Re: unblock request for jesred 1.2pl1-16: fix for grave #505199
On Tue, Nov 11, 2008 at 11:08:24AM +1000, Alexander Zangerl wrote: [EMAIL PROTECTED] found out today that jesred doesn't work with squid 3 at all, only squid 2.x. the cause is that squid 3 changed the format of redirector messages sent to things like jesred. Unblocked. Neil -- * Tolimar votes for debconf7 to be somewhere where he speaks the language. Tolimar That would a veto for switzerland ;) Ganneff Tolimar: that also vetos germany signature.asc Description: Digital signature
Re: please unblock phatch 0.1.6-1
.dropbox is something dropbox is appereantly creating in all my folders. It entered the tarball as I did bzr add locale as a lot of new translations were added. I'll remove in the next tarball. Unfortunately I forgot to update the internal version number. It stills displays 0.1.5 although it is already 0.1.6 I'll try to fix it this week. Stani On Mon, Nov 10, 2008 at 1:53 PM, Neil McGovern [EMAIL PROTECTED] wrote: On Mon, Nov 10, 2008 at 01:20:18PM +0100, Piotr Ożarowski wrote: [Neil McGovern, 2008-11-10] On Sun, Nov 09, 2008 at 10:10:43PM +0100, Piotr Ożarowski wrote: Please unblock phatch 0.1.6-1. What's: locale/.dropbox? hmm, it looks like serialized empty dictionary. It's probably a leftover from some kind of local test Stani forgot to remove. Anyway, it's not installed nor used. Unblocked. Neil -- Sp3ct0L|ZcC dou you speak frensh ? -!- Sp3ct0L|ZcC [EMAIL PROTECTED] has quit [autokilled: This host violated network policy. If you feel an error has been made, please contact [EMAIL PROTECTED], thanks. (2006/10/30 17.06)] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJGC7K97LBwbNFvdMRAqGyAJ4mo쨙墹麫降䴱큫촠ঠ� IKWj2NXpaPEg8k6gqFnGFto= =izu5 -END PGP SIGNATURE- -- Phatch Photo Batch Processor - http://photobatch.stani.be SPE Python IDE - http://pythonide.stani.be
Re: acpid: new upstream version
Michael Meskes wrote: Hi, there is a new upstream version available that fixes some bugs in the source code like unchecked errors. Here's a complete list: As you can see there only two features, logevent and pidfile but quite some fixes. So the question is shall we backport the bug fixes to 1.0.6 or do you accept 1.0.8 for Lenny? The interdiff is attached, don't worry about the size, most of it is documentation. Please upload 1.0.8 and contact us again once it's uploaded and ready to be unblocked. Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Another round of GNOME unblock requests
Josselin Mouette wrote: Le vendredi 31 octobre 2008 à 11:12 +0100, Marc 'HE' Brockschmidt a écrit : update-notifier (0.70.7.debian-5) unstable; urgency=low Will look later, have no time right now· Ping ? unblocked in the meantime. Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please unblock dokuwiki 0.0.20080505-3.1
Giuseppe Iuculano wrote: Hello, Please let dokuwiki 0.0.20080505-3.1 in lenny, it fixes one security bug. unblocked cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Unblock request for loadlin/1.6c.really1.6c.nobin-1
Samuel Thibault wrote: Hello, I have uploaded a new version of loadlin that fixes its RC bugs, could you please let it go to testing? unblocked Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please unblock awn-extras-applets 0.2.6-4
Julien Lavergne wrote: Hi, I uploaded awn-extras-applets 0.2.6-4 in unstable I would like to see it in Lenny also, as it fix many issues on the package. unblocked Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: please allow phpldapadmin/1.1.0.5-5
Thijs Kinkhorst wrote: Hi, Please allow phpldapadmin/1.1.0.5-6 into lenny. The changes with current lenny are two new translations, and a trivial fix for an important usability problem: #489887. The bug fix has been in unstable since 3 months without new problems. The changelog is pasted below. unblocked Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Adding D-Link DNS-323 support in a stable update of lenny
Martin Michlmayr wrote: Matthew Palmer has recently created patches that add support for the If so, it would be nice to hint dns323-firmware-tools into lenny because we'll need this package to generate installer images for the DNS-323. The manpage has '-c' for model on one place and '-m' in another place, I guess it's a copy/paste error? The executable uses /tmp/ctl_header which is a risk for a symlink attack AFAIK. It might be good to fix these two issues, then I won't have any objection with including it in lenny. Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug#503859: ExtensionClass completely broken with python 2.5
Hi, Chris Lamb wrote: I fixed a couple of segfaults that evening, but I hit one that eluded me and went to sleep. The code is extremely brittle - I wonder whether we should not just go with a newer upstream. Alternatively - Thomas, did you look already whether the rdepends actually use this package? I remember at least qmtest had some pointless Build-Depends which I NMU'd away before, and--if the other packages are not failing to build--it is unlikely that they are actually using ExtensionClass given the level of fail there. IMO it is critical not to have epydoc segfault (should probably get a Conflicts: even when python-extclass is removed). python-extclass as is seems useless: Even when fixed, which software would sanely use this? None, because any reasonable software would expect a reasonable version of it (except that Zope - the extclass upstream - label extclass as obsolete since python 2.2 anyways). Fixing zorp would amount to converting the extension module's python class to new style classes. I don't know how difficult this exactly is, but it is an opportunity to introduce bugs (don't know why upstream did not do that yet). Having a firewall that depends on the current extclass does not look attractive, either, though. I'm not sure qmtest should need the extensionclasses (not listed on upstream page with prequisites[1]). To me it seems completely reasonable to throw out both reverse depends: qmtest has never been released and zorp is not exactly maintained or popular. Kind regards T. 1. http://www.codesourcery.com/qmtest/2.4/download.html -- Thomas Viehmann, http://thomas.viehmann.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: approval for planned upload of policyd-weight 0.1.14.17-5
On Tue, Nov 11, 2008 at 03:41:21PM +0100, Jan Wagner wrote: Hi Neil, On Tuesday 11 November 2008, Neil McGovern wrote: On Tue, Nov 11, 2008 at 01:53:50PM +0100, Jan Wagner wrote: * Remove multi.surbl.org from default DNSBL list, since they changed their policy and restricted the use of it, see http://www.surbl.org/usage-policy.html That would be fine, but I'd also suggest a README addition saying that it's been removed. what about the attached diff? :) All ok, please upload and ping when it's approaching time for an unblock. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 signature.asc Description: Digital signature
