Bug#334743: fixed

2006-03-26 Thread Debian Archive Maintenance 
We believe that the bug you reported is now fixed; the following
package(s) have been removed from unstable:

goldedplus | 1.1.4.7+1.1.5.20051016-3 | source, alpha, amd64, arm, hppa, i386, 
ia64, m68k, mips, mipsel, powerpc, s390, sparc

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive (ftp-master.debian.org) and will not propagate to any
mirrors (ftp.debian.org included) until the next cron.daily run at the
earliest.

Packages are never removed from testing by hand.  Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems.

Bugs which have been reported against this package are not automatically
removed from the Bug Tracking System.  Please check all open bugs and
close them or re-assign them to another package if the removed package
was superseded by another one.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED]

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[EMAIL PROTECTED]

Debian distribution maintenance software
pp.
Joerg Jaspert (the ftpmaster behind the curtain)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#358501: marked as done (unsafe temp file creation (CAN-2004-2265))

2006-03-26 Thread Debian Bug Tracking System 
Your message dated Sun, 26 Mar 2006 16:22:35 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Removed
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: uudeview
Version: 0.5.20-2
Severity: serious
Tags: security

CAN-2004-2265 is a security hole in uudeview, although you won't find
much useful info in the advisories associated with that CAN.

After downloading OpenPKG's fix from
tp://ftp.openpkg.org/release/2.0/UPD/uudeview-0.5.19-2.0.1.src.rpm ,
I was able to verify the problem:

  if ((stdfile = tempnam (NULL, "uu")) == NULL) {
fprintf (stderr, "proc_stdin: cannot get temporary file\n");
return 0;
  }

  if ((target = fopen (stdfile, "wb")) == NULL) {
fprintf (stderr, "proc_stdin: cannot open temp file %s for writing: %s\n",
 stdfile, strerror (errno));
_FP_free (stdfile);
return 0;
  }

This is a race, exploitable when uudeview is run on standard input.
I'm attaching OpenPKG's entire patch for uudeview 0.5.19, since you might
find unrelated changes also of interest. The relevent fixes for this hole
are change changes involving tempnam and _FP_tempnam.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages uudeview depends on:
ii  libc6   2.3.2.ds1-22 GNU C Library: Shared libraries an

uudeview recommends no packages.

-- no debconf information

-- 
see shy jo
Patch to defeat uudeview "UNKNOWN" filenames.
Problem introduced with 0.5.19
Problem remains in 0.5.20

Index: uuscan.c
--- uulib/uuscan.c.orig 2004-03-12 11:47:13.0 +0100
+++ uulib/uuscan.c  2004-03-12 13:37:54.0 +0100
@@ -1604,20 +1604,23 @@
 }
 
 /* skip empty lines */
-prevpos = ftell (datei);
+{
+long localprevpos;
+localprevpos = ftell (datei);
 if (IsLineEmpty (line)) {
   while (!feof (datei)) {
if (_FP_fgets (line, 255, datei) == NULL)
  break;
if (UUBUSYPOLL(ftell(datei),progress.fsize)) SPCANCEL();
if (!IsLineEmpty (line)) {
- fseek (datei, prevpos, SEEK_SET);
+ fseek (datei, localprevpos, SEEK_SET);
  line[255] = '\0';
  break;
}
-   prevpos = ftell (datei);
+   localprevpos = ftell (datei);
   }
 }
+}
 
 /*
  * If we don't have all valid MIME headers yet, but the following

mkstemp security enhancement. Similar to
FreeBSD http://www.freebsd.org/cgi/query-pr.cgi?pr=41508
SuSE uudeview-0.5.18-244.src.rpm

--- unix/uudeview.c
+++ unix/uudeview.c
@@ -434,7 +434,7 @@
 return 0;
   }
 
-  if ((stdfile = tempnam (NULL, "uu")) == NULL) {
+  if ((stdfile = _FP_tempnam (NULL, "uu")) == NULL) {
 fprintf (stderr, "proc_stdin: cannot get temporary file\n");
 return 0;
   }

