Bug#1034276: unblock: fwknop/2.6.10-16

2023-04-11 Thread Francois Marier 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: fwk...@packages.debian.org
Control: affects -1 + src:fwknop

Please unblock package fwknop

[ Reason ]
The AppArmor profile was incorrectly installed in the systemd
system service path:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034055

[ Impact ]
I'm not sure whether it would cause any actual problems, but it is likely a
policy violation and the bug reporter did file it as an RC bug.

[ Tests ]
I upgraded to the version I uploaded to unstable yesterday and confirmed
that the file is in the new location:

  $ dpkg -L fwknop-apparmor-profile | grep usr.sbin.fwknopd
  /usr/share/apparmor/extra-profiles/usr.sbin.fwknopd

[ Risks ]
Trivial fix. I made it so that the AppArmor profile is not automatically
enabled either to avoid changing (i.e. fixing) the behavior compared to what
it was in -15.

So this should be a no-op in terms of functionality.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing


unblock fwknop/2.6.10-16
diff -Nru fwknop-2.6.10/debian/changelog fwknop-2.6.10/debian/changelog
--- fwknop-2.6.10/debian/changelog	2023-01-10 21:23:46.0 -0800
+++ fwknop-2.6.10/debian/changelog	2023-04-10 20:52:01.0 -0700
@@ -1,3 +1,12 @@
+fwknop (2.6.10-16) unstable; urgency=high
+
+  * Install apparmor profile in /usr/share/apparmor/extra-profiles/
+instead of the systemd service directory. Note that the profile
+will not be used unless manually copied into /etc/apparmor.d/
+(Closes: #1034055).
+
+ -- Francois Marier   Mon, 10 Apr 2023 20:52:01 -0700
+
 fwknop (2.6.10-15) unstable; urgency=medium
 
   [ Helmut Grohne ]
diff -Nru fwknop-2.6.10/debian/fwknop-apparmor-profile.install fwknop-2.6.10/debian/fwknop-apparmor-profile.install
--- fwknop-2.6.10/debian/fwknop-apparmor-profile.install	2023-01-10 21:23:46.0 -0800
+++ fwknop-2.6.10/debian/fwknop-apparmor-profile.install	2023-04-10 20:52:01.0 -0700
@@ -1 +1 @@
-extras/apparmor/usr.sbin.fwknopd	/usr/lib/systemd/system/
+extras/apparmor/usr.sbin.fwknopd	/usr/share/apparmor/extra-profiles/

Bug#986780: unblock: email-reminder/0.8.1-3

2021-04-11 Thread Francois Marier 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package email-reminder

[ Reason ]
The .desktop file is not installed (bug #986744).

[ Impact ]
A non-technical user likely won't be able to start the application at
all.

[ Tests ]
Manual test: open gnome-shell and ensure it's displayed in the list of
applications.

[ Risks ]
Minimal: one-line change which only affects the .desktop file.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock email-reminder/0.8.1-3
diff -Nru email-reminder-0.8.1/debian/changelog email-reminder-0.8.1/debian/changelog
--- email-reminder-0.8.1/debian/changelog	2021-01-18 22:01:41.0 -0800
+++ email-reminder-0.8.1/debian/changelog	2021-04-10 19:26:37.0 -0700
@@ -1,3 +1,9 @@
+email-reminder (0.8.1-3) unstable; urgency=medium
+
+  * Add missing .desktop file (closes: #986744).
+
+ -- Francois Marier   Sat, 10 Apr 2021 19:26:37 -0700
+
 email-reminder (0.8.1-2) unstable; urgency=medium
 
   * Bump Standards-Version up to 4.5.1.
diff -Nru email-reminder-0.8.1/debian/install email-reminder-0.8.1/debian/install
--- email-reminder-0.8.1/debian/install	1969-12-31 16:00:00.0 -0800
+++ email-reminder-0.8.1/debian/install	2021-04-10 19:26:37.0 -0700
@@ -0,0 +1 @@
+email-reminder.desktop  usr/share/applications

Bug#933636: CVE-2019-14934

2020-02-10 Thread Francois Marier 
On 2020-02-07 at 10:14:24, Salvatore Bonaccorso wrote:
> > It looks OK to me. Tagging moreinfo until there's a final diff.
> 
> Friendly ping, any news? (It's too late now for the upcoming point
> release though).

It's still on my list, but not a very high priority. Definitely won't happen
until at least after the Ubuntu 20.04 Debian merge deadline.

Francois

-- 
https://fmarier.org/

Bug#933636: CVE-2019-14934

2019-08-14 Thread Francois Marier 
There is now an additional CVE that affects pdfresurrect in buster and
stretch:

  https://security-tracker.debian.org/tracker/CVE-2019-14934

Neither this one or CVE-2019-14267 are deemed worthy of a DSA however.

If you approve the first upload I have prepared for buster and stretch, I
will revise it to include the fix for this second CVE, but I will wait for
your initial approval before putting any more work into this.

Francois

-- 
https://fmarier.org/

Bug#933636: stretch-pu: package pdfresurrect/0.12-6

2019-08-01 Thread Francois Marier 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

I'd like to fix a buffer overflow in the pdfresurrect version that's in
stretch.

See https://security-tracker.debian.org/tracker/CVE-2019-14267.

Attached is the debdiff.

Francois
diff -Nru pdfresurrect-0.12/debian/changelog pdfresurrect-0.12/debian/changelog
--- pdfresurrect-0.12/debian/changelog	2015-09-13 18:30:02.0 -0700
+++ pdfresurrect-0.12/debian/changelog	2019-07-30 08:54:01.0 -0700
@@ -1,3 +1,9 @@
+pdfresurrect (0.12-6+deb9u1) stretch; urgency=high
+
+  * Fix buffer overflow (CVE-2019-14267).
+
+ -- Francois Marier   Tue, 30 Jul 2019 08:54:01 -0700
+
 pdfresurrect (0.12-6) unstable; urgency=medium
 
   * Run wrap-and-sort
diff -Nru pdfresurrect-0.12/debian/patches/CVE-2019-14267.patch pdfresurrect-0.12/debian/patches/CVE-2019-14267.patch
--- pdfresurrect-0.12/debian/patches/CVE-2019-14267.patch	1969-12-31 16:00:00.0 -0800
+++ pdfresurrect-0.12/debian/patches/CVE-2019-14267.patch	2019-07-30 08:54:01.0 -0700
@@ -0,0 +1,47 @@
+commit 4ea7a6f4f51d0440da651d099247e2273f811dbc
+Author: Matt Davis 
+Date:   Thu Jul 25 20:30:04 2019 -0700
+Last-Update: 2019-07-30
+
+Prevent a buffer overflow in possibly corrupt PDFs.
+
+The startxref identification logic assumed a worse case of having to
+inspect 256 bytes.  However, that is not always the case (e.g.,
+corrupted PDFs).  This patch prevents that situation.
+
+This bug was identified by j0lamma.  Thanks!
+
+CVE-2019-14267
+
+diff --git a/main.c b/main.c
+index d274acc..18ba696 100644
+--- a/main.c
 b/main.c
+@@ -230,7 +230,10 @@ static pdf_t *init_pdf(FILE *fp, const char *name)
+ 
+ pdf = pdf_new(name);
+ pdf_get_version(fp, pdf);
+-pdf_load_xrefs(fp, pdf);
++if (pdf_load_xrefs(fp, pdf) == -1) {
++  pdf_delete(pdf);
++  return NULL;
++}
+ pdf_load_pages_kids(fp, pdf);
+ 
+ return pdf;
+diff --git a/pdf.c b/pdf.c
+index 27b09a1..b671537 100644
+--- a/pdf.c
 b/pdf.c
+@@ -210,6 +210,11 @@ int pdf_load_xrefs(FILE *fp, pdf_t *pdf)
+   fseek(fp, pos - (++pos_count), SEEK_SET);
+ 
+ /* Suck in end of "startxref" to start of %%EOF */
++if (pos_count >= sizeof(buf)) {
++  ERR("Failed to locate the startxref token. "
++  "This might be a corrupt PDF.\n");
++  return -1;
++}
+ memset(buf, 0, sizeof(buf));
+ fread(buf, 1, pos_count, fp);
+ c = buf;
diff -Nru pdfresurrect-0.12/debian/patches/series pdfresurrect-0.12/debian/patches/series
--- pdfresurrect-0.12/debian/patches/series	2015-09-13 18:30:02.0 -0700
+++ pdfresurrect-0.12/debian/patches/series	2019-07-30 08:54:01.0 -0700
@@ -1 +1,2 @@
 fix_manpage_path.patch
+CVE-2019-14267.patch

Bug#933637: buster-pu: package pdfresurrect/0.15-2

2019-08-01 Thread Francois Marier 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

I'd like to fix a buffer overflow in the pdfresurrect version that's in
buster.

See https://security-tracker.debian.org/tracker/CVE-2019-14267.

Attached is the debdiff.

