Bug#890723: RFS: slick-greeter/1.1.4-1
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "slick-greeter"
* Package name: slick-greeter
Version : 1.1.4-1
Upstream Author : Clement Lefebvre
* URL : https://github.com/linuxmint/slick-greeter/
* License : GPL-3+
Section : x11
It builds those binary packages:
slick-greeter - Slick-looking LightDM greeter
To access further information about this package, please visit the
following URL:
https://mentors.debian.net/package/slick-greeter
Alternatively, one can download the package with dget using this command:
dget -x
https://mentors.debian.net/debian/pool/main/s/slick-greeter/slick-greeter_1.1.4-1.dsc
Notes:
check-all-the-things has been run on the source. This time around on
the latest debian unstable it found an issue with
debian/upstream/metadata and this was resolved (see the changelog)
lintian -i -I --pedantic run on the built source. It is lintian free
with the exception of the
following information/pedantic issues;
testsuite-autopkgtest-missing - I don't believe a autopkgtest is
required for a greeter
no-upstream-changelog - upstream does not supply a changelog so I have
summarised the changes in the debian/changelog
debian-watch-does-not-check-gpg-signature - upstream do not sign their
release tarballs
built source compiles via pbuilder-dist on unstable - it has been
installed on unstable as well.
Changes since the last upload:
* New upstream release
- Build correctly with vala > 0.39
- Latest translations
- Reset config keys if not in slick config file
- Add multimonitor support when used with docking stations
- Fix failure to connect to user-session components
- Slick config component file changes
* Packaging Changes:
- Drop existing patches except for sans-schema-font.patch
- Add patch mint-master-unstable-19.patch
- debian/copyright 2018 year change and http --> https
- debian/{compat/control} debhelper v11
- debian/control Bump Standards-Version (no changes required)
- debian/upstream/metadata fix check-all-the-things warning
for missing document-start
- debian/rules remove override to remove broken symlink since this
symlink has now been removed in the source
Regards,
David Mohammed
Bug#890461: marked as done (RFS: igmpproxy/0.2.1-1)
Your message dated Sat, 17 Feb 2018 23:18:39 +0200 with message-id <20180217211839.GA14956@localhost> and subject line Re: Bug#890461: RFS: igmpproxy/0.2.1-1 has caused the Debian Bug report #890461, regarding RFS: igmpproxy/0.2.1-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 890461: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890461 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "igmpproxy" * Package name: igmpproxy Version : 0.2.1-1 Upstream Author : Pali Rohár * URL : https://github.com/pali/igmpproxy * License : BSD-3-clause and GPL-2+ Section : net It builds those binary packages: igmpproxy - IGMP multicast routing daemon To access further information about this package, please visit the following URL: https://mentors.debian.net/package/igmpproxy Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/i/igmpproxy/igmpproxy_0.2.1-1.dsc More information about igmpproxy can be obtained from https://github.com/pali/igmpproxy. Changes since the last upload: * New upstream release * Update Standards-Version to 4.1.3 * Update to debhelper 10 * Use https links in copyright Regards, Pali Rohár signature.asc Description: PGP signature --- End Message --- --- Begin Message --- On Wed, Feb 14, 2018 at 11:04:40PM +0100, Pali Rohár wrote: >... > Changes since the last upload: > > * New upstream release > * Update Standards-Version to 4.1.3 > * Update to debhelper 10 > * Use https links in copyright Thanks, uploaded. > Regards, > Pali Rohár cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed--- End Message ---
Bug#890712: Subject: RFS: wxmaxima/18.02.0-1
