Debian Bug report logs - #496431
The possibility of attack with the help of symlinks in some Debian packages

version graph

Package: emacspeak; Maintainer for emacspeak is Debian Accessibility Team <pkg-a11y-devel@alioth-lists.debian.net>; Source for emacspeak is src:emacspeak (PTS, buildd, popcon).

Reported by: "Dmitry E. Oboukhov" <dimka@uvw.ru>

Date: Sun, 24 Aug 2008 18:12:11 UTC

Severity: grave

Tags: patch, security

Fixed in versions emacspeak/28.0-2, emacspeak/26.0-3+lenny1

Done: Kumar Appaiah <akumar@debian.org>

Bug is archived. No further changes may be made.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, jrv@debian.org (James R. Van Zandt):
Bug#496431; Package emacspeak. (full text, mbox, link).


Acknowledgement sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
New Bug report received and forwarded. Copy sent to jrv@debian.org (James R. Van Zandt). (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: "Dmitry E. Oboukhov" <dimka@uvw.ru>
To: submit@bugs.debian.org
Cc: dimka@uvw.ru
Subject: The possibility of attack with the help of symlinks in some Debian packages
Date: Sun, 24 Aug 2008 22:05:28 +0400
Package: emacspeak
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
    http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
    file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
    file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
    file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
    file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
    file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
    file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
    file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
    file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
    file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
    file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
    file: /usr/share/dtc/admin/accesslog.php
    file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
    file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
    file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
    file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
    file: /usr/share/linuxtrade/bin/linuxtrade.wn
    file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
    file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
    file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
    file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
    file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
    file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
    file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
    file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
    file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
    file: /usr/bin/impose
Binary-package: mgt (2.31-5)
    file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
    file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
    file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
    file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
    file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
    file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
    file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
    file: /usr/lib/lmbench/scripts/rccs
    file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
    file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
    file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
    file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
    file: /usr/bin/optics2rad
    file: /usr/bin/pdelta
    file: /usr/bin/dayfact
    file: /usr/bin/raddepend
Binary-package: vdr-dbg (1.6.0-5)
    file: /usr/bin/vdrleaktest
Binary-package: ogle-mmx (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: convirt (0.8.2-3)
    file: /usr/share/convirt/image_store/_template_/provision.sh
    file: /usr/share/convirt/image_store/Linux_CD_Install/provision.sh
    file: /usr/share/convirt/image_store/Fedora_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/CentOS_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/common/provision.sh
    file: /usr/share/convirt/image_store/example/provision.sh
    file: /usr/share/convirt/image_store/Windows_CD_Install/provision.sh
Binary-package: printfilters-ppd (2.13-9)
    file: /usr/lib/printfilters/master-filter
