Re: Bug#502836: axel: buffer overflow when expanding spaces in URLs
Hi Release team, On 08/10/20 11:38 +0530, Y Giridhar Appaji Nag said ... Package: axel Version: 1.1-2 Severity: important Philipp Hagemeister found and fixed a buffer overflow in axel. Can you please unblock and push axel 1.1-3lenny1 to Lenny for this bug? This bug affects unstable too but unstable has had 2.0 for a while now, hence the t-p-u upload. 1.1-3lenny1 has been successfully built on all architectures - as seen at http://buildd.debian.org/build.php?arch=pkg=axel Thanks, Giridhar -- Y Giridhar Appaji Nag | http://people.debian.org/~appaji/ signature.asc Description: Digital signature
Re: Suggested removal: yocto-reader (RC bug, depends on remote scripts).
On Sun, Dec 07, 2008 at 01:17:25PM +0900, Charles Plessy wrote: yocto-reader has a RC bug that was filed for multiple licensing issues. As there has been no progress on this report, removal hint added. Neil -- gwolf bah Germans. You just put 100 DDs in one country and then they all become friends of each other. signature.asc Description: Digital signature
Re: Please hint to unblock debian-reference 2.21
On Sun, Dec 14, 2008 at 03:25:41AM +0900, Osamu Aoki wrote: I have uploaded new 1.21 version with documentation updates only. Most importantly, it fixes missing links. Unblocked. Neil -- dkscully doesn't the world come to an end if iDunno shaves? Maulkin That's how the dinosaurs died then... iDunno and why the dodo was made extinct, the last known habitat for them was my beard... poor bastards didn't stand a chance. signature.asc Description: Digital signature
Re: Bug#504875: Unblock suggestion: libggi
On Sun, Dec 14, 2008 at 10:38:05AM +0100, David Paleino wrote: On Thu, 11 Dec 2008 10:38:30 -0800 (PST), Asheesh Laroia wrote: Howdy Debian Releasers, I was examining the remaining Lenny RC bugs and found http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504875 via http://bts.turmzimmer.net/details.php?bydist=bothsortby=packagesfullcomment=on . This is an RC bug against libggi2-dev (in src:libggi). This issue is fixed in unstable, and the fix is a tiny patch, and the -3 release that is in sid corrects only that RC bug and the maintainer's email address. The fix is in unstable since Nov 08. Is there any plan unblocking libggi? Unblocked by Luk, but waiting on curses. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 signature.asc Description: Digital signature
Re: Building Debian from Sources
Hi, please check http://www.linuxfromscratch.org/ regards CC Vural Hello, I am a new engineer and I was just a debian user in my former life. I want to build debian linux from sources to understand it all. I spent lots of time during search about it. Do we have a script or sth else in sources cd. I want to create whole linux which is in installable cd. Please give me some directions/suggestions or idea. I really need your help ... Best Regards ... Mustafa KIYAR Electronic Telecımmunication Eng. Turkey -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Pre-approval for freemat t-p-u upload
On Sun, Dec 14, 2008 at 11:38:57AM +0100, Giuseppe Iuculano wrote: freemat is caught by pcre3 shlibs bump, so I prepared an upload for t-p-u. I'd like to upload in t-p-u, for your approval. Please upload. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 signature.asc Description: Digital signature
Re: Please unblock smarty - RC bug fix
On Sun, Dec 14, 2008 at 10:57:27AM +, Neil Williams wrote: http://incoming.debian.org/smarty_2.6.20-1.1_amd64.changes Unblocked by Luk. Neil -- Tincho 'Maybe you can try to find a nice hotel by shouting in the Mexico DF streets where could a gringo find a decent hotel in this dirty third world lame excuse for a country?. I'm sure the people will rush to help you, as we south americans love to be called third world in a demeaning way.' signature.asc Description: Digital signature
Freeze exception for php-apc 3.0.19-2
Hello, I made a new version of the php-apc 3.0.19 package today to address a wishlist bug. The changes are very simple and consist of copying a file to /usr/share/doc/php-apc and documenting its usage on README.Debian. Can you please unblock it for Lenny? Thanks a bunch, Pietro. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#506977: Upgrade uw web-e-mailaccount nu
Beste Web-mail E-mail account owner, Dit bericht is afkomstig van (E-mail, WEB-MAIL) berichtencentrale admin center Alle WEB-MAIL en E-mail account eigenaars. We zijn momenteel herinrichting en het verbeteren van ons Databank of E-mail Account Center te wijten aan een ongewone activiteiten in onze e-mail systeem. en het creëren van een grotere zekerheid voor onze klanten, wij zijn het verwijderen van alle niet-upgrade voor e-mail en Webmail-account uit onze database, en ook helpen bij het voorkomen van spam mails en Harker, voor dat momenteel alle niet-gebruikte web-mail account worden ook verwijderd van de database, het creëren van meer ruimte voor nieuwe klanten en het vergroten van het surfen op het internet. Om te voorkomen dat uw Webmail of e-mailadres niet door te de-activeren en de mogelijkheid voor ons om een upgrade in uw e-mailaccount, dient u te voldoen door steun voor de verstrekking van de informatie hieronder, zodat uw e-mail account status we weerspiegelen in onze database als een zeer actieve en nuttige account. Gebruikersnaam E-mail: E-mail wachtwoord: Geboortedatum: Land of plaats: Duur van de e-mail wanneer er sprake is zeker: Houdt u er alstublieft rekening met ons als dit wordt gedaan om ons bij het verbeteren van over de continuïteit van ons e-mail systeem eigenaren. WAARSCHUWING! Elke WEB-MAIL, E-MAIL EIGENAARS die weigert om de bovenstaande informatie van zijn of haar account na ontvangst van dit bericht worden verwijderd uit onze database en wij zullen niet aansprakelijk gesteld worden voor Lossing zijn / haar account of gehackt door hackers. Dank u voor uw begrip als het is gericht op betere service te verlenen. Met vriendelijke groet, Dank u voor het gebruik van onze service. E-mail Team Webmasters Waarschuwing Code: ID67565434 Mailto: upgrade-account-...@live.co.uk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Building Debian from Sources
Hello, I am a new engineer and I was just a debian user in my former life. I want to build debian linux from sources to understand it all. I spent lots of time during search about it. Do we have a script or sth else in sources cd. I want to create whole linux which is in installable cd. Please give me some directions/suggestions or idea. I really need your help ... Best Regards ... Mustafa KIYAR Electronic Telecımmunication Eng. Turkey
[SRM] [2nd try] linux-ftpd-ssl stable update for CVE-2008-4247
Hi,
I sent this a week or two ago, with no reply, trying again:
--
Nico Golde suggested I prepare a package of linux-ftpd-ssl for a
stable point release, fixing CVE-2008-4247, as it doesn't warrant
a DSA.
