Bug#922568: ITA: jcc -- code generator producing a Python extension from Java classes

2019-12-22 Thread Ludovico Cavedon 
Hi Emmanuel,

On Fri, Nov 22, 2019 at 7:24 PM Emmanuel Arias 
wrote:

> I've just push to my own repository the new upstream release [1]
>
> I have not access to [2].


> Ludovico, could you give me access to [2], please? This way I can
> update the package.
>

Done.
I may not be able to review and sponsor the upload, though, sorry.

Thank you,
Ludovico

Bug#937834: python-iniparse: Python2 removal in sid/bullseye

2019-12-22 Thread Ludovico Cavedon 
Stuar,

On Sun, Dec 22, 2019 at 2:57 AM Stuart Prescott  wrote:

> I've prepared an upload for this package and made a MR on salsa with the
> relevant changes.
>
> https://salsa.debian.org/debian/python-iniparse/merge_requests/1


Thank you. Please go ahead.

Andrej also contacted me a while ago about moving it into DPMT Maintenance,
about which I am happy.
Do you need me to do an official RFA, or can you just update the Maintainer
field with the next upload?

Thank you.
Ludovico

Bug#921704: tortoisehg: uninstallable with mercurial 4.9

2019-02-18 Thread Ludovico Cavedon 
On Mon, Feb 18, 2019 at 11:39 AM Julien Cristau  wrote:

> Well it's going to be delayed by virtue of making tortoisehg and hg-git
> uninstallable anyway, for now.  Is there an ETA on a tortoise 4.9
> release?
>
>
Let me check with upstream.

Thanks,
Ludovico

Bug#921704: tortoisehg: uninstallable with mercurial 4.9

2019-02-18 Thread Ludovico Cavedon 
On Mon, Feb 18, 2019 at 10:58 AM Julien Cristau  wrote:

> > Thank you for the bug report. TortoiseHg 4.9 has not been released yet.
> >
> There's no need for the tags, and this will affect buster when mercurial
> migrates so they're wrong anyway.
>

I see.
Would it make sense to delay the migration of mercurial until an updated
tortoisehg is migrated, so we avoid removing tortoisehg from testing, given
the upcoming release?

Thanks,
Ludovico

Bug#922602: O: javacc-maven-plugin

2019-02-17 Thread Ludovico Cavedon 
Package: wnpp
Severity: normal

Hi,

I am planning on orphaning javacc-maven-plugin, a maven plugin which
uses JavaCC to process JavaCC grammar files, as I cannot find the time
to keep it up to date and I do not work with java related tools anymore.

Thanks,
Ludovico

Bug#922601: O: jtb -- syntax tree builder and visitors generator for JavaCC

2019-02-17 Thread Ludovico Cavedon 
Package: wnpp
Severity: normal

I intend to orphan the jtb package.

The package description is:
 JTB (Java Tree Builder) is a syntax tree builder and visitors generator to be
 used in front of JavaCC (Java Compiler Compiler).  It takes a JavaCC grammar
 file as input (usually a ".jtb" file) and automatically generates the
 following:
  * a set of syntax tree classes based on the productions in the grammar,
utilizing the Visitor design pattern;
  * four interfaces: IVoidVisitor, IVoidArguVisitor, IRetVisitor,
IRetArguVisitor;
  * four depth-first visitors: DepthFirstVoidVisitor, DepthFirstVoidArguVisitor,
DepthFirstRetVisitor, DepthFirstREtArguVisitor, whose default methods simply
visit the children of the current node;
  * a JavaCC grammar ".jj" file (jtb.out.jj by default), with the proper
annotations to build the syntax tree during parsing (which then must be
compiled with JavaCC).
 .
 New visitors, which subclass any generated one, can then override the default
 methods and perform various operations on and manipulate the generated syntax
 tree.

Bug#922594: RM: htmlunit-core-js/2.8-1

2019-02-17 Thread Ludovico Cavedon 
On Sun, Feb 17, 2019 at 11:10 PM Mattia Rizzolo  wrote:

> On Sun, Feb 17, 2019 at 10:31:22PM -0800, Ludovico Cavedon wrote:
> > The currently packaged version is very old, and nobody is using it.
> > Please remove it only from testing, not from stable.
> > I have also filed a request to removal of htmlunit from testing and
> > unstable.
> >
> > htmlunit-core-js 2.8-1 can be kept in stable and oldstable.
>
> You already asked for remove from unstable, there are no extra action to
> be taken by the release team: once it's removed from unstable, the
> removal from testing will follow (assuming it wouldn't break any rdep).
>
> (same for htmlunit)
>
>
Ah, perfect. thank you for the clarification and sorry for the unnecessary
request.

Ludovico

Bug#922594: RM: htmlunit-core-js/2.8-1

2019-02-17 Thread Ludovico Cavedon 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

The currently packaged version is very old, and nobody is using it.
Please remove it only from testing, not from stable.
I have also filed a request to removal of htmlunit from testing and
unstable.

htmlunit-core-js 2.8-1 can be kept in stable and oldstable.

Thanks,
Ludovico

-- System Information:
Debian Release: 9.5
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'unstable'), 
(500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#922577: RM: htmlunit-core-js -- ROM; the currently packaged version is very old, and nobody is using it

2019-02-17 Thread Ludovico Cavedon 
Package: ftp.debian.org
Severity: normal

Thanks,
Ludovico

Bug#922576: RM: htmlunit/2.8-3

2019-02-17 Thread Ludovico Cavedon 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

the currently packaged version is very old, and nobody is using it

Please remove it from the upcoming release,
Thanks,
Ludovico

-- System Information:
Debian Release: 9.5
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'unstable'), 
(500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#922575: RM: htmlunit -- ROM; the currently packaged version is very old, and nobody is using it

2019-02-17 Thread Ludovico Cavedon 
Package: ftp.debian.org
Severity: normal

Thanks,
Ludovico

Bug#922565: RFA: tortoisehg -- Graphical tool for working with Mercurial

2019-02-17 Thread Ludovico Cavedon 
Package: wnpp
Severity: normal

Hi,
I am no longer a user this package and I am not able to keep up with the
updates, especially because they need to be syncronized with mercurial
updates.

I request an adopter for the tortoisehg package, please.

Thank you,
Ludovico



The package description is:
 TortoiseHg provides a graphical tool for interacting with the distributed
 revision control system Mercurial.  GUI support is provided for over a dozen
 operations, including add files, commit changes, manage ignore filter, view
 change log, merge, recover/rollback, edit configuration, synchronize
 repository, and many others.   The highlight is the interactive commit tool
 which allows easy selection of diffs from multiple files and packaging into
 changesets, and which is more powerful and easier to use than available
 alternatives such as qct and hgct (commit-tool).

Bug#922568: RFA: jcc -- code generator producing a Python extension from Java classes

2019-02-17 Thread Ludovico Cavedon 
Package: wnpp
Severity: normal

Hi,

I request an adopter for the jcc package, please, as I am no longer a
user and I am having issues finding time to keep it up to date.

Thank you,
Ludovico


The package description is:
 JCC is a code generator for producing a Python extension providing
 access to a set of Java classes. For every Java class, JCC generates
 a C++ wrapper class that hides the gory details necessary for
 accessing methods and fields from C++ via Java's Native Invocation
 Interface.  JCC can also generate C++ wrappers that make it possible
 to access these classes from Python.  When generating Python
 wrappers, JCC produces a complete Python extension via the distutils
 package that makes it readily available to the Python interpreter.
 JCC is a project maintained by the Open Source Applications
 Foundation.

Bug#921704: tortoisehg: uninstallable with mercurial 4.9

2019-02-17 Thread Ludovico Cavedon 
package src:tortoisehg
tags 921704 + sid experimental
thanks

Thank you for the bug report. TortoiseHg 4.9 has not been released yet.

Ludovico

On Fri, Feb 8, 2019 at 12:09 AM Julien Cristau  wrote:

> Source: tortoisehg
> Version: 4.8.1-0.1
> Severity: serious
> X-Debbugs-Cc: James Cowgill 
>
> Hi,
>
> mercurial 4.9 is now in sid, so tortoisehg needs an update.
>
> Cheers,
> Julien
>

Bug#920648: ntopng: missing libssl-dev dependency

2019-02-03 Thread Ludovico Cavedon 
Thank you for your help!

Ludovico

On Sun, Feb 3, 2019 at 7:24 PM peter green  wrote:

> I have uploaded a NMU fixing this bug, a debdiff is attatched. Per the NMU
> guidelines since this RC bug is 7 days old with no maintainer response I
> have uploaded the NMU without delay.
>
>

Bug#920281: Re : Bug#920281: ntopng: Unable to finish the post-inst.

2019-01-25 Thread Ludovico Cavedon 
package ntopng
severity *920281 *serious
tags *920281 + confirmed pending*
*thanks*

On Fri, Jan 25, 2019 at 10:22 AM Marc Haber 
wrote:

> On Thu, Jan 24, 2019 at 12:15:54PM -0800, Ludovico Cavedon wrote:
> > Something is going wrong with the migration I have not been able to
> > reproduce yet.
>
> I see the same issue. The cause is the line
> runuser -u ntopng -- tar xf- -C $DATA_DIR
> in postinst. The error message is a bit misleading, strace shows that
> tar is actually trying to open a file called '-C'.
>

Oh, thank you for the hint. That's an issue I thought I had fixed, but I
must have lost it somehow.
Let me upload a fix right away.

btw, in my opinion this is a release critical bug.
>
>
Agreed,
Ludovico

Bug#920281: Re : Bug#920281: ntopng: Unable to finish the post-inst.

2019-01-24 Thread Ludovico Cavedon 
On Thu, Jan 24, 2019 at 1:57 AM  wrote:

> > Thank you for reporting the issue.
> > What version of ntopng where you upgrading from?
>
> From the previous one I guess, I upgrade my Sid every day.
>

>From the previous on sid, then, 3.2 (which never made it to testing).

Can you also send me the output of the following commands, please?

ls -ld  /var/lib/ntopng
ls -l  /var/lib/ntopng
grep ntopng /var/log/dpkg.log

The new ntopng uses /var/lib/ntopng instead of /var/tmp/ntopng, and a
different user.
Something is going wrong with the migration I have not been able to
reproduce yet.

If you do not care about the old data, you can just remove  /var/tmp/ntopng
Otherwise you can move /var/tmp/ntopng to /var/lib/ntopng and
chown -R ntopng:ntopng /var/lib/ntopng
cmod 700 /var/lib/ntopng

Thank you,
Ludovico

Bug#920281: ntopng: Unable to finish the post-inst.

2019-01-24 Thread Ludovico Cavedon 
Hi Nicolas,

Thank you for reporting the issue.
What version of ntopng where you upgrading from?
Could you send me the output of
ls -ld /var/tmp/ntopng
and
ls -l /var/tmp/ntopng

please?

Thank you,
Ludovico

On Wed, Jan 23, 2019 at 7:27 AM Nicolas Patrois 
wrote:

> Package: ntopng
> Version: 3.8+dfsg1-1
> Severity: normal
>
> Dear Maintainer,
>
> ntopng’s installation can’t be finished because of a bug in the post-inst
> script.
>
> Paramétrage de ntopng (3.8+dfsg1-1) ...
> Migrating data from /var/tmp/ntopng to /var/lib/ntopng...
> tar: -C : open impossible: Aucun fichier ou dossier de ce type
> tar: Error is not recoverable: exiting now
> Relais brisé (pipe)
> dpkg: erreur de traitement du paquet ntopng (--configure) :
>  installed ntopng package post-installation script subprocess returned
> error
> exit status 2
>
> In English (my translation):
> tar: -C : open impossible: No such file or directory
> tar: Error is not recoverable: exiting now
> Broken pipe
> dpkg: error during package process ntopng (--configure) :
>
>
>
> -- System Information:
> Debian Release: buster/sid
>   APT prefers unstable
>   APT policy: (500, 'unstable')
> Architecture: i386 (i686)
>
> Kernel: Linux 4.17.0-3-686-pae (SMP w/3 CPU cores)
> Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8),
> LANGUAGE=fr_FR:fr:en_GB:en (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
>
> Versions of packages ntopng depends on:
> ii  adduser  3.118
> ii  libc62.28-5
> ii  libcap2  1:2.25-1.2
> ii  libcurl3-gnutls  7.63.0-1
> ii  libgcc1  1:8.2.0-14
> ii  libhiredis0.14   0.14.0-3
> ii  libjson-c3   0.12.1+ds-2
> ii  liblua5.3-0  5.3.3-1.1
> ii  libmariadb3  1:10.3.12-1
> ii  libmaxminddb01.3.2-1
> ii  libndpi2.6   2.6-3
> ii  libpcap0.8   1.8.1-6
> ii  librrd8  1.7.0-1+b3
> ii  libsodium23  1.0.16-2
> ii  libsqlite3-0 3.26.0+fossilbc891ac6b-1
> ii  libssl1.11.1.1a-1
> ii  libstdc++6   8.2.0-14
> ii  libzmq5  4.3.1-2
> ii  lsb-base 10.2018112800
> ii  ntopng-data  3.8+dfsg1-1
> ii  redis-server 5:5.0.3-4
> ii  zlib1g   1:1.2.11.dfsg-1
>
> ntopng recommends no packages.
>
> Versions of packages ntopng suggests:
> pn  geoip-database-contrib  
>
> -- no debconf information
>

Bug#919907: ntopng FTBFS with ndpi 2.6

2019-01-20 Thread Ludovico Cavedon 
Thank you for bug report. I am going to upload ntopng 3.8 soon and it will
fix the build against the latest ndpi.