Unblock request: recite 1.0-8.2
Hi, Please unblock recite 1.0-8.2. Fixes bug #504905 which is a real fix for RC bug #504200 rather than my work-around. Here is a debdiff of the upload: diff -u recite-1.0/debian/changelog recite-1.0/debian/changelog --- recite-1.0/debian/changelog +++ recite-1.0/debian/changelog @@ -1,3 +1,11 @@ +recite (1.0-8.2) unstable; urgency=medium + + * Non-maintainer upload. + * Real fix for segfaults on out-of-bounds. (Closes: #504905). ++ Thanks to Peter De Wachter for the patch. + + -- Barry deFreese [EMAIL PROTECTED] Tue, 11 Nov 2008 11:14:24 -0500 + recite (1.0-8.1) unstable; urgency=medium * Non-maintainer upload. diff -u recite-1.0/phonemes/rules.c recite-1.0/phonemes/rules.c --- recite-1.0/phonemes/rules.c +++ recite-1.0/phonemes/rules.c @@ -235,6 +235,11 @@ } if (ph = FRICATIVES_END) { + *offset = ph - FRICATIVES_START; + return FRICATIVE_TYPE; + } + if (ph = PLOSIVES_END) + { *offset = ph - PLOSIVES_START; return PLOSIVE_TYPE; } Thank you, Barry deFreese -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Release Freeze Exception for Ampache-3.4.1-2
Charliej wrote: Release Team, Would you please grant a Release Freeze Exception for ampache-3.4.1-2 as this upload fixes several bugs which deal with security issues, and is a bug fix only upload. Bug #504169 - RC CVE-2008-4796: missing input sanitising in Snoopy.class.php Bug #496369 - Normal The possibility of attack with the help of symlinks in some Debian packages unblocked Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
freeze exceptions for texlive-extra
Hi all, I would like to ask again for freeze exceptions for texlive-extra, which is another cleanup release due to licensing checks done by Robin Fairbairns (CTAN Team). In this course I re-added a file (tkalender.sty) that was removed in -8 after Robin's decision to tag it non-free, and Karl Berry's removal of this file of TeX Live. After that I checked the (German) license text and it is free, which has already been changed in the TeX Catalogue by Robin again, and reincluded in TeX Live (upstream) by Karl. The others are removals following upstream TeX Live for packages where the licenses are either nonfree (nosell) or no info at all is present and author not trackable. texlive-extra (2007.dfsg.9-1) unstable; urgency=medium This release fixes an RC bug by removing non free stuff, so new orig.tar is needed, and urgency medium. * blacklist cirth, it has a nosell license (Closes: #504731) * reintroduce kalender (removed in last release), it was retagged as free-other in the catalogue, German license text was misunderstood. * blacklist progkeys, no license information is known and author unfindable (no bug, but RC) * blacklist calligra, removed upstream, license noinfo, original author unknown (no bug, but RC) Thanks a lot for consideration. Best wishes Norbert --- Dr. Norbert Preining [EMAIL PROTECTED]Vienna University of Technology Debian Developer [EMAIL PROTECTED] Debian TeX Group gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094 --- ARTHUR It's not a question of whose habitat it is, it's a question of how hard you hit it. --- Arthur pointing out one of the disadvantages of gravity, --- Fit the Tenth. --- Douglas Adams, The Hitchhikers Guide to the Galaxy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please let gnash 0.8.4 into Lenny
2008/11/11 Luk Claes [EMAIL PROTECTED]: Please explain why releasing 0.8.3 would be a mistake and why 0.8.4 solves that? It's just impossible to review such a big diff that targeted fixes are preferred in general... I know the diff is quite big, the current release cycle for Gnash is 6 months and there is a lot of work among different versions, as there are many people are working on it. It sounds a bit strange that you won't accept responsability while you didn't explain why 0.8.3 is not worth releasing. I can assure you that nothing is lost already and that I try to be reasonable. This is the list of improvements since 0.8.3: * Keep Adobe happy with our users and our users happy with us by changing Flash player into SWF player everywhere. Adobe claims Flash as a trademark and had asked a Linux distributor to fix it. * The popular SWF Twitter badge now renders correctly. * Fix parsing of urls containing multiple question marks * Fix support for movies embedding multiple sound streams * Support for loading PNG and GIF images added. * Improved rendering of SWF movies because of the less visible changes listed below. * Support for writing RGB/RGBA PNG images and JPEG images. * Works with Potlatch OpenStreetMap editor * New 'flvdumper' utility for analyzing FLV video files. * XPI packaging support for Mozilla Firefox. Gnash is much more stable now, regressions in video playback in 0.8.3 have been fixed, and Youtube now works fine. It'll hurt more to ship Gnash 0.8.3 with 8.2.0 than Gnash 0.8.4 RC1 [3] [1] http://lists.gnu.org/archive/html/gnash/2008-10/msg2.html [2] http://www.sfr-fresh.com/unix/www/gnash-0.8.4.tar.gz:a/gnash-0.8.4/NEWS [3] http://n2.nabble.com/Fwd:-ship-Gnash-0.8.4-RC1-in-OLPC-8.2.0--td1322121.html On the other side, as there are no reverse dependencies on Gnash (at least that I'm aware of), no other packages would be affected by the change. Greetings, Miry -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Request freeze exception for opendict-0.6.3-3
Kęstutis Biliūnas wrote: Dear release managers, I'd like to request a freeze exception for opendict-0.6.3-3 to allow it to migrate into testing. The changelog is: unblocked Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Some more security hinting
* Adeodato Simó [Wed, 29 Oct 2008 22:58:58 +0100]: * Moritz Muehlenhoff [Sun, 26 Oct 2008 12:03:03 +0100]: On 2008-10-20, Luk Claes [EMAIL PROTECTED] wrote: - My NMU for imagemagick/7:6.3.7.9.dfsg1-2.1 is blocked since djvulibre in sid is more recent. Can that be fixed by a binNMU inside Lenny? already unblocked by dato But the PTS says for imagemagick: * [71]Depends: imagemagick djvulibre (not considered) And djvulibre isn't unblocked. That's unfortunate. Could you perhaps re-upload to t-p-u as 7:6.3.7.9.dfsg1-2.1~lenny1 or equivalent? Moritz, any update on this? Is it better if somebody else uploads? -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org There is no man so good who, were he to submit all his thoughts to the laws, would not deserve hanging ten times in his life. -- Michel de Montaigne -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Upload of inkscape_0.46-3 to t-p-u ? (was Re: [inkscape] Impossible to change font if ttf-bitstream-vera is not installed.)
