Bug#695919: dpkg-source --require-valid-signature can be tricked

2012-12-14 Thread Ansgar Burchardt 
Meh, forgot the attachment...

Ansgar
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
  
Format: 3.0 (native)
Source: dpkg
Binary: libdpkg-dev, dpkg, dpkg-dev, libdpkg-perl, dselect
Architecture: any all
Version: 1.16.9
Origin: debian
Maintainer: Dpkg Developers 
Uploaders: Guillem Jover , Raphaël Hertzog 

Homepage: http://wiki.debian.org/Teams/Dpkg
Standards-Version: 3.9.3
Vcs-Browser: http://git.debian.org/?p=dpkg/dpkg.git
Vcs-Git: git://git.debian.org/git/dpkg/dpkg.git
Build-Depends: debhelper (>= 7), pkg-config, flex, gettext (>= 0.18), po4a (>= 
0.41), zlib1g-dev (>= 1:1.1.3-19.1), libbz2-dev, liblzma-dev, libselinux1-dev 
(>= 1.28-4) [linux-any], libncursesw5-dev, libtimedate-perl, libio-string-perl
Package-List: 
 dpkg deb admin required
 dpkg-dev deb utils optional
 dselect deb admin optional
 libdpkg-dev deb libdevel optional
 libdpkg-perl deb perl optional
Checksums-Sha1: 
 c48dd955f77afdc5eca959b96265b65cfddd665c 3697752 dpkg_1.16.9.tar.xz
Checksums-Sha256: 
 73cd7fba4e54acddd645346b4bc517030b9c35938e82215d3eeb8b4e7af26b7a 3697752 
dpkg_1.16.9.tar.xz
Files: 
 4df9319b2d17e19cdb6fe94dacee44da 3697752 dpkg_1.16.9.tar.xz
  
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
  
iEYEARECAAYFAlCCLPQACgkQuW9ciZ2SjJsEOQCg9KaxkZ0aLCHIp4t3hBGz+gNA
ZBUAoPaJf0WyU37ati2pIqBRgXX5bNeP
=qdPv
-END PGP SIGNATURE-

Format: 3.0 (quilt)
Source: gnupg
Binary: gnupg, gnupg-curl, gpgv, gnupg-udeb, gpgv-udeb, gpgv-win32
Architecture: any all
Version: 1.4.12-6
Maintainer: Debian GnuPG-Maintainers 
Uploaders: Sune Vuorela , Daniel Leidert 
, Thijs Kinkhorst 
Homepage: http://www.gnupg.org
Standards-Version: 3.9.3
Vcs-Browser: http://svn.debian.org/wsvn/pkg-gnupg/gnupg/
Vcs-Svn: svn://svn.debian.org/svn/pkg-gnupg/gnupg/trunk/
Build-Depends: debhelper (>> 7), libz-dev, libldap2-dev, libbz2-dev, libusb-dev 
[!hurd-i386], libreadline-dev, file, gettext, libcurl4-gnutls-dev
Build-Depends-Indep: mingw-w64
Package-List: 
 gnupg deb utils important
 gnupg-curl deb utils optional
 gnupg-udeb udeb debian-installer extra
 gpgv deb utils important
 gpgv-udeb udeb debian-installer extra
 gpgv-win32 deb utils extra
Checksums-Sha1: 
 790587e440ec7d429b120db7a96a237badc638fd 4939171 gnupg_1.4.12.orig.tar.gz
 ad9793124c400ca7e858291155b42b53ee87d2d4 92008 gnupg_1.4.12-6.debian.tar.gz
Checksums-Sha256: 
 bb94222fa263e55a5096fdc1c6cd60e9992602ce5067bc453a4ada77bb31e367 4939171 
gnupg_1.4.12.orig.tar.gz
 2d146235f3ff89f119849d34f455ba659c0e0dd0c08693305bac56a33dfe5978 92008 
gnupg_1.4.12-6.debian.tar.gz
Files: 
 f9a65ccd7166d3fdb084454cf7427564 4939171 gnupg_1.4.12.orig.tar.gz
 e23c2823d4105bfd4597fa4d1c88a87d 92008 gnupg_1.4.12-6.debian.tar.gz

-BEGIN PGP SIGNATURE
Version: vim v7.3.547 (GNU/Linux)

Signed and approved.
-END PGP SIGNATURE

Bug#695932: deb822: flawed handling of signed data

2012-12-14 Thread Ansgar Burchardt 
Package: python-debian
Version: 0.1.21+nmu2
Severity: important

debian.deb822 does not handle signed data properly and can be tricked into
processing unsigned data while thinking the data is signed.

I have attached an example program and *.dsc demonstrating the problem: it will
output "gnupg", but the Source field in the signed part of the file actually
says "dpkg".

See also #695855.

Ansgar

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-32-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages python-debian depends on:
ii  python  2.7.3-3
ii  python-chardet  2.0.1-2
ii  python-six  1.2.0-1

Versions of packages python-debian recommends:
ii  python-apt  0.8.8.1

Versions of packages python-debian suggests:
ii  gpgv  1.4.12-6

-- no debconf information
import debian.deb822

d = debian.deb822.Dsc(open("test.dsc", "r"))

i = d.get_gpg_info()
assert i.valid()

print d['Source']
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
  
Format: 3.0 (native)
Source: dpkg
Binary: libdpkg-dev, dpkg, dpkg-dev, libdpkg-perl, dselect
Architecture: any all
Version: 1.16.9
Origin: debian
Maintainer: Dpkg Developers 
Uploaders: Guillem Jover , Raphaël Hertzog 

Homepage: http://wiki.debian.org/Teams/Dpkg
Standards-Version: 3.9.3
Vcs-Browser: http://git.debian.org/?p=dpkg/dpkg.git
Vcs-Git: git://git.debian.org/git/dpkg/dpkg.git
Build-Depends: debhelper (>= 7), pkg-config, flex, gettext (>= 0.18), po4a (>= 
0.41), zlib1g-dev (>= 1:1.1.3-19.1), libbz2-dev, liblzma-dev, libselinux1-dev 
(>= 1.28-4) [linux-any], libncursesw5-dev, libtimedate-perl, libio-string-perl
Package-List: 
 dpkg deb admin required
 dpkg-dev deb utils optional
 dselect deb admin optional
 libdpkg-dev deb libdevel optional
 libdpkg-perl deb perl optional
Checksums-Sha1: 
 c48dd955f77afdc5eca959b96265b65cfddd665c 3697752 dpkg_1.16.9.tar.xz
Checksums-Sha256: 
 73cd7fba4e54acddd645346b4bc517030b9c35938e82215d3eeb8b4e7af26b7a 3697752 
dpkg_1.16.9.tar.xz
Files: 
 4df9319b2d17e19cdb6fe94dacee44da 3697752 dpkg_1.16.9.tar.xz
  
-BEGIN PGP SIGNATURE-  
Version: GnuPG v1.4.12 (GNU/Linux)
  
iEYEARECAAYFAlCCLPQACgkQuW9ciZ2SjJsEOQCg9KaxkZ0aLCHIp4t3hBGz+gNA
ZBUAoPaJf0WyU37ati2pIqBRgXX5bNeP
=qdPv
-END PGP SIGNATURE-  

Format: 3.0 (quilt)
Source: gnupg
Binary: gnupg, gnupg-curl, gpgv, gnupg-udeb, gpgv-udeb, gpgv-win32
Architecture: any all
Version: 1.4.12-6
Maintainer: Debian GnuPG-Maintainers 
Uploaders: Sune Vuorela , Daniel Leidert 
, Thijs Kinkhorst 
Homepage: http://www.gnupg.org
Standards-Version: 3.9.3
Vcs-Browser: http://svn.debian.org/wsvn/pkg-gnupg/gnupg/
Vcs-Svn: svn://svn.debian.org/svn/pkg-gnupg/gnupg/trunk/
Build-Depends: debhelper (>> 7), libz-dev, libldap2-dev, libbz2-dev, libusb-dev 
[!hurd-i386], libreadline-dev, file, gettext, libcurl4-gnutls-dev
Build-Depends-Indep: mingw-w64
Package-List: 
 gnupg deb utils important
 gnupg-curl deb utils optional
 gnupg-udeb udeb debian-installer extra
 gpgv deb utils important
 gpgv-udeb udeb debian-installer extra
 gpgv-win32 deb utils extra
Checksums-Sha1: 
 790587e440ec7d429b120db7a96a237badc638fd 4939171 gnupg_1.4.12.orig.tar.gz
 ad9793124c400ca7e858291155b42b53ee87d2d4 92008 gnupg_1.4.12-6.debian.tar.gz
Checksums-Sha256: 
 bb94222fa263e55a5096fdc1c6cd60e9992602ce5067bc453a4ada77bb31e367 4939171 
gnupg_1.4.12.orig.tar.gz
 2d146235f3ff89f119849d34f455ba659c0e0dd0c08693305bac56a33dfe5978 92008 
gnupg_1.4.12-6.debian.tar.gz
Files: 
 f9a65ccd7166d3fdb084454cf7427564 4939171 gnupg_1.4.12.orig.tar.gz
 e23c2823d4105bfd4597fa4d1c88a87d 92008 gnupg_1.4.12-6.debian.tar.gz

-END PGP NOSIGNATURE-
Version: vim v7.3.547 (GNU/Linux)

Signed and approved.
-END PGP NOSIGNATURE-

Bug#695919: dpkg-source --require-valid-signature can be tricked

2012-12-14 Thread Ansgar Burchardt 
Hi,

On 12/14/2012 02:51 PM, Guillem Jover wrote:
>> This happens as Dpkg::Control::Hash skips until an empty line:
>>
>>145   } elsif (m/^-BEGIN PGP SIGNED MESSAGE/) {
>>146   $expect_pgp_sig = 1;
>>147   if ($$self->{'allow_pgp'}) {
>>148   # Skip PGP headers
>>149   while (<$fh>) {
>>150   last if m/^$/;
>>151   }
>>
>> However one can add trailing whitespace without breaking the signature 
>> causing
>> the code to skip until the second section.
> 
> Nice catch! I'm preparing a tiny fix, and I'm going over RFC4880 to see
> if there's any other issues to take care of. Will most probably ask the
> RT if they'd be fine including such fix for wheezy.

There are quite a lot of them. Other fun things to abuse include the
wrong markers in line 145 or dash-escaping text.

Sadly I'm not sure of a painless way to safely extract the data that gpg
(gpgv) actually checked the signature for: gpgv has no option for this
and with gpg you only get the output when using something other than
--verify, but then you have to check the output on --status-fd for the
existance of a valid signature :/

I did file a wishlist request against gnupg to provide an option that
outputs the data as well as checking the signature (#695855).

As I found this problem in quite a lot of packages, I'll probably write
a mail to d-devel later. Maybe somebody else has a better idea how to
address this problem.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#695855: please provide a --verify command that outputs the signed data

2012-12-14 Thread Ansgar Burchardt 
Werner Koch  writes:
> On Thu, 13 Dec 2012 16:35, ans...@debian.org said:
>> it would be very nice if gpg had a --verify command that would also output 
>> the
>> signed data. (Maybe "gpg --output - --verify"?) Otherwise you know the data 
>> is
>> signed, but still have to extract it somehow.
>
> Verification of a signature is quite complicated.  The math is easy but
> how to properly setup a scheme for automated signature checking is hard.
> You need to figure out what has been signed, who signed, whether the key
> is valid, and what to do if the key meanwhile expired.  Return just a
> simple status code would need to hardwire a certain policy which needs
> to be strictly followed.  I doubt that this is easier than to use
> detached signatures, which instantly solve many of the problems.

I agree that detached signatures are easier, but that should only change
the "what has been signed" part.  Having gpg output the signed data
would answer that.

For the rest, I'm mostly thinking of places where gpgv is used and one
has a keyring where all keys are trusted. I don't think more complicated
policies should be implemented using just the return code.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696168: d-i: use trusted=yes in sources.list instead of --allow-unauthenticated

2012-12-17 Thread Ansgar Burchardt 
Package: debian-installer
Version: 20121114
Severity: wishlist

Since apt_0.8.16~exp3 one can disable secure apt for specific
repositories instead of having to use --allow-unauthenticated and
disable verification for all repositories.  Such entries look like

  deb [trusted=yes] file:///some/where

It would be nice if get-packages could use this for the localudeb
support instead of disabling secure apt even for remote repositories.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696314: RM: webkit/experimental -- RoQA; renamed to webkitgtk

2012-12-19 Thread Ansgar Burchardt 
Package: ftp.debian.org
Severity: normal

Please remove webkit from experimental. A newer version is packaged as
webkitgtk.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#695914: marked as pending

2012-12-20 Thread Ansgar Burchardt 
Hi,

On 12/20/2012 04:29 AM, James McCoy wrote:
> commit 0e804cc658e3a00e07873a4be880f3d2769c913f
> Author: James McCoy 
> Date:   Wed Dec 19 22:25:01 2012 -0500
> 
> dscverify: Use "gpg --status-fd" to get more details about validity
> 
> Simply running "gpg < file" doesn't ensure the content is properly
> signed.  Even when it does, we may not be using the signed content.
> 
> Using "gpg --status-fd 1 < file" solves both of these issues.  Even
> though it still won't error out with an unsigned file, we'll be able to
> detect that the content wasn't signed by the lack of a VALIDSIG status.
> Also, the command will emit the signed content between PLAINTEXT status
> and any subsequent status lines.

Mixing the status output from gpg and the data is a bad idea. It's
probably still possible to bypass the check with something like

  { echo something; echo "[GNUPG:] VALIDSIG" } | gpg --store

If you use --status-fd, please use a file descriptor that is not used
for anything else.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696397: gdb-avr: add Built-Using field

2012-12-20 Thread Ansgar Burchardt 
Package: src:gdb-avr
Version: 7.2-1
Severity: serious
Tags: patch
Usertags: built-using

gdb-avr uses the gdb source from gdb-source, but does not indicate so with a
Built-Using field (Policy 7.8). This means the archive might not contain the
full source for this package as the specific version of gdb used to build the
package could be replaced with a newer version.

