Bug#639859: apt-build fails to build packages ; it conflicts with apt
retitle 639859 apt-build uses outdated apt configuration settings tag 639859 - patch quit On Wed, 31 Aug 2011 02:40:25 +0200 Laurent Dard wrote: > Package: apt-build > Version: 0.12.38 > Severity: grave > Tags: sid wheezy patch Dropping the patch tag because the patch is incomplete (although likely to be along most of the right lines). > # apt-build install hello > it fails with: > >W: Failed to fetch > >file:/var/cache/apt-build/repository/dists/apt-build/Release Unable to find > >expected entry 'main/binary-amd64/Packages' in Release file (Wrong > >sources.list entry or malformed file) apt-build needs to update the configuration string which it passes to apt, along the same lines as recent updates in multistrap, xapt and other tools which use apt in custom locations. > >E: The value 'apt-build' is invalid for APT::Default-Release as such a > >release is not available in the sources This is another instance of #637434 and may well need a similar patch which can be seen in Emdebian SVN: http://www.emdebian.org/trac/changeset/8062 AFAICT if the test system does not use a Default-Release, this bug won't occur. apt-build *might* have to assert unstable as the Default-Release or try to replicate the system setting somehow. I don't use apt-build. > I erased "/var/cache/apt-build" and applied the following patch to get rid apt-build should do this anyway. xapt has a similar --clean option explicitly to do this kind of thing. If it doesn't, this would warrant another stage to the patch or a new bug report (severity important). > Unfortunately, it doesn't solve the problem. > "apt-get update" keeps saying: > E: The value 'apt-build' is invalid for APT::Default-Release as such a > release is not available in the sources > > Maybe an apt bug rather than an apt-build bug ? No, it will still be an apt-build bug. The question is what do you expect apt-build to do if Default-Release is set on your own system? Build for unstable (Debian expectation) or build for whatever is the Default-Release on your system? Once that is decided, the final tweak to the patch should be fairly trivial. apt-build is an orphaned package (and has been orphaned for a v.long time) and has no maintainer. If you're doing this much work on apt-build, maybe you should read the orphaning bug (#365427) and see if you can work with those who have also expressed an interest but not actually made the upload as maintainer. Maybe even form a team. Otherwise, once the Wheezy freeze starts, apt-build could well be removed. -- Neil Williams = http://www.linux.codehelp.co.uk/ pgpRIXg2LEd7s.pgp Description: PGP signature
Processed: Re: Bug#639859: apt-build fails to build packages ; it conflicts with apt
Processing commands for cont...@bugs.debian.org: > retitle 639859 apt-build uses outdated apt configuration settings Bug #639859 [apt-build] apt-build fails to build packages ; it conflicts with apt Changed Bug title to 'apt-build uses outdated apt configuration settings' from 'apt-build fails to build packages ; it conflicts with apt' > tag 639859 - patch Bug #639859 [apt-build] apt-build uses outdated apt configuration settings Removed tag(s) patch. > quit Stopping processing here. Please contact me if you need assistance. -- 639859: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639859 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.13147743198022.transcr...@bugs.debian.org
Processed: tagging as pending bugs that are closed by packages in NEW
Processing commands for cont...@bugs.debian.org: > # Wed Aug 31 08:03:15 UTC 2011 > # Tagging as pending bugs that are closed by packages in NEW > # http://ftp-master.debian.org/new.html > # > # Source package in NEW: snd > tags 615776 + pending Bug #615776 [snd] snd: ftbfs with gold or ld --no-add-needed Added tag(s) pending. > # Source package in NEW: snd > tags 634762 + pending Bug #634762 [snd] snd: debian/control uses hardcoded list of non-Linux architectures Added tag(s) pending. > # Source package in NEW: libgee > tags 624565 + pending Bug #624565 [libgee] building a gir binary would be nice Added tag(s) pending. > # Source package in NEW: openinbrowser > tags 536583 + pending Bug #536583 [wnpp] ITP: openinbrowser -- open files directly in the browser Bug #569960 [wnpp] ITP: openinbrowser -- open files directly in the browser Added tag(s) pending. Added tag(s) pending. > # Source package in NEW: python-scientific > tags 