Virtuele voorstelling van uw bedrijf

[Webmarketingbureau]

Een website is niet meer weg te denken in ons dagelijkse leven. Afwezig
blijven op het net is een gemiste kans om te grijpen naar interessante
opportuniteiten...

Vind de beste leverancier:
http://www.debesteleverancier.be/website/gratis-offerte.htm?lng=nl&tg=webdesign&utm_campaign=webdesign&utm_source=admr&utm_medium=email&you=packa...@qa.debian.org

Laat u zien op het web met een gebruiksvriendelijke en aantrekkelijke
website. Vind de perfecte partner die u een website opzet die aan uw
behoeftes en het imago van uw bedrijf voldoet:

- SEO, commerciële zichtbaarheid, ...
- Sociale media
- Een website als uithangbord van uw bedrijf of helemaal op maat
- E-commerce
- Responsive design
- ...
---
Online versie: 
http://mailing.fb.bb1.mailbb.be/c7177/e44777004/hbbdca/l215229/index.html
Deze e-mail werd verstuurd naar packa...@qa.debian.org.
Profiel aanpassen: 
http://mailing.fb.bb1.mailbb.be/c7177/e44777004/hbbdca/l215231/index.html
Uitschrijven: 
http://mailing.fb.bb1.mailbb.be/c7177/e44777004/hbbdca/l215230/index.html
Privacy policy: 
http://mailing.fb.bb1.mailbb.be/c7177/e44777004/hbbdca/l215232/index.html

Re: apt-build - Authentication warning overridden. - security issue?

[Patrick Schleizer]

Dear security team!

Paul Wise thinks this is a security issue

Paul Wise:
> This is a security issue, [...]

I was running:
sudo apt-build install ccache

And the output contained a message:

WARNING: The following packages cannot be authenticated!
  ccache
Authentication warning overridden.

Is this just how apt-build works or could this be a security issue due
to installing unauthenticated packages?

public: yes [posted on debian-security mailing list]

versions affected: all suites

how to fix: no idea

Cheers,
Patrick


-- 
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/550aa61c.9080...@riseup.net

Re: apt-build - Authentication warning overridden. - security issue?

[Cyril Brulebois]

Patrick Schleizer  (2015-03-18):
> Hi,
> 
> I was running:
> sudo apt-build install ccache
> 
> And the output contained a message:
> 
> WARNING: The following packages cannot be authenticated!
>   ccache
> Authentication warning overridden.
> 
> Is this just how apt-build works or could this be a security issue due
> to installing unauthenticated packages?

It probably wouldn't happen if the source snippet added at
installation time would be using “deb [trusted=yes]” instead of just
“deb”. Manually editing /etc/apt/sources.list.d/apt-build.list seems
to confirm that.

See /var/lib/dpkg/info/apt-build.postinst:
   debline="deb file:$repository_dir apt-build main"

Mraw,
KiBi.


signature.asc
Description: Digital signature

Re: apt-build - Authentication warning overridden. - security issue?

[Patrick Schleizer]

Cyril Brulebois:
> Patrick Schleizer  (2015-03-18):
>> Hi,
>>
>> I was running:
>> sudo apt-build install ccache
>>
>> And the output contained a message:
>>
>> WARNING: The following packages cannot be authenticated!
>>   ccache
>> Authentication warning overridden.
>>
>> Is this just how apt-build works or could this be a security issue due
>> to installing unauthenticated packages?
> 
> It probably wouldn't happen if the source snippet added at
> installation time would be using “deb [trusted=yes]” instead of just
> “deb”. Manually editing /etc/apt/sources.list.d/apt-build.list seems
> to confirm that. [...]

That works for me on jessie, but not on wheezy.

But... Doesn't this just silence the warning? I mean, adding
'[trusted=yes]' to the local apt line is safe, sure. But the original
issue was, that the message 'Authentication warning overridden.' is auto
generated. I.e. apt-build used apt-get in a way to ignore such warnings.
There is one line in apt-build source code that includes '-o
Apt::Get::AllowUnauthenticated=true'. So if some other packages from a
remote repository could not be authenticated, another 'Authentication
warning overridden.' could happen?

For testing purposed, I removed the part '-o
Apt::Get::AllowUnauthenticated=true' from apt-build. 'apt-build install'
is still functional. I don't understand the code to say if that is a
good idea. What do you think? Should that part be removed?

