Julien Lavergne | 1 Jul 01:42 2010

Bug#587689: RM: avant-window-navigator [hppa] -- ROM; Doesn't build on hppa, RM until it's fixed

Package: ftp.debian.org
Severity: normal


Please remove avant-window-navigator for hppa. It doesn't build for now du to
FTBFS of libdesktop-agnostic.


Julien Lavergne

Julien Lavergne | 1 Jul 01:46 2010

Bug#587690: RM: awn-extras-applets [hppa] -- ROM; Doesn't build on hppa

Package: ftp.debian.org
Severity: normal


awn-extras-applets doesn't build on hppa du to the FTBFS of libdesktop-
agnostic. Please remove it from unstable for hppa.


Julien Lavergne

Shyamal Prasad | 1 Jul 01:05 2010

Bug#587697: libmemcache-client-ruby1.8: Library unusable as packaged

Package: libmemcache-client-ruby1.8
Version: 1.7.8-1
Severity: grave

sprasad <at> dallas:~$ irb
irb(main):001:0> require 'memcache'
Errno::ENOENT: No such file or directory - /usr/lib/ruby/1.8/../VERSION.yml
	from /usr/lib/ruby/1.8/memcache.rb:24:in `read'
	from /usr/lib/ruby/1.8/memcache.rb:24
	from (irb):1:in `require'
	from (irb):1

Sure enough, around line 24 in the packaged memcache.rb we have

    config = YAML.load(File.read(File.dirname(__FILE__) + '/../VERSION.yml'))

but VERSION.yml is not included in the package since this is not a gem

sprasad <at> dallas:~$ dpkg -L libmemcache-client-ruby1.8
(Continue reading)

Francois Marier | 1 Jul 01:09 2010

Bug#587698: ipcheck: on python2.6: AttributeError: 'NoneType' object has no attribute 'close'

Package: ipcheck
Version: 0.233-1
Severity: normal
Tags: patch

Everytime I run ipcheck.py on cron (I have it in /etc/cron.hourly), I get this:

  Traceback (most recent call last):
    File "/usr/sbin/ipcheck.py", line 5518, in <module>
    File "/usr/sbin/ipcheck.py", line 5198, in _main
    File "/usr/lib/python2.6/socket.py", line 273, in close
  AttributeError: 'NoneType' object has no attribute 'close'

I have attached the patch I used to silence these errors.


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux (SMP w/2 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
(Continue reading)

Raphael Geissert | 1 Jul 01:17 2010

Bug#587700: python-cjson: CVE-2010-1666: buffer overflow

Package: python-cjson
Severity: grave
Tags: security


The following CVE (Common Vulnerabilities & Exposures) id was published for 

Quoting the original bug report[1]:
> There is a buffer overrun in cjson 1.0.5, on UCS4 builds. The string length
> is only resized for wide unicode characters if there is less than 12 bytes
> of space left. Padding with narrow-but-escaped characters prevents string
> resizing.
> The following line exhibits the overrun (it *may* segfault or display 
garbage, etc):
> >>> cjson.encode(u'\U0001D11E\U0001D11E\U0001D11E\U0001D11E\u1234\u1234\u12
> >>> 34\u1234\u1234\u1234')
> (u'\U0001D11E\u1234' also breaks, but sometimes goes undetected.)

This issue has been assigned CVE-2010-1666.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
If possible, please provide packages for stable (to be released via the 
security archive.)

For further information see:
(Continue reading)

Michael Biebl | 1 Jul 01:08 2010

Bug#587665: [Pkg-sysvinit-devel] Bug#587665: wrong PATH in urandom, find is in /usr/bin

On 30.06.2010 20:42, Henrique de Moraes Holschuh wrote:
> On Wed, 30 Jun 2010, Michael Biebl wrote:
>> the latest upload of the initscripts package broke the urandom sysv init
>> script.
>> It uses find in line 39, which lives in /usr/bin.

