Bug#820003: Acknowledgement (sparkleshare: SIGSEV while starting sparkleshare)
severity 820003 minor retitle 820003 SIGSEV when starting sparkleshare with already running instance Ok, this seems to only happen when there's another sparkleshare instance running. I guess this should be handled more cleanly, but downgrading. Neil --
Bug#820003: sparkleshare: SIGSEV while starting sparkleshare
Package: sparkleshare Version: 1.5.0-1 Severity: grave Justification: renders package unusable After installing sparkleshare on a clean stretch system, it successfully loads the initial setup screen. However, then trying to "sparkleshare start" or "sparkleshare open" produces the attached log. Neil -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages sparkleshare depends on: ii git 1:2.8.0~rc3-1 ii gnome-icon-theme3.12.0-1 ii gvfs1.26.2-1+b1 ii libappindicator3-0.1-cil12.10.0+git20151221-3 ii libc6 2.22-5 ii libgdk3.0-cil 2.99.3-2 ii libgio3.0-cil 2.99.3-2 ii libglib3.0-cil 2.99.3-2 ii libgtk3.0-cil 2.99.3-2 ii libjs-jquery1.11.3+dfsg-4 ii libmono-corlib4.5-cil 4.2.1.102+dfsg2-6 ii libmono-posix4.0-cil4.2.1.102+dfsg2-6 ii libmono-system-core4.0-cil 4.2.1.102+dfsg2-6 ii libmono-system-xml4.0-cil 4.2.1.102+dfsg2-6 ii libmono-system4.0-cil 4.2.1.102+dfsg2-6 ii libnotify3.0-cil3.0.3-3 ii libpango3.0-cil 2.99.3-2 ii libwebkitgtk3.0-cil 2.0.0+git20151221-3 ii mono-runtime4.2.1.102+dfsg2-6 Versions of packages sparkleshare recommends: ii python 2.7.11-1 ii python-nautilus 1.1-4 sparkleshare suggests no packages. -- no debconf information 18:52:13 | Environment | SparkleShare version: 1.5.0, Operating system: Unix (Unix 4.4.0.1) 18:52:13 | Auth | Imported key '/home/maulkin/.config/sparkleshare/2016-04-04_18h46.key' 18:52:13 | Auth | The following keys may be used: 4096 SHA256:QuoYgcA3KOY6A8p019Qu9uah766+jEFno10HDDAKqG0 /home/maulkin/.config/sparkleshare/2016-04-04_18h46.key (RSA) 2048 SHA256:nA3spgEphhQG4pBtn8dfpn51S2P/WTZRDl9YkPxFWvc maulkin@camblue (RSA) 2048 SHA256:UgPAzaGuk2yHdt930+dDKYnsYap8Qzgca9kurZruDGU maulkin@cheddar (RSA) 2048 SHA256:MHUQlmA8WLABm0TRa1Q0ZJqck1KL2+KS01vJZ0W+7f8 maul...@feta.halon.org.uk (RSA) (process:30010): Gtk-CRITICAL **: gtk_settings_get_for_screen: assertion 'GDK_IS_SCREEN (screen)' failed (process:30010): GLib-GObject-CRITICAL **: g_object_get_qdata: assertion 'G_IS_OBJECT (object)' failed Stacktrace: at <0x> at (wrapper managed-to-native) Gtk.Label.gtk_label_new_with_mnemonic (intptr) <0x> at Gtk.Label..ctor (string) <0x001bf> at Gtk.Label..ctor () <0xf> at SparkleShare.SparkleUI..ctor () <0x00153> at SparkleShare.Program.Main (string[]) <0x0052b> at (wrapper runtime-invoke) .runtime_invoke_void_object (object,intptr,intptr,intptr) <0x> Native stacktrace: mono() [0x4a008f] mono() [0x4f3a9e] mono() [0x426cf9] /lib/x86_64-linux-gnu/libpthread.so.0(+0x10d30) [0x7f18da045d30] /usr/lib/x86_64-linux-gnu/libgtk-3.so.0(+0x2ba2c9) [0x7f18d4a962c9] /usr/lib/x86_64-linux-gnu/libgtk-3.so.0(+0x169408) [0x7f18d4945408] /usr/lib/x86_64-linux-gnu/libgtk-3.so.0(+0x17d053) [0x7f18d4959053] /usr/lib/x86_64-linux-gnu/libgtk-3.so.0(+0x16a75c) [0x7f18d494675c] /usr/lib/x86_64-linux-gnu/libgtk-3.so.0(+0x17cf49) [0x7f18d4958f49] /usr/lib/x86_64-linux-gnu/libgtk-3.so.0(+0x17cfe4) [0x7f18d4958fe4] /usr/lib/x86_64-linux-gnu/libgtk-3.so.0(+0x16b2d2) [0x7f18d49472d2] /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_type_create_instance+0x1b7) [0x7f18d64a6317] /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(+0x1531b) [0x7f18d648831b] /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_object_newv+0xd1) [0x7f18d6489c01] /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_object_new+0x104) [0x7f18d648a534] /usr/lib/x86_64-linux-gnu/libgtk-3.so.0(+0x18506a) [0x7f18d496106a] /usr/lib/x86_64-linux-gnu/libgtk-3.so.0(+0x34db1c) [0x7f18d4b29b1c] /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_type_create_instance+0x1b7) [0x7f18d64a6317] /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(+0x1531b) [0x7f18d648831b] /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_object_newv+0xd1) [0x7f18d6489c01] /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_object_new+0x104) [0x7f18d648a534] /usr/lib/x86_64-linux-gnu/libgtk-3.so.0(gtk_label_new_with_mnemonic+0x19) [0x7f18d49d9489] [0x411b6300] Debug info from gdb: = Got a SIGSEGV while executing native code. This usually indicates a fatal error in the mono runtime or one of the native libraries used by your application. =
Bug#773318: clamav dies/hangs
Hi, On Sat, Dec 20, 2014 at 12:12:13PM +0100, Andreas Cadhalpun wrote: Control: tags 773041 security Control: severity 773041 grave Justification: causes remote denial of service For info, I saw this a few days ago and reported it to the security team. It is indeed available in the wild, and is caused by the malformed CAB file. The version in wheezy and wheezy-updates will need separate fixes, as they change how they use libmspack, though the actual fix seems to be fairly trivial. The version in sid/jessie uses the packaged libmspack, so it'll need fixing there. As it shows that clamd hangs in libmspack, I think this is bug #773041 [1]. A possible fix is mentioned in [2]. We'll have to include it in the libmspack copy embedded in clamav, which is used in wheezy. 1: https://bugs.debian.org/773041 2: https://bugs.debian.org/773041#8 Thanks, Neil signature.asc Description: Digital signature
Bug#658139: NMU to fix this bug made to delayed/7
package evince unarchive 658139 found 658139 3.8.3-2 thanks It looks like the latest package upload did not ack the NMU. Which means this bug is back. Neil On Thu, Nov 08, 2012 at 11:37:43AM -0800, Don Armstrong wrote: I have uploaded an NMU which fixes this bug to delayed/7. The diff for the NMU is attached. Don Armstrong -- Sometimes I wish I could take back all my mistakes but then I think what if my mother could take back hers? -- a softer world #498 http://www.asofterworld.com/index.php?id=498 http://www.donarmstrong.com http://rzlab.ucr.edu diff -Nru evince-3.4.0/debian/changelog evince-3.4.0/debian/changelog --- evince-3.4.0/debian/changelog 2012-08-29 17:28:06.0 -0700 +++ evince-3.4.0/debian/changelog 2012-11-08 10:34:13.0 -0800 @@ -1,3 +1,13 @@ +evince (3.4.0-3.1) unstable; urgency=low + + * Non-maintainer Upload + * Support the rest of the mime types that evince used to support in +evince-gtk.mime and evince.mime. Closes: #658139. This also fixes +#619564, #627027, and #551734 which were related to evince.mime and +evince-gtk.mime. #581441 was fixed in shared-mime-info/1.0. + + -- Don Armstrong d...@debian.org Thu, 08 Nov 2012 10:32:12 -0800 + evince (3.4.0-3) unstable; urgency=low [ Josselin Mouette ] diff -Nru evince-3.4.0/debian/control evince-3.4.0/debian/control --- evince-3.4.0/debian/control 2012-08-29 17:32:50.0 -0700 +++ evince-3.4.0/debian/control 2012-11-08 11:09:28.0 -0800 @@ -7,7 +7,7 @@ Section: gnome Priority: optional Maintainer: Debian GNOME Maintainers pkg-gnome-maintain...@lists.alioth.debian.org -Uploaders: Frederic Peters fpet...@debian.org, Michael Biebl bi...@debian.org +Uploaders: Michael Biebl bi...@debian.org Build-Depends: cdbs (= 0.4.90), debhelper (= 8), dpkg-dev (= 1.16.1), diff -Nru evince-3.4.0/debian/evince-gtk.mime evince-3.4.0/debian/evince-gtk.mime --- evince-3.4.0/debian/evince-gtk.mime 1969-12-31 16:00:00.0 -0800 +++ evince-3.4.0/debian/evince-gtk.mime 2012-11-08 10:30:34.0 -0800 @@ -0,0 +1,21 @@ +application/pdf; evince %s; test=test -n $DISPLAY; nametemplate=%s.pdf; priority=5 +application/x-pdf; evince %s; test=test -n $DISPLAY; nametemplate=%s.pdf; priority=5 +application/x-bzpdf; evince %s; test=test -n $DISPLAY; nametemplate=%s.pdf.bz2; priority=5 +application/x-gzpdf; evince %s; test=test -n $DISPLAY; nametemplate=%s.pdf.gz; priority=5 +application/postscript; evince %s; test=test -n $DISPLAY; nametemplate=%s.ps; priority=5 +application/x-bzpostscript; evince %s; test=test -n $DISPLAY; nametemplate=%s.ps.bz2; priority=5 +application/x-gzpostscript; evince %s; test=test -n $DISPLAY; nametemplate=%s.ps.gz; priority=5 +image/x-eps; evince %s; test=test -n $DISPLAY; nametemplate=%s.eps; priority=5 +image/x-bzeps; evince %s; test=test -n $DISPLAY; nametemplate=%s.eps.bz2; priority=5 +image/x-gzeps; evince %s; test=test -n $DISPLAY; nametemplate=%s.eps.gz; priority=5 +application/x-dvi; evince %s; test=test -n $DISPLAY; nametemplate=%s.dvi; priority=5 +application/x-gzdvi; evince %s; test=test -n $DISPLAY; nametemplate=%s.dvi.gz; priority=5 +application/x-bzdvi; evince %s; test=test -n $DISPLAY; nametemplate=%s.dvi.bz2; priority=5 +image/vnd.djvu; evince %s; test=test -n $DISPLAY; nametemplate=%s.djvu; priority=5 +application/x-cbr; evince %s; test=test -n $DISPLAY; nametemplate=%s.cbr; priority=4 +application/x-cbt; evince %s; test=test -n $DISPLAY; nametemplate=%s.cbt; priority=4 +application/x-cbz; evince %s; test=test -n $DISPLAY; nametemplate=%s.cbz; priority=4 +application/x-cb7; evince %s; test=test -n $DISPLAY; nametemplate=%s.cb7; priority=4 +image/tiff; evince %s; test=test -n $DISPLAY; nametemplate=%s.tiff; priority=3 +application/oxps; evince %s; test=test -n $DISPLAY; nametemplate=%s.xps; priority=3 +application/vnd.ms-xpsdocument; evince %s; test=test -n $DISPLAY; nametemplate=%s.xps; priority=3 diff -Nru evince-3.4.0/debian/evince.mime evince-3.4.0/debian/evince.mime --- evince-3.4.0/debian/evince.mime 2012-08-29 17:27:46.0 -0700 +++ evince-3.4.0/debian/evince.mime 2012-11-08 10:30:34.0 -0800 @@ -1 +1,21 @@ application/pdf; evince %s; test=test -n $DISPLAY; nametemplate=%s.pdf; priority=5 +application/x-pdf; evince %s; test=test -n $DISPLAY; nametemplate=%s.pdf; priority=5 +application/x-bzpdf; evince %s; test=test -n $DISPLAY; nametemplate=%s.pdf.bz2; priority=5 +application/x-gzpdf; evince %s; test=test -n $DISPLAY; nametemplate=%s.pdf.gz; priority=5 +application/postscript; evince %s; test=test -n $DISPLAY; nametemplate=%s.ps; priority=5 +application/x-bzpostscript; evince %s; test=test -n $DISPLAY; nametemplate=%s.ps.bz2; priority=5 +application/x-gzpostscript; evince %s; test=test -n $DISPLAY;
Bug#716917: intel-microcode: Configuring the package completely blocks apt
On Sun, Jul 14, 2013 at 08:02:03PM +0200, Nicolas Patrois wrote: Today (07-14-2013), updating intel-microcode completely blocks aptitude (and dpkg as well). Hi, For info, this does not occur using apt-get on a Thinkpad X220. Neil -- signature.asc Description: Digital signature
Bug#678979: request freeze exception for slony1-2
