[SRM] Proposed NMU, gif2png to oldstable/stable (PRSC)
Hi,
The attached diffs are for a proposed NMU of gif2png to fix CVE-2010-4694
and CVE-2010-4695 in the stable suites.
In stable, the existing patch is extended based on the maintainer's upload
in sid. In oldstable, the entire patch is backported because it hadn't yet
been applied at all. The patch itself is also attached for clarity.
If you're happy with the changes, I will announce the NMU and upload them
to DELAYED/2 to give the maintainer time to react. He has had a PRSC
'please fix' request already and failed to respond, and I'd like to get it
into 6.0.1 if possible.
jona@lupin:/tmp$ diffstat gif2png-prsc-lenny.diff
debian/patches/10_fix_gif2png_c.dpatch | 61 +
gif2png-2.5.1/debian/changelog |8
gif2png-2.5.1/debian/patches/00list|1
3 files changed, 70 insertions(+)
jona@lupin:/tmp$ diffstat gif2png-prsc-squeeze.diff
changelog |8
patches/10_fix_gif2png_c.dpatch | 36
2 files changed, 36 insertions(+), 8 deletions(-)
Thanks,
--
Jonathan Wiltshire j...@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
diff -u gif2png-2.5.1/debian/changelog gif2png-2.5.1/debian/changelog
--- gif2png-2.5.1/debian/changelog
+++ gif2png-2.5.1/debian/changelog
@@ -1,3 +1,11 @@
+gif2png (2.5.1-3.1) oldstable; urgency=low
+
+ * Non-maintainer upload as part of the Point Release Security effort
+ * CVE-2010-4694, CVE-2010-4695: Backport 10_fix_gif2png_c.dpatch from
+the package in unstable (closes: #610479)
+
+ -- Jonathan Wiltshire j...@debian.org Fri, 25 Feb 2011 09:50:27 +
+
gif2png (2.5.1-3) unstable; urgency=low
* Fixed debian/watch file
diff -u gif2png-2.5.1/debian/patches/00list gif2png-2.5.1/debian/patches/00list
--- gif2png-2.5.1/debian/patches/00list
+++ gif2png-2.5.1/debian/patches/00list
@@ -1,2 +1,3 @@
10_write_text_comment
+10_fix_gif2png_c.dpatch
20_manpage_fixes
only in patch2:
unchanged:
--- gif2png-2.5.1.orig/debian/patches/10_fix_gif2png_c.dpatch
+++ gif2png-2.5.1/debian/patches/10_fix_gif2png_c.dpatch
@@ -0,0 +1,61 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 10_fix_gif2png_c.dpatch by Erik Schanze er...@debian.org
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: - clarify if/else construct, because of compiler warning
+## DP: - prevent buffer overflow with strcpy, closes: #550978
+
+@DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gif2png-2.5.4~/gif2png.c gif2png-2.5.4/gif2png.c
+--- gif2png-2.5.4~/gif2png.c 2010-10-20 16:20:07.0 +0200
gif2png-2.5.4/gif2png.c 2011-02-12 01:14:29.530909414 +0100
+@@ -639,6 +639,7 @@
+ int num_pics;
+ struct GIFelement *start;
+ int i, suppress_delete = FALSE;
++int file_ext_max;
+ char *file_ext;
+
+ if (fp == NULL) return 1;
+@@ -673,9 +675,11 @@
+
+ /* create output filename */
+
+-strcpy(outname, fname);
++strncpy( outname, fname, sizeof( outname ) );
++outname[sizeof( outname ) - 1] = 0;
+
+ file_ext = outname+strlen(outname)-4;
++file_ext_max = sizeof(outname) - ( strlen(outname) - 4 );
+ if (strcmp(file_ext, .gif) != 0 strcmp(file_ext, .GIF) != 0
+ strcmp(file_ext, _gif) != 0 strcmp(file_ext, _GIF) != 0) {
+ /* try to derive basename */
+@@ -686,7 +690,8 @@
+ }
+ if (file_extoutname || *file_ext != '.') {
+ /* as a last resort, just add .png to the filename */
+- file_ext = outname+strlen(outname);
++ file_ext = outname + (size_t)(( strlen( outname ) = sizeof( outname ) - 1 - 4 )? strlen( outname )
++ : sizeof( outname ) - 1 - 4);
+ }
+ }
+
+@@ -708,7 +713,7 @@
+ fclose(fp);
+ ++numpngs;
+ start = NULL;
+- sprintf(file_ext, .p%02d, i);
++ snprintf(file_ext, file_ext_max - 1, .p%02d, i);
+ }
+ }
+ }
+@@ -863,7 +868,8 @@
+ }
+ } else {
+ for (i = ac;iargc; i++) {
+- strcpy(name, argv[i]);
++ strncpy(name, argv[i], sizeof name - sizeof .gif);
++ name[sizeof name - sizeof .gif] = '\0';
