Bug#594445: Proposed-RM: libogg-vorbis-perl -- RoM; dead upstream, buggy, alternatives exist

[Ansgar Burchardt]

Package: libogg-vorbis-perl
Version: 0.05.ds1-1+b1
Severity: important

Hi,

Niko suggested to remove this package as it is dead upstream, buggy and
alternatives exist (libogg-vorbis-decoder-perl) [1].  libogg-vorbis-perl
also has no rdeps in Debian.

If there are no objections, I will request removal from the archive in a
week or so.  I wonder if we should also request removal from testing or
is this still done automatically even during the freeze?

Regards,
Ansgar

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568607#40



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#594447: Proposed-RM for squeeze+1: libogg-vorbis-header-perl -- RoM; dead upstream, alternatives exist

[Ansgar Burchardt]

Package: libogg-vorbis-header-perl
Version: 0.03-3+b1
Severity: important
User: pkg-perl-maintain...@lists.alioth.debian.org
Usertags: post-squeeze

Hi,

Niko suggested to remove this package as it is dead upstream and
alternatives exist (libogg-vorbis-header-pureperl-perl) [1].

As there are still rdeps, I suggest to remove this package once Squeeze
has been released.  As libogg-vorbis-header-pureperl-perl is intended to
be a drop-in replacement it should be easy to change the rdeps.

Regards,
Ansgar

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568607#40



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#594453: future unblock: megahal/9.1.1a-9

[Ansgar Burchardt]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi,

I prepared a fix for #590652, debdiff attached (minus the changes to
Megahal/Makefile.old that are no longer included).  The update also
includes some updates to the packaging.

Is the release team okay with uploading this to unstable?

Regards,
Ansgar
reverted:
--- megahal-9.1.1a/dirs
+++ megahal-9.1.1a.orig/dirs
@@ -1,2 +0,0 @@
-usr/bin
-usr/lib/megahal
diff -u megahal-9.1.1a/debian/changelog megahal-9.1.1a/debian/changelog
--- megahal-9.1.1a/debian/changelog
+++ megahal-9.1.1a/debian/changelog
@@ -1,3 +1,18 @@
+megahal (9.1.1a-9) unstable; urgency=low
+
+  * QA upload.
+  * Replace build-dep on tcp8.3-dev with tcl-dev. (Closes: #590652)
++ Change Makefile to use /usr/include/tcl.
+  * Use debhelper compat level 7.
++ debian/rules: Use dh_prep instead of dh_clean -k.
+  * debian/copyright: Refer to /usr/share/common-licenses/GPL-2.
+  * debian/control: Add ${misc:Depends}.
+  * debian/rules: Remove Megahal/Makefile.old in clean target.
+  * Remove ./dirs: should be debian/dirs which already exists.
+  * Bump Standards-Version to 3.9.1.
+
+ -- Ansgar Burchardt ans...@43-1.org  Thu, 26 Aug 2010 14:15:48 +0900
+
 megahal (9.1.1a-8) unstable; urgency=low
 
   * QA upload.
diff -u megahal-9.1.1a/debian/rules megahal-9.1.1a/debian/rules
--- megahal-9.1.1a/debian/rules
+++ megahal-9.1.1a/debian/rules
@@ -48,7 +48,7 @@
 binary-arch: build
dh_testdir
dh_testroot
-   dh_clean -k
+   dh_prep
dh_installdirs 
install -s megahal debian/megahal/usr/bin
install debian/megahal-personal debian/megahal/usr/bin
diff -u megahal-9.1.1a/debian/control megahal-9.1.1a/debian/control
--- megahal-9.1.1a/debian/control
+++ megahal-9.1.1a/debian/control
@@ -1,14 +1,14 @@
 Source: megahal
 Section: misc
 Priority: optional
-Build-Depends: debhelper, tcl8.3-dev, python-all-dev (= 2.3.5-11), 
python-support (= 0.3)
+Build-Depends: debhelper (= 7), tcl-dev, python-all-dev (= 2.3.5-11), 
python-support (= 0.3)
 Maintainer: Debian QA Group packa...@qa.debian.org
-Standards-Version: 3.8.0
+Standards-Version: 3.9.1
 Homepage: http://megahal.alioth.debian.org/
 
 Package: megahal
 Architecture: any
-Depends: ${shlibs:Depends}, ${perl:Depends}
+Depends: ${shlibs:Depends}, ${perl:Depends}, ${misc:Depends}
 Provides: ${python:Provides}
 Suggests: ${python:Depends}
 Description: conversation simulator that can learn as you talk to it
diff -u megahal-9.1.1a/debian/copyright megahal-9.1.1a/debian/copyright
--- megahal-9.1.1a/debian/copyright
+++ megahal-9.1.1a/debian/copyright
@@ -17,2 +17,2 @@
-On Debian systems, the complete text of the GNU General Public
-License can be found in the file `/usr/share/common-licenses/GPL'.
+On Debian systems, the complete text of version 2 of the GNU General Public
+License can be found in the file `/usr/share/common-licenses/GPL-2'.
diff -u megahal-9.1.1a/debian/compat megahal-9.1.1a/debian/compat
--- megahal-9.1.1a/debian/compat
+++ megahal-9.1.1a/debian/compat
@@ -1,2 +1 @@
-4
-
+7
only in patch2:
unchanged:
--- megahal-9.1.1a.orig/Makefile
+++ megahal-9.1.1a/Makefile
@@ -18,7 +18,9 @@
 
 # DEBUG=-DDEBUG
 TCLVERSION=8.3
-TCLINCLUDE=-I/usr/include/tcl$(TCLVERSION)
+# /usr/include/tcl is provided by tcl-dev on Debian
+#TCLINCLUDE=-I/usr/include/tcl$(TCLVERSION)
+TCLINCLUDE=-I/usr/include/tcl
 CFLAGS=-g -Wall
 
 
only in patch2:
unchanged:
--- megahal-9.1.1a.orig/debian/clean
+++ megahal-9.1.1a/debian/clean
@@ -0,0 +1 @@
+Megahal/Makefile.old

Bug#558272: Date::Calc::Decode_Month(): argument is not a string

[Ansgar Burchardt]

Hi,

I prepared a patch for this issue.  It passes the test suite and also
the code snippets that failed before.  I am not very familiar with XS,
so any comments are welcome.

The patch can be found at [1].

Regards,
Ansgar

[1] 
http://svn.debian.org/viewsvn/pkg-perl/branches/unstable/libdate-calc-perl/debian/patches/SvPV.patch?revision=62052view=markup



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#558272: Date::Calc::Decode_Month(): argument is not a string

[Ansgar Burchardt]

Niko Tyni nt...@debian.org writes:

 On Thu, Aug 26, 2010 at 05:47:53PM +0900, Ansgar Burchardt wrote:
  
 I prepared a patch for this issue.  It passes the test suite and also
 the code snippets that failed before.  I am not very familiar with XS,
 so any comments are welcome.

 [1] 
 http://svn.debian.org/viewsvn/pkg-perl/branches/unstable/libdate-calc-perl/debian/patches/SvPV.patch?revision=62052view=markup

 I think even the SvROK() is overly defensive. Consider the attached
 amended test file, which has an additional regression test from the
 lenny version.

 Of course, it would be nice to get the upstream opinion.

True, I forgot about overload here.  I updated the patch accordingly and
also amended the test as well.

The patch is now also forwarded upstream [2] (very slightly modified to
apply to Date::Calc::XS).

Regards,
Ansgar

[2] https://rt.cpan.org/Public/Bug/Display.html?id=60233#txn-822819



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#594654: future unblock: vbox3/0.1.9.4+nmu1

[Ansgar Burchardt]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi,

I prepared a fix for #590654, debdiff attached.  The .deb looks okay to
me, but as I don't have a ISDN card, I could not do any real testing.

Is the release team okay with uploading this to unstable (delayed as
appropriate for a NMU)?

Regards,
Ansgar
diff -Nru vbox3-0.1.9.4/debian/README.Debian vbox3-0.1.9.4+nmu1/debian/README.Debian
--- vbox3-0.1.9.4/debian/README.Debian	2002-03-02 23:11:25.0 +0900
+++ vbox3-0.1.9.4+nmu1/debian/README.Debian	2010-08-28 13:52:51.0 +0900
@@ -11,7 +11,7 @@
 See subdirectory doc/ for some ducumentation, see debian/changelog for
 changes.
 
-For more Informations see the author's documentation and the documentation
+For more information see the author's documentation and the documentation
 of the package raccess4vbox3.
 
  -- Gerrit Pape p...@smarden.org, Mon, 22 Jan 2001 14:12:53 +0100
diff -Nru vbox3-0.1.9.4/debian/changelog vbox3-0.1.9.4+nmu1/debian/changelog
--- vbox3-0.1.9.4/debian/changelog	2007-04-10 23:17:20.0 +0900
+++ vbox3-0.1.9.4+nmu1/debian/changelog	2010-08-28 14:33:07.0 +0900
@@ -1,3 +1,19 @@
+vbox3 (0.1.9.4+nmu1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Build-depend on tcl-dev instead of tcl8.3-dev, look for include files in
+/usr/include/tcl. (Closes: #590654)
+  * debian/control: Use Homepage field.
+  * debian/control: Add ${misc:Depends}.
+  * Use debhelper compat level 7; use dh_prep instead of dh_clean -k;
+remove debian/conffiles.
+  * debian/rules: Do not ignore errors from $(MAKE) distclean.
+  * Do not include empty /usr/bin directory.
+  * Fix spelling errors pointed out by lintian.
+  * debian/copyright: Include proper copyright statement.
+
+ -- Ansgar Burchardt ans...@43-1.org  Sat, 28 Aug 2010 14:30:56 +0900
+
 vbox3 (0.1.9.4) unstable; urgency=low
 
   * config.sub, config.guess: update from autotools-dev package (thx Cyril
diff -Nru vbox3-0.1.9.4/debian/compat vbox3-0.1.9.4+nmu1/debian/compat
--- vbox3-0.1.9.4/debian/compat	1970-01-01 09:00:00.0 +0900
+++ vbox3-0.1.9.4+nmu1/debian/compat	2010-08-28 13:49:18.0 +0900
@@ -0,0 +1 @@
+7
diff -Nru vbox3-0.1.9.4/debian/conffiles vbox3-0.1.9.4+nmu1/debian/conffiles
--- vbox3-0.1.9.4/debian/conffiles	2001-04-15 23:37:38.0 +0900
+++ vbox3-0.1.9.4+nmu1/debian/conffiles	1970-01-01 09:00:00.0 +0900
@@ -1,6 +0,0 @@
-/etc/isdn/vbox/vboxgetty.conf
-/etc/isdn/vbox/vboxcallerid.conf
-/etc/isdn/vbox/vboxgetty-ttyI4/log/run
-/etc/isdn/vbox/vboxgetty-ttyI4/run
-/etc/isdn/vbox/vboxgetty-ttyI5/log/run
-/etc/isdn/vbox/vboxgetty-ttyI5/run
diff -Nru vbox3-0.1.9.4/debian/control vbox3-0.1.9.4+nmu1/debian/control
--- vbox3-0.1.9.4/debian/control	2004-09-22 21:48:00.0 +0900
+++ vbox3-0.1.9.4+nmu1/debian/control	2010-08-28 14:01:34.0 +0900
@@ -3,11 +3,12 @@
 Priority: extra
 Maintainer: Gerrit Pape p...@smarden.org
 Standards-Version: 3.6.0
-Build-Depends: debhelper ( 3.0.0), tcl8.3-dev
+Build-Depends: debhelper (= 7), tcl-dev
+Homepage: http://smarden.org/pape/vbox3/
 
 Package: vbox3
 Architecture: any
-Depends: ${shlibs:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}
 Recommends: isdnutils-base, raccess4vbox3
 Conflicts: isdnvboxserver
 Description: voice response system for isdn4linux
@@ -18,5 +19,3 @@
  it's possible to create a complete voice response system, with DTMF
  touch-tone support, navigating through menus, and even remote
  controlling your Debian system.
- .
- See http://smarden.org/pape/vbox3/ for details.
diff -Nru vbox3-0.1.9.4/debian/copyright vbox3-0.1.9.4+nmu1/debian/copyright
--- vbox3-0.1.9.4/debian/copyright	2003-09-30 17:43:44.0 +0900
+++ vbox3-0.1.9.4+nmu1/debian/copyright	2010-08-28 14:29:15.0 +0900
@@ -4,8 +4,8 @@
 It was taken from the isdn4linux cvs repository:
 http://www.isdn4linux.de/cgi-bin/cvsweb.cgi/isdn4k-utils/vbox3/
 
-Upstream Authors: Michael Herold mich...@abadonna.mayn.de
-		G. Pape p...@smarden.org
+Copyright 1996-1998, Michael Herold mich...@abadonna.mayn.de
+Copyright 2001-2007, G. Pape p...@smarden.org
 
 Copyright: GPL
 
diff -Nru vbox3-0.1.9.4/debian/dirs vbox3-0.1.9.4+nmu1/debian/dirs
--- vbox3-0.1.9.4/debian/dirs	2001-01-14 20:52:29.0 +0900
+++ vbox3-0.1.9.4+nmu1/debian/dirs	2010-08-28 13:55:55.0 +0900
@@ -1,4 +1,3 @@
 etc
-usr/bin
 usr/sbin
 var/spool/vbox
diff -Nru vbox3-0.1.9.4/debian/rules vbox3-0.1.9.4+nmu1/debian/rules
--- vbox3-0.1.9.4/debian/rules	2005-02-06 05:52:28.0 +0900
+++ vbox3-0.1.9.4+nmu1/debian/rules	2010-08-28 14:02:26.0 +0900
@@ -5,20 +5,16 @@
 # Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
 
-# This is the debhelper compatability version to use.
-export DH_COMPAT=2
-
 configure: configure-stamp
 configure-stamp:
 	dh_testdir
 	# Add here commands to configure the package.
-	sed -e s/-ltcl/-ltcl8.3/g  configure  configure.debian
-	CFLAGS='-O2 -Wall' sh

Bug#594709: FTBFS: test failures

[Ansgar Burchardt]

-perl_3.3-1 
libcroco3_0.6.2-1 libcrypt-openssl-bignum-perl_0.04-2 
libcrypt-openssl-rsa-perl_0.25-1+b1 libdata-optlist-perl_0.104-1 
libdata-visitor-perl_0.27-2 libdatetime-format-strptime-perl_1.3000-1 
libdatetime-locale-perl_1:0.45-1 libdatetime-perl_2:0.6100-2 
libdatetime-timezone-perl_1:1.21-1+2010l libdb4.6_4.6.21-16 libdb4.7_4.7.25-9 
libdb4.8_4.8.30-1 libdevel-globaldestruction-perl_0.02-1 
libdevel-symdump-perl_2.08-3 libdevmapper1.02.1_2:1.02.48-3 
libdigest-hmac-perl_1.02+dfsg-1 libdigest-sha1-perl_2.13-1 
libdpkg-perl_1.15.8.4 libgcc1_1:4.4.4-9 libgdbm3_1.8.3-9 libglib2.0-0_2.24.1-1 
libgmp3c2_2:4.3.2+dfsg-1 libgomp1_4.4.4-9 libhtml-parser-perl_3.66-1 
libhtml-tagset-perl_3.20-2 libhtml-tree-perl_3.23-2 libio-stringy-perl_2.110-4 
libjson-any-perl_1.22-1 libjson-perl_2.21-1 libjson-xs-perl_2.290-1 
liblist-moreutils-perl_0.25~02-1 liblocale-gettext-perl_1.05-6 
liblzma1_4.999.9beta+20091116-1 liblzma2_4.999.9beta+20100810-1 
libmagic1_5.04-5 libmoose-perl_1.09-2 libmoosex-multiinitarg-perl_0.01-1 
libmpfr1ldbl_2.4.2-3 libmpfr4_3.0.0-2 libmro-compat-perl_0.11-1 
libnamespace-autoclean-perl_0.09-1 libnamespace-clean-perl_0.18-1 
libncurses5_5.7+20100313-2 libncursesw5_5.7+20100313-2 libnet-oauth-perl_0.27-1 
libpackage-deprecationmanager-perl_0.04-1 libpackage-stash-perl_0.05-1 
libpam-modules_1.1.1-4 libpam-runtime_1.1.1-4 libpam0g_1.1.1-4 
libparams-util-perl_1.00-1 libparams-validate-perl_0.93-1 libpcre3_8.02-1.1 
libpod-coverage-perl_0.21-1 libreadline5_5.2-7 libreadline6_6.1-3 
libscope-guard-perl_0.20-1 libselinux1_2.0.96-1 libsepol1_2.0.41-1 
libslang2_2.2.2-4 libss2_1.41.12-2 libssl0.9.8_0.9.8o-1 libstdc++6_4.4.4-9 
libstdc++6-4.3-dev_4.3.5-2 libstdc++6-4.4-dev_4.4.4-9 
libsub-exporter-perl_0.982-1 libsub-identify-perl_0.04-1 
libsub-install-perl_0.924-2 libsub-name-perl_0.04-1 
libsub-uplevel-perl_0.2200-1 libtask-weaken-perl_1.03-1 
libtest-deep-perl_0.106-1 libtest-exception-perl_0.29-1 
libtest-pod-coverage-perl_1.08-3 libtest-pod-perl_1.42-1 
libtest-use-ok-perl_0.02-2 libtext-charwidth-perl_0.04-6 
libtext-iconv-perl_1.7-2 libtext-wrapi18n-perl_0.06-7 
libtie-toobject-perl_0.03-2 libtimedate-perl_1.2000-1 libtry-tiny-perl_0.04-1 
libudev0_161-1 libunistring0_0.9.3-1 liburi-perl_1.54-1 
libusb-0.1-4_2:0.1.12-15 libuuid1_2.17.2-3.1 libvariable-magic-perl_0.43-1 
libwww-perl_5.836-1 libxml2_2.7.7.dfsg-4 linux-libc-dev_2.6.32-20 
login_1:4.1.4.2-1 lsb-base_3.2-23.1 lzma_4.43-14 make_3.81-8 makedev_2.3.1-89 
man-db_2.5.7-4 mawk_1.3.3-15 mktemp_8.5-1 mount_2.17.2-3.1 
ncurses-base_5.7+20100313-2 ncurses-bin_5.7+20100313-2 netbase_4.42 
passwd_1:4.1.4.2-1 patch_2.6-2 perl_5.10.1-14 perl-base_5.10.1-14 
perl-modules_5.10.1-14 po-debconf_1.0.16 procps_1:3.2.8-9 readline-common_6.1-3 
sed_4.2.1-7 sensible-utils_0.0.4 sysv-rc_2.88dsf-12 sysvinit_2.88dsf-12 
sysvinit-utils_2.88dsf-12 tar_1.23-2.1 tzdata_2010l-1 udev_161-1 
util-linux_2.17.2-3.1 xz-utils_4.999.9beta+20100810-1 zlib1g_1:1.2.3.4.dfsg-3

┌──┐
│ Build│
└──┘


Unpack source
─

dpkg-source: warning: -sn is not a valid option for 
Dpkg::Source::Package::V3::quilt
gpgv: keyblock resource `/home/ansgar/.gnupg/trustedkeys.gpg': file open error
gpgv: Signature made Wed Jul  7 15:52:01 2010 UTC using RSA key ID 8649AA06
gpgv: Can't check signature: public key not found
dpkg-source: warning: failed to verify signature on 
./libnet-twitter-perl_3.13007-1.dsc
dpkg-source: info: extracting libnet-twitter-perl in libnet-twitter-perl-3.13007
dpkg-source: info: unpacking libnet-twitter-perl_3.13007.orig.tar.gz
dpkg-source: info: unpacking libnet-twitter-perl_3.13007-1.debian.tar.gz
dpkg-source: info: applying disable-pod-spelling

Check disc space



dpkg-buildpackage
─

dpkg-buildpackage: export CFLAGS from dpkg-buildflags (origin: vendor): -g -O2
dpkg-buildpackage: export CPPFLAGS from dpkg-buildflags (origin: vendor): 
dpkg-buildpackage: export CXXFLAGS from dpkg-buildflags (origin: vendor): -g -O2
dpkg-buildpackage: export FFLAGS from dpkg-buildflags (origin: vendor): -g -O2
dpkg-buildpackage: export LDFLAGS from dpkg-buildflags (origin: vendor): 
dpkg-buildpackage: source package libnet-twitter-perl
dpkg-buildpackage: source version 3.13007-1
dpkg-buildpackage: source changed by Ansgar Burchardt ans...@43-1.org
 dpkg-source --before-build libnet-twitter-perl-3.13007
dpkg-buildpackage: host architecture amd64
 /usr/bin/fakeroot debian/rules clean
dh clean
   dh_testdir
   dh_auto_clean
   dh_clean
 debian/rules build
dh build
   dh_testdir
   dh_auto_configure
*** Module::AutoInstall version 1.03
*** Checking for Perl dependencies...
[Core Features]
- Test::More ...loaded. (0.92 = 0.88)
- Carp   ...loaded. (1.11)
- Digest::SHA

Bug#590654: Intend to NMU

[Ansgar Burchardt]

tags 590654 + patch
thanks

Hi,

I prepared a patch for this issue and plan to upload a NMU once the
changes have been approved by the release team.