Francois
diff -Nru pdfresurrect-0.15/debian/changelog pdfresurrect-0.15/debian/changelog
--- pdfresurrect-0.15/debian/changelog	2019-03-01 23:12:55.0 -0800
+++ pdfresurrect-0.15/debian/changelog	2019-07-30 08:41:35.0 -0700
@@ -1,3 +1,9 @@
+pdfresurrect (0.15-2+deb10u1) buster; urgency=high
+
+  * Fix buffer overflow (CVE-2019-14267).
+
+ -- Francois Marier   Tue, 30 Jul 2019 08:41:35 -0700
+
 pdfresurrect (0.15-2) unstable; urgency=medium
 
   * Bump Standars-Version up to 4.3.0
diff -Nru pdfresurrect-0.15/debian/patches/CVE-2019-14267.patch pdfresurrect-0.15/debian/patches/CVE-2019-14267.patch
--- pdfresurrect-0.15/debian/patches/CVE-2019-14267.patch	1969-12-31 16:00:00.0 -0800
+++ pdfresurrect-0.15/debian/patches/CVE-2019-14267.patch	2019-07-30 08:41:35.0 -0700
@@ -0,0 +1,46 @@
+commit 4ea7a6f4f51d0440da651d099247e2273f811dbc
+Author: Matt Davis 
+Date:   Thu Jul 25 20:30:04 2019 -0700
+
+Prevent a buffer overflow in possibly corrupt PDFs.
+
+The startxref identification logic assumed a worse case of having to
+inspect 256 bytes.  However, that is not always the case (e.g.,
+corrupted PDFs).  This patch prevents that situation.
+
+This bug was identified by j0lamma.  Thanks!
+
+CVE-2019-14267
+
+diff --git a/main.c b/main.c
+index d604613..de2f8e9 100644
+--- a/main.c
 b/main.c
+@@ -203,7 +203,10 @@ static pdf_t *init_pdf(FILE *fp, const char *name)
+ 
+ pdf = pdf_new(name);
+ pdf_get_version(fp, pdf);
+-pdf_load_xrefs(fp, pdf);
++if (pdf_load_xrefs(fp, pdf) == -1) {
++  pdf_delete(pdf);
++  return NULL;
++}
+ pdf_load_pages_kids(fp, pdf);
+ 
+ return pdf;
+diff --git a/pdf.c b/pdf.c
+index 4cd7f12..b23b50a 100644
+--- a/pdf.c
 b/pdf.c
+@@ -233,6 +233,11 @@ int pdf_load_xrefs(FILE *fp, pdf_t *pdf)
+   fseek(fp, pos - (++pos_count), SEEK_SET);
+ 
+ /* Suck in end of "startxref" to start of %%EOF */
++if (pos_count >= sizeof(buf)) {
++  ERR("Failed to locate the startxref token. "
++  "This might be a corrupt PDF.\n");
++  return -1;
++}
+ memset(buf, 0, sizeof(buf));
+ SAFE_E(fread(buf, 1, pos_count, fp), pos_count,
+"Failed to read startxref.\n");
diff -Nru pdfresurrect-0.15/debian/patches/series pdfresurrect-0.15/debian/patches/series
--- pdfresurrect-0.15/debian/patches/series	1969-12-31 16:00:00.0 -0800
+++ pdfresurrect-0.15/debian/patches/series	2019-07-30 08:41:35.0 -0700
@@ -0,0 +1 @@
+CVE-2019-14267.patch

Bug#801617: RM: vimperator/stable -- ROM; keeps breaking with Iceweasel security updates

2015-10-12 Thread Francois Marier 
Package: ftp.debian.org
Severity: normal

I would like to request removal of vimperator from stable since it
constantly gets out of sync with new security releases of Iceweasel and
breaks. In fact, it is currently broken at the moment (800508). There is
also some uncertainty around the upcoming add-on signing enforcement.

The alternative is for users to install it directly from upstream:

  https://addons.mozilla.org/en-US/firefox/addon/vimperator/

Updates will be handled automatically by Iceweasel.

Note: it has already been removed from unstable (801473).

Francois

Bug#801617: RM: vimperator/stable -- ROM; keeps breaking with Iceweasel security updates

2015-10-12 Thread Francois Marier 
On 2015-10-12 at 17:37:17, Adam D. Barratt wrote:
> Removals from {,old}stable are handled by the Release Team.

Interesting, I guess there's a bug in reportbug :)

> Should the package also be removed from oldstable?

Yes, it's definitely broken in oldstable too (and has been for a long time).

Francois

-- 
http://fmarier.org/

Bug#711736: pu: package vimperator/3.3-2

2015-01-17 Thread Francois Marier 
On 2015-01-17 at 12:14:21, Adam D. Barratt wrote:
 It doesn't look like anything happened in the meantime.
 
 Do we know what's required to make the package work with the current
 iceweasel in wheezy?

Now that stable and unstable are tracking the same version of iceweasel, I'm
guessing we need to upload the unstable version of iceweasel as a stable
wheezy update.

Francois

-- 
Francois Marier   identi.ca/fmarier
http://fmarier.org  twitter.com/fmarier


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150117173852.ge1...@akranes.dyndns.org

Bug#769056: unblock: rkhunter/1.4.2-0.3

2014-11-10 Thread Francois Marier 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package rkhunter

This release fixes a single important bug (#767731) introduced in
the latest upstream release, with a very simple fix:

-  if [ `${IPCS_CMD} -u 2/dev/null | awk -F' ' '/segments allocated/ {print 
$3}'` -ne 0 ]; then
+  if [ `LANG=C ${IPCS_CMD} -u 2/dev/null | awk -F' ' '/segments allocated/ 
{print $3}'` -ne 0 ]; then

(the addition of LANG=C before grepping in the command's output)

Attached is a full debdiff.

unblock rkhunter/1.4.2-0.3
diff -Nru rkhunter-1.4.2/debian/changelog rkhunter-1.4.2/debian/changelog
--- rkhunter-1.4.2/debian/changelog	2014-10-19 20:14:41.0 +1300
+++ rkhunter-1.4.2/debian/changelog	2014-11-07 14:35:51.0 +1300
@@ -1,3 +1,10 @@
+rkhunter (1.4.2-0.3) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix IPCS command on non-English locales (closes: #767731)
+
+ -- Francois Marier franc...@debian.org  Fri, 07 Nov 2014 14:34:19 +1300
+
 rkhunter (1.4.2-0.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru rkhunter-1.4.2/debian/patches/20_fix-ipcs-language.diff rkhunter-1.4.2/debian/patches/20_fix-ipcs-language.diff
--- rkhunter-1.4.2/debian/patches/20_fix-ipcs-language.diff	1970-01-01 12:00:00.0 +1200
+++ rkhunter-1.4.2/debian/patches/20_fix-ipcs-language.diff	2014-11-07 14:35:51.0 +1300
@@ -0,0 +1,18 @@
+Description: Force english locale for ipcs call
+Author: Francois Marier franc...@debian.org
+Forwarded: https://sourceforge.net/p/rkhunter/patches/42/
+Last-Update: 2014-11-07
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767731
+Bug: https://sourceforge.net/p/rkhunter/bugs/130/
+
+--- a/files/rkhunter
 b/files/rkhunter
+@@ -13964,7 +13964,7 @@ ${FOUND_PROCS}
+ touch ${IPCS_TMPFILE}
+ FOUND=0; echo $FOUND  ${IPCS_TMPFILE}
+ 
+-if [ `${IPCS_CMD} -u 2/dev/null | awk -F' ' '/segments allocated/ {print $3}'` -ne 0 ]; then
++if [ `LANG=C ${IPCS_CMD} -u 2/dev/null | awk -F' ' '/segments allocated/ {print $3}'` -ne 0 ]; then
+ ${IPCS_CMD} -m | grep ^0x | while read RKH_SHM_KEY RKH_SHM_SHMID RKH_SHM_OWNER RKH_SHM_PERMS RKH_SHM_BYTES RKH_SHM_NATTACH RKH_SHM_STATUS; do
+ if [ $RKH_SHM_PERMS -eq 666 -a $RKH_SHM_BYTES -ge 100 ]; then
+ FOUND=1; echo $FOUND  ${IPCS_TMPFILE}
diff -Nru rkhunter-1.4.2/debian/patches/series rkhunter-1.4.2/debian/patches/series
--- rkhunter-1.4.2/debian/patches/series	2014-10-19 20:14:41.0 +1300
+++ rkhunter-1.4.2/debian/patches/series	2014-11-07 14:35:51.0 +1300
@@ -1,3 +1,4 @@
 05_custom_conffile.diff
 10_fix-man.diff
 15_remove-empty-dir.diff
+20_fix-ipcs-language.diff

Bug#768202: unblock: email-reminder/0.7.8-2

2014-11-05 Thread Francois Marier 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package email-reminder

The only change is the addition of a new DebConf translation (Dutch).