571452 + pending Bug #571452 [src:python-scientific] python-scientific: Please drop build-dependency on LAM/MPI and/or MPICH Added tag(s) pending. > # Source package in NEW: open-axiom > tags 639185 + pending Bug #639185 [wnpp] ITP: open-axiom -- open scientific computation platform Added tag(s) pending. > End of message, stopping processing here. Please contact me if you need assistance. -- 639185: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639185 536583: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536583 634762: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634762 624565: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624565 571452: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571452 615776: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615776 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.131477781925588.transcr...@bugs.debian.org
Processing of cvsconnect_0.1.cvs20001202-2_amd64.changes
cvsconnect_0.1.cvs20001202-2_amd64.changes uploaded successfully to localhost along with the files: cvsconnect_0.1.cvs20001202-2.dsc cvsconnect_0.1.cvs20001202-2.debian.tar.gz cvsconnect_0.1.cvs20001202-2_all.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qyfsg-00026i...@franck.debian.org
[FREE Marketing Software] fm Vic
Dear valued customer, ELDIRA Ltd. GROUP is an Internet Marketing Company working in the sphere of "MONEY MAKING ONLINE" and will inform you for the new trends and the TOP QUALITY promotions with valuable and on-time information ever. Before we begin sending you the information , we want to be certain we have Your permission. To confirm your subscription, click on the link below http://www.eldira.com/cgi-bin/amlm/register.cgi?act=m&list=7&sub=WH1uPu85Gps_ Thank you. We promised You will never regret. John Stark ELDIRA Ltd. Hi, If you're feeling overwhelmed by all the latest 'get-rich-quick' products but you're still not making any money... Then you need to drop what you're doing and watch this MUST-SEE video from beginning to end... http://www.eldira.com/cgi-bin/amlm/r.cgi?u=WH1uPu85Gps_&l=15&m=7 Inside, you'll receive a personal invitation from not just one, but two of the most 'down-to-earth', genuine marketers online today. http://www.eldira.com/cgi-bin/amlm/r.cgi?u=WH1uPu85Gps_&l=15&m=7 Have you ever wondered WHY you've not succeeded? Why is it that some people make an absolute fortune whilst others really struggle? You'll find the answer right here... http://www.eldira.com/cgi-bin/amlm/r.cgi?u=WH1uPu85Gps_&l=15&m=7 (and it's NOT what you think!) John Stark To unsubscribe click on the link below: http://www.eldira.com/cgi-bin/amlm/register.cgi?unsubscribe=WH1uPu85Gps_ -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110831081411.1ef0a13a5...@liszt.debian.org
cvsconnect_0.1.cvs20001202-2_amd64.changes ACCEPTED into unstable
Accepted: cvsconnect_0.1.cvs20001202-2.debian.tar.gz to main/c/cvsconnect/cvsconnect_0.1.cvs20001202-2.debian.tar.gz cvsconnect_0.1.cvs20001202-2.dsc to main/c/cvsconnect/cvsconnect_0.1.cvs20001202-2.dsc cvsconnect_0.1.cvs20001202-2_all.deb to main/c/cvsconnect/cvsconnect_0.1.cvs20001202-2_all.deb Override entries for your package: cvsconnect_0.1.cvs20001202-2.dsc - source vcs cvsconnect_0.1.cvs20001202-2_all.deb - extra vcs Announcing to debian-devel-chan...@lists.debian.org Closing bugs: 636883 Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qygs8-0004lr...@franck.debian.org
Bug#639744: Accepted ca-certificates 20110502+nmu1 (source all)
On Wed, August 31, 2011 08:55, Peter Palfrader wrote: > On Wed, 31 Aug 2011, Raphael Geissert wrote: > >> Changes: >> ca-certificates (20110502+nmu1) unstable; urgency=high >> . >>* Non-maintainer upload by the Security Team. >>* Blacklist "DigiNotar Root CA" (Closes: #639744) > > Are we updating stable too? Yes. Raphaël, any reason that there's an upload for squeeze on security-master, but not for lenny? Cheers, Thijs -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/91f16d1aa836770e47200c27e3a6cbe4.squir...@wm.kinkhorst.nl
Bug#639744: Accepted ca-certificates 20110502+nmu1 (source all)
On Wed, August 31, 2011 12:38, Thijs Kinkhorst wrote: > Raphaël, any reason that there's an upload for squeeze on security-master, > but not for lenny? OK, sorry for this, I should have researched that a bit more. Just found out that Lenny ca-certificates doesn't have DigiNotar. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cd28e754e2ebfa2b5488a4188ddb9d70.squir...@wm.kinkhorst.nl
