Debian Bug report logs - #496411
The possibility of attack with the help of symlinks in some Debian packages

version graph

Package: ltp-network-test; Maintainer for ltp-network-test is Jiri Palecek <jpalecek@web.de>;

Reported by: "Dmitry E. Oboukhov" <dimka@uvw.ru>

Date: Sun, 24 Aug 2008 18:11:19 UTC

Severity: grave

Tags: confirmed, security

Found in versions ltp/20080831+dfsg-2, ltp/20060918-3, ltp/20081031+dfsg-1

Fixed in version ltp/20081130+dfsg-3

Done: Jiri Palecek <jpalecek@web.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Alastair McKinstry <mckinstry@debian.org>:
Bug#496411; Package ltp-network-test. Full text and rfc822 format available.

Acknowledgement sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
New Bug report received and forwarded. Copy sent to Alastair McKinstry <mckinstry@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Dmitry E. Oboukhov" <dimka@uvw.ru>
To: submit@bugs.debian.org
Cc: dimka@uvw.ru
Subject: The possibility of attack with the help of symlinks in some Debian packages
Date: Sun, 24 Aug 2008 22:05:29 +0400
Package: ltp-network-test
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
    http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
    file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
    file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
    file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
    file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
    file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
    file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
    file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
    file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
    file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
    file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
    file: /usr/share/dtc/admin/accesslog.php
    file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
    file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
    file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
    file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
    file: /usr/share/linuxtrade/bin/linuxtrade.wn
    file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
    file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
    file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
    file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
    file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
    file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
    file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
    file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
    file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
    file: /usr/bin/impose
Binary-package: mgt (2.31-5)
    file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
    file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
    file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
    file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
    file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
    file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
    file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
    file: /usr/lib/lmbench/scripts/rccs
    file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
    file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
    file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
    file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
    file: /usr/bin/optics2rad
    file: /usr/bin/pdelta
    file: /usr/bin/dayfact
    file: /usr/bin/raddepend
Binary-package: vdr-dbg (1.6.0-5)
    file: /usr/bin/vdrleaktest
Binary-package: ogle-mmx (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: convirt (0.8.2-3)
    file: /usr/share/convirt/image_store/_template_/provision.sh
    file: /usr/share/convirt/image_store/Linux_CD_Install/provision.sh
    file: /usr/share/convirt/image_store/Fedora_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/CentOS_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/common/provision.sh
    file: /usr/share/convirt/image_store/example/provision.sh
    file: /usr/share/convirt/image_store/Windows_CD_Install/provision.sh
Binary-package: printfilters-ppd (2.13-9)
    file: /usr/lib/printfilters/master-filter
Binary-package: r-base-core (2.7.1-1)
    file: /usr/lib/R/bin/javareconf
    file: /usr/lib/R/bin/javareconf.orig
Binary-package: xmcd (2.6-19.3)
    file: /usr/share/xmcd/scripts/ncsarmt
    file: /usr/share/xmcd/scripts/ncsawrap
Binary-package: tiger (1:3.2.2-3.1)
    file: /usr/lib/tiger/util/genmsgidx
Binary-package: scilab-bin (4.1.2-5)
    file: /usr/lib/scilab-4.1.2/bin/scilink
    file: /usr/lib/scilab-4.1.2/util/scidoc
    file: /usr/lib/scilab-4.1.2/util/scidem
Binary-package: dpkg-cross (2.3.0)
    file: /usr/share/dpkg-cross/bin/gccross
Binary-package: ltp-network-test (20060918-2.1)
    file: /usr/lib/debian-test/tests/linux/testcases/bin/ftp_setup_vsftp_conf
    file: /usr/lib/debian-test/tests/linux/testcases/bin/nfs_fsstress.sh
Binary-package: cman (2.20080629-1)
    file: /usr/sbin/fence_egenera
Binary-package: scratchbox2 (1.99.0.24-1)
    file: /usr/share/scratchbox2/scripts/dpkg-checkbuilddeps
    file: /usr/share/scratchbox2/scripts/sb2-check-pkg-mappings
Binary-package: sendmail-base (8.14.3-5)
    file: /usr/sbin/checksendmail
    file: /usr/bin/expn
Binary-package: fwbuilder (2.1.19-3)
    file: /usr/bin/fwb_install
Binary-package: sng (1.0.2-5)
    file: /usr/bin/sng_regress
Binary-package: dist (1:3.5-17-1)
    file: /usr/bin/patcil
    file: /usr/bin/patdiff
Binary-package: sympa (5.3.4-5)
    file: /usr/lib/cgi-bin/sympa/wwsympa.fcgi
    file: /usr/lib/sympa/bin/sympa.pl
Binary-package: postfix (2.5.2-2)
    file: /usr/lib/postfix_groups.pl
Binary-package: caudium (3:1.4.12-11)
    file: /usr/share/caudium/configvar
Binary-package: mgetty-fax (1.1.36-1.2)
    file: /usr/bin/faxspool
Binary-package: aegis (4.24-3)
    file: /usr/share/doc/aegis/examples/remind/bng_dvlpd.sh
    file: /usr/share/doc/aegis/examples/remind/bng_rvwd.sh
    file: /usr/share/doc/aegis/examples/remind/awt_dvlp.sh
    file: /usr/share/doc/aegis/examples/remind/awt_intgrtn.sh
Binary-package: aegis-web (4.24-3)
    file: /usr/lib/cgi-bin/aegis.cgi
Binary-package: digitaldj (0.7.5-6+b1)
    file: /usr/share/digitaldj/fest.pl
Binary-package: mon (0.99.2-12)
    file: /usr/lib/mon/alert.d/test.alert
Binary-package: feta (1.4.16)
    file: /usr/share/feta/plugins/to-upgrade
Binary-package: arb-common (0.0.20071207.1-4)
    file: /usr/lib/arb/SH/arb_fastdnaml
    file: /usr/lib/arb/SH/dszmconnect.pl
Binary-package: qemu (0.9.1-5)
    file: /usr/sbin/qemu-make-debian-root
Binary-package: apertium (3.0.7+1-1+b1)
    file: /usr/bin/apertium-gen-deformat
    file: /usr/bin/apertium-gen-reformat
    file: /usr/bin/apertium
Binary-package: xcal (4.1-18.3)
    file: /usr/bin/pscal
Binary-package: myspell-tools (1:3.1-20)
    file: /usr/bin/i2myspell
Binary-package: gccxml (0.9.0+cvs20080525-1)
    file: /usr/share/gccxml-0.9/MIPSpro/find_flags
Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4)
    file: /usr/share/freeradius-dialupadmin/bin/backup_radacct
    file: /usr/share/freeradius-dialupadmin/bin/clean_radacct
    file: /usr/share/freeradius-dialupadmin/bin/monthly_tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/truncate_radacct
Binary-package: dhis-server (5.3-1)
    file: /usr/lib/dhis-server/dhis-dummy-log-engine
Binary-package: wims (3.62-13)
    file: /var/lib/wims/public_html/bin/coqweb
    file: /var/lib/wims/bin/account.sh
Binary-package: initramfs-tools (0.92f)
    file: /usr/share/initramfs-tools/init
Binary-package: realtimebattle-common (1.0.8-7)
    file: /usr/lib/realtimebattle/Robots/perl.robot
Binary-package: netmrg (0.20-1)
    file: /usr/bin/rrdedit
Binary-package: bulmages-servers (0.11.1-2)
    file: /usr/share/bulmages/examples/scripts/actualizabulmacont
    file: /usr/share/bulmages/examples/scripts/installbulmages-db
    file: /usr/share/bulmages/examples/scripts/creabulmafact
    file: /usr/share/bulmages/examples/scripts/creabulmacont
    file: /usr/share/bulmages/examples/scripts/actualizabulmafact
Binary-package: xastir (1.9.2-1)
    file: /usr/lib/xastir/get-maptools.sh
    file: /usr/lib/xastir/get_shapelib.sh
Binary-package: plait (1.5.2-1)
    file: /usr/bin/plaiter
    file: /usr/bin/plait
Binary-package: cdrw-taper (0.4-2)
    file: /usr/sbin/amlabel-cdrw
Binary-package: konwert-filters (1.8-11.1)
    file: /usr/share/konwert/filters/any-UTF8
Binary-package: gdrae (0.1-1)
    file: /usr/bin/gdrae
Binary-package: lazarus-src (0.9.24-0-9)
    file: /usr/lib/lazarus/tools/install/create_lazarus_export_tgz.sh