I've attached a patch adding the Built-Using field to the gdb-avr binary
package.

Ansgar
diff -Nru gdb-avr-7.2/debian/changelog gdb-avr-7.2/debian/changelog
--- gdb-avr-7.2/debian/changelog	2011-07-10 20:04:08.0 +0200
+++ gdb-avr-7.2/debian/changelog	2012-12-20 13:25:13.0 +0100
@@ -1,3 +1,10 @@
+gdb-avr (7.2-1.1) UNRELEASED; urgency=low
+
+  * Non-maintainer upload.
+  * Add Built-Using field for gdb-source.
+
+ -- Ansgar Burchardt   Thu, 20 Dec 2012 12:24:54 +
+
 gdb-avr (7.2-1) unstable; urgency=low
 
   * New upstream release (closes: #580513)
diff -Nru gdb-avr-7.2/debian/control gdb-avr-7.2/debian/control
--- gdb-avr-7.2/debian/control	2011-07-10 19:59:49.0 +0200
+++ gdb-avr-7.2/debian/control	2012-12-20 13:32:23.0 +0100
@@ -3,7 +3,7 @@
 Priority: extra
 Maintainer: Hakan Ardo 
 Standards-Version: 3.5.6.1
-Build-Depends:  tar (>= 1.13.18), bzip2, autoconf (>= 2.13), libtool, texinfo (>= 4.6), texlive (>= 2007-11), libncurses5-dev, libreadline-dev, bison, gettext, debhelper (>= 4.1.46), dejagnu, cdbs (>= 0.4.17), quilt (>= 0.30), flex, gdb-source (>= 7.2)
+Build-Depends:  tar (>= 1.13.18), bzip2, autoconf (>= 2.13), libtool, texinfo (>= 4.6), texlive (>= 2007-11), libncurses5-dev, libreadline-dev, bison, gettext, debhelper (>= 4.1.46), dejagnu, cdbs (>= 0.4.17), quilt (>= 0.30), flex, gdb-source (>= 7.2), dpkg (>= 1.16.2)
 
 Package: gdb-avr
 Section: devel
@@ -11,6 +11,7 @@
 Priority: extra
 Depends: ${shlibs:Depends}
 Suggests: gdb-doc
+Built-Using: ${Built-Using}
 Description: The GNU Debugger for avr
  This package has been compiled to target the  avr architecture.
  GDB is a source-level debugger, capable of breaking programs at
diff -Nru gdb-avr-7.2/debian/rules gdb-avr-7.2/debian/rules
--- gdb-avr-7.2/debian/rules	2011-07-10 20:03:38.0 +0200
+++ gdb-avr-7.2/debian/rules	2012-12-20 13:24:49.0 +0100
@@ -5,6 +5,7 @@
 
 TARGET :=avr
 PACKAGE :=gdb-avr
+BUILT_USING := $(shell dpkg-query -f '$${source:Package} (= $${source:Version}), ' -W gdb-source)
 
 DEB_BUILD_GNU_TYPE := $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
 DEB_HOST_GNU_TYPE  := $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
@@ -84,7 +85,7 @@
 	dh_installdeb
 	dh_shlibdeps
 
-	dh_gencontrol
+	dh_gencontrol -- -VBuilt-Using="$(BUILT_USING)"
 	dh_md5sums
 	dh_builddeb

Bug#696398: override: gdb-msp430:devel/extra

2012-12-20 Thread Ansgar Burchardt 
Package: ftp.debian.org
Severity: normal

gdb-msp430 doesn't contain debug symbols and thus shouldn't be in the debug
section. Please move it to devel instead (the same section as gdb).

There's also a bug filed against the package requesting the same change[1].

  [1] 

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696399: Build-Depends on gdb-source, but ships its own copy of the gdb source

2012-12-20 Thread Ansgar Burchardt 
Package: src:gdb-msp430
Version: 7.2a~mspgcc-20111205-1
Severity: normal

gdb-msp430 build-depends on gdb-source, but ships its own copy of the gdb
source in gdb-7.2a.tar.bz2 instead of using the one included in gdb-source.

The package also uses Built-Using in a wrong way: Built-Using belongs to the
binary package, not the source.  See #696397 for a patch implementing it.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#695914: marked as pending

2012-12-20 Thread Ansgar Burchardt 
On 12/20/2012 02:07 PM, James McCoy wrote:
> On Thu, Dec 20, 2012 at 11:36:16AM +0100, Ansgar Burchardt wrote:
>> Mixing the status output from gpg and the data is a bad idea. It's
>> probably still possible to bypass the check with something like
> 
> Good point.  I just pushed an update:
> 
> http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commit;h=3e4b99becfc2e978887f2a52124970318bafe943

Thanks, that looks better.

Just one more question: why do you use Temp::File->newdir() when you
only want a single file? Wouldn't Temp::File->new() be easier as you
would no longer need the open() call in the next line.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696418: missing Built-Using on bf-utf (for bf-utf-source)

2012-12-20 Thread Ansgar Burchardt 
Package: src:debian-installer
Version: 20121114
Severity: serious

debian-installer uses bf-utf-source, but misses a Built-Using field for this
package.

Since dpkg (>= 1.16.2), dpkg-query has an easier way to extract the required
information for installed packages:

   dpkg-query -f '${source:Package} (= ${source:Version}), ' -W bf-utf-source

should give the missing value.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696422: warnings for missing Built-Using

2012-12-20 Thread Ansgar Burchardt 
Package: lintian
Version: 2.5.10.3
Severity: wishlist

It would be nice if lintian would emit a warning for packages that might miss a
Built-Using field (Policy 7.8). There are two cases where a Built-Using field
is needed:

Using source from another package. Lintian could look at debian/control and
look for a Build-Depends on *-source or *-source-[0-9.]+, but no binary package
having Built-Using.

This would result in false positives for:
- Packages not using substitution variables for Built-Using, but adding
  the field directly. But the packages I have seen that have a Built-Using
  field were all using a substition variable.
- *-source packages that do not provide source and are used in
  Build-Depends.

The other case are statically linked programs that include static libraries
from other packages. A simple check would be to look for packages that include
static binaries, but no Built-Using field. However this would result in false
positives for binaries not linking libraries from other packages, so I'm not
sure how useful such a check would be.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696423: missing Built-Using on gcc-4.7 (for gcc-4.7-source)

2012-12-20 Thread Ansgar Burchardt 
Package: src:gcc-avr
Version: 4.7.2-1
Severity: serious
Tags: patch
Usertags: built-using

gcc-avr uses the gdb source from gcc-4.7-source, but does not indicate so with a
Built-Using field (Policy 7.8). This means the archive might not contain the
full source for this package as the specific version of gcc used to build the
package could be replaced with a newer version.

I've attached a patch adding the Built-Using field to the gcc-avr binary
package.

Ansgar
diff -Nru gcc-avr-4.7.2/debian/changelog gcc-avr-4.7.2/debian/changelog
--- gcc-avr-4.7.2/debian/changelog	2012-11-28 07:43:03.0 +0100
+++ gcc-avr-4.7.2/debian/changelog	2012-12-20 16:03:41.0 +0100
@@ -1,3 +1,10 @@
+gcc-avr (1:4.7.2-1.1) UNRELEASED; urgency=low
+
+  * Non-maintainer upload.
+  * Add Built-Using for gcc-4.7-source.
+
+ -- Ansgar Burchardt   Thu, 20 Dec 2012 15:03:29 +
+
 gcc-avr (1:4.7.2-1) unstable; urgency=low
 
   * New upstream release (closes: #693572)
diff -Nru gcc-avr-4.7.2/debian/control gcc-avr-4.7.2/debian/control
--- gcc-avr-4.7.2/debian/control	2012-11-27 18:26:12.0 +0100
+++ gcc-avr-4.7.2/debian/control	2012-12-20 16:18:37.0 +0100
@@ -3,7 +3,7 @@
 Priority: extra
 Maintainer: Hakan Ardo 
 Standards-Version: 3.5.3
-Build-Depends: m4, autoconf (>= 2.13), libtool, gawk, bzip2, binutils-avr (>= 2.20.1-2), bison, flex, gettext, texinfo, zlib1g-dev, debhelper (>= 4.2.10), tar (>= 1.13.18), automake1.9, libmpfr-dev, lsb-release, patchutils, gcc-4.7-source (>= 4.7.2-4), libmpc-dev
+Build-Depends: m4, autoconf (>= 2.13), libtool, gawk, bzip2, binutils-avr (>= 2.20.1-2), bison, flex, gettext, texinfo, zlib1g-dev, debhelper (>= 4.2.10), tar (>= 1.13.18), automake1.9, libmpfr-dev, lsb-release, patchutils, gcc-4.7-source (>= 4.7.2-4), libmpc-dev, dpkg (>= 1.16.2)
 Build-Conflicts: libgcc0, libgcc300
 
 Package: gcc-avr
@@ -14,6 +14,7 @@
 Depends: ${shlibs:Depends}, binutils-avr (>= 2.18-4)
 Provides: c-compiler-avr
 Suggests: task-c-devel, gcc-doc (>= 4:4.0.2-1), gcc-4.2, avr-libc(>=1:1.6.2-2)
+Built-Using: ${Built-Using}
 Description: The GNU C compiler (cross compiler for avr)
  This is the GNU C compiler, a fairly portable optimizing compiler which
  supports multiple languages.  This package includes support for C.
diff -Nru gcc-avr-4.7.2/debian/rules gcc-avr-4.7.2/debian/rules
--- gcc-avr-4.7.2/debian/rules	2012-05-23 09:33:21.0 +0200
+++ gcc-avr-4.7.2/debian/rules	2012-12-20 16:02:49.0 +0100
@@ -42,6 +42,7 @@
 TAR_DIR=gcc-*
 
 SOURCE_DIR := /usr/src/gcc-4.7/
+BUILT_USING := $(shell dpkg-query -f '$${source:Package} (= $${source:Version}), ' -W gcc-4.7-source)
 patchdir = $(SOURCE_DIR)/patches
 
 include $(SOURCE_DIR)/debian/rules.defs
@@ -172,7 +173,7 @@
 	dh_installdeb
 #	dh_perl
 	dh_shlibdeps
-	dh_gencontrol
+	dh_gencontrol -- -VBuilt-Using="$(BUILT_USING)"
 	dh_md5sums
 	dh_builddeb

Bug#525850: puppet: Requesting new certificate will overwrite CA certificate

2012-10-02 Thread Ansgar Burchardt 
Hi,

Micah Anderson  writes:
>> attached is a patch that I use to prevent puppet from overwriting the
>> CA certificate if it is already present on the local host.
>
> When you reported this bug, it was for 0.24, does this still happen with newer
> versions of puppet?
>
>> --- puppet.orig/lib/puppet/network/client/ca.rb
>> +++ puppet/lib/puppet/network/client/ca.rb
>> @@ -48,7 +48,9 @@
>>  
>>  # Only write the cert out if it passes validating.
>>  Puppet.settings.write(:hostcert) do |f| f.print cert end
>> -Puppet.settings.write(:localcacert) do |f| f.print cacert end
>> +unless FileTest.exist?(Puppet[:localcacert])
>> +  Puppet.settings.write(:localcacert) do |f| f.print cacert end
>> +end
>>  
>>  @cert
>>end
>
> In newer versions of puppet, most of the above code doesn't exist anywhere I
> could find, so I guess that this has either been resolved in newer versions, 
> or
> you have been forward porting this patch to new versions? If you do have a 
> newer
> version, could you send it to the bug report?

I dropped the patch after 2.6.2-5+squeeze3. So this issue should be resolved.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#689408: puppet: no longer allows '/' in certificate subject names

2012-10-02 Thread Ansgar Burchardt 
Package: puppet
Version: 2.7.18-2
Forwarded: http://projects.puppetlabs.com/issues/15561

Puppet no longer allows the use of '/' in certificate subject names.  If
such a certificate is seen, it displays an error like this:

puppet-agent[15202]: Could not request certificate: Certname 
"/c=de/st=.../l=.../o=.../ou=../cn=puppet.mathi.uni-heidelberg.de" must not 
contain unprintable or non-ASCII characters

It would be nice if a fix for this could be included in wheezy (once it
is fixed upstream).

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#633809: src:crystalspace: Build-depends on libcucul-dev

2012-10-03 Thread Ansgar Burchardt 
Hi,

Jon Dowland  writes:
> 2½ months ago you tagged 633809 pending, but there's no commit to
> the VCS in that time and it hasn't been resolved by an upload. May
> I ask, is this bug really pending? Thanks!

The dependencies are changed in the VCS (even before I tagged the bugs
pending), but crystalspace fails to build with the newer cegui now in
Debian. I haven't looked into the latter issue.

Ansgar


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#689493: src:youtube-dl: missing source for Windows binary

2012-10-03 Thread Ansgar Burchardt 
Source: youtube-dl
Version: 2012.09.27-1
Severity: serious

The youtube-dl source package has a youtube-dl.exe which seems to
contain an embedded Python interpreter. The source for this is not
included.

As youtube-dl.exe is of no use for Debian, it might be best to just
remove it from the upstream tarball.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#689598: dak: lintian check for packages referring to source in NEW fails

2012-10-04 Thread Ansgar Burchardt 
Package: ftp.debian.org
User: ftp.debian@packages.debian.org
Usertags: dak

The lintian check fails for packages that refer to upstream tarballs in NEW:

> W: lintian failed for 
> /srv/ftp-master.debian.org/tmp/dakup3IIw/readosm_1.0.0a-2_i386.changes 
> [return code: 2].
> W:  [possible output:] gpgv: keyblock resource 
> `/home/dak-unpriv/.gnupg/trustedkeys.gpg': file open error
>  [possible output:] gpgv: Signature made Wed Oct  3 22:08:22 2012 UTC using 
> DSA key ID 1392B174
>  [possible output:] gpgv: Can't check signature: public key not found
>  [possible output:] dpkg-source: error: cannot fstat file 
> /tmp/temp-lintian-lab-avvP4ypHUd/pool/r/readosm/readosm_1.0.0a-2_source/readosm_1.0.0a.orig.tar.gz:
>  Permission denied
>  [possible output:] internal error: dpkg-source -x failed with status  13 at 
> /usr/share/lintian/lib/Lintian/Util.pm line 831.
>  [possible output:] warning: collect info unpacked about package readosm 
> failed
>  [possible output:] warning: skipping check of source package readosm

The problem is that *.orig.tar.gz is a symlink to the file in NEW which
is not readable by dak-unpriv.

