Bug#446299: May be the same bug as #443905

2007-10-12 Thread Giangiacomo Mariotti 
Here I have the same error as above.Anyway the 'eclipse' executable doesn't 
crush and continue to live after java vm has crushed.


Output of command : eclipse -debug -consoleLog

searching for compatible vm...
  testing /usr/lib/jvm/java-gcj...not found
  testing /usr/lib/kaffe/pthreads...not found
  testing /usr/lib/jvm/java-6-sun...found
Install location:
file:/usr/lib/eclipse/
Configuration file:
file:/usr/lib/eclipse/configuration/config.ini loaded
Configuration location:
file:/home/mrio/.eclipse/org.eclipse.platform_3.2.0/configuration/
Configuration file:

file:/home/mrio/.eclipse/org.eclipse.platform_3.2.0/configuration/config.ini 
not found or not read
Shared configuration location:
file:/usr/lib/eclipse/configuration/
Framework located:
file:/usr/lib/eclipse/plugins/org.eclipse.osgi_3.2.2.R32x_v20070118.jar
Framework classpath:
file:/usr/lib/eclipse/plugins/org.eclipse.osgi_3.2.2.R32x_v20070118.jar
Splash location:

/usr/lib/eclipse/plugins/org.eclipse.platform_3.2.2.r322_v20070117b/splash.bmp
runCommand:

<-name><-showsplash><600>
Debug options:
file:/home/mrio/.options not found
Time to load bundles: 233
Starting application: 13328
!SESSION 2007-10-12 06:45:20.278 ---
eclipse.buildId=M20070212-1330
java.version=1.6.0_03
java.vendor=Sun Microsystems Inc.
BootLoader constants: OS=linux, ARCH=x86_64, WS=gtk, NL=en_US
Command-line arguments:  -os linux -ws gtk -arch x86_64 -debug -consoleLog

!ENTRY org.eclipse.osgi 2 1 2007-10-12 06:45:33.660
!MESSAGE NLS missing message: initializer_error in: 
org.eclipse.core.internal.runtime.messages

!ENTRY org.eclipse.osgi 2 1 2007-10-12 06:45:33.662
!MESSAGE NLS missing message: fileInitializer_fileNotFound in: 
org.eclipse.core.internal.runtime.messages

!ENTRY org.eclipse.osgi 2 1 2007-10-12 06:45:33.663
!MESSAGE NLS missing message: fileInitializer_IOError in: 
org.eclipse.core.internal.runtime.messages

!ENTRY org.eclipse.osgi 2 1 2007-10-12 06:45:33.664
!MESSAGE NLS missing message: fileInitializer_missingFileName in: 
org.eclipse.core.internal.runtime.messages
Start VM: /usr/lib/jvm/java-6-sun/bin/java
-Djava.library.path=/usr/lib/jni
-Dgnu.gcj.precompiled.db.path=/var/lib/gcj-4.2/classmap.db
-Dgnu.gcj.runtime.VMClassLoader.library_control=never
-Dosgi.locking=none
-jar /usr/lib/eclipse/startup.jar
-os linux
-ws gtk
-arch x86_64
-launcher /usr/lib/eclipse/eclipse
-name Eclipse
-showsplash 600
-exitdata 270013
-install /usr/lib/eclipse
-debug
-consoleLog
-vm /usr/lib/jvm/java-6-sun/bin/java
-vmargs
-Djava.library.path=/usr/lib/jni
-Dgnu.gcj.precompiled.db.path=/var/lib/gcj-4.2/classmap.db
-Dgnu.gcj.runtime.VMClassLoader.library_control=never
-Dosgi.locking=none
-jar /usr/lib/eclipse/startup.jar 
/usr/lib/bug-buddy/Eclipse: No such file or directory.





  

Check out the hottest 2008 models today at Yahoo! Autos.
http://autos.yahoo.com/new_cars.html

Bug#431583: bug is still there

2007-10-12 Thread Thomas B. Ruecker 

is anyone going to care and apply the fix?
A fix is already proposed...

just my 0,02€

Thomas

Bug#445801: marked as done (dfo: FTBFS: reads file in my homedir)

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Fri, 12 Oct 2007 07:32:02 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#445801: fixed in dfo 0.7+svn45-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: dfo
version: 0.7+svn45-1
Severity: serious
User: [EMAIL PROTECTED]
Usertags: qa-ftbfs-20071007 qa-ftbfs
Justification: FTBFS on i386

Hi,

During a rebuild of all packages in sid, your package failed to build on i386.

Relevant part:
dpkg-source: building dfo in dfo_0.7+svn45-1.dsc
 debian/rules build
test -x debian/rules
mkdir -p "."
/usr/bin/make -f debian/rules reverse-config
make[1]: Entering directory `/build/user/dfo-0.7+svn45'
make[1]: Nothing to be done for `reverse-config'.
make[1]: Leaving directory `/build/user/dfo-0.7+svn45'
if [ -n "patches" ] ; then \
  if [ -L ./patches ] ; then : ; else \
(cd .; ln -s /build/user/dfo-0.7+svn45/debian/patches patches) ; \
  fi ; \
fi
cd . && QUILT_PATCHES=patches quilt --quiltrc /dev/null push -a || test $? = 2
Applying patch icons_dir.diff
patching file DeskFlickrUI.cs

Applying patch run.sh.diff
patching file run.sh

Applying patch compile.diff
patching file compile.sh

Now at patch compile.diff
touch debian/stamp-patched
/usr/bin/make -f debian/rules update-config
make[1]: Entering directory `/build/user/dfo-0.7+svn45'
make[1]: Nothing to be done for `update-config'.
make[1]: Leaving directory `/build/user/dfo-0.7+svn45'
/bin/sh compile.sh

** (/usr/lib/mono/2.0/gmcs.exe:11636): CRITICAL **: _wapi_shm_file_open: shared 
file 
[/nonexistent/.wapi/shared_data-gdx0167.orsay.grid5000.fr-Linux-i686-312-11-0] 
open error: No such file or directory

** (/usr/lib/mono/2.0/gmcs.exe:11636): CRITICAL **: _wapi_shm_attach: shared 
file 
[/nonexistent/.wapi/shared_data-gdx0167.orsay.grid5000.fr-Linux-i686-312-11-0] 
open error

** ERROR **: file shared.c: line 337 (shm_semaphores_init): assertion failed: 
(tmp_shared != NULL)
aborting...
Stacktrace:


Native stacktrace:

/usr/bin/mono [0x81ab4d7]
/usr/bin/mono [0x818e960]
[0xe600]
/lib/libc.so.6(abort+0x101) [0x556940f1]
/usr/lib/libglib-2.0.so.0 [0x555bde99]
/usr/lib/libglib-2.0.so.0(g_log+0x29) [0x555bdec9]
/usr/lib/libglib-2.0.so.0(g_assert_warning+0x70) [0x555bdf40]
/usr/bin/mono [0x81461ca]
/usr/bin/mono [0x8146959]
/usr/bin/mono [0x813634a]
/usr/bin/mono(mono_once+0xbc) [0x8141ba8]
/usr/bin/mono [0x8136909]
/usr/bin/mono [0x8144bd2]
/usr/bin/mono [0x814522c]
/usr/bin/mono [0x80f5f69]
/usr/bin/mono(mono_runtime_init+0x15) [0x80fcbe9]
/usr/bin/mono [0x818fbe9]
/usr/bin/mono(mono_main+0xeae) [0x805b9f6]
/usr/bin/mono [0x8059a96]
/lib/libc.so.6(__libc_start_main+0xe0) [0x5567e050]
/usr/bin/mono [0x8059a11]

=
Got a SIGABRT while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries 
used by your application.
=

compile.sh: line 2: 11636 Aborted gmcs -pkg:glade-sharp-2.0 
-pkg:gconf-sharp-2.0 -r:/usr/lib/cli/flickrnet-2.1.5/FlickrNet.dll 
-r:System.Data -r:Mono.Data.SqliteClient.dll -resource:glade/organizer.glade 
Main.cs *.cs
make: *** [debian/stamp-build] Error 134

The full build log is available from
http://people.debian.org/~lucas/logs/2007/10/07

A list of current common problems and possible solutions is available at 
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on about 50 AMD64 nodes
of the Grid'5000 platform, using a clean chroot containing a sid i386
environment.  Internet was not accessible from the build systems.

-- 
| Lucas Nussbaum
| [EMAIL PROTECTED]   http://www.lucas-nussbaum.net/ |
| jabber: [EMAIL PROTECTED] GPG: 1024D/023B3F4F |


--- End Message ---
--- Begin Message ---
Source: dfo
Source-Version: 0.7+svn45-2

We believe that the bug you reported is fixed in the latest version of
dfo, which is due to be installed in the Debian FTP archive:

dfo_0.7+svn45-2.diff.gz
  to pool/main/d/dfo/dfo_0.7+svn45-2.diff.gz
dfo_0.7+svn45-2.dsc
  to pool/main/d/dfo/dfo_0.7+svn45-2.dsc
dfo_0.7+svn45-2_all.deb
  to pool/main/d/dfo/dfo_0.7+svn45-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for re

Processed (with 2 errors): Re: Bug#446298: /usr/lib/pbuilder/pbuilder-satisfydepends is an internal script

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> Hello Vincent,
Unknown command or malformed arguments to command.

> Thank you for your suggestions.
Unknown command or malformed arguments to command.

> reassign 446298 devscripts
Bug#446298: pbuilder-satisfydepends remove existing packages: openoffice, kde, 
etc
Bug reassigned from package `pbuilder' to `devscripts'.

> --
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446192: CVE-2007-5300 possible arbitrary code execution

2007-10-12 Thread Pierre Chifflier 
On Thu, Oct 11, 2007 at 01:27:17AM +0200, Nico Golde wrote:
> Package: wzdftpd
> Version: 0.5.2-1.1sarge2
> Severity: grave
> Tags: security
> 
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for wzdftpd.
> 
> CVE-2007-5300[0]:
> | Off-by-one error in the do_login_loop function in
> | libwzd-core/wzd_login.c in wzdftpd 0.8.2 and earlier allows remote
> | attackers to cause a denial of service (daemon crash) via a long USER
> | command that triggers a stack-based buffer overflow.  NOTE: some of
> | these details are obtained from third party information.
> 
> If you fix this vulnerability please also include the CVE id
> in your changelog entry.
> 
> For further information:
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5300
> 

Hi,

The login system has changed a lot since 0.5.2. At the first look, I
believe the exploit will not work for 0.5.2, or not the same way.
The real problem was caused by a memset with a wrong length, which was
introduced on recent versions (which means etch, testing and unstable
are impacted). Sarge version does not have this problem.

The only fixable thing is a possible off-by-one in do_login_loop (patch
attached).

I'm also working on patches for other versions as well (feel free to NMU
if you want).

Regards,
Pierre
--- src/wzd_ClientThread.c.orig	2007-10-12 09:58:25.0 +0200
+++ src/wzd_ClientThread.c	2007-10-12 10:02:37.0 +0200
@@ -3267,7 +3267,7 @@
 
   while (1) {
 /* wait response */
-ret = (context->read_fct)(context->controlfd,buffer,BUFFER_LEN,0,HARD_XFER_TIMEOUT,context);
+ret = (context->read_fct)(context->controlfd,buffer,BUFFER_LEN-1,0,HARD_XFER_TIMEOUT,context);
 
 if (ret == 0) {
   out_err(LEVEL_FLOOD,"Connection closed or timeout (socket %d)\n",context->controlfd);

Bug#444715: reopening 297662

2007-10-12 Thread Jon Dowland 
# Automatically generated email from bts, devscripts version 2.10.9
# perhaps skippy-xd should be packaged before it can supercede skippy?
reopen 297662 [EMAIL PROTECTED]




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#423203: marked as done (forrest: should this package be removed?)

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Fri, 12 Oct 2007 10:51:56 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Bug#423203: forrest: should this package be removed?
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: forrest
Version: 0.5.1-4
Severity: serious
User: [EMAIL PROTECTED]
Usertags: proposed-removal

Hi,

While reviewing packages that were not included in Etch, your package
came up as a possible candidate for removal from Debian, because:
 * RC-buggy
 * no users (popcon insts: 1)
 * orphaned for 8 months
 * new upstream release available since 2.5 years ago

If you think that it should be orphaned instead of being removed from
Debian, please reply to this bug and tell so.

If you agree, sending the following commands to [EMAIL PROTECTED]
should do it (after replacing nn with this bug's number):
severity nn normal
reassign nn ftp.debian.org
retitle nn RM: forrest -- RoM; no users, RC-buggy, orphaned
thanks

For more information, see
http://wiki.debian.org/ftpmaster_Removals
http://ftp-master.debian.org/removals.txt

If you disagree and want to continue to maintain this package, please
just close this bug, preferably in an upload also fixing the other
issues.

Thank you,
-- 
| Lucas Nussbaum
| [EMAIL PROTECTED]   http://www.lucas-nussbaum.net/ |
| jabber: [EMAIL PROTECTED] GPG: 1024D/023B3F4F |

--- End Message ---
--- Begin Message ---
On 10/05/07 at 16:53 +0200, Lucas Nussbaum wrote:
> Package: forrest
> Version: 0.5.1-4
> Severity: serious
> User: [EMAIL PROTECTED]
> Usertags: proposed-removal
> 
> Hi,
> 
> While reviewing packages that were not included in Etch, your package
> came up as a possible candidate for removal from Debian, because:
>  * RC-buggy
>  * no users (popcon insts: 1)
>  * orphaned for 8 months
>  * new upstream release available since 2.5 years ago

forrest was removed, closing bug.

-- 
| Lucas Nussbaum
| [EMAIL PROTECTED]   http://www.lucas-nussbaum.net/ |
| jabber: [EMAIL PROTECTED] GPG: 1024D/023B3F4F |

--- End Message ---

Bug#423357: marked as done (vstream: should this package be removed?)

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Fri, 12 Oct 2007 10:54:48 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Bug#423357: Acknowledgement of maintainer-only report 
(vstream: should this package be removed?)
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: vstream
Version: 0.4.5-4
Severity: serious
User: [EMAIL PROTECTED]
Usertags: proposed-removal

Hi,

While reviewing packages that were not included in Etch, your package came
up as a possible candidate for removal from Debian, because:

* Orphaned
* Probably outdated (last maintainer upload 2003)
* RC Buggy

If you think that it should be orphaned instead of being removed from Debian,
please reply to this bug and tell so.

If you agree, sending the following commands to [EMAIL PROTECTED]
should do it (after replacing nn with this bug's number):
severity nn normal
reassign nn ftp.debian.org
retitle nn RM:  -- RoM;  
thanks

For more information, see
http://wiki.debian.org/ftpmaster_Removals
http://ftp-master.debian.org/removals.txt

If you disagree and want to continue to maintain this package, please just
close this bug, preferably in an upload also fixing the other issues.

Thank you,
- michael

--- End Message ---
--- Begin Message ---
Package was removed, closing bug.
-- 
| Lucas Nussbaum
| [EMAIL PROTECTED]   http://www.lucas-nussbaum.net/ |
| jabber: [EMAIL PROTECTED] GPG: 1024D/023B3F4F |

--- End Message ---

Processed: setting package to wesnoth wesnoth-aoi wesnoth-data wesnoth-did wesnoth-editor wesnoth-ei wesnoth-httt wesnoth-l wesnoth-music wesnoth-nr wesnoth-server wesnoth-sof wesnoth-sotbe wesnoth-tr

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.8
> package wesnoth wesnoth-aoi wesnoth-data wesnoth-did wesnoth-editor 
> wesnoth-ei wesnoth-httt wesnoth-l wesnoth-music wesnoth-nr wesnoth-server 
> wesnoth-sof wesnoth-sotbe wesnoth-trow wesnoth-tsg wesnoth-ttb wesnoth-utbs
Ignoring bugs not assigned to: wesnoth-nr wesnoth-did wesnoth-editor wesnoth-ei 
wesnoth-server wesnoth-ttb wesnoth-l wesnoth-sotbe wesnoth-data wesnoth-sof 
wesnoth-trow wesnoth-tsg wesnoth-aoi wesnoth wesnoth-utbs wesnoth-music 
wesnoth-httt

> tags 446295 + pending
Bug#446295: uninstallable due to file conflict between wesnoth & wesnoth-data
There were no tags set.
Tags added: pending

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#445779: changing environment language helps a little

2007-10-12 Thread Benjamin Gufler 
Package: rdesktop
Version: 1.5.0-2+cvs20071006
Followup-For: Bug #445779

Indeed, setting LANG=C allows me to start rdesktop, and exactly as
you're describing, by hitting the enter key, it crashes again.

Benjamin



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446341: Security issue CVE-2006-5815, please upload the new upstream release

2007-10-12 Thread Fabio Tranchitella 
Package: proftpd-dfsg
Version: 1.3.0-19
Severity: grave
Tags: security

Hi,

according to the proftpd home page, version 1.3.0 is affected by a
security issue with CVE id CVE-2006-5815.

Upstream released 1.3.0a to address the security hole, which is suitable
for the stable release.

For unstable, it is probably better to upload 1.3.1, released one week
ago.

Thanks,

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

-- 
Fabio Tranchitella http://www.kobold.it
Free Software Developer and Consultant http://www.tranchitella.it
_
1024D/7F961564, fpr 5465 6E69 E559 6466 BF3D 9F01 2BF8 EE2B 7F96 1564



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446339: Security issue CVE-2006-5815, please upload the new upstream release

2007-10-12 Thread Fabio Tranchitella 
Package: proftpd-dfsg
Version: 1.3.0-19
Severity: grave
Tags: security

Hi,

according to the proftpd home page, version 1.3.0 is affected by a
security issue with CVE id CVE-2006-5815.

Upstream released 1.3.0a to address the security hole, which is suitable
for the stable release.

For unstable, it is probably better to upload 1.3.1, released one week
ago.