Charles Plessy wrote: Le Mon, Oct 27, 2008 at 04:47:26PM +0100, Thomas Viehmann a écrit : Charles Plessy wrote: Many thanks Thomas for the patch. I have forwarded it Upstream for review, in case we can get an official blessing before releasing with the patch. In the absence of a timely answer, I will upload on DELAYED with a waiting time that leaves next weekend for Wolfram to react. Hi all, Wolfram (the maintainer) actually prepared a fix that was sponsored, which will be unfortunately prevented from migrating to Lenny because of cairomm. I contacted him about this issue but did not get answer yet. Would everybody agree if I sent version 0.46-3 build against Lenny on testing-proposed-updates? The debdiff is attached to this email. It fixes the font issue, plus a problem with Chinese localisation (that I have not studied at all): Yes, please upload. Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: RFC: upload of emacspeak
Kumar Appaiah wrote: Dear Release managers, I have prepared a fixed version of emacspeak for testing, with a bug fix for the symlink attacks as well as a piuparts fix by Christian Perrier. I have tried to contact the maintainer, James, but he has not been responsive. The reason why I was unprepared to upload this is because I have no means to test this package. However, a friendly non-Debian emacspeak user was kind enough to run test the patched program and review the patch for me, so I have an upload ready. So, please answer the following: Being fully aware that I don't use this package, but have an interest in seeing this in Lenny, would you allow me to upload this package? (If someone else does it, I'll be more than happy!). The reason I want this to be in Lenny is because I believe several of our visually challenged users would find this software useful. I have attached the proposed patch, for review. Again, if someone else comes forward, I'd be more than happy to let them take over. Please upload. Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: proposed fix for lilo RC bug
Paul Wise wrote: On Sun, Nov 2, 2008 at 11:52 PM, Adeodato Simó [EMAIL PROTECTED] wrote: I spoke with Paul on IRC about this. He'll made a second upload to address that this part: Uploaded lilo 22.8-6.2, thanks for the review. unblocked -6.4 Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please unblock pyopengl 3.0.0~b6
Josselin Mouette wrote: Le mardi 11 novembre 2008 à 11:19 +0100, Luk Claes a écrit : Josselin Mouette wrote: Well, it still crashes here when navigating in the history. What's the status about this? Is the status-quo the best option for now? I’m not going to re-enable 3D support in glchess as long as I can get it to crash so easily. I have tried a few other applications based on pyopengl and they seemed less likely to crash in the first minute, so 3.0.0~b6 may be actually fit for the release. In all cases I can confirm upgrading from b3 to b6 fixes #498403 so I’d recommend unblocking it or at least re-uploading 3.0.0~b3-2 to t-p-u. Ok, please re-upload 3.0.0~b3-2 to t-p-u if you want to have this fixed in lenny. Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: pre-upload approval (Bug#489007: ttf-liberation looks ugly)
Hi, On Monday 27 October 2008 22:16, Adeodato Simó wrote: I'm fairly sure that the bug report and fix are valid, considering how picky and fanatic quite many people are about fonts :-) So far I got one reply from a user saying that indeed all fonts look nice now :) Ok, please upload and ping us back when uploaded. pung. regards, Holger pgprme3MDnrQe.pgp Description: PGP signature
Re: Freeze exception for libg3d
Sven Eckelmann wrote: On Saturday 08 November 2008 14:59:22 you wrote: It is not such a big hassle for me to remove that specific change. What version number should I choose? 0.0.6-3lenny1? Sry, I meant 0.0.6-1+lenny1 current suggested changes would be: libg3d (0.0.6-1+lenny1) testing-proposed-updates; urgency=low * Fix lintian warnings - Only call distclean when a makefile is present - Add standard depends to fix missing depend on libc - Add watch file * Promote libg3d-plugins to Recommends for libg3d0 * Include /usr/share/quilt/quilt.make in debian/rules to manage patches and add quilt (= 0.40) to Build-Depends. * Fix reading of filetypes with floats on big endian systems (Closes: #501809) * Add homepage to control file * Move copyright to new copyright format * Add Vcs informations to debian/control * Add myself to Uploaders list as discussed with Timo Schneider * Only depend on libglib2.0-dev in -dev packages -- Sven Eckelmann [EMAIL PROTECTED] Sun, 09 Nov 2008 02:06:42 +0100 (only symbol file related stuff would be removed). Please upload to unstable removing only the symbol file related stuff, TIA. Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug#503859: ExtensionClass completely broken with python 2.5
Luk Claes wrote: What's the status? I fixed a couple of segfaults that evening, but I hit one that eluded me and went to sleep. The code is extremely brittle - I wonder whether we should not just go with a newer upstream. Alternatively - Thomas, did you look already whether the rdepends actually use this package? I remember at least qmtest had some pointless Build-Depends which I NMU'd away before, and--if the other packages are not failing to build--it is unlikely that they are actually using ExtensionClass given the level of fail there. Regards, -- ,''`. : :' : Chris Lamb `. `'` [EMAIL PROTECTED] `- signature.asc Description: PGP signature