The proposed patch can be found in #594654 [1] (it should have been
forwarded here as well, but seems that did not happen).

Regards,
Ansgar

[1] http://bugs.debian.org/594654



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#593587: ITP: libparallel-useragent-perl

[Ansgar Burchardt]

Hi,

the module name does not comply to a should requirement of the Perl
Policy:

  4.2 Module Package Names
  Perl module packages should be named for the primary module
  provided. The naming convention is to lowercase the Perl module name,
  prepend, lib, change all occurrences of :: to -, and append -perl.

Some packages that use the distribution name instead, but that is not
the case either here (there is an additional - in the package name).

Please consider changing the package name to liblwp-parallel-perl
before it is accepted into the archive.

Another related question: Are there other modules that need the older
version libwww-perl5.808-perl of libwww-perl besides this one?  At least
bioperl1.2.3 in NEW lists the regular libwww-perl as an alternative as
well so it seems not required there.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#593568: ITP: libwww-perl5.808-perl -- version 5.808 of libwww-perl

[Ansgar Burchardt]

Hi,

I am not too happy about libwww-perl5.808-perl.  I see several problems
with this:

1. We obviously don't really want old versions of libraries,
2. This package provides and conflicts with libwww-perl, that means
2a. packages with versioned dependencies on libwww-perl will not be
   co-installable with this package (this includes libbio-das-lite-perl
   as well which I think is related to Ensemble/BioPerl and in NEW as
   well).
2b. might break packages that have an unversioned dependency on
   libwww-perl, but expect a newer version.
As libwww-perl has many reverse dependencies ( 200 direct rdeps) this
seems likely to me; I did not investigate how many packages have
versioned dependencies on libwww-perl.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#594804: pu: package libwww-perl/5.813-1+lenny2

[Ansgar Burchardt]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I just saw by chance that there is an open security issue in libwww-perl
that affects stable [1].  There is two-line upstream patch to address
this [2] which also applies to the version in Lenny.

I have prepared an update, see the attached debdiff.

Regards,
Ansgar

[1] http://security-tracker.debian.org/tracker/CVE-2010-2253
[2] 
http://github.com/gisle/libwww-perl/commit/f97f339f552666ef79cdd2cf2a44032cf206bb6e
diff -u libwww-perl-5.813/debian/changelog libwww-perl-5.813/debian/changelog
--- libwww-perl-5.813/debian/changelog
+++ libwww-perl-5.813/debian/changelog
@@ -1,8 +1,16 @@
+libwww-perl (5.813-1+lenny2) stable; urgency=low
+
+  * CVE-2010-2253: Apply upstream patch to lwp-download to reject downloads to
+filenames suggested by the server that start with a . (dot) character.
+commit id of upstream patch: f97f339f552666ef79cdd2cf2a44032cf206bb6e
+
+ -- Ansgar Burchardt ans...@43-1.org  Mon, 30 Aug 2010 01:29:12 +0900
+
 libwww-perl (5.813-1+lenny1) stable; urgency=low
 
   * Fix incorrect use of redo. (Closes: #591462)
 
- -- Ansgar Burchardt ans...@43-1.org  Wed, 04 Aug 2010 02:52:22 +0900
+ -- Ansgar Burchardt ans...@43-1.org  Sat, 07 Aug 2010 08:20:19 +0900
 
 libwww-perl (5.813-1) unstable; urgency=low
 
only in patch2:
unchanged:
--- libwww-perl-5.813.orig/bin/lwp-download
+++ libwww-perl-5.813/bin/lwp-download
@@ -138,7 +138,9 @@
 	  # validate that we don't have a harmful filename now.  The server
 	  # might try to trick us into doing something bad.
 	  if (!length($file) ||
-  $file =~ s/([^a-zA-Z0-9_\.\-\+\~])/sprintf \\x%02x, ord($1)/ge)
+  $file =~ s/([^a-zA-Z0-9_\.\-\+\~])/sprintf \\x%02x, ord($1)/ge ||
+		  $file =~ /^\./
+	  )
   {
 		  die Will not save $url as \$file\.\nPlease override file name on the command line.\n;
 	  }

Bug#594804: pu: package libwww-perl/5.813-1+lenny2

[Ansgar Burchardt]

 diff -u libwww-perl-5.813/debian/changelog libwww-perl-5.813/debian/changelog
 --- libwww-perl-5.813/debian/changelog
 +++ libwww-perl-5.813/debian/changelog
 @@ -1,8 +1,16 @@
 +libwww-perl (5.813-1+lenny2) stable; urgency=low
 +
 +  * CVE-2010-2253: Apply upstream patch to lwp-download to reject downloads 
 to
 +filenames suggested by the server that start with a . (dot) character.
 +commit id of upstream patch: f97f339f552666ef79cdd2cf2a44032cf206bb6e
 +
 + -- Ansgar Burchardt ans...@43-1.org  Mon, 30 Aug 2010 01:29:12 +0900
 +
  libwww-perl (5.813-1+lenny1) stable; urgency=low
  
* Fix incorrect use of redo. (Closes: #591462)
  
 - -- Ansgar Burchardt ans...@43-1.org  Wed, 04 Aug 2010 02:52:22 +0900
 + -- Ansgar Burchardt ans...@43-1.org  Sat, 07 Aug 2010 08:20:19 +0900

Please ignore the last two lines here.  I ran debdiff against an older
version of libwww-perl_5.813-1+lenny1.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#593568: ITP: libwww-perl5.808-perl -- version 5.808 of libwww-perl

[Ansgar Burchardt]

Hi,

Steffen M$(D+S(Bller steffen_moel...@gmx.de writes:

 On 08/29/2010 06:13 PM, Ansgar Burchardt wrote:
 2. This package provides and conflicts with libwww-perl, that means
 2a. packages with versioned dependencies on libwww-perl will not be
co-installable with this package (this includes libbio-das-lite-perl
as well which I think is related to Ensemble/BioPerl and in NEW as
well).
 2b. might break packages that have an unversioned dependency on
libwww-perl, but expect a newer version.
 we don't really need the Provides. This can go.

 As libwww-perl has many reverse dependencies ( 200 direct rdeps) this
 seems likely to me; I did not investigate how many packages have
 versioned dependencies on libwww-perl.

 Ack. We'd reupload with the Provides gone ... and upload to
 experimental since we are in the freeze.

I wonder if it might be less painful to drop the Conflicts as well,
given that even devscripts depends on libwww-perl.

Two ideas to achieve this:

Rename the modules in libwww-perl5.508-perl (ie. LWP::UserAgent $B*(B
LWP::UserAgent5808 or some other such scheme) and adapt the rdeps as
well.

Or install the Perl module in a non-standard location (one that is not
in perl's default @INC) and make sure the rdeps add this directory to
@INC before any (even indirect) 'use LWP::*'.  You should probably
document this in README.Debian.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#593587: ITP: libparallel-useragent-perl

[Ansgar Burchardt]

Hi,

Steffen Möller steffen_moel...@gmx.de writes:

 Hello,

 On 08/29/2010 05:59 PM, Ansgar Burchardt wrote:
 Some packages that use the distribution name instead, but that is not
 the case either here (there is an additional - in the package name).
 
 Please consider changing the package name to liblwp-parallel-perl
 before it is accepted into the archive.

 well spotted. As you may guess, we followed the file name. Since
 others will have the same difficulty, I suggest to leave the source
 name as it is name the package just like you say. I'd also want to
 add a Provides to the libparallel-useragent-perl since people
 are really looking for this ... Maybe the notion in the description
 would be sufficient. But, an explicit provides probably helps.

Note that this would be libparalleluseragent-perl (there is no dash in
the upstream distribution name).

 Another related question: Are there other modules that need the older
 version libwww-perl5.808-perl of libwww-perl besides this one?  At least
 bioperl1.2.3 in NEW lists the regular libwww-perl as an alternative as
 well so it seems not required there.

 Sigh. Well. That old version of bioperl is the culprit of it all, and that
 in turn is dragged in by Ensembl, which is just on the brink of being 
 uploaded.
 In an Ensembl production environment you would not use the bioperl  1.2.3 .
 And bioperl1.2.3 needs the liblwp-parallel-perl. When you know what you are
 using, you may possibly have something sufficiently working without the need
 to uninstall the current libwww-perl with the many reverse dependencies.
 But this should not be the default. The real audience for this package though
 are dedicated machines, real or virtual, that don't have much more than 
 Ensembl
 installed. The |libwww-perl took a very pragmatic stance.

So I guess this means that bioperl1.2.3 uses libwww-perl directly as
well?  Or is it always handled via this module?

A report on CPAN [1] suggests that it might be easy to fix this module,
but I haven't tested this.  If this turns out to be true and other parts
of bioperl1.2.3 don't require the old version, we could at least save us
from packaging the old version of libwww-perl.

Regards,
Ansgar

[1] https://rt.cpan.org/Public/Bug/Display.html?id=40261#txn-772404



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#593587: ITP: libparallel-useragent-perl

[Ansgar Burchardt]

Ansgar Burchardt ans...@43-1.org writes:

 A report on CPAN [1] suggests that it might be easy to fix this module,
 but I haven't tested this.  If this turns out to be true and other parts
 of bioperl1.2.3 don't require the old version, we could at least save us
 from packaging the old version of libwww-perl.

 [1] https://rt.cpan.org/Public/Bug/Display.html?id=40261#txn-772404

Just one more thing I forgot to mention: ParallelUserAgent also does not
work with perl 5.12 (see the report above).  perl 5.12 was already under
consideration for Squeeze, but has not been included to not delay the
release any further.  However, I suppose perl 5.12 (or later) will be
introduced soon after Squeeze has been release.  It would be nice if
modules already support this.

I already mentioned this problem before as well [2].

Regards,
Ansgar

[2] http://lists.debian.org/debian-perl/2010/08/msg00078.html



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#594709: FTBFS: test failures

[Ansgar Burchardt]

reassign 594709 libmoose-perl 1.09-2
retitle  594709 libmoose-perl: Needs update due to changes in libclass-mop-perl
affects  594709 libnet-twitter-perl
thanks

Ansgar Burchardt ans...@2008.43-1.org writes:
 libnet-twitter-perl_3.13007-1 fails to build:

Moose needs to be updated due to the changes in Class::MOP.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#595111: bugs.debian.org: add signature with information to forwarded mails

[Ansgar Burchardt]

Package: bugs.debian.org
Severity: wishlist

It would be nice if forwarded mails (that is all regular mails to
submit@ or nn@) would include a signature with additional
information.

The signature should include
 · a link to the bug report,
 · indicate which (source) package the bug report belongs to as this is
   not always included in the subject or may be outdated after
   reassigning,
 · optionally include a link to the source package's bug page as well.

Automated replies to control@, nn-done@, nn@ (the one titled
Info received) already include such a signature, but do not include
the source package either, but indicate at least somehow which packages
are affected (except the last one where this is probably the least
important).

Regards,
Ansgar



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#593587: ITP: libparallel-useragent-perl

[Ansgar Burchardt]

Hi,

I just saw a link [1] scroll by on #perl.  It lists several
alternatives to LWP::Parallel::UserAgent, including one that might be a
drop-in solution (search for WWW::Curl::Simple).

Maybe it's easier to try those than fixing LWP::Parallel.

Regards,
Ansgar

[1] http://www.perlmonks.org/bare/?node_id=758739



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#595216: emacs23: browse-url should use x-www-browser and/or browser from the desktop environment

[Ansgar Burchardt]

Package: emacs23
Version: 23.2+1-4
Severity: wishlist

It would be nice if Emacs' `browse-url' function would use the x-www-browser
alternative and/or the browser selected in the desktop environment by default.
Right now it starts Iceweasel even though I selected chromium in both places
mentioned above.

Regards,
Ansgar

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.35-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages emacs23 depends on:
ii  emacs23-bin-common  23.2+1-4 The GNU Emacs editor's shared, arc
ii  libasound2  1.0.23-1 shared library for ALSA applicatio
ii  libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii  libc6   2.11.2-4 Embedded GNU C Library: Shared lib
ii  libcairo2   1.8.10-5 The Cairo 2D vector graphics libra
ii  libdbus-1-3 1.2.24-3 simple interprocess messaging syst
ii  libfontconfig1  2.8.0-2.1generic font configuration library
ii  libfreetype62.4.2-2  FreeType 2 font engine, shared lib
ii  libgconf2-4 2.28.1-3 GNOME configuration database syste
ii  libgif4 4.1.6-9  library for GIF images (library)
ii  libglib2.0-02.24.1-1 The GLib library of C routines
ii  libgpm2 1.20.4-3.3   General Purpose Mouse - shared lib
ii  libgtk2.0-0 2.20.1-1 The GTK+ graphical user interface 
ii  libice6 2:1.0.6-1X11 Inter-Client Exchange library
ii  libjpeg62   6b1-1The Independent JPEG Group's JPEG 
ii  libm17n-0   1.6.1-1  a multilingual text processing lib
ii  libncurses5 5.7+20100313-2   shared libraries for terminal hand
ii  libotf0 0.9.11-1 A Library for handling OpenType Fo
ii  libpango1.0-0   1.28.1-1 Layout and rendering of internatio
ii  libpng12-0  1.2.44-1 PNG library - runtime
ii  librsvg2-2  2.26.3-1 SAX-based renderer library for SVG
ii  libsm6  2:1.1.1-1X11 Session Management library
ii  libtiff43.9.4-3  Tag Image File Format (TIFF) libra
ii  libx11-62:1.3.3-3X11 client-side library
ii  libxft2 2.1.14-2 FreeType-based font drawing librar
ii  libxpm4 1:3.5.8-1X11 pixmap library
ii  libxrender1 1:0.9.6-1X Rendering Extension client libra
ii  zlib1g  1:1.2.3.4.dfsg-3 compression library - runtime

emacs23 recommends no packages.

Versions of packages emacs23 suggests:
ii  emacs23-common-non-dfsg   23.2+1-1   GNU Emacs shared, architecture ind

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#595329: release.debian.org: Please force-hint libdbd-oracle-perl/1.24b-1 (contrib)

[Ansgar Burchardt]

Package: release.debian.org
Severity: normal

libdbd-oracle-perl (contrib) cannot migrate to testing[1] as the
dependency on oracle-instantclient11.2-basic cannot be satisfied: the
package is not in Debian's archive, cf. libdbd-oracle-perl's description
and README.Debian.

The Policy Manual states that packages in contrib may (build-)depend on 
(non-free) packages that are not in the archive[2].

Could the release team force-hint the package into testing or will this
cause headaches later?

  force-hint libdbd-oracle-perl/1.24b-1

If this is not possible, please reassign this as a RC bug to
libdbd-oracle-perl.

Regards,
Ansgar

[1] http://release.debian.org/migration/testing.pl?package=libdbd-oracle-perl
[2] http://www.debian.org/doc/debian-policy/ch-archive.html#s-contrib



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#595491: future unblock: clive/2.2.13-3

[Ansgar Burchardt]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

clive needs a small patch to handle changed URLs on vimeo.com[1].
I prepared an upload based on the version currently in unstable (which
is already unblocked).

Should we go ahead with the upload?

Regards,
Ansgar

PS: Please Cc debian-p...@lists.debian.org in replies.

[1] http://bugs.debian.org/595486
diff --git a/debian/changelog b/debian/changelog
index 5300b0d..9beef96 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+clive (2.2.13-3) unstable; urgency=low
+
+  * Handle changed URLs on vimeo.com. (Closes: #595486)
++ new patch: 595486-vimeo.patch
+  * debian/copyright: Refer to Debian systems instead of Debian GNU/Linux
+systems.
+
+ -- Ansgar Burchardt ans...@43-1.org  Sat, 04 Sep 2010 22:08:24 +0900
+
 clive (2.2.13-2) unstable; urgency=low
 
   * Add fix-path-encoding-60.patch to fix path encoding (Closes: #575048).
diff --git a/debian/copyright b/debian/copyright
index 793a84e..55af061 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -16,12 +16,14 @@ License: GPL-3+
  the terms of the GNU General Public License as published by the Free
  Software Foundation, either version 3 of the License, or (at your option)
  any later version.
- On Debian GNU/Linux systems, the complete text of version 3 of the GNU
- General Public License can be found in `/usr/share/common-licenses/GPL-3'
+ .
+ On Debian systems, the complete text of version 3 of the GNU General
+ Public License can be found in `/usr/share/common-licenses/GPL-3'.
 
 License: GPL-3
  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; version 3 dated June, 2007.
- On Debian GNU/Linux systems, the complete text of version 3 of the GNU
- General Public License can be found in `/usr/share/common-licenses/GPL-3'
+ .
+ On Debian systems, the complete text of version 3 of the GNU General
+ Public License can be found in `/usr/share/common-licenses/GPL-3'.
diff --git a/debian/patches/595486-vimeo.patch b/debian/patches/595486-vimeo.patch
new file mode 100644
index 000..fede0b7
--- /dev/null
+++ b/debian/patches/595486-vimeo.patch
@@ -0,0 +1,18 @@
+From: Jonas Smedegaard d...@jones.dk
+Date: Sat, 04 Sep 2010 14:29:22 +0200
+Origin: vendor
+Bug-Debian: http://bugs.debian.org/595486
+Subject: Update for changed URLs on vimeo.com
+
+Reviewed-by: Ansgar Burchardt ans...@43-1.org
+--- clive.orig/lib/clive/Host/Vimeo.pm
 clive/lib/clive/Host/Vimeo.pm
+@@ -32,7 +32,7 @@
+ 
+ $$props-video_host(vimeo);
+ 
+-my %re = ( id = qr|clip_id=(.*?)|, );
++my %re = ( id = qr|clip_id=(.*?)[]|, );
+ 
+ my $tmp;
+ if ( clive::Util::matchRegExps( \%re, \$tmp, $content ) == 0 ) {
diff --git a/debian/patches/series b/debian/patches/series
index d171768..84a461f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 fix-path-encoding-60.patch
+595486-vimeo.patch

Bug#595491: future unblock: clive/2.2.13-3

[Ansgar Burchardt]

Julien Cristau jcris...@debian.org writes:

 On Sat, Sep  4, 2010 at 22:34:39 +0900, Ansgar Burchardt wrote:

 clive needs a small patch to handle changed URLs on vimeo.com[1].
 I prepared an upload based on the version currently in unstable (which
 is already unblocked).
 