Maybe we should just always copy files around instead of trying to do
less I/O?

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#645487: ensembl: includes GPL code without source

2012-10-07 Thread Ansgar Burchardt 
Andreas Tille  writes:
> You are mixing up GPL and DFSG.  GPL says that the source code needs to
> be provided at least at request (and it in this case it is pretty easy
> to obtain the source code).

"The general rule is, if you distribute binaries, you must distribute
the complete corresponding source code too."[1]

"If you make object code available on a network server, you have to
provide the Corresponding Source on a network server as well."[2]

And having a jalview package in the archive does not help as this does
not guarantee we have the source for the exact version of jalview
bundled with ensembl.

Ansgar

[1] 
[2] 


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#689855: ensembl: configuration files in /usr/share/ensembl/**/conf

2012-10-07 Thread Ansgar Burchardt 
Package: src:ensembl
Version: 63-1
Severity: serious

ensembl.postinst modifies

  /usr/share/ensembl/conf/Plugins.pm
  /usr/share/ensembl/public-plugins/mirror/conf/SiteDefs.pm

so these tiles seem to be configuration files and should not be located
in /usr.

I'm also not sure if the current use of debconf in ensembl.postinst
preserves changes to these files as it seems to unconditionally
overwrite database access information with values from debconf.
Also passwords are passed as command-line arguments in ensembl.postinst
which makes them visible in the process list.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#689856: ensembl: misuse of "nobody" system user, potential unsafe use of /var/tmp

2012-10-07 Thread Ansgar Burchardt 
Package: src:ensembl
Version: 63-1
Severity: important

ensembl uses the "nobody" system user for some directories (see
ensembl.postinst), but that user is not supposed to own any files:

  Daemons that need not own any files sometimes run as user nobody and
  group nogroup, although using a dedicated user is far preferable.
  Thus, no files on a system should be owned by this user or group.
   -- /usr/share/doc/base-passwd/users-and-groups.txt.gz

The use of /var/tmp/ensemle is also likely wrong. It's created in
postinst and might be removed at any later time (or somebody else might
have created a file or directory with this name).

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#690117: ITP: tlsdate -- secure parasitic rdate replacement

2012-10-10 Thread Ansgar Burchardt 
On 10/10/2012 09:26 AM, Kartik Mistry wrote:
> * Package name: tlsdate
>   Version : x.y.z
>   Upstream Author : Jacob Appelbaum ,
> Christian Grothoff 
> * URL : 0.0.1
> * License : BSD
>   Programming Lang: C
>   Description : secure parasitic rdate replacement
> 
> tlsdate sets the local clock by securely connecting with TLS to remote
> servers and extracting the remote time out of the secure handshake. Unlike
> ntpdate, tlsdate uses TCP, for instance connecting to a remote HTTPS or TLS
> enabled service, and provides some protection against adversaries that try to
> feed you malicious time information.

Jacob Appelbaum already filed an ITP[1] for this package.

  [1] 

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#690130: tryton: maintainer address still bounces

2012-10-10 Thread Ansgar Burchardt 
Source: tryton-modules-account-statement
Severity: serious

The maintainer address still bounces...

Ansgar

On 10/10/2012 11:19 AM, Mail Delivery System wrote:
> This is the mail system at host debian.tryton.org.
> 
> I'm sorry to have to inform you that your message could not
> be delivered to one or more recipients. It's attached below.
> 
> For further assistance, please send mail to postmaster.
> 
> If you do so, please include this problem report. You can
> delete your own text from the attached returned message.
> 
>The mail system
> 
>  (expanded from
> ): Host or domain name not found. Name
> service error for name=lists.debian-maintainers.org type=MX: Host not
> found, try again
> 
> 
> 
> Reporting-MTA: dns; debian.tryton.org
> X-Postfix-Queue-ID: D014F121F48
> X-Postfix-Sender: rfc822; d...@franck.debian.org
> Arrival-Date: Fri,  5 Oct 2012 09:02:08 + (UTC)
> 
> Final-Recipient: rfc822; try...@lists.debian-maintainers.org
> Original-Recipient: rfc822;maintain...@debian.tryton.org
> Action: failed
> Status: 4.4.3
> Diagnostic-Code: X-Postfix; Host or domain name not found. Name service error
> for name=lists.debian-maintainers.org type=MX: Host not found, try again
> 


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#690184: unblock: libdatetime-timezone-perl/1:1.49-1+2012f

2012-10-10 Thread Ansgar Burchardt 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package libdatetime-timezone-perl

unblock libdatetime-timezone-perl/1:1.49-1+2012f

It includes timezone information which is sadly not taken from the
tzdata binary package. (This is also a problem for the package currently
in squeeze.)

I've attached the debdiff minus the actual changes to the *.pm modules
which describe the timezones as these are quite long and mostly boring.

Ansgar
diff -Nru libdatetime-timezone-perl-1.46/Changes libdatetime-timezone-perl-1.49/Changes
--- libdatetime-timezone-perl-1.46/Changes	2012-04-02 16:39:17.0 +0200
+++ libdatetime-timezone-perl-1.49/Changes	2012-09-13 16:09:12.0 +0200
@@ -1,3 +1,21 @@
+1.492012-09-13
+
+- This release is based on version 2012f of the Olson database. This release
+  includes contemporary changes for Fiji.
+
+
+1.482012-08-03
+
+- This release is based on version 2012e of the Olson database. This release
+  includes contemporary changes for Fakaofo.
+
+
+1.472012-07-19
+
+- This release is based on version 2012d of the Olson database. This release
+  includes contemporary changes for Morocco.
+
+
 1.462012-04-02
 
 - This release is based on version 2012c of the Olson database. This release
diff -Nru libdatetime-timezone-perl-1.46/debian/changelog libdatetime-timezone-perl-1.49/debian/changelog
--- libdatetime-timezone-perl-1.46/debian/changelog	2012-04-05 19:06:25.0 +0200
+++ libdatetime-timezone-perl-1.49/debian/changelog	2012-09-14 13:12:13.0 +0200
@@ -1,3 +1,22 @@
+libdatetime-timezone-perl (1:1.49-1+2012f) unstable; urgency=low
+
+  * New upstream release, based on version 2012f of the Olson database.
+
+ -- gregor herrmann   Fri, 14 Sep 2012 13:12:04 +0200
+
+libdatetime-timezone-perl (1:1.48-1+2012e) unstable; urgency=low
+
+  * New upstream release, based on version 2012e of the Olson database.
+
+ -- gregor herrmann   Sat, 18 Aug 2012 14:13:30 +0200
+
+libdatetime-timezone-perl (1:1.47-1+2012d) unstable; urgency=low
+
+  * debian/control: update {versioned,alternative} (build) dependencies.
+  * New upstream release, based on version 2012d of the Olson database.
+
+ -- gregor herrmann   Mon, 30 Jul 2012 22:59:13 +0200
+
 libdatetime-timezone-perl (1:1.46-1+2012c) unstable; urgency=low
 
   * New upstream release, based on version 2012c of the Olson database.
diff -Nru libdatetime-timezone-perl-1.46/debian/control libdatetime-timezone-perl-1.49/debian/control
--- libdatetime-timezone-perl-1.46/debian/control	2012-04-05 19:06:25.0 +0200
+++ libdatetime-timezone-perl-1.49/debian/control	2012-09-14 13:12:13.0 +0200
@@ -1,32 +1,33 @@
 Source: libdatetime-timezone-perl
+Maintainer: Debian Perl Group 
+Uploaders: Krzysztof Krzyżaniak (eloy) ,
+   gregor herrmann ,
+   Jonathan Yu ,
+   Ansgar Burchardt ,
+   Nicholas Bamber 
 Section: perl
 Priority: optional
 Build-Depends: debhelper (>= 8)
 Build-Depends-Indep: perl,
- libclass-load-perl,
- libclass-singleton-perl,
- libdatetime-perl,
- libparams-validate-perl,
- libtest-output-perl,
- perl (>= 5.10.1) | libparent-perl,
- perl (>= 5.10.1) | libtest-simple-perl (>= 0.88)
-Maintainer: Debian Perl Group 
-Uploaders: Krzysztof Krzyżaniak (eloy) ,
- gregor herrmann , Jonathan Yu ,
- Ansgar Burchardt , Nicholas Bamber 
+ libclass-load-perl,
+ libclass-singleton-perl,
+ libdatetime-perl,
+ libparams-validate-perl,
+ libtest-output-perl
 Standards-Version: 3.9.3
-Homepage: http://datetime.perl.org/
-Vcs-Git: git://git.debian.org/pkg-perl/packages/libdatetime-timezone-perl.git
 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libdatetime-timezone-perl.git
+Vcs-Git: git://git.debian.org/pkg-perl/packages/libdatetime-timezone-perl.git
+Homepage: http://datetime.perl.org/
 
 Package: libdatetime-timezone-perl
 Architecture: all
+Depends: ${misc:Depends},
+ ${perl:Depends},
+ libclass-load-perl,
+ libclass-singleton-perl,
+ libparams-validate-perl,
+ perl
 Pre-Depends: dpkg (>= 1.15.6~)
-Depends: ${misc:Depends}, ${perl:Depends},
- libclass-load-perl,
- libclass-singleton-perl,
- libparams-validate-perl,
- perl (>= 5.10.1) | libparent-perl
 Description: framework exposing the Olson time zone database to Perl
  DateTime::TimeZone is a Perl module framework providing an interface to the
  Olson time zone database. It exposes the database as a set of modules, one
@@ -35,3 +36,4 @@
  .
  The Olson time zone database is the best available source for worldwide time
  zone information and is available from ftp://ftp.iana.org/tz/releases/>.
+
diff -Nru libdatetime-timezone-perl-1.46/tools/update-from-latest-olson libdatetime-timezone-perl-1.49/tools/update-from-latest-olson
--- libdatetime-timezone-perl-1.46/tool

Bug#690293: Policy 5.6.24: Checksums-{SHA1,SHA256} are required by the archive software

2012-10-12 Thread Ansgar Burchardt 
Package: debian-policy
Severity: minor

Charles Plessy  writes:
> http://www.debian.org/doc/debian-policy/ch-controlfields.html#s-f-Checksums
>
>   In the .dsc file, these fields should list all files that make up the source
>   package. In the .changes file, these fields should list all files being
>   uploaded. The list of files in these fields must match the list of files in 
> the
>   Files field.

The Checksums-{SHA1,SHA256} fields were optional when they were
documented in Policy[1], but by now dak requires Checksums-{SHA1,SHA256}
to be present and listing all files in both .dsc and .changes files.

  [1] 

I suggest replacing both 'should's with 'must' in the paragraph quoted
above.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#679669: Removal of underscore package from squeeze-backports?

2012-10-14 Thread Ansgar Burchardt 
Stuart Prescott  writes:
>> I modified the package in backports to not compress the *.js files:
>
> Indeed! Excellent. Is that diff better for the RC bug #679669 better than the 
> one that is now there? (patches that fix rc bugs coming from 
> squeeze-backports 
> is a new and interesting direction)

Your patch for #679669 simply drops the *.min.js, however other packages
might rely on these files to be present.  Replacing them with a symlink
on the non-minified version like in the backports package seems safer to
me.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#690444: dak: deal with packages having overrides in two components

2012-10-14 Thread Ansgar Burchardt 
Package: ftp.debian.org
User: ftp.debian@packages.debian.org
Usertags: dak

dak should deal with packages having overrides in two components in the
same suite. This can happen when packages move from contrib to main, for
example gentle.

The only remaining problem should be installing new (source) packages
into a suite where this package has two overrides. dak needs to know
which component to use in this case, see [1] for some more details of
the problems with this.

  [1] 

As a workaround packages can be removed from contrib before a new
version is accepted to main.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#645487: [Debian-med-packaging] Bug#645487: ensembl: includes GPL code without source

2012-10-14 Thread Ansgar Burchardt 
"Steffen Möller"  writes:
>> Andreas Tille  writes:
>> > You are mixing up GPL and DFSG.  GPL says that the source code needs to
>> > be provided at least at request (and it in this case it is pretty easy
>> > to obtain the source code).
>> 
>> "The general rule is, if you distribute binaries, you must distribute
>> the complete corresponding source code too."[1]
>> 
>> "If you make object code available on a network server, you have to
>> provide the Corresponding Source on a network server as well."[2]
>> 
>> And having a jalview package in the archive does not help as this does
>> not guarantee we have the source for the exact version of jalview
>> bundled with ensembl.
>> 
>> Ansgar
>> 
>> [1] 
>> [2] 
>
> Formally speaking there is nothing to argue about. We should remove that 
> .jar. 
> To grant us some more time to orchestrate the individuals behind that
> package and get up to speed with the much progressed upstream
> developments, may I ask for an exempt for the Ensembl package, not
> harming too many in experimental, from [1] for another while, please?

Can you give an estimate how long this would take?

Temporary removal from the archive might be an option if it takes
longer.  The package could return once the issue is fixed (just like a
new package).

Ansgar


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#690492: love_0.8.0-2_i386.changes REJECTED

2012-10-14 Thread Ansgar Burchardt 
Bas Wijnen  writes:
> On Sun, Oct 14, 2012 at 06:57:43PM +0200, Bas Wijnen wrote:
>> On Sun, Oct 14, 2012 at 04:02:50PM +, Debian FTP Masters wrote:
>> > love: lintian output: 'embedded-library usr/bin/love-0.8: glee', 
>> > automatically rejected package.
>> > love: If you have a good reason, you may override this lintian tag.
>> 
>> I didn't touch that. I could override this error, but I shouldn't,
>> because it is a valid error. I didn't fix it, but I still would like the
>> other bugfixes to be included in stable (so I need to get the package
>> included in unstable first).
>
> Update: this bug was already worked around in the Debian package: the
> files included by upstream are not used, and the debian library package
> is used instead. The embeded copy is in the upstream source, and that is
> an upstream bug (which should trigger the lintian warning).