Re: approval for planned upload of policyd-weight 0.1.14.17-5
On Tue, Nov 11, 2008 at 01:53:50PM +0100, Jan Wagner wrote: * Remove multi.surbl.org from default DNSBL list, since they changed their policy and restricted the use of it, see http://www.surbl.org/usage-policy.html That would be fine, but I'd also suggest a README addition saying that it's been removed. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 signature.asc Description: Digital signature
Re: Adding D-Link DNS-323 support in a stable update of lenny
On Tue, Nov 11, 2008 at 06:01:07PM +0100, Luk Claes wrote: Martin Michlmayr wrote: Matthew Palmer has recently created patches that add support for the If so, it would be nice to hint dns323-firmware-tools into lenny because we'll need this package to generate installer images for the DNS-323. The manpage has '-c' for model on one place and '-m' in another place, I guess it's a copy/paste error? Whups. As you suggest, that's a copy-paste error. The executable uses /tmp/ctl_header which is a risk for a symlink attack AFAIK. Heh, it's even worse than that -- it's debugging output I didn't properly notate and clean before I made ready for the release. Fixed. It might be good to fix these two issues, then I won't have any objection with including it in lenny. I'll upload a new version as soon as I've got 'net access again in an hour or so. - Matt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please hint to unblock ttf-vlgothic (20081029-1)
Osamu Aoki wrote: Hi, If Hideki Yamane [EMAIL PROTECTED] does not object, I would like to request to unblock ttf-vlgothic (20081029-1) font package. Althought it is marked as new upstream release, this is a font package and these updates are limitted to character shape (gliph) data corrections and adding missing fonts. (This is THE font to use for Japanese thus important to have correct data.) These data error and missing characters can have a major effect on the usability of a package, without rendering it completely unusable to everyone. Important bugs. unblocked Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please unblock pyopengl 3.0.0~b6
Josselin Mouette wrote: Le jeudi 23 octobre 2008 à 16:26 +0200, Torsten Marek a écrit : Hi, I've just uploaded python-opengl 3.0.0~b6 to unstable. glchess seems to work, at least I could play a couple of moves without crashes, and my own test scripts ran through as well. Well, it still crashes here when navigating in the history. What's the status about this? Is the status-quo the best option for now? Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
approval for planned upload of policyd-weight 0.1.14.17-5
Dear release team, could you please review the changes for policyd-weight 0.1.14.17-5, which I plan to upload to unstable and state if it could be considered for unblock it for lenny? The diff is attached and the changelog follows: policyd-weight (0.1.14.17-5) unstable; urgency=low * Remove multi.surbl.org from default DNSBL list, since they changed their policy and restricted the use of it, see http://www.surbl.org/usage-policy.html Thanks and with kind regards, Jan. Index: debian/policyd-weight/tags/0.1.14.17-5/debian/changelog === --- debian/policyd-weight/tags/0.1.14.17-5/debian/changelog (revision 1567) +++ debian/policyd-weight/tags/0.1.14.17-5/debian/changelog (revision 1619) @@ -1,2 +1,10 @@ +policyd-weight (0.1.14.17-5) unstable; urgency=low + + * Remove multi.surbl.org from default DNSBL list, since they changed their +policy and restricted the use of it, see +http://www.surbl.org/usage-policy.html + + -- Jan Wagner [EMAIL PROTECTED] Tue, 11 Nov 2008 13:21:18 +0100 + policyd-weight (0.1.14.17-4) unstable; urgency=low Index: debian/policyd-weight/tags/0.1.14.17-5/debian/patches/03_remove_SURBL.dpatch === --- debian/policyd-weight/tags/0.1.14.17-5/debian/patches/03_remove_SURBL.dpatch (revision 1619) +++ debian/policyd-weight/tags/0.1.14.17-5/debian/patches/03_remove_SURBL.dpatch (revision 1619) @@ -0,0 +1,18 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 03_remove_SURBL.dpatch by Jan Wagner [EMAIL PROTECTED] +## +## DP: Remove SURBL, since they changed their usage policy, +## DP: see http://www.surbl.org/usage-policy.html + [EMAIL PROTECTED]@ +diff -urNad policyd-weight-0.1.14.17~/policyd-weight policyd-weight-0.1.14.17/policyd-weight +--- policyd-weight-0.1.14.17~/policyd-weight 2008-11-11 13:16:08.0 +0100 policyd-weight-0.1.14.17/policyd-weight 2008-11-11 13:17:28.0 +0100 +@@ -387,7 +387,6 @@ + + ## RHSBL settings + my @rhsbl_score = ( +-'multi.surbl.org', 4,0,'SURBL', + 'rhsbl.ahbl.org', 4,0,'AHBL', + 'dsn.rfc-ignorant.org',3.5, 0,'DSN_RFCI', + 'postmaster.rfc-ignorant.org', 0.1, 0,'PM_RFCI', Index: debian/policyd-weight/tags/0.1.14.17-5/debian/patches/00list === --- debian/policyd-weight/tags/0.1.14.17-5/debian/patches/00list (revision 1567) +++ debian/policyd-weight/tags/0.1.14.17-5/debian/patches/00list (revision 1619) @@ -1,2 +1,3 @@ 01_change_lockpath.dpatch 02_remove_dsbl.dpatch +03_remove_SURBL.dpatch signature.asc Description: This is a digitally signed message part.