unblock email-reminder/0.7.8-2
diff -Nru email-reminder-0.7.8/debian/changelog email-reminder-0.7.8/debian/changelog
--- email-reminder-0.7.8/debian/changelog	2014-10-09 23:48:19.0 +1300
+++ email-reminder-0.7.8/debian/changelog	2014-10-30 10:02:16.0 +1300
@@ -1,3 +1,9 @@
+email-reminder (0.7.8-2) unstable; urgency=medium
+
+  * Add Dutch debconf translation (closes: #767237)
+
+ -- Francois Marier franc...@debian.org  Thu, 30 Oct 2014 10:01:40 +1300
+
 email-reminder (0.7.8-1) unstable; urgency=medium
 
   * New upstream release (closes: #629631, #746617)
diff -Nru email-reminder-0.7.8/debian/po/nl.po email-reminder-0.7.8/debian/po/nl.po
--- email-reminder-0.7.8/debian/po/nl.po	1970-01-01 12:00:00.0 +1200
+++ email-reminder-0.7.8/debian/po/nl.po	2014-10-30 10:02:16.0 +1300
@@ -0,0 +1,120 @@
+# Dutch translation of email-reminder debconf templates.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the email-reminder package.
+# Frans Spiesschaert frans.spiesscha...@yucom.be, 2014.
+#
+msgid 
+msgstr 
+Project-Id-Version: email-reminder\n
+Report-Msgid-Bugs-To: email-remin...@packages.debian.org\n
+POT-Creation-Date: 2009-02-26 09:58+1300\n
+PO-Revision-Date: 2014-10-16 14:00+0200\n
+Last-Translator: Frans Spiesschaert frans.spiesscha...@yucom.be\n
+Language-Team: Dutch debian-l10n-du...@lists.debian.org\n
+Language: nl\n
+MIME-Version: 1.0\n
+Content-Type: text/plain; charset=UTF-8\n
+Content-Transfer-Encoding: 8bit\n
+Plural-Forms: nplurals=2; plural=(n != 1);\n
+
+#. Type: boolean
+#. Description
+#: ../templates:1001
+msgid Run daily email-reminder cronjob?
+msgstr Dagelijks een crontaak voor email-reminder uitvoeren?
+
+#. Type: boolean
+#. Description
+#: ../templates:1001
+msgid 
+By default, email-reminder checks once a day for reminders that need to be 
+sent out.
+msgstr 
+Standaard controleert email-reminder eens per dag of er herinneringen 
+verzonden moeten worden.
+
+#. Type: string
+#. Description
+#: ../templates:2001
+msgid SMTP server:
+msgstr SMTP-server:
+
+#. Type: string
+#. Description
+#: ../templates:2001
+msgid 
+Specify the address of the outgoing mail server that email-reminder should 
+use to send its emails.
+msgstr 
+Geef het adres op van de server voor uitgaande mail die door email-reminder 
+gebruikt moet worden om zijn berichten te versturen.
+
+#. Type: string
+#. Description
+#: ../templates:3001
+msgid SMTP username:
+msgstr SMTP-gebruikersnaam:
+
+#. Type: string
+#. Description
+#: ../templates:3001
+msgid If the outgoing mail server requires a username, enter it here.
+msgstr 
+Indien de server voor uitgaande mail een gebruikersnaam nodig heeft, geeft u 
+die hier in.
+
+#. Type: string
+#. Description
+#. Type: password
+#. Description
+#: ../templates:3001 ../templates:4001
+msgid Leave this blank if the SMTP server doesn't require authentication.
+msgstr 
+Vul hier niets in, indien de SMTP-server geen authenticatie nodig heeft.
+
+#. Type: password
+#. Description
+#: ../templates:4001
+msgid SMTP password:
+msgstr SMTP-wachtwoord:
+
+#. Type: password
+#. Description
+#: ../templates:4001
+msgid If the outgoing mail server requires a password, enter it here.
+msgstr 
+Indien de server voor uitgaande mail een wachtwoord nodig heeft, geeft u dat 
+hier in.
+
+#. Type: boolean
+#. Description
+#: ../templates:5001
+msgid Connect to the SMTP server using SSL?
+msgstr SSL gebruiken om contact maken met de SMTP-server?
+
+#. Type: boolean
+#. Description
+#: ../templates:5001
+msgid 
+If the SMTP server supports SSL and you choose this option, data exchanged 
+with it will be encrypted.
+msgstr 
+Indien u voor deze optie kiest en de SMTP-server SSL ondersteunt, zal de 
+gegevensuitwisseling ermee versleuteld gebeuren.
+
+#. Type: string
+#. Description
+#: ../templates:6001
+msgid Reminder mails originating address:
+msgstr Adres van de afzender van de herinneringsberichten:
+
+#. Type: string
+#. Description
+#: ../templates:6001
+msgid 
+Reminder emails will appear to come from this address. The default should 
+work unless the SMTP server requires routable domains in source addresses.
+msgstr 
+De herinneringsberichten zullen van dit adres afkomstig lijken. Meestal zal 
+wat hier standaard voorgesteld wordt, werken, tenzij het voor de SMTP-server 
+nodig is dat het afzenderadres een routeerbaar domein is.

Bug#768031: unblock: safe-rm/0.12-1

2014-11-04 Thread Francois Marier 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package safe-rm

This new upstream version consists of a single change:

  --- safe-rm-0.11/safe-rm2014-10-08 00:28:47.0 +1300
  +++ safe-rm-0.12/safe-rm2014-11-03 15:11:18.0 +1300
  @@ -3,9 +3,8 @@
   use warnings;
   use strict;
   use Cwd 'realpath';
  -use Env;

i.e. the removal of an unnecessary dependency which was breaking
upgrades (release-critical bug #767477).

A full debdiff against the package in testing is attached, but
the only change other than version numbers and changelogs is
the above line.

unblock safe-rm/0.12-1
diff -Nru safe-rm-0.11/Changes safe-rm-0.12/Changes
--- safe-rm-0.11/Changes	2014-10-08 00:28:47.0 +1300
+++ safe-rm-0.12/Changes	2014-11-03 15:11:18.0 +1300
@@ -1,3 +1,6 @@
+0.12 (2014-11-03)
+  - Remove unnecessary dependency on Env
+
 0.11 (2014-10-08)
   - Read user config from $XDG_CONFIG_HOME/safe-rm too
   - Update URL and email address (safe-rm.org.nz is deprecated)
diff -Nru safe-rm-0.11/debian/changelog safe-rm-0.12/debian/changelog
--- safe-rm-0.11/debian/changelog	2014-10-22 10:26:01.0 +1300
+++ safe-rm-0.12/debian/changelog	2014-11-03 15:19:24.0 +1300
@@ -1,3 +1,9 @@
+safe-rm (0.12-1) unstable; urgency=high
+
+  * New upstream release (closes: #767477)
+
+ -- Francois Marier franc...@debian.org  Mon, 03 Nov 2014 15:18:31 +1300
+
 safe-rm (0.11-2) unstable; urgency=medium
 
   * Add Dutch debconf translation (closes: #766254)
diff -Nru safe-rm-0.11/safe-rm safe-rm-0.12/safe-rm
--- safe-rm-0.11/safe-rm	2014-10-08 00:28:47.0 +1300
+++ safe-rm-0.12/safe-rm	2014-11-03 15:11:18.0 +1300
@@ -3,9 +3,8 @@
 use warnings;
 use strict;
 use Cwd 'realpath';
-use Env;
 
-our $VERSION = '0.11';
+our $VERSION = '0.12';
 
 my $homedir= $ENV{HOME} || q{};
 my $LEGACY_CONFIG_FILE = $homedir/.safe-rm;

Bug#752359: RM: freecode-submit -- ROM; obsolete; abandoned upstream

2014-06-22 Thread Francois Marier 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

This package is no longer useful since the underlying service (freecode.com)
has now shut down and is no longer accepting new submissions:

The Freecode site has been moved to a static state effective June 18, 2014
due to low traffic levels and so that folks will focus on more useful
endeavors than site upkeep.

source: http://freecode.com/about


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/2014061811.25069.48157.reportbug@akranes

Bug#711736: pu: package vimperator/3.3-2

2014-01-21 Thread Francois Marier 
On 2014-01-21 at 18:20:32, intrigeri wrote:
 Cyril Brulebois wrote (23 Sep 2013 04:02:26 GMT) :
  Adam D. Barratt a...@adam-barratt.org.uk (2013-06-09):
  Control: tags -1 + moreinfo wheezy
 
  it's been 3+ months now.
 
 ... and now 7+ months.

Sorry, I've obviously dropped the ball here.

If anybody wants to take this bug over and prepare/test a package for
stable, I'd be happy to review and sponsor if needed.

Francois


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140121221203.ga9...@isafjordur.dyndns.org

Bug#711736: pu: package vimperator/3.3-2

2013-06-09 Thread Francois Marier 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Iceweasel 17 got pushed to stable through a security update.

The version of iceweasel-vimperator that's in stable is not compatible with
Iceweasel 17 and the security team has suggested I uploaded an updated
package to stable-proposed.

The package I would be uploading is simply the one that's currently in unstable
(upstream release 3.7.1). It is compatible with Iceweasel up to 21 so it should
be good for a while.