user debian-rele...@packages.debian.org usertags 678979 wheezy-will-remove thanks On Sat, Mar 16, 2013 at 12:44:15PM -0400, Peter Eisentraut wrote: On Sat, 2013-03-16 at 11:38 +, Adam D. Barratt wrote: On Sun, 2012-10-07 at 14:30 +0200, Mehdi Dogguy wrote: On 21/09/2012 04:58, Peter Eisentraut wrote: According to bug #678979 [0], which was submitted by the lead upstream developer, slony 2.0 does not work well with postgresql 9.1. Therefore, we had to resolve to making an upgrade to slony version 2.1, and I request that that be allowed into wheezy now. [...] Unfortunately, we are not able to accept such large changes at this stage of the freeze. [2] Since slony in Debian have little popcon, does it make sense to skip the Wheezy release? iow, remove slony from wheezy (since it doesn't work and we are not able to accept the new one). Alternatively, we could very well accept a targeted fix based on current Wheezy's version… (correct me if I'm wrong), the discussion in #678979 made me think that it was not possible to extract a minimal patch. Ping? As far as I'm concerned, the matter is closed. The above doesn't actually help, as I generally don't like trying to read maintainers minds. In the absence of further action, I'm tagging this wheezy-will-remove. Neil -- signature.asc Description: Digital signature
Bug#538822: Postpone fix for 540512 and 538822 till after release (dash and sh diversions)
Control: tag 540512 +wheezy-ignore Control: tag 538822 +wheezy-ignore This is obviously not going to get fixed this time. Adding ignore tags. On Wed, Nov 07, 2012 at 08:40:58PM +0100, Paul Gevers wrote: There has been a small discussion about dash RC bugs 538822 and 540512 in the bts and the general idea is to postpone the proper fix (again) till after the release. Do you agree, and if so, can you tag this bug appropriate as wheezy-ignore? If you do, these bugs should again affects release-notes as well. I believe the previous text in the release-notes were fine. Neil -- signature.asc Description: Digital signature
Bug#699016: Fails to download videos
Package: metacafe-dl Version: 2008.07.23-2 Severity: grave Hi, metacafe-dl doesn't seem to work anymore, possibly due to #688997. In any case, metacafe-dl is currently a candidate to be removed from wheezy unless something is fixed. Neil -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages metacafe-dl depends on: ii python 2.7.3~rc2-1 ii youtube-dl 2012.02.27-1 metacafe-dl recommends no packages. metacafe-dl suggests no packages. -- debconf-show failed -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#699018: Depends on about-to-go-away youtube-dl
Package: freevo Severity: grave Hi, Youtube-dl is about to be removed from testing. As freevo depends on it, it is also a candidate for removal. Please let debian-rele...@lists.debian.org know how you plan on handling this issue. Thanks, Neil -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- signature.asc Description: Digital signature
Bug#657281: src/java/org/apache/fop/pdf/ sRGB Color Space Profile.icm is non-free [was: Re: Bug#657281: Any news on this?]
On Mon, Dec 17, 2012 at 12:42:14AM +0100, alberto fuentes wrote: Since its being a while without response and we are getting closer to release, i was thinking about requesting a wheezy-ignore for the bug or something to the release team I'm not happy adding an ignore tag if there isn't any evidence of progress being made. (FWIW, contacting debian-release is useful if you want a ignore tag) Neil -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#570516: Tagging wheezy-ignore
Control: tag 570516 +wheezy-ignore This probably isn't going to get fixed, even if it still exists. Tagging wheezy-ignore. Neil -- signature.asc Description: Digital signature
Bug#681138: Not found in wheezy
Control: notfound #681138 4.0.4debian2 I couldn't reproduce this in 4.0.4debian2, marking as such. Neil -- signature.asc Description: Digital signature
Bug#681426: closed by Daniel Baumann daniel.baum...@progress-technologies.net (Bug#681426: fixed in syslinux-themes-debian 12-1)
On Sun, Nov 11, 2012 at 12:39:35PM +0100, Daniel Baumann wrote: On 11/11/2012 11:26 AM, intrigeri wrote: Anything left to be done before filing an unblock request? like said, when live-build has been updated, syslinux-themes will be updated too, and then someone can ask for unblocks. The package in question has a load of .git changes in it. I'm not sure how these appeared, but they probably shoudn't be there. Neil -- signature.asc Description: Digital signature
Bug#681138: Processed: Not found in wheezy
Control: fixed #681138 4.0.4debian2-3.2
Apparently the below doesn't work. So I'm marking it as fixed. *sigh*
On Sat, Jan 26, 2013 at 03:09:09PM +, Debian Bug Tracking System wrote:
Processing control commands:
notfound #681138 4.0.4debian2
Bug #681138 {Done: Thomas Mueller thomas.muel...@tmit.eu} [owncloud]
owncloud: setup sets wrong db entrys which prevent using cal/carddav
There is no source info for the package 'owncloud' at version '4.0.4debian2'
with architecture ''
Unable to make a source version for version '4.0.4debian2'
Ignoring request to alter found versions of bug #681138 to the same values
previously set
--
681138: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681138
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
signature.asc
Description: Digital signature
Bug#695716: status update
Control: tag -1 +wheezy-ignore On Mon, Jan 21, 2013 at 07:15:49PM +, Robert Lemmen wrote: b) the release team could decide to simply wheezy-ignore this bug since a fixed version is in unstable and this is only a DFSG-problem, i.e. something we *decide* we don't want in main rather than something that we are not allows to diistribute in the current form. Doing so with this mail. FWIW, it's customary to contact debian-release for requests like this. Neil -- signature.asc Description: Digital signature
Bug#582774: Adding wheezy-ignore tag
Control: tag -1 +wheezy-ignore This doesn't seem to actually affect wheezy in a user-environment. Thus adding wheezy-ignore tag. Neil -- signature.asc Description: Digital signature
Bug#697847: [Pkg-ace-devel] Bug#697847: missing source for Win32 binaries
On Thu, Jan 10, 2013 at 09:26:37PM +0100, Thomas Girard wrote: Since my GPG key has expired, I will not be able to upload this in a timely fashion, so you can consider this email as a call for NMU. For info, you can simply change the expiration date... Neil -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#591969: Bug#695158: Bug#591969: Bug#695158: wheezy-ignore tag for RC bug #591969 in typo3-src
tags 591969 + wheezy-ignore thanks On Wed, Dec 05, 2012 at 03:56:11PM +0100, Christian Welzel wrote: Am 05.12.2012 13:07, schrieb Neil McGovern: Can someone explain: 1) Why there were no updates to the bug between December 2010 and June 2012? The bug could not be resolved, so i didnt see any reason to update it. Work was going on in the background to fix this (libjs-swfobject, libjs-swfupload and swftools are my packages to get this one resolved). Take a look into the changelog for exact dates of introduction. In general, it's a good idea to update bugs with progress, especially RC ones. Otherwise, people may assume that nothing is being done and would be able to 0-day NMU it. 2) What action is being taken to resolve the unbuildability of the AS1 SWFs? Nothing. There is simply no open source AS1 compiler. 3) What action is being taken to resolve the bugs in as3compile (with bugrefs?) Nothing. as3compile simply lacks the support for some of the language constructs used in the code. So, it looks like this bug isn't going to get fixed :( 4) How likely it is that this bug will be fixed before jessie? I dont know. TYPO3 currently ships version 6.0, when jessi comes it will be surely 6.6+. 4.5 is outdated but a LTS version with support by upstream until 04-2014. TYPO3 6.0 introduced another big chunk of AS3 code (flowplayer) which surely cannot be build in main until flex-sdk hits the archive. I skipped packaging of 4.6 and 4.7 already because of not buildable flash files. Hrm. This doesn't quite cover the expected lifetime of Wheezy. 5) Why simply not removing the package would be a better idea? Perhaps this is the better choice, as most new TYPO3 projects will use 6.0 or newer. I think many of the currently running installations are 4.6 or 4.7, and only a minority is at 4.5 currently. It's a judgement call, but given the LTS promise from upstream, I'll add a wheezy-ignore tag to this. I'd like to be clear that this will not be repeated for Jessie, but hopefully 6.0 will be in the archive then and this bug can be closed. Neil -- signature.asc Description: Digital signature
Bug#591969: Bug#695158: wheezy-ignore tag for RC bug #591969 in typo3-src
On Tue, Dec 04, 2012 at 08:01:58PM +0100, Tobias Hansen wrote: the discussion in RC bug #591969 ended with a call for a wheezy-ignore tag. The bug was also tagged squeeze-ignore. What does the release team say? In general, I'm fairly loathed to add a *second* release ignore tag. Can someone explain: 1) Why there were no updates to the bug between December 2010 and June 2012? 2) What action is being taken to resolve the unbuildability of the AS1 SWFs? 3) What action is being taken to resolve the bugs in as3compile (with bugrefs?) 4) How likely it is that this bug will be fixed before jessie? 5) Why simply not removing the package would be a better idea? Neil -- signature.asc Description: Digital signature
Bug#692613: Wheezy-ignore for good-not-evil bugs
tags 692614 + wheezy-ignore tags 692619 + wheezy-ignore tags 692624 + wheezy-ignore tags 692625 + wheezy-ignore tags 692627 + wheezy-ignore tags 692628 + wheezy-ignore tags 692629 + wheezy-ignore tags 692630 + wheezy-ignore tags 692631 + wheezy-ignore tags 692613 + wheezy-ignore tags 692615 + wheezy-ignore tags 692626 + wheezy-ignore tags 692621 + wheezy-ignore thanks These bugs aren't gonna get fixed in time - tagging ignore appropriately. Neil -- signature.asc Description: Digital signature
Bug#681687: missing mime entry
On Sun, Jul 22, 2012 at 01:51:32PM -0700, Steve Langasek wrote: If it's the solution that the TC decide on to resolve the issue, it sounds like something we could work with, at least imho, from what I've seen so far. I've CCed -release for any further comments, as I don't know how many members of the team are following -ctte and/or this bug. Broadly speaking, I think the correct long-term solution is to first add support to update-mime for reading both .desktop files and mime files, and then to update policy to tell maintainers to use .desktop files instead of mime files. And I think it's better for Debian if we can get the first part done prior to the wheezy release. But I would like the release team to make their own determination of whether the patch that's currently up for consideration is of sufficient quality, and sufficiently safe, to be granted a freeze exception. I completely agree with getting rid of the manual mime entries where they can be automatically generated. I have concerns that the .desktop format means that it won't work for some packages, but those could always carry manual entires. However, I really do think that pushing in a system wide change at this stage in the release is not desireable at all, so woudn't be happy to see it in Wheezy. If we wanted to do this, it should have been started about two years ago. I *would* however, be very happy to have this as a release goal for wheezy+1. Neil -- signature.asc Description: Digital signature
Bug#658139: missing mime entry