 Sounds like one of those packages that can't keep working for the
 lifetime of a stable release.  Should we ship this in stable at all?
 (Same question for youtube-dl btw.)

libquvi and cclive (which uses the former) should also have the same
problem.

The patches to cope with changed URLs are usually quite small and should
be safe to include in a stable update.  Maybe we could use volatile.d.o
to make updates available faster.  I have never used it before myself,
but `debian-volatile is not just another place for backports, but
should only contain changes to stable programs that are necessary to
keep them functional.'[1] reads like the program should be in stable if
updates should be provided via volatile.  Please correct me if I am
wrong.

Regards,
Ansgar

[1] http://www.debian.org/devel/debian-volatile/



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#595351: Problem with libemail-address-perl

[Ansgar Burchardt]

reassign 595467 libemail-address-perl 1.890-1
reassign 595351 libemail-address-perl 1.890-1
merge 595351 595467
retitle 595351 libemail-address-perl: changes in 1.890 break other packages
affects 595351 libdata-validate-email-perl
affects 595351 libregexp-common-email-address-perl
thanks

This is indeed caused by the changes in libemail-address-perl.  The
packages build fine with the new version (1.892) which has reverted all
changes to 1.889.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#602176: ALChacks: NameError: name '_' is not defined

[Ansgar Burchardt]

Package: apt-listchanges
Version: 2.85.5
Severity: normal
Tags: upstream

When running apt-listchanges in an unknown locale, the following error is 
displayed:

Traceback (most recent call last):
  File /usr/bin/apt-listchanges, line 33, in module
from ALChacks import *
  File /usr/share/apt-listchanges/ALChacks.py, line 32, in module
sys.stderr.write(_(Can't set locale; make sure $LC_* and $LANG are 
correct!\n))
NameError: name '_' is not defined

Regards,
Ansgar

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=locale: Cannot set 
LC_CTYPE to default locale: No such file or directory
locale: Kann LC_ALL nicht auf die Standard-Lokale einstellen: Datei oder 
Verzeichnis nicht gefunden
ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt-listchanges depends on:
ii  apt 0.8.6Advanced front-end for dpkg
ii  debconf [debconf-2.0]   1.5.36   Debian configuration management sy
ii  debianutils 3.4  Miscellaneous utilities specific t
ii  python  2.6.6-3+squeeze1 interactive high-level object-orie
ii  python-apt  0.7.98.1 Python interface to libapt-pkg
ii  python-support  1.0.10   automated rebuilding support for P
ii  ucf 3.0025+nmu1  Update Configuration File: preserv

Versions of packages apt-listchanges recommends:
ii  postfix [mail-transport-agent 2.7.1-1High-performance mail transport ag

Versions of packages apt-listchanges suggests:
ii  elinks [www-browser]0.12~pre5-2  advanced text-mode WWW browser
ii  lynx-cur [www-browser]  2.8.8dev.5-1 Text-mode WWW Browser with NLS sup
pn  python-glade2   none   (no description available)
pn  python-gtk2 none   (no description available)
ii  w3m [www-browser]   0.5.2-9  WWW browsable pager with excellent
ii  xterm [x-terminal-emulator] 261-1X terminal emulator

-- debconf information excluded



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#602542: puppet: certification validation fails on clients

[Ansgar Burchardt]

Package: puppet
Version: 2.6.2-1
Severity: important

After upgrading puppet from lenny to version 2.6.2-1~bpo50+1 (on a lenny
host) or 2.6.2-1 (on a squeeze host), the puppet client is no longer
happy with the server's certificate.  Running puppet agent -t after
cleaning /var/lib/puppet/ssl gives the following output:

  warning: peer certificate won't be verified in this SSL session
  warning: peer certificate won't be verified in this SSL session
  info: Creating a new SSL certificate request for ***.mathi.uni-heidelberg.de
  info: Certificate Request fingerprint (md5): 
7E:1B:B4:26:30:2A:E3:FA:5D:C6:D8:2E:84:B0:58:D8
  warning: peer certificate won't be verified in this SSL session
  warning: peer certificate won't be verified in this SSL session
  info: Caching certificate for ***.mathi.uni-heidelberg.de
  info: Caching certificate_revocation_list for ca
  err: Could not retrieve catalog from remote server: SSL_connect returned=1 
errno=0 state=SSLv3 read server certificate B: certificate verify failed
  warning: Not using cache on failed catalog
  err: Could not retrieve catalog; skipping run

Any later try fails also with certificate verify failed.

I can connect to the puppet master using

  openssl s_client -CAfile .../ca.pem -connect 
puppet.mathi.uni-heidelberg.de:8140

and the certificate is valid.

We use two different CAs with puppet: one for signing the puppetmaster's
server certificate and puppet manages it's own CA for signing client
certificates.  There are no certificate chains.

I did fumble a bit with the source and applying the attached patch makes
the clients accept the SSL certificate again (in both lenny-backports
and squeeze), but I have no idea what I might have broken.

Regards,
Ansgar

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages puppet depends on:
ii  adduser  3.112   add and remove users and groups
ii  facter   1.5.7-1 a library for retrieving facts fro
pn  libopenssl-ruby  none  (no description available)
ii  libruby [libxmlrpc-ruby] 4.5 Libraries necessary to run Ruby 1.
ii  libshadow-ruby1.81.4.1-8 Interface of shadow password for R
ii  lsb-base 3.2-23.1Linux Standard Base 3.2 init scrip
ii  puppet-common2.6.2-1 Centralized configuration manageme
ii  ruby1.8  1.8.7.302-2 Interpreter of object-oriented scr

Versions of packages puppet recommends:
pn  libaugeas-ruby1.8 none (no description available)
ii  ruby [rdoc]   4.5An interpreter of object-oriented 

Versions of packages puppet suggests:
pn  libselinux-ruby1.8none (no description available)
pn  puppet-el none (no description available)
pn  vim-puppetnone (no description available)

-- Configuration Files:
/etc/default/puppet changed [not included]

-- no debconf information
--- puppet-2.6.2.orig/lib/puppet/network/http_pool.rb
+++ puppet-2.6.2/lib/puppet/network/http_pool.rb
@@ -53,7 +53,7 @@ module Puppet::Network::HttpPool
 # Just no-op if we don't have certs.
 return false unless FileTest.exist?(Puppet[:hostcert]) and 
FileTest.exist?(Puppet[:localcacert])
 
-http.cert_store = ssl_host.ssl_store
+#http.cert_store = ssl_host.ssl_store
 http.ca_file = Puppet[:localcacert]
 http.cert = ssl_host.certificate.content
 http.verify_mode = OpenSSL::SSL::VERIFY_PEER
@@ -88,7 +88,7 @@ module Puppet::Network::HttpPool
 
 # Pop open the http client a little; older versions of Net::HTTP(s) didn't
 # give us a reader for ca_file... Grr...
-class  http; attr_accessor :ca_file; end
+#class  http; attr_accessor :ca_file; end
 
 http.use_ssl = true
 # Use configured timeout (#1176)

Bug#525850: puppet: Requesting new certificate will overwrite CA certificate

[Ansgar Burchardt]

Hi,

attached is a patch that I use to prevent puppet from overwriting the
CA certificate if it is already present on the local host.

Regards,
Ansgar
Subject: Do not overwrite CA certificate
From: Ansgar Burchardt ans...@mathi.uni-heidelberg.de
Bug-Debian: http://bugs.debian.org/525850

--- puppet.orig/lib/puppet/network/client/ca.rb
+++ puppet/lib/puppet/network/client/ca.rb
@@ -48,7 +48,9 @@
 
 # Only write the cert out if it passes validating.
 Puppet.settings.write(:hostcert) do |f| f.print cert end
-Puppet.settings.write(:localcacert) do |f| f.print cacert end
+unless FileTest.exist?(Puppet[:localcacert])
+  Puppet.settings.write(:localcacert) do |f| f.print cacert end
+end
 
 @cert
   end

Bug#603148: chromium-browser: does not work with home directory on AFS

[Ansgar Burchardt]

Package: chromium-browser
Version: 6.0.472.63~r59945-2
Severity: important
Tags: upstream fixed-upstream
Forwarded: http://code.google.com/p/chromium/issues/detail?id=44606

Chromium fails to start if AFS is used for the home directory:

  $ LC_ALL=C chromium-browser
  
[24629:24629:4653558837445:ERROR:chrome/browser/process_singleton_linux.cc(855)]
 Failed to bind() 
/afs/mathi.uni-heidelberg.de/home/ansgar/.config/chromium/SingletonSocket: 
Operation not permitted
  [24629:24629:4653558838197:ERROR:chrome/browser/browser_main.cc(979)] Failed 
to create a ProcessSingleton for your profile directory. This means that 
running multiple instances would start multiple browser processes rather than 
opening a new window in the existing process. Aborting now to avoid profile 
corruption.

This has already been fixed upstream in the 7.0.517.24 release [1], the
patch is available in [2].

According to the upstream bug, LTSP installations might also be
affected.

Regards,
Ansgar

[1] http://debathena.mit.edu/trac/ticket/638
[2] http://code.google.com/p/chromium/issues/detail?id=44606

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages chromium-browser depends on:
ii  chromium-browser-ins 6.0.472.63~r59945-2 page inspector for the chromium-br
ii  libasound2   1.0.23-2.1  shared library for ALSA applicatio
ii  libatk1.0-0  1.30.0-1The ATK accessibility toolkit
ii  libbz2-1.0   1.0.5-6 high-quality block-sorting file co
ii  libc62.11.2-7Embedded GNU C Library: Shared lib
ii  libcairo21.8.10-6The Cairo 2D vector graphics libra
ii  libcups2 1.4.4-3 Common UNIX Printing System(tm) - 
ii  libdbus-1-3  1.2.24-3simple interprocess messaging syst
ii  libdbus-glib-1-2 0.88-2  simple interprocess messaging syst
ii  libevent-1.4-2   1.4.13-stable-1 An asynchronous event notification
ii  libexpat12.0.1-7 XML parsing C library - runtime li
ii  libfontconfig1   2.8.0-2.1   generic font configuration library
ii  libfreetype6 2.4.2-1 FreeType 2 font engine, shared lib
ii  libgcc1  1:4.4.5-6   GCC support library
ii  libgconf2-4  2.28.1-5GNOME configuration database syste
ii  libgcrypt11  1.4.5-2 LGPL Crypto library - runtime libr
ii  libgl1-mesa-glx [lib 7.7.1-4 A free implementation of the OpenG
ii  libglewmx1.5 1.5.4-1 The OpenGL Extension Wrangler - ru
ii  libglib2.0-0 2.24.2-1The GLib library of C routines
ii  libgtk2.0-0  2.20.1-2The GTK+ graphical user interface 
ii  libicu44 4.4.1-6 International Components for Unico
ii  libjpeg626b1-1   The Independent JPEG Group's JPEG 
ii  libnspr4-0d  4.8.6-1 NetScape Portable Runtime Library
ii  libnss3-1d   3.12.8-1Network Security Service libraries
ii  libpango1.0-01.28.3-1Layout and rendering of internatio
ii  libpng12-0   1.2.44-1PNG library - runtime
ii  libstdc++6   4.4.5-6 The GNU Standard C++ Library v3
ii  libv8-2.2.24 2.2.24-6V8 JavaScript Engine
ii  libvpx0  0.9.1-1 VP8 video codec (shared library)
ii  libx11-6 2:1.3.3-3   X11 client-side library
ii  libxext6 2:1.1.2-1   X11 miscellaneous extension librar
ii  libxml2  2.7.7.dfsg-4GNOME XML library
ii  libxrender1  1:0.9.6-1   X Rendering Extension client libra
ii  libxslt1.1   1.1.26-6XSLT 1.0 processing library - runt
ii  libxss1  1:1.2.0-2   X11 Screen Saver extension library
ii  xdg-utils1.0.2+cvs20100307-2 desktop integration utilities from
ii  zlib1g   1:1.2.3.4.dfsg-3compression library - runtime

chromium-browser recommends no packages.

Versions of packages chromium-browser suggests:
pn  chromium-browser-l10n none (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#600965: Proposed-RM: libpoe-component-pluggable-perl -- RoM; renamed to libobject-pluggable-perl

[Ansgar Burchardt]

Package: libpoe-component-pluggable-perl
Version: 1.26-1
Severity: important
Tags: sid

POE::Component::Pluggable was renamed to Object::Pluggable upstream.
The old package should be removed once libobject-pluggable-perl has
entered Debian and its reverse dependencies (currently only
libpoe-component-irc-perl) have been updated to use the new package.

Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#600136: pu: package libapache-authenhook-perl/2.00-04+pristine-1+lenny1

[Ansgar Burchardt]

Adam D. Barratt a...@adam-barratt.org.uk writes:
 On Wed, 2010-10-13 at 23:24 +0200, Ansgar Burchardt wrote:
 libapache-authenhook-perl logs passwords in Apache's error.log if the
 log level is = info[1].  I prepared an update for Lenny including the
 same patch used for testing/unstable (already unblocked[2] as well).
 
 The security team sees this as a minor issue that should not get a DSA
 and be fixed in the next point release.
 
 Shall I go ahead and upload the package to proposed-updates?

 Please go ahead.

Uploaded.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#601684: subversion: creating .svn/lock files for every directory makes SVN slow

[Ansgar Burchardt]

Package: subversion
Version: 1.6.12dfsg-2
Severity: wishlist
Tags: upstream

Running

  svn update

will crate a .svn/lock file in every subdirectory.  This slows down the
update quite noticeable for large repositories such as the pkg-perl
trunk [1].  It gets more annoying on encrypted disks as the system gets
unresponsive once the changes get written back to the disk :/

It would be nice if Subversion would content itself with creating less
lock files, for example by operations in subdirectories checking for
locks in the parent directories (maybe creating their locks there as
well).

Regards,
Ansgar

[1] svn://svn.debian.org/pkg-perl/trunk

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (900, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages subversion depends on:
ii  libapr11.4.2-6   The Apache Portable Runtime Librar
ii  libc6  2.11.2-6+squeeze1 Embedded GNU C Library: Shared lib
ii  libsasl2-2 2.1.23.dfsg1-6Cyrus SASL - authentication abstra
ii  libsvn11.6.12dfsg-2  Shared libraries used by Subversio

subversion recommends no packages.

Versions of packages subversion suggests:
pn  db4.8-utilnone (no description available)
ii  patch 2.6-2  Apply a diff file to an original
pn  subversion-tools  none (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#601689: subversion: svn cp . svn+ssh://... complains about removed directory

[Ansgar Burchardt]

Package: subversion
Version: 1.6.12dfsg-2
Severity: normal

The command svn cp . svn+ssh://... tries to copy a directory that has
just been removed and fails:

  $ svn -m [svn-buildpackage] Tagging libhtml-tree-perl 4.1-1 \
cp .  svn+ssh://svn.debian.org/svn/pkg-perl/tags/libhtml-tree-perl/4.1-1
  svn: Directory 'debian/patches' is missing
  svn: Directory 'debian/patches' is missing

The directory debian/patches has been removed before (using svn rm) and
has been commited to the repository without complains:

  $ debcommit
  [...]
  Deleting   libhtml-tree-perl/debian/patches
  [...]
  Transmitting file data 
  Committed revision 64356.

I did try to tag the upload right after this via svn-buildpackage
--svn-tag-only which runs the command mentioned above.  Trying to run
the command by hand fails as well.

Regards,
Ansgar

PS: I had similar problems after merges as well.  After svn merge,
svn commit believed some files were outdated (it fails for one, moving
the file aside caused the commit to fail at another file).  svn update
did also mark the file as conflicting (not introducing any changes),
but svn resolve --accept working $file did not help.  It removed the
conflict marker, but the commit still failed...

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (900, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages subversion depends on:
ii  libapr11.4.2-6   The Apache Portable Runtime Librar
ii  libc6  2.11.2-6+squeeze1 Embedded GNU C Library: Shared lib
ii  libsasl2-2 2.1.23.dfsg1-6Cyrus SASL - authentication abstra
ii  libsvn11.6.12dfsg-2  Shared libraries used by Subversio

subversion recommends no packages.

Versions of packages subversion suggests:
pn  db4.8-utilnone (no description available)
ii  patch 2.6-2  Apply a diff file to an original
pn  subversion-tools  none (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#601797: chromium-browser: does not support Kerberos (GSS-Negotiate)

[Ansgar Burchardt]

brian m. carlson sand...@crustytoothpaste.net writes:
 Chromium does not currently support Kerberos authentication via
 GSS-Negotiate.  This makes it significantly less useful for me than
 Iceweasel, and so it would be nice if it did support that.

Chromium supports Negotiate Auth (and Kerberos) since version 6, but you
have to enable it for specific domain at startup:

  chromium-browser --auth-server-whitelist=*.example.com

I don't know if there is a runtime option as well.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#603661: icq plugin stopped to work - cannot login to icq

[Ansgar Burchardt]

found 603661 4:3.5.10-2
thanks

This bug affects stable as well.

Would it be possible to fix this bug in the upcoming stable point
release as well?  I think proposed-updates will be closed in the near
future as the point release is planned for next weekend, so an upload
should be prepared soon.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#604070: bzr-handle-patch: does not like some *.patch files

[Ansgar Burchardt]

Package: bzr-gtk
Version: 0.98.0+bzr692-1
Severity: normal
File: /usr/bin/bzr-handle-patch

bzr-handle-patch does not like some patches: when trying to open the
patch 03_use_login.icq.com.diff [1], only the error message

Error

Malformed patch header.  No orig name
'diff -Nurwd kdenetwork-4.4.5/kopete/protocols/oscar/aim/aimaccount.cpp
kdenetwork-4.4.5.new/kopete/protocols/oscar/aim/aimaccount.cpp\n'

is displayed.

If bzr-handle-patch cannot handle all common patch formats (the comment
in the .desktop file reads Apply Bazaar Bundle), it should not become
the default handler for *.diff (or *.patch) files.

Regards,
Ansgar

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603661#10

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (900, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages bzr-gtk depends on:
ii  bzr 2.1.2-1  easy to use distributed version co
ii  python  2.6.6-3+squeeze1 interactive high-level object-orie
ii  python-central  0.6.16+nmu1  register and build utility for Pyt
ii  python-glade2   2.17.0-4 GTK+ bindings: Glade support
ii  python-gtk2 2.17.0-4 Python bindings for the GTK+ widge
ii  python-notify   0.1.1-2+b2   Python bindings for libnotify

Versions of packages bzr-gtk recommends:
pn  bzr-dbus  none (no description available)
pn  olive-bzr none (no description available)
ii  python-cairo  1.8.8-1+b1 Python bindings for the Cairo vect
pn  python-gnome2-desktop none (no description available)
pn  python-gnomekeyring   none (no description available)
pn  python-gtksourceview2 none (no description available)
pn  seahorse  none (no description available)

Versions of packages bzr-gtk suggests:
pn  bzr-avahi none (no description available)
pn  bzr-loom  none (no description available)
pn  bzr-searchnone (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#604243: packages.debian.org: no information for packages in lenny-backports-sloppy

[Ansgar Burchardt]

Package: www.debian.org
Severity: normal

packages.d.o does not display any information about packages in
lenny-backports-sloppy.  For example, only the unstable version of
postgresql-9.0 shows up on http://packages.debian.org/postgresql-9.0.
On the other hand packages from lenny-backports are shown, see for
example http://packages.debian.org/libdatetime-timezone-perl.

