Re: CVE against the fwknop package
Le 11/11/2012 17:20, Julien Cristau a écrit : On Wed, Oct 10, 2012 at 21:29:18 +0200, Franck Joncourt wrote: Hi, I have prepared an upload for squeeze to fix the CVEs against the 2.0.0rc2 release. I have enclosed a debdiff. The new package will be named fwknop_2.0.0rc2-2+deb7u1.dsc. It is targetted for the testing-proposed-updates with urgency set to high. Can someone check the update so that I can upload the package? Go ahead. Done. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50a9e0f4.4040...@debian.org
Why did you upload netcf 0.2.2 to SID after the freeze?
Hi Serge and Al, Serge uploaded netcf to SID after the freeze, on the 2012-08-07, which is more than one month after Debian Wheezy was frozen. Why did you do that? Can't you just use Experimental? That's best practice, IMO. I wouldn't recommend to upload a new version to SID after the freeze at all, especially for a shared library, but this would have been acceptable if Al's upload from yesterday (November 18th, according to the PTS) completely broke broke libvirt in SID: zigo@node ~$ sudo apt-get install libvirt0 libvirt-bin libnetcf1 Reading package lists... Done Building dependency tree Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: libnetcf1 : Conflicts: libvirt0 (= 0.10.1-2~) but 0.9.12-5 is to be installed SID, indeed, has version 0.9.12-5 of libvirt. And not even Experimental has a libvirt version that could satisfy this dependency. So we have libvirt0 that depends on libnetcf1, but libnetcf1 conflicting with any libvirt0 that we have in SID / experimental. That doesn't look like a library transition that has been coordinated with the release team! Please fix the situation (eg: revert to version 0.2.0 if you need, the Conflict: with libvirt0 is unacceptable), and *please* coordinate such upload with the release team in the future. Thomas Goirand (zigo) -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50a9f34e.5080...@debian.org
Bug#692911: unblock: ca-certificates/20121105
Hi, Michael Shuler wrote (18 Nov 2012 21:22:54 GMT) : 20121114 has not been uploaded to unstable, yet, so I had some time to rebuild and include an additional note, today: * Update mozilla/certdata.txt to version 1.86 Closes: #683728 - Replace legacy no explicit trust flag of CKT_NSS_TRUST_UNKNOWN for CKT_NSS_MUST_VERIFY_TRUST, instead of a mix of both flags: https://bugzilla.mozilla.org/show_bug.cgi?id=757189 This upstream fix does not change the CA certificates installed in ca-certificates as both flags are ignored. Only those CA certificates with the CKT_NSS_TRUSTED_DELEGATOR flag in certdata.txt are installed. I hope that helps with some clarity for that upstream change. :) Perfectly fine with me, much appreciated! Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/85r4npc47y@boum.org
Bug#682172: unblock: couchdb/1.2.0-2
On Mon, Nov 19, 2012 at 01:18:34 +, Laszlo Boszormenyi (GCS) wrote: Agree. That's an other thing upstream should fix. However I don't think that would happen soon, at least not for Wheezy. I'll ask about it. Until then this sleep may fixes the majority (maybe all) of the problems. Why can't this be fixed in your init script if upstream won't fix it in time? Cheers, Julien signature.asc Description: Digital signature
Re: [Pkg-libvirt-maintainers] Why did you upload netcf 0.2.2 to SID after the freeze?