Processing of openclipart_0.18+dfsg-12_amd64.changes
openclipart_0.18+dfsg-12_amd64.changes uploaded successfully to ftp-master.debian.org along with the files: openclipart_0.18+dfsg-12_all.deb openclipart-svg_0.18+dfsg-12_all.deb openclipart-png_0.18+dfsg-12_all.deb openclipart-libreoffice_0.18+dfsg-12_all.deb Greetings, Your Debian queue daemon (running on host kassia.debian.org) -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qynct-cs...@kassia.debian.org
Processing of openclipart_0.18+dfsg-12_amd64.changes
openclipart_0.18+dfsg-12_amd64.changes uploaded successfully to localhost along with the files: openclipart_0.18+dfsg-12_all.deb openclipart-svg_0.18+dfsg-12_all.deb openclipart-png_0.18+dfsg-12_all.deb openclipart-libreoffice_0.18+dfsg-12_all.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qyneo-0006b2...@franck.debian.org
openclipart_0.18+dfsg-12_amd64.changes REJECTED
Reject Reasons: no source found for openclipart 0.18+dfsg-12 (openclipart-libreoffice_0.18+dfsg-12_all.deb). no source found for openclipart 0.18+dfsg-12 (openclipart-svg_0.18+dfsg-12_all.deb). no source found for openclipart 0.18+dfsg-12 (openclipart-png_0.18+dfsg-12_all.deb). no source found for openclipart 0.18+dfsg-12 (openclipart_0.18+dfsg-12_all.deb). === Please feel free to respond to this email if you don't understand why your files were rejected, or if you upload new files which address our concerns. -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qyntn-8a...@franck.debian.org
Bug#639744: Accepted ca-certificates 20110502+nmu1 (source all)
On Wednesday 31 August 2011 06:29:02 Thijs Kinkhorst wrote: > On Wed, August 31, 2011 12:38, Thijs Kinkhorst wrote: > > Raphaël, any reason that there's an upload for squeeze on > > security-master, but not for lenny? > > OK, sorry for this, I should have researched that a bit more. Just found > out that Lenny ca-certificates doesn't have DigiNotar. I should have sent an update last night, sorry about that. I wonder if we shouldn't be updating lenny and squeeze's ca-certs with testing's, as a standard procedure. There are expired certs still being shipped. In fact, the whole maintenance of the package needs to be revisited. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201108311320.37627.geiss...@debian.org
Bug#639859: apt-build uses outdated apt configuration settings
Neil Williams wrote:
> This is another instance of #637434 and may well need a similar patch
> which can be seen in Emdebian SVN:
> http://www.emdebian.org/trac/changeset/8062
It seems to me it's really something else.
> AFAICT if the test system does not use a Default-Release, this bug
> won't occur. apt-build *might* have to assert unstable as the
> Default-Release or try to replicate the system setting somehow. I don't
> use apt-build.
In fact, there is no problem with "apt-get update". The command that fails
is "apt-get -t apt-build install hello", and it still appears to me as an
apt bug.
APT::Default-Release is not set on my system, AFAIK, and I changed
temporarily my aptpinning file as below. Here is an illustration:
# cat /etc/apt/preferences.d/aptpinning
Package: *
Pin: release a=apt-build
Pin-Priority: 800
Package: *
Pin: release n=apt-build
Pin-Priority: 800
Package: *
Pin: release o=apt-build
Pin-Priority: 800
Package: *
Pin: release l=apt-build
Pin-Priority: 800
# cat /etc/apt/sources.list.d/apt-build.list
deb file:/var/cache/apt-build/repository apt-build main
# cat /var/cache/apt-build/repository/Release
Archive: apt-build
Component: main
Origin: apt-build
Label: apt-build
Architecture: amd64
# apt-get update > /dev/null ; echo $?
0
# LANG=C apt-cache policy hello
hello:
Installed: (none)
Candidate: 2.7-2
Version table:
2.7-2 0
500 http://ftp.be.debian.org/debian/ testing/main amd64 Packages
2.7-2 0
500 file:/var/cache/apt-build/repository/ apt-build/main amd64 Packages
2.6-1 0
500 http://ftp.by.debian.org/debian/ stable/main amd64 Packages
2.2-2 0
500 http://ftp.dk.debian.org/debian/ lenny/main amd64 Packages
# LANG=C apt-get -s install -t apt-build hello
Reading package lists... Done
E: The value 'apt-build' is invalid for APT::Default-Release as such a release
is not available in the sources
( -o APT::Default-Release=* doesn't help here )
What are the "sources" here ? The "sources.list" or the apt code ? How are
defined release values ? How can I set "apt-build" as a valid distribution
name ? How can I force, with apt-get, the installation of the apt-build
version ?
