Debian Bug report logs - #396304
soap4r should not request USE_SOAP_PROXY, or it should be standardized

version graph

Package: apt-listbugs; Maintainer for apt-listbugs is Francesco Poli (wintermute) <invernomuto@paranoici.org>; Source for apt-listbugs is src:apt-listbugs.

Reported by: Brian May <brian@vpac.org>

Date: Tue, 31 Oct 2006 02:48:08 UTC

Severity: wishlist

Merged with 399706

Found in version apt-listbugs/0.1.3

Fixed in version apt-listbugs/0.1.4

Done: Francesco Poli <invernomuto@paranoici.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Junichi Uekawa <dancer@debian.org>:
Bug#396304; Package apt-listbugs. Full text and rfc822 format available.

Acknowledgement sent to Brian May <brian@vpac.org>:
New Bug report received and forwarded. Copy sent to Junichi Uekawa <dancer@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Brian May <brian@vpac.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: E: sanity check failed: environment variable http_proxy is set and soap_use_proxy is not
Date: Tue, 31 Oct 2006 13:22:04 +1100
Package: apt-listbugs
Version: 0.0.63
Severity: important

I think setting http_proxy without setting soap_use_proxy is quite reasonable
(as http_proxy is more well known then soap_use_proxy), and apt-listbugs should
be able to cope.

Reading package lists... Done
Building dependency tree... Done
Reading extended state information      
Initializing package states... Done
Reading task descriptions... Done  
Building tag database... Done    
The following packages have been kept back:
  gaim-encryption nvidia-settings trac xserver-xorg-video-all 
0 packages upgraded, 0 newly installed, 0 to remove and 4 not upgraded.
Need to get 0B of archives. After unpacking 0B will be used.
Writing extended state information... Done
/usr/sbin/apt-listbugs:395:in `parse_options': E: sanity check failed: environment variable http_proxy is set and soap_use_proxy is not 
        from /usr/sbin/apt-listbugs:1308
Warning: apt-listbugs exited abnormally, hit enter key to continue.

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-2-xen-686
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)

Versions of packages apt-listbugs depends on:
ii  apt                           0.6.46.2   Advanced front-end for dpkg
ii  libdpkg-ruby1.8               0.3.2      modules/classes for dpkg on ruby 1
ii  libhttp-access2-ruby1.8       2.0.6-1    HTTP accessing library for ruby
ii  libintl-gettext-ruby1.8       0.11-8     Gettext wrapper for Ruby 1.8
ii  libruby1.8 [libzlib-ruby1.8]  1.8.5-2    Libraries necessary to run Ruby 1.
ii  libxml-parser-ruby1.8         0.6.8-2    Interface of expat for the scripti
ii  ruby                          1.8.2-1    An interpreter of object-oriented 

apt-listbugs recommends no packages.

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, Junichi Uekawa <dancer@debian.org>:
Bug#396304; Package apt-listbugs. Full text and rfc822 format available.

Acknowledgement sent to Junichi Uekawa <dancer@netfort.gr.jp>:
Extra info received and forwarded to list. Copy sent to Junichi Uekawa <dancer@debian.org>. Full text and rfc822 format available.

Message #10 received at 396304@bugs.debian.org (full text, mbox):

From: Junichi Uekawa <dancer@netfort.gr.jp>
To: Brian May <brian@vpac.org>, 396304@bugs.debian.org
Subject: Re: Bug#396304: E: sanity check failed: environment variable http_proxy is set and soap_use_proxy is not
Date: Wed, 01 Nov 2006 07:32:56 +0900
> I think setting http_proxy without setting soap_use_proxy is quite reasonable
> (as http_proxy is more well known then soap_use_proxy), and apt-listbugs should
> be able to cope.

There is a balance here, since people will wonder why apt-listbugs
doesn't accept just http_proxy.

regards,
	junichi
-- 
dancer@{debian.org,netfort.gr.jp}   Debian Project



Information forwarded to debian-bugs-dist@lists.debian.org, Junichi Uekawa <dancer@debian.org>:
Bug#396304; Package apt-listbugs. Full text and rfc822 format available.