Thanks,

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.18-5-xen-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to it_IT.UTF-8)
Shell: /bin/sh linked to /bin/dash



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446340: ggcov: needs libbfd-2.17.50.20070426.so, which is not in Debian

2007-10-12 Thread Jiří Paleček 

Package: ggcov
Version: 0.8-4
Severity: serious
Justification: renders package unusable

Hello,

when I run ldd $(which ggcov), I get

linux-gate.so.1 =>  (0xb7f9d000)
/usr/lib/debreaper/libviaticum.so (0xb7f98000)
libglade-2.0.so.0 => /usr/lib/libglade-2.0.so.0 (0xb7f5f000)
libxml2.so.2 => /usr/lib/libxml2.so.2 (0xb7e42000)
libgnomeui-2.so.0 => /usr/lib/libgnomeui-2.so.0 (0x4a55)
libSM.so.6 => /usr/lib/libSM.so.6 (0xb7e3a000)
libICE.so.6 => /usr/lib/libICE.so.6 (0x421df000)
libbonoboui-2.so.0 => /usr/lib/libbonoboui-2.so.0 (0x4a4cd000)
libgnomevfs-2.so.0 => /usr/lib/libgnomevfs-2.so.0 (0x4a474000)
libgnome-keyring.so.0 => /usr/lib/libgnome-keyring.so.0  
(0x4a52c000)
libgnomecanvas-2.so.0 => /usr/lib/libgnomecanvas-2.so.0  
(0x42ae7000)

libgnome-2.so.0 => /usr/lib/libgnome-2.so.0 (0x4a53a000)
libpopt.so.0 => /lib/libpopt.so.0 (0x42e1d000)
libart_lgpl_2.so.2 => /usr/lib/libart_lgpl_2.so.2 (0x425b7000)
libpangoft2-1.0.so.0 => /usr/lib/libpangoft2-1.0.so.0 (0xb7e0c000)
libgtk-x11-2.0.so.0 => /usr/lib/libgtk-x11-2.0.so.0 (0xb7abc000)
libgdk-x11-2.0.so.0 => /usr/lib/libgdk-x11-2.0.so.0 (0xb7a39000)
libatk-1.0.so.0 => /usr/lib/libatk-1.0.so.0 (0x4295d000)
libgdk_pixbuf-2.0.so.0 => /usr/lib/libgdk_pixbuf-2.0.so.0  
(0xb7a23000)
libpangocairo-1.0.so.0 => /usr/lib/libpangocairo-1.0.so.0  
(0xb7a19000)

libfontconfig.so.1 => /usr/lib/libfontconfig.so.1 (0x423ad000)
libXext.so.6 => /usr/lib/libXext.so.6 (0xb7a0b000)
libXrender.so.1 => /usr/lib/libXrender.so.1 (0xb7a03000)
libXinerama.so.1 => /usr/lib/libXinerama.so.1 (0xb7a0)
libXi.so.6 => /usr/lib/libXi.so.6 (0x4243b000)
libXrandr.so.2 => /usr/lib/libXrandr.so.2 (0x4245)
libXcursor.so.1 => /usr/lib/libXcursor.so.1 (0xb79f6000)
libXfixes.so.3 => /usr/lib/libXfixes.so.3 (0xb79f1000)
libpango-1.0.so.0 => /usr/lib/libpango-1.0.so.0 (0xb79b4000)
libcairo.so.2 => /usr/lib/libcairo.so.2 (0xb793e000)
libX11.so.6 => /usr/lib/libX11.so.6 (0x420c4000)
libbonobo-2.so.0 => /usr/lib/libbonobo-2.so.0 (0x42a15000)
libbonobo-activation.so.4 => /usr/lib/libbonobo-activation.so.4  
(0x429ff000)

libgconf-2.so.4 => /usr/lib/libgconf-2.so.4 (0xb790c000)
libgmodule-2.0.so.0 => /usr/lib/libgmodule-2.0.so.0 (0xb7908000)
libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7904000)
libORBit-2.so.0 => /usr/lib/libORBit-2.so.0 (0x42979000)
libgthread-2.0.so.0 => /usr/lib/libgthread-2.0.so.0 (0xb78ff000)
librt.so.1 => /lib/i686/cmov/librt.so.1 (0xb78f6000)
libgobject-2.0.so.0 => /usr/lib/libgobject-2.0.so.0 (0xb78bb000)
libglib-2.0.so.0 => /usr/lib/libglib-2.0.so.0 (0xb77ff000)
libbfd-2.17.50.20070426.so => not found
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0xb7716000)
libm.so.6 => /lib/i686/cmov/libm.so.6 (0xb76f1000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0xb76e5000)
libpthread.so.0 => /lib/i686/cmov/libpthread.so.0 (0xb76ce000)
libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7586000)
libz.so.1 => /usr/lib/libz.so.1 (0xb757)
libjpeg.so.62 => /usr/lib/libjpeg.so.62 (0x4245f000)
libdbus-glib-1.so.2 => /usr/lib/libdbus-glib-1.so.2 (0xb7555000)
libdbus-1.so.3 => /usr/lib/libdbus-1.so.3 (0xb752)
libgnutls.so.13 => /usr/lib/libgnutls.so.13 (0xb74a7000)
libavahi-glib.so.1 => /usr/lib/libavahi-glib.so.1 (0xb74a4000)
libavahi-common.so.3 => /usr/lib/libavahi-common.so.3 (0xb7499000)
libavahi-client.so.3 => /usr/lib/libavahi-client.so.3 (0xb748a000)
libresolv.so.2 => /lib/i686/cmov/libresolv.so.2 (0xb7477000)
libselinux.so.1 => /lib/libselinux.so.1 (0x4a458000)
libutil.so.1 => /lib/i686/cmov/libutil.so.1 (0xb7472000)
libesd.so.0 => /usr/lib/libesd.so.0 (0x43de)
libaudiofile.so.0 => /usr/lib/libaudiofile.so.0 (0x43dba000)
libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0xb7403000)
libexpat.so.1 => /usr/lib/libexpat.so.1 (0x4231f000)
libXau.so.6 => /usr/lib/libXau.so.6 (0xb73ff000)
libpng12.so.0 => /usr/lib/libpng12.so.0 (0xb73dc000)
libXdmcp.so.6 => /usr/lib/libXdmcp.so.6 (0x421b2000)
libORBitCosNaming-2.so.0 => /usr/lib/libORBitCosNaming-2.so.0  
(0x4259a000)

/lib/ld-linux.so.2 (0x4f0ed000)
libnsl.so.1 => /lib/i686/cmov/libnsl.so.1 (0xb73c3000)
libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x42f83000)
libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0x42f03000)
libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0x42f09000)
libsepol.so.1 => /lib/libsepol.so.1 (0x4a416000)
libasound.so.2 => /usr/lib/libasound.so.2 (0xb72fe000)

Particularly the line

libbfd-2.17.50.20070426.so => not found

is interresting, because this f

Bug#446354: dhcp: stack-based buffer overflow (CVE-2007-5365)

2007-10-12 Thread Steffen Joeris 
Package: dhcp
Severity: grave
Tags: security
Justification: user security hole

Hi

The following CVE[0] has been issued against dhcp.

CVE-2007-5365:

Stack-based buffer overflow in the cons_options function in options.c in
dhcpd in OpenBSD 4.0 through 4.2 allows remote attackers to execute
arbitrary code or cause a denial of service (daemon crash) via a DHCP
request specifying a maximum message size smaller than the minimum IP
MTU.

A patch is attached below. Please tell me, if you want to take care of
it or if i should upload.

Cheers
Steffen

[0]: http://ve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5365

diff -u dhcp-2.0pl5dfsg1/debian/changelog dhcp-2.0pl5dfsg1/debian/changelog
--- dhcp-2.0pl5dfsg1/debian/changelog
+++ dhcp-2.0pl5dfsg1/debian/changelog
@@ -1,3 +1,12 @@
+dhcp (2.0pl5dfsg1-20.1) unstable; urgency=high
+
+  * Non-maintainer upload by the testing-security team
+  * Fix stack-based buffer overflow in options.c, which allows arbitrary
+code execution or cause of a DoS through remote attackers
+Fixes: CVE-2007-5365
+
+ -- Steffen Joeris <[EMAIL PROTECTED]>  Fri, 12 Oct 2007 12:33:17 +
+
 dhcp (2.0pl5dfsg1-20) unstable; urgency=medium

   * Taking over unmaintained package.
only in patch2:
unchanged:
--- dhcp-2.0pl5dfsg1.orig/debian/patches/305_CVE-2007-5365.patch
+++ dhcp-2.0pl5dfsg1/debian/patches/305_CVE-2007-5365.patch
@@ -0,0 +1,16 @@
+--- options.c.orig 2007-10-12 12:22:41.0 +
 dhcp-2.0pl5dfsg1/common/options.c  2007-10-12 12:23:42.0 +
+@@ -188,9 +188,12 @@
+   inpacket &&
+   inpacket -> options [DHO_DHCP_MAX_MESSAGE_SIZE].data &&
+   (inpacket -> options [DHO_DHCP_MAX_MESSAGE_SIZE].len >=
+-   sizeof (u_int16_t)))
++   sizeof (u_int16_t))){
+   mms = getUShort (inpacket -> options
+[DHO_DHCP_MAX_MESSAGE_SIZE].data);
++   if (mms < 576)
++  mms = 576;/* mms must be >= minimum IP 
MTU */
++  }
+
+   /* If the client has provided a maximum DHCP message size,
+  use that; otherwise, if it's BOOTP, only 64 bytes; otherwise



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#445475: upload?

2007-10-12 Thread Steffen Joeris 
Hi

We were just wondering, if you need help with the upload. I think you said 
that you want to upload yourself, but I thought quickly checking with you 
would be a good idea :)

Cheers
Steffen


signature.asc
Description: This is a digitally signed message part.

Processed: Bug#444516: gtkmm2.4: FTBFS: error: 'const struct _GtkToolbar'

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> tags 444516 fixed-upstream pending
Bug#444516: gtkmm2.4: FTBFS: error: 'const struct _GtkToolbar' has no member 
named 'tooltips'
There were no tags set.
Tags added: fixed-upstream, pending

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed (with 1 errors): your mail

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> tags 445799 + pending
Bug#445799: gnome-subtitles: FTBFS: checking for XML::Parser... configure: 
error: XML::Parser perl module is required for intltool
There were no tags set.
Tags added: pending

> fix sent to my sponsor
Unknown command or malformed arguments to command.

> --
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446373: CVE-2007-4992 stack based buffer overflow

2007-10-12 Thread Nico Golde 
Package: firebird1.5
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for firebird1.5.

CVE-2007-4992[0]:
| Stack-based buffer overflow in the process_packet function in
| fbserver.exe in Firebird SQL 2.0.2 allows remote attackers to execute
| arbitrary code via a long request to TCP port 3050.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

I had a look at remote/server.cpp, the vulnerable code is
the following:
3049: TEXT msg[128];
...
3064 if (string = port-  port_user_name) {
3065 sprintf(msg,
3066 "SERVER/process_packet: connection rejected for %*.*s",
3067 string-  str_length, string-  str_length,
3068 string-  str_data);
3069 gds__log(msg, 0);

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4992

Kind regards
Nico

-- 
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.


pgpHm79IYRl8i.pgp
Description: PGP signature

Bug#444704: ttyrec is not redundant

2007-10-12 Thread Lucas Nussbaum 
On 12/10/07 at 15:06 +0200, Adam Borowski wrote:
> I would say that ttyrec is worth keeping.

Hi Adam,

Would you be interested in maintaining ttyrec in Debian?

Your rationale for keeping it seems good, thanks for providing that
info.

Lucas



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446382: LUKS setup stops working after upgrade

2007-10-12 Thread Bas Zoetekouw 
Package: libpam-mount
Version: 0.29-1
Severity: serious

(The severity should probably be important, but I'm setting this to
serious because you might want to fix this bug before the package
is accepted into testing.  Feel free to downgrade it if you disagree.)

After the upgrade to 0.29-1, I couldn't login anymore.  It turned out
that there is some kind of new config file format, which my old config
(LUKS mount of my homedir) was converted to.

Unfortunately, the conversion didn't go well.  It seems the script
converted 

  volume bas crypt - /dev/mapper/emilia-bas_crypto /home/bas - - -

from pam_mount.conf to 

  

which doesn't work.  After changing it to

  

if works again, so I guess this is a bug in the conversion script.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.22.1 (PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libpam-mount depends on:
ii  libc6  2.6.1-5   GNU C Library: Shared libraries
ii  libhx101.10.1-1  A library providing queue, tree, I
ii  libpam0g   0.99.7.1-5Pluggable Authentication Modules l
ii  libssl0.9.80.9.8e-9  SSL shared libraries
ii  libxml-writer-perl 0.603-1   Perl module for writing XML docume
ii  libxml22.6.30.dfsg-2 GNOME XML library
ii  mount  2.13-8Tools for mounting and manipulatin

libpam-mount recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 439495

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.8
> tags 439495 + lenny sid
Bug#439495: maint-guide: FTBFS: debiandoc2latexps: ERROR: maint-guide.ko.dvi 
could not be generated properly
There were no tags set.
Tags added: lenny, sid

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 439459

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.8
> tags 439459 + lenny sid
Bug#439459: ssldump: FTBFS: error: net/bpf.h: No such file or directory
Tags were: patch
Tags added: lenny, sid

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 439482

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.8
> tags 439482 + lenny sid
Bug#439482: packit: FTBFS: error: net/bpf.h: No such file or directory
Tags were: patch
Tags added: lenny, sid

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 439458

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.8
> tags 439458 + lenny sid
Bug#439458: tcpslice: FTBFS: error: net/bpf.h: No such file or directory
Tags were: patch
Tags added: lenny, sid

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 439448

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.8
> tags 439448 + lenny sid
Bug#439448: ttt: FTBFS: error: argument 'device' doesn't match prototype
Tags were: patch
Tags added: lenny, sid

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: fixed 384258 in 1.02-6

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.9
> fixed 384258 1.02-6
Bug#384258: ewiki depends on php4, I have tested and it seems to work fine 
under php5
Bug marked as fixed in version 1.02-6.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#445439: marked as done (open-vm-tools: Should go in contrib; not useful without VMWare)

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Fri, 12 Oct 2007 18:40:11 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#445439: fixed in open-vm-tools 2007.09.04-56574-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: open-vm-tools
Severity: serious
Justification: Policy 2.2.1

open-vm-tools serves no purpose without VMWare.  Thus, it should go in
contrib.

- Josh Triplett


--- End Message ---
--- Begin Message ---
Source: open-vm-tools
Source-Version: 2007.09.04-56574-2

We believe that the bug you reported is fixed in the latest version of
open-vm-tools, which is due to be installed in the Debian FTP archive:

open-vm-tools_2007.09.04-56574-2.diff.gz
  to pool/contrib/o/open-vm-tools/open-vm-tools_2007.09.04-56574-2.diff.gz
open-vm-tools_2007.09.04-56574-2.dsc
  to pool/contrib/o/open-vm-tools/open-vm-tools_2007.09.04-56574-2.dsc
open-vm-tools_2007.09.04-56574-2_i386.deb
  to pool/contrib/o/open-vm-tools/open-vm-tools_2007.09.04-56574-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Baumann <[EMAIL PROTECTED]> (supplier of updated open-vm-tools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Tue,  9 Oct 2007 10:05:00 +0200
Source: open-vm-tools
Binary: open-vm-tools
Architecture: source i386
Version: 2007.09.04-56574-2
Distribution: experimental
Urgency: low
Maintainer: Daniel Baumann <[EMAIL PROTECTED]>
Changed-By: Daniel Baumann <[EMAIL PROTECTED]>
Description: 
 open-vm-tools - tools and components for VMware guest systems
Closes: 445374 445439
Changes: 
 open-vm-tools (2007.09.04-56574-2) experimental; urgency=low
 .
   * Moving package to contrib (Closes: #445439).
   * Limiting architectures to amd64 and i386 (Closes: #445374).
Files: 
 4b6f0cdfcd88c576df09e283e70c5d0f 709 contrib/admin extra 
open-vm-tools_2007.09.04-56574-2.dsc
 b2ecd04620d6fc1101399ee9f676f5c6 8845 contrib/admin extra 
open-vm-tools_2007.09.04-56574-2.diff.gz
 0eefc28ccd279a0d41cbdefd42c97719 443130 contrib/admin extra 
open-vm-tools_2007.09.04-56574-2_i386.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHCzd0+C5cwEsrK54RAirzAJ4wvyZsElWUPQm0ZNchfhhTHk+8HwCfUEWa
Lum8g3YaotZ8SvZTaILj0zU=
=s2jC
-END PGP SIGNATURE-


--- End Message ---

Bug#445374: marked as done (open-vm-tools_2007.09.04-56574-1(sparc/experimental): FTBFS: configure: error: Unknown architecture.)

