cgiemail_1.6-15_i386.changes ACCEPTED
Accepted: cgiemail_1.6-15.diff.gz to pool/main/c/cgiemail/cgiemail_1.6-15.diff.gz cgiemail_1.6-15.dsc to pool/main/c/cgiemail/cgiemail_1.6-15.dsc cgiemail_1.6-15_i386.deb to pool/main/c/cgiemail/cgiemail_1.6-15_i386.deb Announcing to debian-devel-changes@lists.debian.org Closing bugs: 145336 160813 Thank you for your contribution to Debian.
Processed: Fix up submitter
Processing commands for [EMAIL PROTECTED]: > close 149197 Bug#149197: [EMAIL PROTECTED]: SVGALib gl_expandcharacter() with 3 bytes per pixel] Bug closed, send any further explanations to Colin Watson <[EMAIL PROTECTED]> > reopen 149197 "Peter P. Eiserloh" <[EMAIL PROTECTED]> Bug#149197: [EMAIL PROTECTED]: SVGALib gl_expandcharacter() with 3 bytes per pixel] Bug reopened, originator set to "Peter P. Eiserloh" <[EMAIL PROTECTED]>. > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Bug#145336: marked as done (cgiemail: no NAME section in man pages)
Your message dated Sat, 28 Sep 2002 07:17:11 -0400 with message-id <[EMAIL PROTECTED]> and subject line Bug#145336: fixed in cgiemail 1.6-15 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 30 Apr 2002 23:17:50 + >From [EMAIL PROTECTED] Tue Apr 30 18:17:50 2002 Return-path: <[EMAIL PROTECTED]> Received: from protactinium.btinternet.com [194.73.73.176] by master.debian.org with esmtp (Exim 3.12 1 (Debian)) id 172gsY-0002Aa-00; Tue, 30 Apr 2002 18:17:50 -0500 Received: from host217-39-16-172.in-addr.btopenworld.com ([217.39.16.172] helo=arborlon.lab.dotat.at) by protactinium.btinternet.com with esmtp (Exim 3.22 #8) id 172gsX-T0-00; Wed, 01 May 2002 00:17:49 +0100 Received: from cjwatson by arborlon.lab.dotat.at with local (Exim 3.35 #1 (Debian)) id 172gsY-0006Ib-00; Wed, 01 May 2002 00:17:50 +0100 Date: Wed, 1 May 2002 00:17:50 +0100 From: Colin Watson <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: cgiemail: no NAME section in man pages Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.28i X-Reportbug-Version: 1.99.10 Sender: Colin Watson <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] Package: cgiemail Version: 1.6-14 Severity: normal None of cgiemail's man pages have NAME sections, so man-db can't parse them for whatis information. See lexgrog(1) for documentation of the correct format. Thanks, -- Colin Watson [EMAIL PROTECTED] --- Received: (at 145336-close) by bugs.debian.org; 28 Sep 2002 11:23:06 + >From [EMAIL PROTECTED] Sat Sep 28 06:23:06 2002 Return-path: <[EMAIL PROTECTED]> Received: from auric.debian.org [206.246.226.45] (mail) by master.debian.org with esmtp (Exim 3.12 1 (Debian)) id 17vFgg-0005pT-00; Sat, 28 Sep 2002 06:23:06 -0500 Received: from katie by auric.debian.org with local (Exim 3.35 1 (Debian)) id 17vFax-0002Yp-00; Sat, 28 Sep 2002 07:17:11 -0400 From: Colin Watson <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.26 $ Subject: Bug#145336: fixed in cgiemail 1.6-15 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Sat, 28 Sep 2002 07:17:11 -0400 Delivered-To: [EMAIL PROTECTED] We believe that the bug you reported is fixed in the latest version of cgiemail, which is due to be installed in the Debian FTP archive: cgiemail_1.6-15.diff.gz to pool/main/c/cgiemail/cgiemail_1.6-15.diff.gz cgiemail_1.6-15.dsc to pool/main/c/cgiemail/cgiemail_1.6-15.dsc cgiemail_1.6-15_i386.deb to pool/main/c/cgiemail/cgiemail_1.6-15_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Colin Watson <[EMAIL PROTECTED]> (supplier of updated cgiemail package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Sat, 28 Sep 2002 12:03:42 +0100 Source: cgiemail Binary: cgiemail Architecture: source i386 Version: 1.6-15 Distribution: unstable Urgency: low Maintainer: Debian QA Group <[EMAIL PROTECTED]> Changed-By: Colin Watson <[EMAIL PROTECTED]> Description: cgiemail - CGI Form-to-Mail converter Closes: 145336 160813 Changes: cgiemail (1.6-15) unstable; urgency=low . * QA upload. * Null-terminate templatedir, and make sure it really does get checked (closes: #160813). * Add NAME section to man pages (closes: #145336). * Policy version 3.5.7: - Drop DEB_BUILD_OPTIONS=debug support, so we always build with -g; support DEB_BUILD_OPTIONS=noopt. Files: 15cb75324c24380a4dc2deb4dba094a0 627 web optional cgiemail_1.6-15.dsc e1e9a2508fb067feca3e2de91cbf5288 13233 web optional cgiemail_1.6-15.diff.gz ef3849753a70d39be60b3b82b7acb880 31714 web optional cgiemail_1.6-15_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: Colin Watson <[EMAIL PROTECTED]> -- Debian developer iD8DBQE9lY6f9t0zAhD6TNERAjKkAJ9w4R8b8I5KwKm6okgA+i3HM+z
