Bug#1008354: fossil: FTBFS: ./conftest__.c:3: undefined reference to `sqlite3_open'
Thank you for your reply. Understood. I will wait for the next release. 2022年5月5日(木) 17:14 Barak A. Pearlmutter : > > Yes. > > I patched over the issue for now by just using the internal sqlite3 > library, so I think it can wait until the next official release to > pick up the proper bug fix and go back to using the system sqlite3 > library.
Bug#1008354: fossil: FTBFS: ./conftest__.c:3: undefined reference to `sqlite3_open'
Dear Maintainer, This is a bug in the fossil configure tool, and fixed in upstream: commit: https://fossil-scm.org/home/info/8af827342f4c4a77 forum: https://fossil-scm.org/forum/info/549da79dd9 cf. https://www.sqlite.org/src/info/4cbb3e3efeb40cc4 Regards, Nobuhiro Ban
Bug#977397: uim-el: missing *-uim in input-method-alist on Emacs 27
Package: uim-el Version: 1:1.8.8-6.1+b2 Severity: grave Justification: renders package unusable Tags: patch Dear Maintainer, I used the japanese-anthy-utf8-uim input-method on my Debian Emacs 26 env. But after upgrading Emacs 27, I cannot set input-method to japanese-anthy-utf8-uim. (Same cause as #977257) There is a problem at initializing uim-el. So none of the input methods *-uim are prepared on startup. >From *Message* buffer: >Error while loading 50uim-el: Symbol’s function definition is void: >process-kill-without-query How to fix: Replace process-kill-without-query with set-process-query-on-exit-flag in /usr/share/emacs/site-lisp/uim-el/*.el . This patch fixes this problem. - Begin --- uim-1.8.8.orig/emacs/uim-helper.el +++ uim-1.8.8/emacs/uim-helper.el @@ -106,7 +106,7 @@ (if (not proc) (error "uim.el: Couldn't invoke uim-el-helper-agent.")) -(process-kill-without-query proc) +(set-process-query-on-exit-flag proc nil) ;; wait "OK" (let ((patience uim-startup-timeout) (ok nil)) --- uim-1.8.8.orig/emacs/uim.el +++ uim-1.8.8/emacs/uim.el @@ -488,7 +488,7 @@ (error "uim.el: Couldn't invoke uim-el-agent.")) ;; don't ask kill -(process-kill-without-query proc) +(set-process-query-on-exit-flag proc nil) ;; wait "OK" (let ((patience uim-startup-timeout) (ok nil)) - End Regards, Nobuhiro Ban -- System Information: Debian Release: bullseye/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'stable-debug'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.9.0-4-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages uim-el depends on: ii emacs1:27.1+1-3 ii emacs-gtk [emacsen] 1:27.1+1-3 ii libc62.31-5 ii libuim8 1:1.8.8-6.1+b2 ii uim 1:1.8.8-6.1+b2 ii uim-data 1:1.8.8-6.1 uim-el recommends no packages. uim-el suggests no packages. -- no debconf information
Bug#977258: libssreflect-coq: ABI break by coq binNMU
Package: libssreflect-coq Version: 1.11.0-2 Severity: grave Justification: renders package unusable Dear Maintainer, I cannot use the ssreflect library in my Debian coq env (amd64 testing). the code: > Require Import mathcomp.ssreflect.ssreflect. gets an error: > Compiled library mathcomp.ssreflect.ssreflect (in file > /usr/lib/coq/user-contrib/mathcomp/ssreflect/ssreflect.vo) makes inconsistent > assumptions over library Coq.Init.Ltac Additional information libssreflect-coq 1.11.0-2 is built against coq 8.12.0-3+b2. (buildd log: https://buildd.debian.org/status/fetch.php?pkg=ssreflect&arch=all&ver=1.11.0-2&stamp=1604474661&raw=0 ) But the current coq version is 8.12.0-3+b3. I think this package should depend on "libcoq-ocaml-", because "coq-+" is insufficient for binNMUs. I got the same issue before, libssreflect-coq 1.11.0-1 (built against coq 8.12.0-3) + coq 8.12.0-3+b1. Regards, Nobuhiro Ban -- System Information: Debian Release: bullseye/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'stable-debug'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.9.0-3-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libssreflect-coq depends on: ii coq [coq-8.12.0+4.11.1] 8.12.0-3+b3 ii libcoq-ocaml 8.12.0-3+b3 libssreflect-coq recommends no packages. libssreflect-coq suggests no packages. -- debconf-show failed