> IMO, the script needs to be changed to depend on "ls" only.  Drop the use of
> "find".  And have it depend only on udev.

Agreed, if it can be changed to work without find (or anything from /usr/), this
is of course the better solution.



Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

Abhishek Dasgupta | 1 Jul 01:24 2010

Bug#587701: ITP: flashbake -- automated version control with git

Package: wnpp
Severity: wishlist
Owner: Abhishek Dasgupta <abhidg <at> gmail.com>

* Package name    : flashbake
  Version         : 0.26.2
  Upstream Author : Thomas Gideon <cmdln--thecommandline--net>
* URL             : http://bitbucketlabs.net/flashbake/
* License         : GPL-3
  Programming Lang: Python
  Description     : automated version control with git

Flashbake is a tool which watches files and automatically checks
them in to a git repository. The commit lines can be customised
using plugins and are autogenerated. Thus it simplifies life for
the user by taking off the burden of manually committing changes
and allowing one to focus on the work.

Sebastian Wienforth | 1 Jul 01:20 2010

Bug#587702: tar (rmt) hangs since update in lenny when using --rsh-command=\/usr\/bin\/ssh

Package: tar
Version: 1.20-1+lenny1
Severity: important

Since the package update in lenny a few days ago, my automatic backups to a remote system, which are using tar
--rsh-command=\/usr\/bin\/ssh, started to run forever. 
Also a manual execution of: 
tar -c  -f 'user <at> example.com:backup.tgz' --rsh-command=\/usr\/bin\/ssh -z '/home' -vvvvvv
only prints a few lines (the first 4 files or so) and stops doing anything after that. (but still runs until
one breaks it with ctrl+c).

Downgrading the package to this version:
http://snapshot.debian.org/package/tar/1.20-1/#tar_1.20-1 on the remote system solved the
problem, and the backups work again.

So I believe the problem has something to do with the changes made to the rmt command in the update.

-- System Information:
Debian Release: 5.0.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages tar depends on:
ii  libc6                       2.7-18lenny4 GNU C Library: Shared libraries

(Continue reading)

Damien Miller | 1 Jul 01:26 2010

Bug#212518: may upstream can take a look at Debian bugs like this

Please unsubscribe openssh <at> openssh.com from this PR. Colin is the best 
person to decide whether this is reported upstream or not.

Also, you are wrong: the correct action is not to delete the host key. In
fact, that is potentially very dangerous.

Furthermore, an automated tool to delete keys from known_hosts already
exists. I bet if you read some manpages then you will find it.

On Thu, 1 Jul 2010, jidanni <at> jidanni.org wrote:

> found 212518 1:5.5p1-4
> retitle 212518 "Add correct host key" message should say "delete the host key" instead
> thanks
> Well if after
>   Add correct host key in /home/jidanni/.ssh/known_hosts to get rid of this message.
>   Offending key in /home/jidanni/.ssh/known_hosts:2
> there will be no instructions on what command one should use to do that,
> then that message should be changed to
>   Delete the host key in /home/jidanni/.ssh/known_hosts to get rid of this message.
>   Offending key in /home/jidanni/.ssh/known_hosts:2
>   Use:
>   ed /home/jidanni/.ssh/known_hosts<<!
>   2d
>   wq
>   !
(Continue reading)

Petter Reinholdtsen | 1 Jul 01:40 2010

Bug#587665: wrong PATH in urandom, find is in /usr/bin

[Michael Biebl]
> Agreed, if it can be changed to work without find (or anything from
> /usr/), this is of course the better solution.

This is the problematic line:

  SAVEDSIZE="$(find "$SAVEDFILE" -printf "%s")"

The find line prints the size of the file in bytes.

Not quite sure what the best option is, but this line seem to work
too, using ls and cut from /bin/.

  SAVEDSIZE="$(ls -s --block-size=1 "$SAVEDFILE" | cut -d' ' -f1)"

Anyone got a better idea?

Hapy hacking,

Petter Reinholdtsen