no means > constitutes a security review of rkhunter by me." > > I notice that the Debian package was fixed to use mktemp; I think that a > fixed filename under /var/run would be better in this case. Also, > rkhunter could be patched to enforce mode 600 on the file, regardless of > umask. (mktemp does that, but when a fixed filename under /var/run is > used instead, that would need to be explicit.) Oh, and I was probably > wrong about the race condition being hard to trigger - I forgot about > directory notifications for a moment. I am far from being a security expert. Do you suggest that using /var/run/rkhunter-debug is better than /tmp/rkhunter-debug. (created using mktemp)? or is that still using mktemp to create a /var/run/rkhunter-debug.XX file? Can you explain why it is more secure? I am ready to patch rkhunter debian package, but need to be sure I understand well what I do! Thanks again for your help. Cheers, Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#496375: The possibility of attack with the help of symlinks in some Debian packages
package rkhunter reopen 496375 thanks Le lundi 25 août 2008 à 12:52 +0200, Julien Cristau a écrit : > On Mon, Aug 25, 2008 at 11:09:02 +0200, Julien Valroff wrote: > > > I think rkhunter is safe, given that the script does check that the file > > in /tmp is a file (and not a symlink) before using it: > > > > if [ "$1" = "--debug" ]; then > > if [ -e "/tmp/rkhunter-debug" ]; then > > if [ -f "/tmp/rkhunter-debug" -a ! -h > > "/tmp/rkhunter-debug" ]; then > > rm -f /tmp/rkhunter-debug >/dev/null 2>&1 > > else > > echo "Cannot use '--debug' option. > > /tmp/rkhunter-debug already exists, but it is not a file." > > exit 1 > > fi > > fi > > > > Would you please confirm this is ok so that I can close this bug? > > > This isn't ok. Your script is still vulnerable to a race condition (if > the symlink is created between when you check for it and when you use > it). Thanks for your precision. I hence re-open the bug. What can I do to prevent this? Dmitry suggested using mktemp, but this would only *reduce* the probability of exploiting this race condition. Would this be acceptable? Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#496375: The possibility of attack with the help of symlinks in some Debian packages
Le lundi 25 août 2008 à 14:02 +0400, Dmitry E. Oboukhov a écrit : > On 11:09 Mon 25 Aug , Julien Valroff wrote: > JV> Hi Dmitry, > > JV> Le dimanche 24 août 2008 à 22:05 +0400, Dmitry E. Oboukhov a écrit : > JV>> Package: rkhunter > JV>> Severity: grave [...] > JV>> In some packages I've discovered scripts with errors which may be used > JV>> by a user for damaging important system files or user's files. > JV>> > JV>> For example if a script uses in its work a temp file which is created > JV>> in /tmp directory, then every user can create symlink with the same > JV>> name in this directory in order to destroy or rewrite some system > JV>> or user file. Symlink attack may also lead not only to the data > JV>> desctruction but to denial of service as well. > > JV> I think rkhunter is safe, given that the script does check that the file > JV> in /tmp is a file (and not a symlink) before using it: > > JV> if [ "$1" = "--debug" ]; then > JV> if [ -e "/tmp/rkhunter-debug" ]; then > JV> if [ -f "/tmp/rkhunter-debug" -a ! -h "/tmp/rkhunter-debug" ]; then > JV> rm -f /tmp/rkhunter-debug >/dev/null 2>&1 > JV> else > JV> echo "Cannot use '--debug' option. /tmp/rkhunter-debug already exists, > but it is not a file." > JV> exit 1 > JV> fi > JV> fi > > JV> Would you please confirm this is ok so that I can close this bug? > > could you create temp-file as: > > if [ $1 = "--debug" ]; then > DEBUG_FILE=`mktemp -t rkhunter-debug.XX` > ... > unsing debug file $DEBUG_FILE > fi Sure, but can you explain what this would change in terms of security and wrt to the bug reported? Cheers, Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#496375: The possibility of attack with the help of symlinks in some Debian packages