On 11/19/2012 06:37 PM, Guido Günther wrote: It doesn't conflict with the version in experimental. That's correct, sorry. I miss-read version numbers. Although a breaks would be prefereable over a conflicts. I'd prefer uploading 1.0.0 to sid rather than reverting the netcf change. Well, for me (and probably many others), it would have been better to keep version 0.1.9-2 of netcf in Sid. The current problem is isolated to installing libvirt0, because libnetcf1 reverse dependencies are only libvirt0 (and python-libvirt). However, apt-rdepends -r libvirt0 gives the following list: - condor (= 7.8.2~dfsg.1-1+deb7u1) - eucalyptus-nc (= 3.1.0-9) - gnome-boxes (= 3.4.3+dfsg-1) - libguestfs-tools (= 1:1.18.10-1) - libguestfs0 (= 1:1.18.10-1) - libsys-virt-perl (= 0.9.12-2) - libvirt-glib-1.0-0 (= 0.0.8-1) - libvirt-ocaml (= 0.6.1.2-1) - python-libvirt (= 0.9.12-5) - ruby-libvirt (= 0.4.0-1) - virt-top (= 1.0.7-1+b1) - virt-viewer (= 0.5.4-1) - xenwatch (= 0.5.4-3) That's 13 packages, in which probably, an upload will have to be done in Sid to fix who-knows-why. If you upload a new libvirt0 to Sid, then how do you expect these to be updated in Wheezy thanks to an upload in Sid? In any way, an upload of a newer libvirt version in Sid should be coordinated with the release team, especially during the freeze. And at this point, I'd bet that they would (rightly) refuse. Thomas Goirand (zigo) -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50aa2a97.7000...@goirand.fr
Bug#693700: unblock: blends/0.6.16
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package blends The just uploaded package closes #692946 by droping the two transitional packages cdd-dev and cdd-common. Note to the diff between previous version 0.6.15 and the candidate for testing 0.6.16. 1. Packaging was moved to Git which is reflected in changed Vcs fields and updated docs (see below for other docs changes) 2. Some additional changes - debhelper 9 instead of 7 - Standards-Version 3.9.3 instead of 3.9.1 - I'm aware that I should avoid such additional changes to reduce the amount of changes to the version in testing to a bare minimum. However, it did seem to me quite unreasonable to revert these changes done in Vcs just to follow this requirement because I do not expect any problem in this 3. debian/copyright: bug #692946 was about a missing copyright - I took the freedom to generally update the copyright file to match DEP5 Other upstream changes of this native Debian package 4. when creating metapackages targeting at tesing I learned that the sources.list.* files did not worked out of the box because of a the lack of the debian/ dir on official Debian mirrors. I do not see any reason to revert a change in Vcs and by doing so making the package a pain for possible users who need to find out themselved that they need to adapt their configuration examples in any case. I simply forgot to report a bug severity important to file because I'm currently possibly the only user who actively builds those metapackages for several Blends. 5. Enhanced documentation The documentation for Debian Pure Blends is maintained inside the package source Vcs and published[1] at the Blends homepage. The changes do not only reflect the change of Vcs from SVN to Git but also other things which are constantly updated and will enhance the understanding of using blends-dev and other tools (not necessarily inside the resulting binary packages). So there is a fair amount of changes inside the doc/ directory of the packaging source and in blends-doc binary package. I decided to strip these changes from the attached debdiff to keep the inspection of the diff more simple. As said above I do not see any sense to revert very reasonable changes from Vcs and by doing so making the package inferior than it could be just to follow the minimum changes policy. I confirm that I'm fully aware that I'm violating the minimum changes request of release team for an unblock request but I hope the reasoning is convincing that these changes on one hand are non-invasive regarding the functionality and make perfectly sense on the other