Francois


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20130609071313.29674.58541.report...@isafjordur.dyndns.org

Bug#680591: unblock: gitmagic/20120520-2

2012-07-06 Thread Francois Marier 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package gitmagic

The diff between 20120520-1 (the version that's currently in freeze-exception)
and 20120520-2 only consists of the addition of a missing build dependency.

This build dependency was added to fix RC bug #674303 (FTBFS).

The debdiff against 20120520-1 is attached.

unblock gitmagic/20120520-2
diff -Nru gitmagic-20120520/debian/changelog gitmagic-20120520/debian/changelog
--- gitmagic-20120520/debian/changelog	2012-05-20 22:11:34.0 +1200
+++ gitmagic-20120520/debian/changelog	2012-07-01 22:05:21.0 +1200
@@ -1,3 +1,9 @@
+gitmagic (20120520-2) unstable; urgency=medium
+
+  * Add missing package to build-dependency to fix FTBFS (closes: #674303)
+
+ -- Francois Marier franc...@debian.org  Sun, 01 Jul 2012 22:04:22 +1200
+
 gitmagic (20120520-1) unstable; urgency=low
 
   * New upstream release
diff -Nru gitmagic-20120520/debian/control gitmagic-20120520/debian/control
--- gitmagic-20120520/debian/control	2012-05-20 22:11:34.0 +1200
+++ gitmagic-20120520/debian/control	2012-07-01 22:05:21.0 +1200
@@ -3,7 +3,7 @@
 Priority: optional
 Maintainer: Francois Marier franc...@debian.org
 Build-Depends: debhelper (= 9)
-Build-Depends-Indep: asciidoc, gawk, docbook-utils, tidy, xmlto
+Build-Depends-Indep: asciidoc, gawk, docbook-utils, tidy, xmlto, texlive-lang-cyrillic
 Standards-Version: 3.9.3
 Homepage: http://www-cs-students.stanford.edu/~blynn/gitmagic/
 Vcs-git: git://git.debian.org/git/collab-maint/gitmagic.git

Re: whatsnewfm in squeeze-updates?

2011-11-20 Thread Francois Marier 
(please CC me on replies, thanks!)

On 2011-11-16 at 22:19:24, Adam D. Barratt wrote:
 Please prepare a debdiff including the upstream changes and send it to
 -release for a pre-upload ack.  The description changes in
 debian/control could also be included if you wish.

See the attached debdiff which contains:

- new upstream version (0.7.2)
- updated package description

Is 0.7.1+squeeze1 a reasonable version number for this or should I use
something else to emphasize a bit more the fact that it's a new upstream
release too?

Cheers,
Francois

-- 
Francois Marier identi.ca/fmarier
http://fmarier.orgtwitter.com/fmarier
diff -u whatsnewfm-0.7.1/debian/changelog whatsnewfm-0.7.1/debian/changelog
--- whatsnewfm-0.7.1/debian/changelog
+++ whatsnewfm-0.7.1/debian/changelog
@@ -1,3 +1,11 @@
+whatsnewfm (0.7.1-1+squeeze1) stable; urgency=medium
+
+  * New 0.7.2 upstream release (closes: #647079)
+- take the name change into account and make package work again
+  * Update package description to refer to freecode.com
+
+ -- Christian Garbs deb...@cgarbs.de  Sun, 20 Nov 2011 21:59:46 +1300
+
 whatsnewfm (0.7.1-1) unstable; urgency=low
 
   * New upstream release (closes: #531104)
diff -u whatsnewfm-0.7.1/debian/control whatsnewfm-0.7.1/debian/control
--- whatsnewfm-0.7.1/debian/control
+++ whatsnewfm-0.7.1/debian/control
@@ -10,8 +10,9 @@
 Architecture: all
 Depends: perl, libberkeleydb-perl, exim4 | mail-transport-agent
 Recommends: procmail | maildrop
-Description: A utility to filter the daily newsletter from freshmeat.net
- whatsnewfm is a utility to filter the daily newsletter from freshmeat.net
+Description: A utility to filter the daily newsletter from freecode.com
+ whatsnewfm is a utility to filter the daily newsletter from freecode.com
+ (formerly freshmeat.net).
  .
  The main purpose is to cut the huge newsletter to a smaller size by
  only showing items that you didn't see before.
only in patch2:
unchanged:
--- whatsnewfm-0.7.1.orig/README
+++ whatsnewfm-0.7.1/README
@@ -1,17 +1,18 @@
 
 
-  whatsnewfm 0.7.1
+  whatsnewfm 0.7.2
   
 
- 2009/05/30
+ 2011/11/01
 
- (c) 2000-2009 by Christian Garbs mi...@cgarbs.de
+ (c) 2000-2011 by Christian Garbs mi...@cgarbs.de
   Joerg Plate jo...@plate.cx
   Dominik Brettnacher domi...@brettnacher.org
   Pedro Melo Cunha m...@isp.novis.pt
   Matthew Gabeler-Lee m...@po.cwru.edu
   Bernd Rilling brill...@ifsw.uni-stuttgart.de
   Jost Krieger jost.krie...@ruhr-uni-bochum.de
+  Francois Marier franc...@debian.org
 
  Licensed under GNU GPL (see COPYING for details)
 