Binary-package: r-base-core (2.7.1-1)
    file: /usr/lib/R/bin/javareconf
    file: /usr/lib/R/bin/javareconf.orig
Binary-package: xmcd (2.6-19.3)
    file: /usr/share/xmcd/scripts/ncsarmt
    file: /usr/share/xmcd/scripts/ncsawrap
Binary-package: tiger (1:3.2.2-3.1)
    file: /usr/lib/tiger/util/genmsgidx
Binary-package: scilab-bin (4.1.2-5)
    file: /usr/lib/scilab-4.1.2/bin/scilink
    file: /usr/lib/scilab-4.1.2/util/scidoc
    file: /usr/lib/scilab-4.1.2/util/scidem
Binary-package: dpkg-cross (2.3.0)
    file: /usr/share/dpkg-cross/bin/gccross
Binary-package: ltp-network-test (20060918-2.1)
    file: /usr/lib/debian-test/tests/linux/testcases/bin/ftp_setup_vsftp_conf
    file: /usr/lib/debian-test/tests/linux/testcases/bin/nfs_fsstress.sh
Binary-package: cman (2.20080629-1)
    file: /usr/sbin/fence_egenera
Binary-package: scratchbox2 (1.99.0.24-1)
    file: /usr/share/scratchbox2/scripts/dpkg-checkbuilddeps
    file: /usr/share/scratchbox2/scripts/sb2-check-pkg-mappings
Binary-package: sendmail-base (8.14.3-5)
    file: /usr/sbin/checksendmail
    file: /usr/bin/expn
Binary-package: fwbuilder (2.1.19-3)
    file: /usr/bin/fwb_install
Binary-package: sng (1.0.2-5)
    file: /usr/bin/sng_regress
Binary-package: dist (1:3.5-17-1)
    file: /usr/bin/patcil
    file: /usr/bin/patdiff
Binary-package: sympa (5.3.4-5)
    file: /usr/lib/cgi-bin/sympa/wwsympa.fcgi
    file: /usr/lib/sympa/bin/sympa.pl
Binary-package: postfix (2.5.2-2)
    file: /usr/lib/postfix_groups.pl
Binary-package: caudium (3:1.4.12-11)
    file: /usr/share/caudium/configvar
Binary-package: mgetty-fax (1.1.36-1.2)
    file: /usr/bin/faxspool
Binary-package: aegis (4.24-3)
    file: /usr/share/doc/aegis/examples/remind/bng_dvlpd.sh
    file: /usr/share/doc/aegis/examples/remind/bng_rvwd.sh
    file: /usr/share/doc/aegis/examples/remind/awt_dvlp.sh
    file: /usr/share/doc/aegis/examples/remind/awt_intgrtn.sh
Binary-package: aegis-web (4.24-3)
    file: /usr/lib/cgi-bin/aegis.cgi
Binary-package: digitaldj (0.7.5-6+b1)
    file: /usr/share/digitaldj/fest.pl
Binary-package: mon (0.99.2-12)
    file: /usr/lib/mon/alert.d/test.alert
Binary-package: feta (1.4.16)
    file: /usr/share/feta/plugins/to-upgrade
Binary-package: arb-common (0.0.20071207.1-4)
    file: /usr/lib/arb/SH/arb_fastdnaml
    file: /usr/lib/arb/SH/dszmconnect.pl
Binary-package: qemu (0.9.1-5)
    file: /usr/sbin/qemu-make-debian-root
Binary-package: apertium (3.0.7+1-1+b1)
    file: /usr/bin/apertium-gen-deformat
    file: /usr/bin/apertium-gen-reformat
    file: /usr/bin/apertium
Binary-package: xcal (4.1-18.3)
    file: /usr/bin/pscal
Binary-package: myspell-tools (1:3.1-20)
    file: /usr/bin/i2myspell
Binary-package: gccxml (0.9.0+cvs20080525-1)
    file: /usr/share/gccxml-0.9/MIPSpro/find_flags
Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4)
    file: /usr/share/freeradius-dialupadmin/bin/backup_radacct
    file: /usr/share/freeradius-dialupadmin/bin/clean_radacct
    file: /usr/share/freeradius-dialupadmin/bin/monthly_tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/truncate_radacct
Binary-package: dhis-server (5.3-1)
    file: /usr/lib/dhis-server/dhis-dummy-log-engine
Binary-package: wims (3.62-13)
    file: /var/lib/wims/public_html/bin/coqweb
    file: /var/lib/wims/bin/account.sh
Binary-package: initramfs-tools (0.92f)
    file: /usr/share/initramfs-tools/init
Binary-package: realtimebattle-common (1.0.8-7)
    file: /usr/lib/realtimebattle/Robots/perl.robot
Binary-package: netmrg (0.20-1)
    file: /usr/bin/rrdedit
Binary-package: bulmages-servers (0.11.1-2)
    file: /usr/share/bulmages/examples/scripts/actualizabulmacont
    file: /usr/share/bulmages/examples/scripts/installbulmages-db
    file: /usr/share/bulmages/examples/scripts/creabulmafact
    file: /usr/share/bulmages/examples/scripts/creabulmacont
    file: /usr/share/bulmages/examples/scripts/actualizabulmafact
Binary-package: xastir (1.9.2-1)
    file: /usr/lib/xastir/get-maptools.sh
    file: /usr/lib/xastir/get_shapelib.sh
Binary-package: plait (1.5.2-1)
    file: /usr/bin/plaiter
    file: /usr/bin/plait
Binary-package: cdrw-taper (0.4-2)
    file: /usr/sbin/amlabel-cdrw
Binary-package: konwert-filters (1.8-11.1)
    file: /usr/share/konwert/filters/any-UTF8
Binary-package: gdrae (0.1-1)
    file: /usr/bin/gdrae
Binary-package: lazarus-src (0.9.24-0-9)
    file: /usr/lib/lazarus/tools/install/create_lazarus_export_tgz.sh




