Bug#294271: Upgrading to RC
Precisely due to the fact that Debian releases are so seldom do you think Microsoft won't add IDN support to IE7 in Longhorn next year? If they do Debian won't be able to access the many sites that will pop up soon after IE adds official support. Perhaps the release team/stable release manager needs to have a position on later recompiling the browsers for stable to support IDN if/when it becomes widely used. Chris On Wed, Feb 09, 2005 at 12:41:14AM +0100, Mike Hommey wrote: > > As discussed on #d-d, these bugs should be RC. (The firefox one is > > already RC) > > Note to self: don't do stuff while tired. > > So let's go for a more detailed justification. > > IDN is widely broken due to the fact that registrars don't do their job. > But it's not widely used, first reason being that IE doesn't support it > without a plugin. > Considering that a Debian release is usually due to last quite long, > keeping something unused and dangerous in a release is insane. > You might want to disable it totally or provide a way to enable it with > a runtime option or something if the user really wants it. That's the > safest fix. > > Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#289646: kbabel: crash with some .po file
On Sun, Jan 23, 2005 at 04:22:33PM +0100, Frans Pop wrote: > I've also been having crashes using kbabel in Sarge (see #289646). I've > had crashes with several po files now. I don't know if this helps you guys, but valgrind reports ==14218== Address 0x3588476C is 20 bytes inside a block of size 176 free'd ==14218==at 0x3414ACFA: operator delete(void*) (vg_replace_malloc.c:156) ==14218==by 0x347D7D32: KSpell::~KSpell() (in /usr/lib/libkdeui.so.4.2.0) ==14218==by 0x34DBFDFB: QObject::event(QEvent*) (in /usr/lib/libqt-mt.so.3.3.3) ==14218==by 0x34D65BFE: QApplication::internalNotify(QObject*, QEvent*) (in /usr/lib/libqt-mt.so.3.3.3) ==14218==by 0x34D651FD: QApplication::notify(QObject*, QEvent*) (in /usr/lib/libqt-mt.so.3.3.3) ==14218==by 0x348FFE02: KApplication::notify(QObject*, QEvent*) (in /usr/lib/libkdecore.so.4.2.0) ==14218==by 0x34D669F5: QApplication::sendPostedEvents(QObject*, int) (in /usr/lib/libqt-mt.so.3.3.3) ==14218==by 0x34D66875: QApplication::sendPostedEvents() (in /usr/lib/libqt-mt.so.3.3.3) ==14218==by 0x34D0F13C: QEventLoop::processEvents(unsigned) (in /usr/lib/libqt-mt.so.3.3.3) ==14218==by 0x34D77FFE: QEventLoop::processEvents(unsigned, int) (in /usr/lib/libqt-mt.so.3.3.3) ==14218==by 0x34D65D6D: QApplication::processEvents(int) (in /usr/lib/libqt-mt.so.3.3.3) ==14218==by 0x8119459: (within /usr/bin/kbabel) ==14218==by 0x80FB1AB: (within /usr/bin/kbabel) ==14218==by 0x8100F3B: (within /usr/bin/kbabel) ==14218==by 0x807B8FA: (within /usr/bin/kbabel) I'm unable to get a better stack trace as I don't have -dbg versions of kdelibs4, and I'm unable to build them (see the other RC bug on kdelibs :-)). /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#294296: kdelibs: fails to build
Package: kdelibs Version: 4:3.3.2-1 Severity: normal While trying to build kdelibs (in order to debug #289646), I crashed into the following error: make[4]: Leaving directory `/home/cassarossa/itk/sesse/kdelibs-3.3.2/obj-i386-linux/doc' make[3]: Leaving directory `/home/cassarossa/itk/sesse/kdelibs-3.3.2/obj-i386-linux/doc' Making all in kcert make[3]: Entering directory `/home/cassarossa/itk/sesse/kdelibs-3.3.2/obj-i386-linux/kcert' /usr/share/qt3/bin/moc ../../kcert/kcertpart.h -o kcertpart.moc if /bin/sh ../libtool --silent --tag=CXX --mode=compile i386-linux-g++ -DHAVE_CONFIG_H -I. -I../../kcert -I.. -I../dcop -\ then mv -f ".deps/kcertpart.Tpo" ".deps/kcertpart.Plo"; else rm -f ".deps/kcertpart.Tpo"; exit 1; fi In file included from ../../kio/kssl/ksslall.h:33, from ../../kcert/kcertpart.cc:36: ../../kio/kssl/ksslutils.h:28:26: openssl/x509.h: No such file or directory In file included from ../../kio/kssl/ksslall.h:33, from ../../kcert/kcertpart.cc:36: ../../kio/kssl/ksslutils.h:45: error: `ASN1_UTCTIME' was not declared in this scope ../../kio/kssl/ksslutils.h:45: error: `tm' was not declared in this scope I don't see any dependency on libssl-dev here; I did have libssl-dev installed recently but not anymore (I did "apt-get build-dep kdelibs" before starting the build). I do have /usr/include/gnutls/openssl.h, though, but I don't see why this should make config.log read ac_cv_have_ssl='have_ssl=yes