Ludovico

On Sun, Jan 20, 2019 at 8:36 AM Adrian Bunk  wrote:

> Source: ntopng
> Version: 2.4+dfsg1-4
> Severity: serious
> Tags: ftbfs
>
>
> https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/ntopng.html
>
> ...
> g++ -g -Wall -I/build/1st/ntopng-3.2+dfsg1
> -I/build/1st/ntopng-3.2+dfsg1/include -I/usr/local/include
> -D_FILE_OFFSET_BITS=64 -I/usr/include/hiredis -I/usr/include/hiredis
> -I/build/1st/ntopng-3.2+dfsg1/third-party/mongoose -I/usr/include/json-c
> -I/usr/include/ndpi/libndpi
> -I/build/1st/ntopng-3.2+dfsg1/third-party/LuaJIT-2.1.0-beta3/src  -isystem
> /usr/include/mit-krb5 -I/usr/include/pgm-5.2
> -I/usr/lib/x86_64-linux-gnu/pgm-5.2/include -I/usr/include/mariadb
> -I/usr/include/mariadb/mysql -Wdate-time -D_FORTIFY_SOURCE=2
> -I/build/1st/ntopng-3.2+dfsg1 -I/build/1st/ntopng-3.2+dfsg1/include
> -I/usr/local/include
> -I/build/1st/ntopng-3.2+dfsg1/third-party/http-client-c/src/
> -I/usr/include/openssl  -DDATA_DIR='"/usr/share"'
> -I/build/1st/ntopng-3.2+dfsg1/third-party/libgeohash
> -I/build/1st/ntopng-3.2+dfsg1/third-party/patricia  -g -O2
> -ffile-prefix-map=/build/1st/ntopng-3.2+dfsg1=. -fstack-protector-strong
> -Wformat -Werror=format-security -c src/AlertCounter.cpp -o
> src/AlertCounter.o
> In file included from src/AlertCounter.cpp:22:
> /build/1st/ntopng-3.2+dfsg1/include/ntop_includes.h:107:10: fatal error:
> ndpi_main.h: No such file or directory
>  #include "ndpi_main.h"
>   ^
> compilation terminated.
> make[2]: *** [Makefile:153: src/AlertCounter.o] Error 1
>

Bug#886133: ndpi: FTBFS on mips, s390x, powerpc, and ppc64: tests time out

2018-01-09 Thread Ludovico Cavedon 
Hi,

 I have an update on this: I have a patch for upstream review at
https://github.com/ntop/nDPI/pull/506.
It fixes this issue, but unittests still fail on s90x (and I guess on the
other big endian archs), so no new upload for now, until I debug that.

Ludovico

Bug#885955: FTBFS: /usr/bin/ld: cannot find -ljvm

2018-01-07 Thread Ludovico Cavedon 
package src:jcc
tags 885955 + confirmed pending
thanks

On Sun, Dec 31, 2017 at 3:06 PM Adam Borowski  wrote:

> I'm afraid that your package fails to build on armhf, with:
> /usr/bin/ld: cannot find -ljvm
>
> It does succeed on at least amd64, though.
>

For  some reason openjdk on that architecture does not have
server/libjvm.so, but only client/libjsvm.so.
I have added some fall-back logic. The upload is currently in the NEW queue.

Thanks,
Ludovico

Bug#875579: FTBFS with Java 9: library path guessed wrong

2018-01-07 Thread Ludovico Cavedon 
package src:jcc
tags 875579 + confirmed pending
thanks

On Tue, Sep 12, 2017 at 5:33 AM Chris West  wrote:

> This package fails to build with default-jdk pointing to openjdk-9-jdk.
> Please fix it, so that we can start the transition to Java 9.
>
>
Done, currently in the NEW queue.

Thanks,
Ludovico

Bug#886133: ndpi: FTBFS on mips, s390x, powerpc, and ppc64: tests time out

2018-01-03 Thread Ludovico Cavedon 
Thank you for looking into this.

On Tue, Jan 2, 2018 at 12:15 PM Aaron M. Ucko  wrote:

> > It so happens that I was having a brief look already :)
>
> Great, thanks!
>
> > The hang occurs inside the above while loop. Notice that the value
> > loaded into "label" inside the loop never changes and this is the only
> > variable the loop condition depends on. Therefore, if the initial loop
> > condition is true, the program will loop forever.
>
> So I see.  Perhaps the intent was to update mpls after bumping ip_offset.
>

Yes, there is clearly something missing.
Probably
mpls = (struct ndpi_mpls_header *) [ip_offset];
is missing from inside the loop.

I will check on this before the end of the week, follow up with upstream,
and patch.

Thanks,
Ludovico

Bug#885183: stretch-pu: package ntopng/2.4+dfsg1-3+deb9u1

2017-12-27 Thread Ludovico Cavedon 
Hi Moritz,

On Tue, Dec 26, 2017 at 12:18 PM Moritz Mühlenhoff <j...@inutil.org> wrote:

> On Mon, Dec 25, 2017 at 09:26:58PM +0100, Ludovico Cavedon wrote:
> > - #866721 and #866719, which are securirity-related issues. Do you want
> >   me to reach out to the security team about these first?
>
> Those are marked no-dsa for quite a while, so not needed
>

Of course, sorry for missing that.

I tried to search/read but I am not completely sure of what the next step
is: should I wait for feedback based on the attached debdiff, or should I
upload to pu first?

Thank you,
Ludovico

Bug#885183: stretch-pu: package ntopng/2.4+dfsg1-3+deb9u1

2017-12-25 Thread Ludovico Cavedon 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I would like to submit to your consideration an update to ntopng in
stretch.

The main bug that triggered this upload is #856048, which causes the
user management and preferences section of the web interface to
be unusuable.

The fix is already in version 2.4+dfsg1-4 in unstable.

There are three additional important issues from 2.4+dfsg1-4 that I
think it would make sense to include:
- #859653 which causes ntopng to crash if the mysql backend is selected.
  This change only affects mysql users. On the other side it is an
  obvious usage-after-free and out-of-bound memeory access issues.
- #866721 and #866719, which are securirity-related issues. Do you want
  me to reach out to the security team about these first? Do we need to
  treat the whole update as a security one instead, or split it?

debdiff attached.

Thank you,
Ludovico


-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'stable-updates'), (500, 
'testing'), (500, 'stable'), (470, 'unstable'), (460, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru ntopng-2.4+dfsg1/debian/changelog ntopng-2.4+dfsg1/debian/changelog
--- ntopng-2.4+dfsg1/debian/changelog   2017-02-04 04:43:00.0 +0100
+++ ntopng-2.4+dfsg1/debian/changelog   2017-12-24 21:18:54.0 +0100
@@ -1,8 +1,22 @@
-ntopng (2.4+dfsg1-3) unstable; urgency=high
+ntopng (2.4+dfsg1-3+deb9u1) stretch; urgency=medium
+
+  * Update Check-for-presence-of-crsf-in-admin-scripts.patch to avoid the
+'Missing CSRF parameter' error (Closes: #856048).
+  * Add CVE-2017-7458.patch to prevent an empty host to crash ntopng
+(Closes: #866721, CVE-2017-7458).
+  * Add CVE-2017-7459.patch to prevent \r\n from being injected into HTTP URIs
+(Closes: #866719, CVE-2017-7459).
+  * Add Avoid-access-after-free.patch and
+Avoid-access-to-unintialized-memory.patch to fix crash with mysql (thanks
+to Bernhard Übelacker, Closes: #859653).
+
+ -- Ludovico Cavedon <cave...@debian.org>  Sun, 24 Dec 2017 21:18:54 +0100
+
+ntopng (2.4+dfsg1-3) unstable; urgency=medium
 
   * Import upstream patches fixing CVE-2017-5473. (Closes: #852109)
 
- -- Ludovico Cavedon <cave...@debian.org>  Fri, 03 Feb 2017 19:43:00 -0800
+ -- Ludovico Cavedon <cave...@debian.org>  Sun, 24 Dec 2017 21:14:54 +0100
 
 ntopng (2.4+dfsg1-2) unstable; urgency=high
 
diff -Nru ntopng-2.4+dfsg1/debian/patches/Avoid-access-after-free.patch 
ntopng-2.4+dfsg1/debian/patches/Avoid-access-after-free.patch
--- ntopng-2.4+dfsg1/debian/patches/Avoid-access-after-free.patch   
1970-01-01 01:00:00.0 +0100
+++ ntopng-2.4+dfsg1/debian/patches/Avoid-access-after-free.patch   
2017-12-24 21:17:07.0 +0100
@@ -0,0 +1,48 @@
+Description: Avoid access after free
+Author: Bernhard Übelacker <bernha...@mailbox.org>
+Bug-Debian: https://bugs.debian.org/859653
+Applied-Upstream: yes
+
+Found while investigating for https://bugs.debian.org/859653
+
+==10143== Invalid read of size 8
+==10143==at 0x616E301: mysql_num_rows (client.c:4561)
+==10143==by 0x11C1AD: MySQLDB::exec_sql_query(st_mysql*, char*, bool, 
bool, bool) (MySQLDB.cpp:593)
+==10143==by 0x11CF4F: MySQLDB::MySQLDB(NetworkInterface*) (MySQLDB.cpp:295)
+==10143==by 0x13F5EF: NetworkInterface::NetworkInterface(char const*) 
(NetworkInterface.cpp:133)
+==10143==by 0x122041: Prefs::add_default_interfaces() (Prefs.cpp:1059)
+==10143==by 0x1187D3: main (main.cpp:117)
+==10143==  Address 0x144527a8 is 8 bytes inside a block of size 208 free'd
+==10143==at 0x4C2CDDB: free (vg_replace_malloc.c:530)
+==10143==by 0x11C1A5: MySQLDB::exec_sql_query(st_mysql*, char*, bool, 
bool, bool) (MySQLDB.cpp:592)
+==10143==by 0x11CF4F: MySQLDB::MySQLDB(NetworkInterface*) (MySQLDB.cpp:295)
+==10143==by 0x13F5EF: NetworkInterface::NetworkInterface(char const*) 
(NetworkInterface.cpp:133)
+==10143==by 0x122041: Prefs::add_default_interfaces() (Prefs.cpp:1059)
+==10143==by 0x1187D3: main (main.cpp:117)
+==10143==  Block was alloc'd at
+==10143==at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
+==10143==by 0x61A7D95: my_malloc (my_malloc.c:101)
+==10143==by 0x616C1D5: mysql_store_result (client.c:4094)
+==10143==by 0x11C190: MySQLDB::exec_sql_query(st_mysql*, char*, bool, 
bool, bool) (MySQLDB.cpp:589)
+==10143==by 0x11CF4F: MySQLDB::MySQLDB(NetworkInterface*) (MySQLDB.cpp:295)
+==10143==by 0x13F5EF: NetworkInterface::NetworkInterface(char const*) 
(NetworkInterface.cpp:133)
+==10143==by 0x122041: Prefs::add_default_interfaces() (Prefs.cpp:1059)
+

Bug#883787: ntopng: Error "Missing CSRF parameter" in "Manage users" and "Preferences"

2017-12-24 Thread Ludovico Cavedon 
Hi Daniel,

Thank you for the report.
As you described, the issues is exactly the same as #856048, so I am going
to merge the bugs.
Given that this impacts a core functionality, it may qualify for a stable
release update. I will check with the stable release team.

Thanks,
Ludovico


On Thu, Dec 7, 2017 at 3:45 PM Daniel Aubry 
wrote:

> Package: ntopng
> Version: 2.4+dfsg1-3
> Severity: grave
> Justification: renders package unusable
>
> Dear Maintainer,
>
> This is fixed in ntopng/2.4+dfsg1-4 which is not available on debian
> stretch.
>
> Please see bug #856048 for more details.
>
> It is not possible to access the "Manage users" and "Preferences" links on
> the web interface. Both will display an error message:
>
>  Script "/lua/admin/users.lua" returned an error:
>  Missing CSRF parameter
>
>  Script "/lua/admin/prefs.lua" returned an error:
>  Missing CSRF parameter
>
>
> This is the important changelog entry of version 2.4+dfsg1-4
>
>   * Update Check-for-presence-of-crsf-in-admin-scripts.patch to avoid the
> 'Missing CSRF parameter' error (Closes: #856048).
>
>
> Best Reards
> Daniel
>
> -- System Information:
> Debian Release: 9.2
>   APT prefers stable-updates
>   APT policy: (500, 'stable-updates'), (500, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 4.9.0-4-amd64 (SMP w/2 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
> LANGUAGE=en_US:en (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
>
> Versions of packages ntopng depends on:
> ii  init-system-helpers  1.48
> ii  libc62.24-11+deb9u1
> ii  libcurl3-gnutls  7.52.1-5+deb9u3
> ii  libgcc1  1:6.3.0-18
> ii  libgeoip11.6.9-4
> ii  libhiredis0.13   0.13.3-2
> ii  libjson-c3   0.12.1-1.1
> ii  libluajit-5.1-2  2.0.4+dfsg-1+b1
> ii  libmariadbclient18   10.1.26-0+deb9u1
> ii  libndpi4 1.8-1
> ii  libpcap0.8   1.8.1-3
> ii  librrd8  1.6.0-1+b2
> ii  libsqlite3-0 3.16.2-5
> ii  libstdc++6   6.3.0-18
> ii  libzmq5  4.2.1-4
> ii  lsb-base 9.20161125
> ii  ntopng-data  2.4+dfsg1-3
> ii  redis-server 3:3.2.6-1
> ii  zlib1g   1:1.2.8.dfsg-5
>
> ntopng recommends no packages.
>
> Versions of packages ntopng suggests:
> pn  geoip-database-contrib  
>
> -- no debconf information
>

Bug#857060: Hunk #1 FAILED at 231

2017-09-04 Thread Ludovico Cavedon 
On Mon, Sep 4, 2017 at 12:23 PM jean-christophe manciot <
actionmysti...@gmail.com> wrote:

>
>- What parameters have you used with gbp to successfully build from
>sources?
>
> gbp buildpackage --git-verbose --git-pristine-tar

>
>- your repo is behind sid: debian/2.4+dfsg1-3 vs debian/2.4+dfsg1-4
>
> Ah, sorry, the tag was missing. Added.

