Re: Please allow biofox 1.1.5-1 in Lenny.
On tiisdei 27 Jannewaris 2009, Charles Plessy wrote: I did this on the simple assumption that what was good before would be good later until the next deadline, which is D-I RC2, as in the previous updates I made nobody told me anything about this kind of issue. Also, I did not expect this issue to be other than cosmetic since, as I showed in my previous mail, it changes nothing to the binary packages. Hope that explains, I'm sorry, I still don't understand it. It has no user-visible effects. According to you it changes nothing to the binary packages. The best case is that everything remains the same. I'm puzzled then why you decided to make this change. I just can't find any advantage of it. Thijs signature.asc Description: This is a digitally signed message part.
Re: Please allow biofox 1.1.5-1 in Lenny.
Le Wed, Jan 28, 2009 at 09:42:08AM +0100, Thijs Kinkhorst a écrit : I'm sorry, I still don't understand it. It has no user-visible effects. According to you it changes nothing to the binary packages. The best case is that everything remains the same. I'm puzzled then why you decided to make this change. I just can't find any advantage of it. The advantage is normalisation. I prefer to use the latest Debhelper version if possible. We have more than 100 packages in our repository, and if some carry on some legacy versions from upgrade to upgrade, each time one will work on the packate, he will have to figure out why the latest is not used. With the latest upload of BioFOX, I took the opportunity to verify that it was compatible with Debhelper 7. I prefer not to wait that level 5 is deprecated to do this, and given the slow turnover of packages like biofox, each upload is an opportunity. And since it does not change the binary package, I thought that it would not be a problem. Here is the diff between the Lenny update and the package in Sid. Only version number and changelog differs. anx159《tmp》$ diff -ruN mozilla-biofox_1.1.5-1~lenny mozilla-biofox_1.1.5-1 diff -ruN mozilla-biofox_1.1.5-1~lenny/control mozilla-biofox_1.1.5-1/control --- mozilla-biofox_1.1.5-1~lenny/control2009-01-28 03:17:22.0 +0900 +++ mozilla-biofox_1.1.5-1/control 2009-01-24 17:03:01.0 +0900 @@ -1,6 +1,6 @@ Package: mozilla-biofox Source: biofox -Version: 1.1.5-1~lenny +Version: 1.1.5-1 Architecture: all Maintainer: Debian-Med Packaging Team debian-med-packag...@lists.alioth.debian.org Installed-Size: 216 Binary files mozilla-biofox_1.1.5-1~lenny/control.tar.gz and mozilla-biofox_1.1.5-1/control.tar.gz differ Binary files mozilla-biofox_1.1.5-1~lenny/data.tar.gz and mozilla-biofox_1.1.5-1/data.tar.gz differ diff -ruN mozilla-biofox_1.1.5-1~lenny/md5sums mozilla-biofox_1.1.5-1/md5sums --- mozilla-biofox_1.1.5-1~lenny/md5sums2009-01-28 03:17:23.0 +0900 +++ mozilla-biofox_1.1.5-1/md5sums 2009-01-24 17:03:01.0 +0900 @@ -1,9 +1,9 @@ -c89dec7c543cfcd2995969732de63f90 usr/share/doc/mozilla-biofox/README.Debian -997ce2681bd789c2d853d4f0ba05c9ee usr/share/doc/mozilla-biofox/copyright -3c7d0cd3383d3f89115a1cd21824e4ab usr/share/doc/mozilla-biofox/changelog.Debian.gz -a140bf031ab6ac790a866c1a523b3481 usr/lib/iceweasel/extensions/{fbfbf0bf-032e-427e-932d-0b000a34f168}/uninstall/Uninstall 578dd5e0853ba9674020eb913cd47c5f usr/lib/iceweasel/extensions/{fbfbf0bf-032e-427e-932d-0b000a34f168}/chrome/biofox.jar -bc1f25b1b5ffef2b326b4e9b4b8eb779 usr/lib/iceweasel/extensions/{fbfbf0bf-032e-427e-932d-0b000a34f168}/chrome.d -3f1b6b3bf5937979db8c9a8d8e6f5554 usr/lib/iceweasel/extensions/{fbfbf0bf-032e-427e-932d-0b000a34f168}/chrome.manifest f3802cab7afb09496f3f3cb1abfc50b0 usr/lib/iceweasel/extensions/{fbfbf0bf-032e-427e-932d-0b000a34f168}/install.rdf 765f38f1773ef7e7863b94a71c9ed1f7 usr/lib/iceweasel/extensions/{fbfbf0bf-032e-427e-932d-0b000a34f168}/extensions.d +bc1f25b1b5ffef2b326b4e9b4b8eb779 usr/lib/iceweasel/extensions/{fbfbf0bf-032e-427e-932d-0b000a34f168}/chrome.d +a140bf031ab6ac790a866c1a523b3481 usr/lib/iceweasel/extensions/{fbfbf0bf-032e-427e-932d-0b000a34f168}/uninstall/Uninstall +3f1b6b3bf5937979db8c9a8d8e6f5554 usr/lib/iceweasel/extensions/{fbfbf0bf-032e-427e-932d-0b000a34f168}/chrome.manifest +c89dec7c543cfcd2995969732de63f90 usr/share/doc/mozilla-biofox/README.Debian +997ce2681bd789c2d853d4f0ba05c9ee usr/share/doc/mozilla-biofox/copyright +bb88626fbf92f85fa2bae13a5aa1bfde usr/share/doc/mozilla-biofox/changelog.Debian.gz Binary files mozilla-biofox_1.1.5-1~lenny/usr/share/doc/mozilla-biofox/changelog.Debian.gz and mozilla-biofox_1.1.5-1/usr/share/doc/mozilla-biofox/changelog.Debian.gz differ I hope next time we trust each other and we are not asked to upload identical packages with cosmetical changes. Anyway, as we say in France, sans rancune (no offense). Have a nice day, -- Charles Plessy Debian Med packaging team, http://www.debian.org/devel/debian-med Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Please allow biofox 1.1.5-1 in Lenny.