Bug#764118: wordwarvi: cannot start game (GTK+/GLib mutex problem)
Package: wordwarvi Version: 1.00+dfsg1-3 Severity: grave Tags: patch Justification: renders package unusable Dear Maintainer, Wordwarvi cannot start game. >$ LANG=C gdb -q wordwarvi >Reading symbols from wordwarvi...(no debugging symbols found)...done. >(gdb) r >Starting program: /usr/games/wordwarvi >[Thread debugging using libthread_db enabled] >Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". >No joystick... (snip) >[New Thread 0x7fffe7567700 (LWP 3460)] >Decoding audio data...done. >Can't open /dev/input/event5: Permission denied >No rumble... >Attempt to unlock mutex that was not locked > >Program received signal SIGABRT, Aborted. >0x75b8b077 in __GI_raise (sig=sig@entry=6) >at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 >56../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. >(gdb) bt >#0 0x75b8b077 in __GI_raise (sig=sig@entry=6) >at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 >#1 0x75b8c458 in __GI_abort () at abort.c:89 >#2 0x75f8b95d in g_mutex_unlock_slowpath (mutex=, >prev=) >at /build/glib2.0-Dv_k6u/glib2.0-2.42.0/./glib/gthread-posix.c:1327 >#3 0x7683ebbf in IA__gtk_main () >at /build/gtk+2.0-zztKf7/gtk+2.0-2.24.24/gtk/gtkmain.c:1256 >#4 0x00403934 in ?? () >#5 0x75b77b45 in __libc_start_main (main=0x402b20, argc=1, >argv=0x7fffe3d8, init=, fini=, >rtld_fini=, stack_end=0x7fffe3c8) at libc-start.c:287 (snip) This is caused by GLib's mutex implementation change. See GNOME tracker about this [1]. Wordwarvi uses the "wrong code" (in [2]'s phrase), so crashes in g_mutex_unlock_slowpath(). How to fix: (a) Change gtk+2.0 to accept also "wrong code" (see [2] and Debian bug #763690) or (b) Change wordwarvi to use the "correct" way (in [2]'s phrase). I wrote a patch for (b). Please apply attached patch. [1] https://bugzilla.gnome.org/show_bug.cgi?id=735428 [2] https://github.com/GNOME/gtk/commit/79c3ff3c4ed74bbcc820dac2d5180fa4d48d55ec -- System Information: Debian Release: jessie/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores) Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages wordwarvi depends on: ii libasound2 1.0.28-1 ii libc62.19-11 ii libglib2.0-0 2.42.0-1 ii libgtk2.0-0 2.24.24-1 ii libogg0 1.3.2-1 ii libportaudio219+svn20140130-1 ii libvorbis0a 1.3.2-1.4 ii libvorbisfile3 1.3.2-1.4 ii wordwarvi-sound 1.00+dfsg1-3 wordwarvi recommends no packages. wordwarvi suggests no packages. -- no debconf information Regards, Nobuhiro --- wordwarvi-1.00+dfsg1.orig/wordwarvi.c +++ wordwarvi-1.00+dfsg1/wordwarvi.c @@ -14068,6 +14068,7 @@ int main(int argc, char *argv[]) g_thread_init(NULL); gdk_threads_init(); +gdk_threads_enter(); gettimeofday(&start_time, NULL); @@ -14075,6 +14076,7 @@ int main(int argc, char *argv[]) * and waits for an event to occur (like a key press or * mouse event). */ gtk_main (); +gdk_threads_leave(); wwviaudio_stop_portaudio(); free_debris_forms();
Bug#763899: jenkins: multiple security vulnerabilities