Information forwarded to debian-bugs-dist@lists.debian.org, Alastair McKinstry <mckinstry@debian.org>:
Bug#496411; Package ltp-network-test. Full text and rfc822 format available.

Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Alastair McKinstry <mckinstry@debian.org>. Full text and rfc822 format available.

Message #10 received at 496411@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 496411@bugs.debian.org, control@bugs.debian.org
Subject: here's a patch
Date: Mon, 25 Aug 2008 17:15:40 +0200
[Message part 1 (text/plain, inline)]
tags 496411 security confirmed patch
thanks

Hi,

Yes, the bug is indeed present. Attached patch fixes it.


Thijs
[496411.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]

Tags added: security, confirmed, patch Request was from Thijs Kinkhorst <thijs@debian.org> to control@bugs.debian.org. (Mon, 25 Aug 2008 15:18:10 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Alastair McKinstry <mckinstry@debian.org>:
Bug#496411; Package ltp-network-test. Full text and rfc822 format available.

Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Alastair McKinstry <mckinstry@debian.org>. Full text and rfc822 format available.

Message #17 received at 496411@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 496411@bugs.debian.org
Cc: control@bugs.debian.org
Subject: patch sent to wrong bug, issues present
Date: Mon, 25 Aug 2008 22:00:33 +0200
[Message part 1 (text/plain, inline)]
severity 496411 important
thanks

Hi,

Please ignore that previous patch, I sent it to the wrong bug report.

The issue is present in the mentioned files. As a matter of fact, there are 
many more issues, the testset seems to be built around writing things in /tmp 
with hardcoded filenames.

This is dangerous because as I understand it, these tests run as root. 
However, I would not expect people to run such a test set on production- or 
multiuser systems.

So my solution to this bug would be the following: we (security team) mark the 
package to be supported unsupported for multi-user, production environments. 
To that effect a short README.Debian would need to be added to the package 
that states something like this:

===
This test suite is only intended to be run on non-production, single user 
systems. The scripts use various techniques that are exploitable in a context 
of potentially malicious local users.
===

It may seem a bit obvious but I think it's better to be explicit than sorry. 
Can you take care of uploading a version with this change and get it into 
lenny? Let me know if you need me to make an NMU.


cheers,
Thijs
[Message part 2 (application/pgp-signature, inline)]

Severity set to `important' from `grave' Request was from Thijs Kinkhorst <thijs@debian.org> to control@bugs.debian.org. (Mon, 25 Aug 2008 20:03:05 GMT) Full text and rfc822 format available.

Reply sent to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #24 received at 496411-close@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 496411-close@bugs.debian.org
Subject: Bug#496411: fixed in ltp 20060918-3
Date: Mon, 25 Aug 2008 21:32:13 +0000
Source: ltp
Source-Version: 20060918-3

We believe that the bug you reported is fixed in the latest version of
ltp, which is due to be installed in the Debian FTP archive:

ltp-commands-test_20060918-3_i386.deb
  to pool/main/l/ltp/ltp-commands-test_20060918-3_i386.deb
ltp-dev_20060918-3_i386.deb
  to pool/main/l/ltp/ltp-dev_20060918-3_i386.deb
ltp-disc-test_20060918-3_i386.deb
  to pool/main/l/ltp/ltp-disc-test_20060918-3_i386.deb
ltp-kernel-test_20060918-3_i386.deb
  to pool/main/l/ltp/ltp-kernel-test_20060918-3_i386.deb
ltp-misc-test_20060918-3_i386.deb
  to pool/main/l/ltp/ltp-misc-test_20060918-3_i386.deb
ltp-network-test_20060918-3_i386.deb
  to pool/main/l/ltp/ltp-network-test_20060918-3_i386.deb
ltp-tools_20060918-3_i386.deb
  to pool/main/l/ltp/ltp-tools_20060918-3_i386.deb
ltp_20060918-3.diff.gz
  to pool/main/l/ltp/ltp_20060918-3.diff.gz
ltp_20060918-3.dsc
  to pool/main/l/ltp/ltp_20060918-3.dsc
ltp_20060918-3_all.deb
  to pool/main/l/ltp/ltp_20060918-3_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 496411@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated ltp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 25 Aug 2008 22:13:23 +0200
Source: ltp
Binary: ltp-tools ltp-dev ltp-kernel-test ltp-network-test ltp-commands-test ltp-misc-test ltp-disc-test ltp
Architecture: source i386 all
Version: 20060918-3
Distribution: unstable
Urgency: high
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 ltp        - The Linux Test Project test suite
 ltp-commands-test - Command tests for the Linux Test Project
 ltp-dev    - development files for Linux Test Project
 ltp-disc-test - Disk I/O tests for the Linux Test Project
 ltp-kernel-test - kernel tests for the Linux Test Project
 ltp-misc-test - Misc. tests for the Linux Test Project
 ltp-network-test - Network tests for the Linux Test Project
 ltp-tools  - Utilities for running the Linux Test Project test suite
Closes: 496411
Changes: 
 ltp (20060918-3) unstable; urgency=high
 .
   * QA upload
   * Set maintainer to Debian QA. There's work on adopting the package
     but that hasn't materialised yet.
   * Add README.Debian explaining security status of this package
     (Closes: #496411).
Checksums-Sha1: 
 3ffd32f5515ad1b1e91d60bcb382ba315a953717 1367 ltp_20060918-3.dsc
 805dab9f3fe0a95b2e019a0f680153df9ad5494f 36760 ltp_20060918-3.diff.gz
 c971f33ae683fcd439f8e8ccaacb7a21971107b7 234814 ltp-tools_20060918-3_i386.deb
 927307f12aab9dc15aa5d63fdfff3c302b7e2071 123012 ltp-dev_20060918-3_i386.deb
 03266ab4934d49c965d7403a705f92248055464e 18763540 ltp-kernel-test_20060918-3_i386.deb
 a8092f8f1d18e55b25d749443ca4040cb7dfd038 1555508 ltp-network-test_20060918-3_i386.deb
 a94062fcf491905351a7e4c76b8131208dc51436 3716 ltp-commands-test_20060918-3_i386.deb
 95ab3e9a318ae849ef922f1f60bbfd66d13171ac 302322 ltp-misc-test_20060918-3_i386.deb
 c4f6beb85629983ad551a498b5f19d47a4d12b9d 13684 ltp-disc-test_20060918-3_i386.deb
 0cba2acc943bbe690115cdfee946fd79d8862765 30946 ltp_20060918-3_all.deb
Checksums-Sha256: 
 7bf57ec6128bdcc83fe69eeb70aa6df0f2a99e957364520d2a5ef18d8118f477 1367 ltp_20060918-3.dsc
 085f0db680ae1b716f85609066edcfdaf49950c092b2a2b5f532f403a10473ac 36760 ltp_20060918-3.diff.gz
 d7ca6dee1e4a5d6ff2ccb61fd36f1e73c0cbfc38cf20d80f1746827cc342f580 234814 ltp-tools_20060918-3_i386.deb
 23f0c62a02e3b215a8fabaca0e84490110e145708d51697e093f05bfd9044187 123012 ltp-dev_20060918-3_i386.deb
 699ee18ea8b32ce42efad6b36bebb56ac2dd7bcba065a81a29fe68ff5559aee8 18763540 ltp-kernel-test_20060918-3_i386.deb
 18e1a3dcb6a4ee09e66575662fbf403e71193ae0e8e0783fd66bbf0497e4dc81 1555508 ltp-network-test_20060918-3_i386.deb
 37d012cd925006c64792313d785994d85cc44be262f07f6826167be310ef0e1f 3716 ltp-commands-test_20060918-3_i386.deb
 a492c12b8f52ac5cd78f9ff4edb9013be12d7f8d7ed4f389cdb8afe985a0d975 302322 ltp-misc-test_20060918-3_i386.deb
 e784c7c1d5d6437ab604e7f71a9f57f1558ff995419c799c442acb9257991222 13684 ltp-disc-test_20060918-3_i386.deb
 17a8b9a00e588416daf31c5e6546c8b8588fa29a15be60537c273aa711b9e275 30946 ltp_20060918-3_all.deb
Files: 
 8aa514b4f536835f590945759c06d30d 1367 misc optional ltp_20060918-3.dsc
 112c693ef42cf6452b7137bc3700e8cf 36760 misc optional ltp_20060918-3.diff.gz
 83bd4228c6ba7159d31d17b0d4e5bb12 234814 misc optional ltp-tools_20060918-3_i386.deb
 ab3a6100d417209aba44fa169d25cf22 123012 misc optional ltp-dev_20060918-3_i386.deb
 823b24004c530805e09c12eab95bdae0 18763540 misc optional ltp-kernel-test_20060918-3_i386.deb
 b049090e9265f78708363495ce0543e6 1555508 misc optional ltp-network-test_20060918-3_i386.deb
 3d35fabdc30c918d08f660c5dda61f64 3716 misc optional ltp-commands-test_20060918-3_i386.deb
 232c149e74ce7ab315fd69033a7a74a9 302322 misc optional ltp-misc-test_20060918-3_i386.deb
 0d1c8bda78c4b73f149e47fad379d027 13684 misc optional ltp-disc-test_20060918-3_i386.deb
 4ebac14bf45892f251972f9b0177772f 30946 misc optional ltp_20060918-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJIsyHXAAoJEGz0hbPcukPfltAH/25Hgmo117gRaM1DV8GfUFAI
YX67J4BuQPNGJ33brLcB73vJOpzqoHm7KNU7GJSdkoS4NLobRiRJ4L06+eIAj6ZT
eOV4triiDcybU7OpEzV+KR/9qLl6vA/ig5MXkNmH1C9Ch81tWbexv2xuLmfUG9va
Sdkk37HnonmS6Gr5IxPmp4JioixANAGFUr6VwgRt+Y/n566COfibVS6UJLTih1zY
KmQtextdlGhBzDV7UonQ1wyY4jyi95uZnh0a+XigB2WzWuzE66TFtUSA+jSbb/A3
IHR902UF8yEhc8VaK/YOUJd8rNq5H5pPSscS4e9Bjb0RF7eZkwUOfvAzmvDU6yg=
=Xmeo
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Alastair McKinstry <mckinstry@debian.org>:
Bug#496411; Package ltp-network-test. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Alastair McKinstry <mckinstry@debian.org>. Full text and rfc822 format available.