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "wxmaxima" * Package name: wxmaxima Version : 18.02.0-1 Upstream Author : [fill in name and email of upstream] * URL : [fill in URL of upstreams web site] * License : [fill in] Section : math It builds those binary packages: wxmaxima - GUI for the computer algebra system Maxima wxMaxima is a powerful GUI for Maxima, a program that is specialised in symbolic computing, but has powerful methods for numeric calculations, as well. One sample maxima session would read: (%i1) a^3+b^2+c=5; (%o1) c+b^2+a^3=5 (%i2) solve(%,a); (%o2) [a=((sqrt(3)*%i-1)*(-c-b^2+5)^(1/3))/2,a=-((sqrt(3)*%i+1)*(-c-b^2+5)^(1/3))/2,a=(-c-b^2+5)^(1/3)] (%i3) subst([b=3,c=2],%); (%o3) [a=-(6^(1/3)*(sqrt(3)*%i-1))/2,a=(6^(1/3)*(sqrt(3)*%i+1))/2,a=-6^(1/3)] (%i4) float(%); (%o4) [a=-0.9085602964160698*(1.732050807568877*%i-1.0),a=0.9085602964160698*(1.732050807568877*%i+1.0),a=-1.81712059283214] To access further information about this package, please visit the following URL: https://mentors.debian.net/package/wxmaxima Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/w/wxmaxima/wxmaxima_18.02.0-1.dsc More information about wxMaxima can be obtained from https://mentors.debian.net/package/wxmaxima. Changes since the last upload: * New upstream Version that tries to improve usability and speed of the program and contains many code simplification that try to reduce the number of places bugs can reside in, as well as > 100 bug fixes. Regards, Gunter Königsmann
Bug#890458: marked as done (RFS: udftools/2.0-2)
Your message dated Sat, 17 Feb 2018 22:57:32 +0200 with message-id <20180217205732.GA10530@localhost> and subject line Re: Bug#890458: RFS: udftools/2.0-1 has caused the Debian Bug report #890458, regarding RFS: udftools/2.0-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 890458: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890458 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "udftools" * Package name: udftools Version : 2.0-2 Upstream Author : Pali Rohár * URL : https://github.com/pali/udftools * License : GPL-2+ Section : otherosfs It builds those binary packages: udftools - tools for UDF filesystems and DVD/CD-R(W) drives To access further information about this package, please visit the following URL: https://mentors.debian.net/package/udftools Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/u/udftools/udftools_2.0-2.dsc More information about udftools can be obtained from https://github.com/pali/udftools. Changes since the last upload: * Fix installation in chroot (Closes: #890224) Regards, Pali Rohár signature.asc Description: PGP signature --- End Message --- --- Begin Message --- On Wed, Feb 14, 2018 at 11:00:06PM +0100, Pali Rohár wrote: >... > Changes since the last upload: > > * Fix installation in chroot (Closes: #890224) Thanks, uploaded. > Regards, > Pali Rohár cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed--- End Message ---
Bug#890681: RFS: gexiv2/0.10.8-1 -- GObject-based wrapper around the Exiv2 library
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "gexiv2" * Package name: gexiv2 Version : 0.10.8-1 Upstream Author : Jens Georg * URL : https://wiki.gnome.org/Projects/gexiv2 * License : GPL-2+ Section : libs It builds those binary packages: gir1.2-gexiv2-0.10 - GObject-based wrapper around the Exiv2 library - introspection data libgexiv2-2 - GObject-based wrapper around the Exiv2 library libgexiv2-dev - GObject-based wrapper around the Exiv2 library - development files libgexiv2-doc - GObject-based wrapper around the Exiv2 library - documentation To access further information about this package, please visit the following URL: https://mentors.debian.net/package/gexiv2 Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/g/gexiv2/gexiv2_0.10.8-1.dsc More information about gexiv2 can be obtained from https://wiki.gnome.org/Projects/gexiv2. Changes since the last upload: * New upstream version 0.10.8 * Drop Fix-documentation-typos.patch: applied upstream * Bump debhelper compat to 11 * Bump Standards-Version to 4.1.3. No changes needed. * Update symbols file * Build with meson. Static library is no longer built. * Update d/watch URL * Update Vcs fields for migration to https://salsa.debian.org/ * Add lintian override for python-package-missing-depends-on-python. The gir1.2-gexiv2-0.10 package contains gobject-introspection files and includes overrides for both Python 2 and 3. It cannot declare a dependency on Python because it's possible to use the introspection files from Python 2, or 3, or many other languages. Regards, Jason Crain
Bug#884816: Bug#890604: Can't reproduce vulnerability on latest packaged FA version