+ if ((fp = fopen(name, rb)) == NULL) {
+ /* retry with .gif appended */
+ strcat(name, .gif);
diff -u gif2png-2.5.2/debian/changelog gif2png-2.5.2/debian/changelog
--- gif2png-2.5.2/debian/changelog
+++ gif2png-2.5.2/debian/changelog
@@ -1,3 +1,11 @@
+gif2png (2.5.2-2.1) stable; urgency=low
+
+ * Non-maintainer upload as part of the Point Release Security effort
+ * CVE-2010-4694, CVE-2010-4695: Backport further work on
+10_fix_gif2png_c.dpatch from the package in unstable (closes: #610479)
+
+ -- Jonathan Wiltshire j...@debian.org Fri, 25 Feb 2011 09:14:35 +
+
gif2png (2.5.2-2) unstable; urgency=low
* Adapted 10_fix_gif2png_c.dpatch, closes: #550978
diff -u
Bug#615062: nmu: packages broken by #613848
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hello, Here is a binNMU request for packages that are broken by the (mini-)transition tracked with #613848. I've simulated it on amd64, and everything compiles [1] except ocaml-melt which seems broken by an external bug [2, not investigated yet] and liquidsoap, which is BD-uninstallable independently of this transition. # nothing to do for lablgtk2 (= 2.14.2+dfsg-1) # camlimages has the following arch:all packages: libcamlimages-ocaml-doc nmu 4 camlimages_1:3.0.1-5 . ALL . -m 'Rebuild with new lablgtk2' dw camlimages_1:3.0.1-5 . ALL . -m 'liblablgtk2-gl-ocaml (= 2.14.2+dfsg-1)' # advi has the following arch:all packages: advi-examples # ocamlgraph has the following arch:all packages: libocamlgraph-ocaml-doc nmu 1 ocamlgraph_1.5-1 . ALL . -m 'Rebuild with new lablgtk2' dw ocamlgraph_1.5-1 . ALL . -m 'liblablgtk2-gl-ocaml (= 2.14.2+dfsg-1)' # nothing to do for pcre-ocaml (= 6.2.2-1) # ocamlnet has the following arch:all packages: libocamlnet-ocaml-doc nmu 2 ocamlnet_2.2.9-8 . ALL . -m 'Rebuild with new lablgtk2, pcre-ocaml' dw ocamlnet_2.2.9-8 . ALL . -m 'liblablgtk2-gl-ocaml (= 2.14.2+dfsg-1), libpcre-ocaml (= 6.2.2-1)' # nothing to do for ounit (= 1.1.0-3) # nothing to do for bin-prot (= 1.2.24-1) nmu 3 cairo-ocaml_20090223-3 . ALL . -m 'Rebuild with new lablgtk2' dw cairo-ocaml_20090223-3 . ALL . -m 'liblablgtk2-gl-ocaml (= 2.14.2+dfsg-1)' # cameleon has the following arch:all packages: cameleon-doc nmu 2 cameleon_1.9.19-2 . ALL . -m 'Rebuild with new lablgtk2, pcre-ocaml' dw cameleon_1.9.19-2 . ALL . -m 'liblablgtk2-gl-ocaml (= 2.14.2+dfsg-1), libpcre-ocaml (= 6.2.2-1)' # nothing to do for camlp5 (= 6.02.1-1) nmu 4 cduce_0.5.3-2 . ALL . -m 'Rebuild with new ocamlnet, pcre-ocaml' dw cduce_0.5.3-2 . ALL . -m 'libapache2-mod-ocamlnet (= 2.2.9-8+b2), libpcre-ocaml (= 6.2.2-1)' nmu 2 dose2_1.4.2-3 . ALL . -m 'Rebuild with new pcre-ocaml' dw dose2_1.4.2-3 . ALL . -m 'libpcre-ocaml (= 6.2.2-1)' # cmigrep has the following arch:all packages: cmigrep # nothing to do for coq (= 8.2.pl2+dfsg-2) nmu 1 frama-c_20100401+boron+dfsg-5 . ALL . -m 'Rebuild with new lablgtk2, ocamlgraph' dw frama-c_20100401+boron+dfsg-5 . ALL . -m 'liblablgtk2-gl-ocaml (= 2.14.2+dfsg-1), libocamlgraph-ocaml-dev (= 1.5-1+b1)' # freetennis has the following arch:all packages: freetennis-common nmu 2 pxp_1.2.1-2 . ALL . -m 'Rebuild with new ocamlnet' dw pxp_1.2.1-2 . ALL . -m 'libapache2-mod-ocamlnet (= 2.2.9-8+b2)' # galax has the following arch:all packages: galax-doc nmu 1 galax_1.1-7 . ALL . -m 'Rebuild with new ocamlnet, pcre-ocaml, pxp' dw galax_1.1-7 . ALL . -m 'libapache2-mod-ocamlnet (= 2.2.9-8+b2), libpcre-ocaml (= 6.2.2-1), libpxp-ocaml-dev (= 1.2.1-2+b2)' # janest-core has the following arch:all packages: libcore-ocaml-doc nmu 2 json-wheel_1.0.6-2 . ALL . -m 'Rebuild with new ocamlnet' dw json-wheel_1.0.6-2 . ALL . -m 'libapache2-mod-ocamlnet (= 2.2.9-8+b2)' nmu 2 json-static_0.9.8-1 . ALL . -m 'Rebuild with new json-wheel' dw json-static_0.9.8-1 . ALL . -m 