Message #29 received at 496411@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Thijs Kinkhorst <thijs@debian.org>
Cc: 496411@bugs.debian.org, control@bugs.debian.org
Subject: Re: patch sent to wrong bug, issues present
Date: Mon, 25 Aug 2008 23:43:20 +0200
severity 496411 grave
thanks

On Mon, Aug 25, 2008 at 10:00:33PM +0200, Thijs Kinkhorst wrote:
> The issue is present in the mentioned files. As a matter of fact, there are 
> many more issues, the testset seems to be built around writing things in /tmp 
> with hardcoded filenames.
> 
> This is dangerous because as I understand it, these tests run as root. 
> However, I would not expect people to run such a test set on production- or 
> multiuser systems.
> 
> So my solution to this bug would be the following: we (security team) mark the 
> package to be supported unsupported for multi-user, production environments. 
> To that effect a short README.Debian would need to be added to the package 
> that states something like this:
> 
> ===
> This test suite is only intended to be run on non-production, single user 
> systems. The scripts use various techniques that are exploitable in a context 
> of potentially malicious local users.
> ===
> 
> It may seem a bit obvious but I think it's better to be explicit than sorry. 
> Can you take care of uploading a version with this change and get it into 
> lenny? Let me know if you need me to make an NMU.

I agree with the approach, but let's make sure it doesn't fall through the cracks
by raising the severity to RC level again.

Cheers,
        Moritz




Severity set to `grave' from `important' Request was from Moritz Muehlenhoff <jmm@inutil.org> to control@bugs.debian.org. (Mon, 25 Aug 2008 22:09:16 GMT) Full text and rfc822 format available.

Bug marked as found in version 20080831+dfsg-2 and reopened. Request was from Jiří Paleček <jpalecek@web.de> to control@bugs.debian.org. (Thu, 18 Sep 2008 08:45:14 GMT) Full text and rfc822 format available.

Reply sent to Jiří Paleček <jpalecek@web.de>:
You have taken responsibility. (Thu, 06 Nov 2008 08:36:03 GMT) Full text and rfc822 format available.

Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. (Thu, 06 Nov 2008 08:36:03 GMT) Full text and rfc822 format available.

Message #38 received at 496411-done@bugs.debian.org (full text, mbox):

From: Jiří Paleček <jpalecek@web.de>
To: 496411-done@bugs.debian.org
Subject: Closing
Date: Thu, 06 Nov 2008 09:33:54 +0100
Version: 20081031+dfsg-1

Hello,

I've attempted to close the bug, but have written malformed closing  
statement in the changelog. Therefore, I'm closing it manually.

Regards
    Jiri Palecek

-- 
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/




Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#496411; Package ltp-network-test. (Thu, 20 Nov 2008 02:27:02 GMT) Full text and rfc822 format available.

Message #41 received at 496411@bugs.debian.org (full text, mbox):

From: Raphael Geissert <atomo64@gmail.com>
To: 496411@bugs.debian.org
Cc: control@bugs.debian.org
Subject: #496411: nothing was fixed at all
Date: Wed, 19 Nov 2008 20:25:41 -0600
[Message part 1 (text/plain, inline)]
found 496411 20060918-3
found 496411 20081031+dfsg-1
thanks

I have found all of the reported issues in BOTH versions marked as fixed.
Please stop blindly closing this report and *do verify* everything is fixed.

Attached are the results of a quick grep on both packages.

Regards,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
[20060918-3.grep (text/plain, attachment)]
[20081031+dfsg-1.grep (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]

Bug marked as found in version 20060918-3. Request was from Raphael Geissert <atomo64@gmail.com> to control@bugs.debian.org. (Thu, 20 Nov 2008 02:27:03 GMT) Full text and rfc822 format available.

Bug marked as found in version 20081031+dfsg-1 and reopened. Request was from Raphael Geissert <atomo64@gmail.com> to control@bugs.debian.org. (Thu, 20 Nov 2008 02:27:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#496411; Package ltp-network-test. (Thu, 20 Nov 2008 22:39:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Thu, 20 Nov 2008 22:39:07 GMT) Full text and rfc822 format available.

Message #50 received at 496411@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Jiří Paleček <jpalecek@web.de>
Cc: 496411@bugs.debian.org
Subject: Re: Closing
Date: Thu, 20 Nov 2008 23:38:33 +0100
On Thu, Nov 06, 2008 at 09:33:54AM +0100, Jiří Paleček wrote:
> Version: 20081031+dfsg-1
> 
> Hello,
> 
> I've attempted to close the bug, but have written malformed closing  
> statement in the changelog. Therefore, I'm closing it manually.

Jiri, I saw that you've adopted LTP and prepared new packages for
experimental after it was orphaned. Thanks for that.

I'm wondering if the current LTP in Lenny is really useful, since
it's totally outdated. Shouldn't we just drop it from Lenny and
start fresh with your new packages in Squeeze, the next Debian
release?

Cheers,
        Moritz




Tags removed: patch Request was from Jiří Paleček <jpalecek@web.de> to control@bugs.debian.org. (Sun, 23 Nov 2008 01:18:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#496411; Package ltp-network-test. (Sun, 23 Nov 2008 01:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jiri Palecek <jpalecek@web.de>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Sun, 23 Nov 2008 01:27:04 GMT) Full text and rfc822 format available.

Message #57 received at 496411@bugs.debian.org (full text, mbox):

From: Jiri Palecek <jpalecek@web.de>
To: Raphael Geissert <atomo64@gmail.com>
Cc: 496411@bugs.debian.org, Moritz Muehlenhoff <jmm@inutil.org>, Thijs Kinkhorst <thijs@debian.org>
Subject: Re: #496411: nothing was fixed at all
Date: Sun, 23 Nov 2008 02:23:13 +0100
Hello,

On Thursday 20 November 2008 03:25:41 Raphael Geissert wrote:
> I have found all of the reported issues in BOTH versions marked as fixed.
> Please stop blindly closing this report and *do verify* everything is
> fixed.

I believe you have read the reason why this bug was closed. If you disagree, 
please reply to this message by Thijs Kinkhorst:

http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;mbox=yes;bug=496411

Regards
    Jiri Palecek





Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#496411; Package ltp-network-test. (Sun, 23 Nov 2008 01:48:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Sun, 23 Nov 2008 01:48:02 GMT) Full text and rfc822 format available.