Hi Dmitry, Le dimanche 24 août 2008 à 22:05 +0400, Dmitry E. Oboukhov a écrit : > Package: rkhunter > Severity: grave > > Hi, maintainer! > > This message about the error concerns a few packages at once. I've > tested all the packages (for Lenny) on my Debian mirror. All scripts > of packages (marked as executable) were tested. > > In some packages I've discovered scripts with errors which may be used > by a user for damaging important system files or user's files. > > For example if a script uses in its work a temp file which is created > in /tmp directory, then every user can create symlink with the same > name in this directory in order to destroy or rewrite some system > or user file. Symlink attack may also lead not only to the data > desctruction but to denial of service as well. I think rkhunter is safe, given that the script does check that the file in /tmp is a file (and not a symlink) before using it: if [ "$1" = "--debug" ]; then if [ -e "/tmp/rkhunter-debug" ]; then if [ -f "/tmp/rkhunter-debug" -a ! -h "/tmp/rkhunter-debug" ]; then rm -f /tmp/rkhunter-debug >/dev/null 2>&1 else echo "Cannot use '--debug' option. /tmp/rkhunter-debug already exists, but it is not a file." exit 1 fi fi Would you please confirm this is ok so that I can close this bug? Cheers, Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#468141: nautilus-open-terminal: crashes nautilus reproducibly
package nautilus-open-terminal severity 468141 important thanks Hi Johannes, I have changed the severity as I use nautilus-open-terminal with the latest version of nautilus in sid without any issue, thus the issue is not general. Le mercredi 27 février 2008 à 10:49 +0100, Johannes Rohr a écrit : > Package: nautilus-open-terminal > Version: 0.8-1+b1 > Severity: grave > Justification: renders package unusable > > There appears to be an incompatibilty between nautilus-open-terminal > and > current nautilus. As soon as I right-click and select "open terminal > here", nautilus crashes. [...] > ii libnautilus-extension1 2.20.0-3.rudi.1 libraries for nautilus > components Would you please confirm what is this version? Please try installing the package from the official Debian repository in order to check if your issue isn't related with it. Cheers, Julien
Bug#435414: Wrong path in preinst script
Hi, The path to mount.nfs in the preinst script should be /sbin/mount.nfs and not /usr/sbin/mount.nfs: diff -urNad util-linux-2.13~rc2/debian/mount.preinst.orig util-linux-2.13~rc2/debian/mount.preinst --- util-linux-2.13~rc2/debian/mount.preinst.orig 2007-07-31 19:41:14.0 +0200 +++ util-linux-2.13~rc2/debian/mount.preinst2007-07-31 19:41:28.0 +0200 @@ -20,7 +20,7 @@ export LANG=C # for the comparison of mail version... NFS_IN_USE=$(sed -n '/^[^ ]* [^ ]* nfs /p' /proc/mounts) - if [ -n "$NFS_IN_USE" ] && [ ! -x /usr/sbin/mount.nfs ]; then + if [ -n "$NFS_IN_USE" ] && [ ! -x /sbin/mount.nfs ]; then cat << EOF You have NFS mounts, and this version of mount requires that nfs-common be upgraded before NFS mounts will work. Cheers, Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#434296: Complete build log
Hi, Just in case it can help, please find attached a complete build log on amd64. Cheers, Julien qemu_0.9.0-2.1_amd64.build.gz Description: GNU Zip compressed data
Bug#408927: fast-user-switch-applet blocks the system when coming back from a user change
package fast-ser-switch-applet severity 408927 important tags 408927 +unreproducible thanks Le lundi 29 janvier 2007 à 11:57 +0100, Francesco Locantore a écrit : > Distribution: Debian 4.0 > Package: fast-user-switch-applet > Severity: critical Not sure this bug is critical, as it doesn't break the whole system. > Version: 2.14.2-1 > Synopsis: fast-user-switch-applet blocks the system when coming back from a > user change > > Description of Problem: > > When I change user with the applet in the gnome bar, I can't come back > to the original user because the system freezes (I have to power off and > reboot) > > Steps to reproduce the problem: > > 1. Change user with the applet in the gnome bar without logout > > 2. Login as another user > > 3. Come back to the original user with the applet in the gnome bar > without logout > > Actual Results: > > System freeze > > Expected Results: > > Come back to the original user > > How often does this happen? > > Ever There are several points to check: * what does happen if you change back to the 1st user using CTRL+ALT+Fx (usually F7 if you use the default configuration) * What can you see in /var/log/Xorg.?.log * What did you set as fusa preference for locking the screen when switching users? If you have chosen to lock the screen, do you use xscreensaver or gnome-screensaver? * Can you please let me know the versions of the dependencies of fast-user-switch-applet (you should leave them in the template generated by reportbug, these information are really useful) * What video module do you use? I cannot reproduce this bug (having tested with 3 machines with totally different hardware and configurations). Please note that I will be away for the reste of the week, I will answer once back home on Saturday or Sunday. Cheers, Julien
Bug#405178: Even with udev installed...