I suppose packages.d.o needs to be told about the (quite new)
lenny-backports-sloppy ditribution somewhere.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#598464: libdbd-pg-perl: Please add patch from upstream BTS to support new PG 9.0 bytea_output default

[Ansgar Burchardt]

severity 598464 wishlist
user pkg-perl-maintain...@lists.alioth.debian.org
usertags 598464 + post-squeeze
thanks

Max Kosmach m...@tcen.ru writes:

 New Postgresql 9.0 change bytea_output default from 'escape' to 'hex'
 and DBD:Pg doesn't support 'hex' encoding

 Please add patch from upstream BTS - 
 https://rt.cpan.org/Public/Bug/Display.html?id=60200

This patch cannot be included for Squeeze: we have already frozen[1] for
the release.  New features are no longer accepted.

We can, however, prepare an update for unstable (which I do not consider
urgent) and (maybe) provide a backport to Squeeze if there is interest.

Regards,
Ansgar

[1] http://lists.debian.org/debian-devel-announce/2010/10/msg2.html



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#599437: gdisk: data corruption and other bugs fixed in later releases

[Ansgar Burchardt]

Package: gdisk
Version: 0.5.1-1
Severity: grave
Tags: upstream fixed-upstream

Several bugs have been closed in later releases:

- Fixed serious data corruption bug on big-endian (PowerPC and similar)
  systems. [0.6.3]
- Fixed off-by-one bug in specification of partition when using the
  -T (--transform-bsd) option in sgdisk. [0.6.4]
- Fixed major bug in hybrid MBR creation, which caused incorrect
  protective partition end point settings and occasionally other
  problems. [0.6.9]
- Fixed bug that created backwards attribute field values (bit #2 was
  entered as bit #61, etc.). [0.6.10]

At least the first of these looks release critical.

I do not know whether gdisk 0.5.1-1 currently in testing and unstable is
affected or these bugs were only introduced in a later release.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#595491: unblock: clive/2.2.13-3

[Ansgar Burchardt]

retitle 595491 unblock: clive/2.2.13-3
thanks

Philipp Kern pk...@debian.org writes:

 On Sat, Sep 04, 2010 at 04:20:54PM +0200, Julien Cristau wrote:
 Sounds like one of those packages that can't keep working for the
 lifetime of a stable release.  Should we ship this in stable at all?
 (Same question for youtube-dl btw.)

 This decision will be deferred until the release team meeting next
 weekend.  (I.e. until the decision about the scope of volatile.)

It looks like this happened now[1].  Given that the release team wants
to integrate volatile into the main repository, can clive be allowed to
migrate to testing now?

Regards,
Ansgar

[1] http://lists.debian.org/debian-devel-announce/2010/10/msg2.html



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#599712: libapache-authenhook-perl: leaks passwords to the logs

[Ansgar Burchardt]

Hi,

libapache-authenhook-perl logs passwords in Apache's error.log if the
log level is = info[1].  I prepared an update for Lenny including the
same patch used for testing/unstable (already unblocked[2] as well).

Should this go through stable-security or does the security team see
this as a minor issue that should be fixed in the next point release?
In the former case, shall I upload a package based on the attached patch
to stable-security?

Regards,
Ansgar

[1] http://bugs.debian.org/599712
[2] http://bugs.debian.org/599779

Index: debian/changelog
===
--- debian/changelog	(revision 63673)
+++ debian/changelog	(working copy)
@@ -1,3 +1,9 @@
+libapache-authenhook-perl (2.00-04+pristine-1+lenny1) stable-security; urgency=high
+
+  * Remove passwords from log messages. (Closes: #599712)
+
+ -- Ansgar Burchardt ans...@debian.org  Wed, 13 Oct 2010 15:36:05 +0200
+
 libapache-authenhook-perl (2.00-04+pristine-1) unstable; urgency=low
 
   [ gregor herrmann ]
Index: AuthenHook.xs
===
--- AuthenHook.xs	(revision 63673)
+++ AuthenHook.xs	(working copy)
@@ -180,8 +180,8 @@
 
 case OK:
   ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
-Apache::AuthenHook - user '%s', password '%s' verified,
-user, password);
+Apache::AuthenHook - user '%s' verified,
+user);
 
   status = AUTH_GRANTED;
   break;
@@ -196,8 +196,8 @@
 
 default:
   ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
-Apache::AuthenHook - user '%s', password '%s' denied,
-user, password);
+Apache::AuthenHook - user '%s' denied,
+user);
 
   status = AUTH_DENIED;
   };

Bug#599712: libapache-authenhook-perl: leaks passwords to the logs

[Ansgar Burchardt]

Moritz Muehlenhoff j...@inutil.org writes:

 On Wed, Oct 13, 2010 at 04:30:26PM +0200, Ansgar Burchardt wrote:
 libapache-authenhook-perl logs passwords in Apache's error.log if the
 log level is = info[1].  I prepared an update for Lenny including the
 same patch used for testing/unstable (already unblocked[2] as well).
 
 Should this go through stable-security or does the security team see
 this as a minor issue that should be fixed in the next point release?
 In the former case, shall I upload a package based on the attached patch
 to stable-security?

 Since the impact is minor, please fix it through a point update.

 I'll request a CVE ID for it and keep you CCed, maybe you can
 hold off the upload for a few days until it's available? (The
 next point update will take a few weeks anyway)

Sure.  I'll prepare an upload and contact the stable release team once I
get the CVE ID.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#600136: pu: package libapache-authenhook-perl/2.00-04+pristine-1+lenny1

[Ansgar Burchardt]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

libapache-authenhook-perl logs passwords in Apache's error.log if the
log level is = info[1].  I prepared an update for Lenny including the
same patch used for testing/unstable (already unblocked[2] as well).

The security team sees this as a minor issue that should not get a DSA
and be fixed in the next point release.

Shall I go ahead and upload the package to proposed-updates?

Regards,
Ansgar

[1] http://bugs.debian.org/599712
[2] http://bugs.debian.org/599779
diff -u libapache-authenhook-perl-2.00-04+pristine/debian/changelog libapache-authenhook-perl-2.00-04+pristine/debian/changelog
--- libapache-authenhook-perl-2.00-04+pristine/debian/changelog
+++ libapache-authenhook-perl-2.00-04+pristine/debian/changelog
@@ -1,3 +1,9 @@
+libapache-authenhook-perl (2.00-04+pristine-1+lenny1) stable; urgency=high
+
+  * [CVE-2010-3845] Remove passwords from log messages. (Closes: #599712)
+
+ -- Ansgar Burchardt ans...@debian.org  Wed, 13 Oct 2010 23:17:55 +0200
+
 libapache-authenhook-perl (2.00-04+pristine-1) unstable; urgency=low
 
   [ gregor herrmann ]
only in patch2:
unchanged:
--- libapache-authenhook-perl-2.00-04+pristine.orig/AuthenHook.xs
+++ libapache-authenhook-perl-2.00-04+pristine/AuthenHook.xs
@@ -180,8 +180,8 @@
 
 case OK:
   ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
-Apache::AuthenHook - user '%s', password '%s' verified,
-user, password);
+Apache::AuthenHook - user '%s' verified,
+user);
 
   status = AUTH_GRANTED;
   break;
@@ -196,8 +196,8 @@
 
 default:
   ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
-Apache::AuthenHook - user '%s', password '%s' denied,
-user, password);
+Apache::AuthenHook - user '%s' denied,
+user);
 
   status = AUTH_DENIED;
   };

Bug#599437: Upstream contacted to have details on bug fixed

[Ansgar Burchardt]

Guillaume Delacour g...@iroqwa.org writes:

 First, I haven't managed to find a sponsor to upload versions since
 0.5.1, this why the version in testing and unstable is quite far from
 upstream.

That is unfortunate :-/

 As the critical bug (at least) seems to be not very trivial to
 backport, the best is maybe to upload a new vesion.

Testing is already in deep freeze[1].  I do not expect the release
team to accept a new upstream release at this point, they would likely
prefer backported patches (only those relevant to fix RC bugs, see the
last announcement from the release team I linked to) or consider removal
of the version currently in testing (that is not include gdisk in
Squeeze).

Uploading a newer version to unstable before having decided what to do
with the package in testing will complicate things: fixes targeted at
Squeeze might have to go through testing-proposed-updates and get less
testing by users before arriving in the testing distribution.  Please
think about how you would like to proceed, you might also want to ask
the release team (debian-rele...@lists.d.o).

Regards,
Ansgar

[1] http://lists.debian.org/debian-devel-announce/2010/10/msg2.html



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#600461: unblock: libdatetime-format-strptime-perl/1.5000-1

[Ansgar Burchardt]

 @@
 'DateTime' = '0.4304',
 'DateTime::Locale' = '0.45',
 'DateTime::TimeZone' = '0.79',
-'Params::Validate' = '0.64'
+'Params::Validate' = '0.64',
+'Test::More' = '0.88'
   },
-  'VERSION' = '1.3000',
+  'VERSION' = '1.5000',
   'test' = {
 'TESTS' = 't/*.t'
   }
diff -Nru libdatetime-format-strptime-perl-1.3000/README libdatetime-format-strptime-perl-1.5000/README
--- libdatetime-format-strptime-perl-1.3000/README	2010-06-26 18:57:52.0 +0200
+++ libdatetime-format-strptime-perl-1.5000/README	2010-10-16 22:26:44.0 +0200
@@ -1,7 +1,7 @@
 
 
 This archive contains the distribution DateTime-Format-Strptime,
-version 1.3000:
+version 1.5000:
 
   Parse and format strp and strf time patterns
 
diff -Nru libdatetime-format-strptime-perl-1.3000/SIGNATURE libdatetime-format-strptime-perl-1.5000/SIGNATURE
--- libdatetime-format-strptime-perl-1.3000/SIGNATURE	2010-06-26 18:57:54.0 +0200
+++ libdatetime-format-strptime-perl-1.5000/SIGNATURE	2010-10-16 22:26:47.0 +0200
@@ -14,16 +14,16 @@
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
-SHA1 6a3a5ad68ac482432aad26c6f8017a9f3042b3ba Changes
-SHA1 c4dacd89bd120b4e3081d47e8dd8dd9fe08cf8ee INSTALL
+SHA1 639eae76a28e3bbe56bf13118f3c13ec13917b30 Changes
+SHA1 91d30b78b85c860e71f72283fbc874ba2c4eaed0 INSTALL
 SHA1 23c628b4a8a36738405ccdacaeb912d2e727b4c0 LICENSE
 SHA1 6ce15893e518d227515664e87be75aebdc70e316 MANIFEST
-SHA1 5056d1dcf4ab4da565a20ecce9a0f721ee0a6dab META.json
-SHA1 f5581084f184dd10cf254fc5f885e6dbc7b6f347 META.yml
-SHA1 2f9b1495c1affde97afad8af67e8dcd909503286 Makefile.PL
-SHA1 ca32aa3ceb200537faab3672e82fed305a64b9e0 README
-SHA1 5f534964a7c112ceea8d6cffbfbbcee35cfa7b7e dist.ini
-SHA1 1d95be020bae621f20e742e6e0fe90c3ccde78bf lib/DateTime/Format/Strptime.pm
+SHA1 e43a307db71807dbf6fbafea707ff201a39451d9 META.json
+SHA1 6b2b7a4d5dab143f69ac11be1693a9edb8fd6982 META.yml
+SHA1 6fa7c82204155cd0894fb2d350d8abfc326a742b Makefile.PL
+SHA1 91be74eaa0ce8371e9f5311af248875c3a457851 README
+SHA1 ffe3f727017178ba513401338ffc69abddc6 dist.ini
+SHA1 acbd316444a1a7757475483063205687231648f1 lib/DateTime/Format/Strptime.pm
 SHA1 36028252b2cef83972a10893f6e791335859daf1 t/001_load.t
 SHA1 5400fdb559f023ee6cec3a15726c7181d750ddba t/002_dates.t
 SHA1 39976a62c616193d104b0efca4e5a0e91ba99a1f t/003_every.t
@@ -31,10 +31,10 @@
 SHA1 2d773953c36b8f74b8915f60b3b7bc0191a12e6f t/005_croak.t
 SHA1 7c89a33066f76c9fa41940fd55d52a087be9870e t/006_locales.t
 SHA1 17bad4a308e3f679cfe7bb80044de43dd3cecbb1 t/007_edge.t
-SHA1 579f1a9cb59ac73fcbf9eb9a2e535fa1607153b3 t/008_epoch.t
+SHA1 77fb78edc62d2944c4f45c66000711777432233d t/008_epoch.t
 SHA1 381b87f0fecebd2c48c3537ea47d0da1e4a90d94 t/009_regexp.t
 SHA1 185dc6943ddd46711eee297272fd9e3374719599 t/author-001_all_locales.t
-SHA1 24b525e3c18f37f8022a01ec30de757cefb679ff t/release-eol.t
+SHA1 a032c41ef6887fab1b900669c2d304fab46680e2 t/release-eol.t
 SHA1 961a1e2c92d836c8cad2d34b784cbc75345dec63 t/release-kwalitee.t
 SHA1 455d1dd1867212a665ad5ea4126b572411de300c t/release-no-tabs.t
 SHA1 b015e8b6533ae3c202f1c1644669e3f55980981f t/release-pod-coverage.t
@@ -43,7 +43,7 @@
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.10 (GNU/Linux)
 
-iEYEARECAAYFAkwmMZAACgkQIgMCsV8qvRI2iwCfeYC1hUQ5rNdadSnLCHSlujps
-7lIAoIDYYamd2aF+tpvDWNENLADdQIUZ
-=Hi71
+iEYEARECAAYFAky6CoQACgkQIgMCsV8qvRJuqgCfbbp9Sa9gBh769as6OkgOSUyy
+ldYAniRND/bBWcA9s0m0HQZU2Etdfr6w
+=PcSD
 -END PGP SIGNATURE-
diff -Nru libdatetime-format-strptime-perl-1.3000/debian/changelog libdatetime-format-strptime-perl-1.5000/debian/changelog
--- libdatetime-format-strptime-perl-1.3000/debian/changelog	2010-06-28 16:56:22.0 +0200
+++ libdatetime-format-strptime-perl-1.5000/debian/changelog	2010-10-17 11:57:35.0 +0200
@@ -1,3 +1,13 @@
+libdatetime-format-strptime-perl (1.5000-1) unstable; urgency=low
+
+  * New upstream release.
+  * debian/copyright: Refer to Debian systems instead of Debian GNU/Linux
+systems; refer to /usr/share/common-licenses/GPL-1.
+  * Bump Standards-Version to 3.9.1.
+  * Update my email address.
+
+ -- Ansgar Burchardt ans...@debian.org  Sun, 17 Oct 2010 11:57:33 +0200
+
 libdatetime-format-strptime-perl (1.3000-1) unstable; urgency=low
 
   * New upstream release.
diff -Nru libdatetime-format-strptime-perl-1.3000/debian/control libdatetime-format-strptime-perl-1.5000/debian/control
--- libdatetime-format-strptime-perl-1.3000/debian/control	2010-06-28 16:56:22.0 +0200
+++ libdatetime-format-strptime-perl-1.5000/debian/control	2010-10-17 11:51:39.0 +0200
@@ -8,11 +8,11 @@
 Maintainer: Debian Perl Group pkg-perl-maintain...@lists.alioth.debian.org
 Uploaders: Ernesto Hernández-Novich (USB) e...@usb.ve,
  gregor herrmann gre...@debian.org, Niko Tyni nt...@iki.fi,
- Ryan Niebur r...@debian.org, Ansgar Burchardt ans...@43-1.org
+ Ryan Niebur r...@debian.org, Ansgar Burchardt ans...@debian.org
 Homepage: http://datetime.perl.org/
 Vcs-Svn: svn://svn.debian.org/pkg-perl/trunk

Bug#600463: unblock: libnet-twitter-perl/3.13008-1

[Ansgar Burchardt]

Package: release.debian.org
Severity: wishlist
User: release.debian@packages.debian.org
Usertags: unblock

Please consider unblocking libnet-twitter-perl.  It now uses HTTPS
instead of HTTP for OAuth token negotiation as recommended by
Twitter[1] (that is s,http,https, for several URLs).  There are no other
changes besides a change in wording in debian/copyright and a newer
Standards-Version.  The updated package has already been in unstable for
some time (38 days).

Including this change in Squeeze would be better than having to deal
with Twitter deciding to only support HTTPS later and the package
breaking (I am not aware of any such plans, but I also don't use Twitter
myself).

unblock libnet-twitter-perl/3.13008-1

Regards,
Ansgar

[1] http://dev.twitter.com/pages/auth#at-twitter



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#600463: unblock: libnet-twitter-perl/3.13008-1

[Ansgar Burchardt]

 Please consider unblocking libnet-twitter-perl.  It now uses HTTPS
 instead of HTTP for OAuth token negotiation as recommended by
 Twitter[1] (that is s,http,https, for several URLs).  There are no other
 changes besides a change in wording in debian/copyright and a newer
 Standards-Version.  The updated package has already been in unstable for
 some time (38 days).

 Including this change in Squeeze would be better than having to deal
 with Twitter deciding to only support HTTPS later and the package
 breaking (I am not aware of any such plans, but I also don't use Twitter
 myself).

 unblock libnet-twitter-perl/3.13008-1

 [1] http://dev.twitter.com/pages/auth#at-twitter

And now also with the debdiff attached.

Regards,
Ansgar
Index: debian/control
===
--- debian/control	(.../3.13007-1)	(revision 63851)
+++ debian/control	(.../3.13008-1)	(revision 63851)
@@ -16,7 +16,7 @@
  gregor herrmann gre...@debian.org, Franck Joncourt fra...@debian.org,
  Antony Gelberg antony.gelb...@wayforth.com,
  Ansgar Burchardt ans...@43-1.org
-Standards-Version: 3.9.0
+Standards-Version: 3.9.1
 Homepage: http://search.cpan.org/dist/Net-Twitter/
 Vcs-Svn: svn://svn.debian.org/pkg-perl/trunk/libnet-twitter-perl/
 Vcs-Browser: http://svn.debian.org/viewsvn/pkg-perl/trunk/libnet-twitter-perl/
Index: debian/changelog
===
--- debian/changelog	(.../3.13007-1)	(revision 63851)
+++ debian/changelog	(.../3.13008-1)	(revision 63851)
@@ -1,3 +1,12 @@
+libnet-twitter-perl (3.13008-1) unstable; urgency=low
+
+  * New upstream release.
+  * debian/copyright: Refer to /usr/share/common-licenses/GPL-1; refer to
+Debian systems instead of Debian GNU/Linux systems.
+  * Bump Standards-Version to 3.9.1.
+
+ -- Ansgar Burchardt ans...@43-1.org  Wed, 08 Sep 2010 20:38:06 +0900
+
 libnet-twitter-perl (3.13007-1) unstable; urgency=low
 
   * New upstream release.
Index: debian/copyright
===
--- debian/copyright	(.../3.13007-1)	(revision 63851)
+++ debian/copyright	(.../3.13008-1)	(revision 63851)
@@ -25,8 +25,8 @@
  This program is free software; you can redistribute it and/or modify
  it under the terms of the Artistic License, which comes with Perl.
  .
- On Debian GNU/Linux systems, the complete text of the Artistic License
- can be found in `/usr/share/common-licenses/Artistic'
+ On Debian systems, the complete text of the Artistic License
+ can be found in `/usr/share/common-licenses/Artistic'.
 
