From markus at bluegap.ch Sat Dec 3 08:58:43 2016 From: markus at bluegap.ch (Markus Wanner) Date: Sat, 3 Dec 2016 09:58:43 +0100 Subject: [pkg-fgfs-crew] =?utf-8?q?=5BFlightgear-devel=5D_Bugfix_release_f?= =?utf-8?b?b3IgMjAxNi40IChaw7xyaWNoKQ==?= In-Reply-To: <20161125210802.GA12582@amd> References: <20161125210802.GA12582@amd> Message-ID: <5ec88837-17fb-e7d5-c748-4da69fad908d@bluegap.ch> Hi, On 25.11.2016 22:08, Pavel Machek wrote: >> I have just released a bug-fix version 2016.4.2 which is available for >> download here: >> https://sourceforge.net/projects/flightgear/files/release-2016.4/ Thanks. This release is now packaged for Debian and should enter testing in a day or two. Is fgrun still being updated? I didn't find any release tarball, so that one isn't updated (and actually got removed from testing). Another thing I'm wondering was that simgear also got a version bump (for 2016.4.2), but didn't get any bugfixes. The only change was in the "version" file. That's utterly unnecessary, causes packaging work for no reason and wastes bandwidth and storage. I understand that you are releasing simgear, flightgear and flightgear-data in sync. However, it should be possible to at least do patch releases for security fixes separately, IMO. > I have debian 8.6 here, and would like to test 2016.4.2. Debian stable won't get newer versions. I'd recommend using Debian testing for (up-to-date) games, so you won't have to compile yourself. Kind Regards Markus Wanner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1528 bytes Desc: OpenPGP digital signature URL: From noreply at release.debian.org Sun Dec 4 16:39:09 2016 From: noreply at release.debian.org (Debian testing watch) Date: Sun, 04 Dec 2016 16:39:09 +0000 Subject: [pkg-fgfs-crew] flightgear-data 1:2016.4.2+dfsg-1 MIGRATED to testing Message-ID: FYI: The status of the flightgear-data source package in Debian's testing distribution has changed. Previous version: 1:2016.3.1+dfsg-1 Current version: 1:2016.4.2+dfsg-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. From noreply at release.debian.org Sun Dec 4 16:39:09 2016 From: noreply at release.debian.org (Debian testing watch) Date: Sun, 04 Dec 2016 16:39:09 +0000 Subject: [pkg-fgfs-crew] flightgear-phi 2016.4.2+dfsg1-1 MIGRATED to testing Message-ID: FYI: The status of the flightgear-phi source package in Debian's testing distribution has changed. Previous version: (not in testing) Current version: 2016.4.2+dfsg1-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. From noreply at release.debian.org Sun Dec 4 16:39:09 2016 From: noreply at release.debian.org (Debian testing watch) Date: Sun, 04 Dec 2016 16:39:09 +0000 Subject: [pkg-fgfs-crew] flightgear 1:2016.4.2+dfsg-1 MIGRATED to testing Message-ID: FYI: The status of the flightgear source package in Debian's testing distribution has changed. Previous version: 1:2016.3.1+dfsg-2 Current version: 1:2016.4.2+dfsg-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. From noreply at release.debian.org Sun Dec 4 16:39:14 2016 From: noreply at release.debian.org (Debian testing watch) Date: Sun, 04 Dec 2016 16:39:14 +0000 Subject: [pkg-fgfs-crew] simgear 1:2016.4.2+dfsg-1 MIGRATED to testing Message-ID: FYI: The status of the simgear source package in Debian's testing distribution has changed. Previous version: 1:2016.3.1+dfsg-1 Current version: 1:2016.4.2+dfsg-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. From markus at bluegap.ch Mon Dec 5 08:19:53 2016 From: markus at bluegap.ch (Markus Wanner) Date: Mon, 5 Dec 2016 09:19:53 +0100 Subject: [pkg-fgfs-crew] =?utf-8?q?=5BFlightgear-devel=5D_Bugfix_release_f?