'libjson-wheel-ocaml-dev (= 1.0.6-2+b2)' nmu 4 lablgtkmathview_0.7.8-5 . ALL . -m 'Rebuild with new lablgtk2' dw lablgtkmathview_0.7.8-5 . ALL . -m 'liblablgtk2-gl-ocaml (= 2.14.2+dfsg-1)' # nothing to do for ledit (= 2.02.1-1) nmu 2 ocaml-duppy_0.3.1-1 . ALL . -m 'Rebuild with new pcre-ocaml' dw ocaml-duppy_0.3.1-1 . ALL . -m 'libpcre-ocaml (= 6.2.2-1)' nmu 3 ocaml-lastfm_0.2.0-1 . ALL . -m 'Rebuild with new pcre-ocaml, ocamlnet' dw ocaml-lastfm_0.2.0-1 . ALL . -m 'libpcre-ocaml (= 6.2.2-1), libapache2-mod-ocamlnet (= 2.2.9-8+b2)' # liquidsoap has the following arch:all packages: liguidsoap nmu 2 liquidsoap_0.9.2-3 . ALL . -m 'Rebuild with new ocaml-duppy, ocaml-lastfm, pcre-ocaml' # liquidsoap is otherwise BD-Uninstallable dw liquidsoap_0.9.2-3 . ALL . -m 'libduppy-ocaml-dev (= 0.3.1-1+b2), liblastfm-ocaml-dev (= 0.2.0-1+b3), libpcre-ocaml (= 6.2.2-1)' # nothing to do for ocaml-text (= 0.4-2) # lwt has the following arch:all packages: liblwt-ocaml-doc nmu 1 lwt_2.1.1-1 . ALL . -m 'Rebuild with new lablgtk2, ocaml-text' dw lwt_2.1.1-1 . ALL . -m 'liblablgtk2-gl-ocaml (= 2.14.2+dfsg-1), libtext-ocaml (= 0.4-2)' # nothing to do for matita (= 0.5.8-3) nmu 2 mikmatch_1.0.2-1 . ALL . -m 'Rebuild with new pcre-ocaml' dw mikmatch_1.0.2-1 . ALL . -m 'libpcre-ocaml (= 6.2.2-1)' # mlpost has the following arch:all packages: libmlpost-ocaml-doc nmu 1 mlpost_0.8.1-2 . ALL . -m 'Rebuild with new cairo-ocaml' dw mlpost_0.8.1-2 . ALL . -m 'libcairo-ocaml (= 20090223-3+b3)' # ocsigen has the following arch:all packages: libocsigen-ocaml-doc, ocsigen-dev nmu 1 ocsigen_1.3.3-2 . ALL . -m 'Rebuild with new lwt, ocamlnet, pcre-ocaml' dw ocsigen_1.3.3-2 . ALL . -m 'liblwt-glib-ocaml (= 2.1.1-1+b1), libapache2-mod-ocamlnet (= 2.2.9-8+b2), libpcre-ocaml (= 6.2.2-1)' # nothing to do for postgresql-ocaml (= 1.14.0-1) nmu 4 nurpawiki_1.2.3-4 . ALL . -m 'Rebuild with new ocsigen,
Processed: block 613848 with 615062
Processing commands for cont...@bugs.debian.org: block 613848 with 615062 Bug #613848 [release.debian.org] (mini-)transition of OCaml libraries: camlp5, lablgtk2, ... Was not blocked by any bugs. Added blocking bug(s) of 613848: 615062 thanks Stopping processing here. Please contact me if you need assistance. -- 613848: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=613848 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.129863699525939.transcr...@bugs.debian.org
[SRM] upload of debian-reference/2.46 to stable
Hi, Please approve uploading of debian-reference (2.46) to stable. (I am resending this with proper title. Debian web pages have been updated by already commited changes.) Basically, [VUA 76-1] volatile replaced by new updates suite http://lists.debian.org/debian-volatile-announce/2011/msg0.html was too late and too big changes which I could not include for squeeze release. (Bug #614224) I would like to fix this major issue for English, Japanese, French, and Italian with this updates. I also made contents only minor fixes as follows: | debian-reference (2.46) stable; urgency=low | | * Updated Portguese translation by Américo Monteiro. | * Fixed s/--get-selection/--get-selections/ etc. Closes: #612435 | * Reflected introduction of squeeze-updates suite which replaced | Debian Volatile Service. Closes: #614224 | * Fixed URL for Debian Mirror Checker site. Closes: #614253 Please note Portguese translation was not 100 % translation. Any additional translation is better :-) (For other future improvements or updates, I will target them to sid with larger version number.) Osamu PS: Build failure on www-master was fixed by DSA fixing server configuration. So this is a good source. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110225132015.gb20...@debian.org
Re: GMP transition: 4.3.2 to 5.0.1?