Tags added: Request was from "Dmitry E. Oboukhov" <dimka@uvw.ru> to control@bugs.debian.org. (Tue, 26 Aug 2008 08:45:57 GMT) (full text, mbox, link).


Tags added: security Request was from "Dmitry E. Oboukhov" <dimka@uvw.ru> to control@bugs.debian.org. (Tue, 26 Aug 2008 08:57:45 GMT) (full text, mbox, link).


Reply sent to jrv@debian.org (James R. Van Zandt):
You have taken responsibility. (full text, mbox, link).


Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. (full text, mbox, link).


Message #14 received at 496431-close@bugs.debian.org (full text, mbox, reply):

From: jrv@debian.org (James R. Van Zandt)
To: 496431-close@bugs.debian.org
Subject: Bug#496431: fixed in emacspeak 28.0-2
Date: Wed, 10 Sep 2008 23:32:03 +0000
Source: emacspeak
Source-Version: 28.0-2

We believe that the bug you reported is fixed in the latest version of
emacspeak, which is due to be installed in the Debian FTP archive:

emacspeak_28.0-2.diff.gz
  to pool/main/e/emacspeak/emacspeak_28.0-2.diff.gz
emacspeak_28.0-2.dsc
  to pool/main/e/emacspeak/emacspeak_28.0-2.dsc
emacspeak_28.0-2_all.deb
  to pool/main/e/emacspeak/emacspeak_28.0-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 496431@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James R. Van Zandt <jrv@debian.org> (supplier of updated emacspeak package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----

Format: 1.8
Date: Sat, 06 Sep 2008 16:51:04 -0400
Source: emacspeak
Binary: emacspeak
Architecture: source all
Version: 28.0-2
Distribution: unstable
Urgency: low
Maintainer: James R. Van Zandt <jrv@debian.org>
Changed-By: James R. Van Zandt <jrv@debian.org>
Description: 
 emacspeak  - speech output interface to Emacs
Closes: 496431 498000
Changes: 
 emacspeak (28.0-2) unstable; urgency=low
 .
   * debian/control: Depend on emacs22|emacs21, don't allow alternative
     emacs (since emacspeak does not support emacs20 or xemacs). Depend on
     w3-url-e21. Move w3-el-e21 from Depends: to Suggests: so it does not
     cause an indirect dependency on emacs21. (Closes:Bug#498000).
 .
   * lisp/emacspeak-w3m.el, lisp/emacspeak-wizards.el,
     etc/extract-table.pl, etc/ocr-client.pl: Fix unsave temporary file
     handling (back ported from changes checked into the SVN
     server). (closes:Bug#496431)
Checksums-Sha1: 
 d85b0f52c0c6995c3a4a76a141e23ae7a56fcd5f 1153 emacspeak_28.0-2.dsc
 c3a808dd871050758d0a27b093d74c1eb9b07044 416870 emacspeak_28.0-2.diff.gz
 03123c613905a29df38c2c8a73613209fc53dff4 2910168 emacspeak_28.0-2_all.deb
Checksums-Sha256: 
 df3338ae44e6b6c2f69ee175665a6a0bca10c262dd47554e430ef1d077d4a805 1153 emacspeak_28.0-2.dsc
 ee308296111a864597a03e7cbf2a37ca11dc3621914709be4a3d20ddfc727d9d 416870 emacspeak_28.0-2.diff.gz
 53e45c4fbd24ec02885441d44e0c57c383039224ce4cb454fa1556b53c3d5238 2910168 emacspeak_28.0-2_all.deb
Files: 
 43486e740c71d9e668bf918cc820c94a 1153 editors extra emacspeak_28.0-2.dsc
 50fc20404dff982c17eb95b538ada958 416870 editors extra emacspeak_28.0-2.diff.gz
 c63522be6e6e2dbe47c6dc931988746d 2910168 editors extra emacspeak_28.0-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQCVAwUBSMcRvzHnPxTimJZtAQENXgP/ewK5tSj5DJDchShAD+KZ20Sa39P/xgNY
CocZExs57xI2PYs5DwcvoqqwP9eoqoUWmu90r1HfXJm5eDuWuVB6W/cU8sM8aO7I
5LDjf3C3RsesWxF/vCnpbJwUK+Fym/1RtOsM+VRyCMuIJAuXGQISLifoV/Wv3FAz
ANjvw6mt9No=
=9wPH
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, jrv@debian.org (James R. Van Zandt):
Bug#496431; Package emacspeak. (Sun, 05 Oct 2008 17:39:02 GMT) (full text, mbox, link).


