lesstif1-1: Further unfixed XPM buffer overflows (CAN-2005-0605)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lesstif1-1 (Debian) |
Fix Released
|
Unknown
|
|||
lesstif1-1 (Ubuntu) |
Fix Released
|
High
|
Martin Pitt |
Bug Description
Automatically imported from Debian bug report #298183 http://
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #1 |
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #2 |
Message-Id: <email address hidden>
Date: Sat, 05 Mar 2005 15:34:54 +0100
From: Moritz Muehlenhoff <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: lesstif1-1: Further unfixed XPM buffer overflows (CAN-2005-0605)
--=====
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-
Content-
Package: lesstif1-1
Severity: grave
Tags: security, patch
Justification: user security hole
Quoting from a recent Gentoo security advisory:
> Chris Gilbert discovered potentially exploitable buffer overflow cases
> in libXpm that weren't fixed in previous libXpm security advisories.
This has been assigned CAN-2005-0605, Woody should be affected as
well.
The attached patch has been taken from Gentoo bugtracking, as the
lesstif CVS doesn't have a commit yet. Judging from the source I assume
that this fixes only lesstif2, but not lesstif1, am I correct?
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-686
Locale: LANG=C, LC_CTYPE=
--=====
Content-Type: text/x-c; charset="us-ascii"
MIME-Version: 1.0
Content-
Content-
--- lesstif-
+++ lesstif-
@@ -672,8 +672,8 @@
char *dst;
unsigned int *iptr;
char *data;
- unsigned int x, y, i;
- int bits, depth, ibu, ibpp, offset;
+ unsigned int x, y;
+ int bits, depth, ibu, ibpp, offset, i;
unsigned long lbt;
Pixel pixel, px;
@@ -684,6 +684,9 @@
ibpp = image->
offset = image->xoffset;
+ if (image->bitmap_unit < 0)
+ return (XpmNoMemory);
+
if ((image-
ibu = image->bitmap_unit;
for (y = 0; y < height; y++)
--- lesstif-
+++ lesstif-
@@ -1265,10 +1265,10 @@
register char *src;
register char *dst;
register unsigned int *iptr;
- register unsigned int x, y, i;
+ register unsigned int x, y;
register char *data;
Pixel pixel, px;
- int nbytes, depth, ibu, ibpp;
+ int nbytes, depth, ibu, ibpp, i;
data = image->data;
iptr = pixelindex;
--=====
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Martin Pitt (pitti) wrote : | #3 |
Fixed Warty in USN-92-1:
lesstif1-1 (1:0.93.
.
* SECURITY UPDATE: More Xpm vulnerabilities.
* lib/Xm-
freedeskto
* lib/Xm/LTXpm.c: Backported patch to old lesstif1.
* References:
CAN-2005-0605
https:/
https:/
Fixed Hoary in
lesstif1-1 (1:0.93.
.
* SECURITY UDPATE: Fix multiple Xpm vulnerabilities.
* lib/Xm-2.1/Xpm.c: Split into several files (as upstream did for easier
patching), applied fixes pulled from new upstream version.
References:
- CAN-2004-0914
- Ubuntu #6273
- Debian #294099
* lib/Xm-
freedeskto
References:
- CAN-2005-0605
- https:/
- https:/
* lib/Xm/LTXpm.c: Backported CAN-2005-0605 patch to old lesstif1.
* Added CAN numbers to changelog of 1:0.93.94-4ubuntu1.
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#4 |
Ubuntu backported a fix for this hole to lesstif1. From their changelog:
* SECURITY UPDATE: More Xpm vulnerabilities.
* lib/Xm-
freedesktop.org to avoid integer overflows.
* lib/Xm/LTXpm.c: Backported patch to old lesstif1.
* References:
CAN-2005-0605
https:/
https:/
I'm not going to try to islate the patch from their diff, as previous changes
in their diff make that difficult:
* SECURITY UDPATE: Fix multiple Xpm vulnerabilities.
* lib/Xm-2.1/Xpm.c: Split into several files (as upstream did for easier
patching), applied fixes pulled from new upstream version.
References:
- CAN-2004-0914
- Ubuntu #6273
- Debian #294099
* Added CAN numbers to previous changelog.