hand. Kind regards and thanks for your work on Wheezy release Andreas. [1] http://blends.alioth.debian.org/blends/ unblock blends/0.6.16 -- System Information: Debian Release: 6.0.6 Architecture: i386 (i686) Kernel: Linux 2.6.36-xenU-4814-i386 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru blends-0.6.15/debian/cdd-common.links blends-0.6.16/debian/cdd-common.links --- blends-0.6.15/debian/cdd-common.links 2010-04-10 19:40:47.0 +0200 +++ blends-0.6.16/debian/cdd-common.links 1970-01-01 01:00:00.0 +0100 @@ -1,17 +0,0 @@ -usr/share/blends/unixgroups/blend-actions usr/share/cdd/unixgroups/cdd-actions -usr/share/blends/blend-actions usr/share/cdd/cdd-actions -usr/share/blends/blend-update-menususr/share/cdd/cdd-update-menus -usr/share/blends/blend-utils usr/share/cdd/cdd-utils -usr/share/blends/blend-task-lister usr/share/cdd/cdd-task-lister -usr/share/man/man8/blend-actions.8.gz usr/share/man/man8/cdd-actions.8.gz -usr/share/man/man8/blend-update-menus.8.gz usr/share/man/man8/cdd-update-menus.8.gz -usr/share/man/man8/blend-utils.8.gzusr/share/man/man8/cdd-utils.8.gz -usr/share/man/man8/blend-task-lister.8.gz usr/share/man/man8/cdd-task-lister.8.gz -usr/sbin/blend-userusr/sbin/cdd-user -usr/sbin/blend-roleusr/sbin/cdd-role -usr/sbin/blend-update-menususr/sbin/cdd-update-menus -usr/sbin/blend-update-usermenususr/sbin/cdd-update-usermenus -usr/share/doc/blends-commonusr/share/doc/cdd-common -usr/share/man/man8/blend-role.8.gz usr/share/man/man8/cdd-role.8.gz -usr/share/man/man8/blend-update-usermenus.8.gz usr/share/man/man8/cdd-update-usermenus.8.gz -usr/share/man/man8/blend-user.8.gz usr/share/man/man8/cdd-user.8.gz diff -Nru blends-0.6.15/debian/cdd-dev.links blends-0.6.16/debian/cdd-dev.links --- blends-0.6.15/debian/cdd-dev.links 2010-04-10 19:40:47.0 +0200 +++
Bug#693702: tpu: weechat/0.3.8-2 (pre-approval)
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: tpu
Hi,
I'd like to get your approval about the upload of weechat 0.3.8-2 to
testing-proposed-updates in order to fix 2 security issues:
1) a remote attacker might crash weechat by forging malicious IRC
messages, CVE-2012-5854, #693026
2) a remote attacker could exploit the process handling API used by
scripts to execute arbitrary commands, a CVE ID has been requested
but not yet assigned
The first bug has been fixed in sid with weechat 0.3.9.1, the second
one has been fixed with the upload of weechat 0.3.9.2 a few hours ago
Attached is the diff.
Thanks for your replies.
Regards,
M.
-- System Information:
Debian Release: 6.0.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
diff -Nru weechat-0.3.8/debian/changelog weechat-0.3.8/debian/changelog
--- weechat-0.3.8/debian/changelog 2012-06-03 07:57:24.0 +
+++ weechat-0.3.8/debian/changelog 2012-11-19 13:14:43.0 +
@@ -1,3 +1,13 @@
+weechat (0.3.8-2) testing-proposed-updates; urgency=high
+
+ * Add a patch to fix a crash while decoding IRC colors in strings. A remote
+ attacker could exploit this issue by forging malicious IRC messages:
+ CVE-2012-5854 (Closes: #693026)
+ * Add a patch to not call shell to execute command in hook_process (fix
+security issue when a plugin/script gives untrusted command)
+
+ -- Emmanuel Bouthenot kol...@debian.org Mon, 19 Nov 2012 13:10:18 +
+
weechat (0.3.8-1) unstable; urgency=low
* New upstream release
diff -Nru weechat-0.3.8/debian/patches/fix_crash_with_irc_colors weechat-0.3.8/debian/patches/fix_crash_with_irc_colors
--- weechat-0.3.8/debian/patches/fix_crash_with_irc_colors 1970-01-01 00:00:00.0 +
+++ weechat-0.3.8/debian/patches/fix_crash_with_irc_colors 2012-11-12 12:30:49.0 +
@@ -0,0 +1,139 @@
+From: Sebastien Helleu flashc...@flashtux.org
+Description: fix crash when decoding IRC colors in strings
+Origin: upstream, http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commitdiff;h=80f477f2c37b46bafcde1a35660cf095a95a05c4
+Bug: http://savannah.nongnu.org/bugs/?37704
+Bug-Debian: http://bugs.debian.org/693026
+Forwarded: not-needed
+Last-Update: 2012-11-12
+--- a/src/plugins/irc/irc-color.c
b/src/plugins/irc/irc-color.c
+@@ -62,13 +62,15 @@ char *irc_color_to_weechat[IRC_NUM_COLORS] =