Acknowledgement sent to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to jrv@debian.org (James R. Van Zandt). (Sun, 05 Oct 2008 17:39:02 GMT) (full text, mbox, link).


Message #19 received at 496431@bugs.debian.org (full text, mbox, reply):

From: Luk Claes <luk@debian.org>
To: 496431@bugs.debian.org
Subject: Re: The possibility of attack with the help of symlinks in some Debian packages
Date: Sun, 05 Oct 2008 19:36:41 +0200
Hi

Please backport the fix for this bug to lenny and upload to
testing-proposed-updates, TIA.

Cheers

Luk




Information forwarded to debian-bugs-dist@lists.debian.org, jrv@debian.org (James R. Van Zandt):
Bug#496431; Package emacspeak. (Wed, 15 Oct 2008 17:39:03 GMT) (full text, mbox, link).


Acknowledgement sent to Kumar Appaiah <a.kumar@alumni.iitm.ac.in>:
Extra info received and forwarded to list. Copy sent to jrv@debian.org (James R. Van Zandt). (Wed, 15 Oct 2008 17:39:03 GMT) (full text, mbox, link).


Message #24 received at 496431@bugs.debian.org (full text, mbox, reply):

From: Kumar Appaiah <a.kumar@alumni.iitm.ac.in>
To: 496431@bugs.debian.org
Subject: UNTESTED patch for Lenny backport
Date: Wed, 15 Oct 2008 12:30:10 -0500
[Message part 1 (text/plain, inline)]
tags 496431 + patch
thanks

Hi!

Please find attached an UNTESTED patch which backports the symlink
fixes. If someone is willing to test the patches, then I'd request an
upload.

James, could you please check if the attached patch works as
intended, and prepare a Lenny upload?

Thank you.

Kumar
[emacspeak_fix.diff (text/x-diff, attachment)]

Tags added: patch Request was from Kumar Appaiah <a.kumar@alumni.iitm.ac.in> to control@bugs.debian.org. (Wed, 15 Oct 2008 17:39:04 GMT) (full text, mbox, link).


Information forwarded to debian-bugs-dist@lists.debian.org, jrv@debian.org (James R. Van Zandt):
Bug#496431; Package emacspeak. (Wed, 15 Oct 2008 17:51:02 GMT) (full text, mbox, link).


Acknowledgement sent to Kumar Appaiah <a.kumar@alumni.iitm.ac.in>:
Extra info received and forwarded to list. Copy sent to jrv@debian.org (James R. Van Zandt). (Wed, 15 Oct 2008 17:51:02 GMT) (full text, mbox, link).


Tags added: patch Request was from Kumar Appaiah <a.kumar@alumni.iitm.ac.in> to control@bugs.debian.org. (Wed, 15 Oct 2008 17:51:05 GMT) (full text, mbox, link).