Charles Plessy ple...@debian.org (28/01/2009): The advantage is normalisation. I prefer to use the latest Debhelper version if possible. We have more than 100 packages in our repository, and if some carry on some legacy versions from upgrade to upgrade, each time one will work on the packate, he will have to figure out why the latest is not used. With the latest upload of BioFOX, I took the opportunity to verify that it was compatible with Debhelper 7. That also means that release managers have to check that, too. If you didn't observe it during the last months, even “meant to be trivial” changes led to RC bugs. The same could happen with an apparently trivial debhelper compatibility level bump, even if the maintainer took extra care. Example: in debhelper(7), look at v7's 1st item. I guess one could obtain the wanted output when (p|cow)building, but not on the buildds, where -B is used (do you have any idea how many maintainers try a build with -B?). Tricky, yeah, but shit happens, and release managers want to lower the risks. That's why the freeze is there. That's why guidelines exist. I hope next time we trust each other and we are not asked to upload identical packages with cosmetical changes. Anyway, as we say in France, sans rancune (no offense). Next time, abide by the guidelines, and stop wasting everyone's time. Mraw, KiBi. signature.asc Description: Digital signature
Re: [Fwd: Please unblock dtc 0.29.16-1]
On Wed, Jan 28, 2009 at 06:28:34AM +0800, Thomas Goirand wrote: Please, consider, this is urgent, as there's a security fix in this package. Is there any way to skip the 9 days delay? Upload with urgency high? Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
please unblock libgeda, geda-*
I've uploaded new versions of the libgeda and geda-* packages to unstable which fix RC bugs with the copyright files and a couple of other things, like a tempfile vulnerability in an example script (geda-gnetlist) and some missing error checking in a postrm (geda-symbols). The relevant versions are geda - 1:1.4.0.2 geda-doc - 1:1.4.0-2 geda-examples - 1:1.4.0-2 geda-gattrib - 1:1.4.0-5 geda-gnetlist - 1:1.4.0-3 geda-gschem - 1:1.4.0-3 geda-gsymcheck - 1:1.4.0-3 geda-symbols - 1:1.4.0-3 geda-utils - 1:1.4.0-3 debdiff output is attached. (Not inlined as I suspect it's too confusing with nine packages). Could you please allow these into lenny? thanks Hamish -- Hamish Moffatt VK3SB ham...@debian.org ham...@cloud.net.au diff -Nru geda-1.4.0.1/debian/changelog geda-1.4.0.2/debian/changelog --- geda-1.4.0.1/debian/changelog 2008-03-30 22:55:10.0 +1100 +++ geda-1.4.0.2/debian/changelog 2009-01-29 00:32:04.0 +1100 @@ -1,3 +1,10 @@ +geda (1:1.4.0.2) unstable; urgency=low + + * Update debian/copyright to follow standard template +* all of gEDA uses GPLv2 (closes: #510992) + + -- Hamish Moffatt ham...@debian.org Thu, 29 Jan 2009 00:31:46 +1100 + geda (1:1.4.0.1) unstable; urgency=low * Add Recommends: extra-xdg-menus. The dependency mentioned in the previous diff -Nru geda-1.4.0.1/debian/control geda-1.4.0.2/debian/control --- geda-1.4.0.1/debian/control 2008-03-30 22:54:16.0 +1100 +++ geda-1.4.0.2/debian/control 2009-01-29 00:33:29.0 +1100 @@ -14,5 +14,5 @@ Description: GPL EDA -- Electronics design software GPL EDA, an electronics design package. . - This is a meta-package which depends on the components required + This is a metapackage which depends on the components required for a typical gEDA installation. diff -Nru geda-1.4.0.1/debian/copyright geda-1.4.0.2/debian/copyright --- geda-1.4.0.1/debian/copyright 2007-07-10 08:20:13.0 +1000 +++ geda-1.4.0.2/debian/copyright 2009-01-29 00:31:45.0 +1100 @@ -1,9 +1,42 @@ -This is the debian package of gEDA. The gEDA sources were downloaded -from http://www.geda.seul.org/. The package was created by Hamish -Moffatt, April 21, 1998. - -This software is released under the GNU General Public License, -version 2; please see /usr/share/common-licenses/GPL on your Debian -system. libgeda is released under the GNU Library General Public License -(LGPL), /usr/share/common-licenses/LGPL. +This package was debianized by: + +Hamish Moffatt ham...@debian.org on April 21, 1998. + +It was downloaded from: + +http://www.geda.seul.org/ + +Upstream Authors: + +Ales Hvezda and the GPL EDA team geda-...@geda.seul.org + +Copyright: + + Copyright (C) 1998-2007 Ales Hvezda + Copyright (C) 1998-2007 gEDA Contributors (see ChangeLog for details) + +License: + +This package is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or +(at your option) any later version. + +This package is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this package; if not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +On Debian systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. + +The Debian packaging is: + +Copyright (C) 1998-2009, Hamish Moffatt ham...