Acknowledgement sent to Junichi Uekawa <dancer@netfort.gr.jp>:
Extra info received and forwarded to list. Copy sent to Junichi Uekawa <dancer@debian.org>. Full text and rfc822 format available.

Message #15 received at 396304@bugs.debian.org (full text, mbox):

From: Junichi Uekawa <dancer@netfort.gr.jp>
To: Brian May <brian@vpac.org>, 396304@bugs.debian.org
Cc: Debian Bug Tracking System <control@bugs.debian.org>
Subject: Re: Bug#396304: E: sanity check failed: environment variable http_proxy is set and soap_use_proxy is not
Date: Thu, 02 Nov 2006 00:00:09 +0900
reassign 396304 libruby1.8
thanks

Hi,


> I think setting http_proxy without setting soap_use_proxy is quite reasonable
> (as http_proxy is more well known then soap_use_proxy), and apt-listbugs should
> be able to cope.

well, that is something you'd like to discuss with soap4r
implementation.  I don't agree with it, but it's apparently a
'security risk' to depend on http_proxy only.

regards,
	junichi
-- 
dancer@{debian.org,netfort.gr.jp}   Debian Project



Bug reassigned from package `apt-listbugs' to `libruby1.8'. Request was from Junichi Uekawa <dancer@netfort.gr.jp> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Junichi Uekawa <dancer@netfort.gr.jp>, akira yamada <akira@debian.org>:
Bug#396304; Package libruby1.8. Full text and rfc822 format available.

Acknowledgement sent to Bodo Meissner <bodo@bodo-m.de>:
Extra info received and forwarded to list. Copy sent to Junichi Uekawa <dancer@netfort.gr.jp>, akira yamada <akira@debian.org>. Full text and rfc822 format available.

Message #22 received at 396304@bugs.debian.org (full text, mbox):

From: Bodo Meissner <bodo@bodo-m.de>
To: Debian Bug Tracking System <396304@bugs.debian.org>
Subject: libruby1.8: this is a problem of apt-listbugs, not only a libruby problem
Date: Wed, 08 Nov 2006 11:34:03 +0100
Package: libruby1.8
Followup-For: Bug #396304

I think this bug is still related to apt-listbugs.
The soap_use_proxy variable is an interface of a library used internally.
apt-listbugs does not _have_to_ expose this interface to the user.
apt-listbugs even sets or deletes this variable in some cases depending on
the settings in apt.conf. This behaviour is inconsistent.

IMHO apt-listbugs should behave like other APT tools.
The manpage of apt.conf states
       http
          HTTP URIs; http::Proxy is the default http proxy to use. It is in
          the standard form of http://[[user][:pass]@]host[:port]/. Per host
          proxies can also be specified by using the form http::Proxy::<host>
          with the special keyword DIRECT meaning to use no proxies. The
          http_proxy environment variable will override all settings.

So it's expected behaviour that variable http_proxy will be used without
any questions or complaints from the programs.

I'm aware of two possible security risks: The first is the use of 
user:password in the proxy URL.  This is no problem if http_proxy does not 
contain a password. The second is the risk to unexpectedly override the 
settings from apt.conf with an untrusted proxy. I think this should be 
solved by a common solution for all apt related programs. Using a wrong 
proxy to list bug reports is a small problem compared to using this proxy
to download packages.
Please point me to an explanation if there is another security risk. 

Maybe we need a setting in apt.conf that tells APT to ignore http_proxy
and use the settings from apt.conf only. This should apply to apt-listbugs
as well. (like wget's --no-proxy option)


I have the proxy setting in apt.conf, so aptitude and apt-listbugs work 
as expected if I dont have http_proxy set.
But there are other programs that need the http_proxy environment variable.
When I set this variable (in my case to the same proxy as in apt.conf)
aptitude and apt-listchanges still work but apt-listbugs complains about
the missing soap_use_proxy variable.


