Processed: retitle 738384 to cp: not writing through dangling symlink [...]/jquery.js
Processing commands for cont...@bugs.debian.org: > retitle 738384 cp: not writing through dangling symlink [...]/jquery.js Bug #738384 [src:python-repoze.what] python-repoze.what: FTBFS: ImportError: No module named what.authorize Changed Bug title to 'cp: not writing through dangling symlink [...]/jquery.js' from 'python-repoze.what: FTBFS: ImportError: No module named what.authorize' > thanks Stopping processing here. Please contact me if you need assistance. -- 738384: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738384 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.139306276413612.transcr...@bugs.debian.org
Processed: retitle 738384 to python-repoze.what: FTBFS: cp: not writing through dangling symlink [...]/jquery.js
Processing commands for cont...@bugs.debian.org: > retitle 738384 python-repoze.what: FTBFS: cp: not writing through dangling > symlink [...]/jquery.js Bug #738384 [src:python-repoze.what] cp: not writing through dangling symlink [...]/jquery.js Changed Bug title to 'python-repoze.what: FTBFS: cp: not writing through dangling symlink [...]/jquery.js' from 'cp: not writing through dangling symlink [...]/jquery.js' > thanks Stopping processing here. Please contact me if you need assistance. -- 738384: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738384 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.139306279113706.transcr...@bugs.debian.org
Processed: retitle 738395 to python-repoze.who: FTBFS: cp: not writing through dangling symlink [...]/jquery.js
Processing commands for cont...@bugs.debian.org:
> retitle 738395 python-repoze.who: FTBFS: cp: not writing through dangling
> symlink [...]/jquery.js
Bug #738395 [src:python-repoze.who] python-repoze.who: FTBFS: dh_installdocs:
cd 'docs/.build/html//..' && find 'html' \( -type f -or -type l \) -and !
-empty -print0 | xargs -0 -I {} cp --parents -dp {}
/«PKGBUILDDIR»/debian/python-repoze.who/usr/share/doc/python-repoze.who
returned exit code 123
Changed Bug title to 'python-repoze.who: FTBFS: cp: not writing through
dangling symlink [...]/jquery.js' from 'python-repoze.who: FTBFS:
dh_installdocs: cd 'docs/.build/html//..' && find 'html' \( -type f -or -type l
\) -and ! -empty -print0 | xargs -0 -I {} cp --parents -dp {}
/«PKGBUILDDIR»/debian/python-repoze.who/usr/share/doc/python-repoze.who
returned exit code 123'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
738395: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738395
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/handler.s.c.139306298014918.transcr...@bugs.debian.org
Bug#739763: [INTL:da] Danish translation of the debconf templates spamprobe
Package: spamprobe Severity: wishlist Tags: l10n patch Please include the attached Danish spamprobe translations. joe@pc:~/over/debian/spamprobe$ msgfmt --statistics -c -v -o /dev/null da.po da.po: 5 oversatte tekster. bye Joe da.po.tar.gz Description: GNU Zip compressed data
Processed: found 730821 in 0.1.22+20120112-1, tagging 730821, affects 730821, reassign 739743 to src:fontconfig ...
Processing commands for cont...@bugs.debian.org: > found 730821 0.1.22+20120112-1 Bug #730821 [sunpinyin-data] sunpinyin-data: 0.1.22+20120112-1 breaks libsunpinyin3 Marked as found in versions open-gram/0.1.22+20120112-1. > tags 730821 + jessie sid Bug #730821 [sunpinyin-data] sunpinyin-data: 0.1.22+20120112-1 breaks libsunpinyin3 Added tag(s) sid and jessie. > affects 730821 + libsunpinyin3 Bug #730821 [sunpinyin-data] sunpinyin-data: 0.1.22+20120112-1 breaks libsunpinyin3 Added indication that 730821 affects libsunpinyin3 > reassign 739743 src:fontconfig 2.11.0-4 Bug #739743 [libfontconfig1] FTBFS: circular dependency Bug reassigned from package 'libfontconfig1' to 'src:fontconfig'. Ignoring request to alter found versions of bug #739743 to the same values previously set Ignoring request to alter fixed versions of bug #739743 to the same values previously set Bug #739743 [src:fontconfig] FTBFS: circular dependency Marked as found in versions fontconfig/2.11.0-4. > severity 739745 serious Bug #739745 [fontconfig-config] fontconfig 2.11.0-3 and fontconfig-config_2.11.0-3 have duplicate file, broken pipe in dpkg Severity set to 'serious' from 'important' > merge 739741 739742 739745 Bug #739741 [fontconfig-config] fontconfig-config: fails to upgrade from 2.11.0-2 overwriting files in fontconfig Bug #739741 [fontconfig-config] fontconfig-config: fails to upgrade from 2.11.0-2 