Hi, On Tue, Jul 17, 2012 at 11:45:42PM +0200, Michael Biebl wrote: If a missing mime file would mean an RC bug, this would instantly make 514 packages RC buggy. Interestingly, the particular section in the Debian policy is a should directive, not a must, so I don't understand the reasons for making #658139 RC. For info, I do not consider all packages missing a mime file to be RC buggy. I consider #658139 RC. Creating and keeping those mime files up-to-date is probably okay if you maintain a single package or you need some of the special features that mime-support provides. It adds up though, if you maintain multiple packages. As maintainers time is limited and valuable I'd rather see it spent for really important issues and simply get the patch in [1] applied to mime-support which auto-generates those mime entries for legacy apps which don't yet support the xdg mime spec [2]. As I understand it, there are still a number of issues with this approach (.desktop files do not contain enough information to get argument ordering correct in all cases, and it's far too late to start using a new auto-generation system this late in the cycle). I also disagree that http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23658139#29 is justification for this bug. There is a two line patch that reintroduces this file, and will not cause issues for the eventual solution (when it finally exists) that the maintainer prefers. Deliberately breaking functionality because the maintainer a) doesn't agree with policy and/or wants to use the package as a stick for others to do work does not to me seem to be the correct action to take. Neil -- signature.asc Description: Digital signature
Bug#651795: linux-3.1 is not supported by upstream
On Tue, Jul 10, 2012 at 04:26:17PM +0200, Patrick Winnertz wrote: this is not that bad than it sounds as lustre is a very very specific kind of software, which is rarely/not at all used by normal users. Hi, I don't think this is RC from a FTBFS point of view, but I'm not entirely sure about if it would be policy compliant. The simplest way of fixing this would be to move it from main to contrib - would you be willing to do this as maintainer? Thanks, Neil -- signature.asc Description: Digital signature
Bug#672210: songwrite: fixing RC bug would require new source package
On Wed, Jul 04, 2012 at 08:34:24AM +0200, Ralf Treinen wrote: songwrite is currently orphaned and has an RC bug #672210. The problem is that the version of songwrite is much too old, in fact upstream has since october 2007 (!) moved from songwrite to songwrite2. IMHO, fixing #672210 would require to upload a *new* package songwrite2, and make songwrite a transitional package to songwrite2. Would it still be possible to get this into wheezy ? Hi, I'm afraid it's far too late to get songwrite2 in for Wheezy. Either this particular bug needs to be fixed (possibly by changing the struct.pack to be an unsigned byte), or we can remove it from testing. Thanks, Neil -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#677961: fails to update calibration data on device
Package: colorhug-client Version: 0.1.9-2 Severity: grave Hi! Colourhug 0.1.9 has an issue with colorhug-ccmx where it fails to update the stored calibration data on the device. This leads to 'aperture closed' messages when attempting to calibrate. This has been fixed upstream at 0.1.10, see https://groups.google.com/forum/?fromgroups#!topic/colorhug-users/tMFxVTUH56U It would be good to get this new version in real soon now, as the freeze is happening very shortly! Thanks! Neil -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages colorhug-client depends on: ii dconf-gsettings-backend [gsettings-backend] 0.12.1-1 ii libatk1.0-0 2.4.0-2 ii libc62.13-33 ii libcairo-gobject21.12.2-1 ii libcairo21.12.2-1 ii libcanberra-gtk3-0 0.28-4 ii libcanberra0 0.28-4 ii libcolord1 0.1.21-1 ii libcolorhug1 0.1.9-2 ii libgdk-pixbuf2.0-0 2.26.1-1 ii libglib2.0-0 2.32.3-1 ii libgtk-3-0 3.4.2-1 ii libgusb2 0.1.3-4 ii libpango1.0-01.30.0-1 ii libsoup2.4-1 2.38.1-2 ii libusb-1.0-0 2:1.0.11-1 colorhug-client recommends no packages. Versions of packages colorhug-client suggests: ii argyll 1.4.0-4 ii gnome-color-manager 3.4.2-1 -- debconf-show failed -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#598135: Severity
Hia, I'm currently wondering why #598135 is RC. Would someone care to explain what I'm missing? :) Thanks, Neil -- [local irc server has just been brought up] godog suddenly there's quite some silence in the hacklab -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#566650: Bug #566650: Please unblock dtc 0.32.2-1
On Mon, Nov 08, 2010 at 10:47:54PM +0800, Thomas Goirand wrote: As it stands, it's unreasonable to even try working on the 0.30.x branch for Squeeze, given the short amount of time remaining. I feel very sad about it, but as there's no way to convince the RT that the 0.32.x branch is in a very good shape for Squeeze (my users can tell it is...), I have to ask for the removal of src:dtc from testing. Please proceed if there's no way to change your mind about unblocking. I've had a look at the diff ( 425 files changed, 102770 insertions(+), 49242 deletions(-) ) ! and there's things in just the first few files that make this unsuitable for this stage of the freeze, and some worrying changes in general. Just picking through the file at complete random: - return Admin not found!; + return Admin $adm_login not found line .__LINE__. file .__FILE__; Would this lead to some information disclosure? dtc-0.30.20/admin/inc/dtc_config.php - huge set of changes, including a load of new features (Custom registration fields, a new radius implementation etc) dtc-0.32.5/admin/dtc_db.php and dtc-0.32.5/admin/dtc_import_all_dbs: looks like a load of changes to the database. A lot of: -form action=\.$_SERVER[PHP_SELF].\ method=\post\ +form action=\?\ method=\post\ Makes me wonder if this been through a search and replace tool. As this is such a small selection from what is a huge diff, I'm afraid I've gone with the suggestion and added the DTC removal hint. Neil -- pixie Ganneff is just a big cuddly teddy bear. pixie Our photo proves it. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#566650: Bug #566650: Please unblock dtc 0.32.2-1
- ask ftp masters for a removal of DTC in Squeeze, then I'll use backports.d.o (all my messages to this thread are to avoid this which would really make me sad for all the time of Squeeze until Wheezy...). If you guys stick to the above list, that's the only solution. We don't need to ask ftp masters here. It's just a matter of adding one line for Britney. Besides, please note that writing (many)long mails doesn't raise chances for an unblock. - allow a bit more than the above list, because version 0.30.x was never the target for Squeeze. Then, it should have been stopped from migrating or at least advertized as non-releasable in a bug report. -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ On Sat, Oct 16, 2010 at 04:00:33AM +0800, Thomas Goirand wrote: Hi Neil! First, I have listen to you in the this week in Debian podcast. It was fun. I wish I was living in Cambridge with 9 other DDs, I feel alone here in Shanghai (lucky, Li Daobing lives here now)! :) Neil McGovern wrote: Hi Thomas, Firstly, please accept my apologies for the lack of reply to your mail. As you can probably appreciate, there's a lot of work that the release team have to do. However, that doesn't mean you shoudn't have a mail back, so sorry. No worries, I do understand that the release team job is huge. :) What I understand less, is to not get answer *AND* get an unblock refusal *AND* a refusal to backport fixes though. Hrm. I seem to have message 4ca87e60.7000...@dogguy.org which indicates that there was indeed an answer, which was that we coudn't accept an upload through unstable, and backported fixes should go through t-p-u I believe that the previous discussions on this led to the conclusion that there is simply no way that the changes proposed could be reviewed. Was there actually a technical discussion? It's been now 3 months I'm asking for one! Let me try again this time, and see how it goes... I'm slightly confused by these dates, dtc 0.32.1-1 was uploaded on Sept 11, 2010. Your first mail about dtc dates back to Sept 12, 2010, so I can't see where the 3 months came from, especially since we've only been frozen for a couple of months :) I asked for authorization to have needed changes, particularly for removing some PHP_SELF clean-ups (keep in mind this is just an example), and in debian/control. I haven't started the backporting work because I am waiting for approval from the release team first. As above, I think we mentioned that backports should be preferred. My plan is to apply things like this: http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=1bbbd49d431b5427324133cea90ae21c89184afd Well, that's looks like it fixes a problem, but it doesn't look RC. and few other improvements (that I will have to review one by one in our Git). Some aren't RC per say, but I still don't feel comfortable leaving them in Squeeze (I didn't study the consequences of many fixes since I really didn't think this would be the outcome, and I think it would be a waste of time, when these fixes are known to be good improvements). There's at least one urgent critical issue (that I can't write here yet). Also, I need to change things in debian/control, because of changes between Lenny and Squeeze. Would that be accepted? It doesn't appear in the list above... Yet, for example, our support for NSSMySQL needs different packages (I would need to review each difference between the current Squeeze version and our Stable 0.32 that aimed at Squeeze). I am mentioning it, because I know it could be difficult to accept. We cannot accept or refuse without seeing a patch. So, please prepare a set of patches ready for review and send them. Please bear in mind though, that we're trying to release real soon now, so only directed fixes from the previous list should be worked on. Mehdi Dogguy wrote: Now, if you can show us what fixes you intend to backport, please go ahead. I'm here trying to understand what I'll be able to do or not, I don't really want to work for nothing. I guess nobody does, right? I'm not asking you to do some work for nothing. I'm asking for patches because that's what we review. We don't review technical fixes described in English only, sorry. Neil McGovern wrote: So in a way, yes. The size of the changeset is the reason it's being rejected. Please bear in mind the amount of emails we're getting to review diffs. Sure, but please understand. I never expected the RT to read the diff of 1 year of developments. I first thought I would have enough time to have 0.32 ready before the freeze, then before the tight freeze (I was 10 days late on that one). Now, because 0.30 wasn't aimed at Squeeze, we have a big issue. I wish to backport clean-ups and fixes, I am told that I can't, and that I can only make changes that you just mention below. Yet more are needed. Well, we certainly tell people that it's important
Bug#509287: squeeze-ignore for Bug #509287?