Information forwarded to debian-bugs-dist@lists.debian.org, jrv@debian.org (James R. Van Zandt):
Bug#496431; Package emacspeak. (Tue, 04 Nov 2008 05:51:02 GMT) (full text, mbox, link).


Acknowledgement sent to Mark Purcell <msp@debian.org>:
Extra info received and forwarded to list. Copy sent to jrv@debian.org (James R. Van Zandt). (Tue, 04 Nov 2008 05:51:03 GMT) (full text, mbox, link).


Message #38 received at 496431@bugs.debian.org (full text, mbox, reply):

From: Mark Purcell <msp@debian.org>
To: Kumar Appaiah <a.kumar@alumni.iitm.ac.in>, 496431@bugs.debian.org, 502761@bugs.debian.org, Christian Perrier <bubulle@debian.org>, "James R. Van Zandt" <jrv@debian.org>, emacspeak@packages.debian.org
Subject: Re: Bug#496431: emacspeak UNTESTED patch for Lenny backport
Date: Tue, 4 Nov 2008 16:46:28 +1100
On Thursday 16 October 2008 04:30:10 Kumar Appaiah wrote:
> Please find attached an UNTESTED patch which backports the symlink
> fixes. If someone is willing to test the patches, then I'd request an
> upload.

Kumar,

Have you received any feed back on your backport patch to fix #496431 RC bug in 
lenny?

On Saturday 25 October 2008 22:35:44 Christian Perrier wrote:
> tags 502761 patch
> thanks
[...]
> I plan to build an NMU unless the maintainer is OK to upload
> himself...or find another solution (but, again, hasty debconf
> introduction would seem too risky for me) ?

I also see that Christian is proposing to do a NMU as well.  Christian any 
progress?


James, are you in a position to prepare an fix for these two RC bugs in lenny?

Mark




Information forwarded to debian-bugs-dist@lists.debian.org, jrv@debian.org (James R. Van Zandt):
Bug#496431; Package emacspeak. (Tue, 04 Nov 2008 06:12:02 GMT) (full text, mbox, link).


Acknowledgement sent to Kumar Appaiah <a.kumar@alumni.iitm.ac.in>:
Extra info received and forwarded to list. Copy sent to jrv@debian.org (James R. Van Zandt). (Tue, 04 Nov 2008 06:12:02 GMT) (full text, mbox, link).


Message #43 received at 496431@bugs.debian.org (full text, mbox, reply):

From: Kumar Appaiah <a.kumar@alumni.iitm.ac.in>
To: Mark Purcell <msp@debian.org>
Cc: 496431@bugs.debian.org, 502761@bugs.debian.org, Christian Perrier <bubulle@debian.org>, "James R. Van Zandt" <jrv@debian.org>, emacspeak@packages.debian.org
Subject: Re: Bug#496431: emacspeak UNTESTED patch for Lenny backport
Date: Tue, 4 Nov 2008 00:10:08 -0600
[Message part 1 (text/plain, inline)]
Dear Mark,

On Tue, Nov 04, 2008 at 04:46:28PM +1100, Mark Purcell wrote:
> Have you received any feed back on your backport patch to fix #496431 RC bug in 
> lenny?

I have not received any feedback on the patch for 496431. I also don't
use the package, so I cannot be of much help in testing the backported
patch. Apologies for this.

> > I plan to build an NMU unless the maintainer is OK to upload
> > himself...or find another solution (but, again, hasty debconf
> > introduction would seem too risky for me) ?
> 
> I also see that Christian is proposing to do a NMU as well.  Christian any 
> progress?
> 
> 
> James, are you in a position to prepare an fix for these two RC bugs in lenny?

I hope the maintainer is able to do a quick test, so that we can get
rid of these two RC bugs.

Thanks!

Kumar
-- 
Kumar Appaiah
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, jrv@debian.org (James R. Van Zandt):
Bug#496431; Package emacspeak. (Tue, 04 Nov 2008 18:06:12 GMT) (full text, mbox, link).


Acknowledgement sent to Christian Perrier <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to jrv@debian.org (James R. Van Zandt). (Tue, 04 Nov 2008 18:06:13 GMT) (full text, mbox, link).