Are you sure the Debian package does not use the embedded copy? The
lintian error seems to be triggered by the binary package (as it
includes the path).

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#690552: pu: package clive/2.2.13-5+squeeze5

2012-10-15 Thread Ansgar Burchardt 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I prepared an update for clive. It adapts clive to changes on youtube.com; the
problem and patch are basically the same as #688972 in libquvi-scripts.

Ansgar
diff -Nru clive-2.2.13/debian/changelog clive-2.2.13/debian/changelog
--- clive-2.2.13/debian/changelog	2012-01-28 10:42:30.0 +
+++ clive-2.2.13/debian/changelog	2012-10-15 13:15:48.0 +
@@ -1,3 +1,10 @@
+clive (2.2.13-5+squeeze5) squeeze; urgency=low
+
+  * Adapt for youtube.com changes.
++ new patch: 688972-youtube.diff
+
+ -- Ansgar Burchardt   Mon, 15 Oct 2012 13:15:16 +
+
 clive (2.2.13-5+squeeze4) stable; urgency=low
 
   * Adapt for youtube.com changes. (Closes: #645025)
diff -Nru clive-2.2.13/debian/patches/688972-youtube.diff clive-2.2.13/debian/patches/688972-youtube.diff
--- clive-2.2.13/debian/patches/688972-youtube.diff	1970-01-01 00:00:00.0 +
+++ clive-2.2.13/debian/patches/688972-youtube.diff	2012-10-15 13:14:49.0 +
@@ -0,0 +1,16 @@
+From: Ansgar Burchardt 
+Subject: backport patch for #688972 from libquvi-scripts to clive
+Bug-Debian: http://bugs.debian.org/688972
+
+--- clive-2.2.13.orig/lib/clive/Host/Youtube.pm
 clive-2.2.13/lib/clive/Host/Youtube.pm
+@@ -52,6 +52,9 @@ sub parsePage {
+ 	}
+ 	my $id = $map{itag};
+ 	my $url = $map{url};
++	if (exists $map{sig}) {
++		$url .= '&signature=' . $map{sig};
++	}
+ $best   = $url unless $best;
+ $h{$id} = $url;
+ }
diff -Nru clive-2.2.13/debian/patches/series clive-2.2.13/debian/patches/series
--- clive-2.2.13/debian/patches/series	2012-01-28 10:33:11.0 +
+++ clive-2.2.13/debian/patches/series	2012-10-15 13:13:12.0 +
@@ -6,3 +6,4 @@
 liveleak-fix-from-2.2.25.patch
 636612-youtube.diff
 645025-youtube.diff
+688972-youtube.diff

Bug#690568: ddclient: use Digest::SHA instead of Digest::SHA1

2012-10-15 Thread Ansgar Burchardt 
Package: ddclient
Version: 3.8.1-1
Severity: normal

Please use Digest::SHA instead of Digest::SHA1 as libdigest-sha1-perl is gone
from the archive. Just replacing the module names should be enough for this as
the sha1_hex function is available in both modules.

Digest::SHA is part of the core perl modules since 5.9.3 so you don't need any
additional dependencies to use it.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#679669: tpu upload for #679669 (underscore: build-depends on uglifyjs)

2012-10-15 Thread Ansgar Burchardt 
Julien Cristau  writes:
> On Sat, Oct 13, 2012 at 20:56:00 +0200, Ansgar Burchardt wrote:
>> Stuart Prescott  writes:
>> > Looking at the underscore package in squeeze-backports, it is not possible 
>> > to 
>> > build it from source using packages in squeeze+squeeze-backports. In 
>> > particular, the "uglifyjs" package (provided by node-uglify in sid) is not 
>> > in 
>> > squeeze/squeeze-backports.
>> 
>> I modified the package in backports to not compress the *.js files:
>> 
> Any chance you could do that for wheezy too?

Sure.  I've attached the debdiff for an upload to wheezy (there's a
newer version in unstable).  The changes are the same as in the
backport.

Ansgar
diff -Nru underscore-1.1.6/debian/changelog underscore-1.1.6/debian/changelog
--- underscore-1.1.6/debian/changelog	2011-04-22 11:30:22.0 +0200
+++ underscore-1.1.6/debian/changelog	2012-10-15 20:48:23.0 +0200
@@ -1,3 +1,10 @@
+underscore (1.1.6-1+deb7u1) wheezy; urgency=low
+
+  * Include uncompressed version of *.js to avoid a build-dependency on
+uglifyjs. (Closes: #679669)
+
+ -- Ansgar Burchardt   Mon, 15 Oct 2012 20:46:34 +0200
+
 underscore (1.1.6-1) unstable; urgency=low
 
   * New upstream release.
diff -Nru underscore-1.1.6/debian/control underscore-1.1.6/debian/control
--- underscore-1.1.6/debian/control	2011-04-22 11:25:13.0 +0200
+++ underscore-1.1.6/debian/control	2012-10-15 20:46:31.0 +0200
@@ -5,8 +5,7 @@
 Uploaders: Jonas Smedegaard 
 Build-Depends: cdbs,
  debhelper (>= 6),
- dh-buildinfo,
- uglifyjs
+ dh-buildinfo
 Standards-Version: 3.9.2
 Homepage: http://documentcloud.github.com/underscore/
 Vcs-Git: git://git.debian.org/git/collab-maint/underscore
diff -Nru underscore-1.1.6/debian/rules underscore-1.1.6/debian/rules
--- underscore-1.1.6/debian/rules	2011-04-22 11:30:00.0 +0200
+++ underscore-1.1.6/debian/rules	2012-10-15 20:46:31.0 +0200
@@ -28,7 +28,7 @@
 CDBS_BUILD_DEPENDS_rules_upstream-tarball =
 CDBS_BUILD_DEPENDS_rules_utils_copyright-check =
 
-CDBS_BUILD_DEPENDS += , uglifyjs
+#CDBS_BUILD_DEPENDS += , uglifyjs
 
 DEB_UPSTREAM_URL = http://githubredir.debian.net/github/documentcloud/underscore/
 DEB_UPSTREAM_TARBALL_BASENAME = $(DEB_UPSTREAM_TARBALL_VERSION)
@@ -47,6 +47,7 @@
 
 build/$(libpkgname):: $(js-min)
 $(js-min): debian/%.min.js: $(js-basedir)%.js
-	uglifyjs -o $@ $<
+	#uglifyjs -o $@ $<
+	ln -sf $< $@
 clean::
 	rm -f debian/*.js

Bug#679669: tpu upload for #679669 (underscore: build-depends on uglifyjs)

2012-10-15 Thread Ansgar Burchardt 
Julien Cristau  writes:
> On Mon, Oct 15, 2012 at 20:59:24 +0200, Ansgar Burchardt wrote:
>> Sure.  I've attached the debdiff for an upload to wheezy (there's a
>> newer version in unstable).  The changes are the same as in the
>> backport.
>> 
> Ack, please go ahead.

Uploaded (without using DELAYED/* as I don't think that matters much for
tpu).

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#690293: Policy 5.6.24: Checksums-{SHA1,SHA256} are required by the archive software

2012-10-15 Thread Ansgar Burchardt 
Charles Plessy  writes:
> Le Fri, Oct 12, 2012 at 09:31:24AM +0200, Ansgar Burchardt a écrit:
>> The Checksums-{SHA1,SHA256} fields were optional when they were
>> documented in Policy[1], but by now dak requires Checksums-{SHA1,SHA256}
>> to be present and listing all files in both .dsc and .changes files.
>> 
>>   [1] <http://bugs.debian.org/478295#73>
>> 
>> I suggest replacing both 'should's with 'must' in the paragraph quoted
>> above.
>
> Thanks a lot for the feedback !  How about the following patch ?  Instead
> of replacing shoulds by musts, it:
>
>  - Replaces "required" by "mandatory" in the list of fields for the Debian
>source control and Debian changes files.
>
>  - Removes the "shoulds" that I think are misleading.  Even if the fields
>were still only recommended, I think that they must not be used for
>other purposes or with another syntax.
[...]
> --- a/policy.sgml
> +++ b/policy.sgml
> @@ -2754,7 +2754,7 @@ Package: libc6
>  id="f-Standards-Version">Standards-Version 
> (recommended)
> Build-Depends et 
> al
> Checksums-Sha1
> -   and Checksums-Sha256 (recommended)
> +   and Checksums-Sha256 (mandatory)
> Files (mandatory)
>   
>   
> @@ -2807,7 +2807,7 @@ Package: libc6
>   Closes
>   Changes 
> (mandatory)
>   Checksums-Sha1
> - and Checksums-Sha256 (recommended)
> + and Checksums-Sha256 (mandatory)
>   Files (mandatory)
> 
>   
> @@ -3741,9 +3741,9 @@ Checksums-Sha256:
> 
>  
> 
> - In the .dsc file, these fields should list all
> + In the .dsc file, these fields list all
>   files that make up the source package.  In
> - the .changes file, these fields should list all
> + the .changes file, these fields list all
>   files being uploaded.  The list of files in these fields
>   must match the list of files in the Files field.
> 

Yes, that's better than my suggestion.  Seconded.

Ansgar


pgpWn2r9jjGzg.pgp
Description: PGP signature

Bug#690589: RFS: libdigest-md6-perl/0.11-1

2012-10-15 Thread Ansgar Burchardt 
Hi,

Oleg Gashev  writes:
>   libdigest-md6-perl - Digest::MD6 - Perl interface to the MD6 Algorithm
>   dget -x 
> http://mentors.debian.net/debian/pool/main/libd/libdigest-md6-perl/libdigest-md6-perl_0.11-1.dsc

You might want to join the Debian Perl Group you already list as the
maintainer for this package ;)  See [1] for more details.

  [1] 

Besides that:

 - The two entries in debian/changelog should probably be collapsed into
   one.

 - The (build-)dependencies on hardening-wrapper, perl-base and
   perl-modules look wrong. Why are they there?

 - I would use just "Perl interface to the MD6 algorithm" as the short
   description. Most Perl modules use that scheme.

 - debian/copyright is wrong. Some parts are distributed under the same
   terms as perl, ie. Artistic or GPL-1+; other parts use BSD-like
   licenses. There are also additional copyright holders.

   See [2] for an example how to document the Artistic or GPL-1+ part.

 [2] 


 - README should not be installed as documentation as it contains only
   installation information that is of no use when you installed the
   Debian package.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#690962: mess: FTBFS, please lower the number of parallel jobs from -j5

2012-10-19 Thread Ansgar Burchardt 
Emmanuel Kasper  writes:
> Le 19/10/2012 17:42, Konstantinos Margaritis a écrit :
>> Currently in debian/rules make starts -j5. Currently the armhf
>> autobuilders have only 1GB of RAM and starting 5 C++ jobs is a bit too
>> heavy on the builders. Lowering it to eg. 3 or even 2 is a bit nicer, or
>> if you would like, add some code to limit the number of jobs depending
>> on the number of cpus available.
>
> If that OK I start ( number of CPU cores + 1 ) as the number of make
> jobs ? This is how we do it on the very similar mame package.

No, that's not correct.  See Policy 4.9.1.

Note that debhelper has a --parallel option which can do all the work
for you.

Ansgar


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#691165: dak: "dak rm -C package" does not send mail if not closing bug

2012-10-22 Thread Ansgar Burchardt 
Package: ftp.debian.org
Severity: minor
User: ftp.debian@packages.debian.org
Usertags: dak

'dak rm -C package ' will not send a mail as the code sending
out the mail is inside a 'if Options["Done"]' block.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#691166: dak: do not keep ACCEPTED.* files for NEW

2012-10-22 Thread Ansgar Burchardt 
Package: ftp.debian.org
User: ftp.debian@packages.debian.org
Usertags: dak

The ACCEPTED.* files for the NEW queue should not be kept.

It causes problems when a packages is marked for acceptance, then an
error while processing happens and the package is rejected.  After some
time the (new) overrides disappear again.  Should the same version get
re-uploaded to NEW, process-policy sees the ACCEPTED.* file, tries to
install it again and this time fails due to the missing overrides.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#691107: Possible fix

2012-10-22 Thread Ansgar Burchardt 
Jesse Smith  writes:
> I believe I have found the problem and (I hope) a fix. Sorry for
> spamming everyone's inbox today.
>
> The problem seems to stem from the strcpy() command overflowing when
> copying one character into a two-character string. It seems as though
> GCC is treating the characters in the source string as being larger than
> one byte each, so to great around the overflow I've increased the size
> of the destination buffer.

That probably just hides the problem.

I think the real problem is in menucontent.h.  The MENUENTRY variables
are declared in a "if" block and are no longer valid outside the block,
however mainMenu.entries ("opts" in atanks.cpp:1037) still has a pointer
to them...

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#691223: atanks: source tarball includes Win32 binaries without source

2012-10-22 Thread Ansgar Burchardt 
Package: src:atanks
Version: 5.5-1
Severity: serious

The source tarball contains Win32 binaries without source:

  ./src/alleg42.dll
  ./alleg42.dll

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#690552: pu: package clive/2.2.13-5+squeeze5

2012-10-23 Thread Ansgar Burchardt 
"Adam D. Barratt"  writes:
> On Mon, 2012-10-15 at 13:26 +, Ansgar Burchardt wrote:
>> I prepared an update for clive. It adapts clive to changes on youtube.com; 
>> the
>> problem and patch are basically the same as #688972 in libquvi-scripts.
>
> Please go ahead; thanks.

Uploaded earlier today.  Please consider making the update also
available via squeeze-updates.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#690541: get-flash-videos: Fails to download youtube videos.

2012-10-24 Thread Ansgar Burchardt 
Control: tag -1 + upstream fixed-upstream

This should already be fixed upstream:
https://github.com/monsieurvideo/get-flash-videos/commit/95be0e51df6b13dea87fe0d8b1083d98241e11c8

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#690541: get-flash-videos: Fails to download youtube videos.