= =?utf-8?b?b3IgMjAxNi40IChaw7xyaWNoKQ==?= In-Reply-To: <16E6FC14-DEE8-470A-A557-81365E8EA5CD@mac.com> References: <20161125210802.GA12582@amd> <5ec88837-17fb-e7d5-c748-4da69fad908d@bluegap.ch> <16E6FC14-DEE8-470A-A557-81365E8EA5CD@mac.com> Message-ID: <75a5aed9-4b33-3f26-5d5a-96c807bab4a7@bluegap.ch> On 12/03/2016 03:04 PM, James Turner wrote: > We should be releasing a simgear version with this change at least: > > 4664af12fa19b016ac21ae1b7ce8b8b6440fc1e3 > > So I guess that will be 2016.4.3? Hm.. this doesn't really address my concern nor does it seem relevant for Debian. But yes, sounds like a fix that needs to be patched. To repeat my wish: I'd appreciate if this would not affect flightgear or flightgear-data, but could be a hotfix for simgear, exclusively. Kind Regards Markus Wanner From f.rougon at free.fr Tue Dec 13 11:50:49 2016 From: f.rougon at free.fr (Florent Rougon) Date: Tue, 13 Dec 2016 12:50:49 +0100 Subject: [pkg-fgfs-crew] Security and build fixes for the flightgear package in jessie Message-ID: <87a8c0oxnq.fsf@frougon.crabdance.com> Hello, I propose the attached debdiff for jessie's flightgear package to adress: - https://sourceforge.net/p/flightgear/flightgear/ci/280cd523686fbdb175d50417266d2487a8ce67d2/ - two build failures (attaching a pbuilder log for the first one). (of course, you may bump the urgency as you wish, etc.) Regards -- Florent -------------- next part -------------- A non-text attachment was scrubbed... Name: flightgear-3.0.0_to_3.0.0-5+deb8u1.debdiff Type: text/x-diff Size: 4855 bytes Desc: Debdiff adding two debian/patches and a debian/changelog entry URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: flightgear_3.0.0-5+deb8u1_build.log.xz Type: application/x-xz Size: 21796 bytes Desc: fgviewer build failure in pbuilder URL: From f.rougon at free.fr Wed Dec 14 08:55:53 2016 From: f.rougon at free.fr (Florent Rougon) Date: Wed, 14 Dec 2016 09:55:53 +0100 Subject: [pkg-fgfs-crew] Bug#848114: flightgear: Allows the route manager to overwrite arbitrary files Message-ID: <148170575344.5351.1435619472776770379.reportbug@zita.maison> Source: flightgear Version: 3.0.0-5 Severity: grave Tags: security upstream fixed-upstream patch Justification: user security hole Hello, As already stated in several places: https://sourceforge.net/p/flightgear/flightgear/ci/280cd523686fbdb175d50417266d2487a8ce67d2/ https://sourceforge.net/p/flightgear/mailman/message/35548661/ http://lists.alioth.debian.org/pipermail/pkg-fgfs-crew/2016-December/001795.html and reported to people in charge of FlightGear both upstream (of which I am a recent addition) and in several Linux distributions, the flightgear package has a security bug allowing malicious Nasal code[1] to overwrite arbitrary files the user running FlightGear has write access to, by using the property tree to cause the route manager to save a flightplan. This problem is, AFAICT, present in all FlightGear versions released after October 5, 2009, which largely includes those shipped in Debian stable, testing and unstable. It is however fixed in the upstream Git repository: https://sourceforge.net/p/flightgear/flightgear/ci/280cd523686fbdb175d50417266d2487a8ce67d2/ and I have backported this fix to FlightGear 3.0.0, i.e., the version shipped in jessie: cf. two links given above ( and ), the second one being more ready-to-use for Debian since it contains a debdiff including an additional fix for build failures I encountered while testing the fix in the jessie package. Since all parties have already been contacted, this bug report is mainly for tracking purposes, as advised by . I'm attaching here the patch for