If you like the idea of the soap_use_proxy variable, I propose to use
a setting in apt.conf or a variable specific to apt-listbugs, to select
from these possibilities:
- use http_proxy (and set soap_use_proxy internally)
- complain if http_proxy is set
- complain if http_proxy is set and differs from the apt.conf setting
  (else set soap_use_proxy internally)
- ignore http_proxy and use the setting from apt.conf (and set or remove
  http_proxy and soap_use_proxy internally as required)

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (900, 'testing'), (300, 'unstable'), (10, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-686
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages libruby1.8 depends on:
ii  libc6                        2.3.6.ds1-7 GNU C Library: Shared libraries
ii  libncurses5                  5.5-5       Shared libraries for terminal hand
ii  zlib1g                       1:1.2.3-13  compression library - runtime

libruby1.8 recommends no packages.

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, akira yamada <akira@debian.org>:
Bug#396304; Package libruby1.8. Full text and rfc822 format available.

Acknowledgement sent to Junichi Uekawa <dancer@netfort.gr.jp>:
Extra info received and forwarded to list. Copy sent to akira yamada <akira@debian.org>. Full text and rfc822 format available.

Message #27 received at 396304@bugs.debian.org (full text, mbox):

From: Junichi Uekawa <dancer@netfort.gr.jp>
To: Bodo Meissner <bodo@bodo-m.de>, 396304@bugs.debian.org
Subject: Re: Bug#396304: libruby1.8: this is a problem of apt-listbugs, not only a libruby problem
Date: Thu, 09 Nov 2006 13:28:18 +0900
> 
> If you like the idea of the soap_use_proxy variable, 

Basically, I don't like the whole idea of having to handle
soap_use_proxy even in non-CGI environments. It's just so silly.





Information forwarded to debian-bugs-dist@lists.debian.org, akira yamada <akira@debian.org>:
Bug#396304; Package libruby1.8. Full text and rfc822 format available.

Acknowledgement sent to Bodo Meissner <bodo@bodo-m.de>:
Extra info received and forwarded to list. Copy sent to akira yamada <akira@debian.org>. Full text and rfc822 format available.

Message #32 received at 396304@bugs.debian.org (full text, mbox):

From: Bodo Meissner <bodo@bodo-m.de>
To: 396304@bugs.debian.org
Cc: Junichi Uekawa <dancer@netfort.gr.jp>
Subject: Re: Bug#396304: libruby1.8: this is a problem of apt-listbugs, not only a libruby problem
Date: Thu, 09 Nov 2006 11:04:24 +0100
Am 09.11.2006 05:28:18 schrieb(en) Junichi Uekawa:

> Basically, I don't like the whole idea of having to handle
> soap_use_proxy even in non-CGI environments. It's just so silly.

Hello Junichi,

after some searching I found information about the security risk which  
is present in CGI programs.

Is there any case where apt-listbugs will be used in a CGI environment?
I think this security risk does does not apply to programs started by  
the administrator in a terminal or an X windows environment, e.g.  
aptitude.

Maybe you could set soap_use_proxy internally if http_proxy is set. If  
the combination of soap_use_proxy=on and http_proxy is allowed, you  
could even set soap_use_proxy without checking http_proxy.

I successfully ran (one time only) a modified version of apt-listbugs  
0.0.63 with http_proxy set and soap_use_proxy unset.


Bodo


--- /usr/sbin/apt-listbugs.orig   2006-10-11 00:26:07.000000000 +0200
+++ /usr/sbin/apt-listbugs        2006-11-09 10:21:49.000000000 +0100
@@ -391,8 +391,11 @@
     if ENV["HTTP_PROXY"] != nil && ENV["http_proxy"] == nil
       raise $intl._("E: sanity check failed: environment variable  
http_proxy is unset and HTTP_PROXY is set.")
     end
-    if ENV["http_proxy"] != nil && ENV["soap_use_proxy"] != "on"
-      raise $intl._("E: sanity check failed: environment variable  
http_proxy is set and soap_use_proxy is not 'on'.")
+    if ENV["HTTP_PROXY"] != nil && ENV["HTTP_PROXY"] !=  
ENV["http_proxy"]
+      raise $intl._("E: sanity check failed: environment variables  
http_proxy and HTTP_PROXY differ.")
+    end
+    if ENV["http_proxy"] != nil
+      ENV["soap_use_proxy"] = "on"
     end

     # http_proxy check
@@ -401,6 +404,7 @@
         puts "proxy configuration from APT.CONF: #{$1}" if $DEBUG
         if $1 == 'DIRECT'
           puts "Disabling proxy due to DIRECT" if $DEBUG
+          ENV.delete("soap_use_proxy")
         else
           ENV["http_proxy"] = $1
           ENV["soap_use_proxy"] = "on"



Information forwarded to debian-bugs-dist@lists.debian.org, akira yamada <akira@debian.org>:
Bug#396304; Package libruby1.8. Full text and rfc822 format available.