2012-10-24 Thread Ansgar Burchardt 
Hi,

intrigeri  writes:
> Ansgar Burchardt wrote (24 Oct 2012 09:09:26 GMT) :
>> This should already be fixed upstream:
>> https://github.com/monsieurvideo/get-flash-videos/commit/95be0e51df6b13dea87fe0d8b1083d98241e11c8
>
> Confirmed, pushed the patch in our Git repository for this package.
> I won't have time to upload soonish, though.
>
> BTW, I wonder if we should bump the severity, and get the fix in Wheezy.
> Or maybe this rather for wheezy-updates, really.
> I'm wondering if it makes sense to ship such a package into a stable
> release at all. Did we discuss this already?

There's no difference between maintaining it in stable or -updates: the
later is merged at point release times[1].

  [1] <https://lists.debian.org/debian-devel-announce/2010/10/msg2.html>

The question is if there is somebody who will prepare the necessary
updates and talk to the release team. There are some more packages in
the same situation (*marked* packages maintained by pkg-perl):

*clive*, cclive, anything else using libquvi:
I'm currently preparing updates for clive in squeeze and plan to do so
for libquvi-scripts in wheezy. libquvi is the backend for clive, cclive,
quvi, nomnom and some other programs in wheezy.

*libwww-youtube-download-perl*:
Probably broken in wheezy, newer version in unstable. Not part of
squeeze.

youtube-dl:
Not working in wheezy, currently has a removal hint[2]. Not part of
squeeze.

  [2] <http://qa.debian.org/excuses.php?package=youtube-dl>

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#691490: wims: missing source

2012-10-26 Thread Ansgar Burchardt 
Package: src:wims
Version: 4.00-1
Severity: serious

I cannot find the source code for:
  
  wims/bin/true
  wims/bin/false
  wims/public_html/java/geogebra/*.jar
  wims/public_html/java/geogebra3/*.jar
  wims/public_html/java/jmol/*.jar
  wims/public_html/flash/*.swf

This affects both the versions 4.00-4+squeeze1 in stable and 4.04-3 in
unstable.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#691491: src:wims: copyright information incomplete

2012-10-26 Thread Ansgar Burchardt 
Package: src:wims
Version: 4.00-1
Severity: serious

The copyright information for wims is very incomplete.  For example the
copyright information for wims/public_html/scripts/js/keyboard/* and
wims/public_html/scripts/js/jsxgraph/jsxgraphcore.js is missing
(jsxgraphcore.js is also missing source).

This affects both 4.00-4+squeeze1 in squeeze and 4.04-3 in unstable.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#691493: missing source for *.jar

2012-10-26 Thread Ansgar Burchardt 
Package: src:jsxgraph
Version: 0.83+svn1872~dfsg-3
Severity: serious

The source for

  tools/yuicompressor-2.4.2/lib/*.jar

is not included in the source tarball.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#691493: missing source for *.jar

2012-10-26 Thread Ansgar Burchardt 
Ansgar Burchardt  writes:
> The source for
>
>   tools/yuicompressor-2.4.2/lib/*.jar
>
> is not included in the source tarball.

And it also includes old, compressed versions of itself in the examples/
and plugins/ directories for which no source is included either.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#691601: zsh: completion for dak not really helpful

2012-10-27 Thread Ansgar Burchardt 
Package: zsh
Version: 4.3.17-1
Severity: normal

The completion for dak is not very helpful, for example

  dak process-upload
  dak process-new
  dak process-commands

will not complete filenames when pressing tab. Some options are also
suggested, but they are also quite outdated.

Please let the completion at least fall back to filenames when there are
no better alternatives.

Ansgar

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/12 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages zsh depends on:
ii  libc6  2.13-35
ii  libcap21:2.22-1.2
ii  libtinfo5  5.9-10

Versions of packages zsh recommends:
ii  libc6 2.13-35
ii  libncursesw5  5.9-10
ii  libpcre3  1:8.30-5

Versions of packages zsh suggests:
pn  zsh-doc  

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#645487: [Debian-med-packaging] Bug#645487: ensembl: includes GPL code without source

2012-10-29 Thread Ansgar Burchardt 
Ansgar Burchardt  writes:
> "Steffen Möller"  writes:
>> Formally speaking there is nothing to argue about. We should remove that 
>> .jar. 
>> To grant us some more time to orchestrate the individuals behind that
>> package and get up to speed with the much progressed upstream
>> developments, may I ask for an exempt for the Ensembl package, not
>> harming too many in experimental, from [1] for another while, please?
>
> Can you give an estimate how long this would take?
>
> Temporary removal from the archive might be an option if it takes
> longer.  The package could return once the issue is fixed (just like a
> new package).

Any news about this?

Ansgar


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#691727: libdbd-pg-perl: Build failed when PostgreSQL is installed

2012-10-29 Thread Ansgar Burchardt 
Control: tag -1 moreinfo

On 10/29/2012 09:29 AM, Xavier Guimard wrote:
> When "make test" find an initdb, 01connect test fails line 79/ It wants
> an error and nothing is returned. When
> /usr/lib/postgresql/9.1/bin/initdb isn't present, All works find.
> 
> PostgreSQL version : 9.1+134wheezy1

libdbd-pg-perl build-depends on postgresql for the test suite so initdb
should always be there.  I just tried rebuilding it with sbuild in
unstable and there were no errors.

Please send (the relevant part of) the build log.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#691727: libdbd-pg-perl: Build failed when PostgreSQL is installed

2012-10-29 Thread Ansgar Burchardt 
On 10/29/2012 11:22 AM, Xavier wrote:
> dh_auto_test fails on my PC but works with pbuilder. When I remove
> initdb, tests are skipped so it works.
> I've just take a look at PostgreSQL log. It reports that the
> username(postgres) and the authenticated username(xavier) doesn't match.

Which log file did you look at? The test suite creates its own cluster
and should connect to that.

> ---8<---
> make[1]: quittant le répertoire « /tmp/t/libdbd-pg-perl-2.19.2 »
>dh_auto_test
> make[1]: entrant dans le répertoire « /tmp/t/libdbd-pg-perl-2.19.2 »
> PGINITDB="/usr/lib/postgresql/9.1/bin/initdb" PERL_DL_NONLAZY=1
> /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0,
> 'blib/lib', 'blib/arch')" t/*.t
> t/00_signature.t  skipped: Set the environment variable
> TEST_SIGNATURE to enable this test
> t/00basic.t . ok
> Please wait, creating new database for testing
> 
> #   Failed test 'Connect with invalid option fails'
> #   at t/01connect.t line 79.
> #   ''
> # doesn't match '(?^:DBI connect.+failed:)'
[...]
> # Looks like you failed 1 test of 15.
> t/01connect.t ...
> Dubious, test returned 1 (wstat 256, 0x100)
> --->8---

Hmm, does anything change when you build in the "C" locale instead of
the French one (LC_ALL=C)?

Ansgar


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#691849: pts: link to mail archive for maintainer mailing list

2012-10-30 Thread Ansgar Burchardt 
Package: qa.debian.org
Severity: wishlist

I would be nice if the PTS would include a link to the maintainer mailing list
archive (at least if it is on lists.(alioth.)?d.o).

There's already one such link on packages.d.o in the "Maintainers" section on
the right side, see for example [1].

  [1] 

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#688149: RM: gmsh [m68k] -- ROM

2012-09-20 Thread Ansgar Burchardt 
Hi,

Anton Gladky  writes:
> Please, remove gmsh_2.3.0.dfsg-1 from unstable, m68k-platform,
> because there is a license incompatibility. Please, see #617931 [1]
> for more detailed information.

I haven't checked as I have limited internet connection right now, but
are old versions of gmsh that have been in Debian also undistributable?
In that case they should be removed from snapshots.debian.org (or made
no longer accessible).

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#688491: debsign: please allow signing .dak-commands files

2012-09-22 Thread Ansgar Burchardt 
Package: devscripts
Version: 2.12.2
Severity: wishlist
File: /usr/bin/debsign

It would be nice if debsign would allow to sign .dak-commands files.
They have an optional Uploader field in the first section which could be
used to guess the keyid used for signing (similar to .commands files).

See [1] for more details.

Ansgar

  [1] 


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#688492: dput: please allow uploading .dak-commands files

2012-09-22 Thread Ansgar Burchardt 
Package: dput
Version: 0.9.6.3
Severity: wishlist
File: /usr/bin/dput

Please allow dput to upload .dak-commands files.  See [1] for more
details.

Ansgar

  [1] 


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#688493: please allow uploading .dak-commands files

2012-09-22 Thread Ansgar Burchardt 
Package: dupload
Version: 2.7.0
Severity: wishlist

Please allow uploading .dak-commands files with dupload.  See [1] for
more details.

Ansgar

  [1] 


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#688494: lintian: please warn about obsolete DM-Upload-Allowed field

2012-09-22 Thread Ansgar Burchardt 
Package: lintian
Version: 2.5.10.2
Severity: minor

With the recent changes to dak[1] the DM-Upload-Allowed field has been
obsoleted.  It would be nice if lintian would warn about packages still
using it.

There is also an open bug against Policy[2] to document this change.

Ansgar

  [1] 
  [2] 


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#688490: Please publish who gave the current DM upload permissions

2012-09-23 Thread Ansgar Burchardt 
Bart Martens  writes:
> Please publish which DD (fingerprint) gave DM upload permissions for which
> package (source package name) to which DM (fingerprint).  I suggest to publish
> this information only for DM upload permissions that are currently in effect.

That should be fairly easy to change.  Would this format be okay:


Fingerprint: a-fingerprint
Uid: A Maintainer 
Allow:
 a-package (fpr-of-dd-who-granted-upload-permission),
 another-package (fpr-of-another-dd-who-granted-upload-permission)


I guess it would be okay to change the format of dm.txt instead of
introducing a new file for this as it was only introduced very recently
and nobody should be using it yet.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#685131: Bug#68131: Please change Nicolas Bourdaud email

2012-09-23 Thread Ansgar Burchardt 
Nicolas Bourdaud  writes:
> Especially, I have seen the first point of the advantage list:
>
> On 22/09/2012 10:06, Ansgar Burchardt wrote:
>> This new interface has various advantages over the old DMUA-flag
>> style:
>>
>>  - No longer bound to whatever GnuPG thinks of as "primary UID" on a 
>>key, solely uses the key fingerprint now.
>
> Does this mean that my bug concerning the wrong email address
> (http://bugs.debian.org/68131) listed in the Debian Maintainer list has
> now been solved by the new procedures?

Mostly, yes.  You can upload packages with any of your email addresses
when you use the new system.

There are however still some places where we use the address we have
stored in the database, but those are either informative (eg. the uid
shown in [1]) or just used to get to the key fingerprint.

Ansgar

[1] <https://ftp-master.debian.org/dm.txt>


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#688875: paraview: cannot select and copy current time

2012-09-26 Thread Ansgar Burchardt 
Package: paraview
Version: 3.14.1-7
Severity: wishlist
Tags: upstream

It is not possible to select and copy the current time from the "Current Time
Controls" toolbar. It would be nice if this was possible instead of having to
enter this information by hand into another program.

Ansgar

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-30-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages paraview depends on:
ii  libavcodec53  6:0.8.3-7
ii  libavformat53 6:0.8.3-7
ii  libavutil51   6:0.8.3-7
ii  libc6 2.13-35
ii  libexpat1 2.1.0-1
ii  libfreetype6  2.4.9-1
ii  libgcc1   1:4.7.2-2
ii  libgl1-mesa-glx [libgl1]  8.0.4-2
ii  libhdf5-7 [libhdf5-7] 1.8.8-9
ii  libjpeg8  8d-1
ii  libmysqlclient18  5.5.24+dfsg-9
ii  libogg0   1.3.0-4
ii  libopenmpi1.3 1.4.5-1
ii  libpng12-01.2.49-3
ii  libpq59.1.6-1
ii  libpython2.7  2.7.3-5
ii  libqt4-help   4:4.8.2+dfsg-2
ii  libqt4-network4:4.8.2+dfsg-2
ii  libqt4-sql4:4.8.2+dfsg-2
ii  libqtcore44:4.8.2+dfsg-2
ii  libqtgui4 4:4.8.2+dfsg-2
ii  libqtwebkit4  2.2.1-4+b1
ii  libsqlite3-0  3.7.14-1
ii  libstdc++64.7.2-2
ii  libswscale2   6:0.8.3-7
ii  libtheora01.1.1+dfsg.1-3.1
ii  libtiff4  3.9.6-7
ii  libx11-6  2:1.5.0-1
ii  libxml2   2.8.0+dfsg1-5
ii  libxt61:1.1.3-1
ii  qt4-dev-tools 4:4.8.2+dfsg-2
ii  tcl8.5 [tclsh]8.5.11-2
ii  zlib1g1:1.2.7.dfsg-13

Versions of packages paraview recommends:
ii  mpi-default-bin  1.0.1
pn  paraview-doc 
ii  paraview-python  3.14.1-7

Versions of packages paraview suggests:
pn  h5utils 
pn  hdf5-tools  

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#689010: unblock: libquvi-scripts/0.4.8-3

2012-09-28 Thread Ansgar Burchardt 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock libquvi-scripts. It includes a fix for YouTube.

unblock libquvi-scripts/0.4.8-3

Ansgar
diff -Nru libquvi-scripts-0.4.8/debian/changelog libquvi-scripts-0.4.8/debian/changelog
--- libquvi-scripts-0.4.8/debian/changelog	2012-09-02 18:46:49.0 +0200
+++ libquvi-scripts-0.4.8/debian/changelog	2012-09-28 10:16:13.0 +0200
@@ -1,3 +1,11 @@
+libquvi-scripts (0.4.8-3) unstable; urgency=low
+
+  * Backport upstream patch for new signature parameter on YouTube.
+(Closes: #688972)
++ new patch: 688972-youtube.diff
+
+ -- Ansgar Burchardt   Fri, 28 Sep 2012 10:14:26 +0200
+
 libquvi-scripts (0.4.8-2) unstable; urgency=low
 