--- uulib/fptools.c
+++ uulib/fptools.c
@@ -507,5 +507,15 @@
 char * TOOLEXPORT
 _FP_tempnam (char *dir, char *pfx)
 {
-  return _FP_strdup (tmpnam (NULL));
+  int fd;
+  char fileName[100];
+
+  strncpy(fileName, pfx, 90);
+  strcat(fileName, "XX");
+  fd = mkstemp(fileName);
+  if (fd == -1)
+   return NULL;
+  close(fd);
+  unlink(fileName);
+  return _FP_strdup (fileName);
 }

--- uulib/uunconc.c
+++ uulib/uunconc.c
@@ -1264,7 +1264,7 @@
   else
 mode = "wb";   /* otherwise in binary  */
 
-  if ((data->binfile = tempnam (NULL, "uu")) == NULL) {
+  if ((data->binfile = _FP_tempnam (NULL, "uu")) == NULL) {
 UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
   uustring (S_NO_TEMP_NAME));
 return UURET_NOMEM;
@@ -1426,7 +1426,7 @@
*/
 
   if (data->uudet == BH_ENCODED && data->binfile) {
-if ((ntmp = tempnam (NULL, "uu")) == NULL) {
+if ((ntmp = _FP_tempnam (NULL, "uu")) == NULL) {
   UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
 uustring (S_NO_TEMP_NAME));
   progress.action = 0;

http://www.fpx.de/fp/Software/UUDeview/HISTORY.txt
0.5.20 (01.03.2004)

- fix bug in parsing of header lines [uuscan.c@@155]
- fix fgets to accept lines that are exactly of the maximum length 
[uunconc.c, uuscan.c]
- fix two buffer overflows [uuscan.c@@391, fptools.c]

diff --unified=3 uudeview-0.5.19/uulib/fptools.c uudeview-0.5.20/uulib/fptools.c
--- uulib/fptools.c 1.7 2003-04-13 17:41:55.0 +0200
+++ uulib/fptools.c 1.8 2004-02-24 01:05:32.00

Bug#356177: related tcl.m4 FTBFS bugs

2006-03-26 Thread Justin Pryzby 
These bugs are all related, caused by buggy tcl.m4.  I'm sending this
message so the maintainers can borrow fixes from eachother, rather
than doing strange things like patching the generated configure
scripts (don't do this, it is an important bug, see policy 4.3). 

#356177 includes a patch (which seems to be backwards) but this is a
minimal fix to tcl.m4.

Justin


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#359142: fv: /usr/bin/POWplot requires setting an environment variable

2006-03-26 Thread Justin Pryzby 
Package: fv
Version: 3.0-13
Severity: important

$ POWplot 
/usr/bin/POWplot: line 14: /bin/wish: No such file or directory

FTOOLS should default to /usr, (or the script should just not use that
variable at all).


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

fv upload?

2006-03-26 Thread Justin Pryzby 
Did you try to upload fv a couple days ago?  The most recent PTS news
is:

  [2005-11-24] Accepted 3.0-13 in unstable (low) (Matej Vela)

which is obviously wrong since it is in testing, but oh well.

But I got a there was a failed gpg check/missing .changes file
message, which didn't have a name on it...


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#345100: someone should make a pornview upload

2006-03-26 Thread Justin Pryzby 
Since pornview seems to be completely broken (doesn't even start up),
I think someone should upload it with --disable-xine.  This isn't a
great fix, and imo this bug should stay opened (and perhaps RC), since
playing movies is probably what pornview is used for 80+% of the time.
Robert's patch does just this.

Justin


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

xaw8

2006-03-26 Thread David Nusinow 
Hello all,

   Currently the X Strike Force is preparing to upload X11R7 to unstable.
Currently we have no package available for libXaw8, which we would like to
remove from the archive. The reason you are all being emailed is that one
of your packages (listed by maintainer below) either depends or
build-depends on libxaw8.

