date:20150330

Bug#781513: regexxer: Fix "save all" menu item

2015-03-30 Thread Artur Rona


Package: src:regexxer
Version: 0.9-6
Tags: patch
Usertags: origin-ubuntu ubuntu-patch vivid

In Ubuntu, we've applied the attached patch to achieve the following:

  * debian/patches/fix-save-all-menu-item.patch:
 - Fix "save all" menu item.

We thought you might be interested in doing the same.
diff -Nur regexxer-0.9/ui/mainwindow.glade regexxer-0.9.new/ui/mainwindow.glade
--- regexxer-0.9/ui/mainwindow.glade	2007-01-08 17:36:55.0 +0100
+++ regexxer-0.9.new/ui/mainwindow.glade	2007-04-03 16:38:02.0 +0200
@@ -47,7 +47,7 @@
 		
 		  True
 		  regexxer-save-all
-		  True
+		  True

Processed: Bug#659015: apt-build disables apt's signature verification

2015-03-30 Thread Debian Bug Tracking System

Processing commands for cont...@bugs.debian.org:

> retitle 659015 apt-build: disables apt's signature checking
Bug #659015 [apt-build] Sign apt-build repository
Changed Bug title to 'apt-build: disables apt's signature checking' from 'Sign 
apt-build repository'
> severity 659015 grave
Bug #659015 [apt-build] apt-build: disables apt's signature checking
Severity set to 'grave' from 'wishlist'
> tag 659015 + security
Bug #659015 [apt-build] apt-build: disables apt's signature checking
Added tag(s) security.
> found 659015 0.12.42
Bug #659015 [apt-build] apt-build: disables apt's signature checking
Marked as found in versions apt-build/0.12.42.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
659015: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659015
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/handler.s.c.142772825622861.transcr...@bugs.debian.org

Bug#659015: apt-build disables apt's signature verification

2015-03-30 Thread Ansgar Burchardt

retitle 659015 apt-build: disables apt's signature checking
severity 659015 grave
tag 659015 + security
found 659015 0.12.42
thanks

apt-build unconditionally passes -o Apt::Get::AllowUnauthenticated=true
to apt-get, that is it disables *all* signature checks allowing MitM
attacks to serve malicious data. It looks like this was introduced in
0.12.42:

  * Allow non authenticated installation from apt-build repository.
Closes: #316572, #369173

See also the recent thread on debian-security@[1], esp. [2] suggesting
to use "deb [trusted=yes] ..." in sources.list which would allow
dropping the (global) AllowUnauthenticated=true.

Ansgar

  [1] 
  [2] 


-- 
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5519678a.2010...@debian.org

Bug#659015: apt-build disables apt's signature verification

2015-03-30 Thread Axel Beckert

Hi Ansgar,

Ansgar Burchardt wrote:
> apt-build unconditionally passes -o Apt::Get::AllowUnauthenticated=true
> to apt-get, that is it disables *all* signature checks allowing MitM
> attacks to serve malicious data.

Thanks for the heads up. I'll have a look into it and will publish my
proposed QA upload for review as git repo somewhere on Alioth, maybe
collab-maint.

Dominique: Please respond if you (as last uploader) are also working
on a fix for this so that we can avoid duplicated work.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE


-- 
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150330213520.ga24...@sym.noone.org

Processed: tagging 659015

2015-03-30 Thread Debian Bug Tracking System

Processing commands for cont...@bugs.debian.org:

> tags 659015 + patch
Bug #659015 [apt-build] apt-build: disables apt's signature checking
Added tag(s) patch.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
659015: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659015
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/handler.s.c.142775627427020.transcr...@bugs.debian.org

Bug#659015: apt-build disables apt's signature verification

2015-03-30 Thread Axel Beckert

Hi Ansgar,

Axel Beckert wrote:
> Ansgar Burchardt wrote:
> > apt-build unconditionally passes -o Apt::Get::AllowUnauthenticated=true
> > to apt-get, that is it disables *all* signature checks allowing MitM
> > attacks to serve malicious data.
> 
> Thanks for the heads up. I'll have a look into it and will publish my
> proposed QA upload for review as git repo somewhere on Alioth, maybe
> collab-maint.

My proposed fix is at
https://anonscm.debian.org/cgit/users/abe/proposed-qa/apt-build.git/commit/?h=jessie&id=ca2653a8

I've though observed two possibly minor issues with it:

* An existing /etc/apt/sources.list.d/apt-build.list is not updated to
  add "[trusted=yes]".

* Upon purge and (re)installation, I had the "deb" line twice in
  /etc/apt/sources.list.d/apt-build.list and it's not clear to me why.

I've not yet done much testing, so any feedback is welcome. I'll
definitely do some more testing before uploading that fix.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE


-- 
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150330224931.gc5...@sym.noone.org

apt-build is marked for autoremoval from testing

2015-03-30 Thread Debian testing autoremoval watch

apt-build 0.12.44 is marked for autoremoval from testing on 2015-04-14

It is affected by these RC bugs:
659015: apt-build: disables apt's signature checking


-- 
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/e1ycnx8-0001xn...@franck.debian.org

Bug#781513: regexxer: Fix "save all" menu item

Processed: Bug#659015: apt-build disables apt's signature verification

Bug#659015: apt-build disables apt's signature verification

Bug#659015: apt-build disables apt's signature verification

Processed: tagging 659015

Bug#659015: apt-build disables apt's signature verification

apt-build is marked for autoremoval from testing

7 matches

Site Navigation

Mail list logo

Footer information