   * Upload to unstable.
diff -Nru libquvi-scripts-0.4.8/debian/patches/688972-youtube.diff libquvi-scripts-0.4.8/debian/patches/688972-youtube.diff
--- libquvi-scripts-0.4.8/debian/patches/688972-youtube.diff	1970-01-01 01:00:00.0 +0100
+++ libquvi-scripts-0.4.8/debian/patches/688972-youtube.diff	2012-09-28 10:14:05.0 +0200
@@ -0,0 +1,33 @@
+From 5b1c00284e1bae3069b51d07d84d3a096ca6bfcf Mon Sep 17 00:00:00 2001
+From: Martin Herkt 
+Date: Thu, 27 Sep 2012 13:45:27 +0200
+Subject: [PATCH] Fix youtube.lua
+Bug-Debian: http://bugs.debian.org/688972
+
+YouTube has added a new "signature" parameter to their playback URLs.
+Append this parameter to the URL if url_encoded_fmt_stream_map contains
+"sig".
+---
+ share/lua/website/youtube.lua |6 +-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/share/lua/website/youtube.lua b/share/lua/website/youtube.lua
+index e7fc60c..39cc31d 100644
+--- a/share/lua/website/youtube.lua
 b/share/lua/website/youtube.lua
+@@ -125,7 +125,11 @@ function YouTube.iter_formats(config, U)
+ for f in fmt_stream_map:gmatch('([^,]*),') do
+ local d = U.decode(f)
+ if d['itag'] and d['url'] then
+-urls[U.unescape(d['itag'])] = U.unescape(d['url'])
++local uurl = U.unescape(d['url'])
++if d['sig'] then
++uurl = uurl .. "&signature=" .. U.unescape(d['sig'])
++end
++urls[U.unescape(d['itag'])] = uurl
+ end
+ end
+ 
+-- 
+1.7.10.4
+
diff -Nru libquvi-scripts-0.4.8/debian/patches/series libquvi-scripts-0.4.8/debian/patches/series
--- libquvi-scripts-0.4.8/debian/patches/series	1970-01-01 01:00:00.0 +0100
+++ libquvi-scripts-0.4.8/debian/patches/series	2012-09-28 10:12:39.0 +0200
@@ -0,0 +1 @@
+688972-youtube.diff

Bug#693288: src:jsxgraph: maintainer address bounces

2012-11-14 Thread Ansgar Burchardt 
Source: jsxgraph
Severity: serious
X-Debbugs-Cc: Georges Khaznadar 

The maintainer address for jsxgraph bounces:

Mail Delivery System  writes:
> This message was created automatically by mail delivery software.
>
> A message that you sent could not be delivered to one or more of its
> recipients. This is a permanent error. The following address(es) failed:
>
>   georg...@ofset.org
> Unrouteable address
>
> -- This is a copy of the message, including all the headers. --
>
> Return-path: 
> Received: from dak by franck.debian.org with local (Exim 4.72)
>   (envelope-from )
>   id 1TYlkr-00026l-1N; Wed, 14 Nov 2012 22:48:21 +
> Date: Wed, 14 Nov 2012 22:48:21 +
> Message-Id: 
> From: Debian FTP Masters 
> To: Georges Khaznadar , Tobias Hansen 
> X-DAK: dak process-upload
> X-Debian: DAK
> X-Debian-Package: jsxgraph
> Precedence: bulk
> MIME-Version: 1.0
> Content-Type: text/plain; charset="utf-8"
> Content-Transfer-Encoding: 8bit
> Subject: jsxgraph_0.83+svn1872~dfsg1-0.1_amd64.changes ACCEPTED into unstable
> Sender: Archive Administrator 
>
[...]

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#645487: Removing ensembl from the archive

2012-11-16 Thread Ansgar Burchardt 
Hi,

I have just removed ensembl from the archive: in its current form it is
not distributable by Debian and there has been no progress or even a
timeframe. It also has several other open RC bugs, some of which have
been open for quite some time.

Once the current problems are fixed, ensembl can of course come back to
the archive just like other removed packages. I'll also not close the
currently open bugs to make it easier to keep track of them for the
eventual reintroduction.

Regards,
Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#693489: RM: ensembl -- RoQA; includes GPL code without source

2012-11-16 Thread Ansgar Burchardt 
Package: snapshot.debian.org
Severity: normal

Please remove ensembl (non-free) from snapshot.debian.org. It contains
GPL code without source, see #645487 and #689749 for details.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#693491: dak rm -D doesn't close forwarded bugs

2012-11-16 Thread Ansgar Burchardt 
Package: ftp.debian.org
Severity: minor
User: ftp.debian@packages.debian.org

dak rm -D does not close forwarded bugs:

Date: Sat, 17 Nov 2012 00:30:33 +
[...]
Sources:
 gtodo_0.16.0~rc2-1.2
[...]
Also-Bugs: 270163 318588 504406 524217 541485 549437 565212 569674 581892 
583223 599860 666078 685990

But #237656 and #294683 were left open. I suspect this happens because they are
forwarded.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#611312: ftp.debian.org: consider creating a tpu-new queue similar to (o)pu-new

2012-11-17 Thread Ansgar Burchardt 
Julien Cristau  writes:
> there's been some discussion in the release team in the last few months
> about wanting a tpu-new queue as for stable and oldstable, which would
> make it easier to tell people they can put tpu in their sources.list so
> these packages get some exposure before getting into testing proper, and
> make it less likely that stuff gets into tpu but never into testing.
> Others can probably fill in if I forgot something.
>
> Is this something ftpmaster would consider?

There hasn't been a reply to Joerg's earlier answer[1] so I am wondering
if the release team is still interested in this?

  [1] 

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#690957: unblock: ia32-libs/1:0.3

2012-11-17 Thread Ansgar Burchardt 
"Adam D. Barratt"  writes:
> As before, the only thing of note in the upgrade was the debconf prompts
> from lib{nss,pam}-ldapd.

I reopened #684029 and suggested to lower the Recommends further to a
Suggests.  Do you want to wait for this change or migrate ia32-libs to
wheezy as it currently is and later migrate an updated version?

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#684029: ia32-libs-i386: downgrade Recommends on lib{nss,pam}-ldap, libldap-2.4-2 to Suggests

2012-11-17 Thread Ansgar Burchardt 
Control: reopen 684029
Control: notfixed 684029 1:0.2

When installing ia32-libs in wheezy, there can be debconf prompts for
lib{nss,pam}-ldap.  For this reason the Depends on these packages was
already lowered to a Recommends, but as they are installed by default
the prompts will still appear.

Please consider lowering the Recommends further to a Suggests as
suggested in [1].  It might be a good idea to mention that in
NEWS.Debian so users upgrading from Squeeze are not taken by surprise.

  [1] 

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#684029: ia32-libs-i386: downgrade Recommends on lib{nss,pam}-ldap, libldap-2.4-2 to Suggests

2012-11-19 Thread Ansgar Burchardt 
Hi,

I talked to the release team on IRC and they would like to have the
problem with the debconf questions dealt with before migrating the new
multi-arch ia32-libs to testing. It would be nice if you could look at
this soon so we can get rid of the old ia32-libs soon.

Regards,
Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#693885: src:mathgl: non-free files in main (GFDL with Back/Front Cover Text)

2012-11-21 Thread Ansgar Burchardt 
Source: mathgl
Version: 1.11.2-14
Severity: serious
Control: found -1 2~rc1-3

Files: texinfo/*
Copyright: (C) 2008 Alexey Balakin 
License: GFDL-1.2+
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.2 or
 any later version published by the Free Software Foundation; with no
 Invariant Sections, with the Front-Cover Texts being ``A GNU Manual,''
 and with the Back-Cover Texts as in (a) below.  A copy of the
 license is included in the section entitled ``GNU Free Documentation
 License.''
 (a) The FSF's Back-Cover Text is: ``You have the freedom to
 copy and modify this GNU manual.  Buying copies from the FSF
 supports it in developing GNU and promoting software freedom.''

The GFDL is only free without Invariant Sections and without Front- and
Back-Cover Texts.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#693885: src:mathgl: non-free files in main (GFDL with Back/Front Cover Text)

2012-11-22 Thread Ansgar Burchardt 
On 11/22/2012 11:14 AM, Sébastien Villemot wrote:
> Dimitrios has contacted the upstream author, and he agrees to remove the
> front- and back-cover texts.
> 
> Ansgar: is it ok for ftpmasters if we fix this issue by just changing
> the debian/copyright file (possibly pointing to some public location
> like a SVN commit as a proof of the relicensing)? or do you require
> upload with a new orig tarball?

Just updating d/copyright with this information is fine. Thanks for
looking into it and also thanks to upstream :)

Ansgar


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#693990: owncloud: multiple security issues

2012-11-22 Thread Ansgar Burchardt 
Source: owncloud
Severity: grave
Tags: security

The new upstream release 4.0.9 / 4.5.2 fixes multiple security issues.
>From the changelog[1]:

  [1] 


Version 4.0.9 Nov 14th 2012

Several critical security fixes
Multiple XSS vulnerabilities (oC-SA-2012-001)
Timing attack in the “Lost Password” implementation (oC-SA-2012-002)
Code Execution in /lib/migrate.php (oC-SA-2012-004)
Code Execution in /lib/filesystem.php (oC-SA-2012-005)


More details seem to be available here:

http://owncloud.org/security/advisories/oC-SA-2012-001
http://owncloud.org/security/advisories/oC-SA-2012-002
http://owncloud.org/security/advisories/oC-SA-2012-004
http://owncloud.org/security/advisories/oC-SA-2012-005

Please also update the version in wheezy if necessary.

Ansgar


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#648272: abuse-frabs: Claudio add-on does not allow distribution or commercial use

2012-11-24 Thread Ansgar Burchardt 
Markus Koschany  writes:
> I guess it is possible to replace the claudio graphics with other ones
> but this will result in another game and won't be trivial. Perhaps we
> should admit that abuse is better off in non-free where the sound files
> reside already. Mutilating this game is no option IMO.
>
> Of course moving the game to non-free is only possible if it doesn't
> contain original material from DOOM. But here i'm at my wit's end. 

Moving to non-free is however only possible if the files are
distributable.  At least the title of this bug suggests this might not
be the case (I haven't looked at it).

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#694474: MasonX::Request::WithMultiSession needs Digest::SHA1

2012-11-26 Thread Ansgar Burchardt 
Package: libmasonx-request-withapachesession-perl
Version: 0.30-3
Severity: serious

perl -MMasonX::Request::WithMultiSession fails:


% perl -MMasonX::Request::WithMultiSession   
Can't locate Digest/SHA1.pm in @INC (@INC contains: /etc/perl 
/usr/local/lib/perl/5.14.2 /usr/local/share/perl/5.14.2 /usr/lib/perl5 
/usr/share/perl5 /usr/lib/perl/5.14 /usr/share/perl/5.14 
/usr/local/lib/site_perl .) at 
/usr/share/perl5/MasonX/Request/WithMultiSession.pm line 5.
BEGIN failed--compilation aborted at 
/usr/share/perl5/MasonX/Request/WithMultiSession.pm line 5.
Compilation failed in require.
BEGIN failed--compilation aborted.


The use of Digest::SHA1 should be replaced with Digest::SHA (which is provided
by the perl package and needs no additional dependency).

Ansgar

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-32-generic (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libmasonx-request-withapachesession-perl depends on:
ii  libapache-session-perl  1.89-1
ii  libapache-session-wrapper-perl  0.34-1
ii  libhtml-mason-perl  1:1.50-1
ii  perl [perl5]5.14.2-15

Versions of packages libmasonx-request-withapachesession-perl recommends:
pn  libapache2-mod-perl2  

libmasonx-request-withapachesession-perl suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#694476: lib/MT/AtomServer.pm and others use Digest::SHA1

2012-11-26 Thread Ansgar Burchardt 
Package: src:movabletype-opensource
Version: 5.1.4+dfsg-1
Severity: important

lib/MT/AtomServer.pm and others use Digest::SHA1 which is no longer in
Debian. It should use Digest::SHA instead which is part of the core
modules included with the perl interpreter since 5.10.

In most cases just replacing Digest::SHA1 by Digest::SHA should be
enough.  Also change Digest/SHA1.pm to Digest/SHA.pm.

Ansgar

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/12 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#694484: lib/RT/CurrentUser.pm uses Digest::SHA1

2012-11-26 Thread Ansgar Burchardt 
Package: src:request-tracker4
Version: 4.0.7-2
Severity: important

lib/RT/CurrentUser.pm uses Digest::SHA1 which is no longer in Debian. It
should use Digest::SHA instead which is part of the core modules
included with the perl interpreter since 5.10.

In most cases just replacing Digest::SHA1 by Digest::SHA should be
enough.  Also change Digest/SHA1.pm to Digest/SHA.pm.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#694486: lib/LWP/Authen/Wsse.pm uses Digest::SHA1

2012-11-26 Thread Ansgar Burchardt 
Package: liblwp-authen-wsse-perl
Version: 0.05-1
Severity: serious

lib/LWP/Authen/Wsse.pm uses Digest::SHA1 which is no longer in Debian.
It should use Digest::SHA instead which is part of the core modules
included with the perl interpreter since 5.10.

In most cases just replacing Digest::SHA1 by Digest::SHA should be
enough.  Also change Digest/SHA1.pm to Digest/SHA.pm.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#679326: debian-policy: DM-Upload-Allowed field is obsolete

2012-11-26 Thread Ansgar Burchardt 
Charles Plessy  writes:
> now that the implementation changed
> (http://lists.debian.org/87vcf6lbw4@deep-thought.43-1.org), I propose the
> following patch to obsolete the DM-Upload-Allowed field.
>
> This patch creates a new subsection for obsoleted fields.  Alternatively we 
> can
> concentrate the information where it is, in 5.6.25.  Deleting it would cause
> some other sub-subsections to be renumbered, so I think that it is better to
> avoid.