ac_ssl_includes=/usr/include ac_ssl_libraries=/usr/lib ac_ssl_rsaref=no' Any ideas? Should a dependency on libssl-dev simply be added to kdelibs? -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.8.1 Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1 (charmap=ISO-8859-1) Versions of packages kdelibs4 depends on: ii kdelibs-bin 4:3.3.2-1 KDE core binaries ii kdelibs-data 4:3.3.2-1 KDE core shared data ii libart-2.0-2 2.3.17-1 Library of functions for 2D graphi ii libarts1 1.3.2-2aRts Sound system ii libasound21.0.8-1ALSA library ii libaspell15 0.50.5-5 The GNU Aspell spell-checker runti ii libaudio2 1.7-2 The Network Audio System (NAS). (s ii libaudiofile0 0.2.6-5Open-source version of SGI's audio ii libbz2-1.01.0.2-3high-quality block-sorting file co ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libcupsys2-gnutls 1.1.23-3 Common UNIX Printing System(tm) - ii libesd0 0.2.35-2 Enlightened Sound Daemon - Shared ii libfam0c102 2.7.0-6client library to control the FAM ii libgcc1 1:4.0-0pre2GCC support library ii libglib2.0-0 2.6.1-3The GLib library of C routines ii libice6 4.3.0.dfsg.1-10Inter-Client Exchange library ii libidn11 0.5.2-3GNU libidn library, implementation ii libjack0.80.0-0 0.99.0-4 JACK Audio Connection Kit (librari ii libjasper-1.701-1 1.701.0-2 The JasPer JPEG-2000 runtime libra ii libjpeg62 6b-9 The Independent JPEG Group's JPEG ii libmad0 0.15.1b-1 MPEG audio decoder library ii libogg0 1.1.0-1Ogg Bitstream Library ii libopenexr2 1.2.1-3runtime files for the OpenEXR imag ii libpcre3 4.5-1.1Perl 5 Compatible Regular Expressi ii libpng12-01.2.8rel-1 PNG library - runtime ii libqt3c102-mt 3:3.3.3-8 Qt GUI Library (Threaded runtime v ii libsm64.3.0.dfsg.1-10X Window System Session Management ii libstdc++51:3.3.5-8 The GNU Standard C++ Library v3 ii libtiff4 3.7.1-3Tag Image File Format (TIFF) libra ii libvorbis0a 1.0.1+gt3b2+20040215-3 The Vorbis General Audio Compressi ii libvorbisenc2 1.0.1+gt3b2+20040215-3 The Vorbis General Audio Compressi ii libvorbisfile31.0.1+gt3b2+20040215-3 The Vorbis General Audio Compressi ii libx11-6 4.3.0.dfsg.1-10X Window System protocol client li ii libxext6 4.3.0.dfsg.1-10X Window System miscellaneous exte ii libxml2 2.6.11-5 GNOME XML library ii libxrender1 0.8.3-7X Rendering Extension client libra ii libxslt1.11.1.8-5XSLT processing library - runtime ii libxt64.3.0.dfsg.1-10X Toolkit Intrinsics ii xbase-clients 4.3.0.dfsg.1-10miscellaneous X clients ii xlibs 4.3.0.dfsg.1-10X Keyboard Extension (XKB) configu ii zlib1g1:1.2.2-4 compression library - run
Bug#294271: Upgrading to RC
> As discussed on #d-d, these bugs should be RC. (The firefox one is > already RC) Note to self: don't do stuff while tired. So let's go for a more detailed justification. IDN is widely broken due to the fact that registrars don't do their job. But it's not widely used, first reason being that IE doesn't support it without a plugin. Considering that a Debian release is usually due to last quite long, keeping something unused and dangerous in a release is insane. You might want to disable it totally or provide a way to enable it with a runtime option or something if the user really wants it. That's the safest fix. Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#294271: Upgrading to RC
severity 294274 grave severity 294271 grave thanks As discussed on #d-d, these bugs should be RC. (The firefox one is already RC) Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: Upgrading to RC
Processing commands for [EMAIL PROTECTED]: > severity 294274 grave Bug#294274: IDN support allows domain name spoofing Severity set to `grave'. > severity 294271 grave Bug#294271: IDN support allows domain name spoofing Severity set to `grave'. > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#294271: IDN support allows domain name spoofing
Package: konqueror Severity: normal Tags: security konqueror and other browsers which support IDN are vulnerable to domain spoofing via homograph characters in domain names. Please see http://lists.netsys.com/pipermail/full-disclosure/2005-February/031459.html for details, and note that this is CAN-2005-0237. Note: I have not marked this bug as releae critical, because it's not clear to me if spoofing attacks qualify. -- see shy jo signature.asc Description: Digital signature
Bug#294267: kdm: does not start on boot