Cheers,
Patrick


-- 
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/550aee86.7000...@riseup.net

Bug#730105: marked as done (mirage: old mime-type in usage, please use modern equivalent)

[Debian Bug Tracking System]

Your message dated Thu, 19 Mar 2015 14:18:33 -0400
with message-id <20150319181833.ga25...@psychosis.jim.sh>
and subject line Already fixed in #656298
has caused the Debian Bug report #730105,
regarding mirage: old mime-type in usage, please use modern equivalent
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
730105: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730105
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: mirage
Version: 0.9.5.1-1.1+b1
Severity: normal

Dear Maintainer,
I was installing mirage when was hit by this :-

$ sudo aptitude install mirage
[sudo] password for shirish:
The following NEW packages will be installed:
  mirage
0 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 111 kB of archives. After unpacking 560 kB will be used.
Get: 1 http://debian.ec.as6453.net/debian/ testing/main mirage amd64
0.9.5.1-1.1+b1 [111 kB]
Fetched 111 kB in 4s (27.1 kB/s)
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
Selecting previously unselected package mirage.
(Reading database ... 386577 files and directories currently installed.)
Unpacking mirage (from .../mirage_0.9.5.1-1.1+b1_amd64.deb) ...
Processing triggers for menu ...
Processing triggers for man-db ...
Processing triggers for desktop-file-utils ...
Processing triggers for gnome-menus ...
Processing triggers for mime-support ...
Setting up mirage (0.9.5.1-1.1+b1) ...
Warning in file "/usr/share/applications/pcmanfm.desktop": usage of
MIME type "x-directory/normal" is discouraged ("x-directory" is an old
media type that should be replaced with a modern equivalent)
Processing triggers for menu ...
Processing triggers for python-support ...

The Warning given is significant.

Warning in file "/usr/share/applications/pcmanfm.desktop": usage of
MIME type "x-directory/normal" is discouraged ("x-directory" is an old
media type that should be replaced with a modern equivalent)

This is under GNOME 3.8.2 if that is any relief.

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (600, 'testing'), (1, 'experimental'), (1, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.11-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages mirage depends on:
ii  libc6   2.17-93
ii  libx11-62:1.6.2-1
ii  python  2.7.5-5
ii  python-gtk2 2.24.0-3+b1
ii  python-support  1.0.15

mirage recommends no packages.

Versions of packages mirage suggests:
ii  gimp 2.8.6-1
ii  imagemagick  8:6.7.7.10-6
ii  menu 2.1.46

-- no debconf information
-- 
  Regards,
  Shirish Agarwal  शिरीष अग्रवाल
  My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
065C 6D79 A68C E7EA 52B3  8D70 950D 53FB 729A 8B17
--- End Message ---
--- Begin Message ---
Hi,

The pcmanfm.desktop error came from the pcmanfm package, and was fixed
in #656298.  The fact that it showed up during mirage installation was
just an artifact of the "Processing triggers for desktop-file-utils"
step, which runs "update-desktop-database" and scans all *.desktop
files in /usr/share/applications.

Jim--- End Message ---

Bug#74358: marked as done (lynx: novice info wrong [delete key usage])

[Debian Bug Tracking System]

Your message dated Fri, 20 Mar 2015 04:04:04 +
with message-id 
and subject line Bug#74358: fixed in lynx-cur 2.8.9dev4-2
has caused the Debian Bug report #74358,
regarding lynx: novice info wrong [delete key usage]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
74358: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=74358
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: lynx
Version: 2.8.3-1

In novice mode, the status area says:

[delete]=history

This is incorrect, at least for linux and xterm keyboards under
debian.  Here, backspace gives history, while delete scrolls the
screen down a couple lines.

-- 
Raul

--- End Message ---
--- Begin Message ---
Source: lynx-cur
Source-Version: 2.8.9dev4-2

