headers
Michael S. Gilbert | 1 Aug 2009 01:00
Picon

Bug#539449: openssl: vulnerable to null character certificate spoofing

package: openssl
version: 0.9.8
severity: important
tags: security

it has been disclosed that ssl applications can be tricked via
inauthentic certificates containing null characters [0]. i have not
personally checked whether openssl is affected by this, but since this
is newly disclosed, it is very likely the case.  please check and fix
if need be.  thanks.
Permalink | Reply | 1 comment |
headers
Andres Salomon | 1 Aug 2009 01:03
Picon

Bug#538204: [Pkg-cups-devel] Bug#538204: cups: broken on squeeze by upgrade

On Sat, 1 Aug 2009 00:30:00 +0200
Philipp Kern <pkern <at> debian.org> wrote:

> severity 528204 normal
> thanks
> 
> <rant>
> > To: undisclosed-recipients: ;
> On Thu, Jul 30, 2009 at 09:15:01AM -0400, Andres Salomon wrote:
> > reassign 538204 ca-certificates
> > thanks
> 
> I didn't get any notification about the reassignment.  Please copy me
> next time you try this.  The To was also very unhelpful.
> </rant>
> 

Hm, I thought maintainers were normally copied when a bug
is sent to ### <at> bugs.d.o. My apologies.

> > Sure, it could be ca-certificates.  I'm reassigning accordingly.
> > As I said, I'm pretty certain that I didn't manually remove the
> > cert.
> 
> RC bug bouncing is fun.
> 
> > > Martin Pitt and I just checked and found three points:
> > > 1) pkg:ca-certificates provides those PEM files.
> 
> Untrue.  If anything ssl-cert provides them.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Petter Reinholdtsen | 1 Aug 2009 01:06

Bug#507545: Patch for some of the init.d scripts in nslu2-utils

[Petter Reinholdtsen]
> Yes, the old script should be removed and update-rc.d should be
> called to drop the init.d scripts from the boot script.  Sorry for
> forgetting this in my initial patch.  Can the package maintainers
> take care of this themselves, or do you need a new patch?

Here is a new patch, with code in the preinst to remove the obsolete
init.d scripts.  I am unable to NMU because I lack a operational arm
machine to build it on.

diff -Nru nslu2-utils-20080403/debian/nslu2-rtc.init nslu2-utils-20080403/debian/nslu2-rtc.init
--- nslu2-utils-20080403/debian/nslu2-rtc.init	2008-06-22 12:37:55.000000000 +0200
+++ nslu2-utils-20080403/debian/nslu2-rtc.init	2009-08-01 00:55:02.000000000 +0200
 <at>  <at>  -1,2 +1,20  <at>  <at> 
 #!/bin/sh
-modprobe rtc-dev
+### BEGIN INIT INFO
+# Provides:          nslu2-rtc
+# Required-Start:
+# Required-Stop:
+# Should-Start:      udev
+# X-Start-Before:    hwclock
+# Default-Start:     S
+# Default-Stop:
+# Short-Description: Load kernel module for the RTC device interface.
+# Description:       Load kernel module for the RTC device interface.
+### END INIT INFO
+
+case "$1" in
+    start)
(Continue reading)

Permalink | Reply | 1 comment |
headers
Michael S Gilbert | 1 Aug 2009 01:13
Picon

Bug#539449: Acknowledgement (openssl: vulnerable to null character certificate spoofing)

[0] http://www.wired.com/threatlevel/2009/07/kaminsky/
Permalink | Reply | 0 comments |
headers
Reuben Thomas | 1 Aug 2009 01:27
Gravatar

Bug#500147: x2x: Please sort this out!

Package: x2x
Followup-For: Bug #500147

I just spent a while chasing around because of this dead-end
reference. Please fix or remove it!

-- System Information:
Debian Release: 5.0.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages x2x depends on:
ii  libc6                         2.7-18     GNU C Library: Shared libraries
ii  libx11-6                      2:1.1.5-2  X11 client-side library
ii  libxext6                      2:1.0.4-1  X11 miscellaneous extension librar
ii  libxtst6                      2:1.0.3-1  X11 Testing -- Resource extension 

x2x recommends no packages.

x2x suggests no packages.
Permalink | Reply | 0 comments |
headers
Kyle McMartin | 1 Aug 2009 01:38
Picon

Bug#539378: [hppa]: fails to load nfs module: Global Offset Table

On Fri, Jul 31, 2009 at 06:00:48PM -0400, Carlos O'Donell wrote:
> On Fri, Jul 31, 2009 at 5:26 PM, John David
> Anglin<dave <at> hiauly1.hia.nrc.ca> wrote:
> > I don't have more details...  The idea is as Carlos outlined.  There's
> > code in the binutils elf32-hppa.c and elf64-hppa.c files to implement
> > the above for dynamic libraries.  That's what made me think of it.
> 
> Binutils is not involved in the kernel module loader, instead
> arch/parisc/kernel/module.c (get_fdesc) chooses where the gp will
> point to.
> 
> If you set gp to the middle of the GOT table, *and* implement
> long/short ldd access on 64-bit, then you would get a total of 8191
> possible slots per module.
> 
> Personally I think the lower risk, quicker fix, is to implement a fix
> for 64-bit kernels that uses ldd in format 3 for all offsets > 15
> bytes, and thus allow you to set MAX_GOTS to 4095.
> 
> Note: ldd format 3 can't be used to load immediate values between 15
> and -16 bytes.
> 