overwriting files in fontconfig Marked as found in versions fontconfig/2.11.0-3. Bug #739745 [fontconfig-config] fontconfig 2.11.0-3 and fontconfig-config_2.11.0-3 have duplicate file, broken pipe in dpkg Marked as found in versions fontconfig/2.11.0-3. Bug #739742 [fontconfig-config] fontconfig-config: Tries to overwrite many files which is also in package fontconfig 2.11.0-3 Marked as found in versions fontconfig/2.11.0-2. Merged 739741 739742 739745 > found 668724 0.0.20130503-1 Bug #668724 [prelink] prelink: unowned files after purge (policy 6.8, 10.8): /var/log/prelink.log Marked as found in versions prelink/0.0.20130503-1. > found 705174 0.98.5+dfsg-1 Bug #705174 [semanticscuttle] semanticscuttle: unowned files after purge (policy 6.8, 10.8): /etc/apache2/conf.d/semanticscuttle.conf Marked as found in versions semanticscuttle/0.98.5+dfsg-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 668724: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668724 705174: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705174 730821: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730821 739741: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739741 739742: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739742 739743: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739743 739745: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739745 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.139307887013440.transcr...@bugs.debian.org
Re: Processed: found 730821 in 0.1.22+20120112-1, tagging 730821, affects 730821, reassign 739743 to src:fontconfig ...
Debian Bug Tracking System writes: >> reassign 739743 src:fontconfig 2.11.0-4 > Bug #739743 [libfontconfig1] FTBFS: circular dependency > Bug reassigned from package 'libfontconfig1' to 'src:fontconfig'. > Ignoring request to alter found versions of bug #739743 to the same values > previously set > Ignoring request to alter fixed versions of bug #739743 to the same values > previously set > Bug #739743 [src:fontconfig] FTBFS: circular dependency > Marked as found in versions fontconfig/2.11.0-4. My plan to stop using upstream release tarballs and just build everything from source for fontconfig is clearly not going to work with the current docbook-utils package. I'll upload a version that includes the built documentation in the .orig.tar.gz file -- that's what upstream provides for releases. -- keith.pack...@intel.com pgpF2SrRyQt6H.pgp Description: PGP signature
Bug#705700: marked as done (Fresh upstream release (1.6.0) is out)
Your message dated Sun, 23 Feb 2014 00:21:07 +0100 with message-id <2014032107.ga4...@pryan.ekaia.org> and subject line Re: Bug#705700: Fresh upstream release (1.6.0) is out has caused the Debian Bug report #705700, regarding Fresh upstream release (1.6.0) is out to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 705700: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705700 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: fabric Version: 1.4.3-1 Severity: wishlist would be nice to have Debian up to date -- wheezy is already knocking and sid will be unleashed soon -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (900, 'testing'), (600, 'unstable'), (300, 'experimental'), (100, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages fabric depends on: ii python2.7.3-13 ii python-paramiko 1.7.7.1-3.1 ii python-pkg-resources 0.6.24-1 ii python-support1.0.15 fabric recommends no packages. fabric suggests no packages. --- End Message --- --- Begin Message --- Version: 1.7.0-1 We could mark this bug as fixed from when version 1.7 was uploaded. Ana On Thu, Apr 18, 2013 at 02:12:11PM -0400, Yaroslav Halchenko wrote: > Package: fabric > Version: 1.4.3-1 > Severity: wishlist > > > would be nice to have Debian up to date -- wheezy is already knocking and sid > will be unleashed soon > > -- System Information: > Debian Release: 7.0 > APT prefers testing > APT policy: (900, 'testing'), (600, 'unstable'), (300, 'experimental'), > (100, 'stable') > Architecture: amd64 (x86_64) > Foreign Architectures: i386 > > Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) > Locale: LANG=en_US, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/bash > > Versions of packages fabric depends on: > ii python2.7.3-13 > ii python-paramiko 1.7.7.1-3.1 > ii python-pkg-resources 0.6.24-1 > ii python-support1.0.15 > > fabric recommends no packages. > > fabric suggests no packages.--- End Message ---
Bug#714421: marked as done (fabric: No fabric package in wheezy?)