Re: mxallowd: Put 1.6b-2 into lenny because of bugs in 1.6a
Michael Stapelberg wrote: Hi releaseteam, Could you please integrate mxallowd 1.6b-2 from unstable (currently in incoming.debian.org) to lenny? It fixes the following important bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503408 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503409 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502744 So, in short, the version currently in lenny (1.6a) would fail when installing/upgrading non-interactively. unblocked Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please let gnash 0.8.4 into Lenny
Miriam Ruiz wrote: Hi, Could you possibly remove the blocker for gnash for Lenny? It would be much better if 0.8.4 could get into Lenny, it has lots of improvements, youtube works again and there are no reverse dependencies. 1184 files changed, 189823 insertions(+), 171010 deletions(-) I won't unblock this, though if you can point to targeted fixes we might consider them. Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: drupal6: please allow transition to lenny, fixes security issues
Moritz Muehlenhoff wrote: Luigi Gangitano wrote: You mean replacing drupal5 with drupal6 for Lenny or adding drupal6 on top? Both options would be good. If I had to select one version for the next stable release I'd opt for drupal6, since upstream will support it until two more major release are made. drupal5 will be out of support at next major release. Since support for drupal 5 will need to be provided until (squeeze release date + 1 year), I'd recommend to include drupal6 only. Especially given the fact that Drupal wasn't in Etch, so it's a fresh start. hints added for removal of drupal5 and addition of drupal6 to lenny. Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please unblock ttf-atarismall, ttf-goudybookletter, ttf-okolaks,,ttf-radisnoir, ttf-tiresias
Andrew Starr-Bochicchio wrote: Fixes for bug #502707 [1] (Severity: serious) have been uploaded to unstable for ttf-atarismall, ttf-goudybookletter, ttf-okolaks,,ttf-radisnoir, and ttf-tiresias. It is a trivial fix, adding a depend on defoma. All unblocked Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: please allow mailman/1:2.1.11-5
* Thijs Kinkhorst [Tue, 11 Nov 2008 16:53:14 +0100]: Hi, Hello, Please allow mailman/1:2.1.11-5 to fix a release critical bug. Adeodato already unblocked -4 for this bug, but another upload was necessary to handle a special case in the init script. Changelog below. mailman (1:2.1.11-5) unstable; urgency=high * Make init script also cope with non-specified site list. -- Thijs Kinkhorst [EMAIL PROTECTED] Sun, 09 Nov 2008 11:26:46 +0100 I reviewed -5 the other day already, and had some concerns. Good thing you wrote. Though I now see some of them are not a regression. SITE_LIST=$( grep '^MAILMAN_SITE_LIST' /etc/mailman/mm_cfg.py | cut -d' -f 2 ) That cut is smelly; what if double quotes are used? (It is a Python file, right?) I'd go, in case you care, for: SITE_LIST=$( sed -rne s/^[[:space:]]*MAILMAN_SITE_LIST[[:space:]]*=[[:space:]]*(['\])([^'\]+)\\1/\\2/p /etc/mailman/mm_cfg.py ) (It breaks if the name contains a quote.) [ -z $SITE_LIST ] SITE_LIST='mailman' AFAIK that fails with `set -e`. You need: [ -n $SITE_LIST ] || SITE_LIST='mailman' if [ $(/var/lib/mailman/bin/list_lists -b | grep ^${SITE_LIST}$ ) = ]; then Just cosmetic, but while we're in the review business, again if you care to change: if ! /var/lib/mailman/bin/list_lists -b | grep -q ^${SITE_LIST}$; then Anyway, only the `set -e` bit is important, please upload to fix at least that one. HTH, -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org Listening to: James Blunt - Where Is My Mind -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please unblock parenscript_20061003-2
Luca Capello wrote: Hi there! Please Cc: me, I'm not subscribed to the list. NB, parenscript_20061003-2 was uploaded less than 10 days ago, nevertheless I'm already asking for its unblock in order to not forget it :-) unblocked Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: pre-upload approval (Bug#489007: ttf-liberation looks ugly)