FlightGear 3.0.0 as well as the mentioned debdiff for completeness and ?self-containedness? of this report. The upstream fix () can certainly be used as is for the version in unstable. Regards [1] Which can be embedded in aircraft, which can in their turn be installed by users from various third-party sources. -------------- next part -------------- A non-text attachment was scrubbed... Name: route-manager-secu-fix-280cd5.patch Type: text/x-diff Size: 2153 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: flightgear-3.0.0_to_3.0.0-5+deb8u1.debdiff Type: text/x-diff Size: 4855 bytes Desc: not available URL: From markus at bluegap.ch Wed Dec 14 12:32:31 2016 From: markus at bluegap.ch (Markus Wanner) Date: Wed, 14 Dec 2016 13:32:31 +0100 Subject: [pkg-fgfs-crew] Bug#848114: flightgear: Allows the route manager to overwrite arbitrary files In-Reply-To: <148170575344.5351.1435619472776770379.reportbug@zita.maison> References: <148170575344.5351.1435619472776770379.reportbug@zita.maison> Message-ID: <331ea592-6f83-67cc-940f-bdf7217004c5@bluegap.ch> Control: tags -1 +pending Hello Florent, thanks a lot for your notification and the patch(es). Uploads to stable (security) and unstable should follow, shortly. Kind Regards Markus Wanner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1513 bytes Desc: OpenPGP digital signature URL: From owner at bugs.debian.org Wed Dec 14 12:36:03 2016 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Wed, 14 Dec 2016 12:36:03 +0000 Subject: [pkg-fgfs-crew] Processed: Re: Bug#848114: flightgear: Allows the route manager to overwrite arbitrary files References: <331ea592-6f83-67cc-940f-bdf7217004c5@bluegap.ch> <148170575344.5351.1435619472776770379.reportbug@zita.maison> Message-ID: Processing control commands: > tags -1 +pending Bug #848114 [src:flightgear] flightgear: Allows the route manager to overwrite arbitrary files Added tag(s) pending. -- 848114: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848114 Debian Bug Tracking System Contact owner at bugs.debian.org with problems From f.rougon at free.fr Wed Dec 14 13:21:20 2016 From: f.rougon at free.fr (Florent Rougon) Date: Wed, 14 Dec 2016 14:21:20 +0100 Subject: [pkg-fgfs-crew] Bug#848114: flightgear: Allows the route manager to overwrite arbitrary files In-Reply-To: <331ea592-6f83-67cc-940f-bdf7217004c5@bluegap.ch> (Markus Wanner's message of "Wed, 14 Dec 2016 13:32:31 +0100") References: <148170575344.5351.1435619472776770379.reportbug@zita.maison> <331ea592-6f83-67cc-940f-bdf7217004c5@bluegap.ch> Message-ID: <87wpf2prxr.fsf@frougon.crabdance.com> Markus Wanner wrote: > Hello Florent, > > thanks a lot for your notification and the patch(es). Uploads to stable > (security) and unstable should follow, shortly. Fine, thank you, Markus! Regards -- Florent From ftpmaster at ftp-master.debian.org Wed Dec 14 18:54:18 2016 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Wed, 14 Dec 2016 18:54:18 +0000 Subject: [pkg-fgfs-crew] Processing of simgear_2016.4.3+dfsg-1_source.changes Message-ID: simgear_2016.4.3+dfsg-1_source.changes uploaded successfully to localhost along with the files: simgear_2016.4.3+dfsg-1.dsc simgear_2016.4.3+dfsg.orig.tar.bz2 simgear_2016.4.3+dfsg-1.