I'm not so interested in apt-build itself. But I have several local
repositories with arbitrary distribution names and I can't define a
Pin-Priority to one of them or use "apt-get install -t foo ...". That's the
same problem.
> apt-build is an orphaned package (and has been orphaned for a v.long
> time) and has no maintainer. If you're doing this much work on
> apt-build, maybe you should read the orphaning bug (#365427) and see if
> you can work with those who have also expressed an interest but not
> actually made the upload as maintainer. Maybe even form a team.
Unfortunately, I'm afraid my interest with apt-build itself will vanish
shortly.
Anyway, here is an improved patch that can be used to make it work,
using dpkg instead of apt.
## BEGIN apt-build-0.12.38-bug639859.patch ##
# Patch for apt-build-0.12.38
# Closes bugs #639859 and #528338
# for personnal use but...
# unworthy for an official distribution
diff -Naur apt-build-0.12.38.orig/apt-build apt-build-0.12.38/apt-build
--- apt-build-0.12.38.orig/apt-build2008-07-01 08:29:43.0 +0200
+++ apt-build-0.12.38/apt-build 2011-08-31 20:38:26.0 +0200
@@ -101,9 +101,9 @@
update-source - Update all sources and rebuild them
remove- Remove packages
build-repository - Rebuild the repository
- clean-sources - Clean up all object files in source directories
clean-build - Erase downloaded packages and temporary build files
- clean-repository - Erase downloaded packages and temporary build files
+ clean-repository - Erase built packages
+ clean-sources - Clean up all object files in source directories
world - Rebuild and reinstall all packages on your system
info - Build-related package information
@@ -337,10 +337,10 @@
chdir $conf->repository_dir;
my $arch = $_config->get("APT::Architecture");
-system "ln -s . main" unless -e "main";
-system "ln -s . apt-build" unless -e "apt-build";
-system "ln -s . dists" unless -e "dists";
-system "ln -s . binary-$arch" unless -e "binary-$arch";
+system "mkdir dists" unless -e "dists";
+system "mkdir dists/apt-build" unless -e "dists/apt-build";
+system "mkdir dists/apt-build/main" unless -e "dists/apt-build/main";
+system "ln -s ../../.. dists/apt-build/main/binary-$arch" unless -e
"dists/apt-build/main/binary-$arch";
make_release_file() unless -e "Release";
system "apt-ftparchive packages . | gzip -9 > Packages.gz";
@@ -457,7 +457,15 @@
my $deb_file;
# Build the .deb name
-my $arch = $_config->get("APT::Architecture");
+# FIXME (dirty hack here)
+# my $arch = $_config->get("APT::Architecture");
+# --> is not good because the arch component can be "all"
+# but the fo
Bug#571452: marked as done (python-scientific: Please drop build-dependency on LAM/MPI and/or MPICH)
Your message dated Wed, 31 Aug 2011 19:17:58 + with message-id and subject line Bug#571452: fixed in python-scientific 2.8-3 has caused the Debian Bug report #571452, regarding python-scientific: Please drop build-dependency on LAM/MPI and/or MPICH to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 571452: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571452 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: python-scientific Version: 2.8-1.2 Severity: important User: debian-scie...@lists.debian.org Usertags: old-mpi-eol Dear maintainer, python-scientific build-depends on LAM/MPI and/or MPICH which are not developed upstream anymore. There were several discussions on the Debian Science mailing list to EOL both LAM/MPI and MPICH, the latest discussion happening at [1]. Please help us with this goal by dropping the build-dependency on lam-dev and/or libmpich1.0-dev. You currently have two possibilities to build MPI-enabled packages: 1. You can build-depend on mpi-default-dev to build a single MPI-enabled package that uses Debian's default MPI implementation. The resulting package should use the "-mpi" suffix. This allows easy transistions to other MPI implementations in case it's needed. This solution is easy to maintain but does not allow your users to choose a different implementation than the default. 