On 25.02.2011 08:46, Steve M. Robbins wrote: Matthias asks: did you check, that all gcc versions do build with the new version on all architectures, and that the gcc testsuite doesn't show regressions with the new version? will gcc continue to work, while re-building mpfr and mpclib with the new gmp? What I have done is upload gmp to the experimental autobuilders. The GMP package build runs a comprehensive test suite that is passing on all the architectures available to the experimental autobuilders. This gives me some comfort that the code is reasonably sound. In addition, the fact that GMP 5 has been out for over a year gives me some reason to believe that upstream sources have been adapted to change in API. Clearly one should be mindful of the effect on GCC -- that's why I asked the question on debian-gcc. Do you have any specific concerns? Is there a GCC autobuilder suite that can do all these rebuilds? I will upload there. However, to ask me to manually try all combinations of architecture and GCC version is setting the bar too high, IMHO. I don't have such a setup. You should check that GCC continues to work with the new package, and doesn't show regressions, comparing with the test-summary.gz of an existing run. It's a bit hard to build things without a compiler. Note that we had exactly this scenario with an earlier PPL upload (or was it mpclib)? Matthias -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d67c358.1010...@debian.org
Bug#615062: nmu: packages broken by #613848
On Fri, 2011-02-25 at 13:21 +0100, Stéphane Glondu wrote: Here is a binNMU request for packages that are broken by the (mini-)transition tracked with #613848. I've simulated it on amd64, and everything compiles [1] except ocaml-melt which seems broken by an external bug [2, not investigated yet] and liquidsoap, which is BD-uninstallable independently of this transition. Given your new wb-powers, I guess you'll be handling this yourself now? Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1298647628.535.65.ca...@hathi.jungle.funky-badger.org
Bug#615062: marked as done (nmu: packages broken by #613848)
Your message dated Fri, 25 Feb 2011 16:39:43 +0100 with message-id 4d67cd3f.5040...@debian.org and subject line Re: Bug#615062: nmu: packages broken by #613848 has caused the Debian Bug report #615062, regarding nmu: packages broken by #613848 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 615062: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615062 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hello, Here is a binNMU request for packages that are broken by the (mini-)transition tracked with #613848. I've simulated it on amd64, and everything compiles [1] except ocaml-melt which seems broken by an external bug [2, not investigated yet] and liquidsoap, which is BD-uninstallable independently of this transition. # nothing to do for lablgtk2 (= 2.14.2+dfsg-1) # camlimages has the following arch:all packages: libcamlimages-ocaml-doc nmu 4 camlimages_1:3.0.1-5 . ALL . -m 'Rebuild with new lablgtk2' dw camlimages_1:3.0.1-5 . ALL . -m 'liblablgtk2-gl-ocaml (= 2.14.2+dfsg-1)' # advi has the following arch:all packages: advi-examples # ocamlgraph has the following arch:all packages: libocamlgraph-ocaml-doc nmu 1 ocamlgraph_1.5-1 . ALL . -m 'Rebuild with new lablgtk2' dw ocamlgraph_1.5-1 . ALL . -m 'liblablgtk2-gl-ocaml (= 2.14.2+dfsg-1)' # nothing to do for pcre-ocaml (= 6.2.2-1) # ocamlnet has the following arch:all packages: libocamlnet-ocaml-doc nmu 2 ocamlnet_2.2.9-8 . ALL . -m 'Rebuild with new lablgtk2, pcre-ocaml' dw ocamlnet_2.2.9-8 . ALL . -m 'liblablgtk2-gl-ocaml (= 2.14.2+dfsg-1), libpcre-ocaml (= 6.2.2-1)' # nothing to do for ounit (= 1.1.0-3) # nothing to do for bin-prot (= 1.2.24-1) nmu 3 cairo-ocaml_20090223-3 . ALL . -m 'Rebuild with new lablgtk2' dw cairo-ocaml_20090223-3 . ALL . -m 'liblablgtk2-gl-ocaml (= 2.14.2+dfsg-1)' # cameleon has the following arch:all packages: cameleon-doc nmu 2 cameleon_1.9.19-2 . ALL . -m 'Rebuild with new lablgtk2, pcre-ocaml' dw cameleon_1.9.19-2 . ALL . -m 'liblablgtk2-gl-ocaml (= 2.14.2+dfsg-1), libpcre-ocaml (= 6.2.2-1)' # nothing to