John Morris | 5 May 21:54 2015

Bug#784366: zeromq3: V3 protocol handler vulnerable to downgrade attacks

Package: zeromq3
Severity: grave

A security bug in 4.0.5 [1] allows attackers to bypass security:

> It is easy to bypass the security mechanism in 4.1.0 and 4.0.5 by
> sending a ZMTP v2 or earlier header. The library accepts such
> connections without applying its security mechanism.
> 
> Solution: if security is defined on a socket, reject all V2 and earlier
> connections, unconditionally.
> 
> Fixed by #6cf120 and related commits.

[1]: https://github.com/zeromq/libzmq/issues/1273

Debian Bug Tracking System | 5 May 21:30 2015
Picon

Processed: severity of 678054 is important

Processing commands for control <at> bugs.debian.org:

> # kfreebsd-* are no longer release architectures
> severity 678054 important
Bug #678054 [src:iulib] iulib: FTBFS[kfreebsd]: fatal error: asm/types.h: No such file or directory
Severity set to 'important' from 'serious'
> thanks
Stopping processing here.

Please contact me if you need assistance.
--

-- 
678054: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678054
Debian Bug Tracking System
Contact owner <at> bugs.debian.org with problems

Debian Bug Tracking System | 5 May 20:15 2015
Picon

Processed: Dependencies

Processing commands for control <at> bugs.debian.org:

> #784350 node-gaze unusable due to missing dependencies
> #780913 ITP: node-absolute-path
> #780909 ITP: node-nextback
> block 784350 by 780913 780909
Bug #784350 [node-gaze] node-gaze unusable due to missing dependencies
784350 was not blocked by any bugs.
784350 was not blocking any bugs.
Added blocking bug(s) of 784350: 780909 and 780913
> thanks
Stopping processing here.

Please contact me if you need assistance.
--

-- 
784350: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784350
Debian Bug Tracking System
Contact owner <at> bugs.debian.org with problems

Bas Couwenberg | 5 May 19:36 2015
Picon
Picon

Bug#784350: node-gaze unusable due to missing dependencies

Package: node-gaze
Version: 0.6.4-1
Severity: grave
Justification: renders package unusable

The node-gaze package currently in testing & unstable is unusable due to
missing dependencies.

npm2deb created packaging that only depended on node-globule (>= 0.1.0),
but that missed the addional dependencies listed in the package.json.

The missing dependencies were added to the packaging in git, but the
fixed revision cannot be uploaded before the missing dependencies pass
the NEW queue:

 * node-nextback (>= 0.1.0)
   http://ftp-master.debian.org/new/node-nextback_0.1.0-1.html

 * node-absolute-path (>= 0.0.0)
   http://ftp-master.debian.org/new/node-absolute-path_0.0.0-1.html

This RC should get node-gaze removed from and out of testing until its
dependencies are in order.

The missing dependencies are the cause for the failing CI checks:

 http://ci.debian.net/packages/n/node-gaze/unstable/amd64/

Debian Bug Tracking System | 5 May 19:21 2015
Picon

Processed: your mail

Processing commands for control <at> bugs.debian.org:

> reassign 753680 paraview-dev
Bug #753680 [paraview] [paraview] fail to build application on top of paraview
Bug reassigned from package 'paraview' to 'paraview-dev'.
No longer marked as found in versions paraview/4.1.0+dfsg-3.
Ignoring request to alter fixed versions of bug #753680 to the same values previously set
> forcemerge 783797 753680
Bug #783797 [paraview-dev] paraview-dev: can't build plugins, cmake file broken
Bug #753680 [paraview-dev] [paraview] fail to build application on top of paraview
Severity set to 'grave' from 'normal'
Marked as found in versions paraview/4.1.0+dfsg+1-1.
Merged 753680 783797
> thanks
Stopping processing here.

Please contact me if you need assistance.
--

-- 
753680: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753680
783797: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783797
Debian Bug Tracking System
Contact owner <at> bugs.debian.org with problems

Steve McIntyre | 5 May 18:25 2015

Bug#784344: Buggy DTB causes imx53 SATA failure

Package: src:linux
Version: 3.16.7-ckt9-3~deb8u1
Severity: serious

Hi guys,

Just debugged on harris.debian.org (imx53, Debian porter box) -
there's a missing patch that's needed for the imx53 sata controller to
work. At some point, it looks like the code in drivers/ata/ahci_imx.c
has changed and arch/arm/boot/dts/imx53.dtsi needed a change to
match. It's a trivial change, just renaming the core SATA clock from
"sata_gate" to "sata". Upstream patch is in commit
025781539a3ccf867c1e0f2fc63f61cc8c7c5415.