SRMs, is the patch below OK?
Are DMs allowed to upload to stable? If not, can someone sponsor the upload,
package at:
http://erislabs.net/ianb/debian/linux-ftpd-ssl_0.17.18+0.3-6etch1.dsc
thanks,
Ian
diff -Naur linux-ftpd-ssl-0.17.18+0.3-6/debian/changelog
linux-ftpd-ssl-0.17.18+0.3-6etch1/debian/changelog
--- linux-ftpd-ssl-0.17.18+0.3-6/debian/changelog 2008-12-06
17:56:10.0 +
+++ linux-ftpd-ssl-0.17.18+0.3-6etch1/debian/changelog 2008-12-07
23:48:44.0 +
@@ -1,3 +1,10 @@
+linux-ftpd-ssl (0.17.18+0.3-6etch1) stable; urgency=low
+
+ * Fix CVE-2008-4247, a cross-site request forgery caused by splitting
+long command lines (Closes: #500518).
+
+ -- Ian Beckwith i...@erislabs.net Sun, 07 Dec 2008 23:48:44 +
+
linux-ftpd-ssl (0.17.18+0.3-6) unstable; urgency=low
* Move the certificate file to /etc/ftpd-ssl. Patch from James Westby
diff -Naur linux-ftpd-ssl-0.17.18+0.3-6/ftpd/extern.h
linux-ftpd-ssl-0.17.18+0.3-6etch1/ftpd/extern.h
--- linux-ftpd-ssl-0.17.18+0.3-6/ftpd/extern.h 1999-07-16 02:12:54.0
+0100
+++ linux-ftpd-ssl-0.17.18+0.3-6etch1/ftpd/extern.h 2008-10-16
23:16:45.0 +0100
@@ -43,7 +43,7 @@
void fatal __P((const char *));
intftpd_pclose __P((FILE *));
FILE *ftpd_popen __P((char *, const char *));
-char *ftpd_getline __P((char *, int, FILE *));
+int ftpd_getline __P((char *, int, FILE *));
void ftpdlogwtmp __P((const char *, const char *, const char *));
void lreply __P((int, const char *, ...));
void makedir __P((char *));
diff -Naur linux-ftpd-ssl-0.17.18+0.3-6/ftpd/ftpcmd.y
linux-ftpd-ssl-0.17.18+0.3-6etch1/ftpd/ftpcmd.y
--- linux-ftpd-ssl-0.17.18+0.3-6/ftpd/ftpcmd.y 2008-12-06 17:56:10.0
+
+++ linux-ftpd-ssl-0.17.18+0.3-6etch1/ftpd/ftpcmd.y 2008-10-16
23:16:45.0 +0100
@@ -980,7 +980,7 @@
/*
* getline - a hacked up version of fgets to ignore TELNET escape codes.
*/
-char * ftpd_getline(char *s, int n, FILE *iop)
+int ftpd_getline(char *s, int n, FILE *iop)
{
int c;
register char *cs;
@@ -995,7 +995,7 @@
if (debug)
syslog(LOG_FTP | LOG_DEBUG, command: %s, s);
tmpline[0] = '\0';
- return(s);
+ return(0);
}
if (c == 0)
tmpline[0] = '\0';
@@ -1037,11 +1037,22 @@
}
}
*cs++ = c;
- if (--n = 0 || c == '\n')
+ if (--n = 0) {
+ /*
+* If command doesn't fit into buffer, discard the
+* rest of the command and indicate truncation.
+* This prevents the command to be split up into
+* multiple commands.