+ char *
+ irc_color_decode (const char *string, int keep_colors)
+ {
+-unsigned char *out, *ptr_string;
+-int out_length, length, out_pos;
+-char str_fg[3], str_bg[3], str_color[128], str_key[128];
++unsigned char *out, *out2, *ptr_string;
++int out_length, length, out_pos, length_to_add;
++char str_fg[3], str_bg[3], str_color[128], str_key[128], str_to_add[128];
+ const char *remapped_color;
+ int fg, bg, bold, reverse, italic, underline, rc;
+
+ out_length = (strlen (string) * 2) + 1;
++if (out_length 128)
++out_length = 128;
+ out = malloc (out_length);
+ if (!out)
+ return NULL;
+@@ -80,20 +82,27 @@ irc_color_decode (const char *string, int keep_colors)
+
+ ptr_string = (unsigned char *)string;
+ out[0] = '\0';
++out_pos = 0;
+ while (ptr_string ptr_string[0])
+ {
++str_to_add[0] = '\0';
+ switch (ptr_string[0])
+ {
+ case IRC_COLOR_BOLD_CHAR:
+ if (keep_colors)
+-strcat ((char *)out,
+-weechat_color((bold) ? -bold : bold));
++{
++snprintf (str_to_add, sizeof (str_to_add), %s,
++ weechat_color ((bold) ? -bold : bold));
++}
+ bold ^= 1;
+ ptr_string++;
+ break;
+ case IRC_COLOR_RESET_CHAR:
+ if (keep_colors)
+-strcat ((char *)out, weechat_color(reset));
++{
++snprintf (str_to_add, sizeof (str_to_add), %s,
++ weechat_color (reset));
++}
+ bold = 0;
+ reverse = 0;
+ italic = 0;
+@@ -106,22 +115,28 @@ irc_color_decode (const char *string, int keep_colors)
+ case IRC_COLOR_REVERSE_CHAR:
+ case IRC_COLOR_REVERSE2_CHAR:
+ if (keep_colors)
+-strcat ((char *)out,
+-weechat_color((reverse) ? -reverse : reverse));
++{
++snprintf (str_to_add, sizeof (str_to_add), %s,
++ weechat_color ((reverse) ? -reverse : reverse));
++}
+ reverse ^= 1;
+ ptr_string++;
+
Re: [Pkg-libvirt-maintainers] Why did you upload netcf 0.2.2 to SID after the freeze?
On 11/19/2012 05:48 AM, Thomas Goirand wrote: On 11/19/2012 06:37 PM, Guido Günther wrote: It doesn't conflict with the version in experimental. That's correct, sorry. I miss-read version numbers. Although a breaks would be prefereable over a conflicts. I'd prefer uploading 1.0.0 to sid rather than reverting the netcf change. Well, for me (and probably many others), it would have been better to keep version 0.1.9-2 of netcf in Sid. The current problem is isolated to installing libvirt0, because libnetcf1 reverse dependencies are only libvirt0 (and python-libvirt). However, apt-rdepends -r libvirt0 gives the following list: - condor (= 7.8.2~dfsg.1-1+deb7u1) - eucalyptus-nc (= 3.1.0-9) - gnome-boxes (= 3.4.3+dfsg-1) - libguestfs-tools (= 1:1.18.10-1) - libguestfs0 (= 1:1.18.10-1) - libsys-virt-perl (= 0.9.12-2) - libvirt-glib-1.0-0 (= 0.0.8-1) - libvirt-ocaml (= 0.6.1.2-1) - python-libvirt (= 0.9.12-5) - ruby-libvirt (= 0.4.0-1) - virt-top (= 1.0.7-1+b1) - virt-viewer (= 0.5.4-1) - xenwatch (= 0.5.4-3) That's 13 packages, in which probably, an upload will have to be done in Sid to fix who-knows-why. If you upload a new libvirt0 to Sid, then how do you expect these to be updated in Wheezy thanks to an upload in Sid? In any way, an upload of a newer libvirt version in Sid should be coordinated with the release team, especially during the freeze. And at this point, I'd bet that they would (rightly) refuse. Thomas Goirand (zigo) My apologies; my only reason for uploading the new version was simply that I had time to do it (which I have not had very often lately). I simply forgot that we were under a freeze. There is no critical reason for fixing it, and we could go back to the earlier version if that's what makes most sense. That being said, the latest version is a qualitative improvement over the older one. Is it enough to justify redoing the 13 other packages? I am not entirely convinced; I think the freeze is more important right now. Again, my apologies; I have to say I just wasn't paying attention :(... -- Ciao, al -- Al Stone Alter Ego: E-mail: a...@ahs3.net Debian Developer -or- http://www.debian.org E-mail: ahst...@comcast.net a...@debian.org -- -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50aa4762.5070...@comcast.net
Re: [Pkg-libvirt-maintainers] Why did you upload netcf 0.2.2 to SID after the freeze?