* SECURITY: apply Xpm security fixes. (Closes: #1821)
* CAN-2004-0687, CAN-2004-0688
Their diff is here:
http://
--
see shy jo
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #5 |
Message-ID: <email address hidden>
Date: Tue, 8 Mar 2005 17:21:02 -0500
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: improved patch (from ubuntu)
--FL5UXtIhxfXey3p5
Content-Type: text/plain; charset=us-ascii
Content-
Content-
Ubuntu backported a fix for this hole to lesstif1. From their changelog:
* SECURITY UPDATE: More Xpm vulnerabilities.
* lib/Xm-
freedesktop.org to avoid integer overflows.
* lib/Xm/LTXpm.c: Backported patch to old lesstif1.
* References:
CAN-2005-0605
https:/
https:/
I'm not going to try to islate the patch from their diff, as previous chang=
es
in their diff make that difficult:
* SECURITY UDPATE: Fix multiple Xpm vulnerabilities.
* lib/Xm-2.1/Xpm.c: Split into several files (as upstream did for easier
patching), applied fixes pulled from new upstream version.
References:
- CAN-2004-0914
- Ubuntu #6273
- Debian #294099
* Added CAN numbers to previous changelog.
* SECURITY: apply Xpm security fixes. (Closes: #1821)
* CAN-2004-0687, CAN-2004-0688
Their diff is here:
http://
-4ubuntu1.3.diff.gz
--=20
see shy jo
--FL5UXtIhxfXey3p5
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCLiVKd8H
RwK5+j8DcSe8JNn
=bA+y
-----END PGP SIGNATURE-----
--FL5UXtIhxfXey
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#6 |
Hi!
> Ubuntu backported a fix for this hole to lesstif1. From their changelog:
>
> * SECURITY UPDATE: More Xpm vulnerabilities.
> * lib/Xm-
> freedesktop.org to avoid integer overflows.
> * lib/Xm/LTXpm.c: Backported patch to old lesstif1.
> * References:
> CAN-2005-0605
> https:/
> https:/
The change for lesstif1 was rather trivial since the variables
are declared correctly already. So the patch for the old lesstif1
reduces to
--- lesstif1-
+++ lesstif1-
@@ -6305,6 +6305,9 @@
ibpp = image->
offset = image->xoffset;
+ if (image->bitmap_unit < 0)
+ return (_LtXpmNoMemory);
+
if ((image-
ibu = image->bitmap_unit;
for (y = 0; y < height; y++)
Regards,
Martin
--
Martin Pitt http://
Ubuntu Developer http://
Debian GNU/Linux Developer http://
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #7 |
Message-ID: <email address hidden>
Date: Wed, 9 Mar 2005 08:22:55 +0100
From: Martin Pitt <email address hidden>
To: <email address hidden>
Subject: lesstif1-1: Further unfixed XPM buffer overflows (CAN-2005-0605)
--r5Pyd7+fXNt84Ff3
Content-Type: text/plain; charset=us-ascii
Content-
Content-
Hi!
> Ubuntu backported a fix for this hole to lesstif1. From their changelog:
>=20
> * SECURITY UPDATE: More Xpm vulnerabilities.
> * lib/Xm-
> freedesktop.org to avoid integer overflows.
> * lib/Xm/LTXpm.c: Backported patch to old lesstif1.
> * References:
> CAN-2005-0605
> https:/
> https:/
The change for lesstif1 was rather trivial since the variables
are declared correctly already. So the patch for the old lesstif1
reduces to
--- lesstif1-
+++ lesstif1-
@@ -6305,6 +6305,9 @@
ibpp =3D image->
offset =3D image->xoffset;
+ if (image->bitmap_unit < 0)
+ return (_LtXpmNoMemory);
+
if ((image-
ibu =3D image->bitmap_unit;
for (y =3D 0; y < height; y++)
Regards,
Martin
--=20
Martin Pitt http://
Ubuntu Developer http://
Debian GNU/Linux Developer http://
--r5Pyd7+fXNt84Ff3
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCLqRODec
QFq0i9WGLinWois
=qDPp
-----END PGP SIGNATURE-----
--r5Pyd7+
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#8 |
It turns out that the older version of lesstif2 we have also had the
variables defined as signed ints, so the patch to fix CAN-2005-0605 in
lesstif2 is shorter than the fixes needed for newer versions of the
library. I combined this fix with the fix for lesstif1 that Martin Pitt
was kind enough to send and the result is the attached NMU diff.
Note that I haven't NMUed it yet, I'm still looking at the other open
security holes.