2. You can build packages against all currently supported MPI implementations in Debian, which are Open MPI (openmpi) and MPICH2 (mpich2). You have to change your build scripts to build against both implementations. There is no automatic way to do this at the moment. The resulting packages should use the "-openmpi" and "-mpich2" suffixes. This solution is harder to maintain but supports all MPI implementation, so your users can choose. You're free to choose which of the solutions you'd like to implement. If there are any questions, feel free to write to the Debian Science Maintainers mailing list [2]. Best regards, Manuel -- [1] http://lists.debian.org/debian-science/2009/11/msg00010.html [2] debian-science-maintain...@lists.alioth.debian.org --- End Message --- --- Begin Message --- Source: python-scientific Source-Version: 2.8-3 We believe that the bug you reported is fixed in the latest version of python-scientific, which is due to be installed in the Debian FTP archive: mpich2python_2.8-3_amd64.deb to main/p/python-scientific/mpich2python_2.8-3_amd64.deb openmpipython_2.8-3_amd64.deb to main/p/python-scientific/openmpipython_2.8-3_amd64.deb python-mpi_2.8-3_all.deb to main/p/python-scientific/python-mpi_2.8-3_all.deb python-netcdf_2.8-3_amd64.deb to main/p/python-scientific/python-netcdf_2.8-3_amd64.deb python-scientific-doc_2.8-3_all.deb to main/p/python-scientific/python-scientific-doc_2.8-3_all.deb python-scientific_2.8-3.diff.gz to main/p/python-scientific/python-scientific_2.8-3.diff.gz python-scientific_2.8-3.dsc to main/p/python-scientific/python-scientific_2.8-3.dsc python-scientific_2.8-3_all.deb to main/p/python-scientific/python-scientific_2.8-3_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 571...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nicholas Breen (supplier of updated python-scientific package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 10 May 2011 14:33:35 -0700 Source: python-scientific Binary: python-scientific python-netcdf python-scientific-doc python-mpi mpich2python openmpipython Architecture: source all amd64 Version: 2.8-3 Distribution: unstable Urgency: low Maintainer: Debian QA Group Changed-By: Nicholas Breen Description: mpich2python - MPI-enhanced Python interpreter (MPICH2 based version) openmpipython - MPI-enhanced Python interpreter (OpenMPI based version) python-mpi - MPI module for Python python-netcdf - netCDF interface for Python python-scientific - Python modules useful for scientific computing python-scientific-doc - Python modules useful for scientific computing Closes: 571452 Changes: python-scientific (2.8-3) unstable; urgency=low . * QA upload. * Replace EOLed MPI implementations (LAM, MPIC
python-scientific_2.8-3_amd64.changes ACCEPTED into unstable
Accepted: mpich2python_2.8-3_amd64.deb to main/p/python-scientific/mpich2python_2.8-3_amd64.deb openmpipython_2.8-3_amd64.deb to main/p/python-scientific/openmpipython_2.8-3_amd64.deb python-mpi_2.8-3_all.deb to main/p/python-scientific/python-mpi_2.8-3_all.deb python-netcdf_2.8-3_amd64.deb to main/p/python-scientific/python-netcdf_2.8-3_amd64.deb python-scientific-doc_2.8-3_all.deb to main/p/python-scientific/python-scientific-doc_2.8-3_all.deb python-scientific_2.8-3.diff.gz to main/p/python-scientific/python-scientific_2.8-3.diff.gz python-scientific_2.8-3.dsc to main/p/python-scientific/python-scientific_2.8-3.dsc python-scientific_2.8-3_all.deb to main/p/python-scientific/python-scientific_2.8-3_all.deb Override entries for your package: mpich2python_2.8-3_amd64.deb - optional python openmpipython_2.8-3_amd64.deb - extra python python-mpi_2.8-3_all.deb - optional python python-netcdf_2.8-3_amd64.deb - optional python python-scientific-doc_2.8-3_all.deb - optional doc python-scientific_2.8-3.dsc - source python python-scientific_2.8-3_all.deb - optional python Announcing to debian-devel-chan...@lists.debian.org Closing bugs: 571452 Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qyqiq-0005yg...@franck.debian.org
Bug#639932: ddccontrol: possibly buffer overflow