Is it as simple as:

diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c
index ef5caf2..0502fab 100644
--- a/arch/parisc/kernel/module.c
+++ b/arch/parisc/kernel/module.c
 <at>  <at>  -82,13 +82,6  <at>  <at>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Zack Weinberg | 1 Aug 2009 01:36
Picon
Favicon
Gravatar

Bug#537801: libqtgui4: mangled color maps

This problem has gone away again as mysteriously as it came, possibly
with a video driver upgrade.
Permalink | Reply | 0 comments |
headers
gpe92 | 1 Aug 2009 01:42
Picon
Favicon

Bug#538879: gnome: exaclty same problem for me

Package: gnome
Version: 1:2.24.3~2squeeze1
Severity: normal

same problem for me with the same error message.

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages gnome depends on:
ii  arj                   3.10.22-6          archiver for .arj files
ii  avahi-daemon          0.6.25-1           Avahi mDNS/DNS-SD daemon
ii  bluez-gnome           0.27-1             Bluetooth utilities for GNOME
ii  epiphany-extensions   2.26.1-1           Extensions for Epiphany web browse
ii  evolution-exchange    2.26.1-2           Exchange plugin for the Evolution 
ii  evolution-plugins     2.26.1.1-2         standard plugins for Evolution
ii  evolution-webcal      2.26.0-1           webcal: URL handler for GNOME and 
ii  gdm-themes            0.6.2              Themes for the GNOME Display Manag
ii  gedit-plugins         2.26.1-1           set of plugins for gedit
ii  gnome-app-install     0.5.24-1           GNOME Application Installer
ii  gnome-desktop-environ 1:2.24.3~2squeeze1 The GNOME Desktop Environment
ii  gnome-games           1:2.26.2-1         games for the GNOME desktop
ii  gnome-network-admin   2.22.1-5           GNOME Network Administration Tool
(Continue reading)

Permalink | Reply | 0 comments |
headers
Tim Day | 1 Aug 2009 01:42
Picon
Picon
Gravatar

Bug#539450: mt-daapd: Would be nice to have easy way of transcoding to something other than .wav

Package: mt-daapd
Version: 0.9~r1696.dfsg-6lenny2
Severity: wishlist

By default mt-daapd transcodes things like .flac and .ogg to .wav.
This works well enough, but when a client is device is connected
by 802.11b (as my Roku devices are) they simply don't have enough
bandwidth to stream the .wavs without frequent rebuffering.

It would be nice if there was a simple way (ideally a single
config file option?) of getting the ssc-ffmpeg.so plugin provided
with mt-daapd (and which I believe is responsible for transcoding)
to output mp3 instead of .wav.  I looked into the transcoding
instructions at http://wiki.fireflymediaserver.org/Transcoding_HOWTO
but they seem monstrously complicated and designed to solve a different
problem anyway (converting stuff ffmpeg can't deal with into .wav too).

Would have submitted this on the http://forums.fireflymediaserver.org/
Feature Requests page but the whole site seems dead and overrun by spammers.

-- System Information:
Debian Release: 5.0.2
  APT prefers stable
  APT policy: (500, 'stable'), (200, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
(Continue reading)

Permalink | Reply | 6 comments |
headers
Helge Deller | 1 Aug 2009 01:45
Picon
Picon

Bug#539378: [hppa]: fails to load nfs module: Global Offset Table

On 08/01/2009 01:38 AM, Kyle McMartin wrote:
> On Fri, Jul 31, 2009 at 06:00:48PM -0400, Carlos O'Donell wrote:
>> On Fri, Jul 31, 2009 at 5:26 PM, John David
>> Anglin<dave <at> hiauly1.hia.nrc.ca>  wrote:
>>> I don't have more details...  The idea is as Carlos outlined.  There's
>>> code in the binutils elf32-hppa.c and elf64-hppa.c files to implement
>>> the above for dynamic libraries.  That's what made me think of it.
>> Binutils is not involved in the kernel module loader, instead
>> arch/parisc/kernel/module.c (get_fdesc) chooses where the gp will
>> point to.
>>
>> If you set gp to the middle of the GOT table, *and* implement
>> long/short ldd access on 64-bit, then you would get a total of 8191
>> possible slots per module.
>>
>> Personally I think the lower risk, quicker fix, is to implement a fix
>> for 64-bit kernels that uses ldd in format 3 for all offsets>  15
>> bytes, and thus allow you to set MAX_GOTS to 4095.
>>
>> Note: ldd format 3 can't be used to load immediate values between 15
>> and -16 bytes.
>>
>
> Is it as simple as:
>
> diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c
> index ef5caf2..0502fab 100644
> --- a/arch/parisc/kernel/module.c
> +++ b/arch/parisc/kernel/module.c
>  <at>  <at>  -82,13 +82,6  <at>  <at>
(Continue reading)

Permalink | Reply | 0 comments |