Package: kdm Severity: important Not sure if this is directly related to #240027 (did not find this when I first search using reportbug), #271363 (looks somewhat related) I have reported the bug upstream as http://bugs.kde.org/show_bug.cgi?id=96772, but the kde-developer closed the bug as resolved wont-fix. The original bugreport said: I'm preparing the use of Lessdisks as a diskless workstation for Debian edu, and while kdm works without problems using a normal workstation (with local disk), kdm wont start unless i press a key when the console login prompt appears. And I mean any key - Shift, enter, space (I have not tested that many). If I wait to long, I have to log in and do /etc/init.d/kdm restart I have sinced customized /etc/kde3/kdm/Xservers, to debug if kdm tries to start X at all, but it did not. gdm works without problem, the same goes with xdm. [EMAIL PROTECTED]:~$ LANG=C dpkg -l kdm Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name VersionDescription +++-==-==- ii kdm3.3.1-3KDE Display Manager -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#294258: kdebase-kio-plugins: Use pmount when unmounting (and mounting)
Package: kdebase-kio-plugins Version: 4:3.3.2-1 Severity: wishlist I use gnome-volume-manager and it uses pmount to mount new devices like my USB Stick. As this combination does not sync /etc/fstab, I'm unable to umount this device in kde via the background menu. Please use pumount in /usr/bin/kio_devices_mounthelper. Thanks! It also seems that pmount is the prefered mounting method for the upcoming 3.4 media:// kio slave, so change this woule be really nice. http://wiki.kde.org/tiki-index.php?page=DBUS Nice greetings, Jan -- System Information: Debian Release: 3.1 APT prefers experimental APT policy: (990, 'experimental'), (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.10-1-k7 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#294204: konqueror: IDN URL Spoofing
forwarded 294204 http://bugs.kde.org/98788 thanks * Colin Miller [Tue, 08 Feb 2005 14:20:53 +]: > Forwarded: http://bugs.kde.org/show_bug.cgi?id=98788 > thanks > I'm sure I added the forwarded pseudo tag to the report. > Colin S. Miller Thanks. -- Adeodato Simó EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621 Listening to: David Bowie - Memory Of A Free Festival Create a system that is usable even by idiots, and only idiots will use it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#294204: konqueror: IDN URL Spoofing
* Colin S. Miller [Tue, 08 Feb 2005 13:24:15 +]: > The upstream authors are marking this as 'wish-list', > but other browsers are handling this as serious. Could you tell us the upstream bug number, if any? Thanks. -- Adeodato Simó EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621 Listening to: David Bowie - Wild Eyed Boy From Freecloud It is impossible to make anything foolproof because fools are so ingenious. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#294204: konqueror: IDN URL Spoofing
Forwarded: http://bugs.kde.org/show_bug.cgi?id=98788 thanks I'm sure I added the forwarded pseudo tag to the report. Colin S. Miller -- ___ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm
Processed: Re: Bug#294204: konqueror: IDN URL Spoofing
Processing commands for [EMAIL PROTECTED]: > forwarded 294204 http://bugs.kde.org/98788 Bug#294204: konqueror: IDN URL Spoofing Noted your statement that Bug has been forwarded to http://bugs.kde.org/98788. > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#294204: konqueror: IDN URL Spoofing
Package: konqueror Version: 4:3.3.2-1 Severity: normal http://www.shmoo.com/idn/ shows a proof-of-concept attack against konqueror amongst other browsers (konqueror isn't explicatly listed as vulnable). The basic attack is using homographs in URLs (two characters from different Unicode pages which look different but are for different roles). The upstream authors are marking this as 'wish-list', but other browsers are handling this as serious. They are also indicating that this may be reassigned to kde-core, please reassign here if required. Colin S. Miller -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.7-1-386 Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) Versions of packages konqueror depends on: ii kcontrol 4:3.3.2-1 KDE Control Center ii kdebase-kio-plugins 4:3.3.2-1 KDE I/O Slaves ii kdelibs4 4:3.3.2-1 KDE core libraries ii kdesktop 4:3.3.2-1 KDE Desktop ii kfind4:3.3.2-1 KDE File Find Utility ii libart-2.0-2 2.3.16-6Library of functions for 2D