Package: ddccontrol Version: 0.4.2-5 Severity: important Bug report & patch: http://sourceforge.net/tracker/?func=detail&aid=3399766&group_id=117933&atid=1220161 -- System Information: Debian Release: 6.0.2 APT prefers stable APT policy: (500, 'stable'), (25, 'testing'), (20, 'unstable'), (10, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686-bigmem (SMP w/2 CPU cores) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ddccontrol depends on: ii ddccontrol-db 20061014-4monitor database for ddccontrol ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libddccontrol0 0.4.2-6 shared library for ddccontrol ii libpci31:3.1.7-6 Linux PCI Utilities (shared librar ii libxml22.7.8.dfsg-2+squeeze1 GNOME XML library ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime ddccontrol recommends no packages. ddccontrol suggests no packages. -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110831194403.32482.83874.report...@debian.home
Processing of clojure_1.1.0+dfsg-2_amd64.changes
clojure_1.1.0+dfsg-2_amd64.changes uploaded successfully to localhost along with the files: clojure_1.1.0+dfsg-2.dsc clojure_1.1.0+dfsg-2.diff.gz clojure_1.1.0+dfsg-2_all.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qyrhi-00020m...@franck.debian.org
clojure_1.1.0+dfsg-2_amd64.changes ACCEPTED into unstable
Accepted: clojure_1.1.0+dfsg-2.diff.gz to main/c/clojure/clojure_1.1.0+dfsg-2.diff.gz clojure_1.1.0+dfsg-2.dsc to main/c/clojure/clojure_1.1.0+dfsg-2.dsc clojure_1.1.0+dfsg-2_all.deb to main/c/clojure/clojure_1.1.0+dfsg-2_all.deb Override entries for your package: clojure_1.1.0+dfsg-2.dsc - source devel clojure_1.1.0+dfsg-2_all.deb - optional devel Announcing to debian-devel-chan...@lists.debian.org Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qyrvm-0006tc...@franck.debian.org
Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
On Tuesday 30 August 2011 23:30:19 Mike Hommey wrote: > On Wed, Aug 31, 2011 at 06:26:26AM +0200, Mike Hommey wrote: > > So, I'll put that on tiredness. That'd be several fraudulent > > certificates which fingerprint is unknown (thus even CRL, OCSP and > > blacklists can't do anything), and the mitigation involves several > > different intermediate certs that are cross-signed, which makes it kind > > of hard. Plus, there is the problem that untrusting the DigiNotar root > > untrusts a separate PKI used by the Dutch government. AFAICS, this last part is not true. The gov has one Root and DigiNotar's PKIOverheid is one if its leafs. Other DigiNotar CAs are the one derived from Entrust (seems to have been revoked), and a PKIOverheid G2 that I've seen mentioned in a few places (also derived from Entrust?) > > Add to the above that untrusting a root still allows users to override > > in applications, and we have no central way to not allow that. Aiui, the > > mozilla update is going to block overrides as well, but that involves > > the application side. NSS won't deal with that. > > See https://bugzilla.mozilla.org/show_bug.cgi?id=682927 which is now > open. Thanks for the link. FWIW, it seems that the government is ACKing [3] that DigiNotar re-signs certificates with its PKIOverheid CA for non-gov users of its now-untrusted DigiNotar Root CA. Action items based on what others are doing: 1. Disable DigiNotar Root CA: done 2. Disable other DigiNotar CAs (derived from Entrust)[4]: not done 3. Still permit Staat der Nederlanden CA and PKIoverheid: nothing to be done Item 2 is handled by Mozilla by matching /^DigiNotar/ and marking them as untrusted at the PMS level. [3] https://www.govcert.nl/english/service-provision/knowledge-and- publications/factsheets/factsheet-fraudulently-issued-security-certificate- discovered.html (and the linked fact-sheet) [4] Entrust revoked them, marked as "superseded" in the CRL -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201108312302.56068.geiss...@debian.org
Processing of openclipart_0.18+dfsg-12_amd64.changes
openclipart_0.18+dfsg-12_amd64.changes uploaded successfully to ftp-master.debian.org along with the files: openclipart_0.18+dfsg-12.dsc openclipart_0.18+dfsg-12.diff.gz openclipart_0.18+dfsg-12_all.deb openclipart-svg_0.18+dfsg-12_all.deb openclipart-png_0.18+dfsg-12_all.deb openclipart-libreoffice_0.18+dfsg-12_all.deb Greetings, Your Debian queue daemon (running on host kassia.debian.org) -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qyyrr-0004ot...@kassia.debian.org
Processing of openclipart_0.18+dfsg-12_amd64.changes