Bug#160813: marked as done (cgiemail:/etc/cgiemail.conf is not consulted)
Your message dated Sat, 28 Sep 2002 07:17:11 -0400 with message-id <[EMAIL PROTECTED]> and subject line Bug#160813: fixed in cgiemail 1.6-15 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 13 Sep 2002 22:16:59 + >From [EMAIL PROTECTED] Fri Sep 13 17:16:59 2002 Return-path: <[EMAIL PROTECTED]> Received: from sisko.nodomain.org (mail.nodomain.org) [213.208.99.114] by master.debian.org with esmtp (Exim 3.12 1 (Debian)) id 17pykF-0003Tc-00; Fri, 13 Sep 2002 17:16:59 -0500 Received: from localhost (localhost [127.0.0.1]) by mail.nodomain.org (Postfix) with ESMTP id 26136E1052; Fri, 13 Sep 2002 23:16:46 +0100 (BST) Received: by mail.nodomain.org (Postfix, from userid 1000) id 39931E1036; Fri, 13 Sep 2002 23:16:45 +0100 (BST) Content-Type: text/plain; charset="ANSI_X3.4-1968" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Tony Hoyle" <[EMAIL PROTECTED]> To: "Debian Bug Tracking System" <[EMAIL PROTECTED]> Subject: =?ansi_x3.4-1968?q?cgiemail:?= =?ansi_x3.4-1968?q?/etc/cgiemail.conf?= is not consulted X-Mailer: reportbug 1.99.54 Date: Fri, 13 Sep 2002 23:16:45 +0100 Message-Id: <[EMAIL PROTECTED]> X-Virus-Scanned: by AMaViS new-20020517 X-Razor-id: ceaac65496d5fd68a258cbb01d3da6b812437620 X-Spam-Status: No, hits=0.4 tests=SUPERLONG_LINE Delivered-To: [EMAIL PROTECTED] Package: cgiemail Version: 1.6-14 Severity: important Tags: security Contrary to instructions given during installation, /etc/cgiemail.conf is not being consulted. I installed with a default of /var/www/templates, and this was duly put in the configuration file. I noticed that the existing template files which were *not* within /var/www/templates did not stop working. To test this I changed the /etc/cgiemail.conf to templatedir="/home/tmh", and observed that the template files in the webspace were still honoured - meaning the templatedir option is non-functional in this release. Moreover, trying to open /cgi-bin/cgiemail/cgi-bin/cgiemail proved that it was attempting to read files in the cgi-bin directory - exactly the vulnerablility that the templatedir parameter is supposed to stop. Just to test, I deleted /etc/cgiemail.conf, and cgiemail refused to run, so I'm definately running the correct binary (this machine didn't previously have cgiemail installed). -- System Information: Debian Release: testing/unstable Architecture: i386 Kernel: Linux sisko 2.4.19-rc3-ac3 #1 Sun Aug 4 14:38:02 BST 2002 i686 Locale: LANG=C, LC_CTYPE=C Versions of packages cgiemail depends on: ii debconf 1.1.32 Debian configuration management sy ii libc6 2.2.5-14.1 GNU C Library: Shared libraries an -- debconf information excluded --- Received: (at 160813-close) by bugs.debian.org; 28 Sep 2002 11:24:12 + >From [EMAIL PROTECTED] Sat Sep 28 06:24:12 2002 Return-path: <[EMAIL PROTECTED]> Received: from auric.debian.org [206.246.226.45] (mail) by master.debian.org with esmtp (Exim 3.12 1 (Debian)) id 17vFhk-0005t8-00; Sat, 28 Sep 2002 06:24:12 -0500 Received: from katie by auric.debian.org with local (Exim 3.35 1 (Debian)) id 17vFax-0002Yr-00; Sat, 28 Sep 2002 07:17:11 -0400 From: Colin Watson <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.26 $ Subject: Bug#160813: fixed in cgiemail 1.6-15 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Sat, 28 Sep 2002 07:17:11 -0400 Delivered-To: [EMAIL PROTECTED] We believe that the bug you reported is fixed in the latest version of cgiemail, which is due to be installed in the Debian FTP archive: cgiemail_1.6-15.diff.gz to pool/main/c/cgiemail/cgiemail_1.6-15.diff.gz cgiemail_1.6-15.dsc to pool/main/c/cgiemail/cgiemail_1.6-15.dsc cgiemail_1.6-15_i386.deb to pool/main/c/cgiemail/cgiemail_1.6-15_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Colin Watson <[EMAIL PROTECTED]> (supplier of updated cgiemail package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMA
Bug#160813: marked as done (=?ansi_x3.4-1968?q?cgiemail:?= =?ansi_x3.4-1968?q?/etc/cgiemail.conf?= is not consulted)
On Sat, Sep 28, 2002 at 06:33:18AM -0500, Debian Bug Tracking System wrote:
> cgiemail (1.6-15) unstable; urgency=low
> .