Acknowledgement sent to Junichi Uekawa <dancer@netfort.gr.jp>:
Extra info received and forwarded to list. Copy sent to akira yamada <akira@debian.org>. Full text and rfc822 format available.

Message #37 received at 396304@bugs.debian.org (full text, mbox):

From: Junichi Uekawa <dancer@netfort.gr.jp>
To: Bodo Meissner <bodo@bodo-m.de>
Cc: 396304@bugs.debian.org, Junichi Uekawa <dancer@netfort.gr.jp>
Subject: Re: Bug#396304: libruby1.8: this is a problem of apt-listbugs, not only a libruby problem
Date: Fri, 10 Nov 2006 15:18:18 +0900
Hi,

> > Basically, I don't like the whole idea of having to handle
> > soap_use_proxy even in non-CGI environments. It's just so silly.
> 
> Hello Junichi,
> 
> after some searching I found information about the security risk which  
> is present in CGI programs.
> 
> Is there any case where apt-listbugs will be used in a CGI environment?
> I think this security risk does does not apply to programs started by  
> the administrator in a terminal or an X windows environment, e.g.  
> aptitude.

Exactly, this should be fixed on ruby side, not worked around on from
apt-listbugs.



regards,
	junichi
-- 
dancer@{debian.org,netfort.gr.jp}   Debian Project



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#396304; Package libruby1.8. Full text and rfc822 format available.

Acknowledgement sent to akira yamada <akira@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #42 received at 396304@bugs.debian.org (full text, mbox):

From: akira yamada <akira@debian.org>
To: Junichi Uekawa <dancer@netfort.gr.jp>, 399706@bugs.debian.org, 396304@bugs.debian.org
Cc: Uwe Storbeck <uwe@ibr.ch>, 389681@bugs.debian.org
Subject: Re: Bug#399706: Bug#389681: apt-listbugs: Bug still exists in version 0.0.57
Date: Wed, 22 Nov 2006 10:56:04 +0900
Junichi Uekawa wrote:
> Please follow up this discussion in 399706.  I agree Ruby is stupid
> here, but I don't intend to work around it.

I don't think so.

It is not a bug of Ruby and it is bug of apt-listbugs.
I think that the behaviour is intended by the upstream author of SOAP4r.

The current author of apt-listbugs should ask the upstream
or correct his code.

-- 
ay

P.S. I will reassign the bug to apt-listbugs later.
Please reassign the bug to libruby1.8
if you ask the upstream and the upstream changes the code.



Bug reassigned from package `libruby1.8' to `apt-listbugs'. Request was from akira yamada <akira@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Junichi Uekawa <dancer@debian.org>:
Bug#396304; Package apt-listbugs. Full text and rfc822 format available.

Acknowledgement sent to uwe@ibr.ch (Uwe Storbeck):
Extra info received and forwarded to list. Copy sent to Junichi Uekawa <dancer@debian.org>. Full text and rfc822 format available.

Message #49 received at 396304@bugs.debian.org (full text, mbox):

From: uwe@ibr.ch (Uwe Storbeck)
To: Junichi Uekawa <dancer@netfort.gr.jp>
Cc: 399706@bugs.debian.org, 396304@bugs.debian.org
Subject: apt-listbugs proxy handling
Date: Wed, 22 Nov 2006 14:22:43 +0100
On Nov 22, Junichi Uekawa wrote:

> reassign 399706 libruby1.8

There are now 3 bugs (399706, 396304 and 389681) about the proxy
handling of apt-listbugs and I'm not convinced that this is really
a ruby problem.
The sanity check with SOAP_USE_PROXY may be required in other
contexts where this ruby module is used. In the case of apt-listbugs
it is not required, even more it is annoying.
I don't know ruby. But you are using a ruby module in apt-listbugs
which requires the SOAP_USE_PROXY variable to be set to work
properly. This is an interface of this module. There is no need to
expose it to the user of the application. So why not simply set this
variable inside of apt-listbugs to handle this internally and avoid
all this hassle?