do for camlp5 (= 6.02.1-1) nmu 4 cduce_0.5.3-2 . ALL . -m 'Rebuild with new ocamlnet, pcre-ocaml' dw cduce_0.5.3-2 . ALL . -m 'libapache2-mod-ocamlnet (= 2.2.9-8+b2), libpcre-ocaml (= 6.2.2-1)' nmu 2 dose2_1.4.2-3 . ALL . -m 'Rebuild with new pcre-ocaml' dw dose2_1.4.2-3 . ALL . -m 'libpcre-ocaml (= 6.2.2-1)' # cmigrep has the following arch:all packages: cmigrep # nothing to do for coq (= 8.2.pl2+dfsg-2) nmu 1 frama-c_20100401+boron+dfsg-5 . ALL . -m 'Rebuild with new lablgtk2, ocamlgraph' dw frama-c_20100401+boron+dfsg-5 . ALL . -m 'liblablgtk2-gl-ocaml (= 2.14.2+dfsg-1), libocamlgraph-ocaml-dev (= 1.5-1+b1)' # freetennis has the following arch:all packages: freetennis-common nmu 2 pxp_1.2.1-2 . ALL . -m 'Rebuild with new ocamlnet' dw pxp_1.2.1-2 . ALL . -m 'libapache2-mod-ocamlnet (= 2.2.9-8+b2)' # galax has the following arch:all packages: galax-doc nmu 1 galax_1.1-7 . ALL . -m 'Rebuild with new ocamlnet, pcre-ocaml, pxp' dw galax_1.1-7 . ALL . -m 'libapache2-mod-ocamlnet (= 2.2.9-8+b2), libpcre-ocaml (= 6.2.2-1), libpxp-ocaml-dev (= 1.2.1-2+b2)' # janest-core has the following arch:all packages: libcore-ocaml-doc nmu 2 json-wheel_1.0.6-2 . ALL . -m 'Rebuild with new ocamlnet' dw json-wheel_1.0.6-2 . ALL . -m 'libapache2-mod-ocamlnet (= 2.2.9-8+b2)' nmu 2 json-static_0.9.8-1 . ALL . -m 'Rebuild with new json-wheel' dw json-static_0.9.8-1 . ALL . -m 'libjson-wheel-ocaml-dev (= 1.0.6-2+b2)' nmu 4 lablgtkmathview_0.7.8-5 . ALL . -m 'Rebuild with new lablgtk2' dw lablgtkmathview_0.7.8-5 . ALL . -m 'liblablgtk2-gl-ocaml (= 2.14.2+dfsg-1)' # nothing to do for ledit (= 2.02.1-1) nmu 2 ocaml-duppy_0.3.1-1 . ALL . -m 'Rebuild with new pcre-ocaml' dw ocaml-duppy_0.3.1-1 . ALL . -m 'libpcre-ocaml (= 6.2.2-1)' nmu 3 ocaml-lastfm_0.2.0-1 . ALL . -m 'Rebuild with new pcre-ocaml, ocamlnet' dw ocaml-lastfm_0.2.0-1 . ALL . -m 'libpcre-ocaml (= 6.2.2-1), libapache2-mod-ocamlnet (= 2.2.9-8+b2)' # liquidsoap has the following arch:all packages: liguidsoap nmu 2 liquidsoap_0.9.2-3 . ALL . -m 'Rebuild with new ocaml-duppy, ocaml-lastfm, pcre-ocaml' # liquidsoap is otherwise BD-Uninstallable dw liquidsoap_0.9.2-3 . ALL . -m 'libduppy-ocaml-dev (= 0.3.1-1+b2), liblastfm-ocaml-dev (= 0.2.0-1+b3), libpcre-ocaml (= 6.2.2-1)' # nothing to do for ocaml-text (= 0.4-2) # lwt has the following arch:all packages: liblwt-ocaml-doc nmu 1 lwt_2.1.1-1 . ALL . -m 'Rebuild with new lablgtk2, ocaml-text' dw lwt_2.1.1-1 . ALL . -m
Bug#615091: pu: package cmake/2.8.2+dsfg.1-0+squeeze1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: pu An upload of the new orig tarball (dsfg'ed) to fix #614390 in stable. Files which will be removed can be seen at [2]. Plus respective debian/copyright changes. 1. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614390 2. http://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=fabdf7aa -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (110, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.37-1-amd64 (SMP w/4 CPU cores) Locale: LANG=lt_LT.UTF-8, LC_CTYPE=lt_LT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110225172047.1969.3215.report...@mdxdesktop.lan.vainius.eu
Bug#613433: pu: package git/1:1.7.2.5-1
Hi, Julien Cristau wrote: On Mon, Feb 14, 2011 at 14:51:29 -0600, Jonathan Nieder wrote: The git package in stable is currently based against v1.7.2.3. Junio is conservative about not making risky changes to the maint-1.7.2 branch, so I would like to update the Debian packaging to v1.7.2.5. Looks ok to me. Based on http://release.debian.org/proposed-updates/stable.html and https://buildd.debian.org/status/package.php?p=gitsuite=squeeze this doesn't seem to have hit the autobuilders. Is that because of lack of arch-dependent binaries in the upload? Is there anything I can do to help move it along? Jonathan -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110225222114.GB5596@elie
Bug#615129: RM: qt-x11-free/3:3.3.8b-7, kdelibs/4:3.5.10.dfsg.1-5