We believe that the bug you reported is fixed in the latest version of
lynx-cur, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 74...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Axel Beckert  (supplier of updated lynx-cur package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 20 Mar 2015 04:46:50 +0100
Source: lynx-cur
Binary: lynx-cur lynx
Architecture: source amd64 all
Version: 2.8.9dev4-2
Distribution: experimental
Urgency: low
Maintainer: Debian Lynx Packaging Team 
Changed-By: Axel Beckert 
Description:
 lynx   - Text-mode WWW Browser (transitional package)
 lynx-cur   - Text-mode WWW Browser with NLS support (development version)
Closes: 74358 387555 773942
Changes:
 lynx-cur (2.8.9dev4-2) experimental; urgency=low
 .
   [ Axel Beckert ]
   * Add Vcs-Headers.
   * Remove obsolete emacs "local variables" from debian/changelog.
   * Update Michael Grobe's e-mail address in debian/copyright. (Outdated
 e-mail address reported by DUCK, thanks!)
   * Apply wrap-and-sort.
   * Drop long-time transitional package lynx-cur-wrapper.
   * Add DEP12 upstream metadata file.
   * Replace version Conflicts headers with Breaks + Replaces. Fixes
 lintian warning conflicts-with-version.
   * Add patch to make build reproducible by removing all occurrences of
 the __DATE__ and __TIME__ macros.
   * Update all patch headers to be DEP3-compliant.
 .
   [ Denis Briand ]
   * New maintainers. Add team and co-maintainers e-mail
 addresses. (Closes: #773942)
   * Update debian/copyright to machine-readable format version 1.
   * Switch NESTED_TABLES option to false (Closes: #387555)
   * Add Delete key usage into manpage (Closes: #74358)
Checksums-Sha1:
 0b0e9ff4ba738eda5183858689e6da14091adb91 2234 lynx-cur_2.8.9dev4-2.dsc
 f1e50ded13cbc276470e02add0a6aec0d5ded014 25480 
lynx-cur_2.8.9dev4-2.debian.tar.xz
 d1ccb2a801da040376dca0f07e11cd3e7f6bc626 1677144 lynx-cur_2.8.9dev4-2_amd64.deb
 a2e20a2306e0b2739eaf8cdbcbb76960f011cdc7 234950 lynx_2.8.9dev4-2_all.deb
Checksums-Sha256:
 195caa1eacf7c272882576c636cd474be425bcb34c8ff825d635fa4deefad4d3 2234 
lynx-cur_2.8.9dev4-2.dsc
 8bdf4125b8ed7f51d077206201ac69798098c5885624cde5fc88d695ad6403c6 25480 
lynx-cur_2.8.9dev4-2.debian.tar.xz
 622d6fa1548ce9c3861ef2c1521c5f461c8ca4cbdc82f05ea5d527272b356f8b 1677144 
lynx-cur_2.8.9dev4-2_amd64.deb
 ee171414b45044210f0cd4e3aded70b664b3166ddd1ea6fc9fc26bb2d3a846a0 234950 
lynx_2.8.9dev4-2_all.deb
Files:
 a18e834d13ae9ffc298958c3687000f7 2234 web extra lynx-cur_2.8.9dev4-2.dsc
 5257111b65c4da3f9483086c90d1f3a0 25480 web extra 
lynx-cur_2.8.9dev4-2.debian.tar.xz
 60820193c2432126c5cad92e80114e90 1677144 web extra 
lynx-cur_2.8.9dev4-2_amd64.deb
 127923070e209e8856a1178fe554500e 234950 oldlibs extra lynx_2.8.9dev4-2_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJVC5kwAAoJEGvmY8daNcl124kP/ic02+/rDP8OkuZcRzD5jjKF
K9koktsETqE0lqeCgxClbPuWcRJI7ZU8l1ZbUm8N4Iv/UROMRwF66DkTmIaJSeiX
O4945Y3uA5T0mMdQApUB6C0yF4jscCFj/p3WKbqX1/Ju3kKIpWiPap2b5VsOlQk/
BOgY63jx1/bFhKNUKzNqnEPqvIOiednt0KXcg2RgWnrcgX3/W5HNZFxjfZ52ycgh
RuGrJnV7K0FdObrok5feKaYt78qizJsOreT1xC2nekzUlvKHhEbQ2RLrwdKHCxR7
TuFeATTIMMitO4ZO+JbEsG0VJ7779OR+GGqItesus3zpisTnAa+cOw9fvD5bKblE
1csJDs6yKMqgTjkbsJ/qcRsvTZ7HRZ4OcxMDcIvJzNDqEYwdiCR8XjdTGnBWiZ5s
Llt65MEq1qn6cTMjpucJDJjJLM1zVL0zDXOWQ6wVUz2iAjlZNlG5xFBhbAbYtSTN
B

Bug#387555: marked as done (lynx-cur: produces staircased tables)

[Debian Bug Tracking System]