@@ -42,7 +43,7 @@
   ~~~
 
 whatsnewfm is a utility to filter the daily newsletter from
-http://freshmeat.net
+http://freecode.com
 
 The main purpose is to cut the huge newsletter to a smaller size by
 only showing items that you didn't see before.
@@ -93,14 +94,14 @@
newsletters through the whatsnewfm filter:
 
 :0 w :
-* ^Subject: freshmeat.net Daily Update:
+* ^Subject: Freecode Daily Update:
 * !^X-Loop:.*whatsnewfm
 | /path/to/whatsnewfm.pl
 
Alternatively, if you are using maildrop, you need to add something
like this to your ~/.mailfilter:
 
-if (/^Subject: freshmeat.net Daily Update:/  !/^X-Loop:.*whatsnewfm/)
+if (/^Subject: Freecode Daily Update:/  !/^X-Loop:.*whatsnewfm/)
 {
   xfilter /path/to/whatsnewfm.pl
 }
@@ -108,16 +109,16 @@
 4) Add whatsnewfm to your hot database: whatsnewfm.pl add whatsnewfm
 
 5) Check your setup by mailing the file welcome to yourself with
-   freshmeat.net Daily Update: TEST as subject:
+   Freecode Daily Update: TEST as subject:
 
- mail -s freshmeat.net Daily Update: TEST your@email  welcome
+ mail -s Freecode Daily Update: TEST your@email  welcome
 
You should then receive an update information for the whatsnewfm
application.  This is good.  Otherwise, there is an error in your
setup.
 
-6) If you're not yet subscribed to the freshmeat newsletter, do so at
-   http://freshmeat.net 
+6) If you're not yet subscribed to the freecode newsletter, do so at
+   http://freecode.com
 
 7) If one of the new applications is interesting to you, then add
it to your hot database. See [6] for details.
@@ -210,7 +211,7 @@
 This database contains the applications that you are interested in.
 You will be informed of every update within these applications.  The
 applications are identified by the project id that is shown in the
-parsed freshmeat newsletter.
+parsed freecode newsletter.
 
 To see what is in the database, just may use less or cat on the
 database file (although the 'view' command (see below) should be used,
@@ -249,10 +250,10 @@
 You can enter a comment to help you remember what this application
 does (good for project ids that are acronymns):
 
-  whatsnewfm.pl add whatsnewfm Parses the freshmeat newsletter.
+  whatsnewfm.pl add whatsnewfm Parses

whatsnewfm in squeeze-updates?

2011-11-15 Thread Francois Marier 
(please CC me on replies, thanks)

Last week, I sponsored an update of whatsnewfm which brought the package up
to date with the new format of the freecode.com (formerly freshmeat.net)
newsletter.

As it is, the package doesn't work at all in squeeze so I was thinking that
it might be a good candidate for squeeze-updates.

If so, should I upload to stable or is there a special upload target for
-updates?

Cheers,
Francois

P.S. The lenny package is also affected but that one has been broken for
years so it's probably not worth fixing at this stage.


signature.asc
Description: Digital signature

Status of unblock mahara/1.2.6-2

2010-11-14 Thread Francois Marier 
(Please CC me on any replies. Thanks!)

Now that we are in deep freeze, I was wondering if it was likely that this
unblock request for Mahara would be granted:

  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599377

It fixes a DFSG-related RC bug in squeeze (removal of non-free code) as well
as making upgrades from lenny work.

Cheers,
Francois


signature.asc
Description: Digital signature

Bug#599377: unblock: mahara/1.2.6-2

2010-10-06 Thread Francois Marier 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package mahara

Mahara 1.2.6 was released upstream to fix two RC bugs:

- removal of a non-free swf video player (#591200)
- upgrades from 1.0.x (the version in lenny) didn't work (not in the BTS)

I did most of these fixes in mahara-1.2.6-1, but I forgot about one swf so I
had to upload mahara-1.2.6-2 shortly after.

Relevant changelog entries:

mahara (1.2.6-2) unstable; urgency=medium

  * Move flowplayer.audio to the contrib package as well
  * Add an allow rule in apache.conf for flowplayer.audio

 -- Francois Marier franc...@debian.org  Mon, 06 Sep 2010 20:59:44 +1200

mahara (1.2.6-1) unstable; urgency=medium

  * New upstream release (to address #591200):
- removal of the tinymce media plugin
- replaced the non-free media player with flowplayer

  * Move mediaplayer into a separate contrib package (closes: #591200)
  * Relax the deny rule on serving lib to make flowplayer work
  * Add a dependency on tinymce and use that instead of bundled version

  * Bump Standards-Version up to 3.9.1
  * Urgency set to medium because of RC bug

 -- Francois Marier franc...@debian.org  Mon, 06 Sep 2010 20:51:17 +1200


unblock mahara/1.2.6-2

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.34.7-grsec (SMP w/2 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20101007025852.13349.57901.report...@isafjordur.dyndns.org

Re: Please unblock mahara-1.2.6-2 (currently in NEW)

2010-10-02 Thread Francois Marier 
The package has now made it past NEW, so I'd like to request an unblock for
it to fix RC bug #591200.

Note that there is a new debconf template (Danish) that got submitted after
the freeze: bug #597766.

If you think it should go into squeeze, I can prepare mahara-1.2.6-3 with
only that change. Otherwise, I'll do it post-squeeze.

Cheers,
Francois


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20101003011933.ge18...@isafjordur.dyndns.org

Please unblock mahara-1.2.6-2 (currently in NEW)

2010-09-12 Thread Francois Marier 
Hi,

Mahara 1.2.6 was released upstream to fix two RC bugs:

- removal of a non-free swf video player (#591200)
- upgrades from 1.0.x (the version in lenny) didn't work (not in the BTS)

The reason why it's currently in NEW is that I created a new contrib package
with the swf files in it. They come with source code, but they require tools
that aren't in Debian to be built from source.

(I did most of these fixes in mahara-1.2.6-1, but I forgot about one swf so I
had to upload mahara-1.2.6-2 shortly after.)

Let me know if this request isn't useful as long as the packages as in NEW
and I'll resubmit once they've been accepted by ftpmasters.

Cheers,
Francois

-- 
Francois Marier identi.ca/fmarier
http://feeding.cloud.geek.nz  twitter.com/fmarier


signature.asc
Description: Digital signature

Security bug in mahara-1.0.4-3: upload to testing-proposed-updates?

2009-02-03 Thread Francois Marier 
(Please CC me on your replies, thanks!)

Hello,

The version of mahara that's in lenny (1.0.4-3) has an XSS vulnerability as
reported in the release notes:

  http://mahara.org/interaction/forum/topic.php?id=198

(no Debian bug or CVE number for it at the moment)

There is a new upstream release (1.0.9) containing these fixes in
sid. However, given that it contains other non-security changes, I have also
prepared a patched 1.0.4 version for lenny.

I have attached the very small debdiff between -3 and -4 to this email.

Please let me know whether I should upload 1.0.4-4 to
testing-proposed-updates or whether you prefer to unblock the package that's
in sid.

Cheers,
Francois
diff -u mahara-1.0.4/debian/changelog mahara-1.0.4/debian/changelog
--- mahara-1.0.4/debian/changelog
+++ mahara-1.0.4/debian/changelog
@@ -1,3 +1,12 @@
+mahara (1.0.4-4) testing-proposed-updates; urgency=low
+
+  * Fix XSS issues in forum descriptions and posts, backported from
+these upstream commits:
+  a3a3824aadcaebd6e416d5b18b1f1129c0f30cac
+  b86d471361456a9b7c58492121feb1ae85222ada
+
+ -- Francois Marier franc...@debian.org  Wed, 04 Feb 2009 14:51:32 +1300
+
 mahara (1.0.4-3) testing-proposed-updates; urgency=high
 
   * Depend on libphp-snoopy instead of using the embedded copy shipped
only in patch2:
unchanged:
--- mahara-1.0.4.orig/htdocs/interaction/forum/theme/default/view.tpl
+++ mahara-1.0.4/htdocs/interaction/forum/theme/default/view.tpl
@@ -8,7 +8,7 @@
 div id=viewforum
 table id=forumdescription
 tr
-	td{$forum-description}/td
+	td{$forum-description|clean_text}/td
 {if $admin}
 	td align=right class=nowrap
 	a href={$WWWROOT}interaction/edit.php?id={$forum-id|escape} class=btn-editdk{str tag=edittitle section=interaction.forum}/a/td
only in patch2:
unchanged:
--- mahara-1.0.4.orig/htdocs/interaction/forum/theme/default/simplepost.tpl
+++ mahara-1.0.4/htdocs/interaction/forum/theme/default/simplepost.tpl
@@ -19,6 +19,6 @@
 {$post-poster|display_name|escape}/a/h5
 	divimg src={$WWWROOT}thumb.php?type=profileiconamp;maxsize=100amp;id={$post-poster} alt=/div
 	h5{$post-postcount}/h5/td
-	td{$post-body}/td
+	td{$post-body|clean_text}/td
 /tr
 /table