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Fri, 12 Oct 2007 18:40:11 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#445374: fixed in open-vm-tools 2007.09.04-56574-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: open-vm-tools
Version: 2007.09.04-56574-1
Severity: serious

Hi,

your package failed to build from source. While it is not technically a
serious bug to not build on architectures that never build successfully,
I chose this severity since it failed on _all_ buildds so far and still
claims to be Architecture: any.

| Automatic build of open-vm-tools_2007.09.04-56574-1 on odin by sbuild/sparc 
98-farm
| Build started at 20071005-1218
| **
| Checking available source versions...
| Fetching source files...
| Reading package lists...
| Building dependency tree...
| Need to get 1997kB of source archives.
| Get:1 http://sinclair.farm.ftbfs.de experimental/main open-vm-tools 
2007.09.04-56574-1 (dsc) [702B]
| Get:2 http://sinclair.farm.ftbfs.de experimental/main open-vm-tools 
2007.09.04-56574-1 (tar) [1988kB]
| Get:3 http://sinclair.farm.ftbfs.de experimental/main open-vm-tools 
2007.09.04-56574-1 (diff) [8771B]
| Fetched 1997kB in 0s (2370kB/s)
| Download complete and in download only mode
| ** Using build dependencies supplied by package:
| Build-Depends: debhelper (>= 5), autotools-dev, libgtk2.0-dev, libpam0g-dev, 
libx11-dev, libxinerama-dev, libxtst-dev
| Checking for already installed source dependencies...
[...]
| Checking correctness of source dependencies...
| Toolchain package versions: libc6-dev_2.6.1-5 gcc-4.3_ g++-4.3_ 
binutils_2.18-1 libstdc++6-4.3-dev_ libstdc++6_4.2.1-6
| --
| gpg: Signature made Sun Sep 30 20:42:39 2007 CEST using DSA key ID 4B2B2B9E
| gpg: Can't check signature: public key not found
| dpkg-source: extracting open-vm-tools in open-vm-tools-2007.09.04-56574
| dpkg-source: unpacking open-vm-tools_2007.09.04-56574.orig.tar.gz
| dpkg-source: applying 
/org/buildd/build/open-vm-tools_2007.09.04-56574-1.diff.gz
| dpkg-buildpackage: source package is open-vm-tools
| dpkg-buildpackage: source version is 2007.09.04-56574-1
| dpkg-buildpackage: host architecture sparc
| dpkg-buildpackage: source version without epoch 2007.09.04-56574-1
|  /usr/bin/fakeroot debian/rules clean
| dh_testdir
| dh_testroot
| rm -f build-stamp
| # Cleaning package
| [ ! -f Makefile ] || /usr/bin/make distclean
| rm -rf user
| cp -f /usr/share/misc/config.sub config.sub
| cp -f /usr/share/misc/config.guess config.guess
| dh_clean
|  debian/rules build
| dh_testdir
| # Configuring package
| CFLAGS="-O2" ./configure --host=sparc-linux-gnu --build=sparc-linux-gnu 
--prefix=/usr --mandir=\${prefix}/share/man
| checking build system type... sparc-unknown-linux-gnu
| checking host system type... sparc-unknown-linux-gnu
| checking build system type... (cached) sparc-unknown-linux-gnu
| configure: error: Unknown architecture.
| make: *** [config.status] Error 1
| **
| Build finished at 20071005-1220
| FAILED [dpkg-buildpackage died]

Full build log(s): 
http://experimental.ftbfs.de/build.php?&ver=2007.09.04-56574-1&pkg=open-vm-tools&arch=sparc

Gruesse,
-- 
Frank Lichtenheld <[EMAIL PROTECTED]>
www: http://www.djpig.de/


--- End Message ---
--- Begin Message ---
Source: open-vm-tools
Source-Version: 2007.09.04-56574-2

We believe that the bug you reported is fixed in the latest version of
open-vm-tools, which is due to be installed in the Debian FTP archive:

open-vm-tools_2007.09.04-56574-2.diff.gz
  to pool/contrib/o/open-vm-tools/open-vm-tools_2007.09.04-56574-2.diff.gz
open-vm-tools_2007.09.04-56574-2.dsc
  to pool/contrib/o/open-vm-tools/open-vm-tools_2007.09.04-56574-2.dsc
open-vm-tools_2007.09.04-56574-2_i386.deb
  to pool/contrib/o/open-vm-tools/open-vm-tools_2007.09.04-56574-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Baumann <[EMAIL PROTECTED]> (supplier of updated open-vm-tools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact

Processed: tagging 439494

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.8
> tags 439494 + lenny sid
Bug#439494: cvs2html: FTBFS: unmet b-dep grep-dctrl (>= 1.1)
Tags were: patch
Tags added: lenny, sid

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446346: exim4-config: incorrect condition in new configuration files causing bounced email

2007-10-12 Thread Andreas Metzler 
On 2007-10-12 Hamish Moffatt <[EMAIL PROTECTED]> wrote:
> Package: exim4-config
> Version: 4.68-1
> Severity: grave
> Justification: causes non-serious data loss

> After upgrading exim4-config to 4.68-1 this morning I'm getting a lot of
> messages bounced, with the following in the paniclog:

> 2007-10-12 20:59:41 1IgIEv-0005de-Ep failed to expand condition "${if 
> ${match_ip{$sender_host_address}{:@[]}}{1}{0}}" for real_local router: 
> condition name expected, but found "${match_ip{$send"

> This comes from the new conf.d/router/300_exim4-config_real_local:

> COND_LOCAL_SUBMITTER = "\
>${if {match_ip{$sender_host_address}{:@[]}}\
> {1}{0}\
>   }"

> I don't know in what way this is wrong but I've disabled the condition
> for now. 

> I have "deliver real-hamish" at the end of my .forward which is
> triggering this. I guess nobody else does this as nobody has reported it
> until now.
[...]

looks like there are too many curly braces, I think this should work:

> COND_LOCAL_SUBMITTER = "\
>${if match_ip{$sender_host_address}{:@[]}\
> {1}{0}\
>   }"

thanks for the report, cu andreas
-- 
[EMAIL PROTECTED]:~$ /usr/sbin/exim4 -be
> ${if {match_ip{123.45.67.78}{:@[]}}{1}{0}}
Failed: condition name expected, but found "{match_ip{123.45"
> ${if match_ip{123.45.67.78}{:@[]}{1}{0}}
0



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 439449

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.8
> tags 439449 + lenny sid
Bug#439449: xbvl: FTBFS: *** No rule to make target 
`../src_open_gl/xbvl-opengl.a', needed by `xbvl'.  Stop.
There were no tags set.
Tags added: lenny, sid

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446034: marked as done (CVE-2007-5301 buffer overflow in vorbis input plugin)

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Fri, 12 Oct 2007 17:17:04 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#446034: fixed in alsaplayer 0.99.79-3+lenny1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: alsaplayer
Severity: grave
Tags: security

Hi,
The following was released on:
http://secunia.com/advisories/27117/

| Some vulnerabilities have been reported in AlsaPlayer, which potentially can 
be
| exploited by malicious people to compromise a user's system.
| 
| The vulnerabilities are caused due to boundary errors in the vorbis input
| plug-in when processing .OGG files. These can be exploited to cause buffer
| overflows via a specially crafted .OGG file with overly long comments.
| 
| Successful exploitation may allow execution of arbitrary code.

Kind regards
Nico

-- 
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.


pgpZQJR6yyeNL.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: alsaplayer
Source-Version: 0.99.79-3+lenny1

We believe that the bug you reported is fixed in the latest version of
alsaplayer, which is due to be installed in the Debian FTP archive:

alsaplayer-alsa_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-alsa_0.99.79-3+lenny1_i386.deb
alsaplayer-common_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-common_0.99.79-3+lenny1_i386.deb
alsaplayer-daemon_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-daemon_0.99.79-3+lenny1_i386.deb
alsaplayer-esd_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-esd_0.99.79-3+lenny1_i386.deb
alsaplayer-gtk_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-gtk_0.99.79-3+lenny1_i386.deb
alsaplayer-jack_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-jack_0.99.79-3+lenny1_i386.deb
alsaplayer-nas_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-nas_0.99.79-3+lenny1_i386.deb
alsaplayer-oss_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-oss_0.99.79-3+lenny1_i386.deb
alsaplayer-text_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-text_0.99.79-3+lenny1_i386.deb
alsaplayer-xosd_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-xosd_0.99.79-3+lenny1_i386.deb
alsaplayer_0.99.79-3+lenny1.diff.gz
  to pool/main/a/alsaplayer/alsaplayer_0.99.79-3+lenny1.diff.gz
alsaplayer_0.99.79-3+lenny1.dsc
  to pool/main/a/alsaplayer/alsaplayer_0.99.79-3+lenny1.dsc
libalsaplayer-dev_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/libalsaplayer-dev_0.99.79-3+lenny1_i386.deb
libalsaplayer0_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/libalsaplayer0_0.99.79-3+lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated alsaplayer package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Fri, 12 Oct 2007 12:45:45 +0200
Source: alsaplayer
Binary: alsaplayer-daemon alsaplayer-xosd libalsaplayer-dev alsaplayer-jack 
alsaplayer-esd alsaplayer-text alsaplayer-nas alsaplayer-oss alsaplayer-alsa 
alsaplayer-gtk libalsaplayer0 alsaplayer-common
Architecture: source i386
Version: 0.99.79-3+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Hubert Chan <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description: 
 alsaplayer-alsa - PCM player designed for ALSA (ALSA output module)
 alsaplayer-common - PCM player designed for ALSA (common files)
 alsaplayer-daemon - PCM player designed for ALSA (non-interactive version)
 alsaplayer-esd - PCM player designed for ALSA (EsounD output module)
 alsaplayer-gtk - PCM player designed for ALSA (GTK version)
 alsaplayer-jack - PCM player designed for ALSA (JACK output module)
 alsaplayer-nas - PCM player designed for ALSA (NAS output module)
 alsaplayer-oss - PCM player designed for ALSA (OSS output module)
 alsaplayer-text - PCM player designed for ALSA (text version)
 alsaplayer-xosd - PCM player designed for ALSA (osd version)

Bug#446299: May be the same bug as #443905

2007-10-12 Thread Michael Koch 
Hello,


On Thu, Oct 11, 2007 at 11:56:47PM -0700, Giangiacomo Mariotti wrote:
> Here I have the same error as above.Anyway the 'eclipse' executable doesn't 
> crush and continue to live after java vm has crushed.


As said on another place, I cant reproduce this. Unfortunately this
seems to be a pretty common bug as many people seem to have it.

Can you please try strace on eclipse and look for failed system calls?


Cheers,
Michael



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446267: Missing libtic.so.5

2007-10-12 Thread Thomas Dickey 

On Fri, 12 Oct 2007, Dennis Boone wrote:


This morning's update fixed this issue for me, but just in case it helps
the next guy identify his problem...

In addition to all of the binaries which couldn't run due to the missing
library (tic, tset, clear, etc.), the "less" binary was throwing
segfaults.


It shouldn't - "less" is basically a termcap application.  So it would 
resolve against the other library/libraries (libtinfo could be separate).


--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446299: May be the same bug as #443905

2007-10-12 Thread Michael Koch 
Hello,


On Fri, Oct 12, 2007 at 02:30:59PM +0800, Hongzheng Wang wrote:

[...]

> Time to load bundles: 121
> Starting application: 8119
> !SESSION 2007-10-12 06:25:33.434 
> ---
> eclipse.buildId=M20070212-1330
> java.version=1.6.0_03
> java.vendor=Sun Microsystems Inc.
> BootLoader constants: OS=linux, ARCH=x86, WS=gtk, NL=en_US
> Command-line arguments:  -os linux -ws gtk -arch x86 -debug -consoleLog
> 
> !ENTRY org.eclipse.osgi 2 1 2007-10-12 06:25:42.605
> !MESSAGE NLS missing message: initializer_error in:
> org.eclipse.core.internal.runtime.messages
> 
> !ENTRY org.eclipse.osgi 2 1 2007-10-12 06:25:42.621
> !MESSAGE NLS missing message: fileInitializer_fileNotFound in:
> org.eclipse.core.internal.runtime.messages
> 
> !ENTRY org.eclipse.osgi 2 1 2007-10-12 06:25:42.621
> !MESSAGE NLS missing message: fileInitializer_IOError in:
> org.eclipse.core.internal.runtime.messages
> 
> !ENTRY org.eclipse.osgi 2 1 2007-10-12 06:25:42.622
> !MESSAGE NLS missing message: fileInitializer_missingFileName in:
> org.eclipse.core.internal.runtime.messages
> Application Started: 31408
> /usr/lib/bug-buddy/Eclipse: No such file or directory.

This looks very much like bug #446328.


Sorry, I have really no idea about this. Can you please run strace on
eclipse and look for failed system calls?


Cheers,
Michael



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#445928: marked as done (liblog4cpp4: 1.0 needs SONAME change for ABI change)

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Fri, 12 Oct 2007 18:54:25 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#445928: fixed in log4cpp 1.0-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: liblog4cpp4
Version: 1.0-1
Severity: serious
Justification: Policy 8.1

The 1.0 release of log4cpp removed the Category::Stream::operator<< method
that takes Category::Stream::Separator values and indeed the whole
Separator enum in favor of handling ends of lines differently.  This is a
change to the public ABI that breaks existing programs and libraries
linked with the log log4cpp and results in run-time load errors like:

/usr/lib/libsaml.so: undefined reference to 
`log4cpp::CategoryStream::operator<<(log4cpp::CategoryStream::Separator)'

The SONAME of the library needs to be bumped and the package name
changed accordingly.  See also bugs #445778 and #445757.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-4-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages liblog4cpp4 depends on:
ii  libc6 2.6.1-1+b1 GNU C Library: Shared libraries
ii  libgcc1   1:4.2.1-4  GCC support library
ii  libstdc++64.2.1-4The GNU Standard C++ Library v3

liblog4cpp4 recommends no packages.

-- no debconf information


--- End Message ---
--- Begin Message ---
Source: log4cpp
Source-Version: 1.0-2

We believe that the bug you reported is fixed in the latest version of
log4cpp, which is due to be installed in the Debian FTP archive:

liblog4cpp5-dev_1.0-2_amd64.deb
  to pool/main/l/log4cpp/liblog4cpp5-dev_1.0-2_amd64.deb
liblog4cpp5_1.0-2_amd64.deb
  to pool/main/l/log4cpp/liblog4cpp5_1.0-2_amd64.deb
log4cpp_1.0-2.diff.gz
  to pool/main/l/log4cpp/log4cpp_1.0-2.diff.gz
log4cpp_1.0-2.dsc
  to pool/main/l/log4cpp/log4cpp_1.0-2.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Fathi Boudra <[EMAIL PROTECTED]> (supplier of updated log4cpp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Wed, 10 Oct 2007 14:01:46 +0200
Source: log4cpp
Binary: liblog4cpp5-dev liblog4cpp5
Architecture: source amd64
Version: 1.0-2
Distribution: unstable
Urgency: low
Maintainer: Fathi Boudra <[EMAIL PROTECTED]>
Changed-By: Fathi Boudra <[EMAIL PROTECTED]>
Description: 
 liblog4cpp5 - C++ library for flexible logging (runtime)
 liblog4cpp5-dev - C++ library for flexible logging (development)
Closes: 445928
Changes: 
 log4cpp (1.0-2) unstable; urgency=low
 .
   * Bump SONAME. (Closes: #445928).
 The 1.0 release of log4cpp removed the Category::Stream::operator<< method
 that takes Category::Stream::Separator values and indeed the whole
 Separator enum in favor of handling ends of lines differently.
 This is a change to the public ABI that breaks existing programs and
 libraries linked with the log log4cpp and results in run-time load errors.
Files: 
 63a1d2a097847f90ffc83a51ce066e14 582 libs optional log4cpp_1.0-2.dsc
 2c24889f69bec86d078025c940dbc53f 5464 libs optional log4cpp_1.0-2.diff.gz
 65aa384d310d076b68b6ecd675295399 215368 libdevel optional 
liblog4cpp5-dev_1.0-2_amd64.deb
 02553fbbc79c6188bc8a4e218f20ec6b 128572 libs optional 
liblog4cpp5_1.0-2_amd64.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHDN4jvGr7W6HudhwRAn1aAKCIBlomdBczhODSHuhegYOqiJQuFgCfaztY
YaAupDVLpla/arpY58WqDM0=
=cv9+
-END PGP SIGNATURE-


--- End Message ---

Bug#384258: marked as done (ewiki depends on php4, I have tested and it seems to work fine under php5)

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Fri, 12 Oct 2007 11:29:28 -0300
with message-id <[EMAIL PROTECTED]>
and subject line Fixed in 1.02-6
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: ewiki
Version: 1.02-5
Severity: normal


I have use ewiki on a php5 web server without experiencing any problems.  I 
wonder if
the ewiki package could be set to not depend on exclusivly on php4 and instead 
php4 & 5?

I am guessing that you would need to update the depend to something like below?
 
Depends: apache | apache-ssl | apache-perl | apache2 | httpd, php5 | php4 | 
  libapache2-mod-php5 | libapache2-mod-php4 | libapache-mod-php5 | 
libapache-mod-php4, 
  php4-cli | php5-cli



-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-2-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

--- End Message ---
--- Begin Message ---
This bug was fixed since last upload. I didn't put the proper changelog
entry. Sorry about that. Here is the last changelog of the version which
solved the problem:

ewiki (1.02-6) unstable; urgency=low

  * debian/control
- add php5 as a depends option
- update policy version
- update debhelper version
- remove build-depends-indep, using build-depends instead
  * debian/compat
- update to 5
  * debian/rules
- fix find warnings

 -- Tiago Bortoletto Vaz <[EMAIL PROTECTED]>  Sun,  1 Apr 2007
07:29:03 -0300

-- 
Tiago Bortoletto Vaz
0xA504FECA - http://pgp.mit.edu
http://tiagovaz.org
 
 "É preciso não ter medo,
 é preciso ter a coragem de dizer."

 Rondó da Liberdade, Carlos Marighella


signature.asc
Description: Digital signature
--- End Message ---

Bug#439247: marked as done (imagej: program won't start)

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Fri, 12 Oct 2007 15:24:34 +0200 (CEST)
with message-id <[EMAIL PROTECTED]>
and subject line 
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: imagej
Version: 1.39b-1
Severity: grave
Tags: patch

I'm excited that ImageJ is finally going to be in Debian!
Unfortunately the current version of the startup script
doesn't work, making the software unusable.

The problem is on line 51 of /usr/bin/imagej.  Because
JAVACMD is not defined, running the script terminates with
this error message:

$ /usr/bin/imagej
Starting Imagej with default 128m
/usr/bin/imagej: line 51: -Dplugins.dir=/home/andrel/.imagej: No such file or
directory

The attached patch fixes the problem, and also avoids
spewing error messages about trying to re-symlink macros.
This patch does *not* change the interpreter from /bin/bash
to /bin/sh, though as far as I can tell that should work.