@debian.org + +and is licensed under the GPL, see above. diff -u geda-doc-1.4.0/toplevel/gedadocs.html geda-doc-1.4.0/toplevel/gedadocs.html --- geda-doc-1.4.0/toplevel/gedadocs.html +++ geda-doc-1.4.0/toplevel/gedadocs.html @@ -11,7 +11,7 @@ H1 gEDA documention /H1 -H3version 1.2.0/H3 +H3version 1.4.0/H3 /CENTER BR P @@ -21,7 +21,7 @@ UL -LI gEDA wiki snapshop 1.2.0 : A HREF=./wiki/index.htmlHTML/A/LI +LI gEDA wiki snapshop 1.4.0 : A HREF=./wiki/index.htmlHTML/A/LI p /UL diff -u geda-doc-1.4.0/debian/changelog geda-doc-1.4.0/debian/changelog --- geda-doc-1.4.0/debian/changelog +++ geda-doc-1.4.0/debian/changelog @@ -1,3 +1,10 @@ +geda-doc (1:1.4.0-2) unstable; urgency=low + + * Update debian/copyright to follow standard template +* all of gEDA uses GPLv2 (closes: #510993) + + -- Hamish Moffatt ham...@debian.org Thu, 29 Jan 2009 00:35:56 +1100 + geda-doc (1:1.4.0-1) unstable; urgency=low * New upstream release diff -u geda-doc-1.4.0/debian/copyright geda-doc-1.4.0/debian/copyright --- geda-doc-1.4.0/debian/copyright +++ geda-doc-1.4.0/debian/copyright @@ -1,9 +1,42 @@ -This is the debian package of gEDA. The gEDA sources were downloaded -from http://www.geda.seul.org/. The package was created by
Please update guile-1.6's unblock
Hello, from Luk's hints file: | # 20081218 | […] | unblock guile-1.6/1.6.8-6.1 please make it: guile-1.6/1.6.8-6.3 .2 fixed the FTBFS on sparc (which reminds me I should open a bug against the compiler which seems to produce bad code at -O2 on this arch), .3 fixed the FTBFS on hppa (which prevented it from migrating, hence the need for a 2-revision unblock). Changelog: | guile-1.6 (1.6.8-6.3) unstable; urgency=high | | * Non-maintainer upload. | * Work around two FTBFS causes on hppa (Closes: #497740): | - The stack grows up on hppa (only), and the variable introduced by |the stackdirection.diff patch isn't the needed one (it introduces |SCM_I_GSC_STACK_GROWS_UP while SCM_STACK_GROWS_UP would be needed). | - Both -O2 and -O0 are not OK on hppa because it leads to a stack |overflow. | Therefore, instead of fiddling with the patch, introduce more | architecture-specific checks to add the right CFLAGS. | * As a consequence, rework the existing CFLAGS handling to make them a | bit more readable, including a table that describes the wanted CFLAGS | depending on the architecture, and depending on whether “noopt” is | passed through DEB_BUILD_OPTIONS. Test-buit successfully on amd64, | hppa, and sparc, both with and without “noopt”. | * Set urgency to “high” since that will fix 2 RC bugs in lenny. | | -- Cyril Brulebois k...@debian.org Wed, 28 Jan 2009 12:25:38 +0100 | | guile-1.6 (1.6.8-6.2) unstable; urgency=low | | * Non-maintainer upload. | * Work around a possible compiler bug which leads to FTBFS on sparc, by | setting CFLAGS=-O0 for that architecture. Also switch the previous | CFLAGS=-01 -g to CFLAGS=-O0 -g for the noopt build on sparc, for | the same reason (Closes: #501114). | | -- Cyril Brulebois k...@debian.org Tue, 20 Jan 2009 05:39:56 +0100 JFTR, .1 was about: | guile-1.6 (1.6.8-6.1) unstable; urgency=high | | * Non-maintainer upload. | * stackdirection.diff: Patch by Thiemo Seufer to fix FTBFS on | some architectures. (closes: #497740) | * autofiles.diff: Regenerate. | | -- Frank Lichtenheld dj...@debian.org Sun, 28 Sep 2008 22:12:11 +0200 Thanks go to zobel for prodding me and somewhat believing I could fix the bug on hppa, and to Grant Grundler for providing me with an access to HP's cluster. Mraw, KiBi. signature.asc Description: Digital signature
please unblock gst-plugins-good0.10
Version 0.10.8-4.1 fixes a security bug! Regards, Cascardo. signature.asc Description: Digital signature
Re: Pre-approval for wide-dhcpv6 t-p-u upload
On Wed, Jan 28, 2009 at 03:37:24PM +0100, Jérémie Corbier wrote: and I would like to be allowed to upload it to t-p-u since wide-dhcpv6-client in its current state in testing is completely unusable. Please upload. Neil -- * stockholm bangs head against budget h01ger outsch stockholm h01ger: it is still very soft, i did not hurt myself gwolf stockholm: But you bled on the budget, and now it's red again! -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Please update guile-1.6's unblock
On Wed, Jan 28, 2009 at 03:21:32PM +0100, Cyril Brulebois wrote: Hello, from Luk's hints file: | # 20081218 | […] | unblock guile-1.6/1.6.8-6.1 please make it: guile-1.6/1.6.8-6.3 Unblocked. Neil -- [local irc server has just been brought up] godog suddenly there's quite some silence in the hacklab -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: please unblock gst-plugins-good0.10
On Wed, Jan 28, 2009 at 12:07:43PM -0200, Thadeu Lima de Souza Cascardo wrote: Version 0.10.8-4.1 fixes a security bug! Unblocked. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
rt73 and linux-modules-contrib-2.6 security update
I uploaded a security fix for rt73 (1:1.0.3.6-cvs20080623-dfsg1-3) which should be allowed to propagate to lenny. linux-modules-contrib-2.6 builds binaries from this and therefore needs a binNMU on all architectures. That should also be allowed to propagate to lenny. Ben. -- Ben Hutchings When you say `I wrote a program that crashed Windows', people just stare ... and say `Hey, I got those with the system, *for free*'. - Linus Torvalds -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Remove sshguard from testing?