Hi, Even with udev installed, the directory used by kqemu-modules does not exist: ln: creating symbolic link `/etc/udev/udev.d/099_kqemu.rules': No such file or directory udev is up-to-date (0.103-1). I think the link is meant to go to /etc/udev/rules.d/ Moreover, the postinst script detects if udev is installed checking if the directory /etc/udev exists, but this directory is part of several packages, on my sytsem: $ dpkg -S /etc/udev libsane, hal, hdparm, alsa-utils, libgphoto2-2, udev: /etc/udev IMHO it is not unnecessary to install udev rules if udev is not installed. Cheers, Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#396653: listen: Fails to start with home over NFS
package: listen tags 396653 + moreinfo unreproducible thanks Le lundi 13 novembre 2006 à 23:34 -0200, [EMAIL PROTECTED] a écrit : [...] > I could not run listen one single time while HOME was over NFS. I may > try these (removing .listen and trying it again over NFS and moving > listen to a non-NFS filesystem and running listen over ther), but I > don't think there would be any results. As soon as I do these, I'll post > again with the results. Since I have a second machine now, I may even > try this at home (no pun intended) and see if I get the same results. Hi, I have been able to launch listen with home over NFS (tested with NFS server in both Sarge and Unstable, with both clients in Etch and Unstable). Please try the proposed tests to check if your .listen is corrupted or not. Thanks for your help Cheers, Julien
Bug#397244: freeloader: FTBFS: error: failed to find required module gnome.ui
Le samedi 11 novembre 2006 à 16:39 +0100, Julien Danjou a écrit : > On Sat, Nov 11, 2006 at 05:15:16PM +0200, Hanna Ollila wrote: > > > > Hello Julien, > > > > I have a problem with repeating the bug. I don't see the bug you describe > > when building with pbuilder, and it builds without problems. Could you > > provide the information how to repeat the bug? > > I cannot reproduce it neither in pbuilder, the bug might be gone away. I have never been able to reproduce this bug. Importing gnome.ui module takes a quite long time on my machine (though somewhat powerful), maybe your build script has a timeout somewhere? Cheers, Julien
Bug#391222: FTBS: build-depends on non-existing package linux-source-2.6.17
Package: user-mode-linux Version: 2.6.17-1um-2 Severity: serious Justification: no longer builds from source user-mode-linux should be updated to build-depend on linux-source-2.6.18. Cheers, Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#383489: altermime: Missing dependency on libc6
package altermime tags 383489 pending thanks Thank you for the patch which I applied. A new upload will be done shortly. Cheers, Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#376088: bashisms in /etc/init.d/ajaxterm
Hi, Thanks for your report. Le vendredi 30 juin 2006 à 09:56 +0200, Michal Politowski a écrit : > The test to see if the script is run by root uses bash specific extensions > not necessarily available in /bin/sh: > - the $UID variable (use $(id -u)) > - the [[ comand ([ is standard) Committed to SVN - should be uploaded very soon > As an aside: I don't really understand why to put this test there at all. Ajaxterm service is run with start-stop-daemon --pidfile option, and the pid file cannot be written in /var/run as a standard user, which means the service can be started but not stopped by non-privileged user. However, standard user can run their own instances. Cheers, Julien
Bug#364005: libdspam-drv-mysql fails to install
Hi, I saw you have filed a bug against dspam for this problem. It should been moved to libdspam7-drv-mysql and should also be more complete in my opinion. Please see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361384 which is the same problem. Cheers, Julien Le vendredi 21 avril 2006 à 00:31 +0200, Francisco Javier F. Serrador a écrit : > Package: dspam > Version: 3.6.4-3 > Severity: grave > Justification: renders package unusable > > libdspam-drv-mysql fails to install > > > -- System Information: > Debian Release: testing/unstable > APT prefers testing > APT policy: (500, 'testing') > Architecture: i386 (i686) > Shell: /bin/sh linked to /bin/bash > Kernel: Linux 2.6.15-1-k7 > Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) > > Versions of packages dspam depends on: > ii adduser 3.85 Add and remove users and groups > ii libc6 2.3.6-7GNU C Library: Shared libraries > pn libdspam7 (no description available) > ii libldap2 2.1.30-8 OpenLDAP libraries > ii procmail 3.22-15Versatile e-mail processor > > Versions of packages dspam recommends: > pn clamav-daemon (no description available) > pn dspam-doc (no description available) > > >