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org) From ftpmaster at ftp-master.debian.org Wed Dec 14 19:05:48 2016 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Wed, 14 Dec 2016 19:05:48 +0000 Subject: [pkg-fgfs-crew] simgear_2016.4.3+dfsg-1_source.changes ACCEPTED into unstable Message-ID: Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 14 Dec 2016 19:25:25 +0100 Source: simgear Binary: libsimgear-dev Architecture: source Version: 1:2016.4.3+dfsg-1 Distribution: unstable Urgency: high Maintainer: Debian FlightGear Crew Changed-By: Markus Wanner Description: libsimgear-dev - Simulator Construction Gear -- development files Changes: simgear (1:2016.4.3+dfsg-1) unstable; urgency=high . * New upstream release: 2016.4.3. Should fix issues restoring variants in the launcher. Checksums-Sha1: 460ef25e3b1795c2c17d7c7492aa85933ef781f7 3073 simgear_2016.4.3+dfsg-1.dsc b96ee771f648e83d1e3701c33501c83f1d120003 1047318 simgear_2016.4.3+dfsg.orig.tar.bz2 e56bf0c4ebe7e9e6baaa538834337e651a9fe3d2 14384 simgear_2016.4.3+dfsg-1.debian.tar.xz Checksums-Sha256: 9790804c2080d98775777275c78acf95f21048f8bbcfc084c271e3cd31f1b190 3073 simgear_2016.4.3+dfsg-1.dsc 60ca431cf2cc7adc00ea388e7b3467ce5821c87b77b715eb8afaba59532f04d0 1047318 simgear_2016.4.3+dfsg.orig.tar.bz2 a9a2a384b8ceac494065da5c19170c80006038bca55a733a2b120b504c051b8c 14384 simgear_2016.4.3+dfsg-1.debian.tar.xz Files: 48d3eb103c67fd48e183dee1c3c68af3 3073 libs extra simgear_2016.4.3+dfsg-1.dsc 372cce7f5df028d69ed4c0fb58bb0572 1047318 libs extra simgear_2016.4.3+dfsg.orig.tar.bz2 af5fd748fa66e4d69a4967f2fc7a12c8 14384 libs extra simgear_2016.4.3+dfsg-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEE9QZIdt/h2tQT9NSr6GgtGz8x6bMFAlhRkowACgkQ6GgtGz8x 6bMjMx//UHa/AR1zpdDWtLBqHEB7ruEWnufkwWppqwSJCp+aGP/xlILxcstQeOd4 MRTgLapoOYJFFi/JVknRF814caIzDlQyq1/SuB4frzKeDQyhXhINRzCVGgPX8Kfn PMEGBDWOfUW24Cv5CnEDezy2Vic5t2j3ovWiHbepNIP8rUAI+27sXyloinMmduML YhoOWeNiHX2kCH5Ps6hOSannV/mE5OsaEkIPcUS/rdKHDgaQnBWK6N5Sf5bTw3sW xKJIqhayyiFAFLVodVK9JE41Z6kP9ITJPevFQL0qxiwm3U+tZjgYzuet2wQLbMa9 nveObHYEMMMU4AQsPoOxY3EoTTgHgGtcwJEwnb6HK/WxO9oZM8sirQ126/QBsmsK H7cVXUgVkttxPj80ka9n+10Ohlf2mFwL4JC9x2oCH4/LDsL2O+A3WASam2/YZ0qp fmQMOh7z8PVOCjyNE3zvJrVFym0FNF4nEF12ls0oLID8uwOkRcjTRfWOGETW/Por x1yKKpnHW3fBJ5jSWqqRXq7ilu0Yj7VCP/elGc+V/rPCDT31bxQd0FLc2dF1yIV2 K9NbhdWSb+hevyHidMqUN9z0mA1x6cOJUf1mjkX5f4EMxAP3HCwz5TAdUsG5Yxgr YtG0umBOLw1CQ6ADgeWiWa03XDvkf7EWVVu5NvF2atWhrfaiS1cgg0zQ582d+C0m +diSQntgGbHSzn/90N18gadHofmbxF4QG9/nkmUc/Bi8HXKo87yAeQJwkA9Il1vL gVxWKPD8rjNVfZ/V36aY4DnEi79Mu7hj9EUK3Xgtvf7NbMIvYmhIDl2ac6qtxzPt H2jz5rbo9ohmXxmi8dgTGZ+Urodw9/t5KD4MgiMF+b8QWFHmky6ek3ez+pbmia4s kttx7n0RGLBuWmI+go8VxbemJQdSrqsrO8L8d5+shJ3Gj/OQ5XoBJO0a0V1+bg5d pWLZStFbtCY291kAOGsOUBs95H0Y0gxmjgnJwwAaSlQSj3MkDZROic+UeBAtNr5K ZBx4P1hXm4pHxmJ87EtFQaTKuHqh+I1VCvVqVH7KgkS374549uFw6BnWKLAlhcEs 09Uk6+i9U/SaCwNpM6fLAcrwAY50/xiibQ/KJnbAPhpnZnBdklnLDetK6yY1AM3c jw5APZFFrbAnnQbkl1xiwTh8HLpwgI3SZO4FAr4GKaRDx/sJGIA1h5JelzXsvg+v lzNWEm3Pew+2KP751FK9Z2HtuVg3mPQ/+uP+RrHZGeWGlh27TiwC3UEiKJWxNa3B BV17FAOtIB8yRCRq5diXdul50j/2yMccLY1jodbfuMbNSy9Rxuy9aPzOloXW6A+i PIqZOgN6KmMsN25PwM93wpvSy2JrOg== =F8DC -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From ftpmaster at ftp-master.debian.org Wed Dec 14 19:39:39 2016 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Wed, 14 Dec 2016 19:39:39 +0000 Subject: [pkg-fgfs-crew] Processing of flightgear_2016.4.3+dfsg-1_source.changes Message-ID: flightgear_2016.4.3+dfsg-1_source.changes uploaded successfully to localhost along with the files: flightgear_2016.4.3+dfsg-1.dsc flightgear_2016.4.3+dfsg.orig.tar.bz2 flightgear_2016.4.3+dfsg-1.