This mail should be sent to the debian-release mailing list, copying in. On Tue, Sep 14, 2010 at 12:32:57AM +0200, Erik Schanze wrote: please let me kindly ask for setting squeeze-ignore tag for serious Bug #509287. Afio has a problematic license, but in my opinion it should not block the squeeze release. We collected all possible information and discussed the topic with different persons. I'm sure it was intended as free software, even if the license is not 100% clear about that, but hey, is was 1985 and the guys did more hacking and sharing in newsgroups than developing license texts. Over the years this changed and nowadays we have many licenses you can compare, you could get already done analysis and choose the one which fits best. Please do not let die afio. Given that this had a lenny-ignore tag and has been open since December 2008, I'm not happy giving it a squeeze ignore tag. Please note that this isn't a comment on if the package severity is correct or not, or the interpetation of the licence means that it's free/contrib/non-free, it's just that I'm not happy ignoring this issue for yet another two years. Neil -- Tincho 'Maybe you can try to find a nice hotel by shouting in the Mexico DF streets where could a gringo find a decent hotel in this dirty third world lame excuse for a country?. I'm sure the people will rush to help you, as we south americans love to be called third world in a demeaning way.' -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#591862: maxima 'serious' bug fix missed freeze
On Wed, Sep 08, 2010 at 12:54:57PM -0500, Kumar Appaiah wrote: Hi! On Wed, Sep 08, 2010 at 12:36:41PM -0400, Camm Maguire wrote: Greetings! I uploaded a fix for 591862 together with a minor upstream point release that just missed the freeze. Would it be possible to permit the fixed version in unstable to migrate, or should a patch to the testing version be prepared? In case of the latter, I cannot upload such to unstable due to the version number mismatch, yet http://lists.debian.org/debian-devel-announce/2010/09/msg0.html seems to instruct thus. I would greatly appreciate letting the unstable version migrate if possible. This is a leaf package, and a notable bug upstream has been fixed as well. While I support this request, I am afraid that the changes look to be too many, at least to me. I tried to isolate the relevant changes, but it has become very difficult since a lot of files (several possibly autogenerated). I was also unable to figure out which bug was fixed, in order to try and isolate the bug fix. I agree, this is almost impossible to review. We'll have to go down the t-p-u route. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li A40F862E -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#562945: runinit-run, releaseability thereof
On Mon, Aug 30, 2010 at 03:07:59PM +, Gerrit Pape wrote: On Fri, Aug 06, 2010 at 05:07:22PM +0100, Neil McGovern wrote: On Tue, Jul 27, 2010 at 10:54:12PM -0400, Don Armstrong wrote: Release team: if you think this bug makes runit-run unreleaseable, please indicate as such; otherwise I think it's reasonable for the maintainer to downgrade the severity of this bug if the maintainer feels that it is releasable. [If there's some disagreement as to whether it is releasable or not, that technical decision can of course be refered back to the ctte.] After some discussion, we feel that the fact that runit-run can be installed, and unless further manual action is taken, it will make the computer unbootable to indicate that the package is unreleaseable. This is not a fact, it's a false assertion unless you have a different understanding of unbootable than me. And it's not what this very bug report is about. I've yet to see a bug report against runit-run about unbootable while the package is included in the past two Debian releases sarge and lenny, and squeeze and sid. After installing runit-run the system boots into sysinit by running /etc/init.d/rcS and provides getties. Other init scripts are not run by default. Because of that, the administrator needs to be informed before installing this package to migrate essential services before rebooting, like sshd if local access is not possible. That still sounds like the package is unreleaseable. If you want to re-assign this back to tech-ctte to override the release team's decision, feel free to do so. Neil -- i get an error... i forget what it is ... but definitely an error, well, maybe a warning... or an informational message... but definitely an output - Verbatim quote from #debian, irc.freenode.net, Sat Jan 12 00:31:16 GMT 2008 signature.asc Description: Digital signature
Bug#505111: will suggest removal from testing
Well, it seems that other people haven't taken an interest in the bug, and we've now frozen, again. As there isn't a resolution in sight, I'll add a hint at the end of August for the removal of the package unless there's significant progress to fixing the issue. Neil -- liw the hacklab room is the one with a pirate flag, and a venezuelan flag, and a third flag liw the other hacklab room is the other hacklab room -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#591931: xprintmon: not really useful to release squeeze with it
On Fri, Aug 06, 2010 at 05:02:28PM +0200, Bernhard R. Link wrote: I do not think it makes sense to release xprintmon in squeeze. (Actually I think noone but me uses it, so I'm also considering to have it removed from unstable, but I most likely will not think enough about that before squeeze is released). Release team: Could you remove it from testing, please? Hint added. Neil -- Tolimar Debian women - porting the most succesfull operating system to the most unknown architecture -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#562945: runinit-run, releaseability thereof
On Tue, Jul 27, 2010 at 10:54:12PM -0400, Don Armstrong wrote: Release team: if you think this bug makes runit-run unreleaseable, please indicate as such; otherwise I think it's reasonable for the maintainer to downgrade the severity of this bug if the maintainer feels that it is releasable. [If there's some disagreement as to whether it is releasable or not, that technical decision can of course be refered back to the ctte.] After some discussion, we feel that the fact that runit-run can be installed, and unless further manual action is taken, it will make the computer unbootable to indicate that the package is unreleaseable. Thus, we consider this an RC bug. Thanks, Neil -- enrico What is a sane place to look for washing machines around Manchester? mhy enrico: the canals :-) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#588280: Bug #588280 (Atlas FTBFS)
Hi Debian Science team, I was wondering what your plans were with regard to Atlas and bug #588280? I don't particularly want to remove atlas and all its rdeps, but there hasn't been any activity or reply to that RC bug in a month now. Thanks, Neil -- Maulkin Damned Inselaffen. Oh, wait, that's me. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#554788: courier-authlib shlibs missing
Hi, With regards to #554788, is there a chance that this could be fixed, or even replied to? I really would rather not remove courier from testing. Neil -- enrico What is a sane place to look for washing machines around Manchester? mhy enrico: the canals :-) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#588150: libcups http bug
Hi there, Is there any plans to fix this bug? Thanks, Neil -- * DrFairlyEvil kills himself. Werefern DrFairlyEvil: Wait, you should give me your computer first! DrFairlyEvil Werefern: Bite me. It's coming with me. Werefern How selfish, you won't need it where you're going! DrFairlyEvil If a programmer commits suicide then they are cursed to an eternity working in support. I'll need a computer. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#512915: Downgrading
severity 512915 important thanks Looks like the consensus is that this isn't RC, though not desirable. Thus downgrading. -- +Mulligan Your folk tale is inconsistent and confusing. +Mulligan I shall round up your local population and tell them good CHRISTIAN folk tales. +Mulligan Then build churches on all your pagan temples in order to stamp out your heathen idolatry. @Ulthar How about I give you the finger, and you give me my temples back? +Mulligan Tell me Mr Ulthar. How will you gather faith when you have no followers? * Mulligan makes a gesture and converts everyone to Christianity. +Mulligan Wow. I think we just summarised 800 years of history in about six sentences. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#587463: Multi-retrying
Hia, I'd advise against just multiple retries, that won't fly from a release point of view as it'll need to be built reliably for security updates. Neil -- Sp3ct0L|ZcC dou you speak frensh ? -!- Sp3ct0L|ZcC [~spec...@86.211.34.66] has quit [autokilled: This host violated network policy. If you feel an error has been made, please contact supp...@oftc.net, thanks. (2006/10/30 17.06)] -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#527872: upgrading dbus or running the init script kills X
Hi all, Just to re-iterate from a release team PoV, this could really do with fixing. (for d-d readers, this is a awesome bug, where dbus upgrades kill X) This is holding up xcb-util, which is holding up python-visual, which is preventing the removal (finally!) of GTK 1 Thanks, Neil -- pixie hermanr_: I never studied german pixie I can just read some of it because it makes sense Tolimar . o O ( There is stuff Ganneff writes, which makes sense? ) signature.asc Description: Digital signature
Bug#527872: upgrading dbus or running the init script kills X
On Fri, Jul 24, 2009 at 01:50:02PM +0100, Neil McGovern wrote: Just to re-iterate from a release team PoV, this could really do with fixing. (for d-d readers, this is a awesome bug, where dbus upgrades kill X) This is holding up xcb-util, which is holding up python-visual, which is preventing the removal (finally!) of GTK 1 Thanks to those who helped on this. A patch is winging it's way to the BTS now. An expediant upload would be appreciated :) Neil -- Tolimar Debian women - porting the most succesfull operating system to the most unknown architecture signature.asc Description: Digital signature
Bug#512371: Please allow biofox 1.1.5-1 in Lenny.
On Sat, Jan 24, 2009 at 07:09:31PM +0900, Charles Plessy wrote:
http://people.debian.org/~naoliv/misc/debian-med/biofox_diff.txt
* New upstream release, compatible with Firefox 3 (Closes: #512371).
* Updated debian/watch.
Both ok.
* Use Debhelper 7 (idebian/co{ntrol,mpat}.
Not ok.
* Depend on ${misc:Depends} (debian/control).
* Converted debian/copyright to machine-readable format.
* New homepage (debian/control).
* Updated to Policy 3.8.0:
- added a get-orig-source target to debian/rules.
- wrote a README.source file explaining that upstream sources are in
Zip
format.
All fine
* The package now uses Upstream's biofox.jar instead of rebuilding it in
debian/rules.
Is this what happened to chrome/content/* ?
Neil
--
[..] Debian (in the form of a large, busy, and frequently stressed organising
team) has been able to organise food, accommodation and bandwidth [..]
-- Anthony AJ Towns
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#512371: Please allow biofox 1.1.5-1 in Lenny.
On Tue, Jan 27, 2009 at 07:53:53PM +0900, Charles Plessy wrote:
Hi Neil, thanks for your review.
Le Tue, Jan 27, 2009 at 10:45:30AM +, Neil McGovern a écrit :
* Use Debhelper 7 (idebian/co{ntrol,mpat}.
Not ok.
What's wrong, Debhelper or the typo? Most freeze exemptions I got so far (from
other release managers) included a Debhelper update.
The debhelper change, at this very very late stage in the release. Your
previous request was about a month and a half ago.
* The package now uses Upstream's biofox.jar instead of rebuilding
it in
debian/rules.
Is this what happened to chrome/content/* ?
Yes:
Ok, that's fine. Despite lots of whitespace changes / reindentation of
code, the actual diff seems ok. Could you upload to t-p-u with just
these changes and not the ones to the build system?
Neil
--
* stockholm bangs head against budget
h01ger outsch
stockholm h01ger: it is still very soft, i did not hurt myself
gwolf stockholm: But you bled on the budget, and now it's red again!
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#512371: Please allow biofox 1.1.5-1 in Lenny.
On Tue, Jan 27, 2009 at 08:56:29PM +0900, Charles Plessy wrote: Le Tue, Jan 27, 2009 at 11:36:54AM +, Neil McGovern a écrit : On Tue, Jan 27, 2009 at 07:53:53PM +0900, Charles Plessy wrote: The debhelper change, at this very very late stage in the release. Your previous request was about a month and a half ago. Is there a precise concern? Some problems that could arise with some of my other packages in Lenny that were made with Debhelper 7? Changing to a new version of a build system really isn't something that's garunteed to be 100% trouble free. Your other packages will have had more than a month, and I'd like to shin in less than a month. I spent a lot of time on biofox this week-end, but I would like to do someting else now… That's up to you, of course. I'd suggest a call for help, or a request for removal. Neil -- Tincho 'Maybe you can try to find a nice hotel by shouting in the Mexico DF streets where could a gringo find a decent hotel in this dirty third world lame excuse for a country?. I'm sure the people will rush to help you, as we south americans love to be called third world in a demeaning way.' -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#512371: [Debian-med-packaging] Bug#512371: Please allow biofox 1.1.5-1 in Lenny.