Message #62 received at 496411@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Jiri Palecek <jpalecek@web.de>
Cc: Raphael Geissert <atomo64@gmail.com>, 496411@bugs.debian.org, Moritz Muehlenhoff <jmm@inutil.org>, Thijs Kinkhorst <thijs@debian.org>
Subject: Re: #496411: nothing was fixed at all
Date: Sun, 23 Nov 2008 02:40:33 +0100
fixed 496411 20060918-3
thanks

On Sun, Nov 23, 2008 at 02:23:13AM +0100, Jiri Palecek wrote:
> Hello,
> 
> On Thursday 20 November 2008 03:25:41 Raphael Geissert wrote:
> > I have found all of the reported issues in BOTH versions marked as fixed.
> > Please stop blindly closing this report and *do verify* everything is
> > fixed.
> 
> I believe you have read the reason why this bug was closed. If you disagree, 
> please reply to this message by Thijs Kinkhorst:
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;mbox=yes;bug=496411

I confirm the README.Debian is present.

Cheers,
         Moritz




Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#496411; Package ltp-network-test. (Sun, 23 Nov 2008 02:03:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Raphael Geissert" <atomo64@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Sun, 23 Nov 2008 02:03:05 GMT) Full text and rfc822 format available.

Message #67 received at 496411@bugs.debian.org (full text, mbox):

From: "Raphael Geissert" <atomo64@gmail.com>
To: "Moritz Muehlenhoff" <jmm@inutil.org>
Cc: "Jiri Palecek" <jpalecek@web.de>, 496411@bugs.debian.org, "Thijs Kinkhorst" <thijs@debian.org>
Subject: Re: #496411: nothing was fixed at all
Date: Sat, 22 Nov 2008 19:59:28 -0600
2008/11/22 Moritz Muehlenhoff <jmm@inutil.org>:
> fixed 496411 20060918-3
> thanks

You didn't send a copy of the email to control@bugs.d.o, nothing was done.

>
> On Sun, Nov 23, 2008 at 02:23:13AM +0100, Jiri Palecek wrote:
>> Hello,
>>
>> On Thursday 20 November 2008 03:25:41 Raphael Geissert wrote:
>> > I have found all of the reported issues in BOTH versions marked as fixed.
>> > Please stop blindly closing this report and *do verify* everything is
>> > fixed.
>>
>> I believe you have read the reason why this bug was closed. If you disagree,
>> please reply to this message by Thijs Kinkhorst:
>>
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;mbox=yes;bug=496411
>
> I confirm the README.Debian is present.

But not in the affected binary package.

sid's package has:
/usr/share/doc/ltp-network-test/changelog.Debian.gz
/usr/share/doc/ltp-network-test/copyright
/usr/share/doc/ltp-network-test/network.txt.gz

but no readme.Debian

experimental has:
/usr/share/doc/ltp-network-test/README.network_stress
/usr/share/doc/ltp-network-test/README.network_stress/README.gz
/usr/share/doc/ltp-network-test/copyright
/usr/share/doc/ltp-network-test/network_stress.txt.gz
/usr/share/doc/ltp-network-test/network.txt.gz
/usr/share/doc/ltp-network-test/changelog.gz
/usr/share/doc/ltp-network-test/changelog.Debian.gz
/usr/share/doc/ltp-network-test/README.gz

the last file belonging to LTP itself.

After taking a look at the source package I noticed the README is
being installed in ltp-tools.

And that's what should be fixed, as ltp-tools by itself is not
affected while ltp-network-test is (and they don't share a doc/ltp dir
either).

P.S. I apologise for being rude on my previous email.

>
> Cheers,
>         Moritz
>

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

P. J. O'Rourke  - "Never wear anything that panics the cat."




Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#496411; Package ltp-network-test. (Thu, 27 Nov 2008 09:51:13 GMT) Full text and rfc822 format available.

Acknowledgement sent to Filippo Giunchedi <filippo@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Thu, 27 Nov 2008 09:51:14 GMT) Full text and rfc822 format available.

Message #72 received at 496411@bugs.debian.org (full text, mbox):

From: Filippo Giunchedi <filippo@debian.org>
To: Raphael Geissert <atomo64@gmail.com>, 496411@bugs.debian.org
Cc: Moritz Muehlenhoff <jmm@inutil.org>, Jiri Palecek <jpalecek@web.de>, Thijs Kinkhorst <thijs@debian.org>
Subject: Re: Bug#496411: #496411: nothing was fixed at all
Date: Thu, 27 Nov 2008 10:50:25 +0100
[Message part 1 (text/plain, inline)]
On Sat, Nov 22, 2008 at 07:59:28PM -0600, Raphael Geissert wrote:
> > On Sun, Nov 23, 2008 at 02:23:13AM +0100, Jiri Palecek wrote:
> >> Hello,
> >>
> >> On Thursday 20 November 2008 03:25:41 Raphael Geissert wrote:
> >> > I have found all of the reported issues in BOTH versions marked as fixed.
> >> > Please stop blindly closing this report and *do verify* everything is
> >> > fixed.
> >>
> >> I believe you have read the reason why this bug was closed. If you disagree,
> >> please reply to this message by Thijs Kinkhorst:
> >>
> >> http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;mbox=yes;bug=496411
> >
> > I confirm the README.Debian is present.
> 
> But not in the affected binary package.

Indeed, is there an ETA for this bug? At least for the unstable (i.e. with
maintainer QA) version.

FWIW as the fix looks trivial I think it is worth keeping the package.

filippo
--
Filippo Giunchedi - http://esaurito.net
PGP key: 0x6B79D401
random quote follows:

Recursion is the root of computation since it trades description for time.
-- Alan Perlis
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#496411; Package ltp-network-test. (Sat, 29 Nov 2008 10:21:40 GMT) Full text and rfc822 format available.

Acknowledgement sent to Frank Lichtenheld <djpig@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Sat, 29 Nov 2008 10:21:42 GMT) Full text and rfc822 format available.