On Mon, Nov 19, 2012 at 07:51:14AM -0700, Al Stone wrote: On 11/19/2012 05:48 AM, Thomas Goirand wrote: On 11/19/2012 06:37 PM, Guido Günther wrote: It doesn't conflict with the version in experimental. That's correct, sorry. I miss-read version numbers. Although a breaks would be prefereable over a conflicts. I'd prefer uploading 1.0.0 to sid rather than reverting the netcf change. Well, for me (and probably many others), it would have been better to keep version 0.1.9-2 of netcf in Sid. The current problem is isolated to installing libvirt0, because libnetcf1 reverse dependencies are only libvirt0 (and python-libvirt). However, apt-rdepends -r libvirt0 gives the following list: - condor (= 7.8.2~dfsg.1-1+deb7u1) - eucalyptus-nc (= 3.1.0-9) - gnome-boxes (= 3.4.3+dfsg-1) - libguestfs-tools (= 1:1.18.10-1) - libguestfs0 (= 1:1.18.10-1) - libsys-virt-perl (= 0.9.12-2) - libvirt-glib-1.0-0 (= 0.0.8-1) - libvirt-ocaml (= 0.6.1.2-1) - python-libvirt (= 0.9.12-5) - ruby-libvirt (= 0.4.0-1) - virt-top (= 1.0.7-1+b1) - virt-viewer (= 0.5.4-1) - xenwatch (= 0.5.4-3) That's 13 packages, in which probably, an upload will have to be done in Sid to fix who-knows-why. If you upload a new libvirt0 to Sid, then how do you expect these to be updated in Wheezy thanks to an upload in Sid? In any way, an upload of a newer libvirt version in Sid should be coordinated with the release team, especially during the freeze. And at this point, I'd bet that they would (rightly) refuse. Thomas Goirand (zigo) My apologies; my only reason for uploading the new version was simply that I had time to do it (which I have not had very often lately). I simply forgot that we were under a freeze. There is no critical reason for fixing it, and we could go back to the earlier version if that's what makes most sense. That being said, the latest version is a qualitative improvement over the older one. Is it enough to justify redoing the 13 other packages? I am not entirely convinced; I think the freeze is more important right now. Given that netcf as well as libvirt in experimental are big improvements bugfixwise (not even feature eise) and that it's unlikely that we do have to rebuild the 13 packages above (since libvirt is binary compatible and they don't depend on libnl explicitly) and that updates can happen through p-u I wonder if that's the best way forward? However I'll way with the libvirt upload until there' some agreement. Cheers, -- Guido Again, my apologies; I have to say I just wasn't paying attention :(... -- Ciao, al -- Al Stone Alter Ego: E-mail: a...@ahs3.net Debian Developer -or- http://www.debian.org E-mail: ahst...@comcast.net a...@debian.org -- -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20121119154527.ga17...@bogon.sigxcpu.org
Bug#684437: pre-approval for fpc/2.6.0-7 upload (was: unblock: fpc/2.6.0-6)
[CC d-r@d.o] On Wed, 2012-11-14 at 12:09 +0100, Abou Al Montacir wrote: Hi Julien, Since the last post on this bug report a load of updates related to localisation have landed. Specifically the package was not previously setup to support translations and as such was not translated. The package has now been fixed to support translation and translations have been added for Danish, Slovak, Portuguese, Russian, German, Polish, Czech, French, Italian, Japanese, Swedish and Spanish. There was also a review of the english descriptions as part of the process Which resulted in some minor rewordings and clarifications and (unfortunately) a lot of reformatting. I have also taken the opertunity to revert the removal of fpc.