Holger Levsen wrote: Hi, On Monday 27 October 2008 22:16, Adeodato Simó wrote: I'm fairly sure that the bug report and fix are valid, considering how picky and fanatic quite many people are about fonts :-) So far I got one reply from a user saying that indeed all fonts look nice now :) Ok, please upload and ping us back when uploaded. pung. unblocked Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: approval for planned upload of policyd-weight 0.1.14.17-5
Hi Neil, On Tuesday 11 November 2008, Neil McGovern wrote: On Tue, Nov 11, 2008 at 01:53:50PM +0100, Jan Wagner wrote: * Remove multi.surbl.org from default DNSBL list, since they changed their policy and restricted the use of it, see http://www.surbl.org/usage-policy.html That would be fine, but I'd also suggest a README addition saying that it's been removed. what about the attached diff? :) Thanks and with kind regards, Jan. -- Never write mail to [EMAIL PROTECTED], you have been warned! -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT d-- s+: a- C+++ UL P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++ --END GEEK CODE BLOCK-- Index: debian/policyd-weight/tags/0.1.14.17-5/debian/changelog === --- debian/policyd-weight/tags/0.1.14.17-5/debian/changelog (revision 1567) +++ debian/policyd-weight/tags/0.1.14.17-5/debian/changelog (revision 1622) @@ -1,2 +1,11 @@ +policyd-weight (0.1.14.17-5) unstable; urgency=low + + * Remove multi.surbl.org from default DNSBL list, since they changed their +policy and restricted the use of it, see +http://www.surbl.org/usage-policy.html + * add NEWS.Debian with informations about removed blocking lists + + -- Jan Wagner [EMAIL PROTECTED] Tue, 11 Nov 2008 13:21:18 +0100 + policyd-weight (0.1.14.17-4) unstable; urgency=low Index: debian/policyd-weight/tags/0.1.14.17-5/debian/patches/03_remove_SURBL.dpatch === --- debian/policyd-weight/tags/0.1.14.17-5/debian/patches/03_remove_SURBL.dpatch (revision 1619) +++ debian/policyd-weight/tags/0.1.14.17-5/debian/patches/03_remove_SURBL.dpatch (revision 1619) @@ -0,0 +1,18 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 03_remove_SURBL.dpatch by Jan Wagner [EMAIL PROTECTED] +## +## DP: Remove SURBL, since they changed their usage policy, +## DP: see http://www.surbl.org/usage-policy.html + [EMAIL PROTECTED]@ +diff -urNad policyd-weight-0.1.14.17~/policyd-weight policyd-weight-0.1.14.17/policyd-weight +--- policyd-weight-0.1.14.17~/policyd-weight 2008-11-11 13:16:08.0 +0100 policyd-weight-0.1.14.17/policyd-weight 2008-11-11 13:17:28.0 +0100 +@@ -387,7 +387,6 @@ + + ## RHSBL settings + my @rhsbl_score = ( +-'multi.surbl.org', 4,0,'SURBL', + 'rhsbl.ahbl.org', 4,0,'AHBL', + 'dsn.rfc-ignorant.org',3.5, 0,'DSN_RFCI', + 'postmaster.rfc-ignorant.org', 0.1, 0,'PM_RFCI', Index: debian/policyd-weight/tags/0.1.14.17-5/debian/patches/00list === --- debian/policyd-weight/tags/0.1.14.17-5/debian/patches/00list (revision 1567) +++ debian/policyd-weight/tags/0.1.14.17-5/debian/patches/00list (revision 1619) @@ -1,2 +1,3 @@ 01_change_lockpath.dpatch 02_remove_dsbl.dpatch +03_remove_SURBL.dpatch Index: debian/policyd-weight/tags/0.1.14.17-5/debian/NEWS === --- debian/policyd-weight/tags/0.1.14.17-5/debian/NEWS (revision 1621) +++ debian/policyd-weight/tags/0.1.14.17-5/debian/NEWS (revision 1621) @@ -0,0 +1,10 @@ +policyd-weight (0.1.14.17-5) unstable; urgency=low + + The following blocking lists was removed due various reasons: + + * list.dsbl.org + Shut down - http://dsbl.org/node/3 + * multi.surbl.org + Policy Change - http://www.surbl.org/usage-policy.html + + -- Jan Wagner [EMAIL PROTECTED] Tue, 11 Nov 2008 15:32:49 +0100 Index: debian/policyd-weight/tags/0.1.14.17-5/debian/README.Debian === --- debian/policyd-weight/tags/0.1.14.17-5/debian/README.Debian (revision 1567) +++ debian/policyd-weight/tags/0.1.14.17-5/debian/README.Debian (revision 1620) @@ -15,5 +15,4 @@ and -'multi.surbl.org', 4,0,'SURBL', 'rhsbl.ahbl.org', 4,0,'AHBL', 'dsn.rfc-ignorant.org',3.5, 0,'DSN_RFCI', signature.asc Description: This is a digitally signed message part.
Re: Bug#503859: ExtensionClass completely broken with python 2.5
Chris Lamb wrote: Thomas Viehmann wrote: python -c 'import ExtensionClass ; print ExtensionClass.ExtensionClass' Segmentation fault [..] The overall options seem to be a) (have someone else or learn how python extensions work and) fix ExtensionClass to pass minimal tests with python2.5, I was working on this last night and was getting somewhere. Will report back after this evening's hacking. What's the status? Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: xerces-c in lenny?