+*/
+ while (c != '\n' (c = GETC(iop)) != EOF)
+ ;
+ return (-2);
+ }
+ if (c == '\n')
break;
}
if (c == EOF cs == s)
- return (NULL);
+ return (-1);
*cs++ = '\0';
if (debug) {
if (!guest strncasecmp(pass , s, 5) == 0) {
@@ -1061,7 +1072,7 @@
syslog(LOG_FTP | LOG_DEBUG, command: %.*s, len, s);
}
}
- return (s);
+ return (0);
}
void toolong(int signo)
@@ -1090,9 +1101,14 @@
case CMD:
(void) signal(SIGALRM, toolong);
(void) alarm((unsigned) timeout);
- if (ftpd_getline(cbuf, sizeof(cbuf)-1, stdin)==NULL) {
- reply(221, You could at least say goodbye.);
- dologout(0);
+ n=ftpd_getline(cbuf, sizeof(cbuf)-1, stdin);
+ if (n == -1) {
+reply(221, You could at least say goodbye.);
+dologout(0);
+ } else if (n == -2) {
+reply(500, Command too long.);
+alarm(0);
+continue;
}
(void) alarm(0);
if ((cp = strchr(cbuf, '\r'))) {
diff -Naur linux-ftpd-ssl-0.17.18+0.3-6/ftpd/ftpd.c
linux-ftpd-ssl-0.17.18+0.3-6etch1/ftpd/ftpd.c
--- linux-ftpd-ssl-0.17.18+0.3-6/ftpd/ftpd.c2008-12-06 17:56:10.0
+
+++ linux-ftpd-ssl-0.17.18+0.3-6etch1/ftpd/ftpd.c 2008-10-16
23:16:45.0 +0100
@@ -2576,6 +2576,7 @@
static void myoob(int signo)
{
char
Re: Preparation of the next stable Debian GNU/Linux update
On Sat, Dec 13, 2008 at 04:37:51PM +0100, Philipp Kern wrote: Preparation of Debian GNU/Linux 4.0r6 = Accepted Packages - These packages will be installed into the stable Debian distribution and will be part of the next revision. Also accepted was this upload to reportbug: Sourceful update of reportbug: version in stable: 3.31 version in updates: 3.31+etch1 Rationales: - 3.31+etch1: reportbug - bugs.d.o is now RR DNS. SMTP is only running on one of them. And the following security updates (also listed below): Sourceful update of phpmyadmin: version in stable: 4:2.9.1.1-8 version in updates: 4:2.9.1.1-9 Rationales: - 2.9.1.1-9: DSA 1675 phpmyadmin - fix cross site scripting, fix regression introduced in DSA 1641 Sourceful update of fai-kernels: version in stable: 1.17+etch.23 version in updates: 1.17+etch.23etch1 - 1.17+etch.23etch1: DSA 1687 fai-kernels - several vulnerabilities Sourceful update of squirrelmail: version in stable: 2:1.4.9a-2 version in updates: 2:1.4.9a-3 Rationales: - 1.4.9a-3: DSA 1682 squirrelmail - fix cross site scripting Sourceful update of user-mode-linux: version in stable: 2.6.18-1um-2etch.23 version in updates: 2.6.18-1um-2etch.23etch1 Rationales: - 2.6.18-1um-2etch.23etch1: DSA 1687 user-mode-linux - several vulnerabilities Sourceful update of linux-2.6: version in stable: 2.6.18.dfsg.1-23 version in updates: 2.6.18.dfsg.1-23etch1 Rationales: - 2.6.18.dfsg.1-23etch1: DSA 1687 linux-2.6 - several vulnerabilities Requires further Investigation -- These packages need further investigation. One reason the package is listed here could be that I'm not yet convinced this package should go into stable, but don't want to reject it entirely at the moment. Another reason could be that released and updated architectures are not yet in sync. Sourceful update of devscripts: version in stable: 2.9.26 version in updates: 2.9.26etch1 Rationales: - 2.9.26etch1: devscripts - Allow signing of changes files produced by dpkg versions = 1.14.17 (#474949) Problems: mipsel build missing Sourceful update of graphviz: version in stable: 2.8-2.4 version in updates: 2.8-3+etch1 Rationales: - 2.8-3+etch1: graphviz - fix stack overflow (CVE-2008-4555) Problems: ia64 and mipsel builds missing The builds for both packages are in and they are ready to be installed into stable. Sourceful update of perl: version in updates: 5.8.8-7etch4 version in updates-NEW: 5.8.8-7etch5 Rationales: - 5.8.8-7etch5: DSA 1678 perl - fix privilege escalation Problems: FTBFS on hppa This will hopefully be fixed with a new upload for the next point release. Packages Waiting for Investigation -- glpi | 0.68.2-1etch0.2 phpmyadmin | 2.9.1.1-9 squirrelmail | 1.4.9a-3 uw-imap | 2002edebian1-13.1+etch1 phpmyadmin and squirrelmail have been accepted. The other two (glpi and uw-imap) will be considered for the next point release. Covered DSAs The following DSAs are incorporated into this point release. Additionally to those already listed the following were accepted into this point release: DSA 1675 | phpmyadmin | fix cross site scripting, fix regression introduced in DSA 1641 DSA 1682 | squirrelmail | fix cross site scripting DSA 1687 | fai-kernels | several vulnerabilities DSA 1687 | linux-2.6 | several vulnerabilities DSA 1687 | user-mode-linux | several vulnerabilities Kind regards, Philipp Kern -- .''`. Philipp KernDebian Developer : :' : http://philkern.de Release Assistant `. `' xmpp:p...@0x539.de Stable Release Manager `-finger pkern/k...@db.debian.org signature.asc Description: Digital signature
Re: request removal of shc package from lenny
On Mon, Dec 08, 2008 at 01:32:47AM +0200, George Danchev wrote: Hereby I request removal of the shc package from lenny. For reference, this was automatically removed from lenny due to the removal from sid. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 signature.asc Description: Digital signature
Re: Unblock request: util-vserver 0.30.216~r2772-6
On Fri, Dec 12, 2008 at 11:43:44PM -0500, Micah Anderson wrote: So, with the hope that this is the last request I bother you with, would you please unblock 0.30.216~r2772-6 of util-vserver? Done by luk. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 signature.asc Description: Digital signature
Re: Please consider tagging this bug lenny-ignore (was: Bug#507003: initiatorname.iscsi should maybe not be in /etc)
tags 507003 +lenny-ignore thanks On Wed, Dec 03, 2008 at 12:33:52AM +0100, Carsten Hey wrote: This bug in open-iscsi is not a functional one and the package works quite well (although is against the policy). I consider the danger of a functional breakage through a possible fix before the release to high in comparison to the gain that would be accomplished by fixing this bug. Currently the submitter and a contributor (both DD's) are discussing whether the patch that is attached to this bug is broken or not ... Agreed. However, please note that the tag name is 'lenny-ignore' not 'squeeze-ignore'. This bug will need fixing soon after release. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 signature.asc Description: Digital signature