Package: release.debian.org Severity: wishlist User: release.debian@packages.debian.org Usertags: rm Tags: moreinfo Hi, There seems to be some interest in removing kde3 and qt3 before wheezy is released. This bug is meant to track that process and request removal of those packages from testing when it is finished. Tagged moreinfo because it seems valuable to confirm that the maintainers of those packages are okay with the removal once the blockers are dealt with. :) Thanks for your work, Jonathan -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110225222945.GC5596@elie
Bug#613433: pu: package git/1:1.7.2.5-1
On Fri, 2011-02-25 at 16:21 -0600, Jonathan Nieder wrote: Based on http://release.debian.org/proposed-updates/stable.html and https://buildd.debian.org/status/package.php?p=gitsuite=squeeze this doesn't seem to have hit the autobuilders. Is that because of lack of arch-dependent binaries in the upload? Is there anything I can do to help move it along? It basically needs someone to do a final check through the diff now that it's been uploaded and flag it for acceptance, at which point it will move to proposed-updates and start getting auto-built; I'm aiming to get caught up on that over the weekend. fwiw, the lack of arch-dependent packages has at least confused the installability checker, hence http://release.debian.org/proposed-updates/stable_debcheck/git_1.7.2.5-1_all.debcheck :-) Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1298672935.535.1744.ca...@hathi.jungle.funky-badger.org
Processed: Re: Processed (with 1 errors): Raise severity for KDE3 / Qt3 removal reminder bugs (squeeze has been released)
Processing commands for cont...@bugs.debian.org: # Julien Cristau wrote: # Jonathan Nieder wrote: # # Would anyone mind if I: # # 1. lower the severity of these bugs to important or lower # # Yes please. # # 2. file a bug against release.debian.org for this release goal and # mark it blocked by these bugs # # Not sure if that's needed, but I guess it won't hurt. # # Thanks; here goes. block 615129 by 604260 Bug #615129 [release.debian.org] RM: qt-x11-free/3:3.3.8b-7, kdelibs/4:3.5.10.dfsg.1-5 Was not blocked by any bugs. Added blocking bug(s) of 615129: 604260 retitle 604260 abakus: please port to KDE 4 Bug #604260 [src:abakus] Preparations for the removal of the KDE3 and Qt3 libraries Changed Bug title to 'abakus: please port to KDE 4' from 'Preparations for the removal of the KDE3 and Qt3 libraries' severity 604260 important Bug #604260 [src:abakus] abakus: please port to KDE 4 Severity set to 'important' from 'serious' tags 604260 + upstream Bug #604260 [src:abakus] abakus: please port to KDE 4 Added tag(s) upstream. tags 604260 - sid wheezy Bug #604260 [src:abakus] abakus: please port to KDE 4 Removed tag(s) sid and wheezy. block 615129 by 604263 Bug #615129 [release.debian.org] RM: qt-x11-free/3:3.3.8b-7, kdelibs/4:3.5.10.dfsg.1-5 Was blocked by: 604260 Added blocking bug(s) of 615129: 604263 retitle 604263 celestia-kde: please build against Qt 4 Bug #604263 [src:celestia] Preparations for the removal of the KDE3 and Qt3 libraries Changed Bug title to 'celestia-kde: please build against Qt 4' from 'Preparations for the removal of the KDE3 and Qt3 libraries' severity 604263 important Bug #604263 [src:celestia] celestia-kde: please build against Qt 4 Severity set to 'important' from 'serious' tags 604263 - sid wheezy Bug #604263 [src:celestia] celestia-kde: please build against Qt 4 Removed tag(s) sid and wheezy. block 615129 by 604264 Bug #615129 [release.debian.org] RM: qt-x11-free/3:3.3.8b-7, kdelibs/4:3.5.10.dfsg.1-5 Was blocked by: 604263 604260 Added blocking bug(s) of 615129: 604264 retitle 604264 creox: please build against Qt 4 Bug #604264 [src:creox] Preparations for the removal of the KDE3 and Qt3 libraries Changed Bug title to 'creox: please build against Qt 4' from 'Preparations for the removal of the KDE3 and Qt3 libraries' severity 604264 important Bug #604264 [src:creox] creox: please build against Qt 4 Severity set to 'important' from 'serious' tags 604264 + upstream Bug #604264 [src:creox] creox: please build against Qt 4 Added tag(s) upstream. tags 604264 - sid wheezy Bug #604264 [src:creox] creox: please build against Qt 4 Removed tag(s) sid and wheezy. block 615129 by 604269 Bug #615129 [release.debian.org] RM: qt-x11-free/3:3.3.8b-7, kdelibs/4:3.5.10.dfsg.1-5 