Jay Berkenbilt wrote: A thought just occurred to meXerces-C 3.0.0 was released several weeks ago. I haven't bothered to upload to unstable since the release happened after the freeze had started. However, with the security problem with xerces-c2 (causing it to use up lots of memory on certain types of input), I wondered whether it would be worth going ahead and uploading 3.0.0 to unstable and asking for an exception to let it transition. This would be version 3.0.0-1 of the xerces-c package, which has previously existed only in experimental and which has no reverse dependencies. It would therefore be very low impact for the release, except that it would be an additional package, whatever impact that may have on installation, CD creation, etc. I realize that you're generally not accepting new packages right now. If it weren't for the issue in http://bugs.debian.org/502102 (unfixable in xerces-c2, but already fixed in xerces-c), I wouldn't even bring up the subject. If the release time would not support letting xerces-c transition to testing, I wouldn't upload it because I don't want to create any potential of someone depending on it in that case. So, thoughts? Should I stick with my original plan and wait until after the release to upload xerces-c_3.0.0-1, or should I go ahead and upload it now? It wouldn't have to clear NEW since 3.0.0~b2-1 is already in experimental and has built successfully on all platforms. I don't consider this to be worth of inclusion, so please stick to your original plan of uploading it to unstable after the release, TIA. Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Please unblock util-vserver 0.30.216~r2772-4
Hi release-team, Please unblock util-vserver 0.30.216~r2772-4, this fixes a few important remaining issues that would be unfortunte if they were included in Lenny, it only includes these changes: . Adds a patch from upstream to fix a potential future security issue . Fixes a POSIX compliance issue (missing /dev/shm in guest builds) . Fixes a pathing issue that failed to remove confusing unsupported legacy Thanks, and here is to the greatest Debian release yet! Micah signature.asc Description: Digital signature
Re: Please let gnash 0.8.4 into Lenny
2008/11/11 Luk Claes [EMAIL PROTECTED]: Miriam Ruiz wrote: Hi, Could you possibly remove the blocker for gnash for Lenny? It would be much better if 0.8.4 could get into Lenny, it has lots of improvements, youtube works again and there are no reverse dependencies. 1184 files changed, 189823 insertions(+), 171010 deletions(-) I won't unblock this, though if you can point to targeted fixes we might consider them. Your choice, I think you're making a mistake by releasing Lenny with 0.8.3 but I won't put up a fight against it. As you are in charge of that, and it's your responsibility, you take the decisions. As long as that is clear, and that I don't accept any responsibility about shipping Lenny with an obsolete Gnash, whatever you decide to do is up to you and will be OK with me. I won't spend a second of my time fighting a battle I've already lost from the beginning. I know better than to argue and to complain uselessly in these situations. Greetings, Miry -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
please allow phpldapadmin/1.1.0.5-5
Hi, Please allow phpldapadmin/1.1.0.5-6 into lenny. The changes with current lenny are two new translations, and a trivial fix for an important usability problem: #489887. The bug fix has been in unstable since 3 months without new problems. The changelog is pasted below. thanks, Thijs phpldapadmin (1.1.0.5-6) unstable; urgency=low * debian/po/pt_BR.po: added, thanks Herbert P Fortes Neto. (Closes: #494442) -- Fabio Tranchitella [EMAIL PROTECTED] Sat, 09 Aug 2008 20:22:42 +0200 phpldapadmin (1.1.0.5-5) unstable; urgency=low * debian/patches/add_attr_form.dpatch: added, thanks Grzegorz Marsza#322;ek. (Closes: #489887) -- Fabio Tranchitella [EMAIL PROTECTED] Sun, 03 Aug 2008 09:14:48 +0200 phpldapadmin (1.1.0.5-4) unstable; urgency=low * debian/po/sv.po: added, thanks Martin Bagge. (Closes: #493014) * Bumped Standards-Version to 3.8.0, no changes required. -- Fabio Tranchitella [EMAIL PROTECTED] Thu, 31 Jul 2008 08:25:04 +0200 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Freeze exception for libg3d
# justification: package doesnt work on some release archs severity 501809 serious # now most of the mail below is useless, I leave it as a reference thanks Hi, an update how to proceed would definitly be nice. I understand there are way more important issues than an RC bug (filed as important, 501809) in an optinional libary with no rdepends, but do I really need to set the severity to seriouis to get an(other) reply? Sometimes I guess so. :-/ After thinking some more, I came to the conclusion that's it's actually a (haha) no-brainer to use correct severities. Mistakes happen and can be corrected. [upload to t-p-u?] On Sunday 09 November 2008 02:30, Sven Eckelmann wrote: (only symbol file related stuff would be removed). (compared to the version which is now in sid.) regards, Holger pgpxffA9BemFf.pgp Description: PGP signature
Please consider unblocking bittornado 0.3.18-8
Hi, I just uploaded a new version of bittornado that fixes one severity important bug. The fix is a minor 8 line removal from one of the executable scripts used to run bittornado. This fix was submitted in the bug report, tested by users of the MythBuntu derivate, and committed into upstream's CVS for the next release (which can be seen by executing cvs -d ':pserver:[EMAIL PROTECTED]:/cvsroot' co bittornado). You can see the new patch in the debian package here: http://svn.debian.org/wsvn/pkg-bittornado/bittornado/trunk/debian/patches/27_remove_btdownloadheadless_curses_dependency.dpatch?op=filerev=0sc=0 The bug fixed is here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327505 Thanks, Cameron -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Adding D-Link DNS-323 support in a stable update of lenny
Matthew Palmer wrote: On Tue, Nov 11, 2008 at 06:01:07PM +0100, Luk Claes wrote: Martin Michlmayr wrote: Matthew Palmer has recently created patches that add support for the If so, it would be nice to hint dns323-firmware-tools into lenny because we'll need this package to generate installer images for the DNS-323. The manpage has '-c' for model on one place and '-m' in another place, I guess it's a copy/paste error? Whups. As you suggest, that's a copy-paste error. The executable uses /tmp/ctl_header which is a risk for a symlink attack AFAIK. Heh, it's even worse than that -- it's debugging output I didn't properly notate and clean before I made ready for the release. Fixed. I already wondered if it was strange ruby syntax or if the file was not used anymore after that call :-) It might be good to fix these two issues, then I won't have any objection with including it in lenny. I'll upload a new version as soon as I've got 'net access again in an hour or so. unblocked Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Secure-testing-team] Please unblock gallery 1.5.9-1
On Tue, Oct 07, 2008 at 04:37:41PM -0400, Michael Schultheiss wrote: Adeodato Simó wrote: Unless there's more effort by upstream and the maintainer to address this by isolated patches and more detailed descriptions of vulnerabilities we should rather drop Gallery from Lenny. I'm fine with removing gallery from Lenny. Upstream does not have the resources to provide isolated patches. I fear there's been a misunderstanding, my comment was targeted at Gallery in the source package gallery2 (which I was I quoted in the Security Tracker excerpt). Gallery 1.x (was packaged in the gallery source package seems harmless. AFAICT right now gallery has been blocked instead of gallery2. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Some more security hinting
Adeodato Simó wrote: That's unfortunate. Could you perhaps re-upload to t-p-u as 7:6.3.7.9.dfsg1-2.1~lenny1 or equivalent? Is it better if somebody else uploads? The maintainers would be the natural choice, but they were busy uploading a new upstream version to experimental in the mean time :-/ Moritz, any update on this? I'm on it, it'll be uploaded to tpu as 7:6.3.7.9.dfsg1-2.1+lenny1 in about 30 minutes. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Upload of inkscape_0.46-3 to t-p-u ? (was Re: [inkscape] Impossible to change font if ttf-bitstream-vera is not installed.)