Re: Suggested removal: xwhois [was: Bug#507944: xwhois: segfaults on start in get_servers()]
On Sun, Dec 07, 2008 at 12:14:52PM +0100, Cyril Brulebois wrote: Agreed, looks like a candidate for removal from testing (-release@ Cc'd for that), and maybe even from unstable (-qa@ Cc'd for that). For reference, this was dropped from testing automatically due to the removal from unstable. Neil -- 02:14:04 stockholm crap. my squirrelmail does not work 02:14:07 stockholm Maulkin: ping signature.asc Description: Digital signature
Freeze exception request for gforge 4.7~rc2-7
Hi release team,
I would like to request a freeze exception for the gforge package.
Version currently in lenny is 4.7~rc2-6, and 4.7~rc2-7 has been
uploaded to unstable to close an SQL injection problem
(CVE-2008-2381). The only change (apart from change logs) is the
following:
=== modified file 'gforge/common/include/GroupJoinRequest.class.php'
--- gforge/common/include/GroupJoinRequest.class.php2008-05-27 20:56:57
+
+++ gforge/common/include/GroupJoinRequest.class.php2008-11-25 10:45:49
+
@@ -148,7 +148,7 @@
$sql=INSERT INTO group_join_request
(group_id,user_id,comments,request_date)
VALUES ('.$this-Group-getID().','.$user_id.',
- '.htmlspecialchars($comments).','.time().');
+
'.addslashes(htmlspecialchars($comments)).','.time().');
$result=db_query($sql);
if (!$result || db_affected_rows($result) 1) {
$this-setError('GroupJoinRequest::create() Posting
Failed '.db_error());
Thanks,
Roland.
--
Roland Mas
Sauvez un arbre, tuez un castor.
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Freeze exception for avogadro
* Michael Banck [Tue, 16 Dec 2008 01:58:22 +0100]: Dear release team, Please unblock avogadro_0.8.1-5. It fixes an important bug, #507046, which broke exporting graphics from avogadro. While the program is still usable without this, exporting graphics for publication use is a prime use-case of visualization programs, so we believe this bug should be fixed for lenny. Other changes are cosmetic fixes to debian/control in order to include VCS-* links and an improved description. Unblocked. -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org Listening to: Los Piratas - Inevitable -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Freeze exception for gnotime 2.3.0-4
* Goedson Paixao [Mon, 15 Dec 2008 17:22:45 -0200]: Hi, Please unblock gnotime 2.3.0-4 so it can migrate into lenny. It's a small bugfix for 507128. Here's the relevant debian/changelog entry: gnotime (2.3.0-4) unstable; urgency=low * debian/patches/06_fix_no_project_timer.dpatch: Fixes the condition for starting No project timeout timer (Closes: #507128). * debian/control: Changed Maintainer from pkg-qof-maintain...@lists.alioth.debian.org to goed...@debian.org * debian/patches/01_gnotime_desktop.patch: Added missing description Unblocked. -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org Listening to: Los Piratas - El cielo de lo nuestro -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Your advice on a t-p-u patch please
* Jonathan Wiltshire [Mon, 15 Dec 2008 18:20:40 +]: On Fri, Dec 12, 2008 at 08:44:28PM +0100, Adeodato Simó wrote: Please attach the patch so that we can decide, and sorry for the delayed response. Sorry, attached this time :-) Ok, please upload. Since it's a t-p-u upload, no need to mail again when you've done so. -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org Listening to: Los Piratas - El cielo de lo nuestro -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Unblock request for smstools (was: Fwd: Accepted smstools 3.1-2 (source i386))
* Patrick Schoenfeld [Mon, 15 Dec 2008 16:57:13 +0100]: Hi, I've uploaded a new version of smstools 3.1 to unstable in order to fix a bug with a severity important. Please hint it (3.1-2) into Testing. Unblocked. -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org Listening to: Los Piratas - El cielo de lo nuestro -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: frozen libraptor1 update request
* Jürgen Kertz [Mon, 15 Dec 2008 16:12:36 +0100]: Hello! Several Packages (like ardour) are waiting for the updated version of libraptor1, which has 1.4.17-1 in testing and 1.4.18-1 in unstable. As far as I can see the are no new bugs in 1.4.18, but it wont be updated because its already frozen. Please take a look at this if this issue can be resolved. Thank you! Sorry, new upstream releases of packages are not accepted at this point. Anyway ardour is itself frozen as well, and I'll note that it was removed from testing on 2007-08-05, and that it has not been a candidate for migration ever since. -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org Listening to: Los Piratas - Colores -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#506977: marked as done (FPC: copyright infringement in pre 2.2.2 sources)
Your message dated Wed, 17 Dec 2008 21:11:19 + with message-id e1ld3fr-0007fq...@ries.debian.org and subject line Bug#506977: fixed has caused the Debian Bug report #506977, regarding FPC: copyright infringement in pre 2.2.2 sources to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 506977: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506977 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: fpc Version: 2.2.0-dfsg1-9 Version: 2.0.0-4 Severity: serious Thanks As can be read in the changelog of the latest version the old source of fpc has a copyright infringment: - Possible CodeGear Copyright infringements in the source were reworked using cleanroom approach. Following the full discussion for the same issue in Ubuntu (discussed in LP bug 275688 [1]) it looks like upstream is now positive of the infringement. Upstream removed all old releases from their servers. Debian should probably seek for a similar solution or relicense (although the latter solution is