>* QA upload.
>* Null-terminate templatedir, and make sure it really does get checked
> (closes: #160813).
Sorry, this should have been urgency=high.
I think a stable-security upload will be needed as well. Here's the
relevant part of the diff I used:
--- cgiemail-1.6.orig/cgilib.c
+++ cgiemail-1.6/cgilib.c
@@ -489,6 +489,7 @@
if (endquotes)
{
strncpy(templatedir, inquotes, endquotes - inquotes);
+ templatedir[endquotes - inquotes] = 0;
return(0);
}
}
@@ -525,7 +526,7 @@
if (cgi_read_configuration(formp, templatedir, CGI_VARNAME_MAX - 1))
return(1);
- if ((!templatedir) &&
+ if ((!templatedir) ||
strncmp(templatefile, templatedir, strlen(templatedir)) ||
strstr(templatefile, "/../"))
{
However, on reflection I'm not sure if this fix is optimal. Thomas, was
the !templatedir test supposed to deal with /etc/cgiemail.conf being
missing? If so then perhaps this should be more like 'if
((!*templatedir) || ...)', and *templatedir will need to be initialized
to 0 before calling cgi_read_configuration().
--
Colin Watson [EMAIL PROTECTED]
Bug#135445: kinkatta: Please add more information to the extended description
Hey there! Christian Kurz <[EMAIL PROTECTED] and I discussed about that feature list. We dropped: o Support for smiles o "/me"-Support (like in IRC) o Auto away. Away-Message-Template supports %n, %d and %t We think that these features can't persuade a user of kinkatta. These are just extra features and aren't very important to us. o Fully configurable sound If we would list this, we have to do the same with "Text Window", "Network", "Messages", ... (there may be much configured). So we should write "Fully configurable AIM Client" instead. We added: o Fully configurable AIM Client see above: "Fully configurable sound" We changed: o Support for printing from the chat window to "Direct printing from the chat window" because it may be missunderstood: Something will be sent to printer, not printed out to screen. Here is the complete control entry: Description: Fully configurable AOL Instant Messenger client for KDE Kinkatta is a fully configurable AOL Instant Messenger client for KDE. Here is a small list of its features: . o Fully configurable AIM Client o Support for printing from the chat window o Full Logging Support o Auto URL tagging o Flashing toolbar icon on new message(s) o Supports AOL Chatrooms o Supports user groups (eg. friends, school, ...) o Displays idle-time/last-on-time in main window o Permit/Deny options for users o Supports import/export of buddy lists o Passwords are not saved as plain text regards, Dennis -- GUI? Das sind 10 xterms und ein Hintergrundbild! GPG/PGP available at http://satanII.enemy.org/~seppy/gpg.asc
Bug#160813: marked as done (cgiemail:/etc/cgiemail.conf is not consulted)
Colin Watson <[EMAIL PROTECTED]> writes: > On Sat, Sep 28, 2002 at 06:33:18AM -0500, Debian Bug Tracking System wrote: > > cgiemail (1.6-15) unstable; urgency=low > > . > >* QA upload. > >* Null-terminate templatedir, and make sure it really does get checked > > (closes: #160813). > > Sorry, this should have been urgency=high. > > I think a stable-security upload will be needed as well. Here's the > relevant part of the diff I used: [...] While you're at it, please make sure cgiemail doesn't accept templates when there is no /etc/cgiemail.conf. As it is, the vulnerability is still open between unpacking and configuration. Also, I think cgiemail.pod lacks the structure and the style of a man page, and makes us look really lazy. :-) Bug#6302, the reason it was written, was submitted back when the binaries were in /usr/bin; since the user doesn't invoke them directly, we can do without it. BTW, the postrm should remove /etc/cgiemail.conf. Thanks, Matej