Message #48 received at 496431@bugs.debian.org (full text, mbox, reply):

From: Christian Perrier <bubulle@debian.org>
To: Kumar Appaiah <a.kumar@alumni.iitm.ac.in>
Cc: Mark Purcell <msp@debian.org>, 496431@bugs.debian.org, 502761@bugs.debian.org, "James R. Van Zandt" <jrv@debian.org>, emacspeak@packages.debian.org
Subject: Re: Bug#496431: emacspeak UNTESTED patch for Lenny backport
Date: Tue, 4 Nov 2008 17:51:57 +0100
[Message part 1 (text/plain, inline)]
Quoting Kumar Appaiah (a.kumar@alumni.iitm.ac.in):
> Dear Mark,
> 
> On Tue, Nov 04, 2008 at 04:46:28PM +1100, Mark Purcell wrote:
> > Have you received any feed back on your backport patch to fix #496431 RC bug in 
> > lenny?
> 
> I have not received any feedback on the patch for 496431. I also don't
> use the package, so I cannot be of much help in testing the backported
> patch. Apologies for this.
> 
> > > I plan to build an NMU unless the maintainer is OK to upload
> > > himself...or find another solution (but, again, hasty debconf
> > > introduction would seem too risky for me) ?
> > 
> > I also see that Christian is proposing to do a NMU as well.  Christian any 
> > progress?

Well, I was mostly proposing this as I noticed this is an apparently
easy to fix RC bug. I don't really have "hard" intent to NMU.

So, I'd very pleased to let this off to someone else.


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, jrv@debian.org (James R. Van Zandt):
Bug#496431; Package emacspeak. (Tue, 04 Nov 2008 20:51:05 GMT) (full text, mbox, link).


Acknowledgement sent to Mark Purcell <msp@debian.org>:
Extra info received and forwarded to list. Copy sent to jrv@debian.org (James R. Van Zandt). (Tue, 04 Nov 2008 20:51:06 GMT) (full text, mbox, link).


Message #53 received at 496431@bugs.debian.org (full text, mbox, reply):

From: Mark Purcell <msp@debian.org>
To: Kumar Appaiah <a.kumar@alumni.iitm.ac.in>
Cc: 496431@bugs.debian.org, 502761@bugs.debian.org, Christian Perrier <bubulle@debian.org>, "James R. Van Zandt" <jrv@debian.org>, emacspeak@packages.debian.org
Subject: Re: Bug#496431: emacspeak UNTESTED patch for Lenny backport
Date: Wed, 5 Nov 2008 07:45:47 +1100
On Tuesday 04 November 2008 17:10:08 Kumar Appaiah wrote:
> I have not received any feedback on the patch for 496431. I also don't
> use the package, so I cannot be of much help in testing the backported
> patch. Apologies for this.

Kumar,

If we don't hear back from the maintainer it might be best if you upload your 
NMU which would still give it at least 10 days testing in unstable.

It would be good if you could also incorporate Christian's patch.

Mark




Information forwarded to debian-bugs-dist@lists.debian.org, jrv@debian.org (James R. Van Zandt):
Bug#496431; Package emacspeak. (Tue, 04 Nov 2008 22:48:08 GMT) (full text, mbox, link).


Acknowledgement sent to Kumar Appaiah <a.kumar@alumni.iitm.ac.in>:
Extra info received and forwarded to list. Copy sent to jrv@debian.org (James R. Van Zandt). (Tue, 04 Nov 2008 22:48:08 GMT) (full text, mbox, link).