Thanks,
Ludovico


>
> On Sat, Sep 2, 2017 at 6:58 PM, Ludovico Cavedon <
> ludovico.cave...@gmail.com> wrote:
>
>> package ntopng
>> tags 857060 + unreproducible
>> thanks
>>
>> Hi Jean-Christophe,
>>
>> On Tue, Mar 7, 2017 at 5:36 PM jean-christophe manciot <
>> actionmysti...@gmail.com> wrote:
>>
>>> [...]
>>>
>> dpkg-source: info: applying log-filename.patch
>>> dpkg-source: info: applying no-librt.patch
>>> dpkg-source: info: applying use-system-ndpi.patch
>>>
>> [...]
>>> dpkg-source: info: building ntopng using existing
>>> ./ntopng_2.4+dfsg1.orig.tar.gz
>>> patching file configure.seed
>>> Hunk #1 FAILED at 231.
>>> 1 out of 1 hunk FAILED
>>> dpkg-source: info: the patch has fuzz which is not allowed, or is
>>> malformed
>>> dpkg-source: info: if patch 'no-librt.patch' is correctly applied by
>>> quilt, use 'quilt refresh' to update it
>>>
>>>
>> I was unable to reproduce this issue, even with a clean clone of the repo
>> and resetting master to the debian/2.4+dfsg1-2 tag.
>> Maybe some had gone wrong with the creation of
>> ntopng_2.4+dfsg1.orig.tar.gz? Maybe because of
>> https://bugs.debian.org/857590?
>>
>> Thanks,
>> Ludovico
>>
>>
>
>
> --
> Jean-Christophe
>

Bug#866722: ntopng: CVE-2017-7416

2017-09-03 Thread Ludovico Cavedon 
package src:ntopng
tags 866722 + moreinfo fixed-upstream
thanks

Hi Salvatore,

On Sat, Jul 1, 2017 at 10:27 AM Salvatore Bonaccorso 
wrote:

> CVE-2017-7416[0]:
> | ntopng before 3.0 allows XSS because GET and POST parameters are
> | improperly validated.
>

It is unclear to me what this is about exactly. I am talking to upstream to
see if we can figure it out.

Thanks,
Ludovico

Bug#800969: hangs during upgrade

2017-09-03 Thread Ludovico Cavedon 
package ntopng
tags 800969 + moreinfo
thanks

Hi Marvin,

On Mon, Oct 5, 2015 at 4:06 PM Marvin Renich  wrote:

> When upgrading from version 1.2.1+dfsg1-2 to 2.0+dfsg1-1, the postinst
> script hung.  Note that this machine is still using sysvinit, not
> systemd.
>

Unfortunately, I do not have an easy way to try and reproduce this right
now.
It may be caused by this upstream bug
https://github.com/ntop/ntopng/issues/1424, but I am not sure.
Is it possible that on one of the interface ntopng was sniffing on there
was no traffic?

Thanks,
Ludovico

Bug#859653: ntopng: Segmentation fault with mysql

2017-09-03 Thread Ludovico Cavedon 
package ntopng
tags 859653 + pending
thanks

On Sat, May 6, 2017 at 4:57 PM Bernhard Übelacker 
wrote:

> Attached are two patches:
>

Thank you, Bernhard. They look good and I am including them in the upcoming
upload.

Ludovico


>
> - 0001-Avoid-access-after-free.patch
>   (Unrelated to this bug, just received the output from valgrind.)
>
> - 0002-Avoid-access-to-unintialized-memory.patch
>   (With this applied ntopng is not crashing for me; similar change
>got applied upstream in
>
> https://github.com/ntop/ntopng/commit/2d2e735c99064e8f45c38199e810b121d2b5f4b1
> )
>
> Was tested just as far as starting and stopping the service is involved.
>
> Kind regards,
> Bernhard
>
>
>
>
> echo '-F="mysql;localhost;ntopng;flows;ntopng;simple"' >> /etc/ntopng.conf
>
> mysql -u root -p
> CREATE USER 'ntopng'@'localhost' IDENTIFIED BY 'simple';
> create database ntopng;
> GRANT ALL PRIVILEGES ON ntopng.* To 'ntopng'@'localhost' IDENTIFIED
> BY 'simple';
> exit
>
>
> systemctl start ntopng
> Job for ntopng.service failed because a fatal signal was delivered causing
> the control process to dump core.
> See "systemctl status ntopng.service" and "journalctl -xe" for details.
>
>
> journalctl -u ntopng
> Mai 06 15:52:42 debian systemd[1]: Starting ntopng - High-Speed Web-based
> Traffic Analysis and Flow Collection Tool...
> Mai 06 15:52:42 debian ntopng[9957]: 06/May/2017 15:52:42 [Prefs.cpp:919]
> Logging into /var/log/ntopng/ntopng.log
> Mai 06 15:52:42 debian ntopng[9957]: 06/May/2017 15:52:42 [Ntop.cpp:1121]
> Setting local networks to 127.0.0.0/8
> Mai 06 15:52:42 debian ntopng[9957]: 06/May/2017 15:52:42 [Redis.cpp:92]
> Successfully connected to redis 127.0.0.1:6379@0
> Mai 06 15:52:42 debian ntopng[9957]: [NDPI]
> ndpi_init_protocol_defaults(missing protoId=226) INTERNAL ERROR: not all
> protocols have been initialized
> Mai 06 15:52:42 debian ntopng[9957]: 06/May/2017 15:52:42
> [MySQLDB.cpp:495] Attempting to connect to MySQL for interface dummy...
> Mai 06 15:52:42 debian ntopng[9957]: 06/May/2017 15:52:42
> [MySQLDB.cpp:535] Succesfully connected to MySQL [localhost:ntopng] for
> interface dummy
> Mai 06 15:52:45 debian ntopng[9957]: 06/May/2017 15:52:45
> [MySQLDB.cpp:297] MySQL schema update. Altering table flowsv4: renaming
> BYTES to IN_BYTES and adding OUT_BYTES
> Mai 06 15:52:46 debian ntopng[9957]: 06/May/2017 15:52:46
> [MySQLDB.cpp:297] MySQL schema update. Altering table flowsv6: renaming
> BYTES to IN_BYTES and adding OUT_BYTES
> Mai 06 15:52:48 debian systemd[1]: ntopng.service: Control process exited,
> code=dumped status=11
> Mai 06 15:52:48 debian systemd[1]: Failed to start ntopng - High-Speed
> Web-based Traffic Analysis and Flow Collection Tool.
> Mai 06 15:52:48 debian systemd[1]: ntopng.service: Unit entered failed
> state.
> Mai 06 15:52:48 debian systemd[1]: ntopng.service: Failed with result
> 'core-dump'.
> Mai 06 15:52:48 debian systemd[1]: ntopng.service: Service hold-off time
> over, scheduling restart.
> Mai 06 15:52:48 debian systemd[1]: Stopped ntopng - High-Speed Web-based
> Traffic Analysis and Flow Collection Tool.
>
>
> dmesg -T
> [Sa Mai  6 15:52:47 2017] ntopng[9957]: segfault at 7fffc2e9 ip
> 55bfbe6c0ffe sp 7fffc2e8cee0 error 4 in ntopng[55bfbe6ac000+8a000]
>
>
> root@debian:/home/benutzer/debian/ntopng/ntopng/orig/ntopng-2.4+dfsg1/src#
> coredumpctl gdb 9957
> ...
> Core was generated by `/usr/sbin/ntopng /etc/ntopng.conf'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x55bfbe6c0ffe in MySQLDB::MySQLDB (this=0x55bfc0eec850,
> _iface=) at src/MySQLDB.cpp:307
> 307   exec_sql_query(, sql, true, true);
>
> (gdb) bt
> #0  0x55bfbe6c0ffe in MySQLDB::MySQLDB (this=0x55bfc0eec850,
> _iface=) at src/MySQLDB.cpp:307
> #1  0x55bfbe6e35f0 in NetworkInterface::NetworkInterface
> (this=0x55bfbffa7fb0, name=0x55bfbe715310 "dummy") at
> src/NetworkInterface.cpp:133
> #2  0x55bfbe6c6042 in Prefs::add_default_interfaces (this= out>) at src/Prefs.cpp:1059
> #3  0x55bfbe6bc7d4 in main (argc=2, argv=0x7fffc2e8f298) at
> src/main.cpp:117
>
>
> root@debian:/home/benutzer/debian/ntopng/ntopng/orig/ntopng-2.4+dfsg1/src#
> valgrind /usr/sbin/ntopng /etc/ntopng.conf
> ==10143== Memcheck, a memory error detector
> ==10143== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
> ==10143== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for
> copyright info
> ==10143== Command: /usr/sbin/ntopng /etc/ntopng.conf
> ==10143==
> 06/May/2017 16:27:49 [Prefs.cpp:919] Logging into
> /var/log/ntopng/ntopng.log
> 06/May/2017 16:27:49 [Ntop.cpp:1121] Setting local networks to 127.0.0.0/8
> 06/May/2017  16:27:49 [Redis.cpp:92]
> Successfully connected to redis 127.0.0.1:6379@0
> [NDPI] ndpi_init_protocol_defaults(missing protoId=226) INTERNAL ERROR:
> not all protocols have been initialized
> 06/May/2017 16:27:49 [MySQLDB.cpp:495] Attempting to connect to

Bug#819717: ntopng crash and restart with error *** stack smashing detected ***

2017-09-03 Thread Ludovico Cavedon 
package ntopng
tags 819717 + moreinfo
thanks

Hi Marco,

On Fri, Apr 1, 2016 at 12:45 PM Marco Gaiarin  wrote:

> I've tried to limit the number of interfaces to listen to, but nothing
> changed.


If you are still experiencing the issue, would you be able to provide me
with a traffic capture that would cause the issue when replayed on an
network interface?
And/or maybe install ntopng-dbgsym, capture the failure inside gdb, and
send me a stack trace? (command: "thread apply all bt")

Thanks,
Ludovico

Bug#857060: Hunk #1 FAILED at 231

2017-09-02 Thread Ludovico Cavedon 
package ntopng
tags 857060 + unreproducible
thanks

Hi Jean-Christophe,

On Tue, Mar 7, 2017 at 5:36 PM jean-christophe manciot <
actionmysti...@gmail.com> wrote:

> [...]
>
dpkg-source: info: applying log-filename.patch
> dpkg-source: info: applying no-librt.patch
> dpkg-source: info: applying use-system-ndpi.patch
>
[...]
> dpkg-source: info: building ntopng using existing
> ./ntopng_2.4+dfsg1.orig.tar.gz
> patching file configure.seed
> Hunk #1 FAILED at 231.
> 1 out of 1 hunk FAILED
> dpkg-source: info: the patch has fuzz which is not allowed, or is malformed
> dpkg-source: info: if patch 'no-librt.patch' is correctly applied by
> quilt, use 'quilt refresh' to update it
>
>
I was unable to reproduce this issue, even with a clean clone of the repo
and resetting master to the debian/2.4+dfsg1-2 tag.
Maybe some had gone wrong with the creation of
ntopng_2.4+dfsg1.orig.tar.gz? Maybe because of
https://bugs.debian.org/857590?

Thanks,
Ludovico

Bug#849210: ntopng: fails to start

2016-12-23 Thread Ludovico Cavedon 
package ntopng
tags 849210 + confirmed
tags 849210 grave
thanks

On Fri, Dec 23, 2016 at 8:47 PM Ludovico Cavedon <cave...@debian.org> wrote:

> On Fri, Dec 23, 2016 at 4:48 PM Aaron M. Ucko <u...@debian.org> wrote:
>
> As of version 2.4, ntopng fails to start on my system.  I'm not sure
> what specifically is going wrong; all I see in ntopng.log is
>
> 23/Dec/2016 10:38:43 [Ntop.cpp:1121] Setting local networks to 127.0.0.0/8
> 23/Dec/2016 <http://127.0.0.0/823/Dec/2016> 10:38:43 [Redis.cpp:92]
> Successfully connected to redis 127.0.0.1:6379@0
> 23/Dec/2016 10:38:43 [Ntop.cpp:1095] Parent process is exiting (this is
> normal)
>
>
>
Yes, I was able to reproduce it.
I am bumping severity to grave because it is basically causing ntopng to
not start on almost every system.