graphi ii libc62.3.2.ds1-20GNU C Library: Shared libraries an ii libfam0c102 2.7.0-6 client library to control the FAM ii libgcc1 1:3.4.3-6 GCC support library ii libice6 4.3.0.dfsg.1-10 Inter-Client Exchange library ii libidn11 0.5.2-3 GNU libidn library, implementation ii libjpeg626b-9The Independent JPEG Group's JPEG ii libkonq4 4:3.3.2-1 Core libraries for KDE's file mana ii libpcre3 4.5-1.1 Perl 5 Compatible Regular Expressi ii libpng12-0 1.2.8rel-1 PNG library - runtime ii libqt3c102-mt3:3.3.3-8 Qt GUI Library (Threaded runtime v ii libsm6 4.3.0.dfsg.1-10 X Window System Session Management ii libstdc++5 1:3.3.5-5 The GNU Standard C++ Library v3 ii libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li ii libxext6 4.3.0.dfsg.1-10 X Window System miscellaneous exte ii libxrender1 0.8.3-7 X Rendering Extension client libra ii xlibs4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-3 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#120569: New pharm site new great prices Clifford
Refill Notification Ref: VP-4197910484 Dear [EMAIL PROTECTED], Our automated system has identified that you most likely are ready to refill your recent online pharmaceutical order. To help you get your needed supply, we have sent this reminder notice. Please use the refill system http://eddie.honestsalesnow.com/?wid=100069 to obtain your item in the quickest possible manner. Thank you for your time and we look forward to assisting you. Sincerely, Lidia Lund schmitt bg artifice pd cancelled uq elephant xik baptism pjx elizabeth wm blenheim icj continuous mgq convocate htl horsemen sz blake tab ferret ep predicament itu capacitor dhl avalanche zeb coexistent hvh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#116585: New pharm site new great prices David
Refill Notification Ref: UIV-103974511 Dear [EMAIL PROTECTED], Our automated system has identified that you most likely are ready to refill your recent online pharmaceutical order. To help you get your needed supply, we have sent this reminder notice. Please use the refill system http://ethiopia.pingopongos.com/?wid=100069 to obtain your item in the quickest possible manner. Thank you for your time and we look forward to assisting you. Sincerely, Wilburn Story poise zon winsome nb specular ck bliss gj orgiastic erb pairwise jvo solution jln inapplicable aoq hess fx eta ut mockup wrs thumbnail cj ameliorate rrl calvary tno boxcar lu metalwork hx -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#294169: kmail should handle disconnection gracefully
Package: kmail Version: 4:3.3.2-1 Severity: normal Hi! When I start kmail (or kontact) when there is no network connection (on my notebook, I start them on demand depending on where I am), it tries to connect to my configured IMAP servers and displays error messages for each that the server could not be reached. after this, I have to exit kmail (or kontact) and manually kill every kio_newimap(s) process and restart kmail, If I am lucky, I can get a connection. Please add a little "terminate all IMAP/whatever connection" to kmail, maybe in the status bar where the "cancel operation" button is. Or am I overlooking something? Thanks Martin Emrich -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.9 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to de_DE.UTF-8) Versions of packages kmail depends on: ii kdelibs4 4:3.3.2-1 KDE core libraries ii libc62.3.2.ds1-20GNU C Library: Shared libraries an ii libgcc1 1:3.4.3-7 GCC support library ii libice6 4.3.0.dfsg.1-10 Inter-Client Exchange library ii libkcal2a4:3.3.2-1 KDE calendaring library ii libkdenetwork2 4:3.3.2-1 KDE Network library ii libkdepim1 4:3.3.2-1 KDE PIM library ii libkleopatra0a 4:3.3.2-1 KDE GnuPG interface libraries ii libkpimidentities1 4:3.3.2-1 KDE PIM user identity information ii libksieve0 4:3.3.2-1 KDE mail/news message filtering li ii libmimelib1a 4:3.3.2-1 KDE mime library ii libpng12-0 1.2.8rel-1 PNG library - runtime ii libqt3c102-mt3:3.3.3-8 Qt GUI Library (Threaded runtime v ii libsm6 4.3.0.dfsg.1-10 X Window System Session Management ii libstdc++5 1:3.3.5-8 The GNU Standard C++ Library v3 ii libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li ii libxext6 4.3.0.dfsg.1-10 X Window System miscellaneous exte ii perl 5.8.4-6 Larry Wall's Practical Extraction ii xlibs4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-4 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]