 License: GPL-1+
  This program is free software; you can redistribute it and/or modify
@@ -34,5 +34,5 @@
  the Free Software Foundation; either version 1, or (at your option)
  any later version.
  .
- On Debian GNU/Linux systems, the complete text of the GNU General
- Public License can be found in `/usr/share/common-licenses/GPL'
+ On Debian systems, the complete text of version 1 of the GNU General
+ Public License can be found in `/usr/share/common-licenses/GPL-1'.
Index: META.yml
===
--- META.yml	(.../3.13007-1)	(revision 63851)
+++ META.yml	(.../3.13008-1)	(revision 63851)
@@ -50,4 +50,4 @@
   homepage: http://github.com/semifor/Net-Twitter
   license: http://dev.perl.org/licenses/
   repository: git://github.com/semifor/Net-Twitter.git
-version: 3.13007
+version: 3.13008
Index: lib/Net/Twitter/Search.pm
===
--- lib/Net/Twitter/Search.pm	(.../3.13007-1)	(revision 63851)
+++ lib/Net/Twitter/Search.pm	(.../3.13008-1)	(revision 63851)
@@ -2,7 +2,7 @@
 use Moose;
 
 # use *all* digits for fBSD ports
-our $VERSION = '3.13007';
+our $VERSION = '3.13008';
 $VERSION = eval $VERSION; # numify for warning-free dev releases
 
 extends 'Net::Twitter::Core';
Index: lib/Net/Twitter/Role/OAuth.pm
===
--- lib/Net/Twitter/Role/OAuth.pm	(.../3.13007-1)	(revision 63851)
+++ lib/Net/Twitter/Role/OAuth.pm	(.../3.13008-1)	(revision 63851)
@@ -20,10 +20,10 @@
 
 my $args = $class-$orig(@_);
 my $oauth_urls = delete $args-{oauth_urls} || {
-request_token_url  = http://api.twitter.com/oauth/request_token;,
-authentication_url = http://api.twitter.com/oauth/authenticate;,
-authorization_url  = http://api.twitter.com/oauth/authorize;,
-access_token_url   = http://api.twitter.com/oauth/access_token;,
+request_token_url  = https://api.twitter.com/oauth/request_token;,
+authentication_url = https://api.twitter.com/oauth/authenticate;,
+authorization_url  = https://api.twitter.com/oauth/authorize;,
+access_token_url   = https://api.twitter.com/oauth/access_token;,
 xauth_url  = https://api.twitter.com/oauth/access_token;,
 };
 
Index: lib/Net/Twitter/Core.pm

Bug#526713: lintian: vcs-field-uses-unknown-uri-format should handle multi-line fields

[Ansgar Burchardt]

Package: lintian
Version: 2.2.10
Severity: minor

Hi,

several packages split the Vcs-* fields on two lines to avoid long
lines.  Lintian should not complain in this case.

See [1] for examples: most of the packages with \n in the Vcs-* fields
are false positives.

Regards,
Ansgar

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.29-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages lintian depends on:
ii  binutils   2.19.1-1  The GNU assembler, linker and bina
ii  diffstat   1.46-1produces graph of changes introduc
ii  dpkg-dev   1.14.26   Debian package development tools
ii  file   5.00-1Determines file type using magic
ii  gettext0.17-6GNU Internationalization utilities
ii  intltool-debian0.35.0+20060710.1 Help i18n of RFC822 compliant conf
ii  libipc-run-perl0.82-1Perl module for running processes
ii  libparse-debianchangel 1.1.1-2   parse Debian changelogs and output
ii  libtimedate-perl   1.1600-9  Time and date functions for Perl
ii  liburi-perl1.37+dfsg-1   Manipulates and accesses URI strin
ii  man-db 2.5.5-1   on-line manual pager
ii  perl [libdigest-sha-pe 5.10.0-19 Larry Wall's Practical Extraction 

lintian recommends no packages.

Versions of packages lintian suggests:
pn  binutils-multiarchnone (no description available)
pn  libtext-template-perl none (no description available)
ii  man-db2.5.5-1on-line manual pager

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#527940: libcatalyst-modules-perl: Catalyst::Plugin::Unicode got lost

[Ansgar Burchardt]

Package: libcatalyst-modules-perl
Version: 33
Severity: important

Hi,

the Catalyst::Plugin::Unicode module disappeared from the package in
the latest update.

Regards,
Ansgar

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.29-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libcatalyst-modules-perl depends on:
ii  libauthen-simple-perl 0.4-5  Simple and consistent perl framewo
ii  libcache-cache-perl   1.06-1 Managed caches of persistent infor
ii  libcache-fastmmap-perl1.28-1 Mmap'ed file as a shared memory in
ii  libcatalyst-perl  5.71001-1  The Elegant MVC Web Application Fr
ii  libcatalyst-view-tt-perl  0.29-1 Template View Class for Catalyst
ii  libcgi-formbuilder-perl   3.05.01-6  Easily generate and process statef
ii  libclass-c3-perl  0.21-1 A pragma to use the C3 method reso
ii  libclass-throwable-perl   0.10-2 A minimal lightweight exception cl
ii  libconfig-any-perl0.17-1 Load configuration from different 
ii  libdata-visitor-perl  0.24-1 visitor for Perl data structures
ii  libdbix-class-perl0.08012-2  extensible and flexible object -
ii  libdbix-class-schema-loader-p 0.04005-1  Dynamic definition of a DBIx::Clas
ii  libdevel-stacktrace-perl  1.2000-1   Stack trace and stack trace frame 
ii  libemail-mime-creator-perl1.455-1module for simple Email::MIME mail
ii  libemail-mime-perl1.863-1Easy MIME message parsing
ii  libemail-send-perl2.194-1Simply Sending Email
ii  libfile-slurp-perl.12-2  single call read  write file rout
ii  libhtml-formfu-perl   0.04001-1  HTML form creation, rendering and 
ii  libhtml-prototype-perl1.48-1 Generate HTML and Javascript for t
ii  libhtml-widget-perl   1.11-1 HTML Widget And Validation Framewo
ii  libjson-any-perl  1.19-1 wrapper class for the various JSON
ii  libjson-perl  2.14-1 Perl module to parse and convert t
ii  liblocale-maketext-lexicon-pe 0.77-1 Lexicon-handling backends for Loc
ii  liblog-log4perl-perl  1.21-1 A Perl port of the widely popular 
ii  libmoose-perl 0.74-1 extension of the Perl 5 object sys
ii  libobject-signature-perl  1.05-2 Signature - Generate cryptographic
ii  libparams-validate-perl   0.91-2 validate parameters to Perl method
ii  libpath-class-perl0.16-0.1   Cross-platform path specification 
ii  libregexp-assemble-perl   0.34-2 Assemble multiple Regular Expressi
ii  librpc-xml-perl   0.64-1 Perl module implementation of XML-
ii  libset-object-perl1.27-1 Collection of objects without dupl
ii  libsub-install-perl   0.924-2Install subroutines into packages 
ii  libtask-weaken-perl   1.02-1 Ensure that a platform has weaken 
ii  libtemplate-plugin-class-perl 0.13-3 Call methods of arbitrary classes 
ii  libtest-www-mechanize-catalys 0.51-2 Test::WWW::Mechanize for Catalyst
ii  libtest-www-mechanize-perl1.24-1 Testing-specific WWW::Mechanize su
ii  libtie-ixhash-perl1.21-2 ordered associative arrays for Per
ii  libuniversal-can-perl 1.12-1 Safer version of UNIVERSAL::can.
ii  libuniversal-isa-perl 1.01-1 safer version of UNIVERSAL::isa
ii  perl  5.10.0-19  Larry Wall's Practical Extraction 
ii  perl-modules [liblocale-maket 5.10.0-19  Core Perl modules

libcatalyst-modules-perl recommends no packages.

Versions of packages libcatalyst-modules-perl suggests:
pn  libconfig-general-perlnone (no description available)
pn  libconfig-tiny-perl   none (no description available)
ii  libhtml-mason-perl1:1.39-1   HTML::Mason Perl module
pn  libxml-simple-perlnone (no description available)
ii  libyaml-perl  0.68-1 YAML Ain't Markup Language (tm)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#525850: [Pkg-puppet-devel] Bug#525850: puppet: Requesting new certificate will overwrite CA certificate

[Ansgar Burchardt]

Hi,

Micah Anderson mi...@riseup.net writes:

 * Ansgar Burchardt ans...@mathi.uni-heidelberg.de [2009-04-27 10:24-0400]:
 When puppet initially requests a certificate from puppetmaster, it will
 overwrite the CA certificate even if it is already present.

 Do you mean to say that if you have a signed certificate on the
 puppetmaster for host 'foo.bar.org' and then you reinstall the system
 'foo' and run puppet again you do not want the existing certificate
 re-generated?

 I'm a little confused by your use of the terms CA certificate. To me,
 CA means Certificate Authority and I'm not sure how you are using that
 in this context.

I mean the public key of the certificate authority used to sign the
Puppetmaster's public key (the file localcacert refers to on the
client).  There is no reason to overwrite this key when Puppet gets a
new host key.

We have the following setup using two CAs:

 * example.com certification authority
   - signs: puppet.example.com
   - installed on clients as $localcacert before Puppet is started the
 first time.
   - should be trusted by clients

 * puppet.example.com certification authority
   - signs client certificates via puppetca
   - should *not* be trusted by clients
   - used by the server to identify client name

When puppet starts the first time on a client, it asks
puppet.example.com to sign the client.example.com certificate.
It will install the signed certificate, *but* it will also install the
puppet.example.com CA certificate, overwriting the example.com CA
certificate already present.  The client will then not trust the
puppet.example.com certificate...

I may miss some option to tell puppetca/puppetmaster which CA cert to
send to the clients, but there should be no need to overwrite the CA
certificate already installed on the clients in any case.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#518831: default configuration insecure?

[Ansgar Burchardt]

Hi,

isn't it a bit insecure to start puppet by default?  If someone can
manipulate DNS replies, he should be able to take over the computer:
just respond to a DNS query for puppet with the address of a hostile
puppetmaster and let puppetd connect to it (please correct me if I am
wrong here).  If the client did not connect to another puppetmaster
before, it would trust the server thus enabling an attacker to take over
the computer.

This might be a problem if someone installs puppet w/o configuring it
properly.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#516306: ldaptor: prepared patch for #494904 and #516306

[Ansgar Burchardt]

tags 494904 + patch pending
tags 516306 + patch pending
thanks

Hi,

I prepared a patch to address these issues.  I'll send a message to
debian-ment...@l.d.o later to ask for someone to sponsor the upload.

The patch for the upload is attached.

Regards,
Ansgar

-- 
PGP: 1024D/595FAD19  739E 2D09 0969 BEA9 9797  B055 DDB0 2FF7 595F AD19
diff -u ldaptor-0.0.43/debian/changelog ldaptor-0.0.43/debian/changelog
--- ldaptor-0.0.43/debian/changelog
+++ ldaptor-0.0.43/debian/changelog
@@ -1,3 +1,17 @@
+ldaptor (0.0.43-3) unstable; urgency=low
+
+  * QA upload.
+  * `python-pyopenssl' has been renamed into `python-openssl'.
+Update dependencies accordingly. (Closes: #494904)
+  * debian/control: Add ${misc:Depends}.
+  * debian/control: Bump Standards Version to 3.8.0 (no changes)
+  * debian/control: Do not duplicate Section field for binary packages.
+  * debian/rules: Do not rely on python-support internals to find files,
+instead remove them earlier using the standard path (Closes: #516306).
+  * postinst: Set -e option.
+
+ -- Ansgar Burchardt ans...@43-1.org  Mon, 09 Mar 2009 19:44:37 +0100
+
 ldaptor (0.0.43-2) unstable; urgency=low
 
   * QA upload.
diff -u ldaptor-0.0.43/debian/control ldaptor-0.0.43/debian/control
--- ldaptor-0.0.43/debian/control
+++ ldaptor-0.0.43/debian/control
@@ -2,15 +2,14 @@
 Section: admin
 Priority: optional
 Maintainer: Debian QA Group packa...@qa.debian.org
-Standards-Version: 3.7.3
-Build-Depends-Indep: docbook-slides (= 3.2.0), xsltproc, source-highlight, python-epydoc, dia (= 0.93-2), python-twisted-core , python-twisted-names , python-twisted-mail , python-twisted-web , python-nevow , python-webut, python-pyparsing, python-pyopenssl, python-crypto, python-support (= 0.6)
+Standards-Version: 3.8.0
+Build-Depends-Indep: docbook-slides (= 3.2.0), xsltproc, source-highlight, python-epydoc, dia (= 0.93-2), python-twisted-core, python-twisted-names, python-twisted-mail, python-twisted-web, python-nevow, python-webut, python-pyparsing, python-openssl, python-crypto, python-support (= 0.6)
 Build-Depends: cdbs (= 0.4.49), debhelper ( 6.0.0), python-all-dev
 Homepage: http://www.inoi.fi/open/trac/ldaptor
 
 Package: ldaptor-utils
-Section: admin
 Architecture: all
-Depends: ${python:Depends}, python-ldaptor
+Depends: ${python:Depends}, ${misc:Depends}, python-ldaptor
 Description: Command-line LDAP utilities
  A set of LDAP utilities for use from the command line, including:
  .
@@ -44,9 +43,8 @@
  ldaptor-fetchschema -- Fetch schema from a server.
 
 Package: ldaptor-webui
-Section: admin
 Architecture: all
-Depends: ${python:Depends}, python-nevow , python-webut, python-ldaptor, python-pyopenssl
+Depends: ${python:Depends}, ${misc:Depends}, python-nevow, python-webut, python-ldaptor, python-openssl
 Description: Web user interface for editing LDAP directories
  A web-based user interface to search and edit information in an LDAP
  directory.
@@ -54,7 +52,7 @@
 Package: python-ldaptor
 Section: python
 Architecture: all
-Depends: ${python:Depends}, python-twisted-core (= 2.2), python-twisted-names (= 0.2), python-twisted-mail (= 0.2), python-twisted-web (= 0.5), python-pyparsing
+Depends: ${python:Depends}, ${misc:Depends}, python-twisted-core (= 2.2), python-twisted-names (= 0.2), python-twisted-mail (= 0.2), python-twisted-web (= 0.5), python-pyparsing
 Provides: ${python:Provides}
 Replaces: python2.3-ldaptor, ldaptor-common
 Conflicts: python2.3-ldaptor, ldaptor-common
@@ -70,6 +68,7 @@
 Package: ldaptor-doc
 Section: doc
 Architecture: all
+Depends: ${misc:Depends}
 Description: Documentation for Ldaptor
  A collection of documentation about Ldaptor and LDAP, including
 * An introduction to LDAP
diff -u ldaptor-0.0.43/debian/postinst ldaptor-0.0.43/debian/postinst
--- ldaptor-0.0.43/debian/postinst
+++ ldaptor-0.0.43/debian/postinst
@@ -1,3 +1,3 @@
-#!/bin/sh
+#!/bin/sh -e
 
 #DEBHELPER#
diff -u ldaptor-0.0.43/debian/rules ldaptor-0.0.43/debian/rules
--- ldaptor-0.0.43/debian/rules
+++ ldaptor-0.0.43/debian/rules
@@ -5,6 +5,12 @@
 PYDEFAULT=$(shell pyversions -d)
 
 include /usr/share/cdbs/1/rules/debhelper.mk
+
+binary-install/python-ldaptor::
+	rm -rf \
+		debian/python-ldaptor/usr/lib/python*/site-packages/ldaptor/apps/webui \
+		debian/python-ldaptor/usr/lib/python*/site-packages/ldaptor/test/test_webui.py
+
 include /usr/share/cdbs/1/class/python-distutils.mk
 
 DEB_COMPRESS_EXCLUDE := .py .js
@@ -14,11 +20,6 @@
 	PYTHONPATH='debian/tmp/usr/lib/$(PYDEFAULT)/site-packages' \
 		trial --tbformat=emacs --reporter=text ldaptor
 
-binary-post-install/python-ldaptor::
-	rm -rf \
-		debian/python-ldaptor/usr/share/python-support/*/ldaptor/apps/webui \
-		debian/python-ldaptor/usr/share/python-support/*/ldaptor/test/test_webui.py
-
 build/ldaptor-doc:: doc-stamp
 doc-stamp:
 	make -C doc

Bug#519982: enet.pc: Remove -I/usr/include/enet from cflags

[Ansgar Burchardt]

Package: libenet-dev
Version: 1.2-1

Hi,

I'm forwarding a bug report I received by mail.

I probably won't be able to take a look at it before April.

Regards,
Ansgar

---BeginMessage---
Hello Ansgar (and Lee in CC),

I'm forwarding you blow snippet from a recent thread on ENet-discuss:
http://lists.cubik.org/pipermail/enet-discuss/2009-March/001070.html

Since enet.h is supposed to be included like enet/enet.h, maybe the
.pc file shouldn't specify -I/usr/include/enet? There are headers in
there with names that conflict with standard libraries.

I guessed you might still maintain this package in Debian, which seems
to be where this .pc file was added. If not please forward to the
right person. I'm sending a CC to Lee so that he can correct me if I'm
wrong. :-)

Regards,
Bjørn

On 3/16/09, JoNaN88 (a.k.a. Jon Ander Peñalba) jonan.lis...@gmail.com wrote:
 Ok. The problem is that in the makefile I use pkg-config to automatically
 add the compilation parameters to gcc. So when I add ENet pkg-congif gives
 me this parameters: -I/usr/include/enet -lenet
  If I errase the first parameter and I add -lenet manually all works fine :P
---End Message---

Bug#507307: simutrans: crashes with powerbridges

[Ansgar Burchardt]

Hi,

Ilpo Järvinen\ [EMAIL PROTECTED] writes:
 At least two crashy scenarios with powerline bridges found so far:

 1) Build powerbridge towards non-aligned destination (ie., the
 endpoint is sideways instead of pointing towards to other end
 from where the building of the bridge starts)

I am not sure what you mean here.  Can you try to explain it in a bit
more detail or provide a small screenshot just before trying to build
the powerbridge?

 2) Building across square which has straight down/up elevation
 (eg., make a single square to have one level above the rest,
 not using the sloped but non-sloped, direct elevation and try
 building the powerbridge across there, I don't remember if normal
 powerline building crashed as well, at least the powerbridge did).

Crashes for me as well.

I'll try to take a look at this when I have a bit more time.

Regards,
Ansgar

-- 
PGP: 1024D/595FAD19  739E 2D09 0969 BEA9 9797  B055 DDB0 2FF7 595F AD19



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#507304: simutrans-pak64: Lacks concrete carrying vehicles

[Ansgar Burchardt]

package simutrans-pak64
tags 507304 + upstream
thanks

Hi,

Ilpo Järvinen\ [EMAIL PROTECTED] writes:
 I couldn't find any road/train vehicle that was able to transport
 concrete. IIRC, there were both present in some version which I
 get earlier from upstream (before .deb era).

Several objects have been removed from the data files when upstream
switched to the Artistic license for PAK64.  These were files where the
author could not be contacted or did not wish to release his works under
the new license.

I don't have a list of dropped objects, but [1] makes me believe the
concrete lorry was among them.

Judging from the latest PAK64 snapshot[2], there does not seem to be a
new vehicle to transport concrete included upstream yet.

Regards,
Ansgar

[1] http://archive.forum.simutrans.com/topic/07673.0/index.html#msg67616
[2] http://simutrans-germany.com/~nightly/simutrans/index.php,
I tested PAK64 version 115.

-- 
PGP: 1024D/595FAD19  739E 2D09 0969 BEA9 9797  B055 DDB0 2FF7 595F AD19



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#508318: Should ketm be removed?

[Ansgar Burchardt]

Package: ketm
Version: 0.0.6-21
Severity: important

Hi,

I suggest removing ketm from Debian for the following reasons:

  * no fun, unfinished.  The README even says:

  Status/Is it playable?
  ==
  A bit, but not much fun yet. (No real levels, just a testbed for the
  enemy-formations).