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org) From ftpmaster at ftp-master.debian.org Wed Dec 14 19:48:36 2016 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Wed, 14 Dec 2016 19:48:36 +0000 Subject: [pkg-fgfs-crew] flightgear_2016.4.3+dfsg-1_source.changes ACCEPTED into unstable Message-ID: Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 14 Dec 2016 20:17:07 +0100 Source: flightgear Binary: flightgear Architecture: source Version: 1:2016.4.3+dfsg-1 Distribution: unstable Urgency: high Maintainer: Debian FlightGear Crew Changed-By: Markus Wanner Description: flightgear - Flight Gear Flight Simulator Closes: 848114 Changes: flightgear (1:2016.4.3+dfsg-1) unstable; urgency=high . * New upstream release. * Refresh patch spelling_20160920.patch. * Add patch route-manager-secu-fix-280cd5.patch to prevent the route manager from writing arbitrary files. Closes: #848114. * Update dependency on simgear to ensure this builds against the corresponding version. Checksums-Sha1: 4b0b3c7ea322250572c0c933003f67b71a4fe3e5 3344 flightgear_2016.4.3+dfsg-1.dsc d2362fc28fd303fbcdf2fd26de251a849b93158f 6387421 flightgear_2016.4.3+dfsg.orig.tar.bz2 e2285f595fafacb6a759ba1c3d8235b5e927df1c 23316 flightgear_2016.4.3+dfsg-1.debian.tar.xz Checksums-Sha256: 59123c75fc2d5dd974fb8f5ef91c0a5ef764c76faabc62b544099f0a2e0d4210 3344 flightgear_2016.4.3+dfsg-1.dsc 3018734def07fc35c5d5456cbbee54dd423109d8f78a5a721ef8a47efdc6239a 6387421 flightgear_2016.4.3+dfsg.orig.tar.bz2 59c29dbc8eb2a2544652eb8c70485dfc863969dd488affb2ba344bebb65ab4b5 23316 flightgear_2016.4.3+dfsg-1.debian.tar.xz Files: 238998e8d3c7076e8178d82d7efb546d 3344 games extra flightgear_2016.4.3+dfsg-1.dsc 38b83a02b10218906030fac73d3369fb 6387421 games extra flightgear_2016.4.3+dfsg.orig.tar.bz2 dbb89a210cdd7614bd9a6c008866955b 23316 games extra flightgear_2016.4.3+dfsg-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEE9QZIdt/h2tQT9NSr6GgtGz8x6bMFAlhRnEUACgkQ6GgtGz8x 6bNTPx/+M8ikRYC0L/cVn6rIuoyEB7rsSpz/8+gsyL+f9wTsazbZVQ+Fc7tb1BH0 hrJ0cljcG2t0YqJGhs2qt+MvE15xITw1Khr7eizHzjuDxt4NV/94IOUDy4zYFYS2 YUuMLqmTUae+3dsdU/3NsSevGLabsp9Hl/gW0dwgSPB/NnCFPtQRSWZCvzyGNY2w ZqDuvy0UW5B/oGEh0nACahSUrqZjS/uAEiEjIHv9ucvZKf811U6VbGrJYNQ4Cpc6 EpQUZvGT4M5GxhPk9ELR6nlYc5+8ETyPG8XdKuca+SWGf+QfDQUhFY3b0KgI125+ Ln1RgyO2wOhFHRXH5K/LkvuYarQ2tn/KeDo6pmMzHbWS+L2FvAcbCRe9rHmtOdyA bI69kAeVes1ZfUZS0uxCGdZsHupQIgC9+SfvSi43RCuR1LEXmgUhY/vjP71sM4xq pF+xkMIefQVn3e2BOpa4ZsbI3t/6Voux1cCnlIj+leLwR4nIlmS6Gu4mIItkFcqg zxaunJNxSg0wTDTY3UrPN81Z8BHz7PRSR7ToaGUW7LJdUBFw+58yw03hzW0Tny6U Pi4SL7Q+FP5o3UyIXzVdfX9vP9DVdzAIRwVfQeVgz/3YldkomioZ0xZHQZeuk79h 3Btq5HfnnmYq/rYeB6+NLbVfJOwpj8C9OG/td6NHLSYZwnujDfPHmefgP11/XlO8 J6OsV1qMEgY0buMgcjvkPG21suzUedWJ80g8e8/O+sxCPZ9jt9vUnJl7fEP/h+o+ TSo2qCoGToMONlbOXHtiYoNlLpYyNjsWJBCqBNqV3BjxueQlPdDsvrQ2v5K/ZIXI yk0ItzuXZuuMgyS0rt/uzbVk8E81dYKqrz2fapR4DB4AbaWYn7SV/SpflmmRHIfP 3Y7miHHQP/GdJ1aVdVEmGC5lDA3lBQ9Wea6ePLdk2m9EoedQFokZuI5FGZx3DCVj zxCmZAfvZKlLo/I6Ecit/TlXxPt3QhOyXzBpiQ+RYPEM00aLepk3K12FUeBJVumA EbeX4mucur51T9C5HNK6HV2+xhUQHU748H9WBLnJGrqXAeE+W4GbTVfPw3A6px6o Nahoo1mkRQji5OAxhm3HeLgEtpdOoHsVDBOM1laJ/UoTvKbIW1F+/+8tpCYdaQln lfGAKPXCZmnz7pKlfw+ggBNO5u0472xhrzHMk66b/9wLSsmI/Bm1saqPthK6LENl dDApQT5aQJVN4qfgXm4t8cRetleNJLIyJe1pcSGOhImeUFbwEnjal74z71ClnRIW RzVIkJFhoom4aZrwN6m59CKbCRBBhI36lMTKOuCLuhZYRwsTWbc6cL8Pc/zL4ulm ORm8I1BnZQn6aAjj+OmeQGgdddpspg== =I1rS -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From owner at bugs.debian.org Wed Dec 14 19:51:05 2016 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Wed, 14 Dec 2016 19:51:05 +0000 Subject: [pkg-fgfs-crew] Bug#848114: marked as done (flightgear: Allows the route manager to overwrite arbitrary files) References: <148170575344.5351.1435619472776770379.reportbug@zita.maison> Message-ID: Your message dated Wed, 14 Dec 2016 19:48:36 +0000 with message-id and subject line Bug#848114: fixed in flightgear 1:2016.4.3+dfsg-1 has caused the Debian Bug report #848114, regarding flightgear: Allows the route manager to overwrite arbitrary files to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 