openclipart_0.18+dfsg-12_amd64.changes uploaded successfully to localhost along with the files: openclipart_0.18+dfsg-12.dsc openclipart_0.18+dfsg-12.diff.gz openclipart_0.18+dfsg-12_all.deb openclipart-svg_0.18+dfsg-12_all.deb openclipart-png_0.18+dfsg-12_all.deb openclipart-libreoffice_0.18+dfsg-12_all.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qyytq-0002ay...@franck.debian.org
openclipart_0.18+dfsg-12_amd64.changes ACCEPTED into unstable
Accepted: openclipart-libreoffice_0.18+dfsg-12_all.deb to main/o/openclipart/openclipart-libreoffice_0.18+dfsg-12_all.deb openclipart-png_0.18+dfsg-12_all.deb to main/o/openclipart/openclipart-png_0.18+dfsg-12_all.deb openclipart-svg_0.18+dfsg-12_all.deb to main/o/openclipart/openclipart-svg_0.18+dfsg-12_all.deb openclipart_0.18+dfsg-12.diff.gz to main/o/openclipart/openclipart_0.18+dfsg-12.diff.gz openclipart_0.18+dfsg-12.dsc to main/o/openclipart/openclipart_0.18+dfsg-12.dsc openclipart_0.18+dfsg-12_all.deb to main/o/openclipart/openclipart_0.18+dfsg-12_all.deb Override entries for your package: openclipart-libreoffice_0.18+dfsg-12_all.deb - extra graphics openclipart-png_0.18+dfsg-12_all.deb - extra graphics openclipart-svg_0.18+dfsg-12_all.deb - extra graphics openclipart_0.18+dfsg-12.dsc - source graphics openclipart_0.18+dfsg-12_all.deb - extra graphics Announcing to debian-devel-chan...@lists.debian.org Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qyyxw-0003wg...@franck.debian.org
Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
On Wed, Aug 31, 2011 at 11:02:53PM -0500, Raphael Geissert wrote: > On Tuesday 30 August 2011 23:30:19 Mike Hommey wrote: > > On Wed, Aug 31, 2011 at 06:26:26AM +0200, Mike Hommey wrote: > > > So, I'll put that on tiredness. That'd be several fraudulent > > > certificates which fingerprint is unknown (thus even CRL, OCSP and > > > blacklists can't do anything), and the mitigation involves several > > > different intermediate certs that are cross-signed, which makes it kind > > > of hard. Plus, there is the problem that untrusting the DigiNotar root > > > untrusts a separate PKI used by the Dutch government. > > AFAICS, this last part is not true. The gov has one Root and DigiNotar's > PKIOverheid is one if its leafs. > Other DigiNotar CAs are the one derived from Entrust (seems to have been > revoked), and a PKIOverheid G2 that I've seen mentioned in a few places (also > derived from Entrust?) Well, reality is that the Firefox 6.0.1 release, which has a white least for Staat der Nederlanden Root CA but not Staat der Nederlanden Root CA - G2, effectively prevents from going to a couple of dutch government sites. Considering it has been found that the PSM side blacklist doesn't work, that suggests that the root CA removal alone is responsible for the situation, but I could be wrong. > > > Add to the above that untrusting a root still allows users to override > > > in applications, and we have no central way to not allow that. Aiui, the > > > mozilla update is going to block overrides as well, but that involves > > > the application side. NSS won't deal with that. > > > > See https://bugzilla.mozilla.org/show_bug.cgi?id=682927 which is now > > open. > > Thanks for the link. > > FWIW, it seems that the government is ACKing [3] that DigiNotar re-signs > certificates with its PKIOverheid CA for non-gov users of its now-untrusted > DigiNotar Root CA. > > Action items based on what others are doing: > 1. Disable DigiNotar Root CA: done > 2. Disable other DigiNotar CAs (derived from Entrust)[4]: not done There are 3 of them iirc. > 3. Still permit Staat der Nederlanden CA and PKIoverheid: nothing to be done > > Item 2 is handled by Mozilla by matching /^DigiNotar/ and marking them as > untrusted at the PMS level. And that currently doesn't work. It seems reasonable to wait for a more correct fix there before uploading ice*. There may be another nss round before that, though, for the Entrust certs. Please also note that Kai Engert is going to work on a NSS patch to handle the whole think at NSS level which would port what PSM does for SSL to S/MIME and other uses of NSS. I'm not sure this will be easily backportable, though. Mike -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110901063701.gb3...@glandium.org
