Hi,
It is urgent that this bug be fixed in a timely manner. We need to
upload a package that depends on and uses xmlstarlet, but can't do so if
the binary name is different on different architectures.
thanks,
Charles
--
The answer to
A shaver's dream
A greaseless
No brush
Shaving cream
Burma-Sh
severity 332606 important
severity 332607 important
severity 332608 important
severity 332609 important
severity 332610 important
severity 332611 important
severity 332613 important
severity 332614 important
severity 332615 important
severity 332616 important
severity 332617 important
severity 3326
> > Are you still trying to maintain the Debian xmlstarlet package? There
> > are currently a number of very old bugs that are very important that
> > have been ignored for over a year.
>
> Thanks for reminding me, I'm working on the package now.
> Unfortunately, the patch for bug #312932 induces
My attempts to reproduce this exploit have failed. Anyone else?
Charles
--
6 million housewives
Can't be wrong
Who keep
Their husbands
Right along in
Burma-Shave
http://burma-shave.org/jingles/1955/million_housewives
signature.asc
Description: Digital signature
> > Someone was able to install zbind on my machine using the following scripts.
> > The damage was limited to www-data, a restricted user, and logs were able
> > to monitor behaviour, but posed a large threat.
>
>
> I notice that the attacker tried a number of different URLs. Is it
> possible t
Package: tar
Version: 1.14-2.2
Severity: critical
Justification: breaks unrelated software
Hi,
It appears that bug #230910 has reappeared in the most recent upload of
tar. I tried marking that bug as found, but as it has been archived I
was told "Bug number 230910 not found". Regardless, all deta
Package: libsvn-javahl
Severity: serious
Justification: Java policy 2.4
Hi,
According to the current java policy, section 2.4:
"Java libraries packages must be named libXXX[version]-java (without
the brackets), where the version part is optional and should only
contain the necessary pa
> Yes, I wonder about that too. The jar file really is named svn-javahl,
> for historical reasons: there was once a second effort (now dead, I
> believe) to produce java bindings which were not "high-level".
>
> There is also an independent project out there, not affiliated with the
> Subversion
> So ... I'm CCing this to the debian-java list with a question: is it
> reasonable to name a package 'libsvn-java' if the jar file it ships is
> named svn-javahl.jar? I really don't like 'libsvn-javahl-java' as a
> name (reminds me of 'python-pyvorbis'), but if policy requires it,
> we'll use it.
Package: courier-authlib
Version: 0.58-3
Severity: serious
Justification: Policy 10.2
Hi,
I just uploaded courierpassd which uses courier-authlib to change
courier user passwords.
I've been discussing on debian-mentors a lintian warning which complains
about the rpath used to access the librarie
Package: courier-authlib
Version: 0.58-3
Severity: serious
Justification: Policy 8.6
Hi,
courier-authlib appear to use shlibs as required by Policy 8.6. As a
result, when I build courierpassd I get the following:
dpkg-shlibdeps: warning: unable to find dependency information for
shared lib
I should point out that the shared library which I need is
libcourierauth. It may very well be the case that the others can remain
private.
Charles
--
Just moisten
Your tooth brush
Dip in jar
And you'll enjoy
Cleaner teeth by far
Burma-Vita Tooth Powder
http://burma-shave.org/jingles/1947/just_m
I should have specified that all I really need is libcourierauth. I
guess that whatever libraries are made public per bug #378241 should use
shlibs.
Charles
--
Free--free
A trip
To Mars
For 900
Empty jars
Burma-Shave
http://burma-shave.org/jingles/1955/free_free
signature.asc
Description: Digi
Package: courier-authdaemon
Version: 0.58-3
Severity: critical
Tags: security
Justification: root security hole
Hi,
The current courier-authdaemon package sets 755 permissions on the
directory /var/run/courier/authdaemon which allows non-root users to
connect to the authentication daemon. The ups
Hi Laurent,
Can you please comment on these vulnerabilities, especially
CVE-2006-3681? Are these fixed in 6.6? When do you expect to release
6.6?
thanks,
Charles
-Original Message-
> From: Alec Berryman <[EMAIL PROTECTED]>
> Subject: [Pkg-awstats-devel] Bug#378960: awstats: CVE-2006-3681
> > Are these fixed in 6.6? When do you expect to release
> >6.6?
> >
> It is fixed in 6.6. I have just launched the beta start for 6.6 meanings
> code in current 6.6 package will not change (except for bug corrections
> found during beta).
> Beta last about 2 month.
>
> I also updated the AWSt
> > courier-authlib appear to use shlibs as required by Policy 8.6. As a
> > result, when I build courierpassd I get the following:
>
> >dpkg-shlibdeps: warning: unable to find dependency information for
> >shared library libcourierauth (soname 0, path libcourierauth.so.0,
> >dependenc
Daniel,
First, I thank you for catching this. The package built properly in my
pbuilder environment, which I can only assume is due to the fact that
this specific problem is indeed based on a requiremnt of the xpath
implementation I was using to retrieve the DTD from the network.