Message #77 received at 496411@bugs.debian.org (full text, mbox):

From: Frank Lichtenheld <djpig@debian.org>
To: Filippo Giunchedi <filippo@debian.org>, 496411@bugs.debian.org
Cc: Raphael Geissert <atomo64@gmail.com>, Moritz Muehlenhoff <jmm@inutil.org>, Jiri Palecek <jpalecek@web.de>, Thijs Kinkhorst <thijs@debian.org>
Subject: Re: Bug#496411: #496411: nothing was fixed at all
Date: Sat, 29 Nov 2008 11:15:17 +0100
On Thu, Nov 27, 2008 at 10:50:25AM +0100, Filippo Giunchedi wrote:
> On Sat, Nov 22, 2008 at 07:59:28PM -0600, Raphael Geissert wrote:
> > > On Sun, Nov 23, 2008 at 02:23:13AM +0100, Jiri Palecek wrote:
> > >> I believe you have read the reason why this bug was closed. If you disagree,
> > >> please reply to this message by Thijs Kinkhorst:
> > >>
> > >> http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;mbox=yes;bug=496411
> > > I confirm the README.Debian is present.
> > But not in the affected binary package.
> Indeed, is there an ETA for this bug? At least for the unstable (i.e. with
> maintainer QA) version.
> 
> FWIW as the fix looks trivial I think it is worth keeping the package.

I disagree. I doubt that the version in unstable/testing is useful for
anyone, and if it is, it is still available in etch anyway.
So I would go for removing it from testing.

Gruesse,
-- 
Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/




Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#496411; Package ltp-network-test. (Sat, 29 Nov 2008 11:33:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Filippo Giunchedi <filippo@esaurito.net>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Sat, 29 Nov 2008 11:33:08 GMT) Full text and rfc822 format available.

Message #82 received at 496411@bugs.debian.org (full text, mbox):

From: Filippo Giunchedi <filippo@esaurito.net>
To: Frank Lichtenheld <djpig@debian.org>
Cc: Filippo Giunchedi <filippo@debian.org>, 496411@bugs.debian.org, Raphael Geissert <atomo64@gmail.com>, Moritz Muehlenhoff <jmm@inutil.org>, Jiri Palecek <jpalecek@web.de>, Thijs Kinkhorst <thijs@debian.org>
Subject: Re: Bug#496411: #496411: nothing was fixed at all
Date: Sat, 29 Nov 2008 12:31:31 +0100
[Message part 1 (text/plain, inline)]
On Sat, Nov 29, 2008 at 11:15:17AM +0100, Frank Lichtenheld wrote:
> On Thu, Nov 27, 2008 at 10:50:25AM +0100, Filippo Giunchedi wrote:
> > On Sat, Nov 22, 2008 at 07:59:28PM -0600, Raphael Geissert wrote:
> > > > On Sun, Nov 23, 2008 at 02:23:13AM +0100, Jiri Palecek wrote:
> > > >> I believe you have read the reason why this bug was closed. If you disagree,
> > > >> please reply to this message by Thijs Kinkhorst:
> > > >>
> > > >> http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;mbox=yes;bug=496411
> > > > I confirm the README.Debian is present.
> > > But not in the affected binary package.
> > Indeed, is there an ETA for this bug? At least for the unstable (i.e. with
> > maintainer QA) version.
> > 
> > FWIW as the fix looks trivial I think it is worth keeping the package.
> 
> I disagree. I doubt that the version in unstable/testing is useful for
> anyone, and if it is, it is still available in etch anyway.
> So I would go for removing it from testing.

Fair enough, given also the low popcon

filippo
--
Filippo Giunchedi - http://esaurito.net
PGP key: 0x6B79D401
random quote follows:

The only way to get rid of a temptation is to yield to it.
-- Oscar Wilde
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#496411; Package ltp-network-test. (Sat, 29 Nov 2008 15:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Frank Lichtenheld <djpig@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Sat, 29 Nov 2008 15:12:03 GMT) Full text and rfc822 format available.

Message #87 received at 496411@bugs.debian.org (full text, mbox):

From: Frank Lichtenheld <djpig@debian.org>
To: Filippo Giunchedi <filippo@esaurito.net>
Cc: debian-release@lists.debian.org, 496411@bugs.debian.org, Raphael Geissert <atomo64@gmail.com>, Moritz Muehlenhoff <jmm@inutil.org>, Jiri Palecek <jpalecek@web.de>, Thijs Kinkhorst <thijs@debian.org>
Subject: Re: Bug#496411: #496411: nothing was fixed at all
Date: Sat, 29 Nov 2008 16:08:56 +0100
Dear release team,

On Sat, Nov 29, 2008 at 12:31:31PM +0100, Filippo Giunchedi wrote:
> On Sat, Nov 29, 2008 at 11:15:17AM +0100, Frank Lichtenheld wrote:
> > On Thu, Nov 27, 2008 at 10:50:25AM +0100, Filippo Giunchedi wrote:
> > > Indeed, is there an ETA for this bug? At least for the unstable (i.e. with
> > > maintainer QA) version.
> > > 
> > > FWIW as the fix looks trivial I think it is worth keeping the package.
> > 
> > I disagree. I doubt that the version in unstable/testing is useful for
> > anyone, and if it is, it is still available in etch anyway.
> > So I would go for removing it from testing.
> 
> Fair enough, given also the low popcon

I recommend to remove ltp/20060918-3 from testing

Gruesse,
-- 
Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/




Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#496411; Package ltp-network-test. (Sun, 07 Dec 2008 18:36:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Sun, 07 Dec 2008 18:36:02 GMT) Full text and rfc822 format available.

Message #92 received at 496411@bugs.debian.org (full text, mbox):

From: Luk Claes <luk@debian.org>
To: Filippo Giunchedi <filippo@esaurito.net>, debian-release@lists.debian.org, 496411@bugs.debian.org, Raphael Geissert <atomo64@gmail.com>, Moritz Muehlenhoff <jmm@inutil.org>, Jiri Palecek <jpalecek@web.de>, Thijs Kinkhorst <thijs@debian.org>
Subject: Re: Bug#496411: #496411: nothing was fixed at all
Date: Sun, 07 Dec 2008 19:35:17 +0100
Frank Lichtenheld wrote:
> Dear release team,
> 
> On Sat, Nov 29, 2008 at 12:31:31PM +0100, Filippo Giunchedi wrote:
>> On Sat, Nov 29, 2008 at 11:15:17AM +0100, Frank Lichtenheld wrote:
>>> On Thu, Nov 27, 2008 at 10:50:25AM +0100, Filippo Giunchedi wrote:
>>>> Indeed, is there an ETA for this bug? At least for the unstable (i.e. with
>>>> maintainer QA) version.
>>>>
>>>> FWIW as the fix looks trivial I think it is worth keeping the package.
>>> I disagree. I doubt that the version in unstable/testing is useful for
>>> anyone, and if it is, it is still available in etch anyway.
>>> So I would go for removing it from testing.
>> Fair enough, given also the low popcon
> 
> I recommend to remove ltp/20060918-3 from testing

removal hint added

Cheers

Luk




Reply sent to Jiri Palecek <jpalecek@web.de>:
You have taken responsibility. (Fri, 19 Dec 2008 09:48:03 GMT) Full text and rfc822 format available.

Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. (Fri, 19 Dec 2008 09:48:03 GMT) Full text and rfc822 format available.

Message #97 received at 496411-close@bugs.debian.org (full text, mbox):

From: Jiri Palecek <jpalecek@web.de>
To: 496411-close@bugs.debian.org
Subject: Bug#496411: fixed in ltp 20081130+dfsg-3
Date: Fri, 19 Dec 2008 09:32:13 +0000
Source: ltp
Source-Version: 20081130+dfsg-3

We believe that the bug you reported is fixed in the latest version of
ltp, which is due to be installed in the Debian FTP archive:

ltp-commands-test_20081130+dfsg-3_i386.deb
  to pool/main/l/ltp/ltp-commands-test_20081130+dfsg-3_i386.deb
ltp-dev_20081130+dfsg-3_i386.deb
  to pool/main/l/ltp/ltp-dev_20081130+dfsg-3_i386.deb
ltp-disc-test_20081130+dfsg-3_i386.deb
  to pool/main/l/ltp/ltp-disc-test_20081130+dfsg-3_i386.deb
ltp-kernel-test_20081130+dfsg-3_i386.deb
  to pool/main/l/ltp/ltp-kernel-test_20081130+dfsg-3_i386.deb
ltp-misc-test_20081130+dfsg-3_i386.deb
  to pool/main/l/ltp/ltp-misc-test_20081130+dfsg-3_i386.deb
ltp-network-test_20081130+dfsg-3_i386.deb
  to pool/main/l/ltp/ltp-network-test_20081130+dfsg-3_i386.deb
ltp-tools_20081130+dfsg-3_i386.deb
  to pool/main/l/ltp/ltp-tools_20081130+dfsg-3_i386.deb
ltp_20081130+dfsg-3.diff.gz
  to pool/main/l/ltp/ltp_20081130+dfsg-3.diff.gz
ltp_20081130+dfsg-3.dsc
  to pool/main/l/ltp/ltp_20081130+dfsg-3.dsc
ltp_20081130+dfsg-3_all.deb
  to pool/main/l/ltp/ltp_20081130+dfsg-3_all.deb
ltp_20081130+dfsg.orig.tar.gz
  to pool/main/l/ltp/ltp_20081130+dfsg.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 496411@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jiri Palecek <jpalecek@web.de> (supplier of updated ltp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 17 Dec 2008 10:29:55 +0100
Source: ltp
Binary: ltp-tools ltp-dev ltp-kernel-test ltp-network-test ltp-commands-test ltp-misc-test ltp-disc-test ltp
Architecture: source all i386
Version: 20081130+dfsg-3
Distribution: unstable
Urgency: low
Maintainer: Jiri Palecek <jpalecek@web.de>
Changed-By: Jiri Palecek <jpalecek@web.de>
Description: 
 ltp        - The Linux Test Project test suite
 ltp-commands-test - Command tests for the Linux Test Project
 ltp-dev    - development files for Linux Test Project
 ltp-disc-test - Disk I/O tests for the Linux Test Project
 ltp-kernel-test - kernel tests for the Linux Test Project
 ltp-misc-test - Misc. tests for the Linux Test Project
 ltp-network-test - Network tests for the Linux Test Project
 ltp-tools  - Utilities for running the Linux Test Project test suite
Closes: 420148 470091 496411 496411
Changes: 
 ltp (20081130+dfsg-3) unstable; urgency=low
 .
   * Correct preprocessor directives in signalfd testcase
 .
 ltp (20081130+dfsg-2) unstable; urgency=low
 .
   * Fix a syntax error in connectors makefile
   * Bump standards version to 3.8.0 (no changes needed; however, we
     don't support parallel=n)
 .
 ltp (20081130+dfsg-1) experimental; urgency=low
 .
   * New upstream version
   * Add README.Debian to all binary packages (closes: #496411)
   * Build-depend on autoconf, used to determine presence of some syscalls
   * Always build all controllers tests on Debian
   * Build the connectors tests too
   * Enable the controllers tests
   * Use dh_buildinfo while building
 .
 ltp (20081031+dfsg-2) experimental; urgency=low
 .
   * Deal with missing syscalls (causing FTBFS on alpha)
 .
 ltp (20081031+dfsg-1) experimental; urgency=low
 .
   * New upstream version
   * Delete an a.out file in eventfd Makefile (fixes FTBFS)
   * Don't depend on ncurses as we don't use it in the build process
   * Change the install rule to reflect upstream's installing into
     $(DESTDIR)/$(PREFIX) now
   * Suggest c-compiler and linux-libc-dev for the asapi test
   * Include the power management tests
   * Forward return values from children in some tests
 .
 ltp (20080930+dfsg-1) experimental; urgency=low
 .
   * New Upstream version 20080930
   * Don't depend on gawk, because the scripts have been updated not to
     need it.
   * Updated copyright for new version
   * Add a README.source file
   * Do not make stub definitions for syscalls, whose tests check for
     their presence with their own logic
   * Moved the include files back to /usr/include/ltp
   * Add a README.Debian file explainig the security status of the
     package (closes: 496411)
   * Correct the condition of compiling the timerfd test; should fix
     FTBFS with some kernel versions
   * Don't make utimensat01 setuid; remove sudo calls from
     utimensat_tests.sh
   * Recommend libcap2-bin in ltp-kernel-test, as the filecaps test needs
     setcap
   * Implement a (hopefully) proper way of getting machine endiannes in
     file_test.sh
   * Compile and include the ltp-aiodio tests
   * Enabled ipv6_lib tests
 .
 ltp (20080831+dfsg-2) experimental; urgency=low
 .
   * Remove duplicate entries from .install files, change the logic for
     generating them