On Tue, Jan 27, 2009 at 07:22:28PM +0100, Andreas Tille wrote: Well, there was no response to my diff from RM so I guess it is accepted the way I tried to address their concerns. I just uploaded Thanks, ACCEPTed. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#512624: Lowering severity
severity 512624 important thanks This doesn't make the package unusable, or mostly so. Neil -- i get an error... i forget what it is ... but definitely an error, well, maybe a warning... or an informational message... but definitely an output Verbatim quote from #debian, irc.freenode.net, Sat Jan 12 00:31:16 GMT 2008 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#511551: Not RC
severity 511551 normal thanks This bug isn't RC, resetting severity to default. Neil -- tore Jump in and have a quim! signature.asc Description: Digital signature
Bug#239111: This won't get fixed for lenny
On Mon, Jan 12, 2009 at 07:39:01PM +0100, Robert Millan wrote: On Sat, Jan 10, 2009 at 10:10:58PM +, Neil McGovern wrote: tags 239111 +lenny-ignore tags 243835 +lenny-ignore tags 246111 +lenny-ignore tags 309218 +lenny-ignore tags 425367 +lenny-ignore thanks The grub + XFS issues are long standing and complicated go fix. This means that they're not going to get fixed in time for lenny. Hence adding lenny-ignore tags Hi Neil, As Rob pointed out there's a serious regression, and I plan to fix it really soon. So please remove the lenny-ignore tag. I'll believe it when I see it :) This has been 'fixed' many times, and it seems to be non-trivial. If we *do* end up with a fix, that'll be great; the RC bug gets closed (yay!). If not, I don't want to delay the release over it as we'll be putting it in the release notes (#511440). However, ccing -release so a RM can override my decision if they want. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#506766: Downgrading
severity 506766 important tags 506766 + moreinfo unreproducible thanks This hasn't been reproduced, so obviously doesn't affect everyone or the majority of people. Hence downgrading. -- return (test == true)? ( (test == false)? false : true) : ((test == false) ? false : true); signature.asc Description: Digital signature
Bug#504747: Removing
Removing from testing as maintainer doesn't seem to want it fixed. Neil -- * Tolimar votes for debconf7 to be somewhere where he speaks the language. Tolimar That would a veto for switzerland ;) Ganneff Tolimar: that also vetos germany signature.asc Description: Digital signature
Bug#508026: TPU upload
Hi, Can this patch be backported against the version in testing, and a TPU upload done? Thanks, Neil -- Tolimar I'll run a script, posting some of my wisdoms from time to time to the channel ;) signature.asc Description: Digital signature
Bug#508565: libf2c2 20061008-4.1 (Bug#508565, intend to NMU)
On Sat, Jan 03, 2009 at 04:15:17AM +0100, Evgeni Golov wrote: libf2c2 currently suffers from bad style on 64bit archs where a long is 8 bytes (see #508565 and #442018). Hi Evgeni, Please upload, and re-ping once it's hit unstable for unblocks and binNMUs. Thanks, Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 signature.asc Description: Digital signature
Bug#510348: Dillo removal
I've removed dillo from lenny, as it should be obvious that we can't accept a new gtk port at this time in the freeze. I've uploaded claws-mail in t-p-u, disabling the dillo plugin. Bug with diff to follow shortly. Thanks, Neil -- weasel dpkg: shut up dpkg No, I won't, and you can't make me. :P weasel hah. _I_ can signature.asc Description: Digital signature
Bug#510348: Dillo removal
On Sat, Jan 03, 2009 at 04:55:00PM +0100, Moritz Muehlenhoff wrote: On Sat, Jan 03, 2009 at 03:28:31PM +, Neil McGovern wrote: I've removed dillo from lenny, as it should be obvious that we can't accept a new gtk port at this time in the freeze. That's a fairly hasty decision and a severe regression to existing users given that about three percent of all popcon users have dillo installed and about one percent use it frequently. I did check popcon before adding my hint. A 30 second peek into the rules files shows that there's even a configure option to disable SSL support... It also seems to be gtk1.2, which was the other reason for removal. I'm not sure that the requirement to bring in gtk1.2 helps the case for a lightweight browser, especially as we're trying to remove gtk1. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510348: Dillo removal
On Sat, Jan 03, 2009 at 08:55:54PM +0100, Moritz Muehlenhoff wrote: On Sat, Jan 03, 2009 at 07:57:07PM +0100, Luk Claes wrote: Moritz Muehlenhoff wrote: Neil McGovern wrote: A 30 second peek into the rules files shows that there's even a configure option to disable SSL support... It also seems to be gtk1.2, which was the other reason for removal. I'm not sure that the requirement to bring in gtk1.2 helps the case for a lightweight browser, especially as we're trying to remove gtk1. Noone's trying to deprecate gtk1.2 for Lenny and for Squeeze the gtk2 based version can be uploaded. There were several efforts to reduce the dependency on gtk1.2, it's only unfortunate that most people were not convinced that we really wanted to get rid of gtk1.2 otherwise it would already have happened. I'm fully aware of that, actually I was involved in getting GTK1.2 removed. But it's not a valid argument against dropping Dillo at this point. Apologies, I may not have made it clear: I don't consider a browser without ssl support to be well featured enough for us. We've finally removed the rest of the ones that don't support it, and I'm not keen to introduce another. If you can fix this bug, then I'll look at reintroducing it. Thanks, Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#475737: Adding lenny-ignore
tags 475737 +lenny-ignore thanks Adding this tag as agreed with RT and Maintainer. Neil -- * stockholm calls netapp * stockholm calls someone else Ganneff you are typing random numbers on your phone? stockholm yes. my newest attempt to close our budget hole signature.asc Description: Digital signature
Bug#503907: diffstat
On Wed, Dec 24, 2008 at 12:23:03AM -0500, Asheesh Laroia wrote: I have a feeling that the libwebkit currently in sid and lenny is pretty broken, from the looks of this bug. Unfortunately, we don't seem to be able to get much/any response from the maintainers. It would have been really useful to have a comment recently. Is there any way that this library can be permitted to enter testing with all these changes? Not really, no. * Find the fix for this issue and backport it on top of 1.0.1-4 This would be preferred. * Remove libwebkit-1.0-1 from lenny Possible, but not something I'm too happy with given it's popcon. * Simply allow lenny to release with 1.0.1-4 that is this broken. Could anyone confirm how broken this is? Is it all sites, or a selection? Maintainers: do you have an opinion on this bug? Thanks, Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 signature.asc Description: Digital signature
Bug#491030: This isn't RC
severity 491030 important thanks This package contains documentation. It doesn't contain the docs you want. This doesn't make it unusable, or even mostly so. Please do not re-upgrade without discussion with the release team. Thanks, Neil -- [..] Debian (in the form of a large, busy, and frequently stressed organising team) has been able to organise food, accommodation and bandwidth [..] -- Anthony AJ Towns -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#507003: Please consider tagging this bug lenny-ignore (was: Bug#507003: initiatorname.iscsi should maybe not be in /etc)
tags 507003 +lenny-ignore thanks On Wed, Dec 03, 2008 at 12:33:52AM +0100, Carsten Hey wrote: This bug in open-iscsi is not a functional one and the package works quite well (although is against the policy). I consider the danger of a functional breakage through a possible fix before the release to high in comparison to the gain that would be accomplished by fixing this bug. Currently the submitter and a contributor (both DD's) are discussing whether the patch that is attached to this bug is broken or not ... Agreed. However, please note that the tag name is 'lenny-ignore' not 'squeeze-ignore'. This bug will need fixing soon after release. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 signature.asc Description: Digital signature
Bug#504875: Unblock suggestion: libggi
On Sun, Dec 14, 2008 at 10:38:05AM +0100, David Paleino wrote: On Thu, 11 Dec 2008 10:38:30 -0800 (PST), Asheesh Laroia wrote: Howdy Debian Releasers, I was examining the remaining Lenny RC bugs and found http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504875 via http://bts.turmzimmer.net/details.php?bydist=bothsortby=packagesfullcomment=on . This is an RC bug against libggi2-dev (in src:libggi). This issue is fixed in unstable, and the fix is a tiny patch, and the -3 release that is in sid corrects only that RC bug and the maintainer's email address. The fix is in unstable since Nov 08. Is there any plan unblocking libggi? Unblocked by Luk, but waiting on curses. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 signature.asc Description: Digital signature
Bug#507579: Suggested removal: yocto-reader (RC bug, depends on remote scripts).
On Sun, Dec 07, 2008 at 01:17:25PM +0900, Charles Plessy wrote: yocto-reader has a RC bug that was filed for multiple licensing issues. As there has been no progress on this report, removal hint added. Neil -- gwolf bah Germans. You just put 100 DDs in one country and then they all become friends of each other. signature.asc Description: Digital signature
Bug#502761: I suggest removing the call to emacspeakconfig and add a mention in README.Debian
On Thu, Nov 20, 2008 at 08:59:14PM -0600, Kumar Appaiah wrote: I would like to have emacspeak-28.0-4 and emacspeak-ss-1.12-2 unblocked. Failing that, I'll try to backport the debconf changes to the 26.0 package. Thanks for the explanation, James. I guess it's up to the release team to decide the next course of action. 356 files changed, 46727 insertions(+), 12432 deletions(-) Sorry, this'll need a t-p-u upload. Neil -- I've just won one million euros! Now I can spend it on that viagra stock options. I'd better contact the Nigerian prince I've just made friends with first though. I wonder if he can send me a pdf invoice... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503814: [Foo2zjs-maintainer] foo2zjs
On Mon, Nov 03, 2008 at 06:54:32PM +0100, Luca Capello wrote: FYI, the Release Team was asked for an advice on Sun, 26 October [2]. However, I know we (the Debian foo2zjs maintainers) decided to go to the tech-ctte just two days later... Indeed, hence the lack of comment. However, as this has been handed back, I'd like to say that the release team do not consider this issue, in this particular case, RC for lenny. ie: this bug should not have a severity greater than important. We reserve the right to consider other similar issues RC, or this to be upgraded after lenny. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 signature.asc Description: Digital signature
Bug#502753: blootbot: piuparts test fails: prompts without using debconf
severity 502753 normal thanks On Sun, Oct 19, 2008 at 04:07:56PM +0200, Lucas Nussbaum wrote: sh: /dev/tty: No such device or address It is reproducible by installing your package in a clean chroot - cleaned up using: debfoster -o MaxPriority=required -o UseRecommends=no -f -n apt debfoster Installs for me fine here. Please cite policy numbers in future if using severity = serious. Neil -- enrico What is a sane place to look for washing machines around Manchester? mhy enrico: the canals :-) signature.asc Description: Digital signature
Bug#495531: remove blobandconquer
On Wed, Sep 03, 2008 at 11:11:42PM +0200, Thomas Viehmann wrote: Hi, blobandconquer contains some non-DFSG-compliant material, as Guus, its maintainer, reports in #495531. Futhermore, he states I'm reporting this bug to prevent blobandconquer from getting released with lenny before this is fixed. Removal hint added. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#495968: remove gpicview from lenny?