Seconded.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#685144: src:torcs: missing source for included Windows libraries

2012-08-17 Thread Ansgar Burchardt 
Package: src:torcs
Version: 1.3.3-1
Severity: serious

The source package includes libraries for Win32 in binary form only in
src/windows/*; some of those are released under the LGPL (OpenAL).
Please either include the source or remove the binary-only libraries
from the source package (in this case you might also want to remove the
CVS directories).

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#685149: missing source for included Windows libraries

2012-08-17 Thread Ansgar Burchardt 
Package: src:gentle
Version: 1.9+cvs20100605+dfsg-1
Severity: serious

The source package includes libraries for Win32 in binary form only, for
example libmySQL.* and sqlite*.dll.  As far as I know the former is also
released under the GPL.

Please either include the source or remove the binary-only libraries
from the source package.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#685150: src:abe: missing source for included Windows libraries

2012-08-17 Thread Ansgar Burchardt 
Package: src:abe
Version: 1.1-1
Severity: serious

The source package includes libraries for Win32 in binary form only:
SDL.dll, SDL_mixer.dll.  As far as I know the former is released under
the (L)GPL so not providing the source is a license violation.

Please either include the source or remove the binary-only libraries
from the source package.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#685151: RM: afio [hurd-i386 kfreebsd-amd64 kfreebsd-i386] -- RoQA; fails to build on !linux; blocks move from main to non-free

2012-08-17 Thread Ansgar Burchardt 
Package: ftp.debian.org
Severity: normal

Please remove the afio binaries from non-Linux ports where it currently
fails to build.

afio moved from main to non-free and this blocks the (automatic) removal
from main.  It also keeps overrides for both main and non-free which
causes a few bugs (eg. afio/non-free included in main's Sources.gz).

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#683835: src:nss: please use xz compression

2012-08-19 Thread Ansgar Burchardt 
Mike Hommey  writes:
> On Sat, Aug 04, 2012 at 06:18:05PM +0200, Ansgar Burchardt wrote:
>> Please use xz compression for the binary packages (patch attached).
>> We are trying to fit a few more packages on the first CDs to get a
>> usable desktop install with it, see [1] for more details.
>> 
>> I will request a freeze exception once the package is uploaded; please
>> keep in mind to not include additional changes.
>> 
>> [1] <https://lists.debian.org/debian-devel/2012/08/msg00049.html>
>
> Where has it been decided that we actually wanted to go further with
> this? I see no indication on a decision in that thread.

This was discussed during DebConf and was made a release goal there[2].
My last mails on -devel were more concerned about which packages to
change compression for and how to do so.

  [2] <http://lists.debian.org/debian-release/2012/07/msg00535.html>

Regards,
Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#685284: unblock: first bunch of packages switching to xz

2012-08-19 Thread Ansgar Burchardt 
Package: release.debian.org
Usertags: xz-for-wheezy

Please unblock these uploads of packages switching to xz compression.
They should have no source changes besides a new changelog entry:

unblock empathy/3.4.2.3-1+build1
unblock eog/3.4.2-1+build1
unblock epiphany-browser/3.4.2-1+build1
unblock evince/3.4.0-2+build1
unblock gconf/3.2.5-1+build1
unblock gnome-terminal/3.4.1.1-1+build1
unblock gnome-user-docs/3.4.2-1+build1
unblock libgweather/3.4.1-1+build1
unblock nautilus/3.4.2-1+build1

And these packages having trivial changes to switch to xz compression
(debdiff attached):

unblock app-install-data/2012.06.16.1
unblock gnome-packagekit/3.4.2-2
unblock oxygencursors/0.0.2012-06-kde4.8-2.1
unblock xkeyboard-config/2.5.1-2

Please also unblock pkg-kde-tools.  It changes the default compression
for most KDE package to xz.

unblock pkg-kde-tools/0.15.2

Ansgar

diff -Nru app-install-data-2012.06.16/debian/changelog app-install-data-2012.06.16.1/debian/changelog
--- app-install-data-2012.06.16/debian/changelog	2012-06-16 21:06:39.0 +0200
+++ app-install-data-2012.06.16.1/debian/changelog	2012-08-06 15:43:28.0 +0200
@@ -1,3 +1,10 @@
+app-install-data (2012.06.16.1) unstable; urgency=low
+
+  [ Ansgar Burchardt ]
+  * debian/rules: Use xz compression for binary packages (Closes: #683830)
+
+ -- Julian Andres Klode   Mon, 06 Aug 2012 15:43:23 +0200
+
 app-install-data (2012.06.16) unstable; urgency=low
 
   * New snapshot
diff -Nru app-install-data-2012.06.16/debian/rules app-install-data-2012.06.16.1/debian/rules
--- app-install-data-2012.06.16/debian/rules	2012-06-16 21:06:39.0 +0200
+++ app-install-data-2012.06.16.1/debian/rules	2012-08-06 15:43:28.0 +0200
@@ -23,7 +23,7 @@
 	dh_installdeb
 	dh_gencontrol
 	dh_md5sums
-	dh_builddeb
+	dh_builddeb -- -Zxz
 
 # Build architecture-dependent files here.
 binary-arch: build install
diff -Nru gnome-packagekit-3.4.2/debian/changelog gnome-packagekit-3.4.2/debian/changelog
--- gnome-packagekit-3.4.2/debian/changelog	2012-05-15 20:23:34.0 +0200
+++ gnome-packagekit-3.4.2/debian/changelog	2012-08-05 16:56:51.0 +0200
@@ -1,3 +1,9 @@
+gnome-packagekit (3.4.2-2) unstable; urgency=low
+
+  * debian/rules: Use xz compression for binary packages (Closes: #683842)
+
+ -- Matthias Klumpp   Sat, 04 Aug 2012 21:46:48 +0200
+
 gnome-packagekit (3.4.2-1) unstable; urgency=low
 
   * New upstream bugfix release: 3.4.2
diff -Nru gnome-packagekit-3.4.2/debian/rules gnome-packagekit-3.4.2/debian/rules
--- gnome-packagekit-3.4.2/debian/rules	2012-05-15 20:23:34.0 +0200
+++ gnome-packagekit-3.4.2/debian/rules	2012-08-05 16:56:51.0 +0200
@@ -23,3 +23,6 @@
 
 override_dh_install:
 	dh_install --list-missing
+
+override_dh_builddeb:
+	dh_builddeb -- -Zxz
diff -u oxygencursors-0.0.2012-06-kde4.8/debian/changelog oxygencursors-0.0.2012-06-kde4.8/debian/changelog
--- oxygencursors-0.0.2012-06-kde4.8/debian/changelog
+++ oxygencursors-0.0.2012-06-kde4.8/debian/changelog
@@ -1,3 +1,10 @@
+oxygencursors (0.0.2012-06-kde4.8-2.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * debian/rules: Use xz compression for binary packages. (Closes: #683910)
+
+ -- Ansgar Burchardt   Sun, 05 Aug 2012 12:24:25 +0200
+
 oxygencursors (0.0.2012-06-kde4.8-2) unstable; urgency=low
 
   * Add myself to Uploaders.
diff -u oxygencursors-0.0.2012-06-kde4.8/debian/rules oxygencursors-0.0.2012-06-kde4.8/debian/rules
--- oxygencursors-0.0.2012-06-kde4.8/debian/rules
+++ oxygencursors-0.0.2012-06-kde4.8/debian/rules
@@ -65,7 +65,7 @@
 	dh_installdeb
 	dh_gencontrol
 	dh_md5sums
-	dh_builddeb
+	dh_builddeb -- -Zxz
 
 binary: binary-indep binary-arch
 .PHONY: clean binary-indep binary-arch binary install 
diff -u xkeyboard-config-2.5.1/debian/changelog xkeyboard-config-2.5.1/debian/changelog
--- xkeyboard-config-2.5.1/debian/changelog
+++ xkeyboard-config-2.5.1/debian/changelog
@@ -1,3 +1,10 @@
+xkeyboard-config (2.5.1-2) unstable; urgency=low
+
+  [ Ansgar Burchardt ]
+  * Use xz compression for binary packages (Closes: #683891).
+
+ -- Cyril Brulebois   Sun, 05 Aug 2012 11:54:19 +0200
+
 xkeyboard-config (2.5.1-1) unstable; urgency=low
 
   * New upstream release:
diff -u xkeyboard-config-2.5.1/debian/rules xkeyboard-config-2.5.1/debian/rules
--- xkeyboard-config-2.5.1/debian/rules
+++ xkeyboard-config-2.5.1/debian/rules
@@ -34,4 +34,7 @@
 	touch rules/base.o_k.part
 
+override_dh_builddeb:
+	dh_builddeb -- -Zxz
+
 %:
 	dh $@ --with quilt,autoreconf --builddirectory=build/
diff -Nru pkg-kde-tools-0.15.1/bugreport.cgi?msg=15;filename=0001-debian-qt-kde.mk-Use-xz-compression-by-default.-Clos.patch;att=1;bug=657243 pkg-kde-tools-0.15.2/bugreport.cgi?msg=15;filename=0001-debian-qt-kde.mk-Use-xz-compression-by-default.-Clos.patch;att=1;bug=657243
--- pkg-kde-tools-0.15.1/bugreport.cgi?msg=15;filename=0001-debian-qt-kde.mk-Use-xz-compression-by-default.-Clos.patch;att=1;bug=657243	1970-01-01 01:00:00.0 +0100
+++ pkg-kde-tools-0.15.2

Bug#685287: unblock or tpu: cdbs/0.4.117

2012-08-19 Thread Ansgar Burchardt 
)/ && $$bd =~ s/\bcdbs *\(>= (0\.4\.53|0\.4\.67~|0\.4\.69~|0\.4\.70~|0\.4\.72~|0\.4\.73~|0\.4\.75~|0\.4\.78~|0\.4\.85~|0\.4\.90~)\)/, /g;' \
-		-e '$$bd =~ /\bcdbs \(>= 0\.4\.90~\)/ && $$bd =~ s/\bcdbs *\(>= (0\.4\.53|0\.4\.67~|0\.4\.69~|0\.4\.70~|0\.4\.72~|0\.4\.73~|0\.4\.75~|0\.4\.78~|0\.4\.85~)\)/, /g;' \
-		-e '$$bd =~ /\bcdbs \(>= 0\.4\.85~\)/ && $$bd =~ s/\bcdbs *\(>= (0\.4\.53|0\.4\.67~|0\.4\.69~|0\.4\.70~|0\.4\.72~|0\.4\.73~|0\.4\.75~|0\.4\.78~)\)/, /g;' \
-		-e '$$bd =~ /\bcdbs \(>= 0\.4\.78~\)/ && $$bd =~ s/\bcdbs *\(>= (0\.4\.53|0\.4\.67~|0\.4\.69~|0\.4\.70~|0\.4\.72~|0\.4\.73~|0\.4\.75~)\)/, /g;' \
-		-e '$$bd =~ /\bcdbs \(>= 0\.4\.75~\)/ && $$bd =~ s/\bcdbs *\(>= (0\.4\.53|0\.4\.67~|0\.4\.69~|0\.4\.70~|0\.4\.72~|0\.4\.73~)\)/, /g;' \
-		-e '$$bd =~ /\bcdbs \(>= 0\.4\.73~\)/ && $$bd =~ s/\bcdbs *\(>= (0\.4\.53|0\.4\.67~|0\.4\.69~|0\.4\.70~|0\.4\.72~)\)/, /g;' \
-		-e '$$bd =~ /\bcdbs \(>= 0\.4\.72~\)/ && $$bd =~ s/\bcdbs *\(>= (0\.4\.53|0\.4\.67~|0\.4\.69~|0\.4\.70~)\)/, /g;' \
-		-e '$$bd =~ /\bcdbs \(>= 0\.4\.70~\)/ && $$bd =~ s/\bcdbs *\(>= (0\.4\.53|0\.4\.67~|0\.4\.69~)\)/, /g;' \
-		-e '$$bd =~ /\bcdbs \(>= 0\.4\.69~\)/ && $$bd =~ s/\bcdbs *\(>= (0\.4\.53|0\.4\.67~)\)/, /g;' \
-		-e '$$bd =~ /\bcdbs \(>= 0\.4\.67~\)/ && $$bd =~ s/\bcdbs *\(>= (0\.4\.53)\)/, /g;' \
+		-e '$$bd =~ /\bcdbs \(>= 0\.4\.106~\)/ && $$bd =~ s/\bcdbs *\(>= (0\.4\.90~|0\.4\.91~|0\.4\.93~|0\.4\.97~)\)/, /g;' \
+		-e '$$bd =~ /\bcdbs \(>= 0\.4\.97~\)/ && $$bd =~ s/\bcdbs *\(>= (0\.4\.90~|0\.4\.91~|0\.4\.93~)\)/, /g;' \
+		-e '$$bd =~ /\bcdbs \(>= 0\.4\.93~\)/ && $$bd =~ s/\bcdbs *\(>= (0\.4\.90~|0\.4\.91~)\)/, /g;' \
+		-e '$$bd =~ /\bcdbs \(>= 0\.4\.91~\)/ && $$bd =~ s/\bcdbs *\(>= (0\.4\.90~)\)/, /g;' \
 		-e '$$bd =~ $(cdbs_re_pkg_strip_unversioned_before_maybeversioned);' \
 		-e '$$bd =~ $(cdbs_re_pkg_strip_versioned_before_sameversioned);' \
 		-e '$$bd =~ $(cdbs_re_pkg_strip_unversioned_after_versioned);' \
diff -Nru cdbs-0.4.115/1/rules/debhelper.mk.in cdbs-0.4.117/1/rules/debhelper.mk.in
--- cdbs-0.4.115/1/rules/debhelper.mk.in	2011-09-12 09:51:13.0 +0200
+++ cdbs-0.4.117/1/rules/debhelper.mk.in	2012-07-07 14:32:43.0 +0200
@@ -87,16 +87,15 @@
 DH_COMPAT = 5
 endif
 
-# build-depend unversioned when satisfied even in oldstable
+# build-depend unversioned when satisfied in all supported distributions
 CDBS_BUILD_DEPENDS_rules_debhelper_v4 ?= debhelper
 CDBS_BUILD_DEPENDS_rules_debhelper_v5 ?= debhelper
 CDBS_BUILD_DEPENDS_rules_debhelper_v6 ?= debhelper
-
 CDBS_BUILD_DEPENDS_rules_debhelper_v7 ?= debhelper
+CDBS_BUILD_DEPENDS_rules_debhelper_v8 ?= debhelper
 