\ No newline at end of file

Security fixes in moodle-1.8.2.dfsg-3 (please unblock)

2009-02-02 Thread Francois Marier 
(Please CC me on your replies, thanks!)

Hello,

Moodle 1.8.8 was recently released and it fixes a number of security issues
which are present in the current lenny moodle package.

Attached is a debdiff of the -2 (in lenny) against -3. It fixes all of these
vulnerabilities:

  * Delete unused (but vulnerable) Spellchecker plugin to htmlarea
(MSA-09-0005, CVE-2008-5153)
  * Hide images of deleted users (MSA-09-0001)
  * Fix user pix disclosure (MSA-09-0002)
  * Fix XSS vulnerabilities in HTML blocks (MSA-09-0004)
  * Fix XSS vulnerabilities in logs (MSA-09-0007)
  * Fix CSRF vulnerability in forum code (MSA-09-0008)

After talking to the testing security team, I have uploaded this package to
unstable with the hope that it will be unblocked for lenny.

Cheers,
Francois
diff -u moodle-1.8.2.dfsg/debian/rules moodle-1.8.2.dfsg/debian/rules
--- moodle-1.8.2.dfsg/debian/rules
+++ moodle-1.8.2.dfsg/debian/rules
@@ -59,6 +59,7 @@
 	rm -f debian/moodle/usr/share/moodle/admin/delete.php
 	rm -f debian/moodle/usr/share/moodle/mod/wiki/ewiki/fragments/mkhuge
 	rm -f debian/moodle/usr/share/moodle/search/.cvsignore
+	rm -rf debian/moodle/usr/share/moodle/lib/editor/htmlarea/plugins/SpellChecker
 
 	rm -rf debian/moodle/usr/share/moodle/lib/smarty
 	rm -rf debian/moodle/usr/share/moodle/lib/yui
diff -u moodle-1.8.2.dfsg/debian/changelog moodle-1.8.2.dfsg/debian/changelog
--- moodle-1.8.2.dfsg/debian/changelog
+++ moodle-1.8.2.dfsg/debian/changelog
@@ -1,3 +1,15 @@
+moodle (1.8.2.dfsg-3) unstable; urgency=high
+
+  * Delete unused (but vulnerable) Spellchecker plugin to htmlarea
+(MSA-09-0005, CVE-2008-5153)
+  * Hide images of deleted users (MSA-09-0001)
+  * Fix user pix disclosure (MSA-09-0002)
+  * Fix XSS vulnerabilities in HTML blocks (MSA-09-0004)
+  * Fix XSS vulnerabilities in logs (MSA-09-0007)
+  * Fix CSRF vulnerability in forum code (MSA-09-0008)
+
+ -- Francois Marier franc...@debian.org  Mon, 02 Feb 2009 19:09:10 +1300
+
 moodle (1.8.2.dfsg-2) unstable; urgency=high
 
   [ Dan Poltawski ]
diff -u moodle-1.8.2.dfsg/debian/patches/00list moodle-1.8.2.dfsg/debian/patches/00list
--- moodle-1.8.2.dfsg/debian/patches/00list
+++ moodle-1.8.2.dfsg/debian/patches/00list
@@ -2,0 +3,5 @@
+msa090001.dpatch
+msa090002.dpatch
+msa090004.dpatch
+msa090007.dpatch
+msa090008.dpatch
only in patch2:
unchanged:
--- moodle-1.8.2.dfsg.orig/debian/patches/msa090004.dpatch
+++ moodle-1.8.2.dfsg/debian/patches/msa090004.dpatch
@@ -0,0 +1,62 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## msa090004.dpatch by Francois Marier franc...@debian.org
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: html block: proper cleanup of html
+
+...@dpatch@
+diff --git a/blocks/html/block_html.php b/blocks/html/block_html.php
+index ff53961..7099a43 100755
+--- a/blocks/html/block_html.php
 b/blocks/html/block_html.php
+@@ -12,7 +12,7 @@ class block_html extends block_base {
+ }
+ 
+ function specialization() {
+-$this-title = isset($this-config-title) ? $this-config-title : get_string('newhtmlblock', 'block_html');
++$this-title = isset($this-config-title) ? format_string($this-config-title) : get_string('newhtmlblock', 'block_html');
+ }
+ 
+ function instance_allow_multiple() {
+@@ -24,8 +24,13 @@ class block_html extends block_base {
+ return $this-content;
+ }
+ 
+-$filteropt = new stdClass;
+-$filteropt-noclean = true;
++if (!empty($this-instance-pinned) or $this-instance-pagetype === 'course-view') {
++// fancy html allowed only on course page and in pinned blocks for security reasons
++$filteropt = new stdClass;
++$filteropt-noclean = true;
++} else {
++$filteropt = null;
++}
+ 
+ $this-content = new stdClass;
+ $this-content-text = isset($this-config-text) ? format_text($this-config-text, FORMAT_HTML, $filteropt) : '';
+diff --git a/blocks/html/config_instance.html b/blocks/html/config_instance.html
+index 8138488..ae2d460 100755
+--- a/blocks/html/config_instance.html
 b/blocks/html/config_instance.html
+@@ -1,4 +1,11 @@
+-?php $usehtmleditor = can_use_html_editor(); ?
++?php
++$usehtmleditor = can_use_html_editor();
++
++$text = isset($this-config-text) ? $this-config-text : '';
++if (empty($this-instance-pinned) and $this-instance-pagetype !== 'course-view') {
++$text = clean_text($text, FORMAT_HTML);
++}
++?
+ table cellpadding=9 cellspacing=0
+ tr valign=top
+ td align=right?php print_string('configtitle', 'block_html'); ?:/td
+@@ -6,7 +13,7 @@
+ /tr
+ tr valign=top
+ td align=right?php print_string('configcontent', 'block_html'); ?:/td
+-td?php print_textarea($usehtmleditor, 25, 50, 0, 0, 'text', isset($this-config-text)?$this-config-text:'') ?/td
++td?php print_textarea($usehtmleditor, 25, 50, 0, 0, 'text', $text) ?/td
+ /tr
+ tr
+ td colspan=3 align=center
only in patch2:
unchanged

Please unblock docvert 3.4-7 (CVE-2008-5147)

2008-12-01 Thread Francois Marier 
(please CC me on your replies, thanks!)

Hello,

I have uploaded a new version of docvert which fixes a minor security
problem with it.

The Testing Security team will not issue an advisory, but given the size of
the change (deleting an unused test script) it would be nice if it could
propagate to lenny.

Here is the debdiff (aside from the changelog):

  diff -u docvert-3.4/debian/rules docvert-3.4/debian/rules
  --- docvert-3.4/debian/rules
  +++ docvert-3.4/debian/rules
  @@ -43,6 +43,7 @@
cp -r $(CURDIR)/generator-pipeline 
$(CURDIR)/debian/docvert/usr/share/docvert/
cp -r $(CURDIR)/pipeline $(CURDIR)/debian/docvert/usr/share/docvert/
cp -r $(CURDIR)/core $(CURDIR)/debian/docvert/usr/share/docvert/
  + rm 
$(CURDIR)/debian/docvert/usr/share/docvert/core/lib/pyodconverter/test-pipe-to-pyodconverter.org.sh
rm -rf $(CURDIR)/debian/docvert/usr/share/docvert/core/lib/fckeditor
rm -rf $(CURDIR)/debian/docvert/usr/share/docvert/core/lib/pclzip-2.6
rm -rf $(CURDIR)/debian/docvert/usr/share/docvert/core/lib/jodconverter/

Cheers,
Francois


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Please unblock moodle-1.8.2-2

2008-11-24 Thread Francois Marier 
(Regarding the unblock request submitted last week...)

Please note that version of Moodle in Etch is 1.6.3, which is very old and
almost unmaintained.  The most recent release on the 1.6 branch is 1.6.8 and
even the latest stable release is 1.9, which was originally released in
March this year.

If Moodle is dropped from Lenny, the default behaviour for Etch upgraders
will be to keep using 1.6.3 until Squeeze. We can't rely on users making the
effort to go and find a backport, and continuing to use 1.6.3 will be a very
unsatisfactory experience for them.

Thank you for your consideration,

Francois


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Please unblock moodle-1.8.2-2

2008-11-16 Thread Francois Marier 
Hello,

There is currently a freeze exception for version 1.8.2-1.3 of the moodle
package. However that version never made it to testing since it didn't fix
all of the RC bugs.

All RC bug have been fixed in 1.8.2-2 so I would like to suggest that this
version be unblocked instead.

Attached to this email is a debdiff between -1.3 and -2.

Please note that the package is no longer orphaned and now has a committed
maintenance team behind it.

Cheers,
Francois
diff -u moodle-1.8.2/debian/rules moodle-1.8.2/debian/rules
--- moodle-1.8.2/debian/rules
+++ moodle-1.8.2/debian/rules
@@ -45,6 +45,7 @@
 	rm debian/moodle/usr/share/moodle/search/Zend/LICENSE.txt
 	rm debian/moodle/usr/share/moodle/lib/smarty/COPYING.lib
 	rm debian/moodle/usr/share/moodle/iplookup/ipatlas/COPYING
+	rm debian/moodle/usr/share/moodle/lib/libcurlemu/LICENSE
 
 	find debian/moodle/usr -type f -exec chmod 644 {} \;
 	find debian/moodle/usr -type d -exec chmod 755 {} \;
@@ -56,6 +57,11 @@
 	chmod 755 debian/moodle/usr/share/moodle/admin/process_email.php
 	rm -f debian/moodle/usr/share/moodle/filter/tex/*mimetex*
 	rm -f debian/moodle/usr/share/moodle/admin/delete.php
+	rm -f debian/moodle/usr/share/moodle/mod/wiki/ewiki/fragments/mkhuge
+	rm -f debian/moodle/usr/share/moodle/search/.cvsignore
+
+	rm -rf debian/moodle/usr/share/moodle/lib/smarty
+	rm -rf debian/moodle/usr/share/moodle/lib/yui
 
 	dh_installdebconf	
 	dh_link
diff -u moodle-1.8.2/debian/changelog moodle-1.8.2/debian/changelog
--- moodle-1.8.2/debian/changelog
+++ moodle-1.8.2/debian/changelog
@@ -1,3 +1,37 @@
+moodle (1.8.2-2) unstable; urgency=high
+
+  * Adopt orphaned package (closes: #494642)
+  * Acknowledge security NMU (closes: #489533, #432264)