--
see shy jo
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #9 |
Message-ID: <email address hidden>
Date: Thu, 10 Mar 2005 16:54:19 -0500
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: NMU diff
--+pHx0qQiF2pBVqBT
Content-Type: multipart/mixed; boundary=
Content-
--IJpNTDwzlM2Ie8A6
Content-Type: text/plain; charset=us-ascii
Content-
Content-
It turns out that the older version of lesstif2 we have also had the
variables defined as signed ints, so the patch to fix CAN-2005-0605 in
lesstif2 is shorter than the fixes needed for newer versions of the
library. I combined this fix with the fix for lesstif1 that Martin Pitt
was kind enough to send and the result is the attached NMU diff.
Note that I haven't NMUed it yet, I'm still looking at the other open
security holes.
--=20
see shy jo
--IJpNTDwzlM2Ie8A6
Content-Type: text/plain; charset=us-ascii
Content-
Content-
diff -ur old/lesstif1-
changelog
--- old/lesstif1-
0500
+++ lesstif1-
@@ -1,3 +1,12 @@
+lesstif1-1 (1:0.93.94-11.1) unstable; urgency=3DHIGH
+
+ * NMU
+ * Apply fix for newest libXpm buffer overflows in lesstif1, involving a
+ negative bitmap_unit value. Fixed both lesstif1 and lesstif2.
+ Closes: #298939 (CAN-2005-0605)
+
+ -- Joey Hess <email address hidden> Thu, 10 Mar 2005 16:34:21 -0500
+
lesstif1-1 (1:0.93.94-11) unstable; urgency=3Dlow
=20
* Mention CAN-2004-0688 in the 1:0.93.94-9 changelog.
diff -ur old/lesstif1-
Xpm.c
--- old/lesstif1-
00
+++ lesstif1-
@@ -6395,6 +6395,9 @@
ibpp =3D image->
offset =3D image->xoffset;
=20
+ if (image->bitmap_unit < 0)
+ return (_LtXpmNoMemory);
+ =20
if ((image-
ibu =3D image->bitmap_unit;
for (y =3D 0; y < height; y++)
diff -ur old/lesstif1-
2.1/Xpm.c
--- old/lesstif1-
0500
+++ lesstif1-
@@ -6373,6 +6373,9 @@
ibpp =3D image->
offset =3D image->xoffset;
=20
+ if (image->bitmap_unit < 0)
+ return (XpmNoMemory);
+ =20
if ((image-
ibu =3D image->bitmap_unit;
for (y =3D 0; y < height; y++)
--IJpNTDwzlM2Ie
--+pHx0qQiF2pBVqBT
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCMMIKd8H
wR7JxLTFtT0cKXB
=PGLI
-----END PGP SIGNATURE-----
--+pHx0qQiF2pBV
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#10 |
tag 298183 fixed
merge 298183 299236
thanks
Branden Robinson wrote:
> clone 298939 -1
> retitle -1 lesstif1-1: copy of libXpm code affected by buffer overflow CAN-2005-0605
> reassign -1 lesstif1-1
> # I don't actually know if it's fixed upstream yet in LessTif, but I'm
> # guessing it's not.
> tag -1 - fixed-upstream
> # libxpm4 is not fixed until the security buildds' packages are uploaded.
> tag 298939 - fixed
> thanks
>
> Hi Joey,
>
> Did you mean to only reference #298939 in your NMU of lesstif1-1? You said
> "Closes:", which marked as fixed the bug I filed against libxpm4, which is
> not part of lesstif1-1 and is not yet fixed.
>
> I am assuming your closing of #298939 is in error (since it's not
> accurate), and cloning a copy of it for CAN-2005-0605's affect of
> lesstif1-1.
Sorry, I meant to refer to bug #298183 which was already open on
lesstif1 for the same vulnerability.
--
see shy jo
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #11 |
Message-ID: <email address hidden>
Date: Sat, 12 Mar 2005 17:53:36 -0500
From: Joey Hess <email address hidden>
To: <email address hidden>
Cc: <email address hidden>, <email address hidden>
Subject: Re: #298939 should not have been marked fixed by lesstif1-1 NMU
--d6Gm4EdcadzBjdND
Content-Type: text/plain; charset=us-ascii
Content-
Content-
tag 298183 fixed
merge 298183 299236
thanks
Branden Robinson wrote:
> clone 298939 -1
> retitle -1 lesstif1-1: copy of libXpm code affected by buffer overflow CA=
N-2005-0605
> reassign -1 lesstif1-1
> # I don't actually know if it's fixed upstream yet in LessTif, but I'm
> # guessing it's not.