said in [1] that it should probably never be mentioned) I know it is late for Lenny, but I think we should look into this ASAP. I will point debian-legal to this bug as well. Paul [1] https://bugs.launchpad.net/ubuntu/+source/fpc/+bug/275688 signature.asc Description: OpenPGP digital signature ---End Message--- ---BeginMessage--- We believe that the bug you reported is now fixed; the following package(s) have been removed from stable: fp-compiler |2.0.0-4 | amd64, i386, powerpc, sparc fp-docs |2.0.0-4 | all fp-ide |2.0.0-4 | amd64, i386, powerpc, sparc fp-units-base |2.0.0-4 | amd64, i386, powerpc, sparc fp-units-db |2.0.0-4 | amd64, i386, powerpc, sparc fp-units-fcl |2.0.0-4 | amd64, i386, powerpc, sparc fp-units-fv |2.0.0-4 | amd64, i386, powerpc, sparc fp-units-gfx |2.0.0-4 | amd64, i386, powerpc, sparc fp-units-gnome1 |2.0.0-4 | amd64, i386, powerpc, sparc fp-units-gtk |2.0.0-4 | amd64, i386, powerpc, sparc fp-units-gtk2 |2.0.0-4 | amd64, i386, powerpc, sparc fp-units-misc |2.0.0-4 | amd64, i386, powerpc, sparc fp-units-net |2.0.0-4 | amd64, i386, powerpc, sparc fp-units-rtl |2.0.0-4 | amd64, i386, powerpc, sparc fp-utils |2.0.0-4 | amd64, i386, powerpc, sparc fpc |2.0.0-4 | source gearhead |1.010-1 | source, amd64, i386, powerpc, sparc gearhead-data |1.010-1 | all imapcopy | 1.01+20060420-1 | source, amd64, i386, powerpc, sparc Note that the package(s) have simply been removed from the tag database and may (or may not) still be in the pool; this is not a bug. The package(s) will be physically removed automatically when no suite references them (and in the case of source, when no binary references it). Please also remember that the changes have been done on the master archive (ftp-master.debian.org) and will not propagate to any mirrors (ftp.debian.org included) until the next cron.daily run at the earliest. Packages are never removed from testing by hand. Testing tracks unstable and will automatically remove packages which were removed from unstable when removing them from testing causes no dependency problems. Bugs which have been reported against this package are not automatically removed from the Bug Tracking System. Please check all open bugs and close them or re-assign them to another package if the removed package was superseded by another one. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 506...@bugs.debian.org. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org. Debian distribution maintenance software pp. Joerg Jaspert (the ftpmaster behind the curtain) ---End Message---
Bug#439363: marked as done (RM: youtube-dl/etch -- RoQA; broken)
Your message dated Wed, 17 Dec 2008 21:15:21 + with message-id e1ld3jl-0007yq...@ries.debian.org and subject line Bug#439363: fixed has caused the Debian Bug report #439363, regarding RM: youtube-dl/etch -- RoQA; broken to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 439363: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439363 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: youtube-dl Version: 2007.06.22-1 Severity: grave Justification: renders package unusable youtube-cl ceased to work, independent of the file to download: , | | $ youtube-dl -t http://youtube.com/watch?v=fSgWZ-iR1IE | Retrieving video webpage... done. | Extracting video title... done. | Extracting video URL parameters... done. | failed. | Error: unable to download video data. | Try again several times. It may be a temporary problem. | Other typical problems: | | * Video no longer exists. | * Video requires age confirmation but you did not provide an account. | * You provided the account data, but it is not valid. | * The connection was cut suddenly for some reason. | * YouTube changed their system, and the program no longer works. | | Try to confirm you are able to view the video using a web browser. | Use the same video URL and account information, if needed, with this program. | When using a proxy, make sure http_proxy has http://host:port format. | Try again several times and contact me if the problem persists. | | | $ ` -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (900, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.21-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash Versions of packages youtube-dl depends on: ii python2.4.4-6An interactive high-level object-o youtube-dl recommends no packages. -- no debconf information ---End Message--- ---BeginMessage--- We believe that the bug you reported is now fixed; the following package(s) have been removed from stable: youtube-dl | 2006.11.12-1 | source, all Note that the package(s) have simply been removed from the tag database and may (or may not) still be in the pool; this is not a bug. The package(s) will be physically removed automatically when no suite references them (and in the case of source, when no binary references it). Please also remember that the changes have been done on the master archive (ftp-master.debian.org) and will not propagate to any mirrors (ftp.debian.org included) until the next cron.daily run at the earliest. Packages are never removed from testing by hand. Testing tracks unstable and will automatically remove packages which were removed from unstable when removing them from testing causes no dependency problems. Bugs which have been reported against this package are not automatically removed from the Bug Tracking System. Please check all open bugs and close them or re-assign them to another package if the removed package was superseded by another one. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 439...@bugs.debian.org. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org. Debian distribution maintenance software pp. Joerg Jaspert (the ftpmaster behind the curtain) ---End Message---
Re: Please allow base-files 5 in lenny
* Santiago Vila [Mon, 15 Dec 2008 11:53:49 +0100]:
As debian-installer people is already doing Release Candidates, I
think it's time those RCs carry 5.0 as the version number:
base-files (5) unstable; urgency=low
* Changed issue, issue.net and debian_version to read 5.0.