  * dead upstream.  This includes the new page mentioned in #486486.

  * last upstream release in 2001

If noone objects, I will change this to a removal request later.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#413700: TLS support for cyradm available upstream

[Ansgar Burchardt]

Hi,

I'm also interested in TLS support for cyradm.  I noticed that
upstream has applied a patch to enable STARTLS for Cyrus::IMAP and
cyradm.  See [1] for an upstream bug report, relevant commits are (at
least) [2], [3], [4], [5].

Regards,
Ansgar

[1] https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2036
[2] 
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrus/perl/imap/cyradm.sh.diff?r1=1.13.2.4;r2=1.13.2.5
[3] 
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrus/perl/imap/IMAP.pm.diff?r1=1.19.2.3;r2=1.19.2.4
[4] 
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrus/perl/imap/IMAP.xs.diff?r1=1.23.4.2;r2=1.23.4.3
[5] 
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrus/perl/imap/IMAP/Shell.pm.diff?r1=1.31.2.4;r2=1.31.2.5



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#508505: liblocale-maketext-lexicon-perl: please install xgettext.pl in /usr/bin

[Ansgar Burchardt]

Package: liblocale-maketext-lexicon-perl
Version: 0.75-1
Severity: wishlist

Hi,

It would be nice to install xgettext.pl (currently provided in
examples/) in /usr/bin.  It's only a simple wrapper script, but it has
several features the `xgettext' (from gettext) does not provide, e.g.
support for Template Toolkit sources.

Regards,
Ansgar

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (900, 'testing'), (600, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages liblocale-maketext-lexicon-perl depends on:
ii  perl  5.10.0-18  Larry Wall's Practical Extraction 
ii  perl-modules [liblocale-maket 5.10.0-18  Core Perl modules

liblocale-maketext-lexicon-perl recommends no packages.

Versions of packages liblocale-maketext-lexicon-perl suggests:
ii  libhtml-parser-perl   3.56-1+b1  A collection of modules that parse
ii  libtemplate-perl  2.19-1.1lenny1 template processing system written
ii  libyaml-perl  0.66-1 YAML Ain't Markup Language (tm)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#508505: liblocale-maketext-lexicon-perl: please install xgettext.pl in /usr/bin

[Ansgar Burchardt]

Hi,

Damyan Ivanov d...@debian.org writes:
 -=| Ansgar Burchardt, Thu, Dec 11, 2008 at 09:43:29PM +0100 |=-
 It would be nice to install xgettext.pl (currently provided in
 examples/) in /usr/bin.  It's only a simple wrapper script, but it has
 several features the `xgettext' (from gettext) does not provide, e.g.
 support for Template Toolkit sources.

 The problem with installing that in /usr/bin is that

 (1) .pl extension is to be avoided, and if we obey that rule,
 (2) the package would have to conflict with gettext, on which depend 
 ~50 other packages.

 How about installing xgettext.pl as /usr/bin/xgettext-lexicon? That 
 could work, provided someone writes a man page for it :)

Why not just keep the name xgettext.pl in this case?  It is less
confusing than a completely different name.  Also other documentation
(e.g. Catalyst::Plugin::I18N::Manual) refers to xgettext.pl.

xgettext.pl already provides documentation, all that is needed is a
pod2man run :-)

Regards,
Ansgar

-- 
PGP: 1024D/595FAD19  739E 2D09 0969 BEA9 9797  B055 DDB0 2FF7 595F AD19



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#508505: liblocale-maketext-lexicon-perl: please install xgettext.pl in /usr/bin

[Ansgar Burchardt]

Hi,

Damyan Ivanov d...@debian.org writes:
 -=| Ansgar Burchardt, Fri, Dec 12, 2008 at 07:04:05PM +0100 |=-
 Why not just keep the name xgettext.pl in this case?  It is less
 confusing than a completely different name.  Also other documentation
 (e.g. Catalyst::Plugin::I18N::Manual) refers to xgettext.pl.

 We have a precedent -- thread starts at 
 http://lists.debian.org/debian-perl/2007/11/msg00035.html.

 At the end the script was renamed

`par' and `par-archive' do quite different things though.  In
xgettext{,.pl}'s case both programs perform a similar task so there is
less chance of confusion.

 The relevant text from Policy §10.4 is

   When scripts are installed into a directory in the system PATH, the 
   script name should not include an extension such as .sh or .pl that 
   denotes the scripting language currently used to implement it.

 So I think that an alternate xgettext implementation should use 
 alternate name, without extension.

 xgettext-ng? :)

I admit not liking this section from policy ;-)  I understand the
intention behind this, but in my opinion renaming programs *only* in
Debian causes more harm than good.  Documentation points to programs
that do not exist, scripts (and Makefiles) will have to be adapted
specifically for Debian...

Regards,
Ansgar

-- 
PGP: 1024D/595FAD19  739E 2D09 0969 BEA9 9797  B055 DDB0 2FF7 595F AD19



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#432361: patch to solve crash on exit

[Ansgar Burchardt]

package jumpnbump
tags 432361 + patch upstream
thanks

Hi,

The attached patch solves the problem for me.  It is also available from
the Git repository on repo.or.cz[1].

Regards,
Ansgar

[1] http://repo.or.cz/w/jumpnbump.git

-- 
PGP: 1024D/595FAD19  739E 2D09 0969 BEA9 9797  B055 DDB0 2FF7 595F AD19
From 3b256e0e683a0a41dff71f0e00b4458ae40ef7e5 Mon Sep 17 00:00:00 2001
From: Ansgar Burchardt ansgar-gu...@alioth.debian.org
Date: Sat, 13 Dec 2008 14:33:50 +0100
Subject: [PATCH] exit fullscreen mode early to avoid crash

Jump'n'bump would crash when leaving the game from fullscreen mode and
sound was available.  This patch makes Jump'n'bump exit fullscreen
mode early.

see http://bugs.debian.org/432361
---
 main.c |3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/main.c b/main.c
index 76c9463..2db1f18 100644
--- a/main.c
+++ b/main.c
@@ -3324,6 +3324,8 @@ void deinit_program(void)
 	__dpmi_regs regs;
 #endif
 
+	exit_fullscreen();
+
 	dj_stop();
 	dj_free_mod(MOD_MENU);
 	dj_free_mod(MOD_GAME);
@@ -3338,7 +3340,6 @@ void deinit_program(void)
 		free(mask_pic);
 
 	remove_keyb_handler();
-	exit_fullscreen();
 
 #ifdef DOS
 	regs.x.ax = 0x3;
-- 
1.5.6.5

Bug#487333: patch to make Jump'n'bump handle quit event

[Ansgar Burchardt]

package jumpnbump
tags 487333 + patch upstream
thanks

Hi,

The attached patch makes Jump'n'bump handle the SDL quit event.
It is also available from the Git repository[1].

Regards,
Ansgar

[1] http://repo.or.cz/w/jumpnbump.git

-- 
PGP: 1024D/595FAD19  739E 2D09 0969 BEA9 9797  B055 DDB0 2FF7 595F AD19



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#487333: patch to make Jump'n'bump handle quit event

[Ansgar Burchardt]

Ansgar Burchardt ans...@2008.43-1.org writes:
 The attached patch makes Jump'n'bump handle the SDL quit event.

This time I won't forget to attach it ;-)

Regards,
Ansgar

-- 
PGP: 1024D/595FAD19  739E 2D09 0969 BEA9 9797  B055 DDB0 2FF7 595F AD19
From f18a70c85ebce8842da18ac0333b4d6db8f8479f Mon Sep 17 00:00:00 2001
From: Ansgar Burchardt ansgar-gu...@alioth.debian.org
Date: Sat, 13 Dec 2008 15:00:01 +0100
Subject: [PATCH] handle SDL quit event

This patch makes Jump'n'bump quit when pressing the close button or
using other means to ask Jump'n'bump to quit (e.g. Alt+F4).

See http://bugs.debian.org/487333
---
 sdl/interrpt.c |3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/sdl/interrpt.c b/sdl/interrpt.c
index 91a27ab..d6ab688 100644
--- a/sdl/interrpt.c
+++ b/sdl/interrpt.c
@@ -419,6 +419,9 @@ int intr_sysupdate()
 break;
 			}
 			break;
+		case SDL_QUIT:
+			deinit_program();
+			break;
 		default:
 			break;
 		}
-- 
1.5.6.5

Bug#508646: libsdl1.2-dev: uses C++ style comments in C header files

[Ansgar Burchardt]

Package: libsdl1.2-dev
Version: 1.2.13-2
Severity: normal

Hi,

At least /usr/include/SDL/begin_code.h uses C++ style comments in some
places.  This causes annoying compiler warnings:

  gcc -W -Wall -pedantic `sdl-config --cflags` -c test.c

outputs 100 lines saying that C++ style comments are not allowed in
C90.  (test.c only includes a #include SDL.h)

Regards,
Ansgar

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (900, 'testing'), (600, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libsdl1.2-dev depends on:
ii  libglu1-mesa-dev [libglu-dev] 7.0.3-6The OpenGL utility library -- deve
ii  libsdl1.2debian   1.2.13-2   Simple DirectMedia Layer
ii  libx11-dev2:1.1.5-2  X11 client-side library (developme

Versions of packages libsdl1.2-dev recommends:
ii  libaa1-dev   1.4p5-37+b1 ascii art library, development kit
ii  libartsc0-dev1.5.9-2 development files for the aRts sou
ii  libasound2-dev   1.0.16-2ALSA library development files
ii  libaudio-dev 1.9.1-5 Network Audio System - development
pn  libcaca-dev  none  (no description available)
pn  libcucul-dev none  (no description available)
ii  libdirectfb-dev  1.0.1-11direct frame buffer graphics libra
pn  libesd0-dev  none  (no description available)
ii  libsvga1-dev 1:1.4.3-27  console SVGA display development l
ii  libxext-dev  2:1.0.4-1   X11 miscellaneous extensions libra
ii  libxt-dev1:1.0.5-3   X11 toolkit intrinsics library (de

libsdl1.2-dev suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#507307: simutrans: crashes with powerbridges

[Ansgar Burchardt]

package simutrans
severity 507307 important
tags 507307 + pending
thanks

Hi,

Ilpo Järvinen ilpo.jarvi...@helsinki.fi writes:

 On Sun, 30 Nov 2008, Ansgar Burchardt wrote:

 Ilpo Järvinen\ ilpo.jarvi...@helsinki.fi writes:
 
  2) Building across square which has straight down/up elevation
  (eg., make a single square to have one level above the rest,
  not using the sloped but non-sloped, direct elevation and try
  building the powerbridge across there, I don't remember if normal
  powerline building crashed as well, at least the powerbridge did).
 
 Crashes for me as well.
 
 I'll try to take a look at this when I have a bit more time.

 I looked into upstream logs... it seems that at least r1929 seems to fix 
 something that might be related.

Thanks for looking at this.  The change does fix the problem.

I will prepare an upload and ask for the fix to be included in Lenny as
well.

Regards,
Ansgar

-- 
PGP: 1024D/595FAD19  739E 2D09 0969 BEA9 9797  B055 DDB0 2FF7 595F AD19



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#516621: libwww-perl path disclosure

[Ansgar Burchardt]

Hi,

I cannot reproduce your problem here.  Only the filename (without path) is
send here:

% perl -MHTTP::Request::Common -e print POST('http://127.0.0.1', 
content_type = 'multipart/form-data', content = [ filecontent = 
['/dev/null'] ])-as_string
POST http://127.0.0.1
Content-Length: 119
Content-Type: multipart/form-data; boundary=xYzZY

--xYzZY
Content-Disposition: form-data; name=filecontent; filename=null
Content-Type: text/plain


--xYzZY--

and with LWP::UserAgent as well:

% nc -l -p 8000 
% perl -MLWP::UserAgent -MHTTP::Request::Common -e 
'LWP::UserAgent-new-request( POST(http://127.0.0.1:8000/;, content_type = 
multipart/form-data, content = [filecontent = [/dev/null]] ) )'
POST / HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Host: 127.0.0.1:8000
User-Agent: libwww-perl/5.820
Content-Length: 119
Content-Type: multipart/form-data; boundary=xYzZY

--xYzZY
Content-Disposition: form-data; name=filecontent; filename=null
Content-Type: text/plain


--xYzZY--

What do these output on your computer?  Is the path still included?

Regards,
Ansgar

-- System Information:
Debian Release: 5.0
  APT prefers testing
  APT policy: (900, 'testing'), (600, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libwww-perl depends on:
ii  libhtml-parser-perl  3.60-1  collection of modules that parse H
ii  libhtml-tagset-perl  3.20-2  Data tables pertaining to HTML
ii  libhtml-tree-perl3.23-1  represent and create HTML syntax t
ii  liburi-perl  1.37+dfsg-1 Manipulates and accesses URI strin
ii  netbase  4.34Basic TCP/IP networking system
ii  perl [libdigest-md5-perl]5.10.0-19   Larry Wall's Practical Extraction 

Versions of packages libwww-perl recommends:
ii  libcompress-zlib-perl 2.015-1Perl module for creation and manip
pn  libhtml-format-perl   none (no description available)
ii  libmailtools-perl 2.04-1 Manipulate email in perl programs

Versions of packages libwww-perl suggests:
ii  libio-socket-ssl-perl 1.22-1 Perl module implementing object or

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#517248: xboard does not start with -fcp gnuchess -fcp crafty or -fcp phalanx

[Ansgar Burchardt]

Hi,

xboard works fine in my Lenny chroot.

Is /usr/games in your path?  If not, you have to run

/usr/games/xboard -fcp /usr/games/gnuchess

Regards,
Ansgar

-- 
PGP: 1024D/595FAD19  739E 2D09 0969 BEA9 9797  B055 DDB0 2FF7 595F AD19



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#520976: simutrans fails to start while reading menu configuration

[Ansgar Burchardt]

Hi,

Ramiro ramirosimoeslo...@gmail.com writes:

 Version: 100.0+ds1-4
 ii  simutrans-pak64101.0-2

I can reproduce your problem with simutrans 100.0+ds1-4 and
simutrans-pak64 102.0-1, but it works fine with the same version of
simutrans and simutrans-pak64 installed.  Can you please check if this
solves the problem for you?  Just updating to the version currently in
testing should be enough.

 I had a fresh install of Lenny before and I was getting the same
 error.

Did you get the error with both simutrans and simutrans-pak64 from
Lenny?

Regards,
Ansgar

-- 
PGP: 1024D/595FAD19  739E 2D09 0969 BEA9 9797  B055 DDB0 2FF7 595F AD19



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#521342: Jabber/XMPP: Does not allow to change Resource name for accounts

[Ansgar Burchardt]

Package: pidgin
Version: 2.5.5-1
Severity: wishlist

Hi,

Pidgin does not allow to change the Resource name used by Jabber/XMPP
accounts later.

Select Accounts - ... (XMPP) - Edit and the Resource field is
disabled in the dialog window.  It would be nice if this could be
changed after the initial set-up in pidgin as well.

Regards,
Ansgar

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.28-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages pidgin depends on:
ii  gconf2   2.24.0-7GNOME configuration database syste
ii  libatk1.0-0  1.24.0-2The ATK accessibility toolkit
ii  libc62.9-6   GNU C Library: Shared libraries
ii  libcairo21.8.6-2+b1  The Cairo 2D vector graphics libra
ii  libdbus-1-3  1.2.12-1simple interprocess messaging syst
ii  libdbus-glib-1-2 0.80-3  simple interprocess messaging syst
ii  libglib2.0-0 2.20.0-2The GLib library of C routines
ii  libgstreamer0.10-0   0.10.22-2   Core GStreamer libraries and eleme
ii  libgtk2.0-0  2.14.7-4+b1 The GTK+ graphical user interface 
ii  libgtkspell0 2.0.13-2a spell-checking addon for GTK's T
ii  libice6  2:1.0.5-1   X11 Inter-Client Exchange library
ii  libpango1.0-01.22.4-2Layout and rendering of internatio
ii  libpurple0   2.5.5-1 multi-protocol instant messaging l
ii  libsm6   2:1.1.0-2   X11 Session Management library
ii  libstartup-notification0 0.9-1   library for program launch feedbac
ii  libx11-6 2:1.2-1 X11 client-side library
ii  libxss1  1:1.1.3-1   X11 Screen Saver extension library
ii  perl 5.10.0-19   Larry Wall's Practical Extraction 
ii  perl-base [perlapi-5.10.0]   5.10.0-19   minimal Perl system
ii  pidgin-data  2.5.5-1 multi-protocol instant messaging c

Versions of packages pidgin recommends:
pn  gstreamer0.10-plugins-basenone (no description available)
pn  gstreamer0.10-plugins-goodnone (no description available)

Versions of packages pidgin suggests:
pn  evolution-data-server none (no description available)
pn  gnome-panel | kdebase-workspa none (no description available)
ii  libsqlite3-0  3.6.11-1   SQLite 3 shared library

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#521497: request-tracker3.6: Small problems with German translation

[Ansgar Burchardt]

Package: request-tracker3.6
Version: 3.6.7-5
Severity: minor
File: /usr/share/request-tracker3.6/lib/RT/I18N/de.po
Tags: patch l10n

Hi,

I noticed two small problems with the German translation:

The permissions TakeTicket and StealTicket are *both* translated as
AnfrageÜbernehmen.  I changed every Steal with stehlen (which was
already used for Stolen from %1 as well).

In Anfragen sollten erlegt werden innerhalb the erlegt should be
replaced by erledigt.

I attached a patch for de.po.