> tag -1 - fixed-upstream
> # libxpm4 is not fixed until the security buildds' packages are uploaded.
> tag 298939 - fixed
> thanks
>=20
> Hi Joey,
>=20
> Did you mean to only reference #298939 in your NMU of lesstif1-1? You sa=
id
> "Closes:", which marked as fixed the bug I filed against libxpm4, which is
> not part of lesstif1-1 and is not yet fixed.
>=20
> I am assuming your closing of #298939 is in error (since it's not
> accurate), and cloning a copy of it for CAN-2005-0605's affect of
> lesstif1-1.
Sorry, I meant to refer to bug #298183 which was already open on
lesstif1 for the same vulnerability.
--=20
see shy jo
--d6Gm4EdcadzBjdND
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCM3Lvd8H
Y7oGURkfv29QQqc
=GuJw
-----END PGP SIGNATURE-----
--d6Gm4EdcadzBj
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#12 |
Source: lesstif1-1
Source-Version: 1:0.93.94-12
We believe that the bug you reported is fixed in the latest version of
lesstif1-1, which is due to be installed in the Debian FTP archive:
lesstif-
to pool/main/
lesstif1-
to pool/main/
lesstif1-
to pool/main/
lesstif1_
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <email address hidden> (supplier of updated lesstif1-1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 11 Nov 2005 16:07:34 +0100
Source: lesstif1-1
Binary: lesstif-dev lesstif1
Architecture: source i386
Version: 1:0.93.94-12
Distribution: unstable
Urgency: low
Maintainer: Sam Hocevar (Debian packages) <email address hidden>
Changed-By: Sam Hocevar (Debian packages) <email address hidden>
Description:
lesstif-dev - development library and header files for LessTif 1.2
lesstif1 - OSF/Motif 1.2 implementation released under LGPL
Closes: 279402 287187 294099 298183 299236 335132
Changes:
lesstif1-1 (1:0.93.94-12) unstable; urgency=low
.
* Acknowledge previous NMUs. Thanks a million to Joey Hess and Matej Vela
for their work (Closes: #294099, #298183, #299236, #279402, #287187).
* Upstream dropped support for lesstif1. This package will generate lesstif1
binaries only. When all Debian packages have been migrated to lesstif2 it
will be discontinued.
* debian/control:
+ Set policy to 3.6.2.1.
+ Build-depend on debhelper >= 4.0.
+ No longer build-depend on autoconf, automake and libtool
(Closes: #335132).
* Rebootstrapped "." and "test".
Files:
948f4b89b5889b
f3d89e0f89995c
f4e01a69dd3277
8ed2ce8f8352e0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDdNsEfPP
KWciC3nZj8HLUCq
=7Czj
-----END PGP SIGNATURE-----
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#13 |
Source: lesstif1-1
Source-Version: 1:0.93.94-12
We believe that the bug you reported is fixed in the latest version of
lesstif1-1, which is due to be installed in the Debian FTP archive:
lesstif-
to pool/main/
lesstif1-
to pool/main/
lesstif1-
to pool/main/
lesstif1_
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <email address hidden> (supplier of updated lesstif1-1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 11 Nov 2005 16:07:34 +0100
Source: lesstif1-1
Binary: lesstif-dev lesstif1
Architecture: source i386
Version: 1:0.93.94-12
Distribution: unstable
Urgency: low
Maintainer: Sam Hocevar (Debian packages) <email address hidden>
Changed-By: Sam Hocevar (Debian packages) <email address hidden>
Description:
lesstif-dev - development library and header files for LessTif 1.2
lesstif1 - OSF/Motif 1.2 implementation released under LGPL
Closes: 279402 287187 294099 298183 299236 335132
Changes:
lesstif1-1 (1:0.93.94-12) unstable; urgency=low
.
* Acknowledge previous NMUs. Thanks a million to Joey Hess and Matej Vela
for their work (Closes: #294099, #298183, #299236, #279402, #287187).
* Upstream dropped support for lesstif1. This package will generate lesstif1
binaries only. When all Debian packages have been migrated to lesstif2 it
will be discontinued.
* debian/control:
+ Set policy to 3.6.2.1.
+ Build-depend on debhelper >= 4.0.
+ No longer build-depend on autoconf, automake and libtool
(Closes: #335132).
* Rebootstrapped "." and "test".