*dpkg* as requested in the unblock discussions for 2.6.0-6 I have attached debdiffs against the versions in testing and unstable, please review and ack/nack this upload. NAK. While translation updates might be ok, new i18n isn't (and reformatting isn't either). I'm quite surprised by this refusal. Indeed, by formatting, we mean English errors fixing on debconf templates. This does not effect the debconf scripts or any other strings n the executables. I don't see the point to refuse this kind of modifications as it should be 0 risk? Can you please explain more the reasons for your refusal? Hi Julien and d-r team, Can you please give me more arguments on the refusal of this patch? As I said above, these are debconf template text changes. It should be safe enough and do not risk any regression. I understood also that having templates translated is a release gooal. In addition, the fix the the postrm script was asked by release team itself, so I don't understant why do you close this bug with nack. Can you please give more hints so that I can re-upload a more suitable version? Cheers, signature.asc Description: This is a digitally signed message part
Re: libnet-server-coro-perl_1.3-1_amd64.changes ACCEPTED into unstable
2012/11/17 Julien Cristau jcris...@debian.org On Fri, Nov 16, 2012 at 21:56:23 +0100, gregor herrmann wrote: On Fri, 16 Nov 2012 20:50:48 +0100, Salvatore Bonaccorso wrote: libnet-server-coro-perl had a unblock already granted by Adam to fix a RC bug in wheezy. The package was ready to migrate to wheezy in 5 days. The new upload now has some changes who do not comply with the freeze policy[1]. [1]: http://release.debian.org/wheezy/freeze_policy.html I think there are now some possible options, whereas I personally prefer the first one, the removal from wheezy: I agree, removing it (and libcorona-perl) from wheezy sounds reasonable to me. Remove hints added. Hi people, I was disconnected, sorry for the inconvenience. Cheers Cheers, Julien -- Angel Abad an...@debian.org | angela...@ubuntu.com | angela...@gmail.com http://www.pastelero.net FPR: EBF6 080D 59D4 008A DF47 00D4 098D AE47 EE3B C279
Bug#693475: marked as done (unblock: evince/3.4.0-3.1)
Your message dated Mon, 19 Nov 2012 18:16:01 + with message-id 20121119181600.ge13...@halon.org.uk and subject line Re: Bug#693475: unblock: evince/3.4.0-3.1 has caused the Debian Bug report #693475, regarding unblock: evince/3.4.0-3.1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 693475: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693475 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock evince/3.4.0-3.1 Diff attached. * Non-maintainer Upload * Support the rest of the mime types that evince used to support in evince-gtk.mime and evince.mime. Closes: #658139. This also fixes #619564, #627027, and #551734 which were related to evince.mime and evince-gtk.mime. #581441 was fixed in shared-mime-info/1.0. unblock evince/3.4.0-3.1 Thanks. Don Armstrong -- There is no such thing as social gambling. Either you are there to cut the other bloke's heart out and eat it--or you're a sucker. If you don't like this choice--don't gamble. -- Robert Heinlein _Time Enough For Love_ p250 http://www.donarmstrong.com http://rzlab.ucr.edu diff -Nru evince-3.4.0/debian/changelog evince-3.4.0/debian/changelog --- evince-3.4.0/debian/changelog 2012-08-29 17:28:06.0 -0700 +++ evince-3.4.0/debian/changelog 2012-11-08 10:34:13.0 -0800 @@ -1,3 +1,13 @@ +evince (3.4.0-3.1) unstable; urgency=low + + * Non-maintainer Upload + * Support the rest of the mime types that evince used to support in +evince-gtk.mime and evince.mime. Closes: #658139. This also fixes +#619564, #627027, and #551734 which were related to evince.mime and +evince-gtk.mime. #581441 was fixed in shared-mime-info/1.0. + + -- Don Armstrong d...@debian.org Thu, 08 Nov 2012 10:32:12 -0800 + evince (3.4.0-3) unstable; urgency=low [ Josselin Mouette ] diff -Nru evince-3.4.0/debian/control evince-3.4.0/debian/control --- evince-3.4.0/debian/control 2012-08-29 17:32:50.0 -0700 +++ evince-3.4.0/debian/control 2012-11-08 11:09:28.0 -0800 @@ -7,7 +7,7 @@ Section: gnome Priority: optional Maintainer: Debian GNOME Maintainers pkg-gnome-maintain...@lists.alioth.debian.org -Uploaders: Frederic Peters fpet...@debian.org, Michael Biebl bi...@debian.org +Uploaders: Michael Biebl bi...