Your message dated Fri, 20 Mar 2015 04:04:04 +
with message-id 
and subject line Bug#387555: fixed in lynx-cur 2.8.9dev4-2
has caused the Debian Bug report #387555,
regarding lynx-cur:  produces staircased tables
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
387555: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=387555
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: lynx-cur
Version: 2.8.6pre3-1
Severity: minor

Recently (since installing 2.8.6pre3 I think), various web pages such
as http://www.rfc-editor.org/rfcsearch.html render tables in a
staircase-like pattern. It looks like  inside 
is the cause:


  
one
two
three
  


produces:

>   one
>
>  two
>
> three



-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages lynx-cur depends on:
ii  debconf [debconf-2.0]1.5.4   Debian configuration management sy
ii  libc62.3.6.ds1-4 GNU C Library: Shared libraries
ii  libgnutls13  1.4.4-1 the GNU TLS library - runtime libr
ii  libncursesw5 5.5-3   Shared libraries for terminal hand
ii  zlib1g   1:1.2.3-13  compression library - runtime

Versions of packages lynx-cur recommends:
ii  mime-support  3.37-1 MIME files 'mime.types' & 'mailcap

-- debconf information:
* lynx-cur/etc_lynx.cfg:
* lynx-cur/defaulturl: /home/ianb/.lynx_bookmarks.html


--- End Message ---
--- Begin Message ---
Source: lynx-cur
Source-Version: 2.8.9dev4-2

We believe that the bug you reported is fixed in the latest version of
lynx-cur, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 387...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Axel Beckert  (supplier of updated lynx-cur package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 20 Mar 2015 04:46:50 +0100
Source: lynx-cur
Binary: lynx-cur lynx
Architecture: source amd64 all
Version: 2.8.9dev4-2
Distribution: experimental
Urgency: low
Maintainer: Debian Lynx Packaging Team 
Changed-By: Axel Beckert 
Description:
 lynx   - Text-mode WWW Browser (transitional package)
 lynx-cur   - Text-mode WWW Browser with NLS support (development version)
Closes: 74358 387555 773942
Changes:
 lynx-cur (2.8.9dev4-2) experimental; urgency=low
 .
   [ Axel Beckert ]
   * Add Vcs-Headers.
   * Remove obsolete emacs "local variables" from debian/changelog.
   * Update Michael Grobe's e-mail address in debian/copyright. (Outdated
 e-mail address reported by DUCK, thanks!)
   * Apply wrap-and-sort.
   * Drop long-time transitional package lynx-cur-wrapper.
   * Add DEP12 upstream metadata file.
   * Replace version Conflicts headers with Breaks + Replaces. Fixes
 lintian warning conflicts-with-version.
   * Add patch to make build reproducible by removing all occurrences of
 the __DATE__ and __TIME__ macros.
   * Update all patch headers to be DEP3-compliant.
 .
   [ Denis Briand ]
   * New maintainers. Add team and co-maintainers e-mail
 addresses. (Closes: #773942)
   * Update debian/copyright to machine-readable format version 1.
   * Switch NESTED_TABLES option to false (Closes: #387555)
   * Add Delete key usage into manpage (Closes: #74358)
Checksums-Sha1:
 0b0e9ff4ba738eda5183858689e6da14091adb91 2234 lynx-cur_2.8.9dev4-2.dsc
 f1e50ded13cbc276470e02add0a6aec0d5ded014 25480 
lynx-cur_2.8.9dev4-2.debian.tar.xz
 d1ccb2a801da040376dca0f07e11cd3e7f6bc626 1677144 lynx-cur_2.8.9dev4-2_amd64.deb
 a2e20a2306e0b2739eaf8cdbcbb76960f011cdc7 234950 lynx_2.8.9dev4-2_all.deb
Checksums-Sha256:
 195caa1eacf7c272882576c636cd474be425bcb34c8ff825d635fa4deefad4d3 2234 
lynx-cur_2.8.9dev4-2.dsc
 8bdf4125b8ed7f51d077206201ac69798098c5885624cde5fc88d695ad6403c6 25480 
lynx-cur_2.8.9dev4-2.debian.tar.xz
 622d6fa1548ce9c3861ef2c1521c5f461c8ca4cbdc82f05ea5d527272b356f8b 1677144 
lynx-cur_2.8.9dev4-2_amd64.deb
 ee171414b45044210f0cd4e