Was blocked by: 604263 604264 604260 Added blocking bug(s) of 615129: 604269 retitle 604269 gambas2-gb-qt*: please use Qt 4/KDE 4 Bug #604269 [src:gambas2] Preparations for the removal of the KDE3 and Qt3 libraries Changed Bug title to 'gambas2-gb-qt*: please use Qt 4/KDE 4' from 'Preparations for the removal of the KDE3 and Qt3 libraries' # I can't bring myself to call this important. # It's a lot to ask, for not a lot of gain. severity 604269 wishlist Bug #604269 [src:gambas2] gambas2-gb-qt*: please use Qt 4/KDE 4 Severity set to 'wishlist' from 'serious' tags 604269 + upstream Bug #604269 [src:gambas2] gambas2-gb-qt*: please use Qt 4/KDE 4 Added tag(s) upstream. tags 604269 - sid wheezy Bug #604269 [src:gambas2] gambas2-gb-qt*: please use Qt 4/KDE 4 Removed tag(s) sid and wheezy. block 615129 by 604270 Bug #615129 [release.debian.org] RM: qt-x11-free/3:3.3.8b-7, kdelibs/4:3.5.10.dfsg.1-5 Was blocked by: 604263 604269 604264 604260 Added blocking bug(s) of 615129: 604270 block 615129 by 604271 Bug #615129 [release.debian.org] RM: qt-x11-free/3:3.3.8b-7, kdelibs/4:3.5.10.dfsg.1-5 Was blocked by: 604263 604264 604269 604270 604260 Added blocking bug(s) of 615129: 604271 retitle 604270 ggz-kde-client: please port remaining games to KDE 4, then remove Bug #604270 [src:ggz-kde-client] Preparations for the removal of the KDE3 and Qt3 libraries Changed Bug title to 'ggz-kde-client: please port remaining games to KDE 4, then remove' from 'Preparations for the removal of the KDE3 and Qt3 libraries' retitle 604271 ggz-kde-games: please port remaining games to KDE 4, then remove Bug #604271 [src:ggz-kde-games] Preparations for the removal of the KDE3 and Qt3 libraries Changed Bug title to 'ggz-kde-games: please port remaining games to KDE 4, then remove' from 'Preparations for the removal of the KDE3 and Qt3 libraries' severity 604270 important Bug #604270 [src:ggz-kde-client] ggz-kde-client: please port remaining games to KDE 4, then remove Severity set to 'important' from 'serious' severity 604271 important Bug #604271 [src:ggz-kde-games] ggz-kde-games: please port remaining games to KDE 4, then remove Severity set to 'important' from 'serious'
Bug#615129: RM: qt-x11-free/3:3.3.8b-7, kdelibs/4:3.5.10.dfsg.1-5
Hi Jonathan, On Fri, Feb 25, 2011 at 04:29:45PM -0600, Jonathan Nieder wrote: Package: release.debian.org Severity: wishlist User: release.debian@packages.debian.org Usertags: rm Tags: moreinfo Hi, There seems to be some interest in removing kde3 and qt3 before wheezy is released. This bug is meant to track that process and request removal of those packages from testing when it is finished. Tagged moreinfo because it seems valuable to confirm that the maintainers of those packages are okay with the removal once the blockers are dealt with. :) It is great you want to help with this. We have already working on this, could you please join #debian-qt-kde and coodinate with us? Specially notice than removal of qt3 and kde3libs should be tracked separately. Ana -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110226004142.ga18...@pryan.ekaia.org
Processed: Re: Processed: Re: Processed (with 1 errors): Raise severity for KDE3 / Qt3 removal reminder bugs (squeeze has been released)
Processing commands for cont...@bugs.debian.org: # block 615129 by 604301 # retitle 615129 kpcisim: please port to Qt 4/KDE 4 # severity 615129 important # tags 615129 - sid wheezy # tags 615129 + upstream # # Oops. retitle 615129 RM: kdelibs/4:3.5.10.dfsg.1-5 Bug #615129 [release.debian.org] kpcisim: please port to Qt 4/KDE 4 Changed Bug title to 'RM: kdelibs/4:3.5.10.dfsg.1-5' from 'kpcisim: please port to Qt 4/KDE 4' severity 615129 wishlist Bug #615129 [release.debian.org] RM: kdelibs/4:3.5.10.dfsg.1-5 Severity set to 'wishlist' from 'important' tags 615129 - upstream Bug #615129 [release.debian.org] RM: kdelibs/4:3.5.10.dfsg.1-5 Removed tag(s) upstream. retitle 604301 kpicosim: please port to Qt 4/KDE 4 Bug #604301 [src:kpicosim] Preparations for the removal of the KDE3 and Qt3 libraries Changed Bug title to 'kpicosim: please port to Qt 4/KDE 4' from 'Preparations for the removal of