Hi, Given #495683 is months old, and the maintainer hasn't commented on it, and it's never been in a stable release, should it just get removed from testing? regards Andrew signature.asc Description: Digital signature
Re: Remove sshguard from testing?
On Thu, Jan 29, 2009 at 02:25:41AM +1000, Andrew Pollock wrote: Given #495683 is months old, and the maintainer hasn't commented on it, and it's never been in a stable release, should it just get removed from testing? I made enquiries [1] about sshguard earlier this month, offering to co-maintain with the current maintainer. His sponsor replied [2] to say that Ernesto was working on an upload, but it hasn't been seen yet. sshguard is useful to me, and I'd like to see it stay in, but in its current state of neglect it's probably not practical. My offer to co-maintain still stands, but I doubt a new upstream will make it into lenny at this late stage. RM's view would be welcome. [1] http://lists.debian.org/debian-qa/2009/01/msg00026.html [2] http://lists.debian.org/debian-qa/2009/01/msg00039.html -- Jonathan Wiltshire PGP/GPG: 0xDB800B52 / 4216 F01F DCA9 21AC F3D3 A903 CA6B EA3E DB80 0B52 signature.asc Description: Digital signature
Re: Status of lenny transition?
Hi, Am Mittwoch, den 28.01.2009, 08:15 -0600 schrieb John Goerzen: I notice that the packages I uploaded for the ghc 6.8.2dfsg1 transition -- which were apparently needed urgently -- are still just sitting in unstable, and have not migrated to lenny. When will this happen? AFAIK, luk is the member of the release team responsible for the ghc migration, you can probably ask him. My guess would be that there are some package not built everywhere yet. Theoretically, one can find out here: http://ftp-master.debian.org/testing/update_output.txt after Trying hint from luk: ghc6/6.8.2dfsg1-1 But I don’t understand that output fully. I’m CCing debian-release: Luk, is there anything missing from our side? I ask because I am near to releasing HDBC 2.0, and obviously can't upload it to unstable until the version that needs to go to lenny has migrated. I have several other packages already waiting on this as well. I suggest you upload that to experimental. At least it’s the lesson I learned from the ghc6 issue: Only put stuff in sid that is somewhat suitable for the current testing, even if frozen (or maybe NEW stuff). I was just lucky that my packages, who have seen new versions in unstable, are not affected by the transition. Thanks, Joachim -- Joachim nomeata Breitner Debian Developer nome...@debian.org | ICQ# 74513189 | GPG-Keyid: 4743206C JID: nome...@joachim-breitner.de | http://people.debian.org/~nomeata signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: washngo REMOVED from testing
Can someone tell me why this happened? FWIW, I uploaded 2.12-6 to unstable to fix the GHC migration, and it hasn't migrated. There are no RC bugs on washngo. Thanks, -- John On Wed, Jan 28, 2009 at 04:39:17PM +, Debian testing watch wrote: FYI: The status of the washngo source package in Debian's testing distribution has changed. Previous version: 2.12-5.1 Current version: (not in testing) Hint: http://release.debian.org/britney/hints/luk The script that generates this mail tries to extract removal reasons from comments in the britney hint files. Those comments were not originally meant to be machine readable, so if the reason for removing your package seems to be nonsense, it is probably the reporting script that got confused. Please check the actual hints file before you complain about meaningless removals. -- This email is automatically generated; the Debian Release Team debian-release@lists.debian.org is responsible. See http://release.debian.org/testing-watch/ for more information. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Status of lenny transition?
Joachim Breitner wrote: Hi, Am Mittwoch, den 28.01.2009, 08:15 -0600 schrieb John Goerzen: I notice that the packages I uploaded for the ghc 6.8.2dfsg1 transition -- which were apparently needed urgently -- are still just sitting in unstable, and have not migrated to lenny. When will this happen? AFAIK, luk is the member of the release team responsible for the ghc migration, you can probably ask him. My guess would be that there are some package not built everywhere yet. Theoretically, one can find out here: http://ftp-master.debian.org/testing/update_output.txt after Trying hint from luk: ghc6/6.8.2dfsg1-1 But I don’t understand that output fully. The last output line for the hint tells what would still get broken by pushing it in. I'm handholding the last builds/binNMUs to get it all migrated. I ask because I am near to releasing HDBC 2.0, and obviously can't upload it to unstable until the version that needs to go to lenny has migrated. I have several other packages already waiting on this as well. I suggest you upload that to experimental. At least it’s the lesson I learned from the ghc6 issue: Only put stuff in sid that is somewhat suitable for the current testing, even if frozen (or maybe NEW stuff). I was just lucky that my packages, who have seen new versions in unstable, are not affected by the transition. Yes, as a general rule that's true and in the current stage of the release definitely! Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: washngo REMOVED from testing
John Goerzen wrote: Can someone tell me why this happened? Because the one from unstable does not build on sparc nor mips. It's only temporary to be able to migrate the version from unstable (which is unblocked). FWIW, I uploaded 2.12-6 to unstable to fix the GHC migration, and it hasn't migrated. There are no RC bugs on washngo. It could not migrate as it does not build on mips nor sparc anymore (internal compiler errors). Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Pre-approval for cwidget upload to fix a deadlock (511708 and friends)