I've created a n
Package: lsh-utils
Version: 2.0.1-4.2
Severity: serious
lcp needs lsh in order to properly execute, which dependency should be
explicitely indicated in debian/control.
Charles
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (900, 'testing'), (800, 'sta
All of these bugs are dependent on bug 338017, where xpath fails in the
absence of a network connection. If xpath is unwilling to fix this, then
xmlstarlet can always be used, but I am hesitant to do that as the
problem is actually in pear.mk which has already been submitted to CDBS
(bug 332632). I
clone 325271 -1
reassign -1 freecdb
retitle -1 skkdic requires cdbmake to complete migration from freecdb
thanks
tinycdb is not currently a fit replacement for freecdb in skkdic, which
depends on the cdbmake command, which is not currenlty included in
tinycdb. It seems that cdbmake should either b
tags 325270 patch
thanks
Hi,
Attached is a patch for migrating from freecdb to tinycdb.
Charles
--
The whale
Put Jonah
Down the hatch
But coughed him up
Because he scratched
Burma-Shave
http://burma-shave.org/jingles/1950/the_whale
diff -Nur dbskkd-cdb-1.01-orig/debian/control dbskkd-cdb-1.01/
tags 325272 patch
thanks
Hi,
Attached is a patch for migrating from freecdb to tinycdb.
Charles
--
The whale
Put Jonah
Down the hatch
But coughed him up
Because he scratched
Burma-Shave
http://burma-shave.org/jingles/1950/the_whale
diff -Nru skksearch-0.0-orig/debian/cdb.h skksearch-0.0/debian
Hi,
As you may already be aware, a Debian package of your PEAR
Services_Weather module has been created for distribution as a part of
Debian (and thereafter all of its derivatives). Unfortunately, it was
discovered that the PHP License under which Services_Weather is released
is problematic for so
Hi,
As you may already be aware, a Debian package of your PEAR XML_Parser
module has been created for distribution as a part of Debian (and
thereafter all of its derivatives). Unfortunately, it was discovered
that the PHP License under which XML_Parser is released is problematic
for software other
Hi,
As you may already be aware, a Debian package of your PEAR DB module
has been created for distribution as a part of Debian (and thereafter
all of its derivatives). Unfortunately, it was discovered that the PHP
License under which DB is released is problematic for software other
than PHP itself
Hi,
As you may already be aware, a Debian package of your PEAR HTTP module
has been created for distribution as a part of Debian (and thereafter
all of its derivatives). Unfortunately, it was discovered that the PHP
License under which HTTP is released is problematic for software other
than PHP it
Hi,
As you may already be aware, a Debian package of your PEAR Mail module
has been created for distribution as a part of Debian (and thereafter
all of its derivatives). Unfortunately, it was discovered that the PHP
License under which Mail is released is problematic for software other
than PHP it
Hi,
As you may already be aware, a Debian package of your PEAR Net_CheckIP
module has been created for distribution as a part of Debian (and
thereafter all of its derivatives). Unfortunately, it was discovered
that the PHP License under which Net_CheckIP is released is problematic
for software oth
Hi,
As you may already be aware, a Debian package of your PEAR File module
has been created for distribution as a part of Debian (and thereafter
all of its derivatives). Unfortunately, it was discovered that the PHP
License under which File is released is problematic for software other
than PHP it
Hi,
As you may already be aware, a Debian package of your PEAR Net_SMTP
module has been created for distribution as a part of Debian (and
thereafter all of its derivatives). Unfortunately, it was discovered
that the PHP License under which Net_SMTP is released is problematic for
software other tha
Hi,
As you may already be aware, a Debian package of your PEAR Net_Socket
module has been created for distribution as a part of Debian (and
thereafter all of its derivatives). Unfortunately, it was discovered
that the PHP License under which Net_Socket is released is problematic
for software other
Hi,
As you may already be aware, a Debian package of your PEAR Log module
has been created for distribution as a part of Debian (and thereafter
all of its derivatives). Unfortunately, it was discovered that the PHP
License under which Log is released is problematic for software other
than PHP itse
Hi,
As you may already be aware, a Debian package of your PEAR Auth module
has been created for distribution as a part of Debian (and thereafter
all of its derivatives). Unfortunately, it was discovered that the PHP
License under which Auth is released is problematic for software other
than PHP it
Hi,
As you may already be aware, a Debian package of your PEAR Date module
has been created for distribution as a part of Debian (and thereafter
all of its derivatives). Unfortunately, it was discovered that the PHP
License under which Date is released is problematic for software other
than PHP it
Hi,
Version 6.4-1.1 of awstats was uploaded to unstable in response to
CVE-2005-1527. However, it was never uploaded to stable-security, even
though version 6.4.1 is the current stable version of awstats.
As far as I can tell, 6.4-1.1 (or 6.4.2) should be uploaded to
stable-security.
Charles
--
> Pierre Joy has already asked, and I have agreed to switch Date to the
> BSD license. I believe the other developers involved with the
> Date/TimeZone code have also agreed.
>
> If there is anything else I need to do, please let me know.