control: tags -1 +moreinfo +unreproducible Hi, As far a I know all the old vulnerabilities reported on debian bugtracker has been fixed in the package made available on mentors.debian.org page. Anyway, to be sure I have tried to reproduce this bug mentioned on new installation version to no avail. CSRF countermeasures implemented long time ago in response also to CVE cited seems to work as expected, so exploit code available (e.g. here: https://securitywarrior9.blogspot.fr/2018/02/cross-site-request-forgery-front.html) does not work, returning 'Request from outside of this page is forbidden.' in the json payload returned, with no changes in application data. Saying that, maybe still there are some additional conditions, which allow attacker to omit csrf token checks, not stated in the vulnerabilities reports, so I decied just to add moreinfo tag. I'm eager to fix the issue as soon as I can reproduce it. Janusz On 16.02.2018 17:22, Antoine Beaupre wrote: > Hi, > > I haven't reveiewed the package in details, but before this is accepted > into Debian, care should be taken to review the existing security > vulnerabilities that affect this package. > > For example, CVE-2018-7176 (bug #890604) currently affects the package > you are proposing to upload (2.4.3). It the package is uploaded as such, > you should clarify what the way forward is to fix that package. Either > it will be fixed in a subsequent release, or the package will have to be > marked as unsupported in Debian. > > https://security-tracker.debian.org/tracker/CVE-2018-7176 > > Thank you for your attention. > > A.
Bug#884816: RFS: frontaccounting/2.4.3-1 [ITA]
Control: tags -1 -moreinfo -unreproducible Could you please followup on the security issue in the actual bug report (#890604)? This is the RFS, and I doubt you meant to mark the sponsorship request as "unreproducible". :) That said, I'm just a messenger: I wanted to make sure you were aware of the security issues and considered it seriously. You might want to send the same message to the bug report, and CC secur...@debian.org to make sure the security issue is filed properly. Thanks! A. On 2018-02-17 11:59:51, Janusz Dobrowolski wrote: > control: tags -1 +moreinfo +unreproducible > > Hi, > > As far a I know all the old vulnerabilities reported on debian > bugtracker has been fixed in the package made available on > mentors.debian.org page. Anyway, to be sure I have tried to reproduce > the bug mentioned on new installation version to no avail. CSRF > countermeasures implemented long time ago in response also to CVE cited > seems to work as expected, so exploit code available (e.g. here: > https://securitywarrior9.blogspot.fr/2018/02/cross-site-request-forgery-front.html) > does not work, returning 'Request from outside of this page is > forbidden.' in the json payload returned, with no changes in application > data. > > Saying that, maybe still there are some additional conditions, which > allow attacker to omit csrf token checks, not stated in the > vulnerabilities reports, so moreinfo tag added. > > Janusz > > > > On 16.02.2018 17:22, Antoine Beaupre wrote: >> Hi, >> >> I haven't reveiewed the package in details, but before this is accepted >> into Debian, care should be taken to review the existing security >> vulnerabilities that affect this package. >> >> For example, CVE-2018-7176 (bug #890604) currently affects the package >> you are proposing to upload (2.4.3). It the package is uploaded as such, >> you should clarify what the way forward is to fix that package. Either >> it will be fixed in a subsequent release, or the package will have to be >> marked as unsupported in Debian. >> >> https://security-tracker.debian.org/tracker/CVE-2018-7176 >> >> Thank you for your attention. >> >> A. -- Drowning people Sometimes die Fighting their rescuers. - Octavia Butler
Bug#890666: RFS: mmh/0.3-3
Package: sponsorship-requests Severity: wishlist Dear mentors, I am looking for a sponsor for my package "mmh" * Package name : mmh Version : 0.3-3 Upstream Author : markus schnalke * Url : http://marmaro.de/prog/mmh/ * Licenses : BSD-3-clause Programming Lang : C Section : mail This is the mmh mail user agent (reader/sender), a command-line based mail reader that is powerful and extensible. mmh is an excellent choice for people who receive and process a lot of mail. . Unlike most mail user agents, mmh is not a single program, rather it is a set of programs that are run from the shell. This allows the user to utilize the full power of the Unix shell in coordination with mmh. . Mmh is a modified