Daniel Burrows wrote: And just for the sake of completeness, here's the debdiff for my proposed upload. Please upload and ping us again when the version is installed in the archive, TIA. Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: [Fwd: Please unblock dtc 0.29.16-1]
Thomas Goirand wrote: The stable release of this package has some bugfixes and needs to be uploaded to Lenny: * New spanish debian template translation thanks to Francisco Javier Cuadrado fcocuadr...@gmail.com (Closes: #510468) * Backported a MySQL insertion security fix from the Git version (issue was when using the add service function once you already have an account). At least this fix doesn't seem to be in 0.29.16-1 currently in unstable. Cheers Luk * Fixed the roundcube dependency so it pulls it correctly. * Backported a bugfix for the VAT rate so it can be changed without issue. A full log since 0.29.14 (the last in Lenny) of the changes can be found here: http://git.gplhost.com/gitweb/?p=dtc.git;a=shortlog;h=refs/heads/stable-0.29 Please, consider, this is urgent, as there's a security fix in this package. Is there any way to skip the 9 days delay? Thomas -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: please unblock libgeda, geda-*
Hamish Moffatt wrote: I've uploaded new versions of the libgeda and geda-* packages to unstable which fix RC bugs with the copyright files and a couple of other things, like a tempfile vulnerability in an example script (geda-gnetlist) and some missing error checking in a postrm (geda-symbols). The relevant versions are geda - 1:1.4.0.2 geda-doc - 1:1.4.0-2 geda-examples - 1:1.4.0-2 geda-gattrib - 1:1.4.0-5 geda-gnetlist - 1:1.4.0-3 geda-gschem - 1:1.4.0-3 geda-gsymcheck - 1:1.4.0-3 geda-symbols - 1:1.4.0-3 geda-utils - 1:1.4.0-3 debdiff output is attached. (Not inlined as I suspect it's too confusing with nine packages). Could you please allow these into lenny? All unblocked. Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: The future of clamav wrt. stable/volatile
On 2009-01-25, Michael Tautschnig m...@debian.org wrote: --===6401238421216507687== Content-Type: multipart/signed; micalg=pgp-sha1; protocol=application/pgp-signature; boundary=UfEAyuTBtIjiZzX6 Content-Disposition: inline --UfEAyuTBtIjiZzX6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Dear Release Team, In the clamav packaging team we had recurring discussion about how to deal with clamav in the near (== lenny) and more distant (= squeeze) future. The current situation is as follows: - We've got severly outdated clamav packages in etch(-security). - A few packages depend on clamav; those depends are not necessarily versioned. - Any sensible use of clamav requires the packages from volatile to be able to handle all features of upstream's current signature database. - We've had 16 security updates since the release of etch, which constantly required backporting of upstream's fixes that were included in the volatile releases. We could of course continue this game of telling users that nothing but the clamav from volatile is what one should use on production systems, but maybe there are other options as well. Let me see what options we have: - Stick with the current scheme. Possible, but neither user- nor maintainer-friendly. - Move clamav to volatile only. This would, however, also require that all depending packages go to volatile, even the depends are unversioned. - Do fairly large updates (i.e., possibly new major versions) through stable-proposed-updates. - ??? We don't necessarily seek a solution for lenny, but would like to start a discussion and receive some comments from people involved in release management to see which further options we have, or which of the proposed are acceptable. We had discussed this during the Security Team meeting in Essen: We believe clamav shouldn't be included in stable; malware scan engines are a constantly moving target and it's pointless to backport changes since new signatures constantly require new scan engine features all the time. So moving it to volatile is the best solution for everyone. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Iceape removal
Hi, I've uploaded a NMU to fix #511477. Please unblock iceape/1.1.14-1.1 I've recompiled all packages build-depending on iceape-dev (including fun packages like gcj-4.[23], eclipse, openjdk and openoffice.org) and they all rebuild fine. The interdiff contain some buildsystem-generated, I'm attaching a debdiff of the relevant changes. Please also unblock my NMU to drop the iceape-traybiff package from mozilla-traybiff: version 1.2.3-4.3 The following iceape-specific packages need to be removed from Lenny: mozilla-tabextensions mozilla-checky mozilla-cascades iceape-l10n-* Cheers, Moritz diff -u iceape-1.1.14/debian/iceape-browser.install iceape-1.1.14/debian/iceape-browser.install --- iceape-1.1.14/debian/iceape-browser.install +++ iceape-1.1.14/debian/iceape-browser.install @@ -22,9 +22,6 @@ #usr/lib/iceape/libmozpango.so usr/lib/iceape/libmsgbaseutil.so usr/lib/iceape/libprldap50.so -usr/lib/iceape/libxpcom.so -usr/lib/iceape/libxpcom_compat.so -usr/lib/iceape/libxpcom_core.so usr/lib/iceape/libxpistub.so #usr/lib/iceape/pango.modules usr/lib/iceape/plugins/libnullplugin.so diff -u iceape-1.1.14/debian/control iceape-1.1.14/debian/control --- iceape-1.1.14/debian/control +++ iceape-1.1.14/debian/control @@ -8,69 +8,10 @@ Vcs-Git: git://git.debian.org/git/pkg-mozilla/iceape.git Vcs-Browser: http://git.debian.org/?p=pkg-mozilla/iceape.git -Package: iceape -Architecture: all -Section: web -Depends: iceape-browser, iceape-mailnews -Recommends: iceape-chatzilla -Suggests: iceape-calendar -Conflicts: mozilla ( 2:1.8) -Replaces: mozilla -Description: The Iceape Internet Suite - The Iceape Internet Suite is an unbranded Seamonkey Internet Suite suitable - for free distribution. The Seamonkey Internet Suite is a set of Internet - oriented applications. It is the continuity of the Mozilla Suite after it - has been abandoned in favor of Firefox and Thunderbird. - . - The Iceape Internet Suite consists of: - - an Internet browser (Iceape Navigator) - - an HTML WYSIWYG editor (Iceape Composer) - - a Mail and News client (Iceape Mail Newsgroups) - - an Address Book (Iceape Address Book) - - an IRC client (Chatzilla) - - a Calendar (Iceape Calendar) (not officially in the suite) - . - This is a meta package that depends on the main components of this suite. - It is here to ease upgrades, installations, and provide a consistent upgrade - path from previous versions. - . - It can safely be removed with no ill effects. - -Package: iceape-browser -Architecture: any -Section: web -Depends: ${shlibs:Depends} -Recommends: iceape-gnome-support -Suggests: latex-xft-fonts, libkrb53, iceape-mailnews, iceape-dom-inspector -Conflicts: mozilla-browser ( 2:1.8), mozilla-psm ( 2:1.8), mozilla-venkman (= 0.9.87-3) -Replaces: mozilla-browser, mozilla-psm -Provides: www-browser -Description: Iceape Navigator (Internet browser) and Composer - Iceape Navigator is a sophisticated graphical World-Wide-Web browser, with - a large number of various browser features like support for HTML 4.0, CSS - 2, JavaScript, etc. It also features tabbed browsing, popup blocking, and - many others options. - . - Iceape Composer is a WYSIWYG HTML editor that lets you modify arbitrary - HTML pages. It provides dynamic image and table resizing, quick insert - and delete of table cells, and supports CSS and positioned layers. - . - See the 'iceape' package for more information on the Iceape Internet Suite. - -Package: iceape-gnome-support -Architecture: any -Section: web -Depends: ${shlibs:Depends}, iceape-browser (= ${binary:Version}) -Description: GNOME support for the Iceape Internet Suite - This is an extension to iceape that allows the use of protocol handlers - from GnomeVFS, such as smb or sftp, and other GNOME integration features. - . - See the 'iceape' package for more information on the Iceape Internet Suite. - Package: iceape-dev Architecture: all Section: devel -Depends: iceape-browser (= ${source:Upstream-Version}), iceape-browser (= ${source:Version}.1~), iceape-dev-bin (= ${source:Upstream-Version}), libnspr4-dev +Depends: iceape-dev-bin (= ${source:Upstream-Version}), libnspr4-dev Replaces: mozilla-dev Description: Development files for the Iceape Internet Suite This package contains the header and idl files to develop components for @@ -86,90 +27,6 @@ +Conflicts: iceape-browser Description: Development files for the Iceape Internet Suite This package contains the XPCOM dependent glue and xpidl, xpt_dump and xpt_link utilities. . - See the 'iceape' package for more information on the Iceape Internet Suite. - -Package: iceape-dbg -Architecture: any -Priority: extra -Section: devel -Depends: iceape-browser (= ${binary:Version}) | iceape-mailnews (= ${binary:Version}) | iceape-calendar (= ${binary:Version}), iceape-dom-inspector (= ${binary:Version}) -Description: Debugging symbols for the Iceape Internet Suite - This package provides the debugging symbols for the Iceape Internet Suite - programs.
Re: squeeze version number
* W. Martin Borgert [Fri, 23 Jan 2009 11:46:29 +0100]: On 2009-01-23 10:17, Neil McGovern wrote: On Fri, Jan 23, 2009 at 11:11:00AM +0100, W. Martin Borgert wrote: Btw., will squeeze be 6.0? Unknown yet, and probably won't be for some time. It would be cool, if we could define that (like the release name) one release ahead. That would ease documentation and marketing communication. Indeed, so let's do that: Squeeze will be 6.0. Cheers, -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org In my opinion, the most fruitful and natural play of the mind is in conversation. I find it sweeter than any other action in life; and if I were forced to choose, I think I would rather lose my sight than my hearing and voice. -- Michel de Montaigne signature.asc Description: Digital signature
Re: rt73 and linux-modules-contrib-2.6 security update
The following packages have the same security fix and should also be unblocked: rt2400 1.2.2+cvs20080623-3 rt2500 1:1.1.0-b4+cvs20080623-3 rt2570 1.1.0+cvs20080623-2 Ben. signature.asc Description: This is a digitally signed message part
Re: The future of clamav wrt. stable/volatile