Your message dated Sun, 23 Feb 2014 00:32:10 +0100 with message-id <2014033210.ga5...@pryan.ekaia.org> and subject line Re: Bug#714421: fabric: No fabric package in wheezy? has caused the Debian Bug report #714421, regarding fabric: No fabric package in wheezy? to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 714421: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714421 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: fabric Version: 1.4.3-1 Severity: important Dear Maintainer, Just upgraded a system to wheezy and no fabric package? Nothing in backports either. Am I missing something obvious or does wheezy have no fabric package? Best - -- Mark -- System Information: Debian Release: 7.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash --- End Message --- --- Begin Message --- On Fri, Jun 28, 2013 at 09:02:56PM -0700, Mark Symonds wrote: > Package: fabric > Version: 1.4.3-1 > Severity: important > > Dear Maintainer, > > Just upgraded a system to wheezy and no fabric package? > Nothing in backports either. Am I missing something obvious > or does wheezy have no fabric package? I just adopted fabric and I don't know 100% sure why it is not available in Wheezy. What I have found is: * Fabric was removed from Wheezy October 26, 2012: http://packages.qa.debian.org/f/fabric/news/20121026T163911Z.html but there is any reason indicated there. My wild guess is because bug #680209 with severity serious. A new upstream version was uploaded October 30, 2012: http://packages.qa.debian.org/f/fabric/news/20121030T000230Z.html fixing the bug mentioned earlier. However, Wheezy was already in deep freeze by then (it froze end of June) and nobody asked an exception to have the new package in wheezy to the release team. And if asked, it would have most likely rejected due to the deep freeze. Ana--- End Message ---
Bug#629003: marked as done (fabric is prone to file-overwrite security issue(s).)
Your message dated Sun, 23 Feb 2014 00:43:27 +0100
with message-id <2014034327.ga5...@pryan.ekaia.org>
and subject line Re: Bug#629003: fabric is prone to file-overwrite security
issue(s).
has caused the Debian Bug report #629003,
regarding fabric is prone to file-overwrite security issue(s).
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
629003: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629003
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: fabric
Version: 0.9.1-1
Justification: causes serious data loss
Severity: important
Tags: security
*** Please type your report below this line ***
Fabric includes two modules which are marked as "contrib", and are
included in the main package.
These two modules both suffer from the same issue:
* They write files with (semi-)predictable names, in world-readable
and world-writeable locations.
This allows a malicious local-user to pre-create the filenames which
will be used, and allow the overwriting of arbitrary files the user
invoking fabric controls.
The relevant code is included is:
fabric/contrib/projects.py:
tar_file = "/tmp/fab.%s.tar" % datetime.utcnow().strftime(
'%Y_%m_%d_%H-%M-%S')
cwd_name = getcwd().split(sep)[-1]
tgz_name = cwd_name + ".tar.gz"
local("tar -czf %s ." % tar_file)
fabric/contrib/files.py:
basename = os.path.basename(filename)
temp_destination = '/tmp/' + basename
...
...
put(tempfile_name, temp_destination)
[The latter case the upload happens on the *remote* system.]
-- System Information:
Debian Release: 6.0.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/3 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages fabric depends on:
ii python 2.6.6-3+squeeze6 interactive high-level object-orie
ii python-paramiko 1.7.6-5 Make ssh v2 connections with Pytho
ii python-pkg-resources0.6.14-4 Package Discovery and Resource Acc
ii python-support 1.0.10 automated rebuilding support for P
fabric recommends no packages.
fabric suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 1.7.0-2
Hi Steve,
On Thu, Jun 02, 2011 at 11:25:01PM +0100, Steve Kemp wrote:
>
> Package: fabric
> Version: 0.9.1-1
> Justification: causes serious data loss
> Severity: important
> Tags: security
>
> *** Please type your report below this line ***
>
> Fabric includes two modules which are marked as "contrib", and are
> included in the main package.
>
> These two modules both suffer from the same issue:
>
> * They write files with (semi-)predictable names, in world-readable
> and world-writeable locations.
>
> This allows a malicious local-user to pre-create the filenames which
> will be used, and allow the overwriting of arbitrary files the user
> invoking fabric controls.
>
> The relevant code is included is:
>
> fabric/contrib/projects.py:
>
> tar_file = "/tmp/fab.%s.tar" % datetime.utcnow().strftime(
> '%Y_%m_%d_%H-%M-%S')
> cwd_name = getcwd().split(sep)[-1]
> tgz_name = cwd_name + ".tar.gz"
> local("tar -czf %s ." % tar_file)
>
This uses now mkdtemp.
>
> fabric/contrib/files.py:
> basename = os.path.basename(filename)
> temp_destination = '/tmp/' + basename
> ...
> ...
> put(tempfile_name, temp_destination)
>
> [The latter case the upload happens on the *remote* system.]
This code seems to have dissapeared.
Ana
>
>
> -- System Information:
> Debian Release: 6.0.1
> APT prefers stable
> APT policy: (500, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 2.6.32-5-amd64 (SMP w/3 CPU cores)
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages fabric depends on:
> ii python 2.6.6-3+squeeze6 interactive high-level
> object-orie
> ii python-paramiko 1.7.6-5 Make ssh v2 connections with
> Pytho
> ii python-pkg-resources0.6.14-4 Package Discovery and Resource
> Acc
> ii python-support 1.0.10 automated rebuilding support for
> P
>
> fabric recommends no packages.