version of the electronic mail handling system nmh. Nmh (new MH) itself was originally based on the package MH-6.8.3, and was intended to be a (mostly) compatible drop-in replacement for MH. In contrast, mmh is not intended to be a drop-in replacement for nmh, rather mmh breaks compatibility to nmh in order to modernize and simplify it. It builds those binary packages: * mmh This package succesfully builds on debomatic machine: https://debomatic-i386.debian.net/distribution#unstable/mmh/0.3-3 Please note, that package is maintained with dgit(1) tool using dgit-maint-merge(7) workflow. For more information about how to sponsor this package, see dgit-sponsorship(7). Git repository: https://salsa.debian.org/iu-guest/mmh.git Git branch: master With /bin/sh following commands should suffice: $ git clone https://salsa.debian.org/iu-guest/mmh.git mmh $ cd mmh $ make -f debian/rules get-orig-source # 'gbp buildpackage' is fine $ dgit sbuild Changes since last upload: * Update Vcs-* fields in debian/control. * Compile with large file support * Update standards version to 4.1.3 (no changes needed) * Bump compat version to 11 (added explicit --no-parallel, since upstream build system does not use Automake and is not parallel-safe) * Remove useless build-dependency on dh-autoreconf, which is implied by debhelper (>= 10) * Fix incorrect reference to nmh in description * Replace generic BSD-3-clause with specific version from COPYRIGHT file in debian/copyright due request of upstream author. * Patch config/version.sh to not insert non-reproducible data into binaries Regards, Dmitry Bogatov
Bug#884816: RFS: frontaccounting/2.4.3-1 [ITA]
control: tags -1 +moreinfo +unreproducible Hi, As far a I know all the old vulnerabilities reported on debian bugtracker has been fixed in the package made available on mentors.debian.org page. Anyway, to be sure I have tried to reproduce the bug mentioned on new installation version to no avail. CSRF countermeasures implemented long time ago in response also to CVE cited seems to work as expected, so exploit code available (e.g. here: https://securitywarrior9.blogspot.fr/2018/02/cross-site-request-forgery-front.html) does not work, returning 'Request from outside of this page is forbidden.' in the json payload returned, with no changes in application data. Saying that, maybe still there are some additional conditions, which allow attacker to omit csrf token checks, not stated in the vulnerabilities reports, so moreinfo tag added. Janusz On 16.02.2018 17:22, Antoine Beaupre wrote: > Hi, > > I haven't reveiewed the package in details, but before this is accepted > into Debian, care should be taken to review the existing security > vulnerabilities that affect this package. > > For example, CVE-2018-7176 (bug #890604) currently affects the package > you are proposing to upload (2.4.3). It the package is uploaded as such, > you should clarify what the way forward is to fix that package. Either > it will be fixed in a subsequent release, or the package will have to be > marked as unsupported in Debian. > > https://security-tracker.debian.org/tracker/CVE-2018-7176 > > Thank you for your attention. > > A.
Bug#890648: RFS: fcitx-imlist/0.5.1-2
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "fcitx-imlist" Package name: fcitx-imlist Version : 0.5.1-2 Upstream Author : Kentaro Hayashi URL : https://github.com/kenhys/fcitx-imlist License : GPL-2+ Section : utils It builds those binary packages: fcitx-imlist - Command-line utility to switch list of Fcitx IM To access further information about this package, please visit the following URL: http://mentors.debian.net/package/fcitx-imlist Alternatively, one can download the package with dget using this command: dget -x http://mentors.debian.net/debian/pool/main/f/fcitx-imlist/fcitx-imlist_0.5.1-2.dsc More information about hello can be obtained from https://github.com/kenhys/fcitx-imlist Changes since the last upload: fcitx-imlist (0.5.1-2) unstable; urgency=medium * debian/control - Bump debhelper version to 11. - Remove useless autoreconf build dependency to autotools-dev. - Bump Standards version to 4.1.3. no other changes are required. * debian/rules - Remove needless --with autotools_dev since debhelper 9.20160115. * debian/compat - Bump debhelper version to 11. Regards, pgpG1iGTYS8_h.pgp Description: PGP signature