Bug#351532: freeloader fails to fire up from terminal
Hi, Thanks for testing. > I ran a check to see which package provides for khashmir.py and as you > can see from the the output below it was provided by > bittorrent-4.2.1.linux from from mentors.debian.net by Sam Morris which > I recalled I built from source. OK, then I think it is more sure to make freeloader depend on bittorrent << 4.0, even if this package has not yet entered the official repository. I will of course forward this upstream, as this may be of great importance for the future of freeloader. > Purging bittorrent-4.2.1.linux (i.e. dpkg -P bittorrent-4.2.1.linux) > alone could not get freeloader to start as > /usr/lib/python2.3/site-packages/khashmir was supposedly not empty and > thus not removed. Freeloader does depend on bittorrent python module, which is provided by bittorrent package itself. In your case, you have to uninstall bittorrent-4.2.1.linux, and install bittorrent from the official archive, or wait until a new version of freeloader supports bittorrent > 4. Cheers, Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#351532: freeloader fails to fire up from terminal
Hi, > File "/usr/lib/python2.3/site-packages/BitTorrent/download.py", line 56, in > ? > from khashmir.utkhashmir import UTKhashmir > File "/usr/lib/python2.3/site-packages/khashmir/utkhashmir.py", line 11, in > ? > import khashmir, knode > File "/usr/lib/python2.3/site-packages/khashmir/khashmir.py", line 18, in ? > from BitTorrent.defaultargs import common_options, rare_options > File "/usr/lib/python2.3/site-packages/BitTorrent/defaultargs.py", line 32, > in ? > basic_options = [ > NameError: name '_' is not defined It seems that this problem is caused by the fact you use Khashmir, which is not included in Debian. I don't know Khashmir, but looking in the CVS, it seems that this project is quite old, or even dead. Can you please explain how it interacts with Bittorrent? Cheers, Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#347324: freeloader: Fails to start on sid
Hi Guilherme, May you please answer the previous questions, as this bug really annoys me, and prevents me from uploading a new package. Thanks Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#347324: freeloader: Fails to start on sid
Hi, I can't reproduce this problem. Could you please ensure that /usr/share/freeloader/pixmaps/freeloader_icon.svg file wasn't altered? Can you open it with: display /usr/share/freeloader/pixmaps/freeloader_icon.svg Cheers, Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#345596: freeloader: fails to start on sarge
Le lundi 02 janvier 2006 à 18:19 +, Ben Hutchings a écrit : > > I've actually succeeded in making it build and run in sarge with some > quite small changes, so it might be worth leaving the dependencies as > they are. I'm attaching a patch that addresses all the issues I > originally mentioned. This also puts the changes you made to > configure > (in patch 01_disable_modules_check.dpatch) into configure.ac along > with > the change needed to accept gnome.vfs in place of gnomevfs, as I > believe > it is considered bad practice to patch generated files such as > configure > scripts. May you please add the attachment? Cheers, Julien
Bug#345596: freeloader: fails to start on sarge
Le lundi 02 janvier 2006 à 04:10 +, Ben Hutchings a écrit : > Package: freeloader > Version: 0.3-3 > Severity: grave > Tags: patch > Justification: renders package unusable I don't think the fact that a package from the unstable distribution cannot be used on Sarge is not a justification for a grave status. [...] > With this second change, the program is barely functional, but > continues to print error messages that suggest to me it requires > a more recent version of python-gnome2 than that in sarge. I agree, thus I changed dependencies so that python-gnome2, python-glade2 and python-gtk2 are at least 2.10 (current testing and unstable versions). The problem will be fixed in the next upload. Thanks for your report. Cheers, Julien