--Andre



  

Shape Yahoo! in your own image.  Join our Network Research Panel today!   
http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 

--- /usr/bin/imagej	2007-08-02 11:16:11.0 -0400
+++ imagej	2007-08-23 11:46:25.0 -0400
@@ -25,7 +25,7 @@
 done
 
 for p in $(ls /usr/share/imagej/macros) ; do
-  if [ ! -h $PLUGINSDIR/macro/$p ] ; then
+  if [ ! -h $PLUGINSDIR/macros/$p ] ; then
   ln -s /usr/share/imagej/macros/$p $PLUGINSDIR/macros/$p
   fi
 done
@@ -43,12 +43,7 @@
  
 # ok now run ImageJ or ...
 if [ "$JAVA_HOME" ] ; then
-   	#$JAVA_HOME/bin/java -Xmx$MEMORY''m -Dplugins.dir=$PLUGINSDIR -cp /usr/share/java/ij.jar:$JAVA_HOME/lib/tools.jar ij.ImageJ
-	#$JAVA_HOME/bin/java -Dplugins.dir=$PLUGINSDIR -cp /usr/share/java/ij.jar:$JAVA_HOME/lib/tools.jar ij.ImageJ
-	#I've modified my local copy so that the execution of JAVACMD
-	#includes a $*.  This is useful for passing extra arguments to
-	#java, especially -mx (Mike Miller)
-	$JAVACMD -Dplugins.dir=$PLUGINSDIR -cp /usr/share/java/ij.jar:$JAVA_HOME/lib/tools.jar $* ij.ImageJ
+   	$JAVA_HOME/bin/java -Xmx$MEMORY''m -Dplugins.dir=$PLUGINSDIR -cp /usr/share/java/ij.jar:$JAVA_HOME/lib/tools.jar ij.ImageJ
 else
   echo "No JVM found to run ImageJ"
   echo "Please apt-get install a JVM to run ImageJ or "
--- End Message ---
--- Begin Message ---
changed the imagej.sh script

--- End Message ---

Processed: found 439923 in 1.8.2+1-2

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.8
> found 439923 1.8.2+1-2
Bug#439923: texmacs: Segfaults on startup
Bug marked as found in version 1.8.2+1-2.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: severity of 439784 is wishlist

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.8
> # Missing manpage is not RC, it's just a should in policy
> severity 439784 wishlist
Bug#439784: No manual for ntlmaps
Severity set to `wishlist' from `serious'

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 446354

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.9
> tags 446354 + patch
Bug#446354: dhcp: stack-based buffer overflow (CVE-2007-5365)
Tags were: security
Tags added: patch

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#445582: CVE-2007-5373 issued

2007-10-12 Thread Steffen Joeris 
Hi

There has been a CVE[0] issued for this bug. Please add a line to your 
changelog file, when you close this bug by an upload and state that it fixes 
the CVE.
Thanks in advance.

Cheers
Steffen

[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5373


signature.asc
Description: This is a digitally signed message part.

Processed: Merging original bug to pbuilder and my own report

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> forcemerge 446318 446298
Bug#446318: [debuild]: advice on missing build-deps is dangerous !
Bug#446298: pbuilder-satisfydepends remove existing packages: openoffice, kde, 
etc
Forcibly Merged 446298 446318.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446346: exim4-config: incorrect condition in new configuration files causing bounced email

2007-10-12 Thread Hamish Moffatt 
Package: exim4-config
Version: 4.68-1
Severity: grave
Justification: causes non-serious data loss

After upgrading exim4-config to 4.68-1 this morning I'm getting a lot of
messages bounced, with the following in the paniclog:

2007-10-12 20:59:41 1IgIEv-0005de-Ep failed to expand condition "${if 
${match_ip{$sender_host_address}{:@[]}}{1}{0}}" for real_local router: 
condition name expected, but found "${match_ip{$send"

This comes from the new conf.d/router/300_exim4-config_real_local:

COND_LOCAL_SUBMITTER = "\
   ${if {match_ip{$sender_host_address}{:@[]}}\
{1}{0}\
}"

I don't know in what way this is wrong but I've disabled the condition
for now. 

I have "deliver real-hamish" at the end of my .forward which is
triggering this. I guess nobody else does this as nobody has reported it
until now.

Thanks
Hamish

-- Package-specific info:
Exim version 4.68 #1 built 07-Oct-2007 21:06:42
Copyright (c) University of Cambridge 2006
Berkeley DB: Berkeley DB 4.6.19: (August 10, 2007)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch 
nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'

dc_eximconfig_configtype='smarthost'
dc_other_hostnames='cloud.net.au'
dc_local_interfaces=''
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets='192.168.42.0/24'
dc_smarthost='mail.risingsoftware.com'
CFILEMODE='644'
dc_use_split_config='true'
dc_hide_mailname='false'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
mailname:cloud.net.au

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.22-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages exim4-config depends on:
ii  adduser   3.105  add and remove users and groups
ii  debconf [debconf-2.0] 1.5.14 Debian configuration management sy

exim4-config recommends no packages.

-- debconf information:
* exim4/dc_smarthost: mail.risingsoftware.com
  exim4/dc_relay_domains:
  exim4/dc_localdelivery: mbox format in /var/mail/
  exim4/exim3_upgrade: true
* exim4/dc_eximconfig_configtype: mail sent by smarthost; received via SMTP or 
fetchmail
  exim4/dc_readhost:
  exim4/exim4-config-title:
  exim4/dc_noalias_regenerate: false
* exim4/dc_relay_nets: 192.168.42.0/24
* exim4/mailname: cloud.net.au
* exim4/dc_local_interfaces:
* exim4/dc_minimaldns: false
* exim4/dc_other_hostnames: cloud.net.au
* exim4/no_config: true
* exim4/hide_mailname: false
* exim4/dc_postmaster: hamish
* exim4/use_split_config: true
  exim4/internal/exim4-config.reconfigure: false



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446341: marked as done (Security issue CVE-2006-5815, please upload the new upstream release)

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Fri, 12 Oct 2007 12:28:09 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Bug#446341: Info received (Bug#446341: Security issue 
CVE-2006-5815, please upload the new upstream release)
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: proftpd-dfsg
Version: 1.3.0-19
Severity: grave
Tags: security

Hi,

according to the proftpd home page, version 1.3.0 is affected by a
security issue with CVE id CVE-2006-5815.

Upstream released 1.3.0a to address the security hole, which is suitable
for the stable release.

For unstable, it is probably better to upload 1.3.1, released one week
ago.

Thanks,

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

-- 
Fabio Tranchitella http://www.kobold.it
Free Software Developer and Consultant http://www.tranchitella.it
_
1024D/7F961564, fpr 5465 6E69 E559 6466 BF3D 9F01 2BF8 EE2B 7F96 1564


--- End Message ---
--- Begin Message ---
Already fixed in -15

-- 
Francesco P. Lovergine

--- End Message ---

Bug#446192: CVE-2007-5300 remote denial of service

2007-10-12 Thread Nico Golde 
Hi Pierre,

* Pierre Chifflier <[EMAIL PROTECTED]> [2007-10-12 11:55]:
> On Thu, Oct 11, 2007 at 01:27:17AM +0200, Nico Golde wrote:
> > Version: 0.5.2-1.1sarge2
[...] 
> The login system has changed a lot since 0.5.2. At the first look, I
> believe the exploit will not work for 0.5.2, or not the same way.
> The real problem was caused by a memset with a wrong length, which was
> introduced on recent versions (which means etch, testing and unstable
> are impacted). Sarge version does not have this problem.

The sarge version *is* affected to the off-by-one. I fail to 
see why this is not the real problem.

Look at src/wzd_ClientThread.c in the sarge version, 
starting line 3270:

3246   char buffer[BUFFER_LEN];

3270 ret = 
(context->read_fct)(context->controlfd,buffer,BUFFER_LEN,0,HARD_XFER_TIMEOUT,context);
3271
3272 if (ret == 0) {
3273   out_err(LEVEL_FLOOD,"Connection closed or timeout (socket 
%d)\n",context->controlfd);
3274   return 1;
3275 }
3276 if (ret==-1) {
3277   out_err(LEVEL_FLOOD,"Error reading client response (socket 
%d)\n",context->controlfd);
3278   return 1;
3279 }
3280
3281 /* this replace the memset (bzero ?) some lines before */
3282 buffer[ret] = '\0';

So what you do here is exactly the same you do in current version, you read 
until BUFFER_LEN
bytes which is ok since sizeof(buffer) is BUFFER_LEN. The read function starts 
filling the buffer
from element 0 so if you read BUFFER_LEN bytes or more you wrote until 
buffer[BUFFER_LEN-1].
So far so good, the next you do is buffer[ret]='\0'. ret will be BUFFER_LEN in 
the exploit scenario
so you write at buffer[BUFFER_LEN] and this *is* your off-by-one since your 
overwrite the array bounds
here.

> The only fixable thing is a possible off-by-one in do_login_loop (patch
> attached).
> 
> I'm also working on patches for other versions as well (feel free to NMU
> if you want).
[...]
> -ret = 
> (context->read_fct)(context->controlfd,buffer,BUFFER_LEN,0,HARD_XFER_TIMEOUT,context);
> +ret = 
> (context->read_fct)(context->controlfd,buffer,BUFFER_LEN-1,0,HARD_XFER_TIMEOUT,context);

This would work but would not be a correct patch. This would be the same like 
adding one element
to your buffer size but would not solve the real problem. You don't want just 
to read BUFFER_LEN -1,
why should you, uour buffer has BUFFER_LEN elements. What you want to do is 
writing the null to
buffer[ret - 1] since thats where the last element is if you read BUFFER_LEN 
(see my patch).

Uploading my NMU with your permission now.
Kind regards
Nico
-- 
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.


pgpVa8DS3LYvl.pgp
Description: PGP signature

Bug#446341: Security issue CVE-2006-5815, please upload the new upstream release

2007-10-12 Thread Francesco P. Lovergine 
merge 446341 446339
thanks

On Fri, Oct 12, 2007 at 11:35:36AM +0200, Fabio Tranchitella wrote:
> Package: proftpd-dfsg
> Version: 1.3.0-19
> Severity: grave
> Tags: security
> 
> Hi,
> 
> according to the proftpd home page, version 1.3.0 is affected by a
> security issue with CVE id CVE-2006-5815.
> 
> Upstream released 1.3.0a to address the security hole, which is suitable
> for the stable release.
> 
> For unstable, it is probably better to upload 1.3.1, released one week
> ago.
> 
> Thanks,
> 
> -- System Information:
> Debian Release: lenny/sid
>   APT prefers unstable
>   APT policy: (500, 'unstable')
> Architecture: amd64 (x86_64)
> 

-- 
Francesco P. Lovergine



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446339: Security issue CVE-2006-5815, please upload the new upstream release

2007-10-12 Thread Francesco P. Lovergine 
On Fri, Oct 12, 2007 at 11:31:04AM +0200, Fabio Tranchitella wrote:
> Package: proftpd-dfsg
> Version: 1.3.0-19
> Severity: grave
> Tags: security
> 
> Hi,
> 
> according to the proftpd home page, version 1.3.0 is affected by a
> security issue with CVE id CVE-2006-5815.
> 
> Upstream released 1.3.0a to address the security hole, which is suitable
> for the stable release.
> 
> For unstable, it is probably better to upload 1.3.1, released one week
> ago.
> 
> Thanks,

Did you see that CVE-2006-5815 is closed since 1.3.0-15? Have you
information against that?

See http://bugs.debian.org/399070 for reference.

-- 
Francesco P. Lovergine



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 440286

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.8
> tags 440286 + lenny sid
Bug#440286: file conflicts between packages
There were no tags set.
Tags added: lenny, sid

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: notfixed 439477 in 1.4.3-1

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.8
> # We need an unversioned close, since there never was a bug in the source 
> package
> notfixed 439477 1.4.3-1
Bug#439477: ogre: FTBFS: checking for ZZIPLIB... configure: error: Package 
requirements (zziplib) were not met
Bug no longer marked as fixed in version 1.4.3-1.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 439450

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.8
> tags 439450 + lenny sid
Bug#439450: siproxd: FTBFS: error: incompatible type for argument 1 of 
'osip_list_get'
There were no tags set.
Tags added: lenny, sid

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446339: marked as done (Security issue CVE-2006-5815, please upload the new upstream release)

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Fri, 12 Oct 2007 12:04:36 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Bug#446339: Security issue CVE-2006-5815, please upload the 
new upstream release
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: proftpd-dfsg
Version: 1.3.0-19
Severity: grave
Tags: security

Hi,

according to the proftpd home page, version 1.3.0 is affected by a
security issue with CVE id CVE-2006-5815.

Upstream released 1.3.0a to address the security hole, which is suitable
for the stable release.

For unstable, it is probably better to upload 1.3.1, released one week
ago.

Thanks,

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.18-5-xen-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to it_IT.UTF-8)
Shell: /bin/sh linked to /bin/dash


--- End Message ---
--- Begin Message ---
Hi Frankie,

* 2007-10-12 12:02, Francesco P. Lovergine wrote:
> Did you see that CVE-2006-5815 is closed since 1.3.0-15? Have you
> information against that?
> 
> See http://bugs.debian.org/399070 for reference.

Uhm, I missed it somehow. :-(
Thanks for pointing it out, and sorry for the noise.

-- 
Fabio Tranchitella http://www.kobold.it
Free Software Developer and Consultant http://www.tranchitella.it
_
1024D/7F961564, fpr 5465 6E69 E559 6466 BF3D 9F01 2BF8 EE2B 7F96 1564

--- End Message ---

Bug#446343: cutter: does not work at all

2007-10-12 Thread Chris Davies 
Package: cutter
Version: 1.03-2
Severity: grave
Justification: renders package unusable

Cutter does not work as described; it always reports "No matching
connections found". Here is a repeatable example:

netstat -an | grep 'ESTABLISHED'
tcp0  0 192.168.130.5:38101 10.1.30.129:22 ESTABLISHED
tcp0  0 192.168.130.5:38819 10.1.30.129:993ESTABLISHED


cutter 192.168.130.5 38101 10.1.30.129 22
No matching connections found
cutter 192.168.130.5 38101 10.1.30.129
No matching connections found
cutter 192.168.130.5 38101
No matching connections found

cutter 10.1.30.129 22 192.168.130.5 38101
No matching connections found
cutter 10.1.30.129 22 192.168.130.5
No matching connections found
cutter 10.1.30.129 22
No matching connections found

Regards,
Chris

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (900, 'stable'), (300, 'unstable'), (50, 
'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.21-2-686 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages cutter depends on:
ii  libc6 2.6.1-1+b1 GNU C Library: Shared libraries

cutter recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#443451: marked as forwarded (balsa: Links to a GPL library and to OpenSSL)

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Fri, 12 Oct 2007 12:26:24 +0200
with message-id <[EMAIL PROTECTED]>
has caused the Debian Bug report #443451,
regarding balsa: Links to a GPL library and to OpenSSL
to be marked as having been forwarded to the upstream software
author(s) Jeffrey Stedfast <[EMAIL PROTECTED]>.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Hello Jeffrey,

I got the following request, could you have a look at it?

- Forwarded message from Loïc Minier <[EMAIL PROTECTED]> -

Date: Sat, 29 Sep 2007 22:06:45 +0200
From: Loïc Minier <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]

clone 443451 -1
severity -1 wishlist
reassign -1 gmime2.2
found -1 2.2.10-1
block 443451 with -1
stop

Hi,

 balsa links against OpenSSL and gmime2.2; it would be nice if gmime2.2
 allowed linking to OpenSSL as a special exception.

 Do you think gmime could be relicensed in such a way?

 From #443451:

On Fri, Sep 21, 2007, Thadeu Lima de Souza Cascardo wrote:
> Although balsa allows linking to OpenSSL, libgmime does not and it is
> GPL, not LGPL. So, balsa should not link to both gmime and openssl.

   Thanks,

--
Loïc Minier

- End forwarded message -

-- 
Met vriendelijke groet / with kind regards,
  Guus Sliepen <[EMAIL PROTECTED]>


signature.asc
Description: Digital signature
--- End Message ---

Bug#432182: [pkg-nvidia-devel] Bug#432182: Bug

2007-10-12 Thread Randall Donald 

On Fri, 2007-10-12 at 17:45 +0200, David Lopez Zajara (Er_Maqui) wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 3 months later and the bug still here. Now, found on 100.14.19.
> 

I'm wondering what you expect me to do about your freezes? 
Given the non-free status of the drivers I can't really fix anything.  
The policy I and other maintainers have used is to provide the latest
and most card supporting versions unless there is a huge issue that is
usually acknowledged by nvidia. The 9625 beta drivers with their problem
of not working on NV20s are an example of this.

> And, now I have broken the apt-get because nvidia-glx searches for
> nvidia-kernel 100.14.19, and my module version is 100.14.09
> (functional). If correct these fail, the system uninstall the
> Xserver-xorg package because nvidia-kernel depends on it.
> 
I don't quite understand what you are saying here. Are you wondering how
to build a kernel module? 


-- 

Randall Donald [EMAIL PROTECTED]
http://www.khensu.org[EMAIL PROTECTED]
Programmer/Debian Developer GnuPG: 6C27DEAB






-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446267: Missing libtic.so.5

2007-10-12 Thread Dennis Boone 
 > > This morning's update fixed this issue for me, but just in case it
 > > helps the next guy identify his problem...
 > >
 > > In addition to all of the binaries which couldn't run due to the
 > > missing library (tic, tset, clear, etc.), the "less" binary was
 > > throwing segfaults.

 > It shouldn't - "less" is basically a termcap application.  So it would
 > resolve against the other library/libraries (libtinfo could be
 > separate).

Nevertheless, it was broken by the same update which broke the others,
and was fixed by the same update which fixed them.  It does link
libncurses:

ldd /usr/bin/less
linux-gate.so.1 =>  (0xe000)
libncurses.so.5 => /lib/libncurses.so.5 (0x4003b000)
libc.so.6 => /lib/libc.so.6 (0x4006c000)
libdl.so.2 => /lib/libdl.so.2 (0x401b4000)
/lib/ld-linux.so.2 (0x4000)

Whether the change was effected by the libtic build options I've seen
discussed somewhere, or something else, I don't know.