848114: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848114 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Florent Rougon Subject: flightgear: Allows the route manager to overwrite arbitrary files Date: Wed, 14 Dec 2016 09:55:53 +0100 Size: 11790 URL: -------------- next part -------------- An embedded message was scrubbed... From: Markus Wanner Subject: Bug#848114: fixed in flightgear 1:2016.4.3+dfsg-1 Date: Wed, 14 Dec 2016 19:48:36 +0000 Size: 6194 URL: From owner at bugs.debian.org Thu Dec 15 17:54:09 2016 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Thu, 15 Dec 2016 17:54:09 +0000 Subject: [pkg-fgfs-crew] Processed: retitle 848114 to flightgear: CVE-2016-9956: Allows the route manager to overwrite arbitrary files References: <1481824341-231-bts-carnil@debian.org> Message-ID: Processing commands for control at bugs.debian.org: > retitle 848114 flightgear: CVE-2016-9956: Allows the route manager to overwrite arbitrary files Bug #848114 {Done: Markus Wanner } [src:flightgear] flightgear: Allows the route manager to overwrite arbitrary files Changed Bug title to 'flightgear: CVE-2016-9956: Allows the route manager to overwrite arbitrary files' from 'flightgear: Allows the route manager to overwrite arbitrary files'. > thanks Stopping processing here. Please contact me if you need assistance. -- 848114: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848114 Debian Bug Tracking System Contact owner at bugs.debian.org with problems From ftpmaster at ftp-master.debian.org Sun Dec 18 08:02:43 2016 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Sun, 18 Dec 2016 08:02:43 +0000 Subject: [pkg-fgfs-crew] Processing of simgear_2016.4.3+dfsg-2_source.changes Message-ID: simgear_2016.4.3+dfsg-2_source.changes uploaded successfully to localhost along with the files: simgear_2016.4.3+dfsg-2.dsc simgear_2016.4.3+dfsg-2.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org) From ftpmaster at ftp-master.debian.org Sun Dec 18 09:05:00 2016 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Sun, 18 Dec 2016 09:05:00 +0000 Subject: [pkg-fgfs-crew] simgear_2016.4.3+dfsg-2_source.changes ACCEPTED into unstable Message-ID: Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 18 Dec 2016 08:41:07 +0100 Source: simgear Binary: libsimgear-dev Architecture: source Version: 1:2016.4.3+dfsg-2 Distribution: unstable Urgency: high Maintainer: Debian FlightGear Crew Changed-By: Markus Wanner Description: libsimgear-dev - Simulator Construction Gear -- development files Changes: simgear (1:2016.4.3+dfsg-2) unstable; urgency=high . * Add patch prevent_writing_arbitrary_files_a2b111bb.patch to fix a security issue in the HTTPRepository code. Checksums-Sha1: f24d1805799b78867ad1f70271cb388924ab6935 3073 simgear_2016.4.3+dfsg-2.dsc c96066ffc9dcfe252873d7a5004ef3a38239cbfb 14928 simgear_2016.4.3+dfsg-2.debian.tar.xz Checksums-Sha256: b0c0e68910e5ea768dd915e34b269643d90573794e5eaeafb6505b01f821a2be 3073 simgear_2016.4.3+dfsg-2.dsc b21d4ff7aa383ad2c546f2748d4c3c39acbd544549da8bc31c10128efa720c4b 14928 simgear_2016.4.3+dfsg-2.debian.tar.xz Files: df2ff42f628c8fbf471840190311b6fe 3073 libs extra simgear_2016.4.3+dfsg-2.dsc 1d76f5d98e30d43ee27d28913e0736ea 14928 libs extra simgear_2016.4.3+dfsg-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEE9QZIdt/h2tQT9NSr6GgtGz8x6bMFAlhWQAsACgkQ6GgtGz8x 6bPvjB//U4Da2rfw9HZh8Mu/SAjcbxs9CPjzX6oy2UJy8anl0K/5FaXtOvts2Cad 8KU0DXczh2IEfohOQVnFv1YjA665yGgVSAoWGscLqJ+pDyxzxm9aR9awaWXyEDvi 5wUK6VMaKwFKOLgL9svexJF3bbYrBuOoHK9Q4QJGs4pTAPioFKdV4ksnUXQpgaU9 PF1ziLqOb59m2Ll4kcCVYnSqkXxJS4k6O3dKgssczaTPXy6OgwGUbaJitdbmNFMN obp2xB+14WKc0AQtnopTg9dKaN2zEIXqiJBmMpvcvViXOL2gNQ373BFsT2H41cHj 