The problem is that the default PID path changed.

The  workaound is to change
/etc/systemd/system/multi-user.target.wants/ntopng.service from
PIDFile=/var/tmp/ntopng.pid
to
PIDFile=/var/run/ntopng.pid

I will upgrade a fix soon.

Cheers,
Ludovico

Bug#849210: ntopng: fails to start

2016-12-23 Thread Ludovico Cavedon 
Hi Aaron,

On Fri, Dec 23, 2016 at 4:48 PM Aaron M. Ucko  wrote:

> As of version 2.4, ntopng fails to start on my system.  I'm not sure
> what specifically is going wrong; all I see in ntopng.log is
>
> 23/Dec/2016 10:38:43 [Ntop.cpp:1121] Setting local networks to 127.0.0.0/8
> 23/Dec/2016  10:38:43 [Redis.cpp:92]
> Successfully connected to redis 127.0.0.1:6379@0
> 23/Dec/2016 10:38:43 [Ntop.cpp:1095] Parent process is exiting (this is
> normal)
>
>
I will look into that soon.
Are you sure ntopng is not running in background after this message?
Would you be able to send me the full log, please?

Thanks,
Ludovico

Bug#778780: out of inode space because of /var/tmp/ntopng/*/top_talkers/*

2016-04-02 Thread Ludovico Cavedon 
Hi,

Please see this issue:
https://bugs.debian.org/778780
http://serverfault.com/questions/625875/howto-prevent-ntopng-causing-out-of-disk-space-and-inodes

Does ntopng have some configurable cleanup of those entries? Or would you
recommend installing a cronjob as part of the package?

Thanks,
Ludovico

Bug#816975: qutecom: should this package be removed?

2016-04-02 Thread Ludovico Cavedon 
On Sat, Apr 2, 2016 at 6:34 PM Ludovico Cavedon <cave...@debian.org> wrote:

> Thanks for bringing this up, I will submit a removal request now.
>
>
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819848

Ludovico

Bug#819849: RM: ntop -- ROM; replaced by ntopng and no longer maintained upstream

2016-04-02 Thread Ludovico Cavedon 
Package: ftp.debian.org
Severity: normal

Please remove ntop from unstable.
ntop has been replaced by ntopng.
ntop is no longer maintained upstream.

Thanks,
Ludovico

Bug#819848: RM: qutecom -- ROM; no longer maintained upstream

2016-04-02 Thread Ludovico Cavedon 
Package: ftp.debian.org
Severity: normal

Please remove qutecom from unstable.
The package has some RC bugs and has not been maintained by upstream
for a long time.
https://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/2015-December/027732.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816975

Thanks,
Ludovico

Bug#816975: qutecom: should this package be removed?

2016-04-02 Thread Ludovico Cavedon 
Hi,

On Sun, Mar 6, 2016 at 3:00 PM Sebastian Ramacher 
wrote:

> quotecom seems to be dead upstream (qutecom.org is no longer reachable,
> last
> upstream release was four years ago) and has many bugs that will become RC
> soonish: #803856 (ffmpeg transition), #812163 (GCC 6) and #816812 (Qt4
> WebKit
> removal).
>
> So should quotecom be removed from unstable?
>
>
I think so.
No interest from the pkg-voip-maintainers group anyways:
https://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/2015-December/027732.html

Thanks for bringing this up, I will submit a removal request now.
Ludovico

Bug#762827: tortoisehg exits almost immidiatly after startup

2015-07-12 Thread Ludovico Cavedon 
package tortoisehg
tags 762827 + moreinfo
thanks

On Sat, Sep 27, 2014 at 7:33 AM Andrea P. bigsto...@hotmail.it wrote:

 I'm having a similar problem with kaffeine and vlc, and it seems to be
 related to this:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762672


Thank you Andrea for the pointer.

Antoon, does the workaround described in that bug reports fix the problem
for you?

Thanks,
Ludovico

Bug#792222: RM: gconf-cleaner -- ROM; no longer maintained by upstream and affected by RC bugs

2015-07-12 Thread Ludovico Cavedon 
Package: ftp.debian.org
Severity: normal

Hi,

Please remove gconf-cleaner from Debian, for the following reasons:
- no longer maintained by upstream (since 2008)
- affected by RC bugs [1]
- no interest in other maintainers to take on maintenance [2]

Thanks,
Ludovico


[1] https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=gconf-cleaner
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724961


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#769204: unblock: d3/3.4.13-2

2014-11-23 Thread Ludovico Cavedon 
Hi,

On Sun, 23 Nov 2014 21:23:14 +0100
=?UTF-8?B?TMOhc3psw7MgQsO2c3rDtnJtw6lueWkgKEdDUyk=?= g...@debian.org
wrote:
 On Sun, Nov 23, 2014 at 8:54 PM, W. Martin Borgert deba...@debian.org wrote:
  On 2014-11-14 12:03, Julien Cristau wrote:
  On Wed, Nov 12, 2014 at 07:15:57 +0100, Laszlo Boszormenyi (GCS) wrote:
   Package: release.debian.org
   Severity: normal
   User: release.debian@packages.debian.org
   Usertags: unblock
  
  I don't think this is suitable, sorry.
 
  My preferred solution right now is to remove d3/3.4.11-1
  flower/0.7.0+dfsg-1 python-mne/0.8.4+dfsg-1
  python-mpld3/0.3git+20140910dfsg-1 python-xstatic-d3/3.4.11-1
  rickshaw/1.5.0.dfsg-1 ruby-sidekiq/3.2.6~dfsg-1 ntopng/1.2.1+dfsg1-1.1
  python-xstatic-rickshaw/1.5.0.2-2.

I am the maintainer of ntopng.
Please do not remove it from testing, but let me know how if I can
help avoiding the revmoval.

  As both co-maintainer of python-mpld3 and user of both rickshaw
  and D3, I'm not very happy about this solution. As I understand,
  the main problem is, that D3 is a newer upstream, which was not
  in testing in time, right? How about downgrading D3 to
  1:3.4.11-2 with just the RC bug fixed?
  Sure, it could be done via t-p-u if Julien allows it.

Julien, would that be ok?
László, let me know if I can help.

Thanks,
Ludovico


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#754099: jcc: ftbfs on ppc64el due to incorrect lib path

2014-09-21 Thread Ludovico Cavedon 
Hi Fernando,

Thank you for the patch.

On Fri, Sep 12, 2014 at 10:13 AM, Fernando Seiti Furusato
ferse...@br.ibm.com wrote:
 Hello. This is an update to the previous patch, since the path has changed 
 again in openjdk.
 Now to ppc64, instead of ppc64le.

Unfortunately I have just uploaded a package version with the old
version, but I will update it as soon as it soon.
Do you know what version of openjdk changed the name?

Thanks,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#754099: jcc: ftbfs on ppc64el due to incorrect lib path

2014-09-21 Thread Ludovico Cavedon 
On Sun, Sep 21, 2014 at 2:12 PM, Ludovico Cavedon cave...@debian.org wrote:
 On Fri, Sep 12, 2014 at 10:13 AM, Fernando Seiti Furusato
 ferse...@br.ibm.com wrote:
 Hello. This is an update to the previous patch, since the path has changed 
 again in openjdk.
 Now to ppc64, instead of ppc64le.

 Unfortunately I have just uploaded a package version with the old
 version, but I will update it as soon as it soon.

Nevermind, the upload includes the latest patch.

Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#760688: geoip-database-update script coding errors

2014-09-21 Thread Ludovico Cavedon 
Hi,

first of all for the bug report and the suggestions.
I am working in including them.

On Sat, Sep 6, 2014 at 3:22 PM, roma1390 roma1...@gmail.com wrote:
 1. general naming must be followed, and script named like other update-*
 scripts

update-geoip-database-contrib

I am not sure it is a *must* (I could not find this in the Debian
policy, for example).
The reason it is called geoip-database-contrib_update is that I find
it helpful when the commands in a package start with the package name.
However I see your point and I will also support the name you are suggesting.

 2. file update has race conditions:
- file is removed and later downloaded
- file decompresion is in place, this exposes partial file to user

 3. file download-update is not safe: wget can get redirect and name file
 with any name.
 so in /usr/share/GeoIP can be found files like index.html and others...

 4. write is done to /usr which is many cases can safely be assumed that is
 read-only

Make sense, fixing all of the above.

 Suggestions:

 1. place databases to /var/lib/cache/GeoIP/

I am assuming you meant /var/cache/GeoIP.
/var/cache is not the best place because if you remove that it it will
not be re-created until the update script is run again.
However /var/lib/geo-ip-database-contrib sounds good to me.

Thanks,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#760688: geoip-database-update script coding errors

2014-09-21 Thread Ludovico Cavedon 
package geoip-database-update
severity 760688 normal
thanks

On Sun, Sep 21, 2014 at 4:25 PM, Ludovico Cavedon cave...@debian.org wrote:
 2. file update has race conditions:
- file is removed and later downloaded
- file decompresion is in place, this exposes partial file to user

 3. file download-update is not safe: wget can get redirect and name file
 with any name.
 so in /usr/share/GeoIP can be found files like index.html and others...

Actually these issues are already fixed in version 1.9
- the decompression is not in place but to a temporary file
- the output filename -O option is already passed to wget (so no
arbitrary filename)
- the .dat is not removed before downloading (although it is removed
before renaming the new one, so there is a race condition that I am
fixing).

The security issue that was raising the severity to critical is not
there, so I am downgrading it to normal and will provide an upload
soon.

Cheers,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#760990: ntopng: Several vulnerabilities fixed upstream in 1.2.1

2014-09-09 Thread Ludovico Cavedon 
Hi Luca,

my understanding (supported by a simple test and code check) was that
CVE-2014-4329 was fixed in version 1.2.0
https://svn.ntop.org/bugzilla/show_bug.cgi?id=379

However, as Salvatore noticed, it is announced as being fixed in version 1.2.1.

Can you confirm which version fixed it, please?

Thanks,
Ludovico

On Tue, Sep 9, 2014 at 11:06 AM, Salvatore Bonaccorso car...@debian.org wrote:
 Source: ntopng
 Severity: grave
 Tags: security upstream fixed-upstream

 Hi Ludovico,

 Marking this bugreport as grave, as more information seem a bit
 scarce, so was not able to identify the issues. There is an upstream
 report [1] which mentions several fixes were done in ntopng 1.2.1.

  [1] http://www.ntop.org/ndpi/released-ndpi-1-5-1-and-ntopng-1-2-1/

 Fixes for
  - CVE-2014-5464

  - CVE-2014-4329

 Strangely this was marked as fixed in 1.2.0+dfsg1-1 in the security
 tracker at [2]. Is this information correct?

  [2] https://security-tracker.debian.org/tracker/CVE-2014-4329

  - CVE-2014-5511, CVE-2014-5512, CVE-2014-5513, CVE-2014-5514,
CVE-2014-5515

 No information referenced for these in the advisory.

 Could you have a look at them and also clarify if CVE-2014-4329
 version information is wrong in the tracker?

 Regards,
 Salvatore


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#757346: tortoisehg: toirtoisehg workbench crashes when viewing working directory

2014-08-27 Thread Ludovico Cavedon 
On Thu, Aug 7, 2014 at 3:53 AM, Sébastien KALT sk...@throka.org wrote:
 If I downgrade mercurial to testing version (3.0.2-1) it doesn't crash.

 I've seen that there is a new upstream version for tortoisehg
 (http://tortoisehg.bitbucket.org/download/source.html) : 3.1

 As mercurial is version 3.1 in Sid, the problem might be here.

I am not able to reproduce the issue, but I am about to upload
tortoisehg 3.1, please reopen if the problem persists.

Thanks,
Ludovico


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#758490: cowbuilder: will wip bind-mounts if create fails and --debug is passed

2014-08-17 Thread Ludovico Cavedon 
Package: cowbuilder
Version: 0.73
Severity: important
Control: found -1 0.67

Hi,

if you invoke
cowbuilder --create --debug
and pbuilder fails, pbuilder will not unmount the bind-mounts in the
buildplace (because of  --debug), and cowbuilder will then invoke rm
-fr on the buildpalace, wiping the content of the bind-mounts.

Setting severity as important because it might cause serious data loss.

Thanks,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#738596: DD for IP2Location Debian Package

2014-05-03 Thread Ludovico Cavedon 
Hi Kim,

sorry for it taking a while to answer.

 Is the package alright for submission?

 Our team would like to fix the changes if required.

I had another look at the package.
Most of the lintian warnings are still there. Overriding them is not
ok, unless there you a good reason, and you should explain what it is.
The purpose of lintian is to warning you about things that do not meet
the quality standard for Debian.

Lets's go though the list here:
http://mentors.debian.net/package/ip2location-c

* binary-file-built-without-LFS-support
is this a false positive? if so why? or does it not apply to
libip2location6? if so why?

* no-symbols-control-file
do not override this: being your package a library, it should use
symbol file. If you did not add them, do not hide it. I am ok with
uploading it without symbol files though, as it is not a strict
requirement

* package-file-is-executable
- debian/changelog
- debian/control
* binary-control-field-duplicates-source
- field section in package libip2location6
These 2 above need fixing

* duplicate-short-description
- libip2location-dev libip2location6
needs fixing. you can append (development files) to the description
of  libip2location-dev

* configure-generated-file-in-source
need fixing

* debian-watch-may-check-gpg-signature
would be nice to address, but is not a strict requirement, so I can
upload the package even this is not addressed. However, do not
override it.