De



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446192: marked as done (CVE-2007-5300 remote denial of service)

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Fri, 12 Oct 2007 10:47:05 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#446192: fixed in wzdftpd 0.8.2-2.1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: wzdftpd
Version: 0.5.2-1.1sarge2
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for wzdftpd.

CVE-2007-5300[0]:
| Off-by-one error in the do_login_loop function in
| libwzd-core/wzd_login.c in wzdftpd 0.8.2 and earlier allows remote
| attackers to cause a denial of service (daemon crash) via a long USER
| command that triggers a stack-based buffer overflow.  NOTE: some of
| these details are obtained from third party information.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5300

Kind regards
Nico

-- 
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.


pgpUEoLKHP7or.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: wzdftpd
Source-Version: 0.8.2-2.1

We believe that the bug you reported is fixed in the latest version of
wzdftpd, which is due to be installed in the Debian FTP archive:

wzdftpd-back-mysql_0.8.2-2.1_i386.deb
  to pool/main/w/wzdftpd/wzdftpd-back-mysql_0.8.2-2.1_i386.deb
wzdftpd-back-pgsql_0.8.2-2.1_i386.deb
  to pool/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.2-2.1_i386.deb
wzdftpd-dev_0.8.2-2.1_i386.deb
  to pool/main/w/wzdftpd/wzdftpd-dev_0.8.2-2.1_i386.deb
wzdftpd-mod-avahi_0.8.2-2.1_i386.deb
  to pool/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.2-2.1_i386.deb
wzdftpd-mod-perl_0.8.2-2.1_i386.deb
  to pool/main/w/wzdftpd/wzdftpd-mod-perl_0.8.2-2.1_i386.deb
wzdftpd-mod-tcl_0.8.2-2.1_i386.deb
  to pool/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.2-2.1_i386.deb
wzdftpd_0.8.2-2.1.diff.gz
  to pool/main/w/wzdftpd/wzdftpd_0.8.2-2.1.diff.gz
wzdftpd_0.8.2-2.1.dsc
  to pool/main/w/wzdftpd/wzdftpd_0.8.2-2.1.dsc
wzdftpd_0.8.2-2.1_i386.deb
  to pool/main/w/wzdftpd/wzdftpd_0.8.2-2.1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated wzdftpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Thu, 11 Oct 2007 13:03:42 +0200
Source: wzdftpd
Binary: wzdftpd-mod-perl wzdftpd-back-mysql wzdftpd-dev wzdftpd-mod-avahi 
wzdftpd-back-pgsql wzdftpd wzdftpd-mod-tcl
Architecture: source i386
Version: 0.8.2-2.1
Distribution: unstable
Urgency: high
Maintainer: Pierre Chifflier <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description: 
 wzdftpd- A portable, modular, small and efficient ftp server
 wzdftpd-back-mysql - MySQL backend for wzdftpd
 wzdftpd-back-pgsql - PostgreSQL backend for wzdftpd
 wzdftpd-dev - Development files for wzdftpd
 wzdftpd-mod-avahi - Zeroconf module for wzdftpd
 wzdftpd-mod-perl - Perl module for wzdftpd
 wzdftpd-mod-tcl - TCL module for wzdftpd
Closes: 446192
Changes: 
 wzdftpd (0.8.2-2.1) unstable; urgency=high
 .
   * Non-maintainer upload by testing security team.
   * Fix off-by-one in wzd_login.c which leads to a remote
 denial of service vulnerability (CVE-2007-5300) (Closes: #446192).
Files: 
 fd7d4842159a2a91f59df2b4eb401a6b 875 net optional wzdftpd_0.8.2-2.1.dsc
 6a6c3b76b21343ae93dcca436320c772 3792 net optional wzdftpd_0.8.2-2.1.diff.gz
 5624c3c39046c7a57483e1a17b56769d 261240 net optional wzdftpd_0.8.2-2.1_i386.deb
 e333addd7c5dcb1a8aba0b760b15c400 40342 net optional 
wzdftpd-back-mysql_0.8.2-2.1_i386.deb
 5867a01ecbdd2fb8d1eeb42527b49785 40080 net optional 
wzdftpd-back-pgsql_0.8.2-2.1_i386.deb
 b96a194a87098ac2c65fcc489058de89 31022 net optional 
wzdftpd-mod-avahi_0.8.2-2.1_i386.deb
 61b1d212c64f88d1bcf1fc6e3aa36870 35480 net optional 
wzdftpd-mod-tcl_0.8.2-2.1_i386.deb
 fec3ece519e42fe158640fc9198cdd1d 45000 net optional 
wzdftpd-mod-perl_0.8.2-2.1_i386.deb
 23667f89f444bbf3416b2ec0d05a0249 71288 libdevel optional 
wzdftpd-dev_0.8.2-2.1_i386.deb

-BEGIN PGP SIGNATURE--

Bug#439627: marked as done (imagej: Ambiguous statement in the copyright file.)

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Fri, 12 Oct 2007 15:26:00 +0200 (CEST)
with message-id <[EMAIL PROTECTED]>
and subject line 
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: imagej
Version: 1.39b-1
Severity: serious
Justification: Policy 12.5

Dear Paolo,

Many thanks for bringing ImageJ into Debian!

In your copyright file, you write:

 Copyright Holder: Wayne Rasband, [EMAIL PROTECTED], for the NIH
 
 License:
 
This package is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This strongly suggests that ImageJ is released under the GPL, however
as explained in the disclaimer you cite, it is in the public domain:

 ImageJ is being developed at the National Institutes of Health by an
 employee of the Federal Government in the course of his official duties.
 Pursuant to Title 17, Section 105 of the United States Code, this software
 is not subject to copyright protection and is in the public domain.
 ImageJ is an experimental system. NIH assumes no responsibility whatsoever
 for its use by other parties, and makes no guarantees, expressed or implied,
 about its quality, reliability, or any other characteristic.

Unless there are some files in the sources which are released under
the GPL (in the /debian directory ?), it is not necessary to keep this
extract in the copyright file. In addition, 

 Copyright Holder: Wayne Rasband, [EMAIL PROTECTED], for the NIH

could be replaced by:

 Author : Wayne Rasband, [EMAIL PROTECTED], for the NIH

Because there is on copyright holder for works in the public domain.

Have a nice day,

-- Charles Plessy, Wako, Saitama, Japan 

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: powerpc (ppc64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-powerpc64
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)

Versions of packages imagej depends on:
ii  blackdown-j2re1.3 [java2-runt 1.3.1  Java(TM) 2 RE, Standard Edition, B
ii  gij [java2-runtime]   4:4.1.1-15 The GNU Java bytecode interpreter
ii  gij-4.1 [java2-runtime]   4.1.1-20   The GNU Java bytecode interpreter
ii  ibm-j2re1.5 [java2-runtime]   1.5.0  Java(TM) 2 RE, Standard Edition, I
ii  ibm-j2sdk1.5 [java2-runtime]  1.5.0  Java(TM) 2 SDK, Standard Edition, 

imagej recommends no packages.

-- no debconf information

--- End Message ---
--- Begin Message ---
deleted the unuseful part and reformatted author address

--- End Message ---

Bug#444704: ttyrec is not redundant

2007-10-12 Thread Adam Borowski 
I would say that ttyrec is worth keeping.

First, the RC bug(s) are trivially fixable, all it takes is changing a
simple flag, a fix is in the BTS for five freaking years.

Ttyrec is used quite a bit, especially among NetHack and MUD players, so at
very least something which reads ttyrec's format should be available in the
archive.  Script's format is incompatible (but it could be changed to
read/write ttyrec files).

Functionality-wise, script has the following flaws:
* it needs two separate files for a recording (fragile and unwieldy, unfit
  for repositories you can download from)
* stderr is lost; any output to stderr from the session inside will break
  the playback as well
* playback is non-interactive

Quoting script's manpage:
 Certain interactive commands, such as vi(1), create garbage in the
 typescript file.  Script works best with commands that do not
 manipulate the screen, the results are meant to emulate a hardcopy
 terminal.
This is the opposite of ttyrec, which uses an opaque format, unusable for
reading as text but good for recording full-screen interactive sessions.

If having an upstream is so important, heck, I've written a compatible
recorder/graphical player myself; it's quite heavyweight as it focuses on
GUI and win32 support but could be easily turned into a drop-in replacement
with bells and whistles.
And there's ipbt too (not packaged for Debian), which has good playback (no
recording).

-- 
1KB // Microsoft corollary to Hanlon's razor:
//  Never attribute to stupidity what can be
//  adequately explained by malice.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#445720: The GIMP plugins for refocussing blurred images

2007-10-12 Thread Bernd Zeimetz 
Hi,

> I've a backtrace attached to this mail in case you want to look into it.

I realized that I had mixed source and destination of memmove So it
looks like the source which is supposed to be copied is empty.
Interestingly exactly that row was moved before without any problems.
Also interesting: this does not happen for all images
I could imagine that we have a problem here which results form the
number of colors in a pixel, or something else weird.

I'll dig deeper into this every other day, help is appreciated, though ;)

Cheers,

Bernd

-- 
Bernd Zeimetz
<[EMAIL PROTECTED]> 



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446267: Missing libtic.so.5

2007-10-12 Thread Dennis Boone 
This morning's update fixed this issue for me, but just in case it helps
the next guy identify his problem...

In addition to all of the binaries which couldn't run due to the missing
library (tic, tset, clear, etc.), the "less" binary was throwing
segfaults.

De



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446373: #446373: firebird1.5: CVE-2007-4992 stack based buffer overflow

2007-10-12 Thread Damyan Ivanov 
block 446373 438862
thanks

Hi, Nico,

firebird1.5 is pending removal from the archive (#438862, #438855).

Currently the only obstacle in the way is that php5 still build-depends
on firebird1.5-dev. (#433736)

I am preparing an NMU for the later, as it is pending for two weeks now
and the patch is in BTS anyway.

firebird1.5 must go away ASAP, if nothing else, to stop wasting security
team time :)
-- 
damJabberID: [EMAIL PROTECTED]


signature.asc
Description: Digital signature

Bug#432182: Bug

2007-10-12 Thread David Lopez Zajara (Er_Maqui) 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

3 months later and the bug still here. Now, found on 100.14.19.

And, now I have broken the apt-get because nvidia-glx searches for
nvidia-kernel 100.14.19, and my module version is 100.14.09
(functional). If correct these fail, the system uninstall the
Xserver-xorg package because nvidia-kernel depends on it.

Can someone revise these fail, or all nvidia mantainers are MIA?

- --


- --
[EMAIL PROTECTED]  ||  http://maqui.darkbolt.net/
Linux registered user number: #363219
PGP key avaliable at KeyServ. KeyID: 0x4233E9F2

Los hombres somos esclavos de la historia
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHD5Z9fFjA4EIz6fIRAnH6AKCC8r8vaqhUqAs0uMTXGzaZziDzOACgzCs8
6DvPepLwQq6T+qvLdnfUQoA=
=oXWw
-END PGP SIGNATURE-



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446295: marked as done (uninstallable due to file conflict between wesnoth & wesnoth-data)

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Fri, 12 Oct 2007 18:54:57 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#446295: fixed in wesnoth 1.3.9-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: wesnoth
Version: 1.3.8-1
Severity: grave
Justification: renders package unusable [not installable]

o<,

when trying to install wesnoth from experimental, here is what I got:
| Unpacking wesnoth (from wesnoth_1.3.8-1_powerpc.deb) ...
| dpkg: error processing wesnoth_1.3.8-1_powerpc.deb (--install):
|  trying to overwrite `/usr/share/pixmaps/wesnoth-icon.xpm', which is also in 
package wesnoth-data
| dpkg-deb: subprocess paste killed by signal (Broken pipe)

I also checked that this problem isn't fixed (no changelog entry about
that) in the upload waiting in NEW.

Cheers,

-- 
Cyril Brulebois


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: powerpc (ppc)

Kernel: Linux 2.6.22-1-powerpc
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages wesnoth depends on:
ii  libc6   2.6.1-2  GNU C Library: Shared libraries
ii  libfreetype62.3.5-1  FreeType 2 font engine, shared lib
ii  libfribidi0 0.10.7-4 Free Implementation of the Unicode
ii  libgcc1 1:4.2.1-5GCC support library
ii  libsdl-image1.2 1.2.6-1  image loading library for Simple D
ii  libsdl-mixer1.2 1.2.6-3  mixer library for Simple DirectMed
ii  libsdl-net1.2   1.2.7-2  network library for Simple DirectM
ii  libsdl1.2debian 1.2.11-9 Simple DirectMedia Layer
ii  libstdc++6  4.2.1-5  The GNU Standard C++ Library v3
ii  libx11-62:1.0.3-7X11 client-side library
ii  python2.4   2.4.4-6  An interactive high-level object-o
ii  wesnoth-data1.3.8-1  data files for Wesnoth
ii  zlib1g  1:1.2.3.3.dfsg-5 compression library - runtime

wesnoth recommends no packages.


--- End Message ---
--- Begin Message ---
Source: wesnoth
Source-Version: 1.3.9-2

We believe that the bug you reported is fixed in the latest version of
wesnoth, which is due to be installed in the Debian FTP archive:

wesnoth-aoi_1.3.9-2_all.deb
  to pool/main/w/wesnoth/wesnoth-aoi_1.3.9-2_all.deb
wesnoth-data_1.3.9-2_all.deb
  to pool/main/w/wesnoth/wesnoth-data_1.3.9-2_all.deb
wesnoth-did_1.3.9-2_all.deb
  to pool/main/w/wesnoth/wesnoth-did_1.3.9-2_all.deb
wesnoth-editor_1.3.9-2_powerpc.deb
  to pool/main/w/wesnoth/wesnoth-editor_1.3.9-2_powerpc.deb
wesnoth-ei_1.3.9-2_all.deb
  to pool/main/w/wesnoth/wesnoth-ei_1.3.9-2_all.deb
wesnoth-httt_1.3.9-2_all.deb
  to pool/main/w/wesnoth/wesnoth-httt_1.3.9-2_all.deb
wesnoth-l_1.3.9-2_all.deb
  to pool/main/w/wesnoth/wesnoth-l_1.3.9-2_all.deb
wesnoth-music_1.3.9-2_all.deb
  to pool/main/w/wesnoth/wesnoth-music_1.3.9-2_all.deb
wesnoth-nr_1.3.9-2_all.deb
  to pool/main/w/wesnoth/wesnoth-nr_1.3.9-2_all.deb
wesnoth-server_1.3.9-2_powerpc.deb
  to pool/main/w/wesnoth/wesnoth-server_1.3.9-2_powerpc.deb
wesnoth-sof_1.3.9-2_all.deb
  to pool/main/w/wesnoth/wesnoth-sof_1.3.9-2_all.deb
wesnoth-sotbe_1.3.9-2_all.deb
  to pool/main/w/wesnoth/wesnoth-sotbe_1.3.9-2_all.deb
wesnoth-trow_1.3.9-2_all.deb
  to pool/main/w/wesnoth/wesnoth-trow_1.3.9-2_all.deb
wesnoth-tsg_1.3.9-2_all.deb
  to pool/main/w/wesnoth/wesnoth-tsg_1.3.9-2_all.deb
wesnoth-ttb_1.3.9-2_all.deb
  to pool/main/w/wesnoth/wesnoth-ttb_1.3.9-2_all.deb
wesnoth-utbs_1.3.9-2_all.deb
  to pool/main/w/wesnoth/wesnoth-utbs_1.3.9-2_all.deb
wesnoth_1.3.9-2.diff.gz
  to pool/main/w/wesnoth/wesnoth_1.3.9-2.diff.gz
wesnoth_1.3.9-2.dsc
  to pool/main/w/wesnoth/wesnoth_1.3.9-2.dsc
wesnoth_1.3.9-2_powerpc.deb
  to pool/main/w/wesnoth/wesnoth_1.3.9-2_powerpc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gerfried Fuchs <[EMAIL PROTECTED]> (supplier of updated wesnoth package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSA

Bug#446393: kamera should Depend: on libgphoto2-2-dev for correct operation

2007-10-12 Thread Mark Purcell 
Package: kamera
Version: 4:3.5.7-4
Severity: grave

KDE-Team,

I know this is going to sound strange, but kamera should Depend: 
libgphoto2-2-dev
to function correctly.

We have the same issue with digikam. http://bugs.debian.org/416123

In the short term the fix for this is to Depend: on libgphoto2-2-dev,
in the longer term I suspect something needs to be resolved with the .la
files in libgohoto, please follow the digikam bug and upstream in bugs.kde.org

Mark


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages kamera depends on:
ii  kdelibs4c2a 4:3.5.7.dfsg.1-7 core libraries and binaries for al
ii  libc6   2.6.1-5  GNU C Library: Shared libraries
ii  libgcc1 1:4.2.2-1GCC support library
ii  libgphoto2-22.4.0-7  gphoto2 digital camera library
ii  libgphoto2-port02.4.0-7  gphoto2 digital camera port librar
ii  libstdc++6  4.2.2-1  The GNU Standard C++ Library v3

kamera recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: notfixed 439077 in 0.8.1a-5

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.8
> # We need an unversioned close, since there never was a bug in the source 
> package
> notfixed 439077 0.8.1a-5
Bug#439077: muse won't run (liblash.so.1: No such file or directory)
Bug no longer marked as fixed in version 0.8.1a-5.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#289690: M|crosoft Qff|ce Profess1ona| (Newest Version) 79$ - Save 999.95$ 0ff Retai|

2007-10-12 Thread Troy Simpson 
saleonsoftware . com



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 439492

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.8
> tags 439492 + lenny sid
Bug#439492: gfpoken: FTBFS: /usr/bin/install: cannot stat `./png/gfpoken.png': 
No such file or directory
There were no tags set.
Tags added: lenny, sid

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Re: #445609: exif: FTBFS: error: 'PACKAGE_BUGREPORT' undeclared (first use in this function)

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> reopen 445609
Bug#445609: exif: FTBFS: error: 'PACKAGE_BUGREPORT' undeclared (first use in 
this function)
'reopen' may be inappropriate when a bug has been closed with a version;
you may need to use 'found' to remove fixed versions.
Bug reopened, originator not changed.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446405: ardour: Embeds too many libs

2007-10-12 Thread Moritz Muehlenhoff 
Package: ardour
Severity: serious

Quoting from #444518:
> That made me discover the following:
> 
> | [EMAIL PROTECTED]:~/bsp2/ardour-2.1$ ls libs/
> | appleutility  ardour  clearlooks  fst  glibmm2  gtkmm2  gtkmm2ext 
> libgnomecanvasmm  libsndfile  midi++2  pbd  sigc++2
> +soundtouch surfaces
> 
> Cc'ing the appropriate list according to [1] (although I didn't check
> which parts were actually built). Also, it seems e.g. libsndfile got
> CVE(s) this month.