* Changed FAQ so that users of lenny as stable will know what happens
when they upgrade to the new testing.
-- Santiago Vila sanv...@debian.org Thu, 04 Dec 2008 10:04:04 +0100
Unblocked.
BTW: Should I worry about Bug#508772? This is the very first time in
10 years that someone seems unconvenienced by seeing a version number
like 5.0 in unstable for a few weeks. Are there really packages which
break because of this? If not, I feel that the BTS is being abused.
I talked with Rene, and we (sort of) agreed you should not worry about
this for Lenny. It is unfortunate that the way base-files is handled
currently breaks his build system, but that it is too late to do anything
about it.
However, there's been for a long time talk in the release team about how
to best handle the version files we ship, to accomodate to the various
uses people give to it.
We are going to introduce a package that ships a lsb_release file, and
we're going to handle it via the proposed-suite suites. Hopefully
lsb-release (the program) will move to using that file, but I'm know
thinking it could be reasonable to move debian_version and issue{,.net}
to this package, what do you think?
Cheers,
--
Adeodato Simó dato at net.com.org.es
Debian Developer adeodato at debian.org
Listening to: Los Piratas - Ultrasónica
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Freeze exception request for gforge 4.7~rc2-7
* Roland Mas [Wed, 17 Dec 2008 16:36:18 +0100]:
Hi release team,
I would like to request a freeze exception for the gforge package.
Version currently in lenny is 4.7~rc2-6, and 4.7~rc2-7 has been
uploaded to unstable to close an SQL injection problem
(CVE-2008-2381). The only change (apart from change logs) is the
following:
=== modified file 'gforge/common/include/GroupJoinRequest.class.php'
--- gforge/common/include/GroupJoinRequest.class.php 2008-05-27 20:56:57
+
+++ gforge/common/include/GroupJoinRequest.class.php 2008-11-25 10:45:49
+
@@ -148,7 +148,7 @@
$sql=INSERT INTO group_join_request
(group_id,user_id,comments,request_date)
VALUES ('.$this-Group-getID().','.$user_id.',
- '.htmlspecialchars($comments).','.time().');
+
'.addslashes(htmlspecialchars($comments)).','.time().');
$result=db_query($sql);
if (!$result || db_affected_rows($result) 1) {
$this-setError('GroupJoinRequest::create() Posting
Failed '.db_error());
Unblocked.