6tsg6SkZP4RvfoTP5laM85WNjstnfs99VISPK1gd3gRpvZa4t6hVnWz6v7FYPb9i k1q5V3Q08JMEg1FRMqkvXFLrd2haVR7dJ3HAVSO4V5VWm47Nq8Lijtt4cUQBoGWF ZjNAOCvVpzUgW4tASZRCFM+ihO6sScDJP5teqlN96aktn2bKzoXIkOmY2Xw2J3nr U+LoNRBMDzO7t+O8F0O0haf79s7crbMSGDQ7j0g/XziExRAWpJsM2/+nvtWdygxy nDRmvKJ+cL8apSejDCHlaiaJPGasy8O23Tc+9/JsOBhqtg4iQyCu4AtTahJwD7Ah dEQBrgBmm2uRWRg0BFVBLb9qK8oSuqVsAmS5HXwQzY77Jmy0BzdvG9zvE6cEzpjM Gwl9yp3NzeacdRyNo0/LnpcSYd7WT+AX7d2jPyGdXdRk910bHvaoiwydn8cDAKDB cOYOtEmnJde2FhM8cPwmz44nMrIRJN6nMmLm4tCzcz3O9BnyCx9a8vzVjWkdk7+q hS71KaLvz1rL2ZjI4djetnYKNQ2US5KVD0IsDyX4ra9FxCc6VU/sokN41RqExvdZ FIzdO977MJvQHFekQAQtZhZQv1HTlIZsqdK8FxAwGEtDJG7MUf9Gld/t9ubJ8988 iGYlK2IOUNcOsLP89iuIbx7HQc72XWqDMSNfsStdyDTvgDjzzd7fo6jEgPKw12Bi OoSGLhZmpLbY/LJUauO2bbRYeW4sbUvFwN8Al4Rdv4ggD2qpb9cNMZ+rznTtixox LTrHIOcEypB6YQIfDxFUivUvNv/HExYRR0qeeTZwvQgBy6zN0hMHjBflNP5QdR30 CEWh9qGuYbsRrVgoYupoeqvYXcw3qFg2xR+qpcSReyY4hWnOqACpIQyAeVZSnfox P2YBojEaSHgI8XQGPL978+ZeOTEknJnkBrBWCaVjZJm5enWJS5gr4ib+B/shFtl/ aOzaExZtwq72r4bWBgzIfivpvZcN4nmLPwBlaWHxWnnwiG0ew/wJJU4wzTXts/3k kXJewzqSBCO2tCZWSjzbgdGOykHoVw== =krtQ -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From ftpmaster at ftp-master.debian.org Mon Dec 19 12:21:35 2016 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Mon, 19 Dec 2016 12:21:35 +0000 Subject: [pkg-fgfs-crew] Processing of flightgear_2016.4.3+dfsg-2_source.changes Message-ID: flightgear_2016.4.3+dfsg-2_source.changes uploaded successfully to localhost along with the files: flightgear_2016.4.3+dfsg-2.dsc flightgear_2016.4.3+dfsg-2.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org) From ftpmaster at ftp-master.debian.org Mon Dec 19 12:33:28 2016 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Mon, 19 Dec 2016 12:33:28 +0000 Subject: [pkg-fgfs-crew] flightgear_2016.4.3+dfsg-2_source.changes ACCEPTED into unstable Message-ID: Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 19 Dec 2016 12:55:58 +0100 Source: flightgear Binary: flightgear Architecture: source Version: 1:2016.4.3+dfsg-2 Distribution: unstable Urgency: medium Maintainer: Debian FlightGear Crew Changed-By: Markus Wanner Description: flightgear - Flight Gear Flight Simulator Changes: flightgear (1:2016.4.3+dfsg-2) unstable; urgency=medium . * Rebuild against simgear-2016.4.3+dfsg-2. Checksums-Sha1: 7455a067f40668b7bdea27d83a7a75ca39de0317 3344 flightgear_2016.4.3+dfsg-2.dsc c3db8d31a1792f338dab593c168ae82c22c79abd 23348 flightgear_2016.4.3+dfsg-2.debian.tar.xz Checksums-Sha256: b45b915786643a4e6bf325924d8c33200370b2b4a595141685ffff764fc0a78c 3344 flightgear_2016.4.3+dfsg-2.dsc ffd7fd2b16b9cc93302a06640e7464497923ac3a390c69013a70e1d6b94b6140 23348 flightgear_2016.4.3+dfsg-2.debian.tar.xz Files: a208df12c27f0852acd8c8090ffdfcf1 3344 games extra flightgear_2016.4.3+dfsg-2.dsc b4eb6485dc33b5c26481eb5b927b7b77 23348 games extra flightgear_2016.4.3+dfsg-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEE9QZIdt/h2tQT9NSr6GgtGz8x6bMFAlhXzm8ACgkQ6GgtGz8x 6bMowh/+JOt9UoJKD9hR1cSJpUro9sOa0DHnbNW9WVzS1DwbriIfaOFvq6nYADVl j2bIFg+EA8m+TPVKJCY7BYCf2/91VVUEzt3RMyghld6db698rEShUkl3tjErLYxh w6FIrIlrbjYI/HYXoHbgL294Vti+l8zPeT7OSdidUFILq7lB2/4YyGABNHRLU6qC uWvWFvUojfMjbROi7sbBTILam4UnJf1mXfhsUGK8EpED8A/I0ndwsj3taVUDI0AC 5ixhfj3hB32f1JQxza4QVSJ1cciWDdLideejminc+ZCdP36GFw8YWr8PHo1zW61Y w0/MH1VzaJPuCjDUQidyfhCtl9CEEpydgDMunpywTUjEadKpTBESIsf7j9z4QSyw ANC4azGJdEmB1ZlVH1+t461q+cFJqbfNNcSPBwEHSNYSCBDF+hSZM1shK/1eIx94 JHIFJsGqdMai+2wnqUxeLGH2tETFzIBPAGGTCog7x52lweK0iaEIpt0K49r9sJ7l unrZcLGVfZHjdU/Z2u1l1Qz5IpoCvjDXXUg+3NVBIHCIygEOWjdUCSGdTqVIUmAq MH2itMVAqHT6xKxC0GBLlHnFRngMvIevJUfcP/eCXsYYWpRIUIg2J0xC3JH5pGrX