* source-contains-prebuilt-binary
this needs to be fixed. No binary files should be included, everything
must be built from source.

Thanks,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#725665: nautilus-image-manipulator is marked for autoremoval from testing

2014-04-13 Thread Ludovico Cavedon 
On Sun, Apr 13, 2014 at 6:51 AM, Emilien Klein emilien+deb...@klein.st wrote:
 I have just installed nautilus-image-manipulator in a fresh Sid
 installation (came with nautilus and python-nautilus as dependencies)
 and I didn't have any issues of any kind running nautilus and the extension.

 I assume this bug was indeed fixed with package 1.1-4?

I am not having this problem either (amd64 testing).

Even if the bug still exists for some people, the severity should be
important, not grave.

Thanks for looking into this,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#629531: racktables package

2014-03-29 Thread Ludovico Cavedon 
package wnpp
owner 629531 !
thanks

Hi Alex,

On Fri, Mar 28, 2014 at 2:50 PM, Alex Brett alex.br...@loho.co.uk wrote:
 It seems there has been no activity on creating a racktables package for a
 while - I'm putting one together for my own network anyway, so would there
 be anybody interested in sponsoring it to be uploaded once I've done so?

I had the packaging mostly done in Dec, but at that time I did not not
want to just take over the ITP, in case David was still interested.

I have pushed what I have at
http://anonscm.debian.org/gitweb/?p=collab-maint/racktables.git
Hopefully you can take advantage of it.
It works, but there is still a bit of work to do before it can be
uploaded (see lintian output).

If you are interested in co-maintaining the package, let me know!

Thanks!
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#737917: ntop phones home every time it's started

2014-03-01 Thread Ludovico Cavedon 
Hi Japp,

On Thu, Feb 6, 2014 at 2:58 PM, Jaap Keuter jaap.keu...@xs4all.nl wrote:
 When working on configuring NTOP I was tweaking parameters through the
 /etc/default/ntop variable GETOPT. Reading the help and man page one thing I
 found was --skip-version-check.
 This sparked my interest to look at the network traffic generated. Indeed when
 starting the ntop service there's HTTP traffic going to kpn.ntop.org, which is
 the CNAME for version.ntop.org. A bunch of data is pushed to it and a version
 check returned.

 Adding the --skip-version-check option should prohibit this. It does not. NTOP
 comes back with the error that it needs a parameter for the option, which is
 not documented. Adding the parameter (like '=yes', or ' yes') allows NTOP to
 start.

I have fixed the documentation about this.

 But looking at the log and the network traffic the version check is
 still performed.

This is not good.
I have fixed this.

 So first a notice that the version check is skipped, and then it's done 
 anyway?
 This cannot be right, on various levels.

Absolutely agree.

 What I would expect is that the version check is inhibited by default, since
 we're relying on the Debian distribution channels for updates, not on
 in-application checks (which should be a general Debian Packager policy IMHO).
 And then centainly not those checks which flag out to the world every time
 when my Debian box boots up. For me enough reason to remove ntop from my box.

I agree the versionc heck is not useful for the user. However I think
that the check-in on the version is useful for upstream.
However the user should be aware of this and be able to choose,
ideally via a debconf question.

Given that ntop is at the end of life and has been replaced by ntopng,
I am just fixing the handling and the documentation of that flag, but
I will not add the debconf part. I will do that in the ntopng package
(to be uploaded soon).

Thank you for reporting this issue,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#737444: [src:ntop] Sourceless file (minified)

2014-02-08 Thread Ludovico Cavedon 
Hi Bastien,

On Sun, Feb 2, 2014 at 12:58 PM, bastien ROUCARIES
roucaries.bast...@gmail.com wrote:
 I could not find the source of:
 html/jquery-1.7.2.min.js
 html/jquery-ui-1.8.16.custom.min.js
 html/jqplot/jquery.jqplot.min.js

Thank you for the bug report.

For jqplot I will include the source in and minify it during build.

For jquery(-ui), I see 3 options:
1) use the debian packaged version, and ignore the one on the tarball
2) as 1, but in addition removing it from the orig tarball (this would
render the orig tarball useless for non-debian building)
3) as 1, but adding the non-minified source somewhere in the debian
directory (but it is not going to be used anyways...).

Option 1 look the most reasonable to me, but I want to check you are ok with it.

Thanks,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#714820: ITP: ntopng -- High-Speed Web-based Traffic Analysis and Flow Collection Tool

2014-02-08 Thread Ludovico Cavedon 
package wnpp
block 714820 by 676631
thanks

Hi,

On Fri, Feb 7, 2014 at 11:19 AM, PICCORO McKAY Lenz
mckaygerh...@gmail.com wrote:
 ping?

ftp-masters pointed out there are still some minified js files I need
to take care of.
I am currently blocking on rickshaw [1], which is currently in the NEW queue.

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676631

 please at least upload to mentors.debian please!

I pushed the latest working version here
git://anonscm.debian.org/collab-maint/ntopng.git

Cheers,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#676631: libjs-rickshaw status

2014-01-24 Thread Ludovico Cavedon 
Hi,

I was wondering was the status of packaging rickshaw is.
I am going to need it for packaging ntopng.
Anything I can help with?

Thanks,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#629531: racktables packaging status

2013-12-08 Thread Ludovico Cavedon 
Hi,

I was wondering: what is the status of the packaging of racktables?

I am going to package it now as I need it for one of my systems. If
you have already worked on it, let's merge efforts, otherwise I can
upload mine once I am done.

Thanks!
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#629531: racktables packaging status

2013-12-08 Thread Ludovico Cavedon 
Hi David,

On Sun, Dec 8, 2013 at 10:19 AM, David Hannequin
david.hanneq...@gmail.com wrote:
 Sorry but i deleted my packaging after Debian Mentor drop my requeste.

 For somes reasons i don't want to work for this project ( 5 packages dropped 
 and an itp steal). Many people don't respect Debian project process.

I am sorry you had a bad experience.
If you change your mind I am willing to sponsor your upload for racktables.

Thanks,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#724973: jetty8: diff for NMU version 8.1.3-8.1

2013-12-05 Thread Ludovico Cavedon 
On Wed, Dec 4, 2013 at 10:23 AM, Emmanuel Bourg ebo...@apache.org wrote:
 The pending changes can be uploaded. You can add your changes to the
 history and push a team upload instead of a NMU.

Done and uploaded.
Although it seems I cannot push because I do not have permissions,
probably because I am not part of pkg-java.
I am attaching the patches generated with git format-patch, if you
could merge them in, please, it would be great.

 in the package. Also, I don't think it's necessary to specify the
 version of maven-javadoc-plugin in debian/maven.rules.

You are right. I need that patch only when I build with
git-buildpackage invoking cowbuilder.
If I generate the source package and then build with cowbuilder it
works without that patch.

Cheers,
Ludovico
From cfed81644dcc263b5f6ae81d562fb1b4c60e600d Mon Sep 17 00:00:00 2001
From: Ludovico Cavedon cave...@debian.org
Date: Sun, 1 Dec 2013 22:45:19 -0800
Subject: [PATCH 1/2] Add jars in libjetty8-java for: jetty-jaspi, jetty-jsp,
 jetty-nested, jetty-websocket (Closes: #724973).

---
 debian/changelog | 5 +
 debian/rules | 6 --
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 10b7d80..c5fe122 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,15 @@
 jetty8 (8.1.3-9) UNRELEASED; urgency=low
 
+  [ Emmanuel Bourg ]
   * Team upload.
   * Use the Tomcat 7 jars from /usr/share/tomcat7/lib
   * Updated Standards-Version to 3.9.5 (no changes)
   * debian/copyright: Updated the Format URI
 
+  [ Ludovico Cavedon ]
+  * Added jars in libjetty8-java for: jetty-jaspi, jetty-jsp, jetty-nested,
+jetty-websocket (Closes: #724973).
+
  -- Emmanuel Bourg ebo...@apache.org  Thu, 07 Nov 2013 10:01:43 +0100
 
 jetty8 (8.1.3-8) unstable; urgency=low
diff --git a/debian/rules b/debian/rules
index 6407a12..0553ff9 100755
--- a/debian/rules
+++ b/debian/rules
@@ -11,8 +11,10 @@ DEB_MAVEN_INSTALL_DOC_TARGET :=
 DEB_MAVEN_DOC_TARGET := javadoc:aggregate
 DEB_MAVEN_ARGS := -P-aggregates -P-osgi
 
-LIBJETTY_JARS := continuation deploy http io jmx overlay-deployer policy rewrite security \
-  server servlet servlets start util webapp xml
+LIBJETTY_JARS := continuation deploy http io jaspi jmx jsp nested \
+  overlay-deployer policy rewrite security server servlet servlets start util \
+  webapp websocket xml
+
 
 LIBJETTY_EXTRA_JARS := ajp annotations client jndi monitor plus
 
-- 
1.8.4.rc3

From bc246eed8d96f9a32c00551dae02ab04e27ed720 Mon Sep 17 00:00:00 2001
From: Ludovico Cavedon cave...@debian.org
Date: Thu, 5 Dec 2013 22:21:35 -0800
Subject: [PATCH 2/2] Prepare for upload to unstable.

---
 debian/changelog | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index c5fe122..9d3ba1f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-jetty8 (8.1.3-9) UNRELEASED; urgency=low
+jetty8 (8.1.3-9) unstable; urgency=low
 
   [ Emmanuel Bourg ]
   * Team upload.
@@ -10,7 +10,7 @@ jetty8 (8.1.3-9) UNRELEASED; urgency=low
   * Added jars in libjetty8-java for: jetty-jaspi, jetty-jsp, jetty-nested,
 jetty-websocket (Closes: #724973).
 
- -- Emmanuel Bourg ebo...@apache.org  Thu, 07 Nov 2013 10:01:43 +0100
+ -- Ludovico Cavedon cave...@debian.org  Thu, 05 Dec 2013 22:20:15 -0800
 
 jetty8 (8.1.3-8) unstable; urgency=low
 
-- 
1.8.4.rc3

Bug#724973: jetty8: diff for NMU version 8.1.3-8.1

2013-12-04 Thread Ludovico Cavedon 
Hi Emmanuel,

On Mon, Dec 2, 2013 at 12:09 AM, Emmanuel Bourg ebo...@apache.org wrote:
 Could you please commit the changes on alioth? Thank you.

Sure, however there are already some non-uploaded changes on alioth.
Do you want me to:
1) commit my changes but update the changelog so those changes will
still be for a future version
2) commit my changes are modify the NMU to include them
3) commit the changes and you will do the upload
4) other?

Thanks!
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#724973: jetty8: diff for NMU version 8.1.3-8.1

2013-12-02 Thread Ludovico Cavedon 
tags 724973 + patch
tags 724973 + pending
thanks

Dear Maintainer,

I've prepared an NMU for jetty8 (versioned as 8.1.3-8.1) and
uploaded it to DELAYED/10. Please feel free to tell me if I
should delay it longer.

Regards,
Ludovico
diff -Nru jetty8-8.1.3/debian/changelog jetty8-8.1.3/debian/changelog
--- jetty8-8.1.3/debian/changelog	2013-07-27 11:21:42.0 -0700
+++ jetty8-8.1.3/debian/changelog	2013-12-01 23:09:02.0 -0800
@@ -1,3 +1,11 @@
+jetty8 (8.1.3-8.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Add jars in libjetty8-java for: jetty-jaspi, jetty-jsp, jetty-nested,
+jetty-websocket (Closes: #724973).
+
+ -- Ludovico Cavedon cave...@debian.org  Sun, 01 Dec 2013 22:41:36 -0800
+
 jetty8 (8.1.3-8) unstable; urgency=low
 
   * Don't build jetty-spdy module with Java 7 (Closes: #717119).
diff -Nru jetty8-8.1.3/debian/maven.rules jetty8-8.1.3/debian/maven.rules
--- jetty8-8.1.3/debian/maven.rules	2013-07-27 11:21:42.0 -0700
+++ jetty8-8.1.3/debian/maven.rules	2013-12-01 20:31:59.0 -0800
@@ -15,3 +15,4 @@
 s/org.eclipse.jetty.orbit/org.apache.tomcat/ s/org.apache.jasper.glassfish/tomcat-jasper/ jar s/.*/debian/ * *
 s/org.mortbay.jetty/javax.servlet/ servlet-api jar  s/.*/3.0/ * *
 org.mortbay.jetty jetty-util * s/6\..*/6.x/ * *
+org.apache.maven.plugins maven-javadoc-plugin * s/.*/2.9.1/ * *
diff -Nru jetty8-8.1.3/debian/rules jetty8-8.1.3/debian/rules
--- jetty8-8.1.3/debian/rules	2013-07-27 11:21:42.0 -0700
+++ jetty8-8.1.3/debian/rules	2013-12-01 23:08:22.0 -0800
@@ -11,8 +11,10 @@
 DEB_MAVEN_DOC_TARGET := javadoc:aggregate
 DEB_MAVEN_ARGS := -P-aggregates -P-osgi
 
-LIBJETTY_JARS := continuation deploy http io jmx overlay-deployer policy rewrite security \
-  server servlet servlets start util webapp xml
+LIBJETTY_JARS := continuation deploy http io jaspi jmx jsp nested \
+  overlay-deployer policy rewrite security server servlet servlets start util \
+  webapp websocket xml
+
 
 LIBJETTY_EXTRA_JARS := ajp annotations client jndi monitor plus

Bug#714820: Any news on packaging ntopng?