This needs to be fixed if these libs are all built and linked into the binary.
If that is technically impossible we can exempt ardour from security support
as outlined in #436161.

Cheers,
Moritz

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-2-686 (SMP w/1 CPU core)
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: block 446373 with 438862

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.9
> block 446373 with 438862
Bug#438862: RM: firebird1.5 -- RoM; unsupported upstream; security issues
Bug#446373: CVE-2007-4992 stack based buffer overflow
Was not blocked by any bugs.
Blocking bugs of 446373 added: 438862

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446282: marked as done (hppa wrapper needs update from gij-4.1 to gij-4.2)

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Fri, 12 Oct 2007 20:47:17 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#446282: fixed in gcj-4.2 4.2.2-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: gij-4.2
Version: 4.2.1-5
Severity: grave
Justification: renders package unusable

$ cat debian/gij-hppa
#! /bin/sh

prctl=

case "$(prctl --unaligned=)" in *signal)
echo >&2 "$(basename $0): ignore unaligned memory accesses"
prctl="prctl --unaligned=default"
esac

exec $prctl /usr/bin/gij-4.1.bin "$@"
#! /bin/sh

prctl=

case "$(prctl --unaligned=)" in *signal)
echo >&2 "$(basename $0): ignore unaligned memory accesses"
prctl="prctl --unaligned=default"
esac

exec $prctl /usr/bin/gij-4.1.bin "$@"
$

This needs s/4\.1/4.2/g, and the duplication should be fixed too, i guess.

Cheers,
Julien


--- End Message ---
--- Begin Message ---
Source: gcj-4.2
Source-Version: 4.2.2-2

We believe that the bug you reported is fixed in the latest version of
gcj-4.2, which is due to be installed in the Debian FTP archive:

gappletviewer-4.2_4.2.2-2_amd64.deb
  to pool/main/g/gcj-4.2/gappletviewer-4.2_4.2.2-2_amd64.deb
gappletviewer-4.2_4.2.2-2_hppa.deb
  to pool/main/g/gcj-4.2/gappletviewer-4.2_4.2.2-2_hppa.deb
gcj-4.2-base_4.2.2-2_amd64.deb
  to pool/main/g/gcj-4.2/gcj-4.2-base_4.2.2-2_amd64.deb
gcj-4.2-base_4.2.2-2_hppa.deb
  to pool/main/g/gcj-4.2/gcj-4.2-base_4.2.2-2_hppa.deb
gcj-4.2_4.2.2-2.diff.gz
  to pool/main/g/gcj-4.2/gcj-4.2_4.2.2-2.diff.gz
gcj-4.2_4.2.2-2.dsc
  to pool/main/g/gcj-4.2/gcj-4.2_4.2.2-2.dsc
gcj-4.2_4.2.2-2_amd64.deb
  to pool/main/g/gcj-4.2/gcj-4.2_4.2.2-2_amd64.deb
gcj-4.2_4.2.2-2_hppa.deb
  to pool/main/g/gcj-4.2/gcj-4.2_4.2.2-2_hppa.deb
gij-4.2_4.2.2-2_amd64.deb
  to pool/main/g/gcj-4.2/gij-4.2_4.2.2-2_amd64.deb
gij-4.2_4.2.2-2_hppa.deb
  to pool/main/g/gcj-4.2/gij-4.2_4.2.2-2_hppa.deb
libgcj-doc_4.2.2-2_all.deb
  to pool/main/g/gcj-4.2/libgcj-doc_4.2.2-2_all.deb
libgcj8-1-awt_4.2.2-2_amd64.deb
  to pool/main/g/gcj-4.2/libgcj8-1-awt_4.2.2-2_amd64.deb
libgcj8-1-awt_4.2.2-2_hppa.deb
  to pool/main/g/gcj-4.2/libgcj8-1-awt_4.2.2-2_hppa.deb
libgcj8-1_4.2.2-2_amd64.deb
  to pool/main/g/gcj-4.2/libgcj8-1_4.2.2-2_amd64.deb
libgcj8-1_4.2.2-2_hppa.deb
  to pool/main/g/gcj-4.2/libgcj8-1_4.2.2-2_hppa.deb
libgcj8-dbg_4.2.2-2_amd64.deb
  to pool/main/g/gcj-4.2/libgcj8-dbg_4.2.2-2_amd64.deb
libgcj8-dbg_4.2.2-2_hppa.deb
  to pool/main/g/gcj-4.2/libgcj8-dbg_4.2.2-2_hppa.deb
libgcj8-dev_4.2.2-2_amd64.deb
  to pool/main/g/gcj-4.2/libgcj8-dev_4.2.2-2_amd64.deb
libgcj8-dev_4.2.2-2_hppa.deb
  to pool/main/g/gcj-4.2/libgcj8-dev_4.2.2-2_hppa.deb
libgcj8-jar_4.2.2-2_all.deb
  to pool/main/g/gcj-4.2/libgcj8-jar_4.2.2-2_all.deb
libgcj8-src_4.2.2-2_all.deb
  to pool/main/g/gcj-4.2/libgcj8-src_4.2.2-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Klose <[EMAIL PROTECTED]> (supplier of updated gcj-4.2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Fri, 12 Oct 2007 01:48:48 +0200
Source: gcj-4.2
Binary: libgcj-doc gcjwebplugin-4.2 gappletviewer-4.2 gij-4.2 gcj-4.2 libgcj8-1 
gcj-4.2-base libgcj8-1-awt libgcj8-dev libgcj8-src libgcj8-dbg libgcj8-jar
Architecture: all amd64 hppa source 
Version: 4.2.2-2
Distribution: unstable
Urgency: low
Maintainer: Debian GCC Maintainers <[EMAIL PROTECTED]>
Changed-By: Matthias Klose <[EMAIL PROTECTED]>
Description: 
 gappletviewer-4.2 - Standalone application to execute Java (tm) applets
 gcj-4.2- The GNU compiler for Java(TM)
 gcj-4.2-base - The GNU Compiler Collection (gcj base package)
 gij-4.2- The GNU Java bytecode interpreter
 libgcj8-1  - Java runtime library for use with gcj
 libgcj8-1-awt - AWT peer runtime libraries for use with gcj
 libgcj8-dbg - Debugging symbols for libraries provided in libgcj8-dev
 libgcj8-dev - Java development headers and static library for use with gcj
 libgcj8-jar - Java runtime library for use with gcj (jar files)
 libgcj8-src - libgcj java sources for use in eclipse
Closes: 446282
Changes: 
 gcj-4.2 (4.2.2-2) unstable; urgency=low
 .
   * Upload as gcj-4.2. Closes: #446

Bug#443032: Patch to enable the pixman package

2007-10-12 Thread Synx 

I was shocked to see the wacom input driver hadn't been compiled for the
latest ABI, so I went and compiled it myself, fixed the problems that
were stopping it from compiling. pixman (whatever that is) is a
pkg-config package in the new xorg system, so anything that uses it (aka
wacom-tools) has to do the pkg-config niceties in the configuration and
makefiles.  Also if we're using it we should depend on libpixman. So
that's what this patch does. I successfully built and installed the 
packages after compiling this patch, though someone who knows more about 
pixman might be able to minimize those compiler warnings.


After applying the attached patch (-p0) you have to run aclocal, 
automake and autoconf again. I didn't want to include auto-generated 
output in my patch.
diff -Naur linuxwacom/configure.in linuxwacom/configure.in
--- linuxwacom/configure.in	2007-10-12 12:37:40.0 -0700
+++ linuxwacom/configure.in	2007-10-12 12:18:47.0 -0700
@@ -11,6 +11,8 @@
 WCM_LIBWACOMCFG_VER="0:1:0"
 AC_SUBST(WCM_LIBWACOMCFG_VER)
 
+PKG_PROG_PKG_CONFIG
+
 dnl Targets
 WCM_PROGS=""
 WCM_LIBS=""
@@ -60,6 +62,9 @@
 AC_WCM_CHECK_TCL
 AC_WCM_CHECK_TK
 
+dnl Check for pixman
+PKG_CHECK_MODULES(PIXMAN,[pixman-1])
+
 dnl Check for ncurses
 AC_WCM_CHECK_NCURSES
 
diff -Naur linuxwacom/src/xdrv/Makefile.am linuxwacom/src/xdrv/Makefile.am
--- linuxwacom/src/xdrv/Makefile.am	2007-06-05 09:53:31.0 -0700
+++ linuxwacom/src/xdrv/Makefile.am	2007-10-12 12:23:36.0 -0700
@@ -79,6 +79,7 @@
 		-DSMART_SCHEDULE -DBUILDDEBUG -DXResExtension \
 		-DX_BYTE_ORDER=X_LITTLE_ENDIAN $(XSERVER64) \
 		-DNDEBUG -DFUNCPROTO=15 \
+		 $(PIXMAN_CFLAGS) \
 		-DNARROWPROTO -DIN_MODULE -DXFree86Module $(LINUX_INPUT) \
 		-o $@ -c $(srcdir)/$(subst .o,.c,$@)

diff -Naur debian/control debian/control
--- debian/control	2007-10-12 12:37:40.0 -0700
+++ debian/control	2007-10-12 12:46:04.0 -0700
@@ -2,7 +2,7 @@
 Section: graphics
 Priority: optional
 Maintainer: Ron Lee <[EMAIL PROTECTED]>
-Build-Depends: debhelper (>= 5.0.0), po-debconf, xserver-xorg-dev, libxi-dev, libxt-dev, libncurses5-dev
+Build-Depends: debhelper (>= 5.0.0), po-debconf, xserver-xorg-dev, libxi-dev, libxt-dev, libncurses5-dev, libpixman-1-dev
 Standards-Version: 3.7.2.2
 
 Package: wacom-kernel-source
@@ -28,7 +28,7 @@
 Package: xserver-xorg-input-wacom
 Section: x11
 Architecture: any
-Depends: ${shlibs:Depends}
+Depends: ${shlibs:Depends}, libpixman-1
 Description: X.Org X server -- wacom input driver
  This package provides the driver for wacom tablet devices.
  .
diff -Naur debian/wacom.control debian/wacom.control
--- debian/wacom.control	2007-10-12 12:37:40.0 -0700
+++ debian/wacom.control	2007-10-12 12:44:34.0 -0700
@@ -2,7 +2,7 @@
 Section: graphics
 Priority: optional
 Maintainer: Ron Lee <[EMAIL PROTECTED]>
-Build-Depends: debhelper (>= 5.0.0)
+Build-Depends: libpixman-1-dev (>= 0.9.5-2) debhelper (>= 5.0.0)
 Standards-Version: 3.7.2.0
 
 Package: wacom-kernel-modules-${kpkg:Kernel-Version}

Bug#446410: samba fails in post-installation

2007-10-12 Thread Claudio Saavedra 
Package: samba
Version: 3.0.26a-1
Severity: grave
Justification: renders package unusable

Samba fails during the post-installation scripts execution. Here is the
output:

dijkstra:/home/claudio# apt-get -f install
Reading package lists... Done
Building dependency tree   
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.
1 not fully installed or removed.
Need to get 0B of archives.
After unpacking 0B of additional disk space will be used.
Setting up samba (3.0.26a-1) ...
update-rc.d: warning: /etc/rc2.d/K09samba is not a link to ../init.d/samba or 
/etc/init.d/samba
update-rc.d: warning: /etc/rc3.d/K09samba is not a link to ../init.d/samba or 
/etc/init.d/samba
invoke-rc.d: dangling symlink: /etc/rc2.d/K09samba
dpkg: error processing samba (--configure):
 subprocess post-installation script returned error exit status 102
Errors were encountered while processing:


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-1-686 (SMP w/1 CPU core)
Locale: LANG=es_CL.UTF-8, LC_CTYPE=es_CL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages samba depends on:
ii  debconf [debconf-2.0] 1.5.14 Debian configuration management sy
ii  libacl1   2.2.45-1   Access control list shared library
ii  libattr1  1:2.4.39-1 Extended attribute shared library
ii  libc6 2.6.1-5GNU C Library: Shared libraries
ii  libcomerr21.40.2-1   common error description library
ii  libcupsys21.3.2-1Common UNIX Printing System(tm) - 
ii  libgnutls13   2.0.1-1the GNU TLS library - runtime libr
ii  libkrb53  1.6.dfsg.3~beta1-1 MIT Kerberos runtime libraries
ii  libldap2  2.1.30-13.4OpenLDAP libraries
ii  libpam-modules0.99.7.1-5 Pluggable Authentication Modules f
ii  libpam-runtime0.99.7.1-5 Runtime support for the PAM librar
ii  libpam0g  0.99.7.1-5 Pluggable Authentication Modules l
ii  libpopt0  1.10-3 lib for parsing cmdline parameters
ii  logrotate 3.7.1-3Log rotation utility
ii  lsb-base  3.1-24 Linux Standard Base 3.1 init scrip
ii  procps1:3.2.7-5  /proc file system utilities
ii  samba-common  3.0.26a-1  Samba common files used by both th
ii  update-inetd  4.27-0.6   inetd.conf updater
ii  zlib1g1:1.2.3.3.dfsg-6   compression library - runtime

Versions of packages samba recommends:
pn  smbldap-tools  (no description available)

-- debconf information:
* samba/generate_smbpasswd: false
* samba/run_mode: daemons



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446410: marked as done (samba fails in post-installation)

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Fri, 12 Oct 2007 14:35:19 -0700
with message-id <[EMAIL PROTECTED]>
and subject line [Pkg-samba-maint] Bug#446410: samba fails in post-installation
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: samba
Version: 3.0.26a-1
Severity: grave
Justification: renders package unusable

Samba fails during the post-installation scripts execution. Here is the
output:

dijkstra:/home/claudio# apt-get -f install
Reading package lists... Done
Building dependency tree   
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.
1 not fully installed or removed.
Need to get 0B of archives.
After unpacking 0B of additional disk space will be used.
Setting up samba (3.0.26a-1) ...
update-rc.d: warning: /etc/rc2.d/K09samba is not a link to ../init.d/samba or 
/etc/init.d/samba
update-rc.d: warning: /etc/rc3.d/K09samba is not a link to ../init.d/samba or 
/etc/init.d/samba
invoke-rc.d: dangling symlink: /etc/rc2.d/K09samba
dpkg: error processing samba (--configure):
 subprocess post-installation script returned error exit status 102
Errors were encountered while processing:


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-1-686 (SMP w/1 CPU core)
Locale: LANG=es_CL.UTF-8, LC_CTYPE=es_CL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages samba depends on:
ii  debconf [debconf-2.0] 1.5.14 Debian configuration management sy
ii  libacl1   2.2.45-1   Access control list shared library
ii  libattr1  1:2.4.39-1 Extended attribute shared library
ii  libc6 2.6.1-5GNU C Library: Shared libraries
ii  libcomerr21.40.2-1   common error description library
ii  libcupsys21.3.2-1Common UNIX Printing System(tm) - 
ii  libgnutls13   2.0.1-1the GNU TLS library - runtime libr
ii  libkrb53  1.6.dfsg.3~beta1-1 MIT Kerberos runtime libraries
ii  libldap2  2.1.30-13.4OpenLDAP libraries
ii  libpam-modules0.99.7.1-5 Pluggable Authentication Modules f
ii  libpam-runtime0.99.7.1-5 Runtime support for the PAM librar
ii  libpam0g  0.99.7.1-5 Pluggable Authentication Modules l
ii  libpopt0  1.10-3 lib for parsing cmdline parameters
ii  logrotate 3.7.1-3Log rotation utility
ii  lsb-base  3.1-24 Linux Standard Base 3.1 init scrip
ii  procps1:3.2.7-5  /proc file system utilities
ii  samba-common  3.0.26a-1  Samba common files used by both th
ii  update-inetd  4.27-0.6   inetd.conf updater
ii  zlib1g1:1.2.3.3.dfsg-6   compression library - runtime

Versions of packages samba recommends:
pn  smbldap-tools  (no description available)

-- debconf information:
* samba/generate_smbpasswd: false
* samba/run_mode: daemons


--- End Message ---
--- Begin Message ---
On Fri, Oct 12, 2007 at 05:09:53PM -0400, Claudio Saavedra wrote:
> Package: samba
> Version: 3.0.26a-1
> Severity: grave
> Justification: renders package unusable

> Samba fails during the post-installation scripts execution. Here is the
> output:

> dijkstra:/home/claudio# apt-get -f install
> Reading package lists... Done
> Building dependency tree   
> Reading state information... Done
> 0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.
> 1 not fully installed or removed.
> Need to get 0B of archives.
> After unpacking 0B of additional disk space will be used.
> Setting up samba (3.0.26a-1) ...
> update-rc.d: warning: /etc/rc2.d/K09samba is not a link to ../init.d/samba or 
> /etc/init.d/samba
> update-rc.d: warning: /etc/rc3.d/K09samba is not a link to ../init.d/samba or 
> /etc/init.d/samba
> invoke-rc.d: dangling symlink: /etc/rc2.d/K09samba
> dpkg: error processing samba (--configure):
>  subprocess post-installation script returned error exit status 102
> Errors were encountered while processing:

This is not a bug in the samba package.  Whatever /etc/rc2.d/K09samba is on
your system, you need to fix it according to the warning.