Regards,

Uwe



Information forwarded to debian-bugs-dist@lists.debian.org, Junichi Uekawa <dancer@debian.org>:
Bug#396304; Package apt-listbugs. Full text and rfc822 format available.

Acknowledgement sent to Junichi Uekawa <dancer@netfort.gr.jp>:
Extra info received and forwarded to list. Copy sent to Junichi Uekawa <dancer@debian.org>. Full text and rfc822 format available.

Message #54 received at 396304@bugs.debian.org (full text, mbox):

From: Junichi Uekawa <dancer@netfort.gr.jp>
To: control@bugs.debian.org, 396304@bugs.debian.org
Cc: "NAKAMURA, Hiroshi" <nakahiro@sarion.co.jp>
Subject: soap4r should not require SOAP_USE_PROXY unless it's really required
Date: Thu, 23 Nov 2006 00:04:09 +0900
reassign 396304 libruby1.8
thanks

Hi,

Akira, it's your task to maintain upstream communication.


This problem stems back from the security fix on SOAP4R.

The potential security problem was that remote attacker could set the
'http_proxy' variable when a ruby program was used as a CGI.  The SOAP
interface then could be manipulated in such a way to send request
through random HTTP PROXY.

However, it's silly to always request SOAP_USE_PROXY to be set even
when it's not used as a web interface.  For example, apt-listbugs is a
command-line program which is not invoked as a CGI, and is not
vulnerable to this problem.



regards, 
	junichi
-- 
dancer@{debian.org,netfort.gr.jp}   Debian Project



Bug reassigned from package `apt-listbugs' to `libruby1.8'. Request was from Junichi Uekawa <dancer@netfort.gr.jp> to control@bugs.debian.org. Full text and rfc822 format available.

Bug reassigned from package `libruby1.8' to `libruby1.8'. Request was from Junichi Uekawa <dancer@netfort.gr.jp> to control@bugs.debian.org. Full text and rfc822 format available.

Severity set to `wishlist' from `important' Request was from Junichi Uekawa <dancer@netfort.gr.jp> to control@bugs.debian.org. Full text and rfc822 format available.

Merged 396304 399706. Request was from Junichi Uekawa <dancer@netfort.gr.jp> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, akira yamada <akira@debian.org>:
Bug#396304; Package libruby1.8. Full text and rfc822 format available.

Acknowledgement sent to Junichi Uekawa <dancer@netfort.gr.jp>:
Extra info received and forwarded to list. Copy sent to akira yamada <akira@debian.org>. Full text and rfc822 format available.

Message #67 received at 396304@bugs.debian.org (full text, mbox):

From: Junichi Uekawa <dancer@netfort.gr.jp>
To: control@bugs.debian.org, 396304@bugs.debian.org, 399706@bugs.debian.org
Subject: retitle the bugs for more appropriate title
Date: Thu, 23 Nov 2006 12:26:17 +0900
retitle 396304 soap4r should not request USE_SOAP_PROXY, or it should be standardized
retitle 399706 soap4r should not request USE_SOAP_PROXY, or it should be standardized
thanks

As per Debian policy, I request SOAP4R to not require extra
environment variable, or document such behavior as standard behavior
across other programs, or document that RUBY requires such
non-standard behavior. (It's currently undocumented except for the source).