@debian.org Build-Depends: cdbs (= 0.4.90), debhelper (= 8), dpkg-dev (= 1.16.1), diff -Nru evince-3.4.0/debian/evince-gtk.mime evince-3.4.0/debian/evince-gtk.mime --- evince-3.4.0/debian/evince-gtk.mime 1969-12-31 16:00:00.0 -0800 +++ evince-3.4.0/debian/evince-gtk.mime 2012-11-08 10:30:34.0 -0800 @@ -0,0 +1,21 @@ +application/pdf; evince %s; test=test -n $DISPLAY; nametemplate=%s.pdf; priority=5 +application/x-pdf; evince %s; test=test -n $DISPLAY; nametemplate=%s.pdf; priority=5 +application/x-bzpdf; evince %s; test=test -n $DISPLAY; nametemplate=%s.pdf.bz2; priority=5 +application/x-gzpdf; evince %s; test=test -n $DISPLAY; nametemplate=%s.pdf.gz; priority=5 +application/postscript; evince %s; test=test -n $DISPLAY; nametemplate=%s.ps; priority=5 +application/x-bzpostscript; evince %s; test=test -n $DISPLAY; nametemplate=%s.ps.bz2; priority=5 +application/x-gzpostscript; evince %s; test=test -n $DISPLAY; nametemplate=%s.ps.gz; priority=5 +image/x-eps; evince %s; test=test -n $DISPLAY; nametemplate=%s.eps; priority=5 +image/x-bzeps; evince %s; test=test -n $DISPLAY; nametemplate=%s.eps.bz2; priority=5 +image/x-gzeps; evince %s; test=test -n $DISPLAY; nametemplate=%s.eps.gz; priority=5 +application/x-dvi; evince %s; test=test -n $DISPLAY; nametemplate=%s.dvi; priority=5 +application/x-gzdvi; evince %s; test=test -n $DISPLAY; nametemplate=%s.dvi.gz; priority=5 +application/x-bzdvi; evince %s; test=test -n $DISPLAY; nametemplate=%s.dvi.bz2; priority=5 +image/vnd.djvu; evince %s; test=test -n $DISPLAY; nametemplate=%s.djvu; priority=5 +application/x-cbr; evince %s; test=test -n $DISPLAY; nametemplate=%s.cbr; priority=4 +application/x-cbt; evince %s; test=test -n $DISPLAY; nametemplate=%s.cbt; priority=4 +application/x-cbz; evince %s; test=test -n $DISPLAY; nametemplate=%s.cbz; priority=4 +application/x-cb7; evince %s; test=test -n $DISPLAY; nametemplate=%s.cb7; priority=4 +image/tiff; evince %s; test=test -n $DISPLAY; nametemplate=%s.tiff; priority=3 +application/oxps; evince %s; test=test -n $DISPLAY; nametemplate=%s.xps; priority=3 +application/vnd.ms-xpsdocument; evince %s; test=test -n $DISPLAY; nametemplate=%s.xps;
Bug#693351: RM: kismet/2008-05-R1-4.3
Also note, there is someone looking for a sponsor of an updated kismet package: http://mentors.debian.net/package/kismet http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670176 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662105 -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Re: CVE against the fwknop package
On Mon, Nov 19, 2012 at 08:34:12 +0100, Franck Joncourt wrote: Le 11/11/2012 17:20, Julien Cristau a écrit : On Wed, Oct 10, 2012 at 21:29:18 +0200, Franck Joncourt wrote: Hi, I have prepared an upload for squeeze to fix the CVEs against the 2.0.0rc2 release. I have enclosed a debdiff. The new package will be named fwknop_2.0.0rc2-2+deb7u1.dsc. It is targetted for the testing-proposed-updates with urgency set to high. Can someone check the update so that I can upload the package? Go ahead. Done. Approve hint added. Cheers, Julien signature.asc Description: Digital signature
Bug#687220: marked as done (unblock: xz-utils/5.1.1alpha+20120614-2)
Your message dated Mon, 19 Nov 2012 20:03:56 +0100
with message-id 20121119190356.gw17...@radis.cristau.org
and subject line Re: Bug#687220: unblock: xz-utils/5.1.1alpha+20120614-2
has caused the Debian Bug report #687220,
regarding unblock: xz-utils/5.1.1alpha+20120614-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
687220: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687220
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Tags: wheezy
Hi,
Unfortunately there has not been a stable release on the 5.1.y branch
of XZ Utils. This update is an attempt to make the best of what we
have, by:
- in existing features, matching behavior of the upstream master
branch as closely as possible
- not adding any new features
- documenting the relationship to upstream (patches applied
and patches not applied) in README.Debian
I've been using these changes for a couple of months now. Not
uploaded yet, so I can make small tweaks if you have good ideas for
some. Diffstat with patches applied, excluding debian/patches:
debian/changelog | 15 ++
debian/xz-utils.README.Debian | 49 ++--
src/liblzma/lzma/lzma_decoder.c|8 -
src/liblzma/rangecoder/range_decoder.h | 12 ++--
src