+  * Add Vcs-* fields to debian/control
+
+  Release-critical and security bugs:
+ 
+  * Depend on smarty instead of using the embedded copy that is shipped
+with Moodle (closes: #471158, #488525, #504345)
+  * Patch security bug in the embedded (and customised) copy of phpmailer
+(CVE-2007-3215, closes: #429339, #429190)
+  * Patch cross-site scripting bug (CVE-2008-3326, closes: #492492)
+  * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235)
+  * Upgrade to new LGPL version of domxml-php4-to-php5 (closes: #496069)
+
+  Trivial bug fixes:
+
+  * Depend on zip (closes: #408995)
+  * Add mysql-client as an alternative to postgresql-client
+(closes: #417554, #469094)
+  * Recommend php5-ldap (closes: #425839)
+  * Delete unnecessary script with bashisms (closes: #489634)
+
+  Lintian warnings:
+
+  * Bump Standards-Version to 3.8.0
+  * Add homepage field to debian/control
+  * Remove cvsignore file
+  * Remove extra license file
+  * Depend on yui instead of using an embedded copy
+
+ -- Francois Marier [EMAIL PROTECTED]  Fri, 07 Nov 2008 08:24:28 +1300
+
 moodle (1.8.2-1.3) unstable; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -u moodle-1.8.2/debian/copyright moodle-1.8.2/debian/copyright
--- moodle-1.8.2/debian/copyright
+++ moodle-1.8.2/debian/copyright
@@ -30,6 +30,7 @@
 	htmlArea, licensed under a BSD license (see below)
 	TinyMCE, licensed under the LGPL
 	bennu, licensed under the LGPL
+	domxmlphp4-php5, licensed under the LGPL
 
 	LGPL can be found in the file /usr/share/common-licenses/LGPL,
 	GPL can be found in the file /usr/share/common-licenses/GPL, and
diff -u moodle-1.8.2/debian/postinst moodle-1.8.2/debian/postinst
--- moodle-1.8.2/debian/postinst
+++ moodle-1.8.2/debian/postinst
@@ -132,6 +132,10 @@
 	  ln -s /etc/moodle/config.php $moodledir/config.php
 	fi
 
+	# Links to external libraries
+	[ ! -h /usr/share/moodle/lib/smarty ]  ln -s /usr/share/php/smarty/libs /usr/share/moodle/lib/smarty
+	[ ! -h /usr/share/moodle/lib/yui ]  ln -s /var/www/yui /usr/share/moodle/lib/yui
+
 	# Care about the repository
 	repository=/var/lib/moodle
 	if [ -d $repository ]; then
diff -u moodle-1.8.2/debian/control moodle-1.8.2/debian/control
--- moodle-1.8.2/debian/control
+++ moodle-1.8.2/debian/control
@@ -1,16 +1,20 @@
 Source: moodle
 Section: web
 Priority: optional
-Maintainer: Isaac Clerencia [EMAIL PROTECTED]
+Maintainer: Moodle Packaging Team [EMAIL PROTECTED]
+Uploaders: Francois Marier [EMAIL PROTECTED], Penny Leach [EMAIL PROTECTED], Mathieu Petit-Clair [EMAIL PROTECTED]
 Build-Depends-Indep: po-debconf
 Build-Depends: debhelper (= 4.1.13), dpatch
-Standards-Version: 3.7.2
+Standards-Version: 3.8.0
+Homepage: http://www.moodle.org/
+Vcs-Git: git://git.debian.org/git/pkg-moodle/moodle.git
+Vcs-Browser: http://git.debian.org/?p=pkg-moodle/moodle.git;a=summary
 
 Package: moodle
 Architecture: all
-Depends: ${misc:Depends}, libapache2-mod-php5 | php5-cgi, php5-pgsql | php5-mysql, php5-gd, php5-curl, php5-cli, apache2-mpm-prefork | httpd, wwwconfig-common (= 0.0.7), mimetex, ucf, postgresql-client
+Depends: ${misc:Depends}, libapache2-mod-php5 | php5-cgi, php5-pgsql | php5-mysql, php5-gd, php5-curl, php5-cli, apache2-mpm-prefork | httpd, wwwconfig-common (= 0.0.7

Re: Upload of mahara 1.0.4-3 to testing-proposed-updates

2008-11-04 Thread Francois Marier 
After talking to the testing security team, I will be taking these two fixes
to testing-security instead of testing-proposed-updates.

Therefore, please ignore this upload.

Cheers,
Francois


signature.asc
Description: Digital signature

Upload of mahara 1.0.4-3 to testing-proposed-updates

2008-11-03 Thread Francois Marier 
(Please CC me on your replies, thanks)

Hello,

I have just uploaded mahara 1.0.4-3 to testing-proposed-updates in order to
fix these two RC bugs:

 504170 - CVE-2008-4796: missing input sanitising in Snoopy.class.php
 504253 - CVE-2007-3215: remote shell command execution in class.phpmailer.php

The fixes are quite small (as shown in the attached debdiff) and an upload
through unstable isn't possible since there is a new upstream version in
there already.

Francois


signature.asc
Description: Digital signature

Re: Upload of mahara 1.0.4-3 to testing-proposed-updates

2008-11-03 Thread Francois Marier 
On 2008-11-04 at 13:27:24, Francois Marier wrote:
 The fixes are quite small (as shown in the attached debdiff)

Here's the missing file.

Francois
diff -u mahara-1.0.4/debian/rules mahara-1.0.4/debian/rules
--- mahara-1.0.4/debian/rules
+++ mahara-1.0.4/debian/rules
@@ -36,15 +36,7 @@
 	rm -rf $(CURDIR)/debian/mahara/usr/share/mahara/lib/adodb/docs/
 	rm -rf $(CURDIR)/debian/mahara/usr/share/mahara/lib/adodb/tests/
 	rm -f $(CURDIR)/debian/mahara/usr/share/mahara/lib/adodb/pear/readme.Auth.txt
-	rm -f $(CURDIR)/debian/mahara/usr/share/mahara/lib/snoopy/configure.in
-	rm -f $(CURDIR)/debian/mahara/usr/share/mahara/lib/snoopy/INSTALL
-	rm -f $(CURDIR)/debian/mahara/usr/share/mahara/lib/snoopy/ChangeLog
-	rm -f $(CURDIR)/debian/mahara/usr/share/mahara/lib/snoopy/FAQ
-	rm -f $(CURDIR)/debian/mahara/usr/share/mahara/lib/snoopy/AUTHORS
-	rm -f $(CURDIR)/debian/mahara/usr/share/mahara/lib/snoopy/Makefile.am
-	rm -f $(CURDIR)/debian/mahara/usr/share/mahara/lib/snoopy/autogen.sh
-	rm -f $(CURDIR)/debian/mahara/usr/share/mahara/lib/snoopy/TODO
-	rm -f $(CURDIR)/debian/mahara/usr/share/mahara/lib/snoopy/NEWS
+	rm -rf $(CURDIR)/debian/mahara/usr/share/mahara/lib/snoopy/
 	rm -rf $(CURDIR)/debian/mahara/usr/share/mahara/lib/pear/File
 	rm -f $(CURDIR)/debian/mahara/usr/share/mahara/lib/pear/File.php
 	rm -rf $(CURDIR)/debian/mahara/usr/share/mahara/lib/pear/PEAR
diff -u mahara-1.0.4/debian/mahara.postinst mahara-1.0.4/debian/mahara.postinst
--- mahara-1.0.4/debian/mahara.postinst
+++ mahara-1.0.4/debian/mahara.postinst
@@ -70,6 +70,9 @@
 
 # Link to captcha font
 [ ! -h /usr/share/mahara/theme/default/static/captcha.ttf ]  ln -s /usr/share/fonts/truetype/freefont/FreeMono.ttf /usr/share/mahara/theme/default/static/captcha.ttf
+
+# Link to libphp-snoopy
+[ ! -h /usr/share/mahara/lib/snoopy ]  ln -s /usr/share/php/libphp-snoopy/ /usr/share/mahara/lib/snoopy
 ;;
 
 abort-upgrade|abort-remove|abort-deconfigure)
diff -u mahara-1.0.4/debian/changelog mahara-1.0.4/debian/changelog
--- mahara-1.0.4/debian/changelog
+++ mahara-1.0.4/debian/changelog
@@ -1,3 +1,12 @@
+mahara (1.0.4-3) testing-proposed-updates; urgency=high
+
+  * Depend on libphp-snoopy instead of using the embedded copy shipped
+with Mahara (CVE-2008-4796, closes: #504170)
+  * Backport upstream's patch (41189c30d198153dc66dc867e160dab948929458)
+to phpmailer (CVE-2007-3125, closes: #504253)
+
+ -- Francois Marier [EMAIL PROTECTED]  Tue, 04 Nov 2008 12:46:14 +1300
+
 mahara (1.0.4-2) unstable; urgency=low
 
   * Compress the package using bzip2
diff -u mahara-1.0.4/debian/control mahara-1.0.4/debian/control
--- mahara-1.0.4/debian/control
+++ mahara-1.0.4/debian/control
@@ -11,7 +11,7 @@
 
 Package: mahara
 Architecture: all
-Depends: ${misc:Depends}, php5-pgsql | php5-mysql, php5-cli, php5-gd, file, cron, perl, ttf-freefont, php-file, php-pear, smarty
+Depends: ${misc:Depends}, php5-pgsql | php5-mysql, php5-cli, php5-gd, file, cron, perl, ttf-freefont, php-file, php-pear, smarty, libphp-snoopy
 Recommends: mahara-apache2, postgresql | postgresql-8.3 | mysql-server | mysql-server-5.0, clamav, clamav-daemon, php5-curl, php5-xmlrpc, php5-imagick, libfile-slurp-perl, libtext-diff-perl
 Description: Electronic portfolio, weblog, and resume builder
  Mahara is a fully featured electronic portfolio, weblog, resume builder and
only in patch2:
unchanged:
--- mahara-1.0.4.orig/htdocs/lib/phpmailer/class.phpmailer.php
+++ mahara-1.0.4/htdocs/lib/phpmailer/class.phpmailer.php
@@ -390,9 +390,9 @@
  */
 function SendmailSend($header, $body) {
 if ($this-Sender != )
-$sendmail = sprintf(%s -oi -f %s -t, $this-Sendmail, $this-Sender);
+$sendmail = sprintf(%s -oi -f %s -t, escapeshellcmd($this-Sendmail), escapeshellarg($this-Sender));
 else
-$sendmail = sprintf(%s -oi -t, $this-Sendmail);
+$sendmail = sprintf(%s -oi -t, escapeshellcmd($this-Sendmail));
 
 if([EMAIL PROTECTED] = popen($sendmail, w))
 {


signature.asc
Description: Digital signature

Re: Upload of mahara 1.0.4-3 to testing-proposed-updates

2008-11-03 Thread Francois Marier 
On 2008-11-03 at 18:51:42, Raphael Geissert wrote:
 Just wondering, why don't you do the same for phpmailer? the package in
 lenny/sid is libphp-phpmailer.

The version in Mahara currently has local non-upstreamable customisations. I