In addition to agreeing, you simply need to make the ch
- Forwarded message from Michael Wallner <[EMAIL PROTECTED]> -
From: Michael Wallner <[EMAIL PROTECTED]>
Subject: Re: File/HTTP and the PHP License
Date: Wed, 09 Nov 2005 09:03:17 +0100
To: Charles Fry <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Hi Charle
Umm, actually I meant that these are dependent on bug 337584.
Charles
--
The tube's
A whopper
35 cents
Easy shaving
Low expense
Burma-Shave
http://burma-shave.org/jingles/1932/the_tubes
signature.asc
Description: Digital signature
Hi,
I recently filed bug #337584, about how libxml-xpath-perl fails in the
absense of a network connection when an online DTD is specified in the
file being parsed (the actual failure seems to come from
libxml-parser-perl, perhaps I should have filed the bug there?).
It ends up that I was using x
> - The pear group does not work on this problem but have asked the PHP group
> (!).
>
> - We wait since a year to have a change, after having discussed this
> issue, it seems
> that only the PHP related text "includes PHP" will be changed but
> not "includes
> Zend.."
There were also other
> > For example, the Pear group could remove the PHP License from their list
> > of acceptable licenses, and encourage all packages released under the
> > PHP License to migrate to the practically equivilant BSD License.
>
> I will bring that to the group before the end of the year (I am in
> this
Well, in order to get my RC bugs closed, I temmporarily switched to
xmlstarlet. Nonetheless, I do believe that this is a serious issue that
should be addressed. There is no reason that I can come up with that a
computer without a network connection should be prevented from running
xpath on a local
I just wanted to make sure that all relevant RC bugs were aware of the
following debian-legal post by MJ Ray:
"The PHP licence could be OK for any software which has PHP Group
contribution (regardless who is licensing later), but would require
lying about other software. So, it is possib
, assuming that they deal with Pear
packages, which I have not taken the time to verify. The PHP License
clearly remains unacceptable for all non-PHP Group software.
Charles
1. http://lists.debian.org/debian-legal/2005/11/msg00260.html
-Original Message-
> From: Charles Fry <
This has been fixed in the new version at:
http://debian.frogcircus.org/packages/
I'm actively looking for someone to upload it.
cheers,
Charles
-Original Message-
> From: Adeodato Simó <[EMAIL PROTECTED]>
> Subject: Bug#346788: xasteroids: FTBFS: build-depends on removed xlibs-dev
>
Package: munin-node
Version: 1.2.2-2
Followup-For: Bug #299589
I am experiencing the same problem with other plugins, specifically
courier_mta_mailqueue is not being run as the specified user, and thus
lacks the permission to access the directory it needs to process.
Charles
-- System Informatio
Package: libapache2-mod-perl2
Version: 2.0.1-1
Severity: grave
Justification: renders package unusable
Hi,
The new libapache2-mod-perl2 (which I thank you for) does not contain a
perl.conf, yet it attempts to install one in rules:
-install -m644 $(CURDIR)/debian/perl.conf
debian/liba
Can somebody help me understand this. Is libapache-request-perl really
scheduled for removal from unstable, and if so, how would I have been able
to determine that on my own?
thanks,
Charles
On 7/10/07, Lucas Nussbaum <[EMAIL PROTECTED]> wrote:
Package: libhtml-mason-perl
version: 1:1.35-3
Sev
.debian.org/liba/libapache-request-perl.html
(under problems): This package has been requested to be removed.
Charles Fry wrote:
> Can somebody help me understand this. Is libapache-request-perl really
> scheduled for removal from unstable, and if so, how would I have been
> able to dete
% /usr/bin/php5 -f /usr/share/dh-make-php/phppkginfo . package
% /usr/bin/php5 -f /usr/share/dh-make-php/phppkginfo package.xml package
Pager%
I don't know what the extra character is at the end, either.
In any case, I am running a stable installation, which may have something to
do with it? If s
Since we know that the file we are looking for is package.xml, is there any
reason not to specify that explicitely, instead of using . which isn't
working for some of us?
Charles
On 7/21/07, Charles Fry <[EMAIL PROTECTED]> wrote:
>
> % /usr/bin/php5 -f /usr/share/dh-make-php/php
> > Or even better: How would you like to join our little team maintaining
> > awstats?
>
> I don't have any deeper awstats knowledge, and I'm not even a perl guru,
> but sure.. I've been running awstats for a long time and I have no plans
> to stop using it anytime soon, so I'm interested in seein
Can anyone comment on whether or not it is problematic for us to
distribute a tiny icon of Firefox's logo? The only thing I could find
is:
http://www.mozilla.org/products/firefox/buttons.html
which says "Mozilla Firefox and the Firefox logo are trademarks of The
Mozilla Foundation. Usage guide
> After running "apt-get update", now "apt-cache search awstats" cannot find
> the package anymore.
> awstats used to be be there untill only last week.
>
> My Debian distribution is etch, kernel 2.6.16-2-686-smp
The problem is that awstats was kindly removed from testing due to bug
#388571 (it
55 matches
Mail list logo