This is not a problem on apt-listbugs, since it's already a documented
feature and will not be fixed.

regards,
	junichi
-- 
dancer@{debian.org,netfort.gr.jp}   Debian Project



Changed Bug title. Request was from Junichi Uekawa <dancer@netfort.gr.jp> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to akira yamada <akira@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Brian May <brian@vpac.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #74 received at 396304-close@bugs.debian.org (full text, mbox):

From: akira yamada <akira@debian.org>
To: 396304-close@bugs.debian.org
Subject: Bug#396304: fixed in ruby1.8 1.8.5-4
Date: Mon, 04 Dec 2006 03:02:03 +0000
Source: ruby1.8
Source-Version: 1.8.5-4

We believe that the bug you reported is fixed in the latest version of
ruby1.8, which is due to be installed in the Debian FTP archive:

irb1.8_1.8.5-4_all.deb
  to pool/main/r/ruby1.8/irb1.8_1.8.5-4_all.deb
libdbm-ruby1.8_1.8.5-4_i386.deb
  to pool/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4_i386.deb
libgdbm-ruby1.8_1.8.5-4_i386.deb
  to pool/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4_i386.deb
libopenssl-ruby1.8_1.8.5-4_i386.deb
  to pool/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4_i386.deb
libreadline-ruby1.8_1.8.5-4_i386.deb
  to pool/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4_i386.deb
libruby1.8-dbg_1.8.5-4_i386.deb
  to pool/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4_i386.deb
libruby1.8_1.8.5-4_i386.deb
  to pool/main/r/ruby1.8/libruby1.8_1.8.5-4_i386.deb
libtcltk-ruby1.8_1.8.5-4_i386.deb
  to pool/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4_i386.deb
rdoc1.8_1.8.5-4_all.deb
  to pool/main/r/ruby1.8/rdoc1.8_1.8.5-4_all.deb
ri1.8_1.8.5-4_all.deb
  to pool/main/r/ruby1.8/ri1.8_1.8.5-4_all.deb
ruby1.8-dev_1.8.5-4_i386.deb
  to pool/main/r/ruby1.8/ruby1.8-dev_1.8.5-4_i386.deb
ruby1.8-elisp_1.8.5-4_all.deb
  to pool/main/r/ruby1.8/ruby1.8-elisp_1.8.5-4_all.deb
ruby1.8-examples_1.8.5-4_all.deb
  to pool/main/r/ruby1.8/ruby1.8-examples_1.8.5-4_all.deb
ruby1.8_1.8.5-4.diff.gz
  to pool/main/r/ruby1.8/ruby1.8_1.8.5-4.diff.gz
ruby1.8_1.8.5-4.dsc
  to pool/main/r/ruby1.8/ruby1.8_1.8.5-4.dsc
ruby1.8_1.8.5-4_i386.deb
  to pool/main/r/ruby1.8/ruby1.8_1.8.5-4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 396304@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
akira yamada <akira@debian.org> (supplier of updated ruby1.8 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon,  4 Dec 2006 10:12:29 +0900
Source: ruby1.8
Binary: libtcltk-ruby1.8 libruby1.8-dbg rdoc1.8 libgdbm-ruby1.8 ruby1.8-dev ruby1.8-elisp ruby1.8-examples libdbm-ruby1.8 irb1.8 ruby1.8 libreadline-ruby1.8 libopenssl-ruby1.8 libruby1.8 ri1.8
Architecture: source i386 all
Version: 1.8.5-4
Distribution: unstable
Urgency: high
Maintainer: akira yamada <akira@debian.org>
Changed-By: akira yamada <akira@debian.org>
Description: 
 irb1.8     - Interactive Ruby (for Ruby 1.8)
 libdbm-ruby1.8 - DBM interface for Ruby 1.8
 libgdbm-ruby1.8 - GDBM interface for Ruby 1.8
 libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8
 libreadline-ruby1.8 - Readline interface for Ruby 1.8
 libruby1.8 - Libraries necessary to run Ruby 1.8
 libruby1.8-dbg - Debugging symbols for Ruby 1.8
 libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8
 rdoc1.8    - Generate documentation from Ruby source files (for Ruby 1.8)
 ri1.8      - Ruby Interactive reference (for Ruby 1.8)
 ruby1.8    - Interpreter of object-oriented scripting language Ruby 1.8
 ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8
 ruby1.8-elisp - ruby-mode for Emacsen
 ruby1.8-examples - Examples for Ruby 1.8