Moritz Muehlenhoff schrieb am Wednesday, den 28. January 2009: On 2009-01-25, Michael Tautschnig m...@debian.org wrote: --===6401238421216507687== Content-Type: multipart/signed; micalg=pgp-sha1; protocol=application/pgp-signature; boundary=UfEAyuTBtIjiZzX6 Content-Disposition: inline --UfEAyuTBtIjiZzX6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Dear Release Team, In the clamav packaging team we had recurring discussion about how to deal with clamav in the near (== lenny) and more distant (= squeeze) future. The current situation is as follows: - We've got severly outdated clamav packages in etch(-security). - A few packages depend on clamav; those depends are not necessarily versioned. - Any sensible use of clamav requires the packages from volatile to be able to handle all features of upstream's current signature database. - We've had 16 security updates since the release of etch, which constantly required backporting of upstream's fixes that were included in the volatile releases. We could of course continue this game of telling users that nothing but the clamav from volatile is what one should use on production systems, but maybe there are other options as well. Let me see what options we have: - Stick with the current scheme. Possible, but neither user- nor maintainer-friendly. - Move clamav to volatile only. This would, however, also require that all depending packages go to volatile, even the depends are unversioned. - Do fairly large updates (i.e., possibly new major versions) through stable-proposed-updates. - ??? We don't necessarily seek a solution for lenny, but would like to start a discussion and receive some comments from people involved in release management to see which further options we have, or which of the proposed are acceptable. We had discussed this during the Security Team meeting in Essen: We believe clamav shouldn't be included in stable; malware scan engines are a constantly moving target and it's pointless to backport changes since new signatures constantly require new scan engine features all the time. So moving it to volatile is the best solution for everyone. Ehm, its not a solution for me to move dansguardian to volatile only. It guess that counts for other applications that link against clamav too. Alex -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: please unblock libgeda, geda-*
On Wed, Jan 28, 2009 at 08:16:07PM +0100, Luk Claes wrote: Hamish Moffatt wrote: I've uploaded new versions of the libgeda and geda-* packages to unstable which fix RC bugs with the copyright files and a couple of other things, like a tempfile vulnerability in an example script (geda-gnetlist) and some missing error checking in a postrm (geda-symbols). The relevant versions are geda - 1:1.4.0.2 geda-doc - 1:1.4.0-2 geda-examples - 1:1.4.0-2 geda-gattrib - 1:1.4.0-5 geda-gnetlist - 1:1.4.0-3 geda-gschem - 1:1.4.0-3 geda-gsymcheck - 1:1.4.0-3 geda-symbols - 1:1.4.0-3 geda-utils - 1:1.4.0-3 debdiff output is attached. (Not inlined as I suspect it's too confusing with nine packages). Could you please allow these into lenny? All unblocked. Thanks. Do normal 10 day propagation rules apply or is it different during the freeze? Hamish -- Hamish Moffatt VK3SB ham...@debian.org ham...@cloud.net.au -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
new upstream gEDA bug fix release
Hi, Upstream for geda* has released a new version with bug fixes only. This release has been specifically aimed at us, and contains bug fixes only. Some of the bugs are serious, some are minor, most aren't logged in our BTS. What is your opinion about including this in the release? I have not uploaded it to unstable yet, owing to the earlier RC fixes just uploaded (already unblocked by Luk, thanks). Here's upstream's changelog for libgeda since 1.4.0 (in unstable); commit 24527dcb9d25d2a81b7059ca750c1a557173804f Author: Ales Hvezda ahve...@seul.org Date: Wed Dec 31 18:40:14 2008 -0500 Manually ran make update-po in all po directories in prep for a release commit 732a12f84d3dbc3b6cfc78f51e71211f2dce3368 Author: Ales Hvezda ahve...@seul.org Date: Wed Dec 31 18:20:33 2008 -0500 Updated program versions and shared library in prep for 1.4.3.20081231 Versions updated by running: ./update-versions.sh 1.4.3 20081231 33:2:0 commit 22d9457c68d756675facc5acfebebca96299a766 Author: Peter TB Brett pe...@peter-b.co.uk Date: Tue Dec 30 23:49:17 2008 + Validate calls to scm_c_eval_string(). [2105219] Because the reporter's version of Guile is broken, a lovely garbage collector segfault occurs if a null string is passed to scm_c_eval_string(). For now, replace most calls to scm_c_eval_string() with user-provided arguments by g_scm_c_eval_string_protected(), and modify the latter to behave well with a NULL argument. This has the added advantage of providing backtraces in more places. Cherry-picked from: 2a4fdb13021d0153e788fe3b2fc005f273dcdf4b 16102ef095c959b5c1febb9b9259dda23c739258 commit f3c81e69811a60559b9a25dd9890c2e2df85e27a Author: Ales Hvezda ahve...@seul.org Date: Sat Dec 20 21:01:52 2008 -0500 Updated all the ChangeLogs again commit 58052ffbcf9fb83ed620473cac7eb33dca39615c Author: Ales Hvezda ahve...@seul.org Date: Sat Dec 20 20:59:41 2008 -0500 Oops, created the 1.4.2 release with the wrong date. Today is 20081220 ... ... not 20081218. commit 389ee59aa4e37b29862395b56ae62a42cc7fa9cd Author: Ales Hvezda ahve...@seul.org Date: Sat Dec 20 20:13:16 2008 -0500 Updated ChangeLogs for the 1.4.2.20081218 release Updated by running: ./update-changelogs.sh 1.0-20070526..stable-1.4 commit aa9e7b426142bc08e454f944ba1246c27c63e773 Author: Ales Hvezda ahve...@seul.org Date: Sat Dec 20 19:12:22 2008 -0500 Manually ran make update-po in all po directories commit 59f9593cf903345f96f78fbd365c008061cf600e Author: Ales Hvezda ahve...@seul.org Date: Sat Dec 20 19:07:12 2008 -0500 Bumped the reveision number libgeda's shared library and updated versions. Updated all version to 1.4.2.20081218. Update was done by running: ./update-versions.sh 1.4.2 20081218 33:1:0 commit 9697d169ccb52b67990b55e508fd63ecd3033ab3 Author: Peter Clifton pc...@cam.ac.uk Date: Tue Dec 9 09:15:03 2008 + Calculate bounds of new object when copying an embedded complex. Adds call to o_complex_recalc() in o_complex_copy_embedded(). commit 137c5ce36ec471392d6b0103486a0180f0bc338c Author: Werner Hoch werner...