>
> fabric suggests no packages.
>
> -- no debconf information
>
>
> --- End Message ---
Bug#705700: Fresh upstream release (1.6.0) is out
Version: 1.7.0-1 We could mark this bug as fixed from when version 1.7 was uploaded. Ana On Thu, Apr 18, 2013 at 02:12:11PM -0400, Yaroslav Halchenko wrote: > Package: fabric > Version: 1.4.3-1 > Severity: wishlist > > > would be nice to have Debian up to date -- wheezy is already knocking and sid > will be unleashed soon > > -- System Information: > Debian Release: 7.0 > APT prefers testing > APT policy: (900, 'testing'), (600, 'unstable'), (300, 'experimental'), > (100, 'stable') > Architecture: amd64 (x86_64) > Foreign Architectures: i386 > > Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) > Locale: LANG=en_US, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/bash > > Versions of packages fabric depends on: > ii python2.7.3-13 > ii python-paramiko 1.7.7.1-3.1 > ii python-pkg-resources 0.6.24-1 > ii python-support1.0.15 > > fabric recommends no packages. > > fabric suggests no packages. -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2014032107.ga4...@pryan.ekaia.org
Bug#629003: fabric is prone to file-overwrite security issue(s).
Version: 1.7.0-2
Hi Steve,
On Thu, Jun 02, 2011 at 11:25:01PM +0100, Steve Kemp wrote:
>
> Package: fabric
> Version: 0.9.1-1
> Justification: causes serious data loss
> Severity: important
> Tags: security
>
> *** Please type your report below this line ***
>
> Fabric includes two modules which are marked as "contrib", and are
> included in the main package.
>
> These two modules both suffer from the same issue:
>
> * They write files with (semi-)predictable names, in world-readable
> and world-writeable locations.
>
> This allows a malicious local-user to pre-create the filenames which
> will be used, and allow the overwriting of arbitrary files the user
> invoking fabric controls.
>
> The relevant code is included is:
>
> fabric/contrib/projects.py:
>
> tar_file = "/tmp/fab.%s.tar" % datetime.utcnow().strftime(
> '%Y_%m_%d_%H-%M-%S')
> cwd_name = getcwd().split(sep)[-1]
> tgz_name = cwd_name + ".tar.gz"
> local("tar -czf %s ." % tar_file)
>
This uses now mkdtemp.
>
> fabric/contrib/files.py:
> basename = os.path.basename(filename)
> temp_destination = '/tmp/' + basename
> ...
> ...
> put(tempfile_name, temp_destination)
>
> [The latter case the upload happens on the *remote* system.]
This code seems to have dissapeared.
Ana
>
>
> -- System Information:
> Debian Release: 6.0.1
> APT prefers stable
> APT policy: (500, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 2.6.32-5-amd64 (SMP w/3 CPU cores)
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages fabric depends on:
> ii python 2.6.6-3+squeeze6 interactive high-level
> object-orie
> ii python-paramiko 1.7.6-5 Make ssh v2 connections with
> Pytho
> ii python-pkg-resources0.6.14-4 Package Discovery and Resource
> Acc
> ii python-support 1.0.10 automated rebuilding support for
> P
>
> fabric recommends no packages.
>
> fabric suggests no packages.
>
> -- no debconf information
>
>
>
--
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2014034327.ga5...@pryan.ekaia.org
Bug#714421: fabric: No fabric package in wheezy?
On Fri, Jun 28, 2013 at 09:02:56PM -0700, Mark Symonds wrote: > Package: fabric > Version: 1.4.3-1 > Severity: important > > Dear Maintainer, > > Just upgraded a system to wheezy and no fabric package? > Nothing in backports either. Am I missing something obvious > or does wheezy have no fabric package? I just adopted fabric and I don't know 100% sure why it is not available in Wheezy. What I have found is: * Fabric was removed from Wheezy October 26, 2012: http://packages.qa.debian.org/f/fabric/news/20121026T163911Z.html but there is any reason indicated there. My wild guess is because bug #680209 with severity serious. A new upstream version was uploaded October 30, 2012: http://packages.qa.debian.org/f/fabric/news/20121030T000230Z.html fixing the bug mentioned earlier. However, Wheezy was already in deep freeze by then (it froze end of June) and nobody asked an exception to have the new package in wheezy to the release team. And if asked, it would have most likely rejected due to the deep freeze. Ana -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2014033210.ga5...@pryan.ekaia.org