the KDE3 and Qt3 libraries' severity 604301 important Bug #604301 [src:kpicosim] kpicosim: please port to Qt 4/KDE 4 Severity set to 'important' from 'serious' tags 604301 - sid wheezy Bug #604301 [src:kpicosim] kpicosim: please port to Qt 4/KDE 4 Removed tag(s) sid and wheezy. tags 604301 + upstream Bug #604301 [src:kpicosim] kpicosim: please port to Qt 4/KDE 4 Added tag(s) upstream. End of message, stopping processing here. Please contact me if you need assistance. -- 604301: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604301 615129: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615129 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.12986813958719.transcr...@bugs.debian.org
Re: Processed (with 1 errors): Raise severity for KDE3 / Qt3 removal reminder bugs (squeeze has been released)
Hi, Julien Cristau wrote: On Thu, Feb 24, 2011 at 03:11:52 -0600, Jonathan Nieder wrote: 1. lower the severity of these bugs to important or lower Yes please. Based on response from #debian-qt-kde that was a bad idea on my part. Not wanting to spam people further, I'm leaving things as they are (half of the bugs important, half serious). Sorry, Jonathan -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110226014511.GH6339@elie
Bug#615129: marked as done (RM: kdelibs/4:3.5.10.dfsg.1-5)
Your message dated Fri, 25 Feb 2011 19:45:11 -0600 with message-id 20110226014511.GH6339@elie and subject line Re: Processed (with 1 errors): Raise severity for KDE3 / Qt3 removal reminder bugs (squeeze has been released) has caused the Debian Bug report #615129, regarding RM: kdelibs/4:3.5.10.dfsg.1-5 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 615129: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615129 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: wishlist User: release.debian@packages.debian.org Usertags: rm Tags: moreinfo Hi, There seems to be some interest in removing kde3 and qt3 before wheezy is released. This bug is meant to track that process and request removal of those packages from testing when it is finished. Tagged moreinfo because it seems valuable to confirm that the maintainers of those packages are okay with the removal once the blockers are dealt with. :) Thanks for your work, Jonathan ---End Message--- ---BeginMessage--- Hi, Julien Cristau wrote: On Thu, Feb 24, 2011 at 03:11:52 -0600, Jonathan Nieder wrote: 1. lower the severity of these bugs to important or lower Yes please. Based on response from #debian-qt-kde that was a bad idea on my part. Not wanting to spam people further, I'm leaving things as they are (half of the bugs important, half serious). Sorry, Jonathan ---End Message---
Re: GMP transition: 4.3.2 to 5.0.1?
On Fri, Feb 25, 2011 at 03:57:28PM +0100, Matthias Klose wrote: On 25.02.2011 08:46, Steve M. Robbins wrote: Clearly one should be mindful of the effect on GCC -- that's why I asked the question on debian-gcc. Do you have any specific concerns? Have any concerns been raised on the GCC mailing list? I've googled and found only anecdotal positive reports: http://www.listware.net/201003/gcc-gcc/99756-gmp-501-and-gcc-45.html Is there a GCC autobuilder suite that can do all these rebuilds? I will upload there. I don't have such a setup. OK, but someone must have a similar setup. People are occasionally rebuilding the archive to test new GCC versions. Anyone on the debian-gcc list got an idea? -Steve signature.asc Description: Digital signature
Bug#613848: Bug#615140: libsoundtouch-dev: needs to provide libsoundtouch1-dev
Le 26/02/2011 01:38, Julien Cristau a écrit : Package: libsoundtouch-dev Version: 1.5.0-3 Severity: serious Justification: i said so Apparently you decided to start a SONAME transition with no coordination with the release team. This will clash with the ongoing transition to ffmpeg 0.6, and delay things by that much. [...] FYI, it also affects the ongoing transition of OCaml libraries (#613848), because liquidsoap (which must be recompiled) indirectly depends on soundtouch and is therefore currently BD-Uninstallable. Cheers, -- Stéphane -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d68770f.3090...@glondu.net