Package: jenkins Version: 1.565.2-2 Severity: grave Tags: security Dear Maintainer, The upstream vendor announced a security advisory. In this advisory, some vulnerabilities are rated critical severity. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 >SECURITY-87/CVE-2014-3661 (anonymous DoS attack through CLI handshake) >SECURITY-110/CVE-2014-3662 (User name discovery) >SECURITY-127&128/CVE-2014-3663 (privilege escalation in job configuration >permission) >SECURITY-131/CVE-2014-3664 (directory traversal attack) >SECURITY-138/CVE-2014-3680 (Password exposure in DOM) >SECURITY-143/CVE-2014-3681 (XSS vulnerability in Jenkins core) >SECURITY-150/CVE-2014-3666 (remote code execution from CLI) >SECURITY-155/CVE-2014-3667 (exposure of plugin code) >SECURITY-159/CVE-2013-2186 (arbitrary file system write) >SECURITY-149/CVE-2014-1869 (XSS vulnerabilities in ZeroClipboard) (SECURITY-113 is not about Jenkins core.) Regards, Nobuhiro -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#759766: libnkf-perl: cannot load module on i386 arch
Package: libnkf-perl Version: 2.13-3+b1 Severity: grave Dear Maintainer, NKF module for perl doesn't work on i386 arch: >% perl -e 'use NKF' >Can't use an undefined value as a subroutine reference at >/usr/lib/i386-linux-gnu/perl/5.20/DynaLoader.pm line 210. >END failed--call queue aborted at /usr/lib/i386-linux-gnu/perl5/5.20/NKF.pm >line 210. >Compilation failed in require at -e line 1. >BEGIN failed--compilation aborted at -e line 1. It works on amd64 arch. Regards, Nobuhiro Versions of packages libnkf-perl depends on: ii libc6 2.19-10 ii perl5.20.0-4 ii perl-base [perlapi-5.20.0] 5.20.0-4 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#745897: closed by Hideki Yamane (Bug#745897: fixed in libstruts1.2-java 1.2.9-9)
Hi all, 2014-06-16 20:27 GMT+09:00 Emmanuel Bourg : >I got confirmation from the Struts developers that a new release using >commons-beanutils 1.9.2 is planned soon. So I'm going to prepare the >backport of commons-beanutils 1.9.2 in stable and wait for the new >release of Struts 1.x. Security fix was committed over 1 month ago [1], but not released (from upstream) yet. So, I made a Debian fix using [1]. [1] http://svn.apache.org/r1603883 Regards, Nobuhiro 745897.tar.gz Description: GNU Zip compressed data
Bug#745897: fixed in libstruts1.2-java 1.2.9-9
2014-06-15 15:35 GMT+09:00 Hideki Yamane : >> This pattern will match to words other than "class", eg. "fooClass". > Any class should be accepted, maybe it'd cause some > trouble but non-class should not named as *class, IMHO. That might be the case. This issue might be a very small problem. Actually, Red Hat users do not seem to be troubled. But I think users should be informed of it (in DSA, README.Debian or somewhere). Regards, Nobuhiro -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#745897: closed by Hideki Yamane (Bug#745897: fixed in libstruts1.2-java 1.2.9-9)
Hi,
> Thanks for your comment, do you have any fix for it?
Security vendors (LAC Co.Ltd and Mitsui Bussan Secure Directions, Inc.)
suggest /(^|\W)[cC]lass\W/, so I'm personally using naive implementation
of this pattern: Pattern.compile(".*(^|\\W)[cC]lass\\W.*") .
But I'm not IT-security proofessional, so I can't say that this works
perfect, sorry.
Regards,
Nobuhiro
2014-06-01 15:40 GMT+09:00 Hideki Yamane :
> Hi,
>
> On Sun, 1 Jun 2014 15:03:20 +0900
> Nobuhiro Ban wrote:
>> It's very strange regexp. Because we know (P1|.*|P2) == .* .
>> This pattern will match to words other than "class", eg. "fooClass".
>>
>> I think this patch will cause a regression.
>
> Thanks for your comment, do you have any fix for it?