Bug#113445: marked as done (elm-me+: frm would be useful as a standalone utility)
Your message dated 28 Sep 2002 23:39:50 +0200 with message-id <[EMAIL PROTECTED]> and subject line elm-me+: fmt would be useful as a standalone utility has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 25 Sep 2001 07:03:29 + >From [EMAIL PROTECTED] Tue Sep 25 02:03:29 2001 Return-path: <[EMAIL PROTECTED]> Received: from away.lingsoft.fi [193.65.124.96] by master.debian.org with esmtp (Exim 3.12 1 (Debian)) id 15lmFb-0004Ls-00; Tue, 25 Sep 2001 02:03:28 -0500 Received: (from [EMAIL PROTECTED]) by away.lingsoft.fi (8.11.1/8.11.1/Debian 8.11.0-6) id f8P73iS14693; Tue, 25 Sep 2001 10:03:44 +0300 Date: Tue, 25 Sep 2001 10:03:44 +0300 Message-Id: <[EMAIL PROTECTED]> From: era eriksson <[EMAIL PROTECTED]> Subject: elm-me+: fmt would be useful as a standalone utility To: [EMAIL PROTECTED] X-Mailer: bug 3.2.9 Delivered-To: [EMAIL PROTECTED] Package: elm-me+ Version: N/A Severity: wishlist I like the frm(1) program which comes with Elm, but I don't wish to install the whole Elm package for a single small utility. Would you consider moving the non-Elm-specific utilities into their own separate package? Most of the following I think could benefit from being made available to a broader audience. usr/bin/answer mail/elm-me+ usr/bin/checkalias mail/elm-me+ usr/bin/fastmailmail/elm-me+ usr/bin/frm mail/elm-me+ usr/bin/listalias mail/elm-me+ usr/bin/messagesmail/elm-me+ usr/bin/newaliasmail/elm-me+ usr/bin/newmail mail/elm-me+ usr/bin/nfrmmail/elm-me+ usr/bin/printmail mail/elm-me+ usr/bin/readmsg mail/elm-me+ usr/bin/wnewmailmail/elm-me+ (Not intimately familiar with many of these -- no doubt some of them will only work with Elm aliases or something.) Meanwhile, I'm sure I can cook up a simple shell function with formail(1) for my own needs, so this is definitely a wishlist-level report. -- System Information Debian Release: 2.0 Kernel Version: Linux away 2.0.34 #1 Sun Feb 28 21:48:09 EET 1999 i586 unknown --- Received: (at 113445-done) by bugs.debian.org; 28 Sep 2002 22:20:44 + >From [EMAIL PROTECTED] Sat Sep 28 17:20:43 2002 Return-path: <[EMAIL PROTECTED]> Received: from jagor.srce.hr [161.53.2.130] (root) by master.debian.org with esmtp (Exim 3.12 1 (Debian)) id 17vPx5-0006EL-00; Sat, 28 Sep 2002 17:20:43 -0500 Received: from fuzz.uucp ([EMAIL PROTECTED] [193.198.130.73]) by jagor.srce.hr (8.12.2/8.12.2) with ESMTP id g8SMJgZH023263 for <[EMAIL PROTECTED]>; Sun, 29 Sep 2002 00:19:43 +0200 (MEST) Received: from mvela by fuzz.uucp with local (Exim 3.36 #1 (Debian)) id 17vPJW-91-00 for <[EMAIL PROTECTED]>; Sat, 28 Sep 2002 23:39:50 +0200 From: Matej Vela <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: elm-me+: fmt would be useful as a standalone utility References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Date: 28 Sep 2002 23:39:50 +0200 In-Reply-To: <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Lines: 14 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: Matej Vela <[EMAIL PROTECTED]> X-Virus-Scanned: by amavisd-milter (http://amavis.org/) Delivered-To: [EMAIL PROTECTED] era eriksson <[EMAIL PROTECTED]> writes: > On Wed, 25 Sep 2002 11:42:40 +0200, Matej Vela <[EMAIL PROTECTED]> wrote: > > Have you tried mailutils? I think it's exactly what you want. > > Thanks for the pointer. Yes, it seems to provide frm(1) as well as > some other useful utilities. Maybe this bug could be closed. Agreed. The thing is, elm-me+ utilities use a common library which is more than twice the size of mailutils. Thanks, Matej
