Jakub Wilk | 28 Jan 00:36 2015
Picon

Bug#776439: iceweasel: site identity spoofing

Package: iceweasel
Version: 35.0-1
Tags: security

Iceweasel gets confused with the jwilk.net certificate, displaying 
incorrect information in the site identity popup, making the connection 
appear more secure than in actually is. To reproduce:

1) Go to https://jwilk.net/software/ and accept the self-signed 
certificate.

2) Click on the site identity button. The popup says says "This website 
does not supply identity information".

3) Open https://www.debian.org/ in another tab.

4) Go back to the original tab.

5) Click on the site button identity. Now the popup says "Verified by: 
Gandi", which is incorrect.

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
(Continue reading)

Christian Kastner | 28 Jan 00:26 2015
Picon

Bug#776438: example script for cron-driven sbuild-update

Source: sbuild
Version: 0.65.0-1
Severity: wishlist
Tags: patch

Hi,

I have attached the script I use to periodically update my various
sbuild chroots. It slightly facilitates chroot selection, logging, and
concurrency issues.

If you find this useful, please feel free to include it in examples/.

Regards,
Christian
#!/bin/sh
# Example script for automatically updating sbuild chroots
#
# Simply create a crontab /etc/cron.d/sbuild-update-all and specify the
# schedule that you want to use. The behaviour of this script can be influenced
# by the following evironment variables:
#
#   PATTERN     glob pattern to match the chroot config name against, in
#               directory /etc/schroot/chroot.d/.
#
#               Default: *-sbuild
#
#   UPDATEARGS  The arguments with which sbuild-update will be invoked.
(Continue reading)

Cesar Enrique Garcia | 28 Jan 00:24 2015
Picon

Bug#776437: network-manager: After suspend the routing table is sometimes wrong

Package: network-manager
Version: 0.9.10.0-5
Severity: important

 After I suspending my laptop and waking it up again, the routing table is
 no longer a valid one:

 # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1

 whereas the routing table before suspending is:
  # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    1024   0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth1
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1

 nm-applet shows that the eth1 is connected to the Wi-Fi.

 The error cannot be reproduced all the time. Since it is a quite old and 
 slow laptop, there might be some race condition.

 I see no error messages in /var/log/daemon.log.

 The IPv6 routing table also changed. Before:
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
(Continue reading)

paulownia | 28 Jan 00:11 2015
Picon

Bug#776436: fonts-vlgothic: wrong metrics for several symbols (full- instead of half-width)

Package: fonts-vlgothic
Version: 20141206-1

The character widths of several (latin1) symbols in VL Gothic seem to
be incorrect, they are full-width when they should be half-width. The
following characters are affected, there may be more:

¤ U+00a4 CURRENCY SIGN
§ U+00a7 SECTION SIGN
¨ U+00a8 DIAERESIS
© U+00a9 COPYRIGHT SIGN
® U+00ae REGISTERED SIGN
° U+00b0 DEGREE SIGN
± U+00b1 PLUS-MINUS SIGN
² U+00b2 SUPERSCRIPT TWO
³ U+00b3 SUPERSCRIPT THREE
´ U+00b4 ACUTE ACCENT
¶ U+00b6 PILCROW SIGN
· U+00b7 MIDDLE DOT
¹ U+00b9 SUPERSCRIPT ONE
º U+00ba MASCULINE ORDINAL INDICATOR
¼ U+00bc VULGAR FRACTION ONE QUARTER
½ U+00bd VULGAR FRACTION ONE HALF
¾ U+00be VULGAR FRACTION THREE QUARTERS
¿ U+00bf INVERTED QUESTION MARK
× U+00d7 MULTIPLICATION SIGN
÷ U+00f7 DIVISION SIGN

Dan Urist | 27 Jan 23:29 2015
Picon

Bug#776435: apt: Package install with apt preferences won't follow dependencies for release

Package: apt
Version: 0.9.7.9+deb7u6
Severity: wishlist

Dear Maintainer,

With "apt-get install -t", a package and all its dependencies are
installed from the given release. There seems to be no way to achieve
the same behavior with apt preferences. While it's possible to specify
a glob or regexp for package names in apt preferences, any dependent
packages that don't match won't be installed from the given
release. The use case for this functionality is in systems managed by
configuration management software (e.g. puppet), where it's much more
straightforward to specify behavior in a configuration file than via
flags to a specific command.