On Sun, Aug 31, 2008 at 12:11:04AM +0200, Thomas Viehmann wrote: based on the maintainer's comments in the bug log, it seems dubious whether the bug #495968 (insecure /tmp file vulnerability) is fixed in time for lenny. Given that it has never been released with Debian before, it would be better to remove gpicview from lenny for now than to risk releasing the vulnerable package. Removal hint added. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#383465: Adding lenny ignore tag
tags 383465 +lenny-ignore thanks This is being lenny ignored as there's a fix underway (nouveau) and it's not yet a complete replacement, so nv will still be required. Neil -- twb I don't see why anyone would want to cyber with a 16yo. IME none of them can spell, and they probably haven't had the relevant experience to write convincing prose. It's not like their ASCII is going to be any more supple for them being sixteen. signature.asc Description: Digital signature
Bug#395252: ignore bug 395252 'mplayer embeds ffmpeg' for lenny
On Wed, Jun 18, 2008 at 11:10:21AM +0200, A Mennucc wrote: hi On Tue, Jun 17, 2008 at 10:28:27PM +0100, Neil McGovern wrote: I'm afraid I can't accede to your request. This bug has been open since 25 Oct 2006. The etch-ignore tag was added 16 Dec 2006, where it was explicitly stated that it's RC for lenny. I pinged the bug on 28 Mar 2008, to again state that it's RC for lenny. May you please explain which part of the debian-policy, or which release goal, it is violating? Neither, it's the RC policy which carries more weight than a RG: http://release.debian.org/lenny/rc_policy.txt 5a) Packages in the archive must not be so buggy or out of date that we refuse to support them. The security team has confirmed multiple times that this is no longer supportable. I'm concerned as to why there as been seemingly no progress in over a year to resolving this issue. This is all explained in the long email I sent; anyway, let me summarize again. Up to a 2008-05-19 , the version of ffmpeg-free in unstable was totally incompatible with mplayer. The new version of ffmpeg-free is based on a compatible code, but the quilt patches disable a symbol that is needed to link to mplayer. And that was the case since 16 Dec 2006? Why was this not brought up sooner, and why has there been zero effort made into resolving this issue, as far as we can see? Neil -- pixie hermanr_: I never studied german pixie I can just read some of it because it makes sense Tolimar . o O ( There is stuff Ganneff writes, which makes sense? ) signature.asc Description: Digital signature
Bug#395252: ignore bug 395252 'mplayer embeds ffmpeg' for lenny
On Wed, Jun 18, 2008 at 12:29:45PM +0200, A Mennucc wrote: On Wed, Jun 18, 2008 at 10:29:17AM +0100, Neil McGovern wrote: On Wed, Jun 18, 2008 at 11:10:21AM +0200, A Mennucc wrote: And that was the case since 16 Dec 2006? yes. Read ahead. Why was this not brought up sooner, and why has there been zero effort made into resolving this issue, as far as we can see? You don't see all that has happened. Yes, I don't. You didn't update the bug, or tell us what was going on. We can't read minds. You do not see the many emails I sent to ffmpeg-free mantainers, almost all of them went unanswered (but for one). I can provide you a complete list, if you wish. The only one I see is http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/2007-September/000408.html, and that's for a different issue. I also find it fairly rich that you complain at a lack of answers, and yet don't reply to pings to a BR asking for an update. The other thing you fail to see is that the ffmpeg transition was announced on d-devel-announce on 1st July 2007 (yes, that is not a typo!) and is still going on, according to http://packages.qa.debian.org/f/ffmpeg-free.html You seem to be confused, these aren't the same transition. The one mentioned in 2007 transitioned on 2007-07-05, five days after the mail. Perhaps the fact that the source package name has changed in the last year is causing an issue for you? You do not see the weekends I spent in the last 3 months trying to link mplayer to ffmpeg-free in Debian. This is good, but should have happened sooner. This bug has been open since Sarge was stable. Yet another thing you fail to see is that I care for my packages a lot: mplayer is 1191 in the popcon list, and yet I manage to keep its bug count at a reasonable ~40; I regularly upload new versions, and fix as many bugs as I can each time. But not enough to fix a RC bug that's been open since 2006. If I had known in advance that all my time was lost for nothing, I would have gone collecting daises in sunlight instead. It doesn't have to be for nothing; Get the issue resolved, and mplayer can move back into testing. Neil -- jmtd irssiproxy appears to be crack cut with washing up powder signature.asc Description: Digital signature
Bug#395252: ignore bug 395252 'mplayer embeds ffmpeg' for lenny
On Mon, Jun 16, 2008 at 04:21:50PM +0200, A Mennucc wrote: hi everybody Hello, and thanks for your mail. I am requesting to the d-release team a lenny-ignore tag for bug 395252. I'm afraid I can't accede to your request. This bug has been open since 25 Oct 2006. The etch-ignore tag was added 16 Dec 2006, where it was explicitly stated that it's RC for lenny. I pinged the bug on 28 Mar 2008, to again state that it's RC for lenny. I'm concerned as to why there as been seemingly no progress in over a year to resolving this issue. Neil -- Roses are Red Violets are Blue In Soviet Russia Poem writes YOU!! signature.asc Description: Digital signature
Bug#449255: 64Bit only?
I'm wondering if this is a 64bit problem. Anyway, lowering to important as it obviously works for some people. Neil -- gwolf bah Germans. You just put 100 DDs in one country and then they all become friends of each other. signature.asc Description: Digital signature
Bug#374569: groff-base UTF-8 / GFDL documentation issue
Hi all, Just a quick note that this issue is RC for Lenny. Has there been any progess on solving it since the last time this bug was pinged? Neil -- return (test == true)? ( (test == false)? false : true) : ((test == false) ? false : true); signature.asc Description: Digital signature
Bug#465645: tomcat5.5: CVE-2007-5333 unauthorized disclosure of information
Hello, Has there been progress on this bug? Thanks, Neil -- liw the hacklab room is the one with a pirate flag, and a venezuelan flag, and a third flag liw the other hacklab room is the other hacklab room signature.asc Description: Digital signature
Bug#395252: requires too much security maintainance work due to embedded ffmpeg copy - Lenny status
Hi there, Just a reminder that this is a RC issue, and needs resolving if mplayer is going to ship with lenny. Cheers, Neil -- h01ger ETOOMUCHSPANISHTOOFAST signature.asc Description: Digital signature
Bug#380360: This bug is RC
On Wed, Mar 19, 2008 at 11:23:56PM +0100, Matthias Klose wrote: tag 380360 + moreinfo thanks I will downgrade this report again unless you show a situation which causes a package fail to install. Please re-read the original bug report, which points to #379709. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#380360: This bug is RC
reopen 380360 On Thu, Mar 20, 2008 at 01:38:23AM +0100, Matthias Klose wrote: this is fixed. No it's not. # pyversions -r 2.5 python2.5 # dpkg -l python2.5 python2.5-minimal un python2.5 none(no description available) ii python2.5-minimal 2.5.2-2 A minimal subset of the Python language (version 2.5) Please also try to include a little bit of information when closing bugs arbitrarily. What version do you think this was fixed in? Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#469293: vzctl: vzmigrate corrupts user-ids of files
On Wed, Mar 05, 2008 at 12:59:51PM +0100, Ola Lundqvist wrote: I have got a report about this bug #469293, that is about data corruption during a migration function that exist within vzctl. The fix is simple, but I need to know if it is possible to get this fix in the next version (r4) of etch. Seems to be suitable, please upload. Thanks, Neil -- [..] Debian (in the form of a large, busy, and frequently stressed organising team) has been able to organise food, accommodation and bandwidth [..] -- Anthony AJ Towns signature.asc Description: Digital signature
Bug#454212: megahal segfaults as soon as it's launched
Niko Tyni wrote: Confirmed using etch i386 (though an amd64 processor). Attached output of megahal and strace. The attached patch fixes a stack corruption issue on 64-bit architectures (reading 8 bytes into a 4-byte buffer) and an off-by-one sprintf overflow in the error and status file name initialization code. The stack corruption makes megahal reliably crash for me on amd64 every time it tries to load a saved dictionary. However, the original problem is on i386 and happens earlier in the initialization code. I can't reproduce it myself, but I think it might well be caused by the sprintf overflow. Note that Neil's strace in http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=27;filename=megahal.trace.log;att=1;bug=454212 has open(/home/nmcgovern/.megahal/megahal.logi, O_WRONLY|O_APPEND|O_CREAT, 0666) = 3 and -rw-r--r-- 1 nmcgovern users 380 2007-12-19 11:37 megahal.logi? while the intended filename is megahal.log. So there's definitely at least some corruption happening here. Could somebody (Neil?) try if the bug persists with this patch? Confirmed that this patch fixes the issue, at least on the version in Etch. This issue probably qualifies for a stable point update (-release in cc). I can prepare a package if you want. Cheers, Neil -- Neil McGovern SQA - Amino Communications -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#458532: Clamav vulnerable to symlink attack
Package: clamav Version: 0.90.1-3etch7 Severity: critical Tags: security Two new CVEs for clamav: Name: CVE-2007-6595 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6595 Reference: BUGTRAQ:20071229 TK53 Advisory #2: Multiple vulnerabilities in ClamAV Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485631/100/0/threaded Reference: BID:27064 Reference: URL:http://www.securityfocus.com/bid/27064 ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files in the cli_gentempfd function in libclamav/others.c or on (2) .ascii files in sigtool, when utf16-decode is enabled. Name: CVE-2007-6596 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6596 Reference: BUGTRAQ:20071229 TK53 Advisory #2: Multiple vulnerabilities in ClamAV Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485631/100/0/threaded Reference: BID:27064 Reference: URL:http://www.securityfocus.com/bid/27064 ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file. I'd say ignore CVE-2007-6596, as clamav also doesn't recognise insert-random-proprietary-encoding-here either, so it's not really a valid issue (imo). Tags for versions are: CVE-2007-6595 isn't relevant for sarge, and only part (2) is in etch. Lenny/sid affected fully. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#454212: megahal: Confirmed in etch
Package: megahal
Version: 9.1.1a-1
Followup-For: Bug #454212
Confirmed using etch i386 (though an amd64 processor). Attached output
of megahal and strace.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Versions of packages megahal depends on:
ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries
megahal recommends no packages.