fgrdKxXL4vUcD2/hDrfeiKQRCDjvr7WJE6SZ6fQ8I69uRX79hoy5ughFB+ZdUCu/ e8qWRduNOBDTgA5Gh6MXepUGB53pavBZmHZsWxQSlImsO8FxfMKPgP1od3J81EEx LZl8Lbu3Bhwi3/kFXTKzyLcI2mmArQ0o0PQxL19x6LEyuWv6M3G1FHs4ig/tLDD+ Am7tS7gXJaeXcyfRqwofoCZXjcU1PurRufYvwQBOIWym7GGWsrWpQFPKIQuBwHuY J3kYZfXdMxveDE0ddnZrR75nHUH1aoKMDCCt1lFDzm8Uj8tXaje4ZCbz2/+XspVR Hdo+LyoT2wBBPF01UoIGiNg0AI4HzFFrTcYDAxT3xNYmIhkOkoZ9YNqdLAGP80bm tnaMXJ+dq4a0HgamQzJjsNZgITYlZxRhNR/9OxJYK3INyGWobHT7MkX0AkQ0D0gQ BN/4MELsaaWxvRF2bgT/e8ZcQfcmpAaGIQcpViGW93Z3Wdtfqg3pKglnHV+zV7tc cirPPSzMwYs+HXCiKmOqg05GoUOuiHONhbAjBNxPYaH/8tzjq89BhIabzbt5ojcr BY1CRngVbiMHZFIrY6o3Q+1/XwEFik9h+Dq6tPpaGK1f5nmVwiEzzhHVueSjcm8X gxQhX7KEYfRdHkWTWRDTT1aeqvwD/k1G4kU72WttWVybr4Hn8hhkI0WO5B+xhtKf +SWid5HIaYNAhl+dpN1wKaFysHxMrQ== =bDG1 -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From ftpmaster at ftp-master.debian.org Tue Dec 20 18:04:34 2016 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Tue, 20 Dec 2016 18:04:34 +0000 Subject: [pkg-fgfs-crew] Processing of flightgear_3.0.0-5+deb8u1_amd64.changes Message-ID: flightgear_3.0.0-5+deb8u1_amd64.changes uploaded successfully to localhost along with the files: flightgear_3.0.0-5+deb8u1.dsc flightgear_3.0.0.orig.tar.bz2 flightgear_3.0.0-5+deb8u1.debian.tar.xz flightgear_3.0.0-5+deb8u1_amd64.deb Greetings, Your Debian queue daemon (running on host usper.debian.org) From noreply at release.debian.org Thu Dec 22 04:39:08 2016 From: noreply at release.debian.org (Debian testing autoremoval watch) Date: Thu, 22 Dec 2016 04:39:08 +0000 Subject: [pkg-fgfs-crew] flightgear is marked for autoremoval from testing Message-ID: flightgear 1:2016.4.2+dfsg-1 is marked for autoremoval from testing on 2017-01-12 It is affected by these RC bugs: 848114: flightgear: CVE-2016-9956: Allows the route manager to overwrite arbitrary files From noreply at release.debian.org Wed Dec 28 16:39:16 2016 From: noreply at release.debian.org (Debian testing watch) Date: Wed, 28 Dec 2016 16:39:16 +0000 Subject: [pkg-fgfs-crew] flightgear 1:2016.4.3+dfsg-2 MIGRATED to testing Message-ID: FYI: The status of the flightgear source package in Debian's testing distribution has changed. Previous version: 1:2016.4.2+dfsg-1 Current version: 1:2016.4.3+dfsg-2 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. From noreply at release.debian.org Thu Dec 29 16:39:52 2016 From: noreply at release.debian.org (Debian testing watch) Date: Thu, 29 Dec 2016 16:39:52 +0000 Subject: [pkg-fgfs-crew] simgear 1:2016.4.3+dfsg-2 MIGRATED to testing Message-ID: FYI: The status of the simgear source package in Debian's testing distribution has changed. Previous version: 1:2016.4.2+dfsg-1 Current version: 1:2016.4.3+dfsg-2 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. From noreply at release.debian.org Thu Dec 29 16:39:24 2016 From: noreply at release.debian.org (Debian testing watch) Date: Thu, 29 Dec 2016 16:39:24 +0000 Subject: [pkg-fgfs-crew] fgrun 3.4.0.final-3 MIGRATED to testing Message-ID: FYI: The status of the fgrun source package in Debian's testing distribution has changed. Previous version: (not in testing) Current version: 3.4.0.final-3 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. From noreply at release.debian.org Sat Dec 31 04:39:28 2016 From: noreply at release.debian.org (Debian testing autoremoval watch) Date: Sat, 31 Dec 2016 04:39:28 +0000 Subject: [pkg-fgfs-crew] fgrun is marked for autoremoval from testing Message-ID: fgrun 3.4.0.final-3 is marked for autoremoval from testing on 2017-01-14 It is affected by these RC bugs: 839357: fgrun: FTBFS: wizard_funcs.cxx:1202:51: error: no matching function for call to 'readProperties(const char*, SGPropertyNode*)'