2013-11-17 Thread Ludovico Cavedon 
Hi,

On Sat, Oct 26, 2013 at 1:07 PM, Giovanni Mascellani g...@debian.org wrote:
 Are there any news on the packaging of ntopng? Is there a copy of the
 unofficial package somewhere, perhaps on Debian VCS?

 BTW, I think that upstream is going to release a new version very soon,
 possibly next week.

I have finally uploaded ntopng 1.1.
It is ucrrently in the NEW queue. Unfortunately the Debian VCS is offline.
I am attaching here ntopng_1.1-1.debian.tar.gz, in case you find it useful.

Thanks for your patience,
Ludovico


ntopng_1.1-1.debian.tar.gz
Description: GNU Zip compressed data

Bug#725665: python-nautilus: ImportError: could not import gobject (could not find _PyGObject_API object)

2013-10-13 Thread Ludovico Cavedon 
Package: python-nautilus
Version: 1.1-4
Followup-For: Bug #725665

Dear Maintainer,

the problem is still happening for me ob python-nautilus 1.1-4:

$ nautilus
Initializing nautilus-gdu extension
ImportError: could not import gobject (could not find _PyGObject_API object)

(nautilus:13263): Nautilus-Python-WARNING **: pygobject initialization failed

(nautilus:13263): Nautilus-Python-WARNING **: nautilus_python_init_python failed

Thank you,
Ludovico


-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (900, 'testing'), (300, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.10.7 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages python-nautilus depends on:
ii  gir1.2-nautilus-3.0  3.4.2-2
ii  libatk1.0-0  2.10.0-2
ii  libc62.17-93
ii  libcairo-gobject21.12.16-2
ii  libcairo21.12.16-2
ii  libgdk-pixbuf2.0-0   2.28.2-1
ii  libglib2.0-0 2.36.4-1
ii  libgtk-3-0   3.8.4-1
ii  libnautilus-extension1a  3.4.2-2
ii  libpango-1.0-0   1.32.5-5+b1
ii  libpangocairo-1.0-0  1.32.5-5+b1
ii  libpython2.7 2.7.5-8
ii  python-gi3.8.2-1

python-nautilus recommends no packages.

python-nautilus suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#724894: tortoisehg-nautilus: does not start

2013-10-13 Thread Ludovico Cavedon 
Hi Rafal,

On Sun, Sep 29, 2013 at 5:37 AM, Rafał Rutkowski rrutkow...@gmail.com wrote:
 Dear Maintainer,
 tortoisehg nautilus extension doesn't work at all on my system. The
 following
 error occurs when starting nautilus:
 ImportError: could not import gobject (error was: '/usr/lib/x86_64-linux-gnu
 /libpyglib-gi-2.0-python2.7.so.0: undefined symbol: _Py_ZeroStruct')

 Creating a symlink of
 /usr/lib/x86_64-linux-gnu/libpython2.7.so.1.0
 in /usr/lib fixes the issue.

Thank you for your report. This seems to be a problem of python-nautilus.
https://bugzilla.gnome.org/show_bug.cgi?id=698214
https://bugs.launchpad.net/ubuntu/+source/nautilus-python/+bug/1170017

I am going to reassign the bug. It seems to be fixed in version 1.4-1.
Howevever, it might not swill work because of
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725665

Thank you for your report,
Ludovico


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#724973: libjetty8-java: jetty-websocket.jar missing

2013-09-30 Thread Ludovico Cavedon 
Package: libjetty8-java
Version: 8.1.3-8
Severity: important

Dear Maintainer,

it looks like jetty-websocket.jar is missing from the deb package. There
is the corresponding .pom file, but not the jar.

It seems the same problem affects other jars, like
jetty-distribution
jetty-project
jetty-nested
jetty-jsp

Thanks,
Ludovico

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.10.7 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libjetty8-java depends on:
ii  libservlet3.0-java  7.0.42-1

libjetty8-java recommends no packages.

Versions of packages libjetty8-java suggests:
pn  jetty8  none
pn  libjetty8-java-doc  none

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#724961: RFA: gconf-cleaner -- GConf database cleaner

2013-09-29 Thread Ludovico Cavedon 
Package: wnpp
Severity: normal

gconf-cleaner is no longer maintained upstream and is affected by some
RC bugs (basically for not being up to date with the latest gconf).

I am not interested in taking on development of this piece of software.
I will leave it up for adoption for 3 months in case someone is
interested. If not, I will remove it from Debian.

Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#721344: ntop-data: ships symlinks to non-existing files (GeoIP*.dat)

2013-09-12 Thread Ludovico Cavedon 
package ntop-data
tags 721344 + wontfix
thanks

Andreas,

On Fri, Aug 30, 2013 at 5:03 PM, Andreas Henriksson andr...@fatal.se wrote:
 While looking for GeoIPCity.dat with apt-file your package was the only one
 with a match. I installed ntop-data, just to find out that the package
 only contained symlinks with same name (not the actual files).
 The symlinks points to /usr/share/GeoIP/* which I guess belongs to
 geoip-database package, which your package doesn't depend on and that
 package also doesn't ship the files either

The symlinks point to files in the geoip-database-contrib, which
ntop-data suggests. Being it in contrib, we cannot have a stronger
dependency.

Cheers,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#715284: ntop: [INTL:ja] Japanese translation update

2013-09-12 Thread Ludovico Cavedon 
package ntop
tags 715284 + confirmed pending
thanks

  Here's Japanese po-debconf template translation (ja.po) file that
  reviewed by several Japanese Debian developers and users.

  Could you apply it, please?

Committed, thanks!

Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#719158: ntop: please package libndpi separately

2013-09-12 Thread Ludovico Cavedon 
package ntop
tags 721551 + wontfix
thanks

Raphael,

On Sun, Sep 1, 2013 at 11:19 PM, Ludovico Cavedon cave...@debian.org wrote:
 Working on it: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721551

As you might have already seen libndpi has been accepted in Debian.
ntopng will make use of it.
However ntop does not build against newer versions of nDPI.
Given that ntop is no longer supported upstream and will be soon
removed (once ntopng is ready to take over), I do not think it is
worth patching it to work with newer nDPI (I actually started, but the
amount of changes looks excessive).

Thanks,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#696749: bsd-4-clause was changed retroactively

2013-09-11 Thread Ludovico Cavedon 
package ntop
tags 696749 + confirmed pending
thanks

Hi Shawn,
On Wed, Dec 26, 2012 at 7:17 PM, Shawn shawnland...@gmail.com wrote:
 just from a look at the copyright file, it appears you have original BSD-4.3
 code (protocols.c) listed as BSD-4-clause, however all original BSD-4.3 code
 was retroactively converted to BSD-3-clause, (by the regents of UC) even if
 it contains the BSD-4-clause license.

After some reviews of the code and discussion with upstream, it turned
out there was no BSD code in the file anyways, and it was a leftover
comment [1], so I removed it in version 3:4.99.3+ndpi5517+dfsg3-1.

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695424

 also Files: html/JSCookMenu.js is under MIT, and it could be named as such
 in the copyright file

True, done, will upload the fix soon.

 IMHO you should just list jQuery as MIT (the more recent versions are only
 under MIT) -- you should to test against the version of jQuery in
 libjs-jquery, and then use that instead of the embedded copy (I can open
 another bug)

You are right. However it looks like libjquery-ui has been customized.
Also this is the last release form upstream and is no longer supported
(upstream has moved to ntopng). Being ntopng not ready yet to replace
ntop, I am uploading this with some fixes, until it is ready to be
removed form the archive.

 Otherwise readers of the copyright file might wonder if there is a
 GPL-2/Apache 2.0 conflict, as the GPL-2 is not compatible with Apache 2.0
 (GPL-3 _is_ compatible)

They are license GPL-2 or MIT. This means you will have to chose MIT
for ntop, but the file itself itself is license on both (either one or
the other, not both at the same time).

Thanks,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#701076: tortoisehg raises exceptions on close

2013-09-01 Thread Ludovico Cavedon 
Hi,

On Thu, Feb 21, 2013 at 11:47 AM, Vitaliyi img...@gmail.com wrote:
 Abort: путь 'trunk/context_processors.py' находится внутри вложенного
 хранилища 'trunk'

Can you re-trigger the bug running
LANG=C thg
so the error message will be in English, please?

Also, is this repository public? Is there any way you can help me
reproduce the issue?

Thanks,
Ludovico


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#721551: ITP: ndpi -- extensible deep packet inspection library

2013-09-01 Thread Ludovico Cavedon 
Package: wnpp
Severity: wishlist
Owner: Ludovico Cavedon cave...@debian.org

* Package name: ndpi
  Version : 1.4.0
  Upstream Author : Luca Deri d...@ntop.org
* URL : http://www.ntop.org/products/ndpi/
* License : LGPL-3
  Programming Lang: C
  Description : extensible deep packet inspection library

nDPI is a ntop-maintained superset of the popular OpenDPI library.
Released under the LGPL license, its goal is to extend the original
library by adding new protocols that are otherwise available only on the
paid version of OpenDPI.

nDPI has also been modified to be suitable for traffic monitoring
applications, by disabling specific features that slow down the DPI
engine while being them un-necessary for network traffic monitoring.

With nDPI, it is possible to both detect known protocols on non-standard
ports (e.g. detect http non ports other than 80), and also the opposite.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#719158: ntop: please package libndpi separately

2013-09-01 Thread Ludovico Cavedon 
On Fri, Aug 9, 2013 at 11:17 PM, Raphael Hertzog hert...@debian.org wrote:
 FWIW, I created a separate source package ndpi for Kali. You can use it
 as a starter if you want. There are multiple issues worth reporting
 upstream already (I had to patch them).

 http://git.kali.org/gitweb/?p=packages/ndpi.git;a=summary
 git clone git://git.kali.org/packages/ndpi.git
 http://repo.kali.org/kali/pool/main/n/ndpi/ndpi_1.4.0-0kali2.dsc

 This is an SVN snapshot of today (there are no real releases as you know),
 I shouldn't have used a 1.4.0, but 1.4.0+svnrevision or something like
 that.

Thank you!
Working on it: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721551

Cheers,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#693560: FTBFS against libav9

2013-08-25 Thread Ludovico Cavedon 
Hi Luk,

On Sat, Aug 24, 2013 at 8:06 AM, Luk Claes l...@debian.org wrote:
 Your package is blocking the libav9 transition and will likely be
 removed from testing unless a solution is found soon.

Sorry about that and thank you for your notification.
I will be travelling the next two days, I will address it as soon as I
am back online.

Thanks,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#719158: ntop: please package libndpi separately

2013-08-09 Thread Ludovico Cavedon 
On Thu, Aug 8, 2013 at 1:36 PM, Raphaël Hertzog hert...@debian.org wrote:
 I saw that the ntop source package embeds nDPI and builds it for its own
 use. Could you build a proper libndpi-dev out of it?

 I'm asking this because there's another software that can use this library
 (xplico) and to be able to properly package it, I need this library, and
 it would be best if I could avoid to embed it in another source package.


It makes sense, I will.

thanks,
Ludo


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#714820: Awesome to see this package in Debian

2013-08-09 Thread Ludovico Cavedon 
Hi,

On Wed, Aug 7, 2013 at 3:22 PM, Raúl Benencia r...@kalgan.cc wrote:
 I just wanted to say that I'm very glad to see that ntopng is going to be
 in Debian. If by chance you need help for maintaining this package, please
 let me know.

The package is basically ready, but there is a licensing issue with
one of the source files. I am working with upstream to handle this.

Cheers,
Ludovico


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#717771: proxytunnel: missing retries when writing to socket

2013-07-24 Thread Ludovico Cavedon 
Package: proxytunnel
Version: 1.9.0-5
Tags: patch

Hi,

When proxytunnel writes to a socket it will fail if the call to send()
does not return the requested number of bytes to be written.

However, send may actually return before all the bytes have been
written and require the the caller invoke send again.

I am able to consistently reproduce the problem when using 2 proxies
with SSL and tunnel SMTP traffic generated by postfix inside it.

Here is a patch to fix the issue. Tested and working in my case.

Thanks,
Ludovico


004_socket_write_loop
Description: Binary data

Bug#570436: curl c-ares support and IPv6

2013-07-11 Thread Ludovico Cavedon 
Hi,
Bug #605558 [1] is what caused libcurl to be compiled without c-ares support.

Is the problem still there?

I tried to compile libcurl 7.22.0-3 with c-ares 1.7.5-1 and I could
not reproduce the issue:

$ curl -v http://security.debian.org
* About to connect() to security.debian.org port 80 (#0)
*   Trying 2607:ea00:101:3c0b:207:e9ff:fe00:e595... Failed to connect
to 2607:ea00:101:3c0b:207:e9ff:fe00:e595: Network is unreachable
* Success
*   Trying 2001:4f8:8:36::6... Failed to connect to 2001:4f8:8:36::6:
Network is unreachable
* Success
*   Trying 128.31.0.36... connected
[...]

This makes me think the problem has been solved wither in curl or c-ares.

It would be useful to have libcurl compiled with c-ares, because of [2].