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
[EMAIL PROTECTED]

Bug#443032: Patch to enable the pixman package

2007-10-12 Thread Julien Cristau 
On Fri, Oct 12, 2007 at 13:52:16 -0700, Synx wrote:

> I was shocked to see the wacom input driver hadn't been compiled for the
> latest ABI, so I went and compiled it myself, fixed the problems that
> were stopping it from compiling. pixman (whatever that is) is a
> pkg-config package in the new xorg system, so anything that uses it (aka
> wacom-tools) has to do the pkg-config niceties in the configuration and
> makefiles.  Also if we're using it we should depend on libpixman. So
> that's what this patch does. I successfully built and installed the 
> packages after compiling this patch, though someone who knows more about 
> pixman might be able to minimize those compiler warnings.
>
> After applying the attached patch (-p0) you have to run aclocal, automake 
> and autoconf again. I didn't want to include auto-generated output in my 
> patch.

That patch is (mostly) wrong.  wacom should indeed use pkg-config to get
the necessary cflags, but it doesn't have to care about pixman.

> diff -Naur linuxwacom/configure.in linuxwacom/configure.in
> --- linuxwacom/configure.in   2007-10-12 12:37:40.0 -0700
> +++ linuxwacom/configure.in   2007-10-12 12:18:47.0 -0700
> @@ -11,6 +11,8 @@
>  WCM_LIBWACOMCFG_VER="0:1:0"
>  AC_SUBST(WCM_LIBWACOMCFG_VER)
>  
> +PKG_PROG_PKG_CONFIG
> +
>  dnl Targets
>  WCM_PROGS=""
>  WCM_LIBS=""
> @@ -60,6 +62,9 @@
>  AC_WCM_CHECK_TCL
>  AC_WCM_CHECK_TK
>  
> +dnl Check for pixman
> +PKG_CHECK_MODULES(PIXMAN,[pixman-1])
> +

should be PKG_CHECK_MODULES(XSERVER, [xorg-server]).

>  dnl Check for ncurses
>  AC_WCM_CHECK_NCURSES
>  
> diff -Naur linuxwacom/src/xdrv/Makefile.am linuxwacom/src/xdrv/Makefile.am
> --- linuxwacom/src/xdrv/Makefile.am   2007-06-05 09:53:31.0 -0700
> +++ linuxwacom/src/xdrv/Makefile.am   2007-10-12 12:23:36.0 -0700
> @@ -79,6 +79,7 @@
>   -DSMART_SCHEDULE -DBUILDDEBUG -DXResExtension \
>   -DX_BYTE_ORDER=X_LITTLE_ENDIAN $(XSERVER64) \
>   -DNDEBUG -DFUNCPROTO=15 \
> +  $(PIXMAN_CFLAGS) \

XSERVER_CFLAGS

>   -DNARROWPROTO -DIN_MODULE -DXFree86Module $(LINUX_INPUT) \
>   -o $@ -c $(srcdir)/$(subst .o,.c,$@)
> 
> diff -Naur debian/control debian/control
> --- debian/control2007-10-12 12:37:40.0 -0700
> +++ debian/control2007-10-12 12:46:04.0 -0700
> @@ -2,7 +2,7 @@
>  Section: graphics
>  Priority: optional
>  Maintainer: Ron Lee <[EMAIL PROTECTED]>
> -Build-Depends: debhelper (>= 5.0.0), po-debconf, xserver-xorg-dev, 
> libxi-dev, libxt-dev, libncurses5-dev
> +Build-Depends: debhelper (>= 5.0.0), po-debconf, xserver-xorg-dev, 
> libxi-dev, libxt-dev, libncurses5-dev, libpixman-1-dev

no.

>  Standards-Version: 3.7.2.2
>  
>  Package: wacom-kernel-source
> @@ -28,7 +28,7 @@
>  Package: xserver-xorg-input-wacom
>  Section: x11
>  Architecture: any
> -Depends: ${shlibs:Depends}
> +Depends: ${shlibs:Depends}, libpixman-1

no.

>  Description: X.Org X server -- wacom input driver
>   This package provides the driver for wacom tablet devices.
>   .
> diff -Naur debian/wacom.control debian/wacom.control
> --- debian/wacom.control  2007-10-12 12:37:40.0 -0700
> +++ debian/wacom.control  2007-10-12 12:44:34.0 -0700
> @@ -2,7 +2,7 @@
>  Section: graphics
>  Priority: optional
>  Maintainer: Ron Lee <[EMAIL PROTECTED]>
> -Build-Depends: debhelper (>= 5.0.0)
> +Build-Depends: libpixman-1-dev (>= 0.9.5-2) debhelper (>= 5.0.0)
>  Standards-Version: 3.7.2.0
>  

I'm not sure what this file is for, but this change looks wrong too.

>  Package: wacom-kernel-modules-${kpkg:Kernel-Version}

Cheers,
Julien



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: wacombloob

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> tags 443032 +patch
Bug#443032: wacom-tools: FTBFS: /usr/include/xorg/miscstruct.h:54:20: error: 
pixman.h: No such file or directory
There were no tags set.
Tags added: patch

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446415: FTBFS on arm due to using -fstack-protector-all in CFLAGS

2007-10-12 Thread Riku Voipio 
Package: sendmail
Version: 8.14.1-10
Severity: serious
Tags: patch

Debugging the latest sendmail FTBFS on arm:

http://buildd.debian.org/fetch.cgi?pkg=sendmail;ver=8.14.1-10;arch=arm;stamp=1191538384

Turned out gcc-4.2 on arm does not work with -fstack-protector-all,
which sendmail build sets on by default. On arm/armel A simple hello
world will seggault if compiled with -fstack-protector-all, and thus
configure does not believe the compiler works.

Gcc manual puts -fstack-protector-all and -fstack-protector under the
following section:

This section includes experimental options that may produce broken code.

Thus, I think it's appropriate to exlude arm cpu from this flag.

--- sendmail-8.14.1.old/debian/rules2007-10-12 20:02:52.0 +
+++ sendmail-8.14.1/debian/rules2007-10-12 20:55:12.0 +
@@ -13,12 +13,20 @@
 # Overridden below, but needed now
 #DEB_TAR_SRCDIR := .
 #include /usr/share/cdbs/1/rules/tarball.mk
+DEB_HOST_GNU_CPU  ?= $(shell dpkg-architecture -qDEB_HOST_GNU_CPU)
+

 # Make it even harder to exploit sendmail.
 # Well, almost impossible now 8-)
 # * Compile all with -fPIC (works for pic or pie objects)
 # * Link with either -pie or -shared
+
+ifeq ($(DEB_HOST_GNU_CPU),arm)
+MY_CFLAGS := -fPIC
+else
 MY_CFLAGS := -fPIC -fstack-protector-all
+endif
+
 CFLAGS += ${MY_CFLAGS}
 export CFLAGS
 MY_LDFLAGS := -Wl,-z,noexecstack,-z,relro,-z,now -Wl,--warn-shared-textrel

-- 
"rm -rf" only sounds scary if you don't have backups



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#443032: Patch to enable the pixman package

2007-10-12 Thread Synx 

Julien Cristau wrote:

That patch is (mostly) wrong.  wacom should indeed use pkg-config to get
the necessary cflags, but it doesn't have to care about pixman.


The file linuxwacom/src/xdrv/xf86Wacom.c includes the file xf86.h, which 
is part of the xorg package. However down the chain of includes:


In file included from /usr/include/xorg/regionstr.h:53,
 from /usr/include/xorg/region.h:51,
 from /usr/include/xorg/window.h:52,
 from /usr/include/xorg/input.h:55,
 from /usr/include/xorg/xf86str.h:38,
 from /usr/include/xorg/xf86.h:45,
 from xf86Wacom.h:66,
 from xf86Wacom.c:71:
/usr/include/xorg/miscstruct.h:54:20: error: pixman.h: No such file or 
directory


So wacom does use pixman on one hand. On the other hand,

should be PKG_CHECK_MODULES(XSERVER, [xorg-server]).


You're right on there. I realize now that it's a dependancy of xorg, 
which is a dependancy of the wacom tools, but pixman is not a direct 
dependancy of wacom. Sorry for the trouble. I'll rewrite the patch then, 
no problem.



diff -Naur debian/wacom.control debian/wacom.control

I'm not sure what this file is for, but this change looks wrong too.


The change adds pixman as a build dependancy. But yeah I'm not sure what 
that file is for either. I was just being careful.


And... yeah. This new patch successfully compiles too. Without worrying 
about pixman.
diff -aur linuxwacom/configure.in linuxwacom/configure.in
--- linuxwacom/configure.in	2007-10-12 14:45:10.0 -0700
+++ linuxwacom/configure.in	2007-10-12 14:43:52.0 -0700
@@ -11,6 +11,8 @@
 WCM_LIBWACOMCFG_VER="0:1:0"
 AC_SUBST(WCM_LIBWACOMCFG_VER)
 
+PKG_PROG_PKG_CONFIG
+
 dnl Targets
 WCM_PROGS=""
 WCM_LIBS=""
@@ -60,6 +62,9 @@
 AC_WCM_CHECK_TCL
 AC_WCM_CHECK_TK
 
+dnl Check for pixman
+PKG_CHECK_MODULES(XSERVER,[xorg-server])
+
 dnl Check for ncurses
 AC_WCM_CHECK_NCURSES
 
diff -aur linuxwacom/src/xdrv/Makefile.am linuxwacom/src/xdrv/Makefile.am
--- linuxwacom/src/xdrv/Makefile.am	2007-06-05 09:53:31.0 -0700
+++ linuxwacom/src/xdrv/Makefile.am	2007-10-12 14:43:00.0 -0700
@@ -79,6 +79,7 @@
 		-DSMART_SCHEDULE -DBUILDDEBUG -DXResExtension \
 		-DX_BYTE_ORDER=X_LITTLE_ENDIAN $(XSERVER64) \
 		-DNDEBUG -DFUNCPROTO=15 \
+		 $(XSERVER_CFLAGS) \
 		-DNARROWPROTO -DIN_MODULE -DXFree86Module $(LINUX_INPUT) \
 		-o $@ -c $(srcdir)/$(subst .o,.c,$@)

Bug#446382: marked as done (LUKS setup stops working after upgrade)

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Fri, 12 Oct 2007 21:47:03 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#446382: fixed in libpam-mount 0.29-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: libpam-mount
Version: 0.29-1
Severity: serious

(The severity should probably be important, but I'm setting this to
serious because you might want to fix this bug before the package
is accepted into testing.  Feel free to downgrade it if you disagree.)

After the upgrade to 0.29-1, I couldn't login anymore.  It turned out
that there is some kind of new config file format, which my old config
(LUKS mount of my homedir) was converted to.

Unfortunately, the conversion didn't go well.  It seems the script
converted 

  volume bas crypt - /dev/mapper/emilia-bas_crypto /home/bas - - -

from pam_mount.conf to 

  

which doesn't work.  After changing it to

  

if works again, so I guess this is a bug in the conversion script.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.22.1 (PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libpam-mount depends on:
ii  libc6  2.6.1-5   GNU C Library: Shared libraries
ii  libhx101.10.1-1  A library providing queue, tree, I
ii  libpam0g   0.99.7.1-5Pluggable Authentication Modules l
ii  libssl0.9.80.9.8e-9  SSL shared libraries
ii  libxml-writer-perl 0.603-1   Perl module for writing XML docume
ii  libxml22.6.30.dfsg-2 GNOME XML library
ii  mount  2.13-8Tools for mounting and manipulatin

libpam-mount recommends no packages.

-- no debconf information


--- End Message ---
--- Begin Message ---
Source: libpam-mount
Source-Version: 0.29-2

We believe that the bug you reported is fixed in the latest version of
libpam-mount, which is due to be installed in the Debian FTP archive:

libpam-mount_0.29-2.diff.gz
  to pool/main/libp/libpam-mount/libpam-mount_0.29-2.diff.gz
libpam-mount_0.29-2.dsc
  to pool/main/libp/libpam-mount/libpam-mount_0.29-2.dsc
libpam-mount_0.29-2_i386.deb
  to pool/main/libp/libpam-mount/libpam-mount_0.29-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Kleineidam <[EMAIL PROTECTED]> (supplier of updated libpam-mount 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Fri, 12 Oct 2007 23:38:33 +0200
Source: libpam-mount
Binary: libpam-mount
Architecture: source i386
Version: 0.29-2
Distribution: unstable
Urgency: low
Maintainer: Bastian Kleineidam <[EMAIL PROTECTED]>
Changed-By: Bastian Kleineidam <[EMAIL PROTECTED]>
Description: 
 libpam-mount - PAM module that can mount volumes for a user session
Closes: 446382
Changes: 
 libpam-mount (0.29-2) unstable; urgency=low
 .
   * Fix Suggestion typo psmis -> psmisc.
   * Fixed copy-and-paste error in pam_mount.conf converter script, patch
 from SVN r380. (Closes: #446382)
Files: 
 9a331b8cb312649d615c5398cc9ff381 711 admin extra libpam-mount_0.29-2.dsc
 39f2facc063ef92ce58058725f918082 18230 admin extra libpam-mount_0.29-2.diff.gz
 5d428aaa94282a29199b5f59779becdf 83914 admin extra libpam-mount_0.29-2_i386.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHD+ndeBwlBDLsbz4RAgKwAKDSLy9W+Rpv31DRY1sZ+CaNS85TjwCeKC3n
zweAwnRKta0kMvEKj5wdJX8=
=bgqL
-END PGP SIGNATURE-


--- End Message ---

Bug#445664: marked as done (kolab-resource-handlers: a2ensite : This site does not exist!)

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Fri, 12 Oct 2007 22:02:03 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#445664: fixed in kolab-resource-handlers 2.1.0-20070510-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: kolab-resource-handlers
Version: 2.1.0-20070510-1
Severity: grave
Justification: renders package unusable


The symlink in /etc/apache2/sites-avalaible points to nothing.


minithieu:~# LANG=C apt-get --reinstall install kolab-resource-handlers
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not 
upgraded.
2 not fully installed or removed.
Need to get 0B of archives.
After unpacking 0B of additional disk space will be used.
Do you want to continue [Y/n]?
Setting up kolab-resource-handlers (2.1.0-20070510-1) ...
This site does not exist!
dpkg: error processing kolab-resource-handlers (--configure):
 subprocess post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of kolabd:
 kolabd depends on kolab-resource-handlers; however:
  Package kolab-resource-handlers is not configured yet.
dpkg: error processing kolabd (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 kolab-resource-handlers
 kolabd
E: Sub-process /usr/bin/dpkg returned an error code (1)


minithieu:~# ls -l /etc/apache2/sites-available/
total 2
-rw-r--r-- 1 root root 1182 2007-08-08 15:33 default
lrwxrwxrwx 1 root root   23 2007-09-29 16:30 kolab -> 
.../../kolab/apache.conf


--- End Message ---
--- Begin Message ---
Source: kolab-resource-handlers
Source-Version: 2.1.0-20070510-2

We believe that the bug you reported is fixed in the latest version of
kolab-resource-handlers, which is due to be installed in the Debian FTP archive:

kolab-resource-handlers_2.1.0-20070510-2.diff.gz
  to 
pool/main/k/kolab-resource-handlers/kolab-resource-handlers_2.1.0-20070510-2.diff.gz
kolab-resource-handlers_2.1.0-20070510-2.dsc
  to 
pool/main/k/kolab-resource-handlers/kolab-resource-handlers_2.1.0-20070510-2.dsc
kolab-resource-handlers_2.1.0-20070510-2_all.deb
  to 
pool/main/k/kolab-resource-handlers/kolab-resource-handlers_2.1.0-20070510-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Peter Eisentraut <[EMAIL PROTECTED]> (supplier of updated 
kolab-resource-handlers package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Fri, 12 Oct 2007 23:41:33 +0200
Source: kolab-resource-handlers
Binary: kolab-resource-handlers
Architecture: source all
Version: 2.1.0-20070510-2
Distribution: unstable
Urgency: high
Maintainer: Debian Kolab Maintainers <[EMAIL PROTECTED]>
Changed-By: Peter Eisentraut <[EMAIL PROTECTED]>
Description: 
 kolab-resource-handlers - Kolab free/busy scripts
Closes: 445664
Changes: 
 kolab-resource-handlers (2.1.0-20070510-2) unstable; urgency=high
 .
   * Readded apache.conf, which was lost in previous release
 (closes: #445664)
   * Added Homepage control field
Files: 
 7fcd791af7d98d8713e798d4b62436f4 976 misc extra 
kolab-resource-handlers_2.1.0-20070510-2.dsc
 8a786650b1389b51dc1c911bd9f690f0 5388 misc extra 
kolab-resource-handlers_2.1.0-20070510-2.diff.gz
 65c6c4c43c69b09e058fd7cf7fa4ce94 50440 misc extra 
kolab-resource-handlers_2.1.0-20070510-2_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHD+qUTTx8oVVPtMYRAomhAJ9M9Jx5icOBKBKdBSYXt3rCw5ZBtwCgxzEZ
Ss+StXXpcw0HLKDk/+8e0Rg=
=x3jC
-END PGP SIGNATURE-


--- End Message ---

Bug#444196: SIGSEGV when opening print dialog

2007-10-12 Thread Paul Dwerryhouse 

I don't know if this helps any with this problem, but I've just had
Galeon die with the following message:

Type mismatch: Expected `bool' got `int' for key /apps/galeon/Print/printon

Strangely enough, however, I wasn't trying to print at the time...

Looks like the schemas might have been altered. There was certainly a
difference between my system schema, which had printon as an int, and
the value in ~/.gconf/apps/galeon/Print/%gconf.xml, which was a bool.