--
Adeodato Simó dato at net.com.org.es
Debian Developer adeodato at debian.org
Listening to: Los Piratas - M
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Unblock request for samba 3.2.5-2
* Christian Perrier [Sun, 14 Dec 2008 07:24:00 +0100]: As announced, I uploaded samba 2:3.2.5-2 yesterday with the following changes: samba (2:3.2.5-2) unstable; urgency=low * Fix typo in bug number in a comment for the default smb.conf file Closes: #507620 * Document the need to set appropriate permissions on the printer drivers directory, in the default smb.conf file. Also change the example group from ntadmin to lpadmin Closes: #459243 * Add missing rfc2307.so and sfu*.so links that prevent using the 'winbind nss info' feature properly Thans to Martin Dag Nilsson for reporting and Jelmer Jaarsma for the patch. Closes: #506109 -- Christian Perrier bubu...@debian.org Sat, 13 Dec 2008 13:56:07 +0100 The first two fixes are documentation-only. The third one is the one that motivated the upload and fixes an important bug that made a feature useless because of packaging errors. Unblocked. (I see a docs-xml/smbdotconf/parameters.global.xml.new file in the diff, hopefully it's harmless and can be dropped in the next upload.) -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org Listening to: Los Piratas - Mi matadero clandestino [Big Station] -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: HPPA and lenny
dann frazier wrote: On Mon, Dec 15, 2008 at 08:30:25PM +0100, Peter Palfrader wrote: Helge Deller schrieb am Montag, dem 15. Dezember 2008: Matt Taggart wrote: The real problem is that no one is fixing hppa kernel problems. I don't see much point in keeping the archive up to date if nobody is working on fixing the kernel (not currently and I suspect not in the future either). This has been stated on the debian-hppa list several times over a long period and in that time no one (AFAIK) has stepped up to work on it. Matt, We have done quite some bugfixing in the last weeks and upstream 2.6.28-rcX works pretty well now. What does that mean for the lenny 2.6.26 kernel? Well, obviously when there's a fix upstream we will look at backporting this into 2.6.26. I've just posted a short analysis of the problem and a proposed kernel patch in: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=478717#118 It fixes the kernel crashes for me and should help to do further analysis without crashing the running linux kernel. The patch (and the problem) needs further discussion on parisc-linux kernel mailing list though... Helge -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: HPPA and lenny
On Wed, Dec 17, 2008 at 11:08:59PM +0100, Helge Deller wrote: dann frazier wrote: On Mon, Dec 15, 2008 at 08:30:25PM +0100, Peter Palfrader wrote: Helge Deller schrieb am Montag, dem 15. Dezember 2008: Matt Taggart wrote: The real problem is that no one is fixing hppa kernel problems. I don't see much point in keeping the archive up to date if nobody is working on fixing the kernel (not currently and I suspect not in the future either). This has been stated on the debian-hppa list several times over a long period and in that time no one (AFAIK) has stepped up to work on it. Matt, We have done quite some bugfixing in the last weeks and upstream 2.6.28-rcX works pretty well now. What does that mean for the lenny 2.6.26 kernel? Well, obviously when there's a fix upstream we will look at backporting this into 2.6.26. I've just posted a short analysis of the problem and a proposed kernel patch in: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=478717#118 It fixes the kernel crashes for me and should help to do further analysis without crashing the running linux kernel. The patch (and the problem) needs further discussion on parisc-linux kernel mailing list though... Thanks Helge! Just in case its relevant to your investigation, note that this is also an issue when using a pure NPTL environment. -- dann frazier -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
permission to upload hdparm
Hi all, I'd like to upload a bugfix only version of hdparm, just to do a little bug triage before lenny makes it out the door. I cannot imagine any side effects of these changes, but since hdparm builds a udeb (not that it's used by the installer), I thought I should ask before upload as well as before even thinking about freeze exceptions. Patch below. Cheers, Index: debian/changelog === --- debian/changelog(revision 676) +++ debian/changelog(working copy) @@ -1,3 +1,11 @@ +hdparm (8.9-3) unstable; urgency=low + + * Fix output formatting for drives configured from /etc/default/hdparm +(closes: #494660) + * Add documentation about changing device names (closes: #421087) + + -- Stephen Gran sg...@debian.org Wed, 17 Dec 2008 22:45:28 + + hdparm (8.9-2) unstable; urgency=low * Remove stale stop links (closes: #497903) Index: debian/hdparm.init === --- debian/hdparm.init (revision 676) +++ debian/hdparm.init (working copy) @@ -389,9 +389,9 @@ ret=0 for drive in $harddisks; do WAS_RUN=1 + log_progress_msg $drive /sbin/hdparm -q -f $drive 2/dev/null|| ret=$? /sbin/hdparm -q $hdparm_opts -q $drive 2/dev/null|| ret=$? - log_progress_msg $drive done log_end_msg $ret || true fi Index: debian/README.Debian === --- debian/README.Debian(revision 676) +++ debian/README.Debian(working copy) @@ -62,6 +62,13 @@ /etc/hdparm.conf, that will fail the first time (as the device nodes don't yet exist) but will be properly set up when udev gets to them. + If you have devices that consistently come up in different orders (e.g., + today's /dev/sda is tomorrow's /dev/sdb), then you can do one of two + things. Either you can directly use one of the various /dev/disk-by-* + symlinks, or you can create a udev rule to create a symlink to your + drive with a more friendly name. Then point hdparm at these symlinks + as you previously did with /dev/sda. + Known problems, limitations, and work-arounds: Additional information from David B Harris: -- - | ,''`.Stephen Gran | | : :' :sg...@debian.org | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