Message #58 received at 496431@bugs.debian.org (full text, mbox, reply):

From: Kumar Appaiah <a.kumar@alumni.iitm.ac.in>
To: Mark Purcell <msp@debian.org>
Cc: 496431@bugs.debian.org, 502761@bugs.debian.org, Christian Perrier <bubulle@debian.org>, "James R. Van Zandt" <jrv@debian.org>, emacspeak@packages.debian.org
Subject: Re: Bug#496431: emacspeak UNTESTED patch for Lenny backport
Date: Tue, 4 Nov 2008 16:45:27 -0600
[Message part 1 (text/plain, inline)]
Mark,

On Wed, Nov 05, 2008 at 07:45:47AM +1100, Mark Purcell wrote:
> On Tuesday 04 November 2008 17:10:08 Kumar Appaiah wrote:
> > I have not received any feedback on the patch for 496431. I also don't
> > use the package, so I cannot be of much help in testing the backported
> > patch. Apologies for this.
> 
> Kumar,
> 
> If we don't hear back from the maintainer it might be best if you upload your 
> NMU which would still give it at least 10 days testing in unstable.
> 
> It would be good if you could also incorporate Christian's patch.

I think it would be unwise for me to upload an NMU which I haven't
tested. However, I shall try to find some emacspeak user who can do
it, and then go ahead. I shall try to be fast on it.

Thanks.

Kumar
-- 
Kumar Appaiah
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, jrv@debian.org (James R. Van Zandt):
Bug#496431; Package emacspeak. (Wed, 05 Nov 2008 03:03:05 GMT) (full text, mbox, link).


Acknowledgement sent to Kumar Appaiah <a.kumar@alumni.iitm.ac.in>:
Extra info received and forwarded to list. Copy sent to jrv@debian.org (James R. Van Zandt). (Wed, 05 Nov 2008 03:03:06 GMT) (full text, mbox, link).


Message #63 received at 496431@bugs.debian.org (full text, mbox, reply):

From: Kumar Appaiah <a.kumar@alumni.iitm.ac.in>
To: Mark Purcell <msp@debian.org>
Cc: 496431@bugs.debian.org, "James R. Van Zandt" <jrv@debian.org>, emacspeak@packages.debian.org
Subject: Re: Bug#496431: emacspeak UNTESTED patch for Lenny backport
Date: Tue, 4 Nov 2008 21:01:09 -0600
[Message part 1 (text/plain, inline)]
On Tue, Nov 04, 2008 at 04:45:27PM -0600, Kumar Appaiah wrote:
> > If we don't hear back from the maintainer it might be best if you upload your 
> > NMU which would still give it at least 10 days testing in unstable.
> > 
> > It would be good if you could also incorporate Christian's patch.
> 
> I think it would be unwise for me to upload an NMU which I haven't
> tested. However, I shall try to find some emacspeak user who can do
> it, and then go ahead. I shall try to be fast on it.

I have contacted upstream for help (in private), and I hope he can
certify the patch. If he does, I shall upload it to t-p-u as soon as I
can.

Thanks.

Kumar
-- 
Kumar Appaiah
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, jrv@debian.org (James R. Van Zandt):
Bug#496431; Package emacspeak. (Tue, 11 Nov 2008 19:03:09 GMT) (full text, mbox, link).


Acknowledgement sent to Kumar Appaiah <akumar@debian.org>:
Extra info received and forwarded to list. Copy sent to jrv@debian.org (James R. Van Zandt). (Tue, 11 Nov 2008 19:03:10 GMT) (full text, mbox, link).


Message #68 received at 496431@bugs.debian.org (full text, mbox, reply):

From: Kumar Appaiah <akumar@debian.org>
To: 496431@bugs.debian.org, 502761@bugs.debian.org, 500638@bugs.debian.org
Subject: emacspeak: diff for NMU version 26.0-3+lenny1
Date: Tue, 11 Nov 2008 12:59:35 -0600
[Message part 1 (text/plain, inline)]
# Bcc control
tags 496431 pending
tags 502761 pending
tags 500638 pending
thanks

Dear James,

I've prepared an NMU for emacspeak (versioned as 26.0-3+lenny1) and
will be uploading it to testing tonight. I hope this helps making
emacspeak work well in Lenny.

Thanks.

Kumar
-- 
Kumar Appaiah
[emacspeak-26.0-3+lenny1-nmu.diff (text/x-diff, attachment)]

Tags added: pending Request was from Kumar Appaiah <akumar@debian.org> to control@bugs.debian.org. (Tue, 11 Nov 2008 19:03:20 GMT) (full text, mbox, link).