-- no debconf information
[EMAIL PROTECTED]:~$ megahal
++
||
| ## ## ####### |
| ## ## # ## # # ## # # # ### |
| # ## # # # ## ## ## # # # |
| ## # # ### ## ## ## # # # ### |
| ## # ## ## ## ## ## # # # |
| ## ## ## ## ## ### ###r6 |
||
|Copyright(C) 1998 Jason Hutchens|
++
Segmentation fault
[EMAIL PROTECTED]:~$ strace megahal
execve(/usr/bin/megahal, [megahal], [/* 30 vars */]) = 0
uname({sys=Linux, node=nmcgovern, ...}) = 0
brk(0) = 0x805
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or
directory)mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7fd7000
access(/etc/ld.so.preload, R_OK) = -1 ENOENT (No such file or
directory)open(/etc/ld.so.cache, O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=73905, ...}) = 0
mmap2(NULL, 73905, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fc4000
close(3)= 0
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or
directory)open(/lib/tls/i686/cmov/libm.so.6, O_RDONLY) = 3
read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`3\0\000..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=145136, ...}) = 0
mmap2(NULL, 147584, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7f9f000
mmap2(0xb7fc2000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x22) = 0xb7fc2000
close(3)= 0
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or
directory)open(/lib/tls/i686/cmov/libc.so.6, O_RDONLY) = 3
read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240O\1..., 512) =
512fstat64(3, {st_mode=S_IFREG|0644, st_size=1241392, ...}) = 0
mmap2(NULL, 1247388, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7e6e000
mmap2(0xb7f95000, 28672, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x127) = 0xb7f95000
mmap2(0xb7f9c000, 10396, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7f9c000
close(3)= 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7e6d000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7e6c000
mprotect(0xb7f95000, 20480, PROT_READ) = 0
set_thread_area({entry_number:-1 - 6, base_addr:0xb7e6c6c0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0,
useable:1}) = 0
munmap(0xb7fc4000, 73905) = 0
brk(0) = 0x805
brk(0x8071000) = 0x8071000
stat64(/home/nmcgovern/.megahal, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
open(/home/nmcgovern/.megahal/megahal.logi, O_WRONLY|O_APPEND|O_CREAT, 0666)
= 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=304, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fd6000
fstat64(3, {st_mode=S_IFREG|0644, st_size=304, ...}) = 0
_llseek(3, 304, [304], SEEK_SET)= 0
time(NULL) = 1198064259
open(/etc/localtime, O_RDONLY)= 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=1323, ...}) = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=1323, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fd5000
read(4, TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\7\0\0\0\7\0..., 4096) =
1323
close(4)= 0
munmap(0xb7fd5000, 4096)= 0
stat64(/etc/localtime, {st_mode=S_IFREG|0644, st_size=1323, ...}) = 0
write(3, MegaHALv8\nCopyright (C) 1998 Jas..., 76) = 76
open(/home/nmcgovern/.megahal/megahal.txt, O_WRONLY|O_APPEND|O_CREAT, 0666) =
4
fstat64(4, {st_mode=S_IFREG|0644, st_size=304, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fd5000
fstat64(4,
Bug#434308: Fix
This seems to be due to a missing debian/compat. As this is keeping a security hole in testing, I intend to NMU this on Monday unless the maintainer speaks up :) Cheers, Neil -- jmtd irssiproxy appears to be crack cut with washing up powder signature.asc Description: Digital signature
Bug#432755: flashplugin-nonfree 9.0.48.0.1etch1 for Stable
On Thu, Jul 26, 2007 at 08:28:41AM +0200, Bart Martens wrote: Hi Stable Debian-Release, Hi Security Team, Not speaking in any official capacity here, but: Lets have a look at the vulnerabilities which still affect etch: CVE-2007-2022 - Unspecified vulnerability ... unspecified impact and remote attack vectors. but looks like a keylogger if someone visits a malicious webpage. CVE-2007-3456 - Unspecified vulnerability .. related to an input validation error. - arbitrary code execution. So fairly serious. It seems that 9.0.45.0 was only for Mac/Windows, and 9.0.47.0/9.0.48.0 is only for linux. AFAICT, 9.0.48.0 is 9.0.31.0 + security fixes (as described in APSB07-12[0]), except for sparc, which implements the 9.0.31.0 features for that arch (probably a good thing). 1. We could flashplugin-nonfree 9.0.48.0.1etch1 to Stable soon. The only change is the update of the MD5 checksums. Obviously the upstream Flash plugin itself may have been modified heavily, no idea. 2. I can create a special flashplugin-nonfree package for Stable to remove the insecure plugin from the Stable systems, notifying the users of this removal, and suggesting them to use Backports. I'd suggest heavy testing (if this hasn't been done already) on the 9.0.48.0 package with the aim of working out if new features have been added. If not, then it may be possible that this really is a bugfix only release, and IMO would be suitable for an update. Neil [0] http://www.adobe.com/go/apsb07-12 -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 signature.asc Description: Digital signature
Bug#432200: `require': no such file to load -- debian (LoadError)
Package: apt-listbugs Version: 0.0.80 Severity: grave When running apt-listbugs: /usr/sbin/apt-listbugs:213:in `require': no such file to load -- debian (LoadError) from /usr/sbin/apt-listbugs:213:in `main' It seems that libdpkg-ruby isn't available for ruby1.9, which is linked as my default /usr/bin/ruby As the dependancy is explicitly on ruby1.8, a possible fix would be to change the sha-bang line of apt-listbugs to #!/usr/bin/ruby1.8 -I/usr/share/apt-listbugs Regards, Neil -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (850, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.21-1-686 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apt-listbugs depends on: ii apt 0.7.3 Advanced front-end for dpkg ii libdpkg-ruby1.8 0.3.2 modules/classes for dpkg on ruby 1 ii libhttp-access2-ruby1.8 2.0.6-3HTTP accessing library for ruby ii libintl-gettext-ruby1.8 0.11-10Gettext wrapper for Ruby 1.8 ii libruby1.8 [libzlib-ruby1.8] 1.8.6-2Libraries necessary to run Ruby 1. ii libxml-parser-ruby1.8 0.6.8-2Interface of expat for the scripti ii ruby 1.8.2-1An interpreter of object-oriented apt-listbugs recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#432200: why are you symlinking ruby1.9 as /usr/bin/ruby?
On Sun, Jul 08, 2007 at 11:40:18PM +0900, Junichi Uekawa wrote: It seems that libdpkg-ruby isn't available for ruby1.9, which is linked as my default /usr/bin/ruby ermm... why are you doing that? It looks like ruby1.9 was the last (ruby) package I installed. As the dependancy is explicitly on ruby1.8, a possible fix would be to change the sha-bang line of apt-listbugs to #!/usr/bin/ruby1.8 -I/usr/share/apt-listbugs It might be better to get libdpkg-ruby available for ruby 1.9. However, I wouldn't have thought that ruby 1.9 is quite that ready for prime time. Prehaps a conflicts against ruby1.9 until it's ready then? :) Neil -- * Tolimar votes for debconf7 to be somewhere where he speaks the language. Tolimar That would a veto for switzerland ;) Ganneff Tolimar: that also vetos germany signature.asc Description: Digital signature
Bug#404818: Patch + CVE id
tags 404818 + patch
thanks
This has been assigned CVE id CVE-2006-6799, please mention this in the
changelog.
The attached pacth *should* fix the issue. I don't think it contains
regressions, but I haven't had time to test it.
When uploading, please do so with high urgency.
Many thanks,
Neil
--
* Tolimar votes for debconf7 to be somewhere where he speaks the
language.
Tolimar That would a veto for switzerland ;)
Ganneff Tolimar: that also vetos germany
--- cmd.php 2007-01-09 00:01:08.539285701 +
+++ cmd.php 2007-01-09 00:09:07.109194451 +
@@ -26,7 +26,7 @@
*/
/* do NOT run this script through a web browser */
-if (isset($_SERVER[argv][0])) {
+if (isset($_SERVER[REQUEST_METHOD])) {
die(brstrongThis script is only meant to run at the command line./strong);
}
@@ -72,23 +72,23 @@
if ($_SERVER[argv][1] = $_SERVER[argv][2]) {
$hosts = db_fetch_assoc(select * from host where (disabled = '' and .
id = .
- $_SERVER[argv][1] .
+ (int)$_SERVER[argv][1] .
and id = .
- $_SERVER[argv][2] . ) ORDER by id);
+ (int)$_SERVER[argv][2] . ) ORDER by id);
$hosts = array_rekey($hosts,id,$host_struc);
$host_count = sizeof($hosts);
$polling_items = db_fetch_assoc(SELECT * from poller_item .
WHERE (host_id = .
- $_SERVER[argv][1] .
+ (int)$_SERVER[argv][1] .
and host_id = .
- $_SERVER[argv][2] . ) ORDER by host_id);
+ (int)$_SERVER[argv][2] . ) ORDER by host_id);
$script_server_calls = db_fetch_cell(SELECT count(*) from poller_item .
WHERE (action=2 AND (host_id = .
- $_SERVER[argv][1] .
+ (int)$_SERVER[argv][1] .
and host_id = .
- $_SERVER[argv][2] . )));
+ (int)$_SERVER[argv][2] . )));
}else{
print ERROR: Invalid Arguments. The first argument must be less than or equal to the first.\n;
print USAGE: CMD.PHP [[first_host] [second_host]]\n;
@@ -151,7 +151,7 @@
$host_update_time = date(Y-m-d H:i:s); // for poller update time
}
- $host_id = $item[host_id];
+ $host_id = (int)$item[host_id];
if (($new_host) (!empty($host_id))) {
$ping-host[hostname] = $item[hostname];
signature.asc
Description: Digital signature
Bug#402316: Patch for hinfo-update
tags 402316 + patch
thanks
Hello,
Please find attached a patch which should solve (at least partially)
this problem.
* removes -r option from wget.
* specifies an output file to ensure you don't end up with thousands of
files.
* performs perl syntax check to ensure it's a valid perl file.
This doesn't fix the security hole, which is a bug all in itself.
Cheers,
Neil
--
* hermanr feels like a hedgehog having sex...
--- hinfo-update 2007-01-05 17:17:05.621210451 +
+++ hinfo-update 2007-01-05 17:56:07.403562701 +
@@ -2,6 +2,7 @@
# script to fetch current dnsbl.ins.pl and whois.ins.pl
#
+use File::Copy;
use strict;
my $libdir = '/var/lib/hinfo';
@@ -30,13 +31,14 @@
my $capt = '';
if (-e $wget -d $libdir) {
-my $c = $wget -r -N -nd $verbose -P $libdir $options;
+ foreach (@getlist) {
+ my $c = $wget -N -nd $verbose -P $libdir $options;
foreach (@ARGV) {
$c .= $_;
}
-foreach (@getlist) {
-$c .= $blars$_;
-}
+ my $destfile = $libdir./.$_;
+ copy($destfile,$destfile..bak);
+ $c .= $blars$_ -O .$destfile;
$c .= ' 21';
print $c.\n;
open WGET, -|, $c or die Could not execute: $c;
@@ -56,7 +58,18 @@
} else {
print STDERR $_ while ($_ = WGET);
}
+
+ # Check it's a valid perl file
+ system(perl,-c,$destfile,/dev/null);
+ if ($? != 0) {
+ print STDERR File $destfile is invalid, restoring\n;
+ rename $destfile..bak,$destfile;
+ } else {
+ unlink $destfile..bak;
+ }
+ }
}
+
print STDERR $capt if ($?);
exit($?);
signature.asc
Description: Digital signature
Bug#403034: Downgrading and removing tag
tags 403034 - security severity 403034 normal thanks Firstly, this isn't a security issue. Clamav does segfault if you give it a $loop value of about 10,000, but that wouldn't cause a DoS. As it's not a security issue, it's not grave. Important is defined as: a bug which has a major effect on the usability of a package, without rendering it completely unusable to everyone. Thus, it's not important either. Downgrading to normal. Retag and upgrade if you can get some arbitary code execution. Thanks, Neil -- Tolimar I'll run a script, posting some of my wisdoms from time to time to the channel ;) signature.asc Description: Digital signature
Bug#400777: CVE ID
Hi there, This has been assigned CVE-2006-6169 Please mention this id in the changelog when closing it. Many thanks, Neil McGovern -- hermanr 10 people enough for a Debconf? If they were all Germans, maybe... signature.asc Description: Digital signature
Bug#375281: patch
And this time, I'll add the patch.
--
pixie Ganneff is just a big cuddly teddy bear.
pixie Our photo proves it.