please consider to unblock cryptsetup 1.0.6-7 for lenny
Hello, I just uploaded cryptsetup 1.0.6-7 with urgency=medium to debian/unstable. This version should be unblocked for lenny as it fixes one grave , one important and several normal to wishlist bugs. The complete changelog entry and debdiff are attached. The debdiff is not that small, but it includes mostly documentation changes. cryptsetup provides a udeb, thus i'm cc-ing debian-boot. Changelog: cryptsetup (2:1.0.6-7) unstable; urgency=medium * Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE in configure.in. * Support keyfiles option in bash completion. Thanks to Stefan Goebel for the patch. (closes: #499936) * Update patches/02_manpage.patch: Fix the documnetation of default cipher for LUKS mappings. (closes: #495832) * Update debian/watch file to reflect the move of project home to code.google.com. * Check for $CRYPTDISKS_ENABLE in cryptdisks initscripts instead of cryptdisks.functions. This way, cryptdisks_start/stop work even with $CRYPTDISKS_ENABLE != yes. Thanks to Pietro Abate. (closes: #506643) * Add force-start to cryptdisks(-early).init in order to support starting noauto devices manually. Thanks to Niccolo Rigacci. (closes: #505779) * Document how to enable remote device unlocking via dropbear ssh server in the initramfs during boot process. Thanks to Chris deb...@x.ray.net for the great work. (closes: #465902) * Completely remove support and documentation of the timeout option, document this in NEWS.Debian. (closes: #495509, #474120) * Use exit instead of return in decrypt_ssl keyscript. Thanks to Rene Wagner. (closes: #499704) * Fix initramfs/cryptpassdev-hook to check for passdev instead of mountdev. Thanks to Christoph Anton Mitterer. * cryptdisks.functions: - Search for keyscript in /lib/cryptdisks/scripts. the cryptoroot initramfs script already supports keyscripts without path as argument. Thanks to Christoph Anton Mitterer. * README.initramfs: - Remove the mention of bug #398302 from the section about suspend/resume, as this bug has been fixes for some time now. - Remove step 6 (mkswap) from the section about decrypt_derived, as it was superfluous. Thanks to Helmut Grohe. (closes: #491867) * Fix initramfs/cryptroot-script to use the lvm binary instead of vgchange. Thanks to Marc Haber. (closes: #506536) * Make get_lvm_deps() recursive in initramfs/cryptroot-hook. This is required to detect the dm-crypt device in setups with more than one level of device mapper mappings. For example if LVM is used with snapshots on top of the dm-crypt mapping. Thanks to Christian Jaeger for bugreport and patch, Ben Hutchings and Yves-Alexis Perez for help with debugging. (closes: #507721) * urgency=medium due to several important fixes. -- Jonas Meurer m...@debian.org Wed, 17 Dec 2008 21:25:45 +0100 Please don't hesitate to ask when you've questions regarding the upload. greetings, jonas diff -u cryptsetup-1.0.6/debian/watch cryptsetup-1.0.6/debian/watch --- cryptsetup-1.0.6/debian/watch +++ cryptsetup-1.0.6/debian/watch @@ -2 +2 @@ -opts=uversionmangle=s/luks-//;s/-pre/~pre/;s/-rc/~rc/ http://luks.endorphin.org/source/cryptsetup-(.*)\.tar\.bz2 +opts=uversionmangle=s/luks-//;s/-pre/~pre/;s/-rc/~rc/ http://cryptsetup.googlecode.com/files/cryptsetup-(.*)\.tar\.bz2 diff -u cryptsetup-1.0.6/debian/NEWS cryptsetup-1.0.6/debian/NEWS --- cryptsetup-1.0.6/debian/NEWS +++ cryptsetup-1.0.6/debian/NEWS @@ -1,3 +1,19 @@ +cryptsetup (2:1.0.6-7) unstable; urgency=medium + + Support for the timeout option has been removed from cryptdisks initscripts + in order to support splash screens and remote shells in boot process. + The implementation had been unclean and produced many anyway. + If you used the timeout option on headless systems without physical access, + then it's a much cleaner solution anyway, to use the 'noauto' option in + /etc/crypttab, and start the encrypted devices manually with + '/etc/init.d/cryptdisks force-start'. + Another approach is to start a minimal ssh-server in the initramfs and unlock + the encrypted devices after connecting to it. This even supports encrypted + root filesystems for headless server systems. + For more information, please see /usr/share/docs/cryptsetup/README.Debian.gz + + -- Jonas Meurer m...@debian.org Tue, 16 Dec 2008 18:37:16 +0100 + cryptsetup (2:1.0.6-4) unstable; urgency=medium The obsolete keyscript decrypt_old_ssl and the corresponding example script diff -u cryptsetup-1.0.6/debian/README.initramfs cryptsetup-1.0.6/debian/README.initramfs --- cryptsetup-1.0.6/debian/README.initramfs +++ cryptsetup-1.0.6/debian/README.initramfs @@ -138,9 +138,6 @@ in combination with encryption to keep the resume image safe from potential attackers. -Note: This will not work as expected until #398302 has been fixed as the -decrypted suspend image will currently not be recognized as such. - If
Unblock request: xnc 5.0.4-3
Hi,
Please consider unblocking xnc 5.0.4-3. It closes an LFS release goal
bug and some others. I did bump the compat level on this one because it
was 3, if that makes a difference in your decision.
Here is the changelog entry:
xnc (5.0.4-3) unstable; urgency=low
* QA upload.
+ Set maintainer to Debian QA Group packa...@qa.debian.org.
* Add ${misc:Depends}.
* Bump debhelper build-dep and compat to 5.
+ Move DH_COMPAT from rules to debian/compat.
* Update doc-base section to File Managemnt.
* Update x-dev build-dep to x11proto-core-dev.
* Display 2Gb files properly. (Closes: #451239).
+ Thanks to Emil Nowak for the patch.
* Fix spelling error in debian/doc-base.
* Fix some typos and grammar errors in manpages.
+ Thanks to A Costa for the patches.
* Fix hyphens used as minus in manpages.
* Make clean not ignore errors.
* Remove config.status and config.log on clean.
* Remove Encoding field from desktop file.
* Install xnc.desktop in proper dir.
* Bump Standards Version to 3.8.0.
+ Menu policy transition.
-- Barry deFreese bdefre...@debian.org Fri, 05 Dec 2008 15:53:11 -0500
Thank you,
Barry deFreese
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