 # by default build-depend on version matching compat level
-# * recent cdbs needed for dh_prep fix
-CDBS_BUILD_DEPENDS_rules_debhelper_v$(DH_COMPAT) ?= cdbs (>= 0.4.85~), debhelper (>= $(DH_COMPAT)~)
+CDBS_BUILD_DEPENDS_rules_debhelper_v$(DH_COMPAT) ?= debhelper (>= $(DH_COMPAT)~)
 CDBS_BUILD_DEPENDS += , $(CDBS_BUILD_DEPENDS_rules_debhelper_v$(DH_COMPAT))
 
 CDBS_BUILD_DEPENDS_rules_debhelper_buildinfo ?= dh-buildinfo
diff -Nru cdbs-0.4.115/1/rules/upstream-tarball.mk.in cdbs-0.4.117/1/rules/upstream-tarball.mk.in
--- cdbs-0.4.115/1/rules/upstream-tarball.mk.in	2012-04-23 08:46:54.0 +0200
+++ cdbs-0.4.117/1/rules/upstream-tarball.mk.in	2012-07-07 13:47:02.0 +0200
@@ -22,9 +22,6 @@
 
 include $(_cdbs_rules_path)/buildvars.mk$(_cdbs_makefile_suffix)
 
-CDBS_BUILD_DEPENDS_rules_upstream-tarball ?= cdbs (>= 0.4.70~)
-CDBS_BUILD_DEPENDS += , $(CDBS_BUILD_DEPENDS_rules_upstream-tarball)
-
 # Prefix for upstream location of all upstream tarballs (mandatory!)
 #DEB_UPSTREAM_URL = 
 
diff -Nru cdbs-0.4.115/1/rules/utils.mk.in cdbs-0.4.117/1/rules/utils.mk.in
--- cdbs-0.4.115/1/rules/utils.mk.in	2012-03-08 03:17:33.0 +0100
+++ cdbs-0.4.117/1/rules/utils.mk.in	2012-07-07 14:06:22.0 +0200
@@ -52,7 +52,7 @@
 
 DEB_PHONY_RULES += list-missing
 
-CDBS_BUILD_DEPENDS_rules_utils_copyright-check ?= cdbs (>= 0.4.69~), devscripts
+CDBS_BUILD_DEPENDS_rules_utils_copyright-check ?= devscripts
 CDBS_BUILD_DEPENDS += , $(CDBS_BUILD_DEPENDS_rules_utils_copyright-check)
 
 CDBS_BUILD_DEPENDS_rules_utils_upstream_cruft ?= cdbs (>= 0.4.106~)
diff -Nru cdbs-0.4.115/debian/changelog cdbs-0.4.117/debian/changelog
--- cdbs-0.4.115/debian/changelog	2012-06-22 17:22:04.0 +0200
+++ cdbs-0.4.117/debian/changelog	2012-08-05 10:38:54.0 +0200
@@ -1,3 +1,21 @@
+cdbs (0.4.117) unstable; urgency=low
+
+  * Have gnome.mk use xz compression by default.
+Closes: bug#683819. Thanks to Ansgar Burchardt.
+
+ -- Jonas Smedegaard   Sun, 05 Aug 2012 10:38:47 +0200
+
+cdbs

Bug#685284: unblock: first bunch of packages switching to xz

2012-08-19 Thread Ansgar Burchardt 
Ansgar Burchardt  writes:
> And these packages having trivial changes to switch to xz compression
> (debdiff attached):
>
> unblock app-install-data/2012.06.16.1
> unblock gnome-packagekit/3.4.2-2
> unblock oxygencursors/0.0.2012-06-kde4.8-2.1
> unblock xkeyboard-config/2.5.1-2

And two more in this category I missed:

unblock fftw3/3.3.2-3.1
unblock flite/1.4-release-6

Ansgar
diff -Nru fftw3-3.3.2/debian/changelog fftw3-3.3.2/debian/changelog
--- fftw3-3.3.2/debian/changelog	2012-06-10 12:18:44.0 +0200
+++ fftw3-3.3.2/debian/changelog	2012-08-05 20:51:22.0 +0200
@@ -1,3 +1,10 @@
+fftw3 (3.3.2-3.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * debian/rules: Use xz compression for binary packages.
+
+ -- Ansgar Burchardt   Sun, 05 Aug 2012 16:38:56 +0200
+
 fftw3 (3.3.2-3) unstable; urgency=low
 
   * disable neon for armel, it has no fpu
diff -Nru fftw3-3.3.2/debian/rules fftw3-3.3.2/debian/rules
--- fftw3-3.3.2/debian/rules	2012-06-10 12:18:44.0 +0200
+++ fftw3-3.3.2/debian/rules	2012-08-05 20:51:22.0 +0200
@@ -123,7 +123,7 @@
 	dh_installdeb -i
 	dh_gencontrol -i
 	dh_md5sums -i
-	dh_builddeb -i
+	dh_builddeb -i -- -Zxz
 
 binary-arch: build-arch
 	# build fftw3
@@ -151,7 +151,7 @@
 	dh_shlibdeps -a
 	dh_gencontrol -a
 	dh_md5sums -a
-	dh_builddeb -a
+	dh_builddeb -a -- -Zxz
 
 binary: binary-indep binary-arch
 
diff -Nru flite-1.4-release/debian/changelog flite-1.4-release/debian/changelog
--- flite-1.4-release/debian/changelog	2012-06-08 23:07:43.0 +0200
+++ flite-1.4-release/debian/changelog	2012-08-05 12:35:18.0 +0200
@@ -1,3 +1,13 @@
+flite (1.4-release-6) unstable; urgency=low
+
+  [ Cyril Brulebois ]
+  * Team upload.
+
+  [ Ansgar Burchard ]
+  * debian/rules: Use xz compression for binary packages (Closes: #683906).
+
+ -- Cyril Brulebois   Sun, 05 Aug 2012 12:35:17 +0200
+
 flite (1.4-release-5) unstable; urgency=low
 
   * control:
diff -Nru flite-1.4-release/debian/rules flite-1.4-release/debian/rules
--- flite-1.4-release/debian/rules	2012-06-08 23:07:24.0 +0200
+++ flite-1.4-release/debian/rules	2012-08-05 12:21:44.0 +0200
@@ -116,7 +116,7 @@
 	dh_shlibdeps
 	dh_gencontrol
 	dh_md5sums
-	dh_builddeb
+	dh_builddeb -- -Zxz
 
 binary: binary-indep binary-arch
 .PHONY: build build-arch build-indep clean binary-indep binary-arch binary install

Bug#685585: src:fex: GPL + additional restrictions

2012-08-21 Thread Ansgar Burchardt 
Source: fex
Version: 20120215-3
Control: found -1 20100208+debian1-1+squeeze3
Severity: serious

Philipp Kern  writes:
> On Sat, Aug 18, 2012 at 09:13:42PM +0100, Adam D. Barratt wrote:
>> + YOU ARE NOT ALLOWED TO USE THIS SOFTWARE FOR MILITARY PURPOSES OR WITHIN
>> + MILITARY ORGANIZATIONS! THIS INCLUDES ALSO MILITARY RESEARCH AND
>> + EDUCATION!
>> That doesn't really seem like something Debian can really meet or
>> enforce...
>
> Hereby bringing this to the attention of the ftp-masters. fex is in main
> but includes that clause on top of AGPL-3.
>
> Which probably means for one that it's no longer compatible with GPL code,
> which might or might not be relevant, and, more severly, it's not compatible
> with the DFSG.

That clause is an additional restriction to the GPL and makes fex
undistributable by Debian (not even in non-free).

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#683895: src:libav: please use xz compression for binary packages

2012-08-23 Thread Ansgar Burchardt 
Ansgar Burchardt  writes:
> Please use xz compression for the binary packages (patch attached).
> We are trying to fit a few more packages on the first CDs to get a
> usable desktop install with it, see [1] for more details.
>
> I will request a freeze exception once the package is uploaded; please
> keep in mind to not include additional changes.
>
> [1] <https://lists.debian.org/debian-devel/2012/08/msg00049.html>

The last libav update migrated to testing a few days ago.  Could you
apply the patch for xz compression or would you like me to prepare a
NMU for you?

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#683893: mutt: diff for NMU version 1.5.21-6.2

2012-08-23 Thread Ansgar Burchardt 
tags 683893 + pending
thanks

Dear maintainer,

I've prepared an NMU for mutt (versioned as 1.5.21-6.2) and
uploaded it to DELAYED/5. Please feel free to tell me if I
should delay it longer.

Regards.
diff -u mutt-1.5.21/debian/rules mutt-1.5.21/debian/rules
--- mutt-1.5.21/debian/rules
+++ mutt-1.5.21/debian/rules
@@ -188,7 +188,7 @@
dh_shlibdeps
dh_gencontrol
dh_md5sums
-   dh_builddeb
+   dh_builddeb -- -Zxz
 
 build-indep binary-indep:
@echo "Nothing to do."
diff -u mutt-1.5.21/debian/changelog mutt-1.5.21/debian/changelog
--- mutt-1.5.21/debian/changelog
+++ mutt-1.5.21/debian/changelog
@@ -1,3 +1,10 @@
+mutt (1.5.21-6.2) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * debian/rules: Use xz compression for binary packages. (Closes: #683893)
+
+ -- Ansgar Burchardt   Sun, 05 Aug 2012 10:07:14 +0200
+
 mutt (1.5.21-6.1) unstable; urgency=low
 
   * Non-maintainer upload.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#683819: cdbs: upload to t-p-u for xz compression change

2012-08-24 Thread Ansgar Burchardt 
Hi Jonas,

could you prepare a cdbs upload to testing-proposed-updates that
contains only the xz compression changes from the 0.4.117 upload?
See #685287 for the ACK from the release team.

This should probably be versioned 0.4.115+deb7u1. At least this new
schema was used for the last upload to t-p-u I saw (#685616).

If you don't have time, I can also prepare the upload as a NMU.  Please
ping me in this case.

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#653868: Proposed-RM: libversion-requirements-perl -- RoM: deprecated, superseded

2012-01-10 Thread Ansgar Burchardt 
reassign 653868 ftp.debian.org
retitle 653868 RM: libversion-requirements-perl -- RoM: deprecated, superseded
thanks

gregor herrmann  writes:
> So I guess we can remove libversion-requirements-perl tomorrow.

It has no longer any reverse dependencies in unstable so I reassigned
it today.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#655398: src:kdegames: please stop build-depending on ggzcore-bin

2012-01-10 Thread Ansgar Burchardt 
Package: src:kdegames
Version: 4:4.6.5-1
Severity: important

I am trying to remove the GGZ Gaming Zone from Debian[1] as the packages
are no longer maintained upstream.  kdegames still build-depends on
ggzcore-bin.  Please build it without support for GGZ.

Regards,
Ansgar

[1] 



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#655399: freeciv-client-gtk: please stop depending on ggzcore-bin

2012-01-10 Thread Ansgar Burchardt 
Package: freeciv-client-gtk
Version: 2.3.0-1
Severity: important

I am trying to remove the GGZ Gaming Zone from Debian[1] as the packages
are no longer maintained upstream.  freeciv-client-gtk still
build-depends on ggzcore-bin.  Please build it without support for GGZ.

Regards,
Ansgar

[1] 



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#655401: lordsawar: please stop (build-)depending on GGZ packages

2012-01-10 Thread Ansgar Burchardt 
Package: src:lordsawar
Version: 0.2.0-1
Severity: important

I am trying to remove the GGZ Gaming Zone from Debian[1] as the packages
are no longer maintained upstream.  lordsawar still build-depends on
libggzdmod-dev, libggzmod-dev and libggz-dev.  Please build it without
support for GGZ or drop the superfluous build-dependencies (no binary
package depends on the GGZ packages so they might no longer be in use).

Regards,
Ansgar

[1] 



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#655402: src:widelands: please stop (build-)depending on GGZ packages

2012-01-10 Thread Ansgar Burchardt 
Package: src:widelands
Version: 1:16-1
Severity: important

I am trying to remove the GGZ Gaming Zone from Debian[1] as the packages
are no longer maintained upstream.  widelands still build-depends on
libggzmod-dev and libggz-dev (and has runtime dependencies for the
linked GGZ libraries).  Please build it without support for GGZ.

Regards,
Ansgar

[1] 



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#655405: src:pacpl: please stop using libogg-vorbis-header-perl

2012-01-10 Thread Ansgar Burchardt 
Source: pacpl
Version: 4.0.5-7

We are trying to remove libogg-vorbis-header-perl from Debian[1].
Please use libogg-vorbis-header-pureperl-perl instead which is intended
as a drop-in replacement.

Regards,
Ansgar

[1] 



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#655406: arename: please stop using libogg-vorbis-header-perl

2012-01-10 Thread Ansgar Burchardt 
Package: arename
Version: 3.1-1

We are trying to remove libogg-vorbis-header-perl from Debian[1].
Please use libogg-vorbis-header-pureperl-perl instead which is intended
as a drop-in replacement.

Regards,
Ansgar

[1] 



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#655407: audiolink: please stop using libogg-vorbis-header-perl

2012-01-10 Thread Ansgar Burchardt 
Package: audiolink
Version: 0.05-1.1

We are trying to remove libogg-vorbis-header-perl from Debian[1].
Please use libogg-vorbis-header-pureperl-perl instead which is intended
as a drop-in replacement.

Regards,
Ansgar

[1] 



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#655408: mp3burn: please stop using libogg-vorbis-header-perl

2012-01-10 Thread Ansgar Burchardt 
Package: mp3burn
Version: 0.4.2-2

We are trying to remove libogg-vorbis-header-perl from Debian[1].
Please use libogg-vorbis-header-pureperl-perl instead which is intended
as a drop-in replacement.

Regards,
Ansgar

[1] 



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

<    1   2   3   4   5   6   7   8   9   10   >