believe that the upstream plan is to eventually the library entirely from
Mahara.

Francois


signature.asc
Description: Digital signature

Please unblock safe-rm/0.3-1

2008-10-23 Thread Francois Marier 
(Please CC me on your replies, thanks!)

Hello,

I would like to request that you please unblock the safe-rm package to let
0.3-1 propagate to testing.

It has a fix for a bug which I believe is quite serious (though no Debian
bugs were ever filed for it). The package wasn't protecting files in the
current directory even if it claimed to do so and that users were relying
on this.

Here is the only change between the 0.2 and 0.3 upstream versions:

  --- safe-rm-0.2/safe-rm 2008-10-24 08:14:57.0 +1300
  +++ safe-rm-0.3/safe-rm 2008-09-09 19:12:19.0 +1200
  @@ -131,7 +131,7 @@
  
   # Normalize the pathname
   my $normalized_pathname = $pathname;
  -if ($normalized_pathname =~ m|/|) {
  +if ($normalized_pathname =~ m|/| or -e $normalized_pathname) {
   # Convert to an absolute path (e.g. remove ..)
   $normalized_pathname = realpath($normalized_pathname);
   $normalized_pathname = $pathname unless $normalized_pathname;

I am both the Debian maintainer and the upstream developer and I don't
believe that there are any risks associated with this upgrade. (It has been
in unstable for a month and a half already.)

Thank you,

Francois


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Freeze exception request for docvert

2008-10-19 Thread Francois Marier 
(Please CC me on your reply, thanks!)

Hello,

I'd like to request a freeze exception for the docvert source package (which
includes docvert and docvert-openoffice.org).

The latest version in sid (3.4-6) fixes the following serious problems:

  - 502322: initscript hangs the boot process (release-critical)

  - missing dependency of docvert-openoffice.org on docvert (this is
required and docvert-openoffice.org won't work without it)

  - initscript could kill openoffice processes belonging to other
users

And it also contains trivial fixes for the following problems:

  - 493334: check that docvert is installed when running the cronjob
  - 489796: capitalization change to the small description
  - initscript was referring to the wrong names in the LSB comments

I have attached a debdiff between the version in lenny (3.4-4) and the one
in sid (3.4-6).

Francois
diff -u docvert-3.4/debian/docvert-openoffice.org.docvert-converter.init docvert-3.4/debian/docvert-openoffice.org.docvert-converter.init
--- docvert-3.4/debian/docvert-openoffice.org.docvert-converter.init
+++ docvert-3.4/debian/docvert-openoffice.org.docvert-converter.init
@@ -1,12 +1,12 @@
 #! /bin/sh
 ### BEGIN INIT INFO
-# Provides:  docvert-openoffice
+# Provides:  docvert-converter
 # Default-Start: 2 3 4 5
 # Default-Stop:  0 1 6
 # Required-Start:$local_fs $network $syslog
 # Required-Stop: $local_fs $network $syslog
-# Short-Description: Open Office service for Docvert
-# Description:   This init.d script is used to start Open Office as a
+# Short-Description: OpenOffice.org service for Docvert
+# Description:   This init.d script is used to start OpenOffice.org as a
 #service.
 ### END INIT INFO
 
@@ -15,13 +15,13 @@
 # Do NOT set -e
 
 PATH=/sbin:/usr/sbin:/bin:/usr/bin
-DESC=Open Office service for Docvert
-NAME=docvert-openoffice
+DESC=OpenOffice.org service for Docvert
+NAME=docvert-converter
 USER=docvert
 GROUP=docvert
 DAEMON=/usr/share/docvert/core/config/unix-specific/openoffice.org-server.sh
 DAEMON_ARGS=
-PIDFILE=/var/run/docvert/openoffice.pid
+PIDFILE=/var/run/docvert/converter.pid
 SCRIPTNAME=/etc/init.d/$NAME
 
 # Exit if the package is not installed
@@ -47,9 +47,9 @@
 	#   1 if daemon was already running
 	#   2 if daemon could not be started
 	start-stop-daemon -c $USER -g $GROUP --start --pidfile $PIDFILE --exec $DAEMON --test  /dev/null || return 1
-	start-stop-daemon -c $USER -g $GROUP --start --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_ARGS || return 2
+	start-stop-daemon -c $USER -g $GROUP --start --pidfile $PIDFILE --background --exec $DAEMON -- $DAEMON_ARGS || return 2
 	sleep 2
-	pgrep soffice  $PIDFILE
+	pgrep -U $USER -G $GROUP soffice  $PIDFILE
 	[ -s $PIDFILE ] || return 2
 	return 0
 	# Add code here, if necessary, that waits for the process to be ready
diff -u docvert-3.4/debian/docvert.cron.daily docvert-3.4/debian/docvert.cron.daily
--- docvert-3.4/debian/docvert.cron.daily
+++ docvert-3.4/debian/docvert.cron.daily
@@ -3,2 +3,4 @@
-find /var/lib/docvert/ -name preview* -type f -mtime 1 | xargs -n 100 rm -f
-find /var/lib/docvert/ -name preview* -type d -mtime 1 | xargs --no-run-if-empty -n 100 rmdir --ignore-fail-on-non-empty
+if [ -d /var/lib/docvert ]; then
+	find /var/lib/docvert/ -name preview* -type f -mtime 1 | xargs -n 100 rm -f
+	find /var/lib/docvert/ -name preview* -type d -mtime 1 | xargs --no-run-if-empty -n 100 rmdir --ignore-fail-on-non-empty
+fi
diff -u docvert-3.4/debian/changelog docvert-3.4/debian/changelog
--- docvert-3.4/debian/changelog
+++ docvert-3.4/debian/changelog
@@ -1,3 +1,20 @@
+docvert (3.4-6) unstable; urgency=high
+
+  * docvert-openoffice.org needs to depend on docvert
+  * initscript:
+- background the headless OOo process, high urgency (closes: #502322)
+- only keep track (and kill) OOo processes owned by the docvert user
+- fix all variables still referring to the old initscript name
+
+ -- Francois Marier [EMAIL PROTECTED]  Mon, 20 Oct 2008 10:53:57 +1300
+
+docvert (3.4-5) unstable; urgency=low
+
+  * Make short descriptions start with a lowercase letter (closes: #489796)
+  * Check whether the directory exists in the cron job (closes: #493334)
+
+ -- Francois Marier [EMAIL PROTECTED]  Sun, 03 Aug 2008 23:29:40 +1200
+
 docvert (3.4-4) unstable; urgency=low
 
   * Add mkdir call to both postinst scripts (closes: #489031)
diff -u docvert-3.4/debian/control docvert-3.4/debian/control
--- docvert-3.4/debian/control
+++ docvert-3.4/debian/control
@@ -13,7 +13,7 @@
 Pre-Depends: pwgen
 Depends: python, php5-xsl, php5-cli, php5-gd, php5-tidy, librsvg2-bin, apache2, libapache2-mod-php5, libphp-pclzip, fckeditor
 Recommends: docvert-openoffice.org, optipng, jpegoptim
-Description: Converts word processor files to HTML
+Description: converts word processor files to HTML
  Docvert is a web application which takes word processor files
  (typically .doc) and converts them to OpenDocument and clean

Proposing an update to chkrootkit

2008-04-22 Thread Francois Marier 
(Please CC me on your replies)

I would like to upload a revised version of chkrootkit for the next point
release of the stable distribution.

The only patch I would apply is:

  http://tinyurl.com/3sdna3 

since it fixes a critical bug:

  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=421864

Also, I would update the maintainer field since I am now the chkrootkit
maintainer.

Do you have any objections to these changes?

Francois


signature.asc
Description: Digital signature

Please unblock K3b 0.12.17-8 (instead of 0.12.17-6)

2006-12-14 Thread Francois Marier 
I have just uploaded a new version of K3b (0.12.17-8) to unstable which
fixes important bug #401739 (readcd being renamed to readom).

Here are the relevant changelog entries:

  k3b (0.12.17-8) unstable; urgency=medium
  
* Remove a wrong version check for readom (follow-up to bug #401739)
  
   -- Francois Marier [EMAIL PROTECTED]  Thu, 14 Dec 2006 09:23:25 -0500
  
  k3b (0.12.17-7) unstable; urgency=medium
  
* Support for readom which is the new renamed readcd (closes: #401739)
  
   -- Francois Marier [EMAIL PROTECTED]  Tue, 12 Dec 2006 21:27:29 -0500

Thanks,

Francois


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Please consider email-reminder 0.5.2-3 for Sarge

2005-05-04 Thread Francois Marier 
The version of email-reminder in testing has an annoying (but trivial)
problem that can render this package totally non-functional:  it forgets to
recommend 'anacron'.  Hence, reminders are not sent by the cron.daily cron
job if the machine is turned off at night.

Version 0.5.2-3 fixes that problem and was supposed to make it into testing
but I uploaded version 0.5.3-1 a week ago and it cancel the transition of
0.5.2-3 to testing.

Feel free to push version 0.5.3-1 to testing directly if you prefer, but I
would appreciate if you could at least upgrade the version to 0.5.2-3 since
the only changes from -2 are in the depends and recommends fields of the
control file.

Thanks,

Francois


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]