Closes: 396304 399706
Changes: 
 ruby1.8 (1.8.5-4) unstable; urgency=high
 .
   * applied debian/patches/149_bignum_to_s.patch:
       - Bignum#to_s(10) broken.  [ruby-dev:29710]
   * applied debian/patches/150_time_dup.patch:
       - duplicate the class of original time.  [ruby-core:09357]
   * applied debian/patches/151_super.patch:
       - fixed bug of zsuper with both of opt and rest.  fixed:
         [ruby-list:42928]
   * applied debian/patches/152_dir_glob.patch:
       - get rid of possible memory leak.
   * applied debian/patches/153_set_xor.patch:
       - fixed XOR operation against a container that holds duplicate values.
         [issue: #6444]
   * applied debian/patches/154_parse.y_segv.patch:
       - '().."' dumps core.  [ruby-dev:29732]
   * applied debian/patches/155_imap_nomodseq.patch and
     debian/patches/803_imap_nomodseq.patch.
   * applied debian/patches/156_rss_needless_include.patch:
       - removed needless include.
   * applied debian/patches/157_eval_iter_pre.patch:
       - ruby_block may be NULL even when ITER_PRE.
   * applied debian/patches/158_file_supplementray_group.patch:
       - File should honor supplementary group IDs.  [ruby-core:09546]
   * applied debian/patches/159_implicit_visibility.patch:
       - set implicit visibility only when it's called for the target class.
   * applied debian/patches/160_bignum_segv.patch:
       - aBignum*aFloat dumps core.  [ruby-list:43012]
   * applied debian/patches/161_sprintf_width.patch:
       - need not to truncate string if no width specifier given for %s.
         [ruby-dev:29952]
   * applied debian/patches/162_ossl_oscperror.patch:
       - OpenSSL::OCSP::OSCPError should be subclass of OpenSSL::OpenSSLError.
         [ruby-dev:29980]
   * applied debian/patches/163_cgi.rb_quote_boundary.patch:
       - [security] invalid multipart boundary can make cgi.rb infinite loop
         and CPU consumption.  (JVN#84798830)
   * added notes for HTTP_PROXY environment variable to README.Debian.
     (closes: #396304, #399706)
Files: 
 6c2bc9a43e29e727a62dc218093cd671 1068 interpreters optional ruby1.8_1.8.5-4.dsc
 4f1595bec7ab6224a647362d57391f4b 94597 interpreters optional ruby1.8_1.8.5-4.diff.gz
 a779d41afaab2856794526ee7c7a8204 216910 interpreters optional ruby1.8_1.8.5-4_i386.deb
 fa0dbbaf5dc5c036c2f981cb4df17500 1529156 libs optional libruby1.8_1.8.5-4_i386.deb
 4c2059cc43b09cb66f6374fdf81bcbd5 1001462 libdevel extra libruby1.8-dbg_1.8.5-4_i386.deb
 164b753af7b0a867ae0bb45a9778a169 718356 devel optional ruby1.8-dev_1.8.5-4_i386.deb
 3b0f903248ecd1373d6ba82d72c723b4 196540 interpreters optional libdbm-ruby1.8_1.8.5-4_i386.deb
 6138a8994d72665b8db3ddcddbc2e3e1 197248 interpreters optional libgdbm-ruby1.8_1.8.5-4_i386.deb
 54e2c9fc7f6d54eacb61f62a1ade351d 196846 interpreters optional libreadline-ruby1.8_1.8.5-4_i386.deb
 4a0ddc9d83778e626b1de0ba68b15727 1830162 interpreters optional libtcltk-ruby1.8_1.8.5-4_i386.deb
 b7d726ff2dff773a65ee78eda1b7f6f0 291310 interpreters optional libopenssl-ruby1.8_1.8.5-4_i386.deb
 c17663795e731688552d59b32a148c39 241724 interpreters optional ruby1.8-examples_1.8.5-4_all.deb
 8c9d0f913deb55debca20ce3854599d4 209236 interpreters optional ruby1.8-elisp_1.8.5-4_all.deb
 ea1a3cbe288511f939602f31a121f4d0 1228136 interpreters optional ri1.8_1.8.5-4_all.deb
 931cdcde1637d10f7b3bf45a356832d3 309388 doc optional rdoc1.8_1.8.5-4_all.deb
 dcb0cd7fc50357868e61cf011739546c 234650 interpreters optional irb1.8_1.8.5-4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFc3yiXzkxpuIT8aARAoAIAJ0TiFFI/n1Ab0N8sJwCmcG1ICUXPwCeM1nz
oGVT1qcEjghCeRR6B3mir08=
=Dz2T
-----END PGP SIGNATURE-----