Regards,
Ansgar

-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages request-tracker3.6 depends on:
ii  dbconfig-common  1.8.39  common framework for packaging dat
ii  debconf [debconf-2.0]1.5.24  Debian configuration management sy
ii  libapache-session-perl   1.86-1  Perl modules for keeping persisten
ii  libcache-simple-timedexpiry- 0.27-2  Perl module to cache and expire ke
ii  libcalendar-simple-perl  1.20-1  Perl extension to create simple ca
ii  libclass-returnvalue-perl0.55-1  A return-value object that lets yo
ii  libcss-squish-perl   0.07-1  Compact many CSS files into one bi
ii  libdbi-perl  1.605-1 Perl5 database interface by Tim Bu
ii  libdbix-searchbuilder-perl   1.54-1  Encapsulate SQL queries and rows i
ii  libdevel-stacktrace-perl 1.1902-1Stack trace and stack trace frame 
ii  libgd-graph-perl 1.44-3  Graph Plotting Module for Perl 5
ii  libgd-text-perl  0.86-5  Text utilities for use with GD
ii  libhtml-mason-perl   1:1.39-1HTML::Mason Perl module
ii  libhtml-parser-perl  3.56-1+b1   A collection of modules that parse
ii  libhtml-scrubber-perl0.08-4  Perl extension for scrubbing/sanit
ii  liblocale-maketext-fuzzy-per 0.02-3  Maketext from already interpolated
ii  liblocale-maketext-lexicon-p 0.66-1  Lexicon-handling backends for Loc
ii  liblog-dispatch-perl 2.18-1  Dispatches messages to multiple Lo
ii  libmailtools-perl2.03-1  Manipulate email in perl programs
ii  libmime-tools-perl [libmime- 5.427-1 Perl5 modules for MIME-compliant m
ii  libmodule-versions-report-pe 1.05-1  Report versions of all modules in 
ii  libregexp-common-perl2.122-1 Provide commonly requested regular
ii  libtext-autoformat-perl  1.14.0-1Perl module for automatic text wra
ii  libtext-template-perl1.44-1.2Text::Template perl module
ii  libtext-wikiformat-perl  0.78-1  translates Wiki formatted text int
ii  libtext-wrapper-perl 1.02-1  Simple word wrapping routine
ii  libtime-modules-perl 2006.0814-2 Various Perl modules for time/date
ii  libtimedate-perl 1.1600-9Time and date functions for Perl
ii  libtree-simple-perl  1.18-1  A simple tree object
ii  libuniversal-require-perl0.11-1  Load modules from a variable
ii  libxml-rss-perl  1.33-1  Perl module for managing RSS (RDF 
ii  libxml-simple-perl   2.18-1  Perl module for reading and writin
ii  perl 5.10.0-19   Larry Wall's Practical Extraction 
ii  postfix [mail-transport-agen 2.5.5-1.1   High-performance mail transport ag
ii  rsyslog [system-log-daemon]  3.18.6-4enhanced multi-threaded syslogd
ii  rt3.6-apache23.6.7-5 Apache 2 specific files for reques
ii  rt3.6-clients3.6.7-5 Mail gateway and command-line inte
ii  rt3.6-db-postgresql  3.6.7-5 PostgreSQL database backend for re
ii  ucf  3.0016  Update Configuration File: preserv

Versions of packages request-tracker3.6 recommends:
ii  libtext-quoted-perl   2.05-2 Extract the structure of a quoted 

Versions of packages request-tracker3.6 suggests:
pn  rt3.6-rtfmnone (no description available)

-- debconf information excluded
--- de.po.ori	2009-03-27 22:42:08.248095496 +0100
+++ de.po	2009-03-27 22:43:53.402247118 +0100
@@ -3639,7 +3639,7 @@
 
 #: html/Admin/Queues/Modify.html:96
 msgid Requests should be due in
-msgstr Anfragen sollten erlegt werden innerhalb
+msgstr Anfragen sollten erledigt werden innerhalb
 
 #: lib/RT/Attribute_Overlay.pm:146
 #. ('Object')
@@ -4172,15 +4172,15 @@
 
 #: html/Ticket/Elements/Tabs:178
 msgid Steal
-msgstr Übernehmen
+msgstr Stehlen
 
 #: lib/RT/Queue_Overlay.pm:117
 msgid Steal tickets
-msgstr Anfragen übernehmen
+msgstr Anfragen stehlen
 
 #: lib/RT/Queue_Overlay.pm:117
 msgid StealTicket
-msgstr AnfrageÜbernehmen
+msgstr AnfrageStehlen
 
 #: lib/RT/Transaction_Overlay.pm:678
 #. ($Old-Name)

Bug#517453: gnome-chess: Applications- Games - Chess cannot connect to the internet chess server

[Ansgar Burchardt]

Hi,

Piotr upite...@lycos.com writes:
 The internet chess server is configured under gnome-chess settings.
 If I start Applications- Games - Chess then it doesn't connect to
 the internet chess server

Works here.

Did you select New - Servers - ... after starting gnome-chess?
Which server did you try to connect to and what did you enter in the
connect program field?

Regards,
Ansgar

-- 
PGP: 1024D/595FAD19  739E 2D09 0969 BEA9 9797  B055 DDB0 2FF7 595F AD19



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#517453: gnome-chess: Applications- Games - Chess cannot connect to the internet chess server

[Ansgar Burchardt]

severity 517453 important # Still usable to play against gnuchess
thanks

Hi,

cc cc upite...@lycos.com writes:

 I tried to connect to: freechess.org or chessanytime.com and in the
 connect program field I have telnet.
 It seems to connecting, but I cannot write anything at the command
 prompt.

What does the server window say?  When you start gnome-chess from a
shell, does it display any messages if you try to write something?

Can you connect to the server by running `telnet freechess.org 5000'?

 The second problem is the size of the gnome-chess application, it is
 to big for my notebook screen resolution 1280 x 800 and I cannot
 resize it. After start the size is very small, but if I try connect to
 the server then the size change automaticaly and it's to big.

Please file a separate bug report for each problem.

Regards,
Ansgar

-- 
PGP: 1024D/595FAD19  739E 2D09 0969 BEA9 9797  B055 DDB0 2FF7 595F AD19



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#517453: gnome-chess: Applications- Games - Chess cannot connect to the internet chess server

[Ansgar Burchardt]

Hi,

cc cc upite...@lycos.com writes:
 If I start gnome-chess from a shell, connect to a chess server and try
 to write something in a black window then it doesn't work.
 The shell doesn't show any messages.

There should be an input field *below* the terminal window where you can
enter text.  I assume you cannot see it because of #517691.

Can you at least see incoming messages from the server?

Regards,
Ansgar

-- 
PGP: 1024D/595FAD19  739E 2D09 0969 BEA9 9797  B055 DDB0 2FF7 595F AD19



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#517453: gnome-chess: Applications- Games - Chess cannot connect to the internet chess server

[Ansgar Burchardt]

retitle 517453 gnome-chess: Cannot sent return to server
tags 517453 + pending
thanks

Hi,

gnome-chess does not allow to send an empty line to the server.  As a
workaround, just enter something when the server asks you to press
return.

Regards,
Ansgar

-- 
PGP: 1024D/595FAD19  739E 2D09 0969 BEA9 9797  B055 DDB0 2FF7 595F AD19



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#517423: dh-make-perl: Should ignore $HOME/.modulebuildrc

[Ansgar Burchardt]

Hi,

Damyan Ivanov d...@debian.org writes:

 That won't work with short DH7 debian/rules dh-make-perl uses 
 nowadays.

 I guess putting MODULEBUILDRC=/dev/null in the environment before 
 firing dpkg-buildpackage is a better idea (provided that 
 dpkg-buildpackage doesn't sanitize the environment).

What about patching dh_auto_{configure,build} to export MODULEBUILDRC?
Building Debian packages should not depend on the user's environment
after all.

The quilt makefile snippet handles the situation similar: it passes
--quiltrc /dev/null explicitly whenever quilt is called.

Regards,
Ansgar

-- 
PGP: 1024D/595FAD19  739E 2D09 0969 BEA9 9797  B055 DDB0 2FF7 595F AD19



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#471572: SVN::Client still leaks file descriptors

[Ansgar Burchardt]

Version: 1.6.11dfsg-1

Hi,

I can still reproduce this problem in the latest version.
If you run the attached script, you can see that SVN::Client opens ever
more connections without closing them again.

Regards,
Ansgar
#! /usr/bin/perl

use strict;
use warnings;

use SVN::Client;

my $url = svn://svn.debian.org/pkg-perl/trunk/libhtml-formfu-perl/debian/compat;

my $ctx = new SVN::Client;
open my $null, , /dev/null or die Could not open /dev/null: $!;

for (1..10) {
  $ctx-cat($null, $url, 'HEAD');
  system(ls, -l, /proc/$$/fd);
}

Bug#495966: openarena: still build with copy of libjpeg

[Ansgar Burchardt]

unarchive 495966
reopen 495966
notfixed 495966 0.8.1-1
thanks

Hi,

the patch was not applied in 0.8.1-1 [1] or any later revision.  I tried
building openarena with the patch applied, but it does not work
correctly: there are missing textures (for example the ground in some
levels or the rocket launcher).

Regards,
Ansgar

[1] 
http://svn.debian.org/viewsvn/pkg-games/packages/tags/openarena/0.8.1-1/debian/patches/series?revision=8752view=markup



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#585818: ITP: libmath-base36-perl -- Perl module for encoding and decoding of base36 strings

[Ansgar Burchardt]

Package: wnpp
Severity: wishlist
Owner: Ansgar Burchardt ans...@43-1.org

* Package name: libmath-base36-perl
  Version : 0.07
  Upstream Author : Brian Cassidy bri...@cpan.org
* URL : http://search.cpan.org/dist/Math-Base36/
* License : Artistic or GPL-1+
  Programming Lang: Perl
  Description : Perl module for encoding and decoding of base36 strings

 Math::Base36 converts to and from Base36 numbers (0..9 - A..Z).

This module is required by a new upstream release of libdbix-class-perl.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#585817: atd should be started automatically

[Ansgar Burchardt]

tags 585817 + moreinfo
thanks

Hi,

Vincent Lefevre vinc...@vinc17.net writes:
 I've noticed that the atd daemon wasn't running (the at jobs
 remained in the queue). I had to execute:

   /etc/init.d/atd start

When does atd not start? At installation time or on boot?
Are the symlinks in /etc/rc?.d set up correctly?

I cannot reproduce the problem here: after purging and reinstalling at,
the daemon is started and the symlinks in /etc/rc?.d are set up.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#585888: Proposed-RM: libconfig-ini-mvp-perl -- RoM: uninstallable, in part replaced by libconfig-mvp-reader-ini-perl

[Ansgar Burchardt]

Package: libconfig-ini-mvp-perl
Version: 0.024-1
Severity: serious

Hi,

libconfig-ini-mvp-perl has been packaged as a dependency of
libdist-zilla-perl [1][2], but that part has moved to a separate package
(libconfig-mvp-reader-ini-perl).  The reason to package it in the first
place is thus gone.

In addition the latest update of libconfig-mvp-perl has made
libconfig-ini-mvp-perl uninstallable [3].  To make it installable again,
the part that was moved to a different package upstream would have to be
removed (which has not happened upstream yet).

As there are no r-deps and the installation count reported by popcon is
also quite low (it was likely only installed as a dependency anyway), I
propose to remove this package.

If there are no objections, I will reassign this bug to the FTP team
after a while.

Regards,
Ansgar

[1] 
http://packages.qa.debian.org/libc/libconfig-ini-mvp-perl/news/20091223T194706Z.html
[2] http://bugs.debian.org/562102
[3] 
http://packages.qa.debian.org/libc/libconfig-mvp-perl/news/20100529T114707Z.html



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#586275: sbuild: alternative build-deps and Provides do not work correctly

[Ansgar Burchardt]

Package: sbuild
Version: 0.60.0-1
Severity: normal

Hi,

sbuild does not handle alternative dependencies that are also Provided
by another package correctly:

libcpan-meta-perl_2.101670-1 has a build-dependency on
libversion-perl (= 1:0.8200) | perl (= 5.12).  libversion-perl is also
provided by perl-modules.

sbuild fails to resolve this dependency:

  libversion-perl: non-matching version installed (~*=PROVIDED=*= ! = 1:0.8200)
  Using default version 1:0.8200-1
  perl: non-matching version installed (5.10.1-13 ! = 5.12)
  Default version of perl not sufficient, Package installation not possible
  Source-dependencies not satisfied; skipping libcpan-meta-perl

Somehow it looks like it wants to install both alternatives?

When the alternative on perl (= 5.12) is removed, sbuild builds the
package just fine.

Regards,
Ansgar

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (900, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages sbuild depends on:
ii  adduser   3.112  add and remove users and groups
ii  libsbuild-perl0.60.0-1   Tool for building Debian binary pa
ii  perl  5.10.1-13  Larry Wall's Practical Extraction 
ii  perl-modules  5.10.1-13  Core Perl modules

Versions of packages sbuild recommends:
ii  debootstrap   1.0.23 Bootstrap a basic Debian system
ii  fakeroot  1.14.4-1   Gives a fake root environment

Versions of packages sbuild suggests:
pn  deborphan none (no description available)
ii  wget  1.12-2 retrieves files from the web

-- Configuration Files:
/etc/sbuild/nssdatabases-defaults changed [not included]

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#586275: [buildd-tools-devel] Bug#586275: sbuild: alternative build-deps and Provides do not work correctly

[Ansgar Burchardt]

Roger Leigh rle...@codelibre.net writes:

 On Fri, Jun 18, 2010 at 11:50:04AM +0900, Ansgar Burchardt wrote:
 sbuild does not handle alternative dependencies that are also Provided
 by another package correctly:
 
 libcpan-meta-perl_2.101670-1 has a build-dependency on
 libversion-perl (= 1:0.8200) | perl (= 5.12).  libversion-perl is also
 provided by perl-modules.

 I'm afraid this is a long-standing issue with sbuild.  Alternative
 build-dependencies are just not supported.  You'll see there are
 a number of existing bug reports regarding this issue.

 Note that one disadvantage of them is that it can potentially make
 builds non-deterministic, which is probably why not much effort
 went in to making them work.

As far as I know, sbuild's internal resolver tries to satisfy the first
alternative.  But the problem in this case is caused by sbuild trying to
satisfy *both* alternative dependencies instead of ignoring everything
but the first alternative.

sbuild should only install libversion-perl instead of both
libversion-perl and perl 5.12.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#566303: maypole: depends on removed package: libclass-dbi-loader-relationship-perl

[Ansgar Burchardt]

Hi,

this bug was tagged as pending in April 2010, but no upload has happened
since.  Is the problem really solved?

I plan to request removal from testing for maypole and its r-deps as it
currently keeps libclass-dbi-loader-relationship-perl in testing which
Debian has no license to distribute.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#587972: RM: maypole/1.2-5, memories/2.11+2.111-2

[Ansgar Burchardt]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

Hi,

please remove maypole/1.2-5 and memories/2.11+2.111-2 from testing.
maypole depends on libclass-dbi-loader-relationship-perl [1] which can
therefore not be removed from testing.  Note that is has already been
removed from oldstable, stable and unstable due to license problems [2].

memories is a reverse dependency and thus must be removed as well.

Regards,
Ansgar

[1] http://bugs.debian.org/566303
[2] http://bugs.debian.org/566270



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#579028: pbuilder: installs untrusted packages without asking

[Ansgar Burchardt]

Hi,

Junichi Uekawa dan...@netfort.gr.jp writes:
 severity 579028 wishlist

I don't agree with this as this bug allows arbitrary code execution as
root (see below).

 Mehdi Dogguy wrote:
 Can you please explain how this will break all existing configurations?
 Does it mean that all people are using untrusted repositories when using
 pbuilder?

Yes, it does.  If you intercept and manipulate both the request for
archive metadata (Release, Packages) and later a request for a *.deb you
should be able to execute arbitrary code on the victim's host (with root
privileges).  Of course you have to know which package the victim will
install and have to prepare a malicious .deb before.

Regarding local repositories: These work fine if you sign them with a
local key and make this key known to APT.  When using reprepro, this
requires only generating a key, adding SignWith: [key-id] to the
configuration and calling apt-key to make the key known to APT.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#587991: perl-policy: /etc/perl missing from Module Path

[Ansgar Burchardt]

Package: debian-policy
Version: 3.9.0.0
Severity: minor

Hi,

perl/5.8.0-7 added /etc/perl to @INC:

  * Prepend /etc/perl to @INC to provide a standard location for
configuration modules:

But this addition has never been documented in the Debian Perl Policy.
I suggest to add /etc/perl to the list of location in the Module Path
section.

A simple patch doing so is attached below, but it might be a good idea to
document what configuration modules are and what the etc tag means (only
core, vendor and site are explained above, but none of those matches the
use of /etc/perl).

Regards,
Ansgar

diff --git a/perl-policy.sgml b/perl-policy.sgml
index 3b76b94..8b98ab8 100644
--- a/perl-policy.sgml
+++ b/perl-policy.sgml
@@ -139,6 +139,15 @@
  has been ordered to include these locations in the following
  order:
  taglist
+   tagvaretc/var/tag
+   item
+ p
+   Configuration modules.
+   example
+/etc/perl
+   /example
+ /p
+   /item
tagvarsite/var (current)/tag
item
  p



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#588017: perl: current directory in @INC potentially harmful

[Ansgar Burchardt]

Package: perl
Version: 5.10.1-13
Severity: grave
Tags: security

Hi,

perl includes the current directory as the last element in @INC when not
running in taint mode (-T).  As many modules try to load other modules
that may or may not be installed, this can result in code execution.

Example:

libtext-csv-perl is installed, libtext-csv-xs-perl is not installed.
When running perl -mText::CSV (or running any program using Text::CSV)
the file ./Text/CSV_XS.pm is loaded and the contained code executed.

Other examples include libjson-perl recommending libjson-xs-perl and
libyaml-perl recommending libyaml-syck-perl.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#588035: Sbuild::AptitudeBuildDepSatisfier: Always passes Aptitude::CmdLine::Ignore-Trust-Violations=true

[Ansgar Burchardt]

Package: sbuild
Version: 0.60.0-1
Severity: important

Hi,

Sbuild::AptitudeBuildDepSatisfier always passes the option
Aptitude::CmdLine::Ignore-Trust-Violations=true to aptitude, allowing
the installation of unauthenticated packages.  I think this should
depend on the $apt_allow_unauthenticated option in the configuration
file:

  # Force APT to accept unauthenticated packages.
  # This is disabled by default: only enable it if you know what you are
  # doing.
  #$apt_allow_unauthenticated = 0;

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#587972: RM: maypole/1.2-5, memories/2.11+2.111-2

[Ansgar Burchardt]

Hi,

Ben Hutchings b...@decadent.org.uk writes:

 Ben, you mentioned recently in the bug log that you were trying to
 contact the original author of libclass-dbi-loader-relationship-perl;
 have you had any luck with that?

 Yes, we now have a proper licence for version 1.2 and I prepared a new
 package today.  I have asked the previous maintainer, Bart Martens,
 whether he wants to resume maintenance or whether I should make a QA
 upload.

The Debian Perl Group was working on taking over maintenance when we
noticed the license problem that led to the removal of the package.
As we now have a license for the older 1.2 version, I guess we can
handle future maintenance.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#588118: libmoose-perl [ia64]: test failures

[Ansgar Burchardt]

Package: libmoose-perl
Version: 1.06-1
Severity: serious
Justification: fails to build from source

The tests for libmoose-perl fail on ia64 since version 1.06.  At first
glance none of the changes looks likely to have introduced this
regression:

The only change in 1.06 was a new feature:

  [NEW FEATURES]
  * Added '0+' overloading in Moose::Meta::TypeConstraint so that we
can more uniformly compare type constraints between 'classic' Moose
type constraints and MooseX::Types based type constraints.

Which was accomplished by these changes:

--- a/lib/Moose/Meta/TypeConstraint.pm
+++ b/lib/Moose/Meta/TypeConstraint.pm
@@ -5,7 +5,9 @@ use strict;
 use warnings;
 use metaclass;
 
-use overload '' = sub { shift-name },   # stringify to tc name
+use overload '0+' = sub { refaddr(shift) }, # id an object
+ '' = sub { shift-name },   # stringify to tc name
+ bool = sub { 1 },
  fallback = 1;
 
 use Scalar::Util qw(blessed refaddr);
@@ -133,7 +135,7 @@ sub equals {
 
 my $other = 
Moose::Util::TypeConstraints::find_type_constraint($type_or_name) or return;
 
-return 1 if refaddr($self) == refaddr($other);
+return 1 if $self == $other;
 
 if ( $self-has_hand_optimized_type_constraint and 
$other-has_hand_optimized_type_constraint ) {
 return 1 if $self-hand_optimized_type_constraint == 
$other-hand_optimized_type_constraint;

Also a new test was introduced.

There are no changes to the XS code, even the version of Class::MOP (1.02) is
the same version use to build Moose 1.05 where the tests passed.  The tests
also passed on all other architectures.

I don't have access to a ia64 host so I cannot really investigate this problem
myself.  One of the many reasons I look forward to finally finish waiting for
NM to proceed someday :-/

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#588035: [buildd-tools-devel] Bug#588035: Sbuild::AptitudeBuildDepSatisfier: Always passes Aptitude::CmdLine::Ignore-Trust-Violations=true

[Ansgar Burchardt]

tags 588035 + patch
thanks

Roger Leigh rle...@codelibre.net writes:

 On Sun, Jul 04, 2010 at 07:56:49PM +0900, Ansgar Burchardt wrote:
 Sbuild::AptitudeBuildDepSatisfier always passes the option
 Aptitude::CmdLine::Ignore-Trust-Violations=true to aptitude, allowing
 the installation of unauthenticated packages.  I think this should
 depend on the $apt_allow_unauthenticated option in the configuration
 file:
 
   # Force APT to accept unauthenticated packages.
   # This is disabled by default: only enable it if you know what you are
   # doing.
   #$apt_allow_unauthenticated = 0;

 This certainly looks like we should be defaulting to what is
 set in $apt_allow_unauthenticated, unless there's some reason
 not to do that for dependency resolving?  Do you see any
 problems if you set
 Aptitude::CmdLine::Ignore-Trust-Violations=false ?