Files:
948f4b89b5889b
f3d89e0f89995c
f4e01a69dd3277
8ed2ce8f8352e0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDdNsEfPP
KWciC3nZj8HLUCq
=7Czj
-----END PGP SIGNATURE-----
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #14 |
Message-Id: <email address hidden>
Date: Fri, 11 Nov 2005 11:17:22 -0800
From: Sam Hocevar (Debian packages) <email address hidden>
To: <email address hidden>
Subject: Bug#298183: fixed in lesstif1-1 1:0.93.94-12
Source: lesstif1-1
Source-Version: 1:0.93.94-12
We believe that the bug you reported is fixed in the latest version of
lesstif1-1, which is due to be installed in the Debian FTP archive:
lesstif-
to pool/main/
lesstif1-
to pool/main/
lesstif1-
to pool/main/
lesstif1_
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <email address hidden> (supplier of updated lesstif1-1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 11 Nov 2005 16:07:34 +0100
Source: lesstif1-1
Binary: lesstif-dev lesstif1
Architecture: source i386
Version: 1:0.93.94-12
Distribution: unstable
Urgency: low
Maintainer: Sam Hocevar (Debian packages) <email address hidden>
Changed-By: Sam Hocevar (Debian packages) <email address hidden>
Description:
lesstif-dev - development library and header files for LessTif 1.2
lesstif1 - OSF/Motif 1.2 implementation released under LGPL
Closes: 279402 287187 294099 298183 299236 335132
Changes:
lesstif1-1 (1:0.93.94-12) unstable; urgency=low
.
* Acknowledge previous NMUs. Thanks a million to Joey Hess and Matej Vela
for their work (Closes: #294099, #298183, #299236, #279402, #287187).
* Upstream dropped support for lesstif1. This package will generate lesstif1
binaries only. When all Debian packages have been migrated to lesstif2 it
will be discontinued.
* debian/control:
+ Set policy to 3.6.2.1.
+ Build-depend on debhelper >= 4.0.
+ No longer build-depend on autoconf, automake and libtool
(Closes: #335132).
* Rebootstrapped "." and "test".
Files:
948f4b89b5889b
f3d89e0f89995c
f4e01a69dd3277
8ed2ce8f8352e0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDdNsEfPP
KWciC3nZj8HLUCq
=7Czj
-----END PGP SIGNATURE-----
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #15 |
Message-Id: <email address hidden>
Date: Fri, 11 Nov 2005 11:17:22 -0800
From: Sam Hocevar (Debian packages) <email address hidden>
To: <email address hidden>
Subject: Bug#299236: fixed in lesstif1-1 1:0.93.94-12
Source: lesstif1-1
Source-Version: 1:0.93.94-12
We believe that the bug you reported is fixed in the latest version of
lesstif1-1, which is due to be installed in the Debian FTP archive:
lesstif-
to pool/main/
lesstif1-
to pool/main/
lesstif1-
to pool/main/
lesstif1_
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <email address hidden> (supplier of updated lesstif1-1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 11 Nov 2005 16:07:34 +0100
Source: lesstif1-1
Binary: lesstif-dev lesstif1
Architecture: source i386
Version: 1:0.93.94-12
Distribution: unstable
Urgency: low
Maintainer: Sam Hocevar (Debian packages) <email address hidden>
Changed-By: Sam Hocevar (Debian packages) <email address hidden>
Description:
lesstif-dev - development library and header files for LessTif 1.2
lesstif1 - OSF/Motif 1.2 implementation released under LGPL
Closes: 279402 287187 294099 298183 299236 335132
Changes:
lesstif1-1 (1:0.93.94-12) unstable; urgency=low
.
* Acknowledge previous NMUs. Thanks a million to Joey Hess and Matej Vela
for their work (Closes: #294099, #298183, #299236, #279402, #287187).
* Upstream dropped support for lesstif1. This package will generate lesstif1
binaries only. When all Debian packages have been migrated to lesstif2 it
will be discontinued.
* debian/control:
+ Set policy to 3.6.2.1.
+ Build-depend on debhelper >= 4.0.
+ No longer build-depend on autoconf, automake and libtool
(Closes: #335132).
* Rebootstrapped "." and "test".
Files:
948f4b89b5889b
f3d89e0f89995c
f4e01a69dd3277
8ed2ce8f8352e0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDdNsEfPP
KWciC3nZj8HLUCq
=7Czj
-----END PGP SIGNATURE-----
Automatically imported from Debian bug report #298183 http:// bugs.debian. org/298183