@gmx.de Date: Tue Dec 9 09:14:43 2008 + libgeda: changed object adding flag for embeded symbols [#1692626] Copying embeded symbols in gschem had ghost connections. When copying objects into the place buffer, the ADDING_SEL flag has to be set. commit 2b302915fdd5c385c7515b82d5a1dd5f02bcf2aa Author: Ales Hvezda ahve...@-e false.(none) Date: Tue Dec 9 09:12:05 2008 + Fixed up all icon-theme-installer files to work with non-bash Grabbed the latest icon-theme-installer files from the pcb repository since they have been fully patched to work with non-bash shells. On my ubuntu system, /bin/sh is linked to dash which prevented me from running the previous version of icon-theme-installer. This commit is related to a7e7a28613abe4705ec01011d0f4308ff024251b commit 73b045e75d95d6633e51c5cfac63f25ea31e7c31 Author: Carlos Nieves Onega cnie...@iespana.es Date: Tue Dec 9 09:12:04 2008 + Changed shell from bash to sh in icon-theme-installer Changed shell from bash to sh in icon-theme-installer. This commit is still not tested in non-bash systems. Applied partially geda patch #1978537 (only bash to sh change, not removal of $INSTALL_DATA_EXEC check) from anonymous contributor and Dan McMahill's test case change in line 103 from: http://pcb.cvs.sourceforge.net/pcb/pcb/icon-theme-installer?r1=1.1r2=1.2 commit 6cb66fef58470e627bbf33eac4a50d928a15b4c7 Author: Ales Hvezda ahve...@seul.org Date: Sun Sep 28 17:41:58 2008 -0400 Another round of updating ChangeLogs in prep for the release commit 58a3d3cfd1ae6e98c41b733821461d3753c68bfe Author: Ales Hvezda ahve...@seul.org Date: Sun Sep 28 17:05:45 2008 -0400 Updated all ChangeLogs to
Re: please unblock libgeda, geda-*
Hamish Moffatt ham...@debian.org (29/01/2009): Thanks. Do normal 10 day propagation rules apply or is it different during the freeze? Depends on the urgency, as always, unless overriden by the RMs through age-days: http://release.debian.org/britney/hints/README Mraw, KiBi. signature.asc Description: Digital signature
Please unblock mono 1.9.1+dfsg-6
Hi, Please unblock mono 1.9.1+dfsg-6 as it contains important bugfixes such as ARM fixes, runtime crashes and memory leaks. mono -6 was also built on all archs already. Here the full changelog: mono (1.9.1+dfsg-6) unstable; urgency=high . [ Mirco Bauer ] * debian/rules: + Bumped API of libmono-data-tds1.0-cil and libmono-data-tds2.0-cil to 1.9.1+dfsg-3 (which was forgotten in the -3 release). This caused a type loading error for partial uprades between 1.9.1 and 2.0: The class Mono.Data.Tds.Protocol.ITds could not be loaded, used in Mono.Data.Tds, Version=2.0.0.0. * debian/patches/fix_WebMethod_nullable_crash_r122070.dpatch: + Fixes a crash with WebMethods when nullable types are used. (patch taken from upstream SVN revision r122070) * debian/patches/fix_System.Web.HttpResponse_memory_leak_r115861.dpatch: + Fixes memory leak in System.Web.HttpResponse. (patch taken from upstream SVN revision r115863) * debian/patches/arm_fix_flush_icache_calls_r121457.dpatch: + Fixed calls to mono_arch_flush_icache. (patch taken from upstream SVN revision r121457) * debian/patches/arm_eabi_fix_r122416_r122702.dpatch: + Use GCC macro for flushing the cache where available instead of inline ASM. (Closes: #511694, thanks to Stephen Depooter steph...@xandros.com for the investigation and Riku Voipio nov...@kos.to for the patch) (patch taken from upstream SVN revisions r122416 and r122702) . [ David Paleino ] * debian/patches/fix_TcpClient_IPv6_r122598.dpatch: + Fix bug in TcpClient() implementation preventing IPv6 connections from working. (patch taken from upstream SVN revision r122598) thanks! -- Regards, Mirco 'meebey' Bauer PGP-Key ID: 0xEEF946C8 FOSS Developermee...@meebey.net http://www.meebey.net/ PEAR Developermee...@php.net http://pear.php.net/ Debian Developer mee...@debian.org http://www.debian.org/ -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Please unblock mono 1.9.1+dfsg-6
Mirco Bauer wrote: Hi, Please unblock mono 1.9.1+dfsg-6 as it contains important bugfixes such as ARM fixes, runtime crashes and memory leaks. mono -6 was also built on all archs already. unblocked Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Permission to upload geordi 0:20080725T0146-1+lenny1?
Chris Lamb wrote: Hi -release, I would like to upload geordi 0:20080725T0146-1+lenny1 to t-p-u to fix a DoS issue. The relevant changelog entry is: geordi (0:20080725T0146-1+lenny1) testing-proposed-updates; urgency=low * Ignore (rather than allow) fcntl system call to prevent a DoS. Upstream writes: By using fcntl with F_SETOWN to make the geordi process the owner of its stdout and then using fcntl again to set O_ASYNC on stdout, the C++ program could have the geordi process receive SIGIO, causing it to shut down. We only allowed fcntl because g++ appeared to need it. Upon closer inspection, it turns out g++ only uses it to check some flags on the precompiled header fd, and the system call can just be ignored altogether. Patch backported from upstream darcs repository. The debdiff is attached to this mail. I will be making the parallel change to sid's version this evening. Ok, please upload. Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
'trustedqsl' still removed from testing due to #511509
Hi -release Due to an accident in timing by Martin Zobel-Helas, his hint to unblock 'trustedqsl/1.11-7' was commented out just before it became re-eligible to return to testing along with 'tqsllib/2.0-8' as hinted by Luk Claes. I would suggest it qualifies for a new freeze exception as it was removed by mistake because of #511509. Regards Jon -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org