(Adding more info for people googling for this!)

Without this patch, the SATA driver in drivers/ata/ahci_imx.c just
reports

[    2.377276] ahci-imx 10000000.sata: can't get sata clock.
[    2.425652] ahci-imx: probe of 10000000.sata failed with error -2

at startup. Please apply ASAP, would be lovely to get this into the
Jessie point release.

-- System Information:
Debian Release: 7.8
  APT prefers oldoldstable
  APT policy: (500, 'oldoldstable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
(Continue reading)

Iain R. Learmonth | 5 May 17:37 2015
Picon

Bug#770954: gmFSK maintainence

Hi Hamish,

Do you plan to do any porting of gmFSK to use ALSA or PulseAudio from OSS?

If not, I can file a removal bug for this. We have plenty of other packages
in Debian for various digital modes.

Please record your reply on this bug if you're happy for the package to be
removed so I can point ftp-master at it.

Thanks,
Iain.

--

-- 
e: irl <at> fsfe.org            w: iain.learmonth.me
x: irl <at> jabber.fsfe.org     t: EPVPN 2105
c: 2M0STB                  g: IO87we
p: 1F72 607C 5FF2 CCD5 3F01 600D 56FF 9EA4 E984 6C49
Debian Bug Tracking System | 5 May 14:33 2015
Picon

Processed: severity of 782063 is serious

Processing commands for control <at> bugs.debian.org:

> # built in the past
> severity 782063 serious
Bug #782063 [src:qtwebkit-opensource-src] qtwebkit-opensource-src: FTBFS on sparc
Severity set to 'serious' from 'important'
> thanks
Stopping processing here.

Please contact me if you need assistance.
--

-- 
782063: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782063
Debian Bug Tracking System
Contact owner <at> bugs.debian.org with problems

Debian Bug Tracking System | 5 May 14:03 2015
Picon

Processed: block 784315 with 784316

Processing commands for control <at> bugs.debian.org:

> block 784315 with 784316
Bug #784315 [ftp.debian.org] RM: hoauth -- ROM; Unmaintained, replaced by hoauth2
784315 was not blocked by any bugs.
784315 was not blocking any bugs.
Added blocking bug(s) of 784315: 784316
> tag 784315 moreinfo
Bug #784315 [ftp.debian.org] RM: hoauth -- ROM; Unmaintained, replaced by hoauth2
Added tag(s) moreinfo.
> thanks
Stopping processing here.

Please contact me if you need assistance.
--

-- 
784315: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784315
Debian Bug Tracking System
Contact owner <at> bugs.debian.org with problems

David Kastrup | 5 May 12:48 2015
Picon
Picon

Bug#746005: Message from upstream


Hi,

I'm probably the LilyPond developer most involved with GUILE 2.0
migration and I'm pretty annoyed at the current situation and the manner
GUILE developers deal with it.

Several months back even Richard Stallman intervened and stressed the
importance of getting LilyPond moved to GUILE 2.0.  Like several times
before, GUILE developers promised to get actively involved only to drop
out of the discussion once they were provided with instructions, an
up-to-date branch/source to work with and current problem descriptions.

The current situation is such that 2.0 garbage collection API is
unreliable (see GUILE bug report
<URL:http://debbugs.gnu.org/cgi/bugreport.cgi?bug=19883> with the basic
recommendation "don't try using the smob mark mechanism any more" but no
real resolution).  It may well be that the current workarounds
implemented in LilyPond may be successful.

However, this is hard to test since there is _no_ released version of
GUILE 2.0 where the encoding problems in issues
<URL:http://debbugs.gnu.org/cgi/bugreport.cgi?bug=20200> (workaround in
LilyPond codebase, will get fixed in 2.0.12) and
<URL:http://debbugs.gnu.org/cgi/bugreport.cgi?bug=20209> (workaround in
LilyPond codebase, will get fixed in 2.0.12) and
<URL:http://debbugs.gnu.org/cgi/bugreport.cgi?bug=20302> (unfixed so
far, and since this usage _was_ already a workaround for previous
problems and reverting back to the old code does not work either, this
remains a roadblock) have been addressed.
(Continue reading)

Debian Bug Tracking System | 5 May 12:48 2015
Picon

Processed: your mail

Processing commands for control <at> bugs.debian.org:

> forwarded 784249 https://github.com/llvmpy/llvmpy/issues/106
Bug #784249 [src:llvm-py] llvm-py: switch to llvm-toolchain >= 3.5
Set Bug forwarded-to-address to 'https://github.com/llvmpy/llvmpy/issues/106'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
--

-- 
784249: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784249
Debian Bug Tracking System
Contact owner <at> bugs.debian.org with problems


Gmane