However when I view /apps/galeon/Print/printon in gconf-editor, it shows
up as an int (despite the fact that I've now changed the system schema).

Cheers,

Paul

-- 
Paul Dwerryhouse| PGP Key ID: 0x6B91B584



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446432: wordtrans: build-depends on obsolete kdelibs-dev in preference to kdelibs4-dev

2007-10-12 Thread Aaron M. Ucko 
Package: wordtrans
Version: 1.1pre15-2
Severity: serious
Justification: no longer builds from source

wordtrans build-depends on the ancient kdelibs-dev package in
preference to kdelibs4-dev, confusing the autobuilders (not that
that's terribly difficult, it seems :-/).  Could you please drop the
old dependency or swap the order to favor kdelibs4-dev?

Thanks!

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.22.6 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446437: start azureus from console ,it fails

2007-10-12 Thread darren 
Package: azureus
Version: 2.5.0.4-1
Severity: grave
Justification: renders package unusable

azureus fails to start,it complains:
Exception in thread "main" java.lang.NoClassDefFoundError:
org/apache/commons/cli/CommandLine

but libcommons-cli-java has been installed.
[EMAIL PROTECTED]:~$ dpkg -l  |grep  libcommons-cli-java
ii  libcommons-cli-java  1.0-10  API
for working with the command line argume

it seems that libcommons-cli-java is not in java's classpath while run
/usr/bin/azureus.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-2-686 (SMP w/1 CPU core)
Locale: LANG=zh_CN.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages azureus depends on:
ii  gij-4.1 [java2-runtime]   4.1.2-16   The GNU Java bytecode interpreter
ii  gij-4.2 [java2-runtime]   4.2.2-1The GNU Java bytecode interpreter
ii  java-gcj-compat   1.0.76-5   Java runtime environment using GIJ
ii  libcommons-cli-java   1.0-10 API for working with the command l
ii  liblog4j1.2-java  1.2.15-1   Logging library for java
ii  libseda-java  3.0-3  the Staged Event-Driven Architectu
ii  libswt-gtk-3.2-java   3.2.2-1+b1 Standard Widget Toolkit for GTK Ja
ii  sun-java6-jre [java2-runtime] 6-03-2 Sun Java(TM) Runtime Environment (

azureus recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#280987: marked as done (mig: keep it out from testing)

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Sat, 13 Oct 2007 05:13:30 +0300
with message-id <[EMAIL PROTECTED]>
and subject line Bug#280987: mig: keep it out from testing
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: mig
Version: 1.3-3
Seveirity: serious

Hi,

mig Build-Depends on gnumach-dev but the later is not available on
testing due to 2 RC bugs, so mig will FTBFS if it gets into testing.
This bug report is to keep it out for now until gnumach is fixed.

regards,
guillem

--- End Message ---
--- Begin Message ---
Hi,

On Fri, 2004-11-12 at 23:42:51 +0100, Guillem Jover wrote:
> Package: mig
> Version: 1.3-3
> Seveirity: serious

> mig Build-Depends on gnumach-dev but the later is not available on
> testing due to 2 RC bugs, so mig will FTBFS if it gets into testing.
> This bug report is to keep it out for now until gnumach is fixed.

gnumach has been fixed for long time now, and it's useful to be able
to build gnumach from testing. So closing this bug report, and will
be coordinating with the release team to allow gnumach to move to
testing.

regards,
guillem

--- End Message ---

Processed (with 1 errors): forcemerge 446437 445635

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> Hi,
Unknown command or malformed arguments to command.

> reassign 446437 azureus
Bug#446437: start azureus from console ,it fails
Bug reassigned from package `azureus' to `azureus'.

> forcemerge 446437 445635
Bug#446437: start azureus from console ,it fails
Bug#445635: azureus can't start or crash on startup
Forcibly Merged 445635 446437.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446451: phpmyadmin: CVE-2007-5386 XSS vulnerability

2007-10-12 Thread Steffen Joeris 
Package: phpmyadmin
Severity: grave
Tags: security
Justification: user security hole


Hi

The following CVE[0] has been issued against phpmyadmin.
You can find a patch below.

CVE-2007-5386:

Cross-site scripting (XSS) vulnerability in scripts/setup.php
in phpMyAdmin 2.11.1, when accessed by a browser that does 
not URL-encode requests, allows remote attackers to inject 
arbitrary web script or HTML via the query string. NOTE: some 
of these details are obtained from third party information.

Cheers
Steffen

[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5386


diff -u phpmyadmin-2.11.1/debian/changelog phpmyadmin-2.11.1/debian/changelog
--- phpmyadmin-2.11.1/debian/changelog
+++ phpmyadmin-2.11.1/debian/changelog
@@ -1,3 +1,11 @@
+phpmyadmin (4:2.11.1-1.1) unstable; urgency=high
+
+  * Non-maintainer upload by the testing-security team
+  * Include upstream patch for XSS vulnerability in scripts/setup.php
+Fixes: CVE-2007-5386
+
+ -- Steffen Joeris <[EMAIL PROTECTED]>  Sat, 13 Oct 2007 05:12:44 +
+
 phpmyadmin (4:2.11.1-1) unstable; urgency=low

   * New upstream release.
diff -u phpmyadmin-2.11.1/debian/patches/00list 
phpmyadmin-2.11.1/debian/patches/00list
--- phpmyadmin-2.11.1/debian/patches/00list
+++ phpmyadmin-2.11.1/debian/patches/00list
@@ -3,0 +4 @@
+041-CVE-2007-5386
only in patch2:
unchanged:
--- phpmyadmin-2.11.1.orig/debian/patches/041-CVE-2007-5386.dpatch
+++ phpmyadmin-2.11.1/debian/patches/041-CVE-2007-5386.dpatch
@@ -0,0 +1,21 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix CVE-2007-5386
+
[EMAIL PROTECTED]@
+
+--- ../old/phpmyadmin-2.11.1/scripts/setup.php 2007-09-20 16:35:14.0 
+
 phpmyadmin-2.11.1/scripts/setup.php2007-10-13 05:10:49.0 
+
+@@ -1951,7 +1951,10 @@
+ if (empty($_SERVER['REQUEST_URI']) || 
empty($_SERVER['HTTP_HOST'])) {
+ $redir = '';
+ } else {
+-$redir = ' If your server is also configured to accept HTTPS 
request follow this link to use secure connection.';
++$redir = ' If your server is also configured to accept HTTPS 
request'
++  . ' follow this link to use secure connection.';
+ }
+ message('warning', 'You are not using secure connection, all data 
(including sensitive, like passwords) are transfered unencrypted!' . $redir, 
'Not secure connection');
+ }



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#432540: marked as done (checkstyle: FTBFS: Illegal class or package name '/usr/lib/kaffe/pthreads/jre/lib/glibj.zip:/usr/lib/kaffe/pthreads/lib/tools.jar')

2007-10-12 Thread Debian Bug Tracking System 
Your message dated Sat, 13 Oct 2007 05:47:03 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#432540: fixed in checkstyle 4.3+dfsg1-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: checkstyle
version: 4.1+dfsg-1
Severity: serious
User: [EMAIL PROTECTED]
Usertags: qa-ftbfs-20070708
Justification: FTBFS on i386

Hi,

During a rebuild of all packages in sid, your package failed to build on i386.

Relevant part:
 [copy] Copying 
/build/user/checkstyle-4.1+dfsg/src/checkstyle/com/puppycrawl/tools/checkstyle/checks/imports/messages_fi.properties
 to 
/build/user/checkstyle-4.1+dfsg/target/checkstyle/com/puppycrawl/tools/checkstyle/checks/imports/messages_fi.properties
 [copy] Copying 
/build/user/checkstyle-4.1+dfsg/src/checkstyle/com/puppycrawl/tools/checkstyle/checks/whitespace/messages_fi.properties
 to 
/build/user/checkstyle-4.1+dfsg/target/checkstyle/com/puppycrawl/tools/checkstyle/checks/whitespace/messages_fi.properties
 [copy] Copying 
/build/user/checkstyle-4.1+dfsg/src/checkstyle/com/puppycrawl/tools/checkstyle/checks/indentation/messages_pt.properties
 to 
/build/user/checkstyle-4.1+dfsg/target/checkstyle/com/puppycrawl/tools/checkstyle/checks/indentation/messages_pt.properties
 [copy] Copying 
/build/user/checkstyle-4.1+dfsg/src/checkstyle/com/puppycrawl/tools/checkstyle/checks/modifier/messages_pt.properties
 to 
/build/user/checkstyle-4.1+dfsg/target/checkstyle/com/puppycrawl/tools/checkstyle/checks/modifier/messages_pt.properties
 [copy] Copying 
/build/user/checkstyle-4.1+dfsg/src/checkstyle/com/puppycrawl/tools/checkstyle/checks/messages_pt.properties
 to 
/build/user/checkstyle-4.1+dfsg/target/checkstyle/com/puppycrawl/tools/checkstyle/checks/messages_pt.properties
 [copy] Copying 
/build/user/checkstyle-4.1+dfsg/src/checkstyle/com/puppycrawl/tools/checkstyle/suppressions_1_0.dtd
 to 
/build/user/checkstyle-4.1+dfsg/target/checkstyle/com/puppycrawl/tools/checkstyle/suppressions_1_0.dtd
 [copy] Copying 
/build/user/checkstyle-4.1+dfsg/src/checkstyle/com/puppycrawl/tools/checkstyle/checks/duplicates/messages_es.properties
 to 
/build/user/checkstyle-4.1+dfsg/target/checkstyle/com/puppycrawl/tools/checkstyle/checks/duplicates/messages_es.properties
 [copy] Copying 
/build/user/checkstyle-4.1+dfsg/src/checkstyle/com/puppycrawl/tools/checkstyle/messages_pt.properties
 to 
/build/user/checkstyle-4.1+dfsg/target/checkstyle/com/puppycrawl/tools/checkstyle/messages_pt.properties
 [copy] Copying 
/build/user/checkstyle-4.1+dfsg/src/checkstyle/com/puppycrawl/tools/checkstyle/checks/header/messages_es.properties
 to 
/build/user/checkstyle-4.1+dfsg/target/checkstyle/com/puppycrawl/tools/checkstyle/checks/header/messages_es.properties
 [copy] Copying 
/build/user/checkstyle-4.1+dfsg/src/checkstyle/com/puppycrawl/tools/checkstyle/checks/j2ee/messages_fr.properties
 to 
/build/user/checkstyle-4.1+dfsg/target/checkstyle/com/puppycrawl/tools/checkstyle/checks/j2ee/messages_fr.properties
 [copy] Copying 
/build/user/checkstyle-4.1+dfsg/src/checkstyle/com/puppycrawl/tools/checkstyle/checks/modifier/messages_es.properties
 to 
/build/user/checkstyle-4.1+dfsg/target/checkstyle/com/puppycrawl/tools/checkstyle/checks/modifier/messages_es.properties
 [copy] Copying 
/build/user/checkstyle-4.1+dfsg/src/checkstyle/com/puppycrawl/tools/checkstyle/checks/blocks/messages.properties
 to 
/build/user/checkstyle-4.1+dfsg/target/checkstyle/com/puppycrawl/tools/checkstyle/checks/blocks/messages.properties
 [copy] Copying 
/build/user/checkstyle-4.1+dfsg/src/checkstyle/com/puppycrawl/tools/checkstyle/checks/indentation/messages_es.properties
 to 
/build/user/checkstyle-4.1+dfsg/target/checkstyle/com/puppycrawl/tools/checkstyle/checks/indentation/messages_es.properties
 [copy] Copying 
/build/user/checkstyle-4.1+dfsg/src/checkstyle/com/puppycrawl/tools/checkstyle/checks/naming/messages_fr.properties
 to 
/build/user/checkstyle-4.1+dfsg/target/checkstyle/com/puppycrawl/tools/checkstyle/checks/naming/messages_fr.properties
 [copy] Copying 
/build/user/checkstyle-4.1+dfsg/src/checkstyle/com/puppycrawl/tools/checkstyle/checks/sizes/messages_pt.properties
 to 
/build/user/checkstyle-4.1+dfsg/target/checkstyle/com/puppycrawl/tools/checkstyle/checks/sizes/messages_pt.properties
 [copy] Copying 
/build/user/checkstyle-4.1+dfsg/src/checkstyle/com/puppycrawl/tools/checkstyle/messages.properties
 to 
/build/user/checkstyle-4.1+dfsg/target/checkstyle/com/puppycrawl/tools/checkstyl

Processed: Re: [Pkg-samba-maint] Bug#446410: samba fails in post-installation

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> severity 446410 normal
Bug#446410: samba fails in post-installation
Severity set to `normal' from `grave'

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: [patch] libwww-mechanize-perl - FTBFS: Failed test 'Got http://en.wikipedia.org/'

2007-10-12 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> tags 432485 + patch
Bug#432485: libwww-mechanize-perl - FTBFS: Failed test 'Got 
http://en.wikipedia.org/'
There were no tags set.
Tags added: patch

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#432485: [patch] libwww-mechanize-perl - FTBFS: Failed test 'Got http://en.wikipedia.org/'

2007-10-12 Thread Rene Mayorga 
tags 432485 + patch
thanks

Hi Jay,

I saw the bug report at it seens that you are working on this.
Anyway,  I've attach a patch to skip the test that requiere 
for internet access if you set a env var at debian/rules


Cheers

-- 
Rene Mauricio Mayorga   |  GPG: A209C305
http://rmayorga.org |  
--
08B6 58AB A691 DD56 C30B  8D37 8040 19FA A209 C305
diff -ruN libwww-mechanize-perl-1.30.old/debian/rules libwww-mechanize-perl-1.30/debian/rules
--- libwww-mechanize-perl-1.30.old/debian/rules	2007-10-13 00:27:35.0 -0600
+++ libwww-mechanize-perl-1.30/debian/rules	2007-10-13 00:31:55.0 -0600
@@ -30,7 +30,7 @@
 	dh_clean -k
 	dh_installdirs
 
-	$(MAKE) PREFIX=$(CURDIR)/debian/$(PACKAGE)/usr OPTIMIZE="-O2 -g -Wall" test install
+	NOINTERNET=1 $(MAKE) PREFIX=$(CURDIR)/debian/$(PACKAGE)/usr OPTIMIZE="-O2 -g -Wall" test install
 	install -d $(ETCROOT)
 	install -m 644 $(CURDIR)/etc/* $(ETCROOT)
 	-find $(CURDIR)/debian -type d | xargs rmdir -p --ignore-fail-on-non-empty
diff -ruN libwww-mechanize-perl-1.30.old/t/live/computers4sure.t libwww-mechanize-perl-1.30/t/live/computers4sure.t
--- libwww-mechanize-perl-1.30.old/t/live/computers4sure.t	2007-05-24 20:34:37.0 -0600
+++ libwww-mechanize-perl-1.30/t/live/computers4sure.t	2007-10-13 00:31:21.0 -0600
@@ -3,6 +3,9 @@
 use warnings;
 use strict;
 
+if ( $ENV{NOINTERNET} ) {
+   use Test::More skip_all => "We don't have internet here";
+}
 use Test::More skip_all => "Still need to get the error-handling on here working";
 use Test::More tests => 9;
 
@@ -38,7 +41,7 @@
 SKIP: {
 eval "use Test::Memory::Cycle";
 skip "Test::Memory::Cycle not installed", 1 if $@;
-
+   
 memory_cycle_ok( $mech, "No memory cycles found" );
 }
 
diff -ruN libwww-mechanize-perl-1.30.old/t/live/wikipedia.t libwww-mechanize-perl-1.30/t/live/wikipedia.t
--- libwww-mechanize-perl-1.30.old/t/live/wikipedia.t	2007-05-24 20:30:50.0 -0600
+++ libwww-mechanize-perl-1.30/t/live/wikipedia.t	2007-10-13 00:31:21.0 -0600
@@ -3,6 +3,9 @@
 use warnings;
 use strict;
 
+if ( $ENV{NOINTERNET} ) {
+   use Test::More skip_all => "We don't have internet here";
+}
 use constant LANGUAGES => qw( en it ja es nl pl );
 use Test::More tests => 3 + (2 * scalar LANGUAGES);
 


signature.asc
Description: Esta parte del mensaje está firmada	digitalmente

Bug#446410: [Pkg-samba-maint] Bug#446410: samba fails in post-installation

2007-10-12 Thread Christian Perrier 
severity 446410 normal
thanks


Quoting Claudio Saavedra ([EMAIL PROTECTED]):
> Package: samba
> Version: 3.0.26a-1
> Severity: grave
> Justification: renders package unusable
> 
> Samba fails during the post-installation scripts execution. Here is the
> output:
> 
> dijkstra:/home/claudio# apt-get -f install
> Reading package lists... Done
> Building dependency tree   
> Reading state information... Done
> 0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.
> 1 not fully installed or removed.
> Need to get 0B of archives.
> After unpacking 0B of additional disk space will be used.
> Setting up samba (3.0.26a-1) ...
> update-rc.d: warning: /etc/rc2.d/K09samba is not a link to ../init.d/samba or 
> /etc/init.d/samba
> update-rc.d: warning: /etc/rc3.d/K09samba is not a link to ../init.d/samba or 
> /etc/init.d/samba
> invoke-rc.d: dangling symlink: /etc/rc2.d/K09samba
> dpkg: error processing samba (--configure):
>  subprocess post-installation script returned error exit status 102
> Errors were encountered while processing:


Why were you running "apt-get -f install" ? This is usually an
indication of a previously failed apt-get run.

What are the /etc/rc2.d/K09samba pointing to? These links are not
installed by the samba default install.

I highly suspect that you installed the samba package on a not so sane
system, hence downgrading this bug reportuntil we get enough
details to decide that this is a local issue and therefore close it.

I suggest you remove those K09samba links in /etc/rc2.d and /etc/rc3.d




signature.asc
Description: Digital signature