--- gdm2_2.4.7/gui/gdmlogin.c 2006-05-12 06:58:23.0 +0100
+++ gdm2_2.4.8/gui/gdmlogin.c 2006-05-31 11:11:52.0 +0100
@@ -640,6 +640,8 @@
static void
gdm_run_gdmconfig (GtkWidget *w, gpointer data)
{
+ gtk_widget_set_sensitive (browser, FALSE);
+
/* we should be now fine for focusing new windows */
gdm_wm_focus_new_windows (TRUE);
--- gdm2_2.4.7/gui/greeter/greeter.c2006-04-17 23:00:42.0 +0100
+++ gdm2_2.4.8/gui/greeter/greeter.c2006-05-31 11:11:53.0 +0100
@@ -160,7 +160,6 @@
buf[len-1] = '\0';
greeter_item_pam_set_user (buf);
- greeter_item_ulist_enable ();
printf (%c\n, STX);
fflush (stdout);
break;
@@ -179,7 +178,6 @@
greeter_probably_login_prompt = FALSE;
}
greeter_ignore_buttons (FALSE);
- greeter_item_ulist_enable ();
greeter_item_pam_prompt (tmp, PW_ENTRY_SIZE, TRUE);
g_free (tmp);
break;
@@ -320,6 +318,8 @@
printf (%c\n, STX);
fflush (stdout);
greeter_ignore_buttons (FALSE);
+ greeter_item_ulist_enable ();
+
break;
case GDM_QUIT:
@@ -1342,6 +1342,9 @@
gtk_window_move (GTK_WINDOW (window), gdm_wm_screen.x, gdm_wm_screen.y);
gtk_widget_show_now (window);
+ greeter_item_ulist_unset_selected_user ();
+ greeter_item_ulist_enable ();
+
/* can it ever happen that it'd be NULL here ??? */
if G_UNLIKELY (window-window != NULL)
{
--- gdm2_2.4.7/gui/greeter/greeter_item_ulist.c 2006-03-28 02:44:21.0
+0100
+++ gdm2_2.4.8/gui/greeter/greeter_item_ulist.c 2006-05-31 11:11:53.0
+0100
@@ -61,6 +61,14 @@
GREETER_ULIST_ACTIVE_COLUMN
};
+void
+greeter_item_ulist_unset_selected_user (void)
+{
+GtkTreeSelection *selection;
+selection = gtk_tree_view_get_selection (GTK_TREE_VIEW (user_list));
+gtk_tree_selection_unselect_all (selection);
+}
+
static void
check_for_displays (void)
{
@@ -325,8 +333,6 @@
force_no_tree_separators (user_list);
greeter_generate_userlist (user_list);
- if ( ! DOING_GDM_DEVELOPMENT)
- greeter_item_ulist_disable ();
/* Reset size of the widget canvas item so it
* is the same size as the userlist. This
--- gdm2_2.4.7/gui/greeter/greeter_item_ulist.h 2005-04-06 20:37:29.0
+0100
+++ gdm2_2.4.8/gui/greeter/greeter_item_ulist.h 2006-05-31 11:11:53.0
+0100
@@ -25,5 +25,6 @@
void greeter_item_ulist_enable (void);
void greeter_item_ulist_disable (void);
void greeter_item_ulist_set_user (const char *user);
+void greeter_item_ulist_unset_selected_user (void);
#endif
--- gdm2_2.4.7/gui/greeter/greeter_system.c 2006-02-11 01:33:59.0
+
+++ gdm2_2.4.8/gui/greeter/greeter_system.c 2006-05-31 11:11:53.0
+0100
@@ -124,6 +124,11 @@
static void
greeter_config_handler (void)
{
+ greeter_item_ulist_disable ();
+
+ /* Make sure to unselect the user */
+ greeter_item_ulist_unset_selected_user ();
+
/* we should be now fine for focusing new windows */
gdm_wm_focus_new_windows (TRUE);
signature.asc
Description: Digital signature
Bug#389735: blootbot: fails to install
(note to bts: forwarding as I managed to not send it to the submitter the first time) Hi there, Could you run /usr/sbin/blootbotsetup manyally for me and tell me the output (if any)? Does anything appear in the logs in /var/log/blootbot/ ? Many thanks, Neil -- Tolimar I'll run a script, posting some of my wisdoms from time to time to the channel ;) signature.asc Description: Digital signature
Bug#389735: blootbot: fails to install
Hi there, Could you run /usr/sbin/blootbotsetup manyally for me and tell me the output (if any)? Does anythign appear in the logs in /var/log/blootbot/ ? Many thanks, Neil -- * stockholm calls netapp * stockholm calls someone else Ganneff you are typing random numbers on your phone? stockholm yes. my newest attempt to close our budget hole signature.asc Description: Digital signature
Bug#377286: Mitre ID
Hi there, This has been given a Mitre ID CVE-2006-3458. Please mention this in changelogs. Cheers, Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#377277: Zope2 contains information disclosure vulnerability
Package: zope2.8 Version: 2.8.7-1 Severity: critical Tags: security Hi there, http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt has been released today which contains details of a information disclosure vulnerability in Zope2, due to Zope2's use of the docutils module to parse and render restructured text. A hotfix is available at http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705 I've asked for a CVE id, and will follow up once it's been received. Could you start to prepare a package? Many thanks, Neil McGovern -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#372279: Holding up a security fix
Hi there, Has there been any progress on this? As this bug is RC, it's holding up the migration of a security fix from entering testing. Cheers, Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 signature.asc Description: Digital signature
Bug#318633: Additional patch
Please find attached a second patch to fix B1 of the issue.
Neil
--
A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?
gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3
--- address_tools.p32003-04-02 06:48:18.0 +0100
+++ address_tools.p32006-02-12 21:15:50.860204360 +
@@ -36,11 +36,11 @@
} elseif ( $name == email_2 ) {
echo AsEmail($l-$name,$l-$name,$a-getFullname());
} elseif ( $name == phone_1 ) {
- echo handle('phone',$l,$l-$name);
+ echo handle('phone',$l,myentities($l-$name));
} elseif ( $name == phone_2 ) {
- echo handle('phone',$l,$l-$name);
+ echo handle('phone',$l,myentities($l-$name));
} elseif ( $name == fax_1 ) {
- echo handle('fax',$l,$l-$name);
+ echo handle('fax',$l,myentities($l-$name));
} elseif ( $name == c_id ) {
echo $l-company-getLink();
} elseif ( $name == d_id ) {
@@ -52,7 +52,7 @@
echo $l-$name;
}
} elseif ( $name == city ) {
- echo handle('city',$l,$l-$name);
+ echo handle('city',$l,myentities($l-$name));
} elseif ( $name == lname ) {
$url = address_show.php;
$url = addUrlParameter($url,lid=. $l-id);
@@ -431,4 +431,4 @@
echo $layout-OverviewTableEnd();
}
-?
\ No newline at end of file
+?
--- address_show.php2003-08-13 05:25:43.0 +0100
+++ address_show.php2006-02-12 21:11:58.017601816 +
@@ -161,7 +161,7 @@
$this-format = html;
} else {
$this-obj-read_locs_data();
- $this-name = $lang['AddressDetail'].: .$this-obj-getFullName();
+ $this-name = $lang['AddressDetail'].:
.myentities($this-obj-getFullName());
}
# Menu
$x = tutos_address::getSelectLink($this-user,$lang['Search']);
Bug#348852: Crashes with error in in `select_item'
On Fri, Jan 20, 2006 at 04:51:41PM +0100, Michael Ablassmeier wrote: hi again, On Thu, Jan 19, 2006 at 02:11:19PM +0100, Michael Ablassmeier wrote: On Thu, Jan 19, 2006 at 12:33:53PM +, Neil McGovern wrote: Whilst browsing planet.dbeian.org through raggle, viewing the post: http://mjg59.livejournal.com/51563.html Caused raggle to crash with: /usr/bin/raggle:3563:in `select_item': undefined method `[]=' for nil:NilClass (NoMethodError) from /usr/bin/raggle:2881:in `select_win_item' from /usr/bin/raggle:2976:in `adjust_to' from /usr/bin/raggle:2990:in `activate' from /usr/bin/raggle:3048:in `scroll_down' from /usr/bin/raggle:2244:in `scroll_down' from (eval):1:in `_load' from /usr/bin/raggle:4299:in `main_loop' from /usr/bin/raggle:5643:in `main' from /usr/bin/raggle:6654 Thanks for using Raggle! Upon loading raggle again, all added feeds had dissapeared, and the default feeds restored. hm, im sorry to say im unable to reproduce this behavior over here. I just added both rss10.xml and rss20.xml to my feed list and browsing through the items works nicely. Can you reproduce it? one question: do you have a customized raggle configuration file in your ~/.raggle? Are you still able to reproduce this bug? Also, can you remember the actions you did before raggle crashed, like, deleting a item/feed or marking a item/feed as read/unread? Well, I did, but now I don't, as the data that was in it was overwritten. The bug also doesn't seem reproduceable now. What I did: Selected Planet Debian thread. Moved down though each unread article. Raggle crashed when it got to mjg's post. TBH, unless you have a good idea on why this happened, the bug may as well be marked as unreproduceable and I'll untag it if it happens again. Cheers, Neil -- __ .` `. [EMAIL PROTECTED] | Application Manager : :' ! | Secure-Testing Team member '. `- gpg: B345BDD3| Webapps Team member `- Please don't cc, I'm subscribed to the list -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#343858: SQL Injection Vulnerability
Package: phpmyadmin Severity: critical Tags: security Hello, As reported at http://www.securityfocus.com/archive/1/419709/30/0/threaded phpMyAdmin server_privileges.php is prone to SQL Injection vulnerability. A remote attacker may execute arbitrary SQL command by sending specially-crafted URI to server_privileges.php db_name or checkprivs parameter. Regards, Neil McGovern -- __ .` `. [EMAIL PROTECTED] | Application Manager : :' ! | Secure-Testing Team member '. `- gpg: B345BDD3| Webapps Team member `- Please don't cc, I'm subscribed to the list signature.asc Description: Digital signature
Bug#325689: Bug severity + tags
Hi there, I'm tagging this bug as security and upping the severity. Justification: A small script can be used to affect the availability of the parent xserver if xloadimage is installed. If the resource limits of the xserver are high enough, there is potential for the process table to become saturated, leading to a loss of availability of the machine that xloadimage is installed on. Regards, Neil McGovern -- __ .` `. [EMAIL PROTECTED] | Application Manager : :' ! | Secure-Testing Team member '. `- gpg: B345BDD3| Webapps Team member `- Please don't cc, I'm subscribed to the list signature.asc Description: Digital signature
Bug#335671: spamassassin: Missing depends on libio-socket-inet6-perl
Package: spamassassin Version: 3.1.0a-1 Severity: grave Hi there, When upgrading spamassassin on testing, the following error is produced when trying to start via init.d or directly: Starting SpamAssassin Mail Filter Daemon: [11163] error: IO::Socket::INET6 module is required to use IPv6 nameservers such as '::1': IO::Socket::INET: Bad hostname '::1' IO::Socket::INET6 module is required to use IPv6 nameservers such as '::1': IO::Socket::INET: Bad hostname '::1' It works fine once libio-socket-inet6-perl has been installed. As ::1 is now a default in /etc/hosts (due to the netbase upgarde), spamassassin should depend on libio-socket-inet6-perl. Cheers, Neil -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.8-2-686 Locale: LANG=en_GB.ISO8859-1, LC_CTYPE=en_GB.ISO8859-1 (charmap=ISO-8859-1) Versions of packages spamassassin depends on: ii libdigest-sha1-perl 2.10-1 NIST SHA-1 message digest algorith ii libhtml-parser-perl 3.45-3 A collection of modules that parse ii perl 5.8.7-6Larry Wall's Practical Extraction Versions of packages spamassassin recommends: ii libnet-dns-perl 0.53-2 Perform DNS queries from a Perl sc ii perl [libmime-base64-perl]5.8.7-6Larry Wall's Practical Extraction ii spamc 3.1.0a-1 Client for SpamAssassin spam filte -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#332259: [Secure-testing-team] Re: Bug#332259: spampd fails with 'Error in process_request': Modification of read-only variable in Syslog.pm
On Thu, Oct 06, 2005 at 03:30:32PM +0200, Sven Mueller wrote: Package spampd found 332259 2.20-16 Tags 332259 +pending +upstream thanks I created a fixed package (actually two: one for sid/etch and one for sarge), available at https://mail.incase.de/spampd/sarge-security/ respectively at https://mail.incase.de/spampd/sid/ (until my sponsor finds the time to upload the latter to sid). Personally, I'm indifferent wether this fix should be uploaded to the testing-security archive, since the fixed version should propagate quickly from sid. Hi there, As part of testing-security, we'll probably only upload this to the archive if it becomes blocked from transitioning into testing of it's own accord. If this does happen, the patches are really useful, thanks :) Neil -- __ .´ `. [EMAIL PROTECTED] | Application Manager : :' ! | Secure-Testing Team member `. `´ gpg: B345BDD3| Webapps Team member `- Please don't cc, I'm subscribed to the list signature.asc Description: Digital signature