Reply sent to Kumar Appaiah <akumar@debian.org>:
You have taken responsibility. (Wed, 12 Nov 2008 01:03:04 GMT) (full text, mbox, link).


Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. (Wed, 12 Nov 2008 01:03:05 GMT) (full text, mbox, link).


Message #75 received at 496431-close@bugs.debian.org (full text, mbox, reply):

From: Kumar Appaiah <akumar@debian.org>
To: 496431-close@bugs.debian.org
Subject: Bug#496431: fixed in emacspeak 26.0-3+lenny1
Date: Wed, 12 Nov 2008 00:47:07 +0000
Source: emacspeak
Source-Version: 26.0-3+lenny1

We believe that the bug you reported is fixed in the latest version of
emacspeak, which is due to be installed in the Debian FTP archive:

emacspeak_26.0-3+lenny1.diff.gz
  to pool/main/e/emacspeak/emacspeak_26.0-3+lenny1.diff.gz
emacspeak_26.0-3+lenny1.dsc
  to pool/main/e/emacspeak/emacspeak_26.0-3+lenny1.dsc
emacspeak_26.0-3+lenny1_all.deb
  to pool/main/e/emacspeak/emacspeak_26.0-3+lenny1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 496431@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kumar Appaiah <akumar@debian.org> (supplier of updated emacspeak package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 08 Nov 2008 14:11:24 -0600
Source: emacspeak
Binary: emacspeak
Architecture: source all
Version: 26.0-3+lenny1
Distribution: testing
Urgency: high
Maintainer: James R. Van Zandt <jrv@debian.org>
Changed-By: Kumar Appaiah <akumar@debian.org>
Description: 
 emacspeak  - speech output interface to Emacs
Closes: 496431 500638 502761
Changes: 
 emacspeak (26.0-3+lenny1) testing; urgency=high
 .
   * Non-maintainer upload.
   * Backport the fix for preventing symlink attacks from the new upstream
     release. (Closes: #496431)
   * Use Christian Perrier's patch for stopping the call to
     emacspeakconfig. (Closes: #502761)
   * Use James Westby's patch to fix the error:
     "No `START-INFO-DIR-ENTRY' and no `This file documents'."
     during installation. (Closes: #500638)
Checksums-Sha1: 
 b9827d10ba3e933c9b51b3cc3079aee96ea81f24 1066 emacspeak_26.0-3+lenny1.dsc
 89e37f03ff47671edc3b8f6b3cff55ae66d24ca6 53292 emacspeak_26.0-3+lenny1.diff.gz
 55594d7d469000db024f070aab84ceb9f4ec6a13 2088812 emacspeak_26.0-3+lenny1_all.deb
Checksums-Sha256: 
 cc4b67774ca9dbfc29b54e298dbf8ca5d18a2839a9c2d0baede3e65a97b760ad 1066 emacspeak_26.0-3+lenny1.dsc
 2131e4f73e8a5f9cd153de9a0eaf8e5c9c87b31de196a5e438a8d0886b67200c 53292 emacspeak_26.0-3+lenny1.diff.gz
 643321a7c23d095a7ee0983408eca09d89a8fdd05a2349e0ad6f25521522141d 2088812 emacspeak_26.0-3+lenny1_all.deb
Files: 
 7edf381f6b979e961957f019c1a0d9b9 1066 editors extra emacspeak_26.0-3+lenny1.dsc
 99bb7d56022642dd2323be7f857893a3 53292 editors extra emacspeak_26.0-3+lenny1.diff.gz
 793d0a3f960709b5b7285e5d3ba11d33 2088812 editors extra emacspeak_26.0-3+lenny1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkaJkMACgkQSd75awtatOfdXACffTqz1WTqare7WA7C4I4e5i9Y
eQ0AniO6Riq2IqKzkxjGxO/jRquHfgis
=Oois
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 16 Feb 2009 08:00:19 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 07:06:05 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.