   The reason for wanting to kill xaw8 is to comply with the goals of
upstream. Xaw8 is identical to Xaw7 except that it adds support for Xprint.
Xprint, however, is being largely abandoned by upstream. The goal for
xprint was to provide a unified drawing interface for programs to draw to
the screen and the printer. However, it turns out that the x11 drawing
functionality is not a good way to implement this. In addition, there are
internal architecture problems with xprint (related to the internals of x
servers). The goal for upstream is to replace xprint with cairo, which will
provide a more sane api for drawing to both the screen and paper.

   Because xaw8 is functionally equivalent to xaw7 in every way except for
the xprint suppot, if your app does not need this specific feature then you
can safely depend on xaw7, leaving us to remove xaw8 from the archive. If
any of you do specifically need this support, please let us know (M-F-T set
to debian-x@lists.debian.org) so that we can support you as necessary. If
you don't need this specific feature though, *please* let us know so we
are sure we can kill this package without harming anyone.

   As a side note to the qa team, I'll be NMU'ing the 7 packages that are 
orphaned and depend on xaw8, so you guys don't have to worry about it.

 - David Nusinow

---

Daniel Baumann <[EMAIL PROTECTED]>
   xmem

Bastian Blank <[EMAIL PROTECTED]>
   ibm-3270

Adrian Bridgett <[EMAIL PROTECTED]>
   xbill

Debian Edu Developers 
   italc

Scott M. Dier <[EMAIL PROTECTED]>
   xmeter

Benjamin Drieu <[EMAIL PROTECTED]>
   xbvl

Debian QA Group <[EMAIL PROTECTED]>
   gnushogi
   hanterm-xf
   ppxp
   xbatt
   xconq
   xruskb
   xsysinfo

Mario Lang <[EMAIL PROTECTED]>
   brltty

Siggi Langauf <[EMAIL PROTECTED]>
   gxine

Keita Maehara <[EMAIL PROTECTED]>
   kinput2

Steve McIntyre <[EMAIL PROTECTED]>
   nas

Jose Carlos Medeiros <[EMAIL PROTECTED]>
   snake4

Ari Pollak <[EMAIL PROTECTED]>
   drscheme

Darren Salt <[EMAIL PROTECTED]>
   playmidi

teTeX maintainers 
   tetex-bin


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#345100: someone should make a pornview upload

2006-03-26 Thread Steve Langasek 
On Sun, Mar 26, 2006 at 07:56:05PM -0500, Justin Pryzby wrote:
> and imo this bug should stay opened (and perhaps RC), since playing movies
> is probably what pornview is used for 80+% of the time.

Huh?  When pornview was introduced to the archive, it was billed as an image
viewer.

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
[EMAIL PROTECTED]   http://www.debian.org/


signature.asc
Description: Digital signature

Bug#345100: someone should make a pornview upload

2006-03-26 Thread Justin Pryzby 
On Sun, Mar 26, 2006 at 06:21:07PM -0800, Steve Langasek wrote:
> On Sun, Mar 26, 2006 at 07:56:05PM -0500, Justin Pryzby wrote:
> > and imo this bug should stay opened (and perhaps RC), since
> > playing movies is probably what pornview is used for 80+% of the
> > time.
> 
> Huh?  When pornview was introduced to the archive, it was billed as
> an image viewer.
pornview - Image and movie viewer/manager

pornview plays movies that I've had trouble playing with other
programs, so I use it for that, but I would never consider to use it
just for displaying images..just my opinion.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#345100: someone should make a pornview upload

2006-03-26 Thread Russ Allbery 
Justin Pryzby <[EMAIL PROTECTED]> writes:

> pornview plays movies that I've had trouble playing with other programs,
> so I use it for that, but I would never consider to use it just for
> displaying images..just my opinion.

I thought it was actually a pretty nice image viewer except for the
hanging problems.  So for what it's worth, I do think there are other
takes on that.

There are probably lots of other good ones as well, but it did a good job
with thumbnails and was reasonably fast.

-- 
Russ Allbery ([EMAIL PROTECTED])   


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]