Le Tue, Nov 11, 2008 at 04:47:02PM +0100, Luk Claes a écrit : Charles Plessy wrote: Le Mon, Oct 27, 2008 at 04:47:26PM +0100, Thomas Viehmann a écrit : Charles Plessy wrote: Many thanks Thomas for the patch. I have forwarded it Upstream for review, in case we can get an official blessing before releasing with the patch. In the absence of a timely answer, I will upload on DELAYED with a waiting time that leaves next weekend for Wolfram to react. Hi all, Wolfram (the maintainer) actually prepared a fix that was sponsored, which will be unfortunately prevented from migrating to Lenny because of cairomm. I contacted him about this issue but did not get answer yet. Would everybody agree if I sent version 0.46-3 build against Lenny on testing-proposed-updates? The debdiff is attached to this email. It fixes the font issue, plus a problem with Chinese localisation (that I have not studied at all): Yes, please upload. Sorry for the stupid question that betrays my ignorance: which version number is appropriate? Sid is 0.46-3. Although I can't imagine that it will not be updated until Squeeze, I suppose that we want a version number that is inferior for Lenny? Have a nice day, -- Charles Plessy Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: RFC: upload of emacspeak
On Tue, Nov 11, 2008 at 04:58:09PM +0100, Luk Claes wrote: I have attached the proposed patch, for review. Again, if someone else comes forward, I'd be more than happy to let them take over. Please upload. Uploaded as emacspeak_26.0-3+lenny1. I have, in addition to the previous patch, added a fix to #500638, since that was present in this version too. Thanks. Kumar -- Kumar Appaiah signature.asc Description: Digital signature
Re: Some more security hinting
Moritz, any update on this? I'm on it, it'll be uploaded to tpu as 7:6.3.7.9.dfsg1-2.1+lenny1 in about 30 minutes. Done. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Pre-approval for optipng
Hi! A security vulnerability has been found in optipng (Debian bug #505399, SA (Secunia Advisory) http://secunia.com/Advisories/32651/). It has been fixed in version 0.6.2 (that is already at experimental). Code change from 0.6.1 to 0.6.2 is a little big: lib/pngxtern/pngx.h | 22 lib/pngxtern/pngxio.c |5 lib/pngxtern/pngxmem.c | 41 lib/pngxtern/pngxrbmp.c | 67 - src/opngoptim.c | 1777 + src/optipng.c | 2560 +--- src/optipng.h | 86 + 7 files changed, 2473 insertions(+), 2085 deletions(-) You can see the diff at http://people.debian.org/~naoliv/misc/optipng-0.6.1_0.6.2.diff.txt Probably it's a no to upload it to unstable (and let it migrate to testing), right? So do I have a pre-approval to upload it to unstable, including only a patch to fix SA32651, please? Thank you! Best regards, Nelson signature.asc Description: PGP signature
Re: Upload of inkscape_0.46-3 to t-p-u ? (was Re: [inkscape] Impossible to change font if ttf-bitstream-vera is not installed.)
Charles Plessy wrote: Le Tue, Nov 11, 2008 at 04:47:02PM +0100, Luk Claes a écrit : Charles Plessy wrote: Le Mon, Oct 27, 2008 at 04:47:26PM +0100, Thomas Viehmann a écrit : Charles Plessy wrote: Many thanks Thomas for the patch. I have forwarded it Upstream for review, in case we can get an official blessing before releasing with the patch. In the absence of a timely answer, I will upload on DELAYED with a waiting time that leaves next weekend for Wolfram to react. Hi all, Wolfram (the maintainer) actually prepared a fix that was sponsored, which will be unfortunately prevented from migrating to Lenny because of cairomm. I contacted him about this issue but did not get answer yet. Would everybody agree if I sent version 0.46-3 build against Lenny on testing-proposed-updates? The debdiff is attached to this email. It fixes the font issue, plus a problem with Chinese localisation (that I have not studied at all): Yes, please upload. Sorry for the stupid question that betrays my ignorance: which version number is appropriate? Sid is 0.46-3. Although I can't imagine that it will not be updated until Squeeze, I suppose that we want a version number that is inferior for Lenny? We want a version number greater than 0.46-2.1 and smaller than 0.46-3 which was not uploaded to the archive yet (otherwise it would be rejected). An example would be 0.46-2.lenny1. Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Pre-approval for optipng
Nelson A. de Oliveira wrote: Hi! A security vulnerability has been found in optipng (Debian bug #505399, SA (Secunia Advisory) http://secunia.com/Advisories/32651/). It has been fixed in version 0.6.2 (that is already at experimental). Code change from 0.6.1 to 0.6.2 is a little big: lib/pngxtern/pngx.h | 22 lib/pngxtern/pngxio.c |5 lib/pngxtern/pngxmem.c | 41 lib/pngxtern/pngxrbmp.c | 67 - src/opngoptim.c | 1777 + src/optipng.c | 2560 +--- src/optipng.h | 86 + 7 files changed, 2473 insertions(+), 2085 deletions(-) You can see the diff at http://people.debian.org/~naoliv/misc/optipng-0.6.1_0.6.2.diff.txt Probably it's a no to upload it to unstable (and let it migrate to testing), right? Right. So do I have a pre-approval to upload it to unstable, including only a patch to fix SA32651, please? Yes. Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]