I changed the setting in the source and it works just fine.  I have
prepared two patches to

 · No longer pass '-o Apt::Install-Recommends=false' to aptitude.
   This option is implied by --without-recommends according to
   aptitude(8).
   (This should only be a cosmetic change.)

 · Set the value of Aptitude::CmdLine::Ignore-Trust-Violations depending
   on the $apt_allow_unauthenticated option.

The patches are against the 0.60.0 version currently in unstable.

I tested the patch with $apt_allow_unauthenticated set to both true and
false and the correct option is passed to aptitude.

Regards,
Ansgar
From dfd1dd20fd4fe57357e3f03e256b59ae700958b6 Mon Sep 17 00:00:00 2001
From: Ansgar Burchardt ans...@43-1.org
Date: Mon, 5 Jul 2010 17:02:24 +0900
Subject: [PATCH 1/2] Do not pass -o Apt::Install-Recommends=false to aptitude

The option --without-recommends corresponds to the configuration options
Apt::Install-Recommends and Apt::AutoRemove::InstallRecommends.  There
is no need to pass the option explicitly.

Signed-off-by: Ansgar Burchardt ans...@43-1.org
---
 lib/Sbuild/AptitudeBuildDepSatisfier.pm |1 -
 1 files changed, 0 insertions(+), 1 deletions(-)

diff --git a/lib/Sbuild/AptitudeBuildDepSatisfier.pm b/lib/Sbuild/AptitudeBuildDepSatisfier.pm
index 6dbf287..6f362b2 100644
--- a/lib/Sbuild/AptitudeBuildDepSatisfier.pm
+++ b/lib/Sbuild/AptitudeBuildDepSatisfier.pm
@@ -152,7 +152,6 @@ EOF
 	'aptitude', 
 	'-y', 
 	'--without-recommends', 
-	'-o', 'APT::Install-Recommends=false', 
 	'-o', 'Aptitude::CmdLine::Ignore-Trust-Violations=true', 
 	'-o', 'Aptitude::ProblemResolver::StepScore=100', 
 	'install',
-- 
1.7.1

From 629b9fb435c8fce2693b49eb24a349b28b19ce41 Mon Sep 17 00:00:00 2001
From: Ansgar Burchardt ans...@43-1.org
Date: Mon, 5 Jul 2010 17:11:25 +0900
Subject: [PATCH 2/2] Do not ignore trust violations

Set the value of Aptitude::CmdLine::Ignore-Trust-Violations depending on
the $apt_allow_unauthenticated option.

Bug-Debian: http://bugs.debian.org/588035
Signed-off-by: Ansgar Burchardt ans...@43-1.org
---
 lib/Sbuild/AptitudeBuildDepSatisfier.pm |4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/lib/Sbuild/AptitudeBuildDepSatisfier.pm b/lib/Sbuild/AptitudeBuildDepSatisfier.pm
index 6f362b2..c4cec31 100644
--- a/lib/Sbuild/AptitudeBuildDepSatisfier.pm
+++ b/lib/Sbuild/AptitudeBuildDepSatisfier.pm
@@ -148,11 +148,13 @@ EOF
 
 my @non_default_deps = $self-get_non_default_deps($dep, {});
 
+my $ignore_trust_violations = $self-get_conf('APT_ALLOW_UNAUTHENTICATED') ? 'true' : 'false';
+
 my @aptitude_install_command = (
 	'aptitude', 
 	'-y', 
 	'--without-recommends', 
-	'-o', 'Aptitude::CmdLine::Ignore-Trust-Violations=true', 
+	'-o', Aptitude::CmdLine::Ignore-Trust-Violations=$ignore_trust_violations,
 	'-o', 'Aptitude::ProblemResolver::StepScore=100', 
 	'install',
 	$dummy_pkg_name,
-- 
1.7.1

Bug#586275: sbuild: alternative build-deps and Provides do not work correctly

[Ansgar Burchardt]

tags 586275 + patch
thanks

I prepared a patch for this bug which seems to work at least for my
problem:

1. Grab libdatetime-perl_2:0.5900-1 from the archive.
2. Change
 libmodule-build-perl (= 0.360100)
   to
 libmodule-build-perl (= 0.360100) | perl (= 5.12)
   in the Build-Depends field in debian/control.
3. Try to build the package with sbuild's internal resolver.

Expected behavior:
sbuild will be able to build the package and resolve dependencies in the
same way.

Observed behavior:
Building the package will abort with the following error message:

  perl: already installed (5.10.1-13)
  debhelper: missing
  Using default version 7.9.3
  libmodule-build-perl: non-matching version installed (~*=PROVIDED=*= ! = 
0.360100)
  Using default version 0.360700-1
  perl: non-matching version installed (5.10.1-13 ! = 5.12)
  Default version of perl not sufficient, Package installation not possible
  Source-dependencies not satisfied; skipping libdatetime-perl

After the patch is applied, sbuild is happy to only install the default
version of libmodule-build-perl and ignore the alternative dependency on
perl:

  perl: already installed (5.10.1-13)
  debhelper: missing
  Using default version 7.9.3
  libmodule-build-perl: non-matching version installed (~*=PROVIDED=*= ! = 
0.360100)
  Using default version 0.360700-1
  perl: already installed (5.10.1-13 = 5.10.1 is satisfied)
  libparams-validate-perl: missing
  libdatetime-locale-perl: missing
  Using default version 1:0.45-1
  libdatetime-timezone-perl: missing
  Using default version 1:1.19-1+2010j
  libtest-exception-perl: missing
  libtest-warn-perl: missing

Note that I have not looked at the code in all detail and thus the patch
might break in other cases.

Regards,
Ansgar
From b9241c2d724d68399eb0d4923e109b1be503068f Mon Sep 17 00:00:00 2001
From: Ansgar Burchardt ans...@43-1.org
Date: Mon, 5 Jul 2010 17:35:27 +0900
Subject: [PATCH] Do not try other alternatives if installing default version is enough

When we encounter

  Build-Depends: pkg-a (= 2) | pkg-b (= 3)

and a lower version of pkg-a is already installed (or provided by
another package), sbuild would try to upgrade pkg-b as well.

This patch changes the behaviour of sbuild to not try satisfying
alternative dependencies if the dependency can be satisfied by
installing the default version.

Bug-Debian: http://bugs.debian.org/586275
Signed-off-by: Ansgar Burchardt ans...@43-1.org
---
 lib/Sbuild/InternalBuildDepSatisfier.pm |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/lib/Sbuild/InternalBuildDepSatisfier.pm b/lib/Sbuild/InternalBuildDepSatisfier.pm
index 335a03c..49f8e95 100644
--- a/lib/Sbuild/InternalBuildDepSatisfier.pm
+++ b/lib/Sbuild/InternalBuildDepSatisfier.pm
@@ -281,6 +281,8 @@ sub filter_dependencies {
 		return 0;
 		} else {
 		$builder-log(Using default version  . $policy-{$name}-{defversion} . \n);
+		$upgradeable = $name if !$upgradeable;
+		last;
 		}
 		$upgradeable = $name if !$upgradeable;
 	}
-- 
1.7.1

Bug#578259: more info needed

[Ansgar Burchardt]

tags 578259 - moreinfo
thanks

Hi,

Neil Williams codeh...@debian.org writes:

 To be able to work on this bug, we need to know which package (and
 version) generated this message.

Looking at the SVN commit logs, the problematic package should have been
libsvg-tt-graph-perl [1].  The 0.16 upstream release did contain a .git
directory which caused the message from the original bug report.

Regards,
Ansgar

[1] svn://svn.debian.org/pkg-perl/trunk/libsvg-tt-graph-perl r56415



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#589052: FTBFS: cross-dep with libtest-minimumversion-perl and libperl-minimumversion-perl

[Ansgar Burchardt]

forcemerge 589052 589051
severity 589052 normal
retitle 589052 libfile-find-rule-perl-perl: avoid indirect build-dep on itself
thanks

Mounaam moun...@gmail.com writes:

 Severity: serious
 Justification: no longer builds from source

The package from unstable builds fine in unstable. It is not a
release-critical bug if a package from unstable fails to build in
stable.

 can't backport from (testing) source following packages because of 
 cross-dependencies:
 - libtest-minimumversion-perl 0.101080 needs:
   libperl-minimumversion-perl (= 1.20)
   libfile-find-rule-perl-perl

 - libperl-minimumversion-perl 1.25 needs:
   libtest-minimumversion-perl (= 0.101080)
   libfile-find-rule-perl-perl (= 1.04)

 - libfile-find-rule-perl-perl 1.09 needs:
   libperl-minimumversion-perl (= 1.20)
   libtest-minimumversion-perl (= 0.008)

It should work just fine if you remove the build-dep on 
libtest-minimumversion-perl, libperl-minimumversion-perl in
libfile-find-rule-perl-perl.

I still agree that we should avoid (indirect) build-deps on itself.
In this case we can just stop running the author tests (or at least
t/99_pmv.t).

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#589133: xdg-email: 'xdg-email address' fails with awk error

[Ansgar Burchardt]

Package: xdg-utils
Version: 1.0.2+cvs20100307-1
Severity: normal
File: /usr/bin/xdg-email

Hi,

trying to send a mail via

  xdg-email address

fails with an error from awk:

  awk: line 15: regular expression compile failed (bad class -- [], [^] or [)
  [...@a-za-z0-9.-\\
  awk: line 15: syntax error at or near ]
  awk: line 17: syntax error at or near else
  awk: line 20: syntax error at or near }

Using a mailto-uri works, but still produces some error messages:

  test: 697: Illegal number: KDE Development Platform: 4.4.4 (KDE 4.4.4)
  test: 697: Illegal number: KDE Development Platform: 4.4.4 (KDE 4.4.4)
  test: 697: Illegal number: KDE Development Platform: 4.4.4 (KDE 4.4.4)

Regards,
Ansgar

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.34-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

xdg-utils depends on no packages.

Versions of packages xdg-utils recommends:
ii  chromium-browser [ww 5.0.375.99~r51029-3 Chromium browser
ii  file 5.04-4  Determines file type using magic
ii  iceweasel [www-brows 3.5.10-1Web browser based on Firefox
ii  konqueror [www-brows 4:4.4.4-1   KDE 4's advanced file manager, web
ii  mime-support 3.48-1  MIME files 'mime.types'  'mailcap
ii  shared-mime-info 0.71-3  FreeDesktop.org shared MIME databa
ii  x11-utils7.5+4   X11 utilities
ii  x11-xserver-utils7.5+1   X server utilities

Versions of packages xdg-utils suggests:
pn  gvfs-bin  none (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#589052: FTBFS: cross-dep with libtest-minimumversion-perl and libperl-minimumversion-perl

[Ansgar Burchardt]

Hi,

Mounaam moun...@gmail.com writes:

 On 14/07/2010 18:03, Ansgar Burchardt wrote:
 The package from unstable builds fine in unstable.
 How is it possible if none of an older version of these packages is
 already installed?

The older version is in unstable.  Just how you need a C compiler to
build a C compiler.

But of course this situation should be avoided if possible, so thanks
for you report.

 It is not a release-critical bug if a package from unstable fails to
 build in stable.
 I agree with that. I just used novice mode of reportbug tool and
 selected the more appropriate option without consideration about the
 used repository. Sorry for that.

No problem.  I just wanted to give a reason why I lowered the severity
of the report.

 I still agree that we should avoid (indirect) build-deps on itself.
 For libperl-minimumversion-perl it isn't enough.
 I think I found others (indirect) build-deps on itself:

 libtest-subcalls-perl
   needs libtest-minimumversion-perl

Used for author tests that we do not need to run.  The build-dep will be
removed in 1.09-2.

 libtest-script-perl
   needs libperl-minimumversion-perl
   and libtest-minimumversion-perl

Also for author tests.  Will be removed in 1.07-2.

There should still be some more cyclic build deps:

  Looking for cyclic build-dependencies for libtest-minimumversion-perl.
  [done] libtest-minimumversion-perl  libperl-minimumversion-perl  
libtest-script-perl: cyclic dependency on libtest-minimumversion-perl found.
  libtest-minimumversion-perl  libfile-find-rule-perl  
libtest-differences-perl  libtext-diff-perl: cyclic dependency on 
libtest-minimumversion-perl found.
  libtest-minimumversion-perl  libperl-minimumversion-perl  libppi-perl  
libfile-remove-perl: cyclic dependency on libtest-minimumversion-perl found.
  [done] libtest-minimumversion-perl  libperl-minimumversion-perl  
libppi-perl  libtest-subcalls-perl: cyclic dependency on 
libtest-minimumversion-perl found.
  libtest-minimumversion-perl  libperl-minimumversion-perl  libppi-perl  
libclass-inspector-perl: cyclic dependency on libtest-minimumversion-perl found.
  libtest-minimumversion-perl  libperl-minimumversion-perl  
libperl-critic-perl  libfile-which-perl: cyclic dependency on 
libtest-minimumversion-perl found.
  libtest-minimumversion-perl  libperl-minimumversion-perl  
libtest-script-perl  libprobe-perl-perl  libmodule-build-perl  
libarchive-zip-perl: cyclic dependency on libtest-minimumversion-perl found.

I guess it would be nice to get rid of all of them, but I am too lazy to
do so right now.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#578631: nfqueue-bindings: FTBFS with Perl 5.12: hardcoded perl paths

[Ansgar Burchardt]

tags 578631 + patch
thanks

Hi,

with the attached patch applied, the package builds with perl 5.12.1
from experimental.  This is the first time for me doing anything with
CMake, that is to say more elegant ways to fix this problem might
exist.

The directory $Config{archlibexp}/CORE is the same a ExtUtils::Embed's
perl_inc() would output (just without the -I flag).

Regards,
Ansgar
diff -u nfqueue-bindings-0.3/debian/changelog nfqueue-bindings-0.3/debian/changelog
--- nfqueue-bindings-0.3/debian/changelog
+++ nfqueue-bindings-0.3/debian/changelog
@@ -1,3 +1,9 @@
+nfqueue-bindings (0.3-1.1) UNRELEASED; urgency=low
+
+  * Get path for perl.h from perl's Config module. (Closes: #578631)
+
+ -- Ansgar Burchardt ans...@43-1.org  Sat, 17 Jul 2010 14:42:52 +0900
+
 nfqueue-bindings (0.3-1) unstable; urgency=low
 
   * New upstream release
only in patch2:
unchanged:
--- nfqueue-bindings-0.3.orig/FindPerlLibs2.cmake
+++ nfqueue-bindings-0.3/FindPerlLibs2.cmake
@@ -20,10 +20,6 @@
   /usr/lib
   )
 
-FIND_PATH(PERL_INCLUDE_PATH perl.h
-  ${PERL_POSSIBLE_INCLUDE_PATHS})
-
-
 FIND_PROGRAM(PERL_EXECUTABLE
   NAMES perl
   PATHS
@@ -33,6 +29,20 @@
 
 IF(PERL_EXECUTABLE)
   EXEC_PROGRAM(${PERL_EXECUTABLE}
+ARGS -e 'use Config; print \\$Config{archlibexp}/CORE\\n\;'
+OUTPUT_VARIABLE PERL_INCLUDE_PATH_VARIABLE
+RETURN_VALUE PERL_INCLUDE_PATH_RETURN_VALUE
+)
+  IF(NOT PERL_INCLUDE_PATH_RETURN_VALUE)
+SET(PERL_POSSIBLE_INCLUDE_PATHS ${PERL_INCLUDE_PATH_VARIABLE} ${PERL_POSSIBLE_INCLUDE_PATHS})
+  ENDIF(NOT PERL_INCLUDE_PATH_RETURN_VALUE)
+ENDIF(PERL_EXECUTABLE)
+
+FIND_PATH(PERL_INCLUDE_PATH perl.h
+  ${PERL_POSSIBLE_INCLUDE_PATHS})
+
+IF(PERL_EXECUTABLE)
+  EXEC_PROGRAM(${PERL_EXECUTABLE}
 ARGS -e 'use Config; print \$Config{libperl}, \\\n\'
 OUTPUT_VARIABLE PERL_LIBRARY_OUTPUT_VARIABLE
 RETURN_VALUE PERL_LIBRARY_RETURN_VALUE

Bug#578633: libtext-bibtex-perl: UNIVERSAL-import is getting deprecated with Perl 5.12.0

[Ansgar Burchardt]

tags 578633 + upstream fixed-upstream
thanks

Hi,

this issue was fixed upstream in the 0.44 release:

  Release 0.44 - 9 May, 2010
  --
  * RPath information on link - Thanks to Jens Rehsack
  * removed dependency on 'UNIVERSAL' as it is now built-in
(change for perl 5.12 deprecation)

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#577513: libdbd-sybase-perl: DBI/DBD internal version mismatch

[Ansgar Burchardt]

Hi,

Steve Langasek vor...@debian.org writes:

 I've been postponing dealing with this bug, hoping that someone in the
 Debian Perl Group would spontaneously provide a better interface for this
 than the current one.  The perl-dbdabi-* virtual package seems sensible
 enough, but I'm not happy about including external makefiles in my
 debian/rules.  Could you please provide a dh_* command for this that adds
 the value to the existing ${misc:Depends} variable?

A dh_perl_dbi command and a perl_dbi addon for dh have been included in
libdbi-perl_1.612-1.  They add the required dependency to
${perl:Depends} (which is already used by dh_perl).

See also /usr/share/doc/libdbi-perl/README.Debian.

 Also, why does libdbd-sybase-perl need to depend on *both* libdbi-perl *an*
 perl-dbdabi-*, given that the latter is provided by the former?  Depending
 on libdbi-perl looks quite redundant to me.

I took that from Perl XS modules without too much thinking: dh_perl
usually adds a dependency on both perlapi-* and perl.  But after
thinking some more, I agree with you: The case of XS modules is
different.  There perlapi-* is provided by perl-base, but many modules
require functionality from the perl package.

I will remove the unversioned dependency on libdbi-perl that dh_perl_dbi
generates in the next upload.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#457899: RFP: ubuntu-archive-keyring -- GnuPG keys of the Ubuntu archive

[Ansgar Burchardt]

Hi,

pbuilder started to pass the --keyring option to debootstrap when
creating a chroot environment [1].  This means it is not possible to
create a Ubuntu chroot environment (on Debian) without either grabbing
the ubuntu-archive-keyring from somewhere by hand or telling pbuilder to
not pass the --keyring option (possibly a security issue).

I think it would be beneficial to include the keyring package in the
Debian archive in the interest of the developers that care about both
Debian and Ubuntu.

Regards,
Ansgar

[1] http://bugs.debian.org/579028



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#583460: libmoose-policy-perl: FTBFS: tests failed

[Ansgar Burchardt]

Hi,

I just asked Florian about this bug and Moose-Policy is no longer
recommended and EOLed.  The package should be removed from Debian once
liblatex-table-perl stops using it [1].

Regards,
Ansgar

[1] https://rt.cpan.org/Public/Bug/Display.html?id=59519



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#589618: libdbd-anydata-perl: Please update to 0.110

[Ansgar Burchardt]

Package: libdbd-anydata-perl
Version: 0.09-2
Severity: serious
Tags: sid

Hi,

please update DBD::AnyData to version 0.110.  Older versions will not
work with DBI-1.612 that is now in Debian.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org