Reply sent to akira yamada <akira@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Uwe Storbeck <uwe@ibr.ch>:
Bug acknowledged by developer. Full text and rfc822 format available.

Bug reassigned from package `libruby1.8' to `apt-listbugs'. Request was from uwe@ibr.ch (Uwe Storbeck) to control@bugs.debian.org. Full text and rfc822 format available.

Bug marked as found in version 0.0.73. Request was from uwe@ibr.ch (Uwe Storbeck) to control@bugs.debian.org. Full text and rfc822 format available.

Bug marked as found in version 0.0.69. Request was from uwe@ibr.ch (Uwe Storbeck) to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Junichi Uekawa <dancer@debian.org>:
Bug#396304; Package apt-listbugs. Full text and rfc822 format available.

Acknowledgement sent to Junichi Uekawa <dancer@netfort.gr.jp>:
Extra info received and forwarded to list. Copy sent to Junichi Uekawa <dancer@debian.org>. Full text and rfc822 format available.

Message #90 received at 396304@bugs.debian.org (full text, mbox):

From: Junichi Uekawa <dancer@netfort.gr.jp>
To: 396304@bugs.debian.org, uwe@ibr.ch (Uwe Storbeck), akira yamada <akira@debian.org> (libruby1.8 #396304 #399706), Junichi Uekawa <dancer@debian.org> (apt-listbugs #396304 #399706)
Subject: Re: Processed: bug 399706 still not fixed
Date: Wed, 07 Mar 2007 07:27:41 +0900
At Tue, 06 Mar 2007 15:09:16 +0000,
Debian Bug Tracking System wrote:
> 
> Processing commands for control@bugs.debian.org:
> 
> > reassign 399706 apt-listbugs
> Bug#399706: soap4r should not request USE_SOAP_PROXY, or it should be standardized
> Bug#396304: soap4r should not request USE_SOAP_PROXY, or it should be standardized
> Bug reassigned from package `libruby1.8' to `apt-listbugs'.
> 
> > found 399706 0.0.73
> Bug#399706: soap4r should not request USE_SOAP_PROXY, or it should be standardized
> Bug#396304: soap4r should not request USE_SOAP_PROXY, or it should be standardized
> Bug marked as found in version 0.0.73.
> 
> > found 399706 0.0.69
> Bug#399706: soap4r should not request USE_SOAP_PROXY, or it should be standardized
> Bug#396304: soap4r should not request USE_SOAP_PROXY, or it should be standardized
> Bug marked as found in version 0.0.69.

why?




Bug reassigned from package `apt-listbugs' to `project'. Request was from Junichi Uekawa <dancer@netfort.gr.jp> to control@bugs.debian.org. Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 17 Jun 2007 11:17:27 GMT) Full text and rfc822 format available.

Bug unarchived. Request was from Kenyon Ralph <kenyon@kenyonralph.com> to control@bugs.debian.org. (Sun, 29 Apr 2012 03:15:05 GMT) Full text and rfc822 format available.

Bug reassigned from package 'project' to 'apt-listbugs'. Request was from Kenyon Ralph <kenyon@kenyonralph.com> to control@bugs.debian.org. (Sun, 29 Apr 2012 03:15:06 GMT) Full text and rfc822 format available.

Marked as found in versions apt-listbugs/0.1.3. Request was from Kenyon Ralph <kenyon@kenyonralph.com> to control@bugs.debian.org. (Sun, 29 Apr 2012 03:15:06 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 28 May 2012 07:31:29 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 20:54:38 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.