For example, I need the newer functionality of the version of
syslog-ng in wheezy backports. With the following apt_preferences file:

> Package: syslog-ng*
> Pin: release n=wheezy-backports
> Pin-Priority: 990
> 

"apt-get install syslog-ng" gives this error:

> Reading package lists... Done
> Building dependency tree       
> Reading state information... Done
> Some packages could not be installed. This may mean that you have
(Continue reading)

Antonio Ospite | 28 Jan 00:06 2015
Picon

Bug#776434: gnuplot: Installing both gnuplot and gnuplot5 breaks gnuplot4 help

Package: gnuplot
Version: 4.6.6-1
Severity: important

Dear Maintainer,

when installing both gnuplot and gnuplot5 the gnuplot4 help is broken
with this error:

--------------------------------------------------------------------
$ gnuplot4

        G N U P L O T
        Version 4.6 patchlevel 6    last modified September 2014
        Build System: Linux x86_64

        Copyright (C) 1986-1993, 1998, 2004, 2007-2014
        Thomas Williams, Colin Kelley and many others

        gnuplot home:     http://www.gnuplot.info
        faq, bugs, etc:   type "help FAQ"
        immediate help:   type "help"  (plot window: hit 'h')

Terminal type set to 'qt'
gnuplot> help
/usr/share/gnuplot/gnuplot.gih: No such file or directory
gnuplot>
--------------------------------------------------------------------

To reproduce that just install gnuplot, then install gnuplot5 and then
(Continue reading)

Chris Lamb | 27 Jan 23:57 2015
Picon

Bug#776433: dict-devil: please make the build reproducible

Source: dict-devil
Version: 1.0-12
Severity: wishlist
Tags: patch
User: reproducible-builds <at> lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-builds <at> lists.alioth.debian.org

Hi,

While working on the "reproducible builds" effort [1], we have noticed
that dict-devil could not be built reproducibly.

The attached patch removes timestamps from the build system. Once
applied, dict-devil can be built reproducibly in our current
experimental
framework.

 [1]: https://wiki.debian.org/ReproducibleBuilds

Regards,

--

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby <at> debian.org / chris-lamb.co.uk
       `-
diff -urNad dict-devil.orig/dict-devil-1.0/debian/devil2dict dict-devil/dict-devil-1.0/debian/devil2dict
(Continue reading)

Chris Lamb | 27 Jan 23:53 2015
Picon

Bug#776432: dict-stardic: please make the build reproducible

Source: dict-stardic
Version: 1.3.1-4
Severity: wishlist
Tags: patch
User: reproducible-builds <at> lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-builds <at> lists.alioth.debian.org

Hi,

While working on the "reproducible builds" effort [1], we have noticed
that dict-stardic could not be built reproducibly.

The attached patch removes timestamps from the build system. Once
applied, dict-stardic can be built reproducibly in our current
experimental
framework.

 [1]: https://wiki.debian.org/ReproducibleBuilds

Regards,

--

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby <at> debian.org / chris-lamb.co.uk
       `-
diff -urNad dict-stardic.orig/dict-stardic-1.3.1/debian/rules dict-stardic/dict-stardic-1.3.1/debian/rules
(Continue reading)

Ashish SHUKLA | 27 Jan 23:34 2015
X-Face
Face
Picon

Bug#776431: Rebooting with intel-microcode 3.20150107.1~bpo70+1 causing CPU lockups

Package: intel-microcode
Version: 3.20150107.1~bpo70+1

Hi,

After installing this microcode update and rebooting host (Dell PowerEdge
R430), we get:

--8<---------------cut here---------------start------------->8---
[   20.224624] ------------[ cut here ]------------                                                                                                                                                      
[   20.229882] WARNING: CPU: 0 PID: 1 at /build/linux-ax4Uh1/linux-3.16.7-ckt2/kernel/watchdog.c:265
watchdog_overflow_callback+0x9a/0xc0()                                                              
[   20.243701] Watchdog detected hard LOCKUP on cpu 0                                                                                                                                                    
[   20.248931] Modules linked in:                                                                                                                                                                        
[   20.252809] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G      D       3.16.0-0.bpo.4-amd64 #1 Debian
3.16.7-ckt2-1~bpo70+1                                                                                
[   20.264878] Hardware name: Dell Inc. PowerEdge R430/0DYFC8, BIOS 1.0.2 11/17/2014                                                                                                                     
[   20.273355]  0000000000000000 ffffffff8171bac8 ffffffff81541f8f ffff88047f406c58                                                                                                                      
[   20.282045]  ffffffff8106cecc ffff88046eec0c00 0000000000000000 ffff88047f406d48                                                                                                                      
[   20.290924]  0000000000000000 ffff88047f406ef8 ffffffff8106cfba ffffffff8171baa0                                                                                                                      
[   20.299617] Call Trace:                                                                                                                                                                               
[   20.302440]  <NMI>  [<ffffffff81541f8f>] ? dump_stack+0x41/0x51
[   20.309307]  [<ffffffff8106cecc>] ? warn_slowpath_common+0x8c/0xc0
[   20.316306]  [<ffffffff8106cfba>] ? warn_slowpath_fmt+0x4a/0x50
[   20.323014]  [<ffffffff8110881a>] ? watchdog_overflow_callback+0x9a/0xc0
[   20.330596]  [<ffffffff81142c18>] ? __perf_event_overflow+0x98/0x230
[   20.337789]  [<ffffffff8102bc78>] ? x86_perf_event_set_period+0xd8/0x150
[   20.345371]  [<ffffffff81033428>] ? intel_pmu_handle_irq+0x1f8/0x3d0
[   20.352564]  [<ffffffff8102b082>] ? perf_event_nmi_handler+0x32/0x60
[   20.359757]  [<ffffffff81018f3d>] ? nmi_handle+0x8d/0x140
(Continue reading)

Chris Lamb | 27 Jan 23:47 2015
Picon

Bug#776430: dictd: add --no-name flag to help reproducible builds

Source: dictd
Version: 1.12.1+dfsg-3
Severity: wishlist
Tags: patch
User: reproducible-builds <at> lists.alioth.debian.org
Usertags: toolchain
X-Debbugs-Cc: reproducible-builds <at> lists.alioth.debian.org

Hi,

While working on the "reproducible builds" effort [1], we have noticed
that dictzip adds the filename and timestamp to the generated .dz files.

The attached patch adds a --no-name flag (like gzip) that disables this.
This will make it easier and cleaner for maintainers to make their
builds reproducible.

 [1]: https://wiki.debian.org/ReproducibleBuilds

Regards,

--

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby <at> debian.org / chris-lamb.co.uk
       `-
diff --git a/data.h b/data.h
index 2fa54f2..ca0f564 100644
(Continue reading)

John Paul Adrian Glaubitz | 27 Jan 23:35 2015
Picon
Picon

Bug#776429: unblock: fs-uae/2.4.1+ds-3

Package: release.debian.org
Severity: normal
Tags: patch
User: release.debian.org <at> packages.debian.org
Usertags: unblock

fs-uae has a bug which results in segmentation faults when using
newer versions of the proprietary nVidia driver [1,2]. Initially,
this was blamed on the nVidia driver but it turned out to be a
bug in fs-uae after nVidia investigated the problem [3].

The actual patch to fix the issue just removes an fs-uae-internal
implementation of the glibc function mprotect() which is the
only change in fs-uae_2.4.1+ds-3.

Since this issue affects multiple users and many of them have
directly complained to me in form of bug reports, I would kindly
ask the release team to unblock fs-uae_2.4.1+ds-3 for Jessie.

I have already uploaded fs-uae_2.4.1+ds-3 to unstable and should
pop up on the buildds quickly. I am attaching its debdiff.

Cheers,
Adrian

unblock fs-uae/2.4.1+ds-3

> [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757164
> [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767109
> [3] http://fs-uae.net/2015/01/27/fs-uae-2-4-3-released
(Continue reading)


Gmane