Nomen Nescio | 5 Jul 04:07 2015

Bug#791452: lynx: http_proxy variable silently ignored!

Package: lynx
Version: 2.8.9dev1-2
Severity: important

Dear Maintainer,

The "http_proxy" variable is silently ignored!  This is very
dangerous, because a privoxy/tor user who relies on this setting for
privacy will be compromised, and they generally will not even be aware
of the compromise because the browser retrieves pages over an
untrusted connection without warning.

For example, suppose a tor user configures privoxy on port 8118.  This
will yield an exposed session:

  $ export http_proxy=http://localhost:8118
  $ lynx

To prove that this bug exists, a tor user can run:

  $ http_proxy= lynx

and see the message saying that the connection is not from the tor

-- System Information:
Debian Release: 8.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
(Continue reading)

Simon Deziel | 5 Jul 04:03 2015

Bug#740307: openssh-client: Fails to connect to cisco router

This might be fixed upstream according to the changelog.

 * ssh(1), sshd(8): cap DH-GEX group size at 4Kbits for Cisco
   implementations as some would fail when attempting to use group
   sizes >4K; bz#2209


gregor herrmann | 5 Jul 03:27 2015

Bug#791451: RM: libtime-modules-perl -- ROM; arch:all source package cruft

Severity: normal

Hash: SHA512

Please remove the libtime-modules-perl source package (2011.0517-1)
from unstable. This is cruft from a transition; the
libtime-modules-perl binary package is a transitional dummy package
built from the libtime-parsedate-perl source package, so the old
source can be removed.

If rmadison is right [0], there's also still an old 2011.0517-1
binary arch:all package in unstable, additionally to the "new"
2013.1113-2 one. If there are really two versions of the same binary
package in unstable (?), the old one is also cruft. If this is some
rmadison artifact or some confusion in the dak database maybe a
cleanup there might be appropriate :)

Thanks in advance,

% rmadison libtime-modules-perl
libtime-modules-perl | 2006.0814-2   | oldoldstable    | source, all
libtime-modules-perl | 2011.0517-1   | oldstable       | source, all
libtime-modules-perl | 2011.0517-1   | unstable        | source, all
libtime-modules-perl | 2013.1113-2   | stable          | all
libtime-modules-perl | 2013.1113-2   | stable-kfreebsd | all
libtime-modules-perl | 2013.1113-2   | testing         | all
(Continue reading)

Jerome BENOIT | 5 Jul 03:17 2015

Bug#791450: ITP: surfer-alggeo-gtk -- interactive visualization of algebraic surfaces

Package: wnpp
Severity: wishlist
Owner: Jerome Benoit <calculus <at>>

* Package name    : surfer-alggeo-gtk
  Upstream Author : <info <at>>
* URL             :
* License         : GPL
  Programming Lang: C++
  Description     : interactive visualization of algebraic surfaces

 Surfer-alggeo-gtk is based on the script driven tool Surf and offers an
 intuitive user interface to create images, multiple layers of images and
 animations. Additionally it contains a series of sample galleries with
 Mathematically, the program visualizes real algebraic geometry in real-time.
 The surfaces shown are given by the zero set of a polynomial equation in
 the variables x, y and z. All points in space that solve the equation are
 displayed and form the surface. The program contains a series of sample
 galleries for a good starting point. It also allows a lot of advanced
 settings and is hence also suitable for Surfer “experts” that want to
 design complicated surfaces.

Mike Dupont | 5 Jul 03:08 2015

Bug#791449: fpm ini

I found the problem
the fpm ini was broken.


I dont know how it got that way. I hope someone will fix this bug, or
I will if you wont because this really caused me a lot of fear of
losing my passwords.

the solution was to just copy the ini file from a default.


James Michael DuPont
Kansas Linux Fest
Free/Libre Open Source and Open Knowledge Association of Kansas
Member of Free Libre Open Source Software Kosova
Saving Wikipedia(tm) articles from deletion

Mike Dupont | 5 Jul 02:53 2015

Bug#791449: valgrind results

==21084== Command: ./src/fpm2
==21084== Invalid read of size 8
==21084==    at 0x12AB8A: fpm_clist_init (fpm_clist.c:151)
==21084==    by 0x1148C2: fpm_init (fpm.c:384)
==21084==    by 0x1115F4: main (main.c:71)
==21084==  Address 0xfffffffda1e992f0 is not stack'd, malloc'd or
(recently) free'd
==21084== Process terminating with default action of signal 11 (SIGSEGV)
==21084==  Access not within mapped region at address 0xFFFFFFFDA1E992F0
==21084==    at 0x12AB8A: fpm_clist_init (fpm_clist.c:151)
==21084==    by 0x1148C2: fpm_init (fpm.c:384)
==21084==    by 0x1115F4: main (main.c:71)


James Michael DuPont
Kansas Linux Fest
Free/Libre Open Source and Open Knowledge Association of Kansas
Member of Free Libre Open Source Software Kosova
Saving Wikipedia(tm) articles from deletion

Mike Dupont | 5 Jul 02:49 2015

Bug#791449: Acknowledgement (Crashing when there is an existing ~.fpm2 dir)

This problem does occur also on debian sid, it seems to be a problem
with my password file in conjunction with the other thiings. I need a
way to export my passwords out of this system, I dont have a copy of
some of them except in there. please help!

Bruce Ward | 5 Jul 01:48 2015

Bug#758460: xserver-xorg-video-nouveau: Crash and freeze with GeForce 6150SE.

I can confirm that this problem still exists in Jessie 8.1 and with a 
GeForce 7025 on-board video (MCP61 nVidia chips).

Working solution is a nouveau.conf file (/etc/modprobe.d/) containing
	options nouveau noaccel=1


Bruce Ward, Nelson, New Zealand

Mike Dupont | 5 Jul 02:33 2015

Bug#791449: Crashing when there is an existing ~.fpm2 dir

Subject: fpm2: Crashing when there is an existing ~.fpm2 dir
Package: fpm2
Version: 0.79-3
Justification: causes non-serious data loss
Severity: grave

When loading an existing password file the fpm2 crashes. I cannot load
my password file and this is critical for me.
It occurs on this line where the j is a huge negative number causing
the columns_title[j] to crash

    j = GPOINTER_TO_INT(columns->data);
    types[i] = G_TYPE_STRING;
    treeViewColumn = gtk_tree_view_column_new_with_attributes
(gettext(columns_title[j]), cellRenderer, "text", i, NULL)

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages fpm2 depends on:
ii  libc6               2.19-18
(Continue reading)

Johan Henriksson | 5 Jul 02:17 2015

Bug#791448: RFP: gede -- Graphical frontend to GDB

Package: wnpp
Severity: wishlist

Licensed according to the BSD license.
Downloadable from

Ian Jackson | 5 Jul 02:12 2015

Bug#791447: anonymous access to dgit-repos

Package: dgit
Version: 0.1
Severity: important

When run by a non-DD, non-DD person, dgit should use some protocol
other than git+ssh to access the dgit-repos on the Debian dgit server.

Currently there is no such protocol offered at the server side.

(Prior to dgit 0.30 and the switch away from alioth, this bug is a
dupe of #720175 "anonymous alioth repo existence testing".)