   * Add Vcs-* and Homepage fields to copyright and modify packages'
     description to include LTP description and a big warning
   * Add watch file
   * Fix some bashisms
 .
 ltp (20080831+dfsg-1) experimental; urgency=low
 .
   * New upstream version (closes: #420148)
   * Added some manpages
 .
 ltp (20080731+dfsg-1) UNRELEASED; urgency=low
 .
   * New upstream version
   * Build-Depends fixes
   * Fix permissions of ltp-dev files
   * Adapt copyright to new version
   * Don't run git-dch when importing upstream (hopefully)
   * Imported Upstream version 20080831
   * Remove cruft from .orig.tar.gz
   * Make clean target remove generated file
     tescases/kernel/include/linux_syscall_numbers.h
   * Changed dfsg-cleanup script to automatically solve merge conflicts
     on removed files in git
 .
 ltp (20080630+dfsg-1) UNRELEASED; urgency=low
 .
   * New upstream version
   * New maintainer (closes: #470091)
   * Add manual pages to ltp-dev (taken from upstream rpm ltp package)
   * Change ltp-dev install use the official install target. Also, move
     the include files to /usr/include and make the pkg-config file
     functional.
   * Generate and package reference files from the maths tests
   * Delete the change_owner and creat_link binary, as it is an insecure suid
     root binary; rewrite tests that use it
   * Fixed syslog for use in Debian
   * Add $LTPTOOLS to PATH to find tst_resm and friends
   * Fixed some bashisms
   * Use nogroup instead of nobody for the name of the nobody user's
     group
   * Build fixes
Checksums-Sha1: 
 bb9dd0a86d941db9f6fe59e88d13acaf2bb0d965 1293 ltp_20081130+dfsg-3.dsc
 9217d6e5610b187c75316bdd471017ff9f2f9c73 5898086 ltp_20081130+dfsg.orig.tar.gz
 02e6b68d5b275398f3545c8053d6ef31ea4c6737 54966 ltp_20081130+dfsg-3.diff.gz
 54c8ed041771dae2a17d2e7506bcb3c5a1024913 200208 ltp_20081130+dfsg-3_all.deb
 50ced406138b687cd781c8935a91f65665eb9c41 264940 ltp-tools_20081130+dfsg-3_i386.deb
 fb1235f045316578f6a48a6892ec197042d99315 259408 ltp-dev_20081130+dfsg-3_i386.deb
 f8778cf2c93427e4a833ab0c4c7e223f9bafed5c 4575176 ltp-kernel-test_20081130+dfsg-3_i386.deb
 5dacc54fbad99b6ab4ae53dcafa605a35ce483c7 677366 ltp-network-test_20081130+dfsg-3_i386.deb
 bcf61527b89fe008d82f2c6a2648cb96f9ec8739 246272 ltp-commands-test_20081130+dfsg-3_i386.deb
 f964d8148e79f2d52b949633a177775220f66851 6126508 ltp-misc-test_20081130+dfsg-3_i386.deb
 f2ee02da9e93c82da04443057e604e9074beb413 230084 ltp-disc-test_20081130+dfsg-3_i386.deb
Checksums-Sha256: 
 f9fa21c4d38cb0e2026ca1a3b03f41762b1410a47de427d4adc717cf990ca0bc 1293 ltp_20081130+dfsg-3.dsc
 1c6205eeaa0c6b41a7df9ad7474450302e79979b2bd3573504699a47fb48c2fc 5898086 ltp_20081130+dfsg.orig.tar.gz
 a526c8d91b25befb324ae123c0c102028c5ef6e6d4c91131e08eaae09b642790 54966 ltp_20081130+dfsg-3.diff.gz
 10331e449ded39227f0c2acc236d814189161dbafccff0eb1262eac0b92fed2b 200208 ltp_20081130+dfsg-3_all.deb
 771ca67dd9bb7a48ad2c72a0455836c879552d745214045de2959f5468044bc5 264940 ltp-tools_20081130+dfsg-3_i386.deb
 c3e87b2227a50bdf44931c442dc5dd8d9b55978c20a42116b389f09644a476b5 259408 ltp-dev_20081130+dfsg-3_i386.deb
 9758b47981535dd1a8c6bf60d92e0fd6928f6d64e69688708877ee96e3875d2d 4575176 ltp-kernel-test_20081130+dfsg-3_i386.deb
 49c57b927fd55059b1b90f6c0a3f26b389d395c45cb5d025e89c45f4e2b35c1b 677366 ltp-network-test_20081130+dfsg-3_i386.deb
 e1fc411e13242635a471f14d9479092c1ff6441bbec907074275baecbc83b02d 246272 ltp-commands-test_20081130+dfsg-3_i386.deb
 75947e356f446975bea0177af4928822c5688262135f182d98340ba49110597a 6126508 ltp-misc-test_20081130+dfsg-3_i386.deb
 f3bed4d5e7fdba0ade6ba245dc54b7557cac3a631f08af1b59a5fe645b3cf5d5 230084 ltp-disc-test_20081130+dfsg-3_i386.deb
Files: 
 13a2f0bd467ed428feb4c6c6442987b8 1293 misc extra ltp_20081130+dfsg-3.dsc
 e0aeb4ee9ca486431dd0a8861c602369 5898086 misc extra ltp_20081130+dfsg.orig.tar.gz
 6d0fa15153a43ec2361370a0712e3c7c 54966 misc extra ltp_20081130+dfsg-3.diff.gz
 76838b4a08b4b93c64b947c93ef3a27f 200208 misc extra ltp_20081130+dfsg-3_all.deb
 60533a78c8e212effe3dc2f24e0fe202 264940 misc extra ltp-tools_20081130+dfsg-3_i386.deb
 a87c63fc8b2b09f821a549f3d57a8975 259408 misc extra ltp-dev_20081130+dfsg-3_i386.deb
 d8763d537f187ee9c49bdf81d91a33a3 4575176 misc extra ltp-kernel-test_20081130+dfsg-3_i386.deb
 4106664bb6299147d100de615fccad7e 677366 misc extra ltp-network-test_20081130+dfsg-3_i386.deb
 82f1417fd2e5d0f1ecaf93d2618bd077 246272 misc extra ltp-commands-test_20081130+dfsg-3_i386.deb
 8b341b66af8b938f061cb4b6e5a78348 6126508 misc extra ltp-misc-test_20081130+dfsg-3_i386.deb
 3e2f31a0301692927f8c34fafb79522e 230084 misc extra ltp-disc-test_20081130+dfsg-3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJS2WJibPvMsrqrwMRAoG4AKCktjkzMSeuPMYs1n2uI5No0h4qiQCeIyQ/
OJKvd74DZwiDexdyxi8s12E=
=LAZK
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 20 Jan 2009 07:25:48 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 01:24:58 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.