Thank you,
Ludovico

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605558
[2] 
http://stackoverflow.com/questions/9191668/error-longjmp-causes-uninitialized-stack-frame


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#714820: ITP: ntopng -- High-Speed Web-based Traffic Analysis and Flow Collection Tool

2013-07-06 Thread Ludovico Cavedon 
On Wed, Jul 3, 2013 at 5:00 AM, The Wanderer wande...@fastmail.fm wrote:
 Might I suggest a different package name, e.g. 'ntop-ng'?

 At a glance, 'ntopng' reads to me as N-to-PNG, along the lines of
 existing file-format converter programs. While it's not absolutely
 necessary to avoid that, if there's no real downside to doing so, it
 might be a good idea.

Good point about the double interpretation, I did not think about it.
However, given that there is no real conflict, I would like to keep
the name as close as possible to upstream.

 I'm also not sure how good -ng-style names are in the first place,
 unless you are positive that there will never be a future next
 generation after this one; a name like ntop2 would be more
 forward-development-compatible in that light. But that's just my
 principles speaking, not a source of present confusion.

This is a good point too, but I am sure upstream put the appropriate
thought in it.
I would not like to change the upstream name. What if I call it now
ntop2 and in a couple of years upstream releases ntop2? :)

Thanks,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#689547: ITP: libcredis -- Credis is a client library in plain C for communicating with Redis servers.

2013-07-06 Thread Ludovico Cavedon 
Hi Dave,

On Wed, Oct 3, 2012 at 1:58 PM, Dave Rawks d...@pandora.com wrote:
 * Package name: libcredis
   Version : 0.2.3

What is the status of this?
I am packaging ntopng [1] and it depends on credis.

Let me know if I can help,

Thanks,
Ludovico

[1] http://bugs.debian.org/714820


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#714820: ITP: ntopng -- High-Speed Web-based Traffic Analysis and Flow Collection Tool

2013-07-03 Thread Ludovico Cavedon 
Package: wnpp
Severity: wishlist
Owner: Ludovico Cavedon cave...@debian.org

* Package name: ntopng
  Version : 1.0
  Upstream Author : Luca Deri d...@ntop.org
* URL : http://www.ntop.org/products/ntop/
* License : GPL-3
  Programming Lang: C++
  Description : High-Speed Web-based Traffic Analysis and Flow Collection 
Tool

ntopng is the next generation version of the original ntop, a network
traffic probe that shows the network usage, similar to what the popular
top Unix command does. ntop is based on libpcap and it has been written
in a portable way in order to virtually run on every Unix platform,
MacOSX and on Win32 as well.

ntopng users can use a a web browser to navigate through ntop (that acts
as a web server) traffic information and get a dump of the network
status. In the latter case, ntop can be seen as a simple RMON-like agent
with an embedded web interface. The use of:

- a web interface.
- limited configuration and administration via the web interface.
- reduced CPU and memory usage (they vary according to network size and
traffic).

What ntopng can do:
- Sort network traffic according to many protocols
- Show network traffic and IPv4/v6 active hosts
- Store on disk persistent traffic statistics in RRD format
- Geolocate hosts
- Discover application protocols by leveraging on nDPI, ntop’s DPI
  framework
- Characterise HTTP traffic by leveraging on characterisation services
  provided by block.si. ntopng comes with a demo characterisation key,
  but if you need a permanent one, please mail i...@block.si
- Show IP traffic distribution among the various protocols
- Analyse IP traffic and sort it according to the source/destination
- Display IP Traffic Subnet matrix (who’s talking to who?)
- Report IP protocol usage sorted by protocol type
- Act as a NetFlow/sFlow collector for flows generated by routers (e.g.
  Cisco and Juniper) or switches (e.g. Foundry Networks) when used
  together with nProbe
- Produce HTML5/AJAX network traffic statistics


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#710757: tortoisehg: not installable in sid

2013-06-02 Thread Ludovico Cavedon 
package tortoisehg
tags 710757 + confirmed pending sid
thanks

On Sun, Jun 2, 2013 at 12:20 AM, Ralf Treinen trei...@free.fr wrote:
 tortoisehg is not installable in sid since it depends on

   mercurial (= 2.1~), mercurial ( 2.3~)

 However, the version of mercurial available in sid is 2.6.1-1.

Thank you for the report.
I will upload tortoisehg 2.8 soon.

Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#702715: tortoisehg: broken pyqt4 version check

2013-06-02 Thread Ludovico Cavedon 
package tortoisehg
forcemerge 702715 710453
tags 702715 + confirmed pending jessie sid
thanks

Hi,

On Wed, May 29, 2013 at 7:58 AM, Matthew Gabeler-Lee
chee...@fastcat.org wrote:
 This bug has now landed.  As the packages in testing / unstable now stand,
 you cannot use tortoisehg.

Thank you for the report and for looking into the issue.
I am about to upload the latest version (2.8) which is not affected by this bug.

Thanks,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#705648: if-modfied-since undhandled case causes apt lists corruption

2013-04-22 Thread Ludovico Cavedon 
Attached is an improved version of the patch.

Cheers,
Ludovico


check-time-condition-v02.patch
Description: Binary data

Bug#705783: curl_easy_reset does not reset CURLINFO_CONDITION_UNMET

2013-04-19 Thread Ludovico Cavedon 
Package: libcurl3
Version: 7.22.0-3
Tags: patch

curl_easy_reset() does not reset the value of CURLINFO_CONDITION_UNMET
returned by curl_easy_getinfo(), therefore if a request sets this
flag, it will be never reset to 0 for subsequent requests.

See attached testcase.
You can run it with e.g.
   ./testcurl http://ftp.debian.org/debian/dists/testing/Release.gpg
The first request will set a timestamp in the future and
condition_unmet will be 1.
In the second request the timestamp is in the past, and
curl_condition_unmet should be 0, but it is actually 1.

The attached patched fixes the bug.

I am experiencing the bug on version 7.22, but the latest upstream
looks still affected.

Cheers,
Ludovico
#include stdio.h
#include curl/curl.h
#include stdlib.h

size_t write_data(void *buffer, size_t size, size_t nmemb, void *userp) {
fprintf(stderr, Got %zu bytes\n, size*nmemb);
return size*nmemb;
}

void f(CURL* curl, char *argv[], const char* ts) {
curl_easy_setopt(curl, CURLOPT_URL, argv[1]);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
//curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
if (ts) {
long t = atol(ts);
fprintf(stderr, Setting time condition to %ld\n, t);
curl_easy_setopt(curl, CURLOPT_TIMECONDITION, CURL_TIMECOND_IFMODSINCE);
curl_easy_setopt(curl, CURLOPT_TIMEVALUE, t);
}
fprintf(stderr, Performing\n);
CURLcode success = curl_easy_perform(curl);

long curl_responsecode;
curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, curl_responsecode);

long curl_condition_unmet = 0;
curl_easy_getinfo(curl, CURLINFO_CONDITION_UNMET, curl_condition_unmet);

   fprintf(stderr, Actual: success %d curl_responsecode %ld curl_condition_unmet %ld\n,
   success, curl_responsecode, curl_condition_unmet);

}

int main(int argc, char *argv[]) {
CURL* curl = curl_easy_init();
fprintf(stderr, Expect: success 0 curl_responsecode 200 curl_condition_unmet 1\n);
f(curl, argv, 1566210680);
curl_easy_reset(curl);
fprintf(stderr, ===\n);
fprintf(stderr, Expect: success 0 curl_responsecode 200 curl_condition_unmet 0\n);
f(curl, argv, 1);
return 0;
}



curl-reset-timecond.patch
Description: Binary data

Bug#705648: if-modfied-since undhandled case causes apt lists corruption

2013-04-19 Thread Ludovico Cavedon 
FYI,
my fix to this bug triggers a bug in libcurl:
http://bugs.debian.org/705783

Cheers,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#705648: if-modfied-since undhandled case causes apt lists corruption

2013-04-17 Thread Ludovico Cavedon 
Package: apt-transport-https
Version: 0.8.16~exp12
Tags: patch

When using an https repository, apt will use libcurl to download
files, setting the If-Modified-Since herder in the http request.

If the server replies with a 200 OK but a Last-Modified header with a
date that is not newer that the requested If-Modified-Since, libcurl
drop the file, reporting an errorcode 200, but the actual downloaded
file will be empty.

Causing messages like
W: Size of file
/var/lib/apt/lists/partial/repo.server.com_dists_precise_main_binary-amd64_Packages
is not what the server reported 0 25118

See the attached patch that fixes the issue.

Apt needs to check the CURLINFO_CONDITION_UNMET to know if libcurl
discarded the payload.
Also TotalSize will get updated to the actual size of the file as
progress_callback will be called with the download size even in the
case libcurl decides to discard the payload. This will cause the check
for the size to fail. In my patch I just disable the check if the
actual size of the file is 0. Probably a better way would be adding a
new header is the message from the worker stating that the file was
discarded.

The cases why the http server would give this kind of response are, e.g.
1) if-modified-since used like a etag header
http://trac.nginx.org/nginx/ticket/93

(under this light, it might makes sense to avoid using the
CURLOPT_TIMECONDITION feature and handle If-Modified-SInce as an Etag)

2) a bug in apt-cacher-ng which sometimes returns 200 OK with a
Last-Modified equal to Last-Modified (about to be reported)

This bug is present at least as far back as version 0.8.16~exp12 and
still affects the latest in experimental (0.9.7.9~exp3). The attached
patch is for 0.9.7.9~exp3.

Cheers,
Ludovico


check-time-condition.patch
Description: Binary data

Bug#651640: proxy authentication credentials issue

2013-04-16 Thread Ludovico Cavedon 
See also

https://bugs.launchpad.net/debian/+source/apt/+bug/1087512

Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#702043: unblock: ntop/3:4.99.3+ndpi5517+dfsg3-1

2013-03-01 Thread Ludovico Cavedon 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ntop

The new version fixes 3 RC bugs:
- #700442: remove the code handling IP fragments. It was buggy and
  causing a security risk.
- #695424: removes an old incompatible license text
- #695422: disables openssl via compile-time flag (incompatible with
  the GPL libgdbm)

unblock ntop/3:4.99.3+ndpi5517+dfsg3-1

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru ntop-4.99.3+ndpi5517+dfsg2/debian/changelog 
ntop-4.99.3+ndpi5517+dfsg3/debian/changelog
--- ntop-4.99.3+ndpi5517+dfsg2/debian/changelog 2013-02-18 05:07:43.0 
-0800
+++ ntop-4.99.3+ndpi5517+dfsg3/debian/changelog 2013-02-28 23:30:23.0 
-0800
@@ -1,3 +1,12 @@
+ntop (3:4.99.3+ndpi5517+dfsg3-1) unstable; urgency=high
+
+  * Repackage source removing stale license notice from protocls.c
+(Closes: #695424).
+  * Remove IP fragment handling code (Closes: #700442).
+  * Disable OpenSSL (thanks to Giovanni Rapagnani, Closes: #695422).
+
+ -- Ludovico Cavedon cave...@debian.org  Thu, 28 Feb 2013 23:23:02 -0800
+
 ntop (3:4.99.3+ndpi5517+dfsg2-1) unstable; urgency=medium
 
   * Repackage upstream source replacing non-DFSG countmin code with the GPL
diff -Nru ntop-4.99.3+ndpi5517+dfsg2/debian/copyright 
ntop-4.99.3+ndpi5517+dfsg3/debian/copyright
--- ntop-4.99.3+ndpi5517+dfsg2/debian/copyright 2013-02-18 05:07:43.0 
-0800
+++ ntop-4.99.3+ndpi5517+dfsg3/debian/copyright 2013-02-28 23:30:23.0 
-0800
@@ -37,26 +37,6 @@
1991-1999, Free Software Foundation, Inc.
 License: GPL-2+
 
-Files: protocols.c
-Copyright: 2003-2010, Luca Deri d...@ntop.org
-   1994-1996, The Regents of the University of California
-License: GPL-2+ and BSD-4-clause
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that: (1) source code distributions
- retain the above copyright notice and this paragraph in its entirety, (2)
- distributions including binary code include the above copyright notice and
- this paragraph in its entirety in the documentation or other materials
- provided with the distribution, and (3) all advertising materials mentioning
- features or use of this software display the following acknowledgement:
- ``This product includes software developed by the University of California,
- Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
- the University nor the names of its contributors may be used to endorse
- or promote products derived from this software without specific prior
- written permission.
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
- WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-
 Files: countmin.h countmin.c prng.h prng.c
 Copyright: 2003-2004, 2010, 2012, G. Cormode
 License: GPL-2+
diff -Nru ntop-4.99.3+ndpi5517+dfsg2/debian/get-orig-source.sh 
ntop-4.99.3+ndpi5517+dfsg3/debian/get-orig-source.sh
--- ntop-4.99.3+ndpi5517+dfsg2/debian/get-orig-source.sh2013-02-18 
05:07:43.0 -0800
+++ ntop-4.99.3+ndpi5517+dfsg3/debian/get-orig-source.sh2013-02-28 
23:30:23.0 -0800
@@ -39,6 +39,13 @@
 wq
 EOF
 
+# remove old and incorrect license statement from protocols.c
+ed ntop-$UPSTREAM_DIR/protocols.c  /dev/null EOF
+/The Regents of the University of California.  All rights reserved.
+?/\*?,/\*\//d
+wq
+EOF
+
 mv ntop-$UPSTREAM_DIR ntop-$DEB_SOURCE_VERSION
 
 cd ntop-$DEB_SOURCE_VERSION
diff -Nru 
ntop-4.99.3+ndpi5517+dfsg2/debian/patches/remove-fragment-handling.patch 
ntop-4.99.3+ndpi5517+dfsg3/debian/patches/remove-fragment-handling.patch
--- ntop-4.99.3+ndpi5517+dfsg2/debian/patches/remove-fragment-handling.patch
1969-12-31 16:00:00.0 -0800
+++ ntop-4.99.3+ndpi5517+dfsg3/debian/patches/remove-fragment-handling.patch
2013-02-28 23:30:23.0 -0800
@@ -0,0 +1,473 @@
+Description: Remove IP fragment handling code
+Author: Ludovico Cavedon cave...@debian.org
+Origin: https://svn.ntop.org/svn/ntop/trunk/ntop, commit:5629
+Bug-Debian: http://bugs.debian.org/700442
+
+Index: ntop/initialize.c
+===
+--- ntop.orig/initialize.c 2012-11-30 00:34:29.909618091 -0800
 ntop/initialize.c  2013-02-24 23:10:11.543717767 -0800
+@@ -356,8 +356,6 @@
+   myGlobals.device[i].sessions = (IPSession**)calloc(sizeof(IPSession*), 
MAX_TOT_NUM_SESSIONS);
+ } else
+   myGlobals.device[i].sessions = NULL;
+-
+-myGlobals.device[i].fragmentList = NULL;
+   }
+ 
+   myGlobals.hashCollisionsLookup = 0;
+Index: ntop/ip.c

Bug#647275: Merging #700442 and #647275

2013-02-28 Thread Ludovico Cavedon 
package ntop
forcemerge 700442 647275
thanks

Merging #700442 and #647275.