>
>
> --
> Regards,
>
> Hideki Yamane henrich @ debian.or.jp/org
> http://wiki.debian.org/HidekiYamane
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#745897: closed by Hideki Yamane (Bug#745897: fixed in libstruts1.2-java 1.2.9-9)
Hi,
>- add struts-1.2.9-CVE-2014-0114.patch from Red Hat to fix CVE-2014-0114
http://sources.debian.net/src/libstruts1.2-java/1.2.9-9/debian/patches/struts-1.2.9-CVE-2014-0114.patch
>+protected static final Pattern CLASS_ACCESS_PATTERN = Pattern
>+.compile("(.*\\.|^|.*|\\[('|\"))class(\\.|('|\")]|\\[).*",
>+Pattern.CASE_INSENSITIVE);
It's very strange regexp. Because we know (P1|.*|P2) == .* .
This pattern will match to words other than "class", eg. "fooClass".
I think this patch will cause a regression.
Regards,
Nobuhiro
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#745897: libstruts1.2-java: CVE-2014-0094 affects Struts 1.x
Package: libstruts1.2-java Version: 1.2.9-8 Severity: grave Tags: security Dear Maintainer, In https://security-tracker.debian.org/tracker/CVE-2014-0094 : >Notes >- libstruts1.2-java (Affects Struts 2.0.0 - Struts 2.3.16) But CVE-2014-0094 is known to affect Struts 1.x. Regards, Nobuhiro -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#739067: jenkins: multiple security vulnerabilities
Package: jenkins Version: 1.509.2+dfsg-2 Severity: grave Tags: security Dear Maintainer, The upstream vendor announced a security advisory. In this advisory, some vulnerabilities are rated high severity. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 > SECURITY-105 > affected by CVE-2013-7285 reported against XStream > SECURITY-76 & SECURITY-88 / CVE-2013-5573 > SECURITY-109 > SECURITY-108 > SECURITY-106 > SECURITY-93 > SECURITY-89 > SECURITY-80 > SECURITY-79 > SECURITY-77 > SECURITY-75 > SECURITY-74 > SECURITY-73 Regards, Nobuhiro -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#706725: jenkins: multiple security vulnerabilities
Package: jenkins Version: 1.447.2+dfsg-3, 1.480.3+dfsg-1~exp2 Severity: grave Tags: security Dear Maintainer, The upstream vendor announced a security advisory. In this advisory, one vulnerability is rated critical severity, two are high and one is medium. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02 >SECURITY-63 / CVE-2013-2034 >SECURITY-67 / CVE-2013-2033 >SECURITY-69 / CVE-2013-2034 >SECURITY-71 / CVE-2013-1808 Regards, Nobuhiro
Bug#700761: jenkins: multiple security vulnerabilities
Package: jenkins Version: 1.447.2+dfsg-3 Severity: grave Tags: security Dear Maintainer, The upstream vendor announced a security advisory. In this advisory, three vulnerabilities are rated high severity, one is medium and one is low. See: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 Regards, Nobuhiro -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#697617: jenkins: remote code execution vulnerability
Package: jenkins Version: 1.447.2+dfsg-2 Severity: grave Tags: security Dear Maintainer, The upstream vendor announced a security advisory, that is rated critical severity. See: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04 Regards, Nobuhiro -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#696816: jenkins: Security issues were found in Jenkins core
clone 696816 -1 reassign -1 jenkins-winstone 0.9.10-jenkins-37+dfsg-1 thanks Dear Maintainer, I found upstream "SECURITY-44" (aka CVE-2012-6072) was from Winstone, and it might be fixed in 0.9.10-jenkins-40. https://github.com/jenkinsci/jenkins/commit/ad084edb571555e7c5a9bc5b27aba09aac8da98d >[FIXED SECURITY-44] > Picked up a new version of Winstone https://github.com/jenkinsci/winstone/commit/62e890b9589a844553d837d91b5f68eb3dba334e >[FIXED SECURITY-44] > Do not allow the webapp to split HTTP header values into multiple lines. > Since there's no obvious escaping semantics here, we just drop those > characters, which is what Jetty does. Regards, Nobuhiro -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#696816: jenkins: Security issues were found in Jenkins core
Package: jenkins Version: 1.447.2+dfsg-2 Severity: grave Tags: security Dear Maintainer, The upstream vendor announced a security advisory, that is rated high severity. See: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 Regards, Nobuhiro -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