Thanks to Helmut Grohne for finding the cause of the double free.

This problem has been already fixed in the latest upstream version by
removing the code handling ip fragments.

Being this a security related bug, I will soon prepare an update for
the version in squeeze-backports.

Thanks,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#700442: ntop reliably segfaults in searchFragments

2013-02-19 Thread Ludovico Cavedon 
Hi Helmut,

On Tue, Feb 19, 2013 at 8:23 PM, Helmut Grohne
h.gro...@cygnusnetworks.de wrote:
 I cannot send you a capture, because that could compromise the
 confidentiality of the data send by users. I am currently trying to
 reproduce the issue in a more controlled manner.

I understand.

 Please keep in mind that I am feeding 50MB/s at 50kpps to ntop. Even
 tcpdump is unable to keep up with this rate (even in SCHED_FIFO) and
 drops about 0.1% of the packets when being asked to write them to
 /dev/shm. Running ntop on this system consumes a full cpu. It will
 likely drop more packets. When adding valgrind it will likely drop
 most of the packets. So this might be a reason for why I am unable
 to observe the issue using valgrind.

Ok, makes sense.

 I will try the following:
  * Determine a small set of packets that reliably trigger some kind
of crash.
  * Trying to reproduce the issue with fresh gdbm databases.

This would be great. Having  set of packets that can trigger the crash
would be very useful.

It looks like the code handling IP fragments is the culprit (or maybe
the mostly affected one by the bug).
Maybe running a tcpdump capturing only fragmented packets could help.

 ==11364== Thread 3:
 ==11364== Invalid read of size 8
 ==11364==at 0x50CBB60: purgeOldFragmentEntries (ip.c:256)
 ==11364==by 0x50C9B96: purgeIdleHosts (hash.c:401)
 ==11364==by 0x50D7ABE: scanIdleLoop (ntop.c:683)
 ==11364==by 0x67A6B4F: start_thread (pthread_create.c:304)
 ==11364==by 0x5853A7C: clone (clone.S:112)
 ==11364==  Address 0x149cdc10 is 48 bytes inside a block of size 72 free'd
 ==11364==at 0x4C27D4E: free (vg_replace_malloc.c:427)
 ==11364==by 0x50D6115: ntop_safefree (leaks.c:182)
 ==11364==by 0x50CB7E7: deleteFragment (ip.c:113)
 ==11364==by 0x50CBB94: purgeOldFragmentEntries (ip.c:265)
 ==11364==by 0x50C9B96: purgeIdleHosts (hash.c:401)
 ==11364==by 0x50D7ABE: scanIdleLoop (ntop.c:683)
 ==11364==by 0x67A6B4F: start_thread (pthread_create.c:304)
 ==11364==by 0x5853A7C: clone (clone.S:112)


This is very interesting indeed. Even if it does not cause a crash,
this code is apparently operating on a segment that has already been
freed. I will look a bit more into in the following days.

Thanks for your help,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#700442: ntop reliably segfaults in searchFragments

2013-02-18 Thread Ludovico Cavedon 
package ntop
severity 700442 important
thanks

Hi,

On Wed, Feb 13, 2013 at 2:55 AM, Helmut Grohne
h.gro...@cygnusnetworks.de wrote:
 Running ntop under gdb. In most cases it segfaults within the first 10 
 seconds.

Thank you for the report.
I am downgrading the severity on the bug to important, as the bug does
not render it completely unusable to everyone.
In fact I have multiple installations of ntop running without crashing.

Are you able to send me a network capture that would make it crash?
Alternatively, can you run it under valgrind until it crashes, please?

Thanks,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#700442: ntop reliably segfaults in searchFragments

2013-02-18 Thread Ludovico Cavedon 
package ntop
severity 700442 grave
thanks

On Mon, Feb 18, 2013 at 10:18 PM, Ludovico Cavedon cave...@debian.org wrote:
 I am downgrading the severity on the bug to important, as the bug does
 not render it completely unusable to everyone.

Changed my mind :)
Could be a serious buffer overflow.

Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#695422: ntop: links with both libssl and libgdbm and is mainly GPL-licensed without linking exception

2013-02-09 Thread Ludovico Cavedon 
Hi,

On Sat, Feb 9, 2013 at 9:05 AM, Giovanni Rapagnani g...@ideanet.be wrote:
 a 3rd solution is to recompile without ssl support.

Yes.
Turns out that porting to gnutls is not as simple as the openssl
wrapper is not enough.

I will apply your patch this weekend.

Thanks!

Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#695422: ntop: links with both libssl and libgdbm and is mainly GPL-licensed without linking exception

2012-12-11 Thread Ludovico Cavedon 
On Mon, Dec 10, 2012 at 1:04 PM, Francesco Poli
invernom...@paranoici.org wrote:
 Even if there's no *direct* linking of libgdm3 with libssl, it is my
 understanding that there is indeed an issue, as long as one single
 binary executable is linked with both libgdm3 and libssl.

 I believe that this follows from Section 3 of the GNU GPL v2.
 gdbm is the Program released under the terms of the GNU GPL v2 or
 later.
 The binary executable linked with it is a work based on it (according
 to the FSF's legal theory of linking, which is usually assumed to be
 valid by the Debian Project, in order to stay on the safe side...),
 and Section 3 states, in part:

 |   3. You may copy and distribute the Program (or a work based on it,
 | under Section 2) in object code or executable form under the terms of
 | Sections 1 and 2 above provided that you also do one of the following:
 |
 | a) Accompany it with the complete corresponding machine-readable
 | source code, which must be distributed under the terms of Sections
 | 1 and 2 above on a medium customarily used for software interchange; or,
 |
 [or other methods to make the source available...]

 Hence, one has to make the source code available under the terms of
 Sections 1 and 2, that is to say, among other things licensed as a
 whole at no charge to all third parties under the terms of [the GNU GPL
 v2] (see clause 2b).

I follow your reasoning and it makes sense to me.

However, Section 2 defines a work based on it [the Program] as a
modification. We are not making any modification to it.
Nevertheless, I see how you can argue that, according to the FSF and
Section 2b, ntop contains libgdm3.

So basically, are you telling me that *any* code that is dynamically
linked against a gpl library is automatically relicensed under GPL,
including the python interpreter for example? This does not sound
right to me...

Cheers,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#695422: ntop: links with both libssl and libgdbm and is mainly GPL-licensed without linking exception

2012-12-09 Thread Ludovico Cavedon 
Hi Francesco,

On Fri, Dec 7, 2012 at 1:13 PM, Francesco Poli (wintermute)
invernom...@paranoici.org wrote:
 I noticed that ntop is mainly licensed under the terms of the GNU GPL
 v2 or later, with only one file (ssl.c) having an OpenSSL linking
 exception.

 However, ntop seems to link with libssl (which is notoriously
 GPL-incompatible) and also seems to link with libgdbm (which [1]
 is licensed under the GNU GPL v2 or later, with no OpenSSL
 linking exception).

 [1] 
 http://packages.debian.org/changelogs/pool/main/g/gdbm/gdbm_1.8.3-11/libgdbm3.copyright

This does not look like an issue to me.
There is no linking from libgdm3 to openssl, and libgdm3 makes no use
of openssl, so the problematic clauses of the openssl do not apply to
to libgdm3.

 I am under the impression that several ntop source GPL-licensed
 files get compiled into a binary that links with libssl,
 but do not have any OpenSSL linking exception.

The only source code file which uses openssl is ssl_utils.c and it has
an openssl exception. I thought that was enough.
However, I did some reading to refresh my memory on the topic and I
can see how this could be interpreted to apply to all source code
files that to into the binary.

 The possible solutions I can think of are:

  A) ntop is modified so that it can link with GNUTLS, instead
 of OpenSSL

I can try to do this. Hopefully the release team will accept the patch.

  B) an OpenSSL linking exception is granted to all the relevant
 files by the respective copyright holders and also to

I do not think this is feasible as there are far too many contributors.

Thank you for the report,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#692732: src:ntop: non-free files in main (CC-BY-NC)

2012-11-18 Thread Ludovico Cavedon 
package src:ntop
tags 692732 + confirmed
thanks

Hi,

On Sun, Nov 18, 2012 at 5:05 AM, Ivo De Decker ivo.dedec...@ugent.be wrote:
 On Thu, Nov 08, 2012 at 11:39:53AM +, Ansgar Burchardt wrote:
 Files: countmin.h
 Copyright: 2003-2004, G. Cormode
 License: CC-BY-NC

 That is obviously a non-free, GPL-incompatible license.

 countmin.c is also licensed under CC-BY-NC. This is not listed in
 debian/copyright.

Thanks for the report. I must have missed those 2 files.
After further investigation I have realized also prng.[ch] are under
the same license.

I have written to the author to see if we can get a double license
CC-BY-NC and GPL, but I have not received an answer yet.
I am going to talk to ntop upstream, and see what are the options for
replacing it.

Cheers,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#689831: gconf-cleaner: Impossible to backup configuration

2012-11-13 Thread Ludovico Cavedon 
Andrew,

gconf-cleaner has been abandoned by upstream for a while now and I do
not believe it in a shape suitable for a stable release, so I am going
to ask removal from Debian.

Thanks for reporting the issue,
Cheers,
Ludovico

On Wed, Oct 24, 2012 at 1:31 PM, Andrew Starr-Bochicchio
a.star...@gmail.com wrote:
 This was reported upstream at:

 http://code.google.com/p/gconf-cleaner/issues/detail?id=18

 It was also reported in Ubuntu at:

 https://bugs.launchpad.net/debian/+source/gconf-cleaner/+bug/764041

 The issue seems to be that gconf-cleaner does not support the Schema value:

 http://developer.gnome.org/gconf/2.32/gconf-gconf-schema.html#GConfSchema

 -- Andrew Starr-Bochicchio

Ubuntu Developer https://launchpad.net/~andrewsomething
Debian Maintainer
 http://qa.debian.org/developer.php?login=a.starr.b%40gmail.com
PGP/GPG Key ID: D53FDCB1


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#656582: Huge memory usage on simple start.

2012-09-16 Thread Ludovico Cavedon 
package tortoisehg
tags 656582 + moreinfo unreproducible
thanks


Hi Raúl,

On Fri, Jan 20, 2012 at 10:44 AM, Raúl Sánchez rsanch...@infoglobal.es wrote:
   I upgraded to wheezy recently and I've noticed that tortoisehg comsumes a
 huge amount, this is ~680MB RSS. I run it using 'thg' command from within a
 directory which doesn't actually holds a mercurial repository and with all
 mercurial extensions disabled. I think this is the simplest case.

thank you fr the bug report and thank you for the delay.

I am not able to reproduce this issue.
Is is still happening with 2.4?

Thanks,
Ludovico


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#678558: tortoisehg-nautilus: TortoiseHg does not work at all

2012-09-16 Thread Ludovico Cavedon 
package tortoisehg-nautilus
retitle 678558 tortoisehg-nautilus does not start on new installations
severity 678558 serious
tags 678558 - moreinfo unreproducible
tags 678558 + confirmed
thanks

Gregor,

On Thu, Jul 12, 2012 at 4:44 PM, Gregor Geiermann
gregor.geierm...@galileo-press.de wrote:
 I'm also could not see the nautilus context menu - turns out that
 ./tortoisehg/notify was missing after the install.

Thanks for the info.
I was able to reproduce the bug.
You were right: this is a definitely RC bug, as it will prevent
tortoisehg-nautilus to start for all new installations.

The upstream fix is
https://bitbucket.org/tortoisehg/thg/changeset/9635693f3b973702fdee4e8fa487afb4d93959be

I am going to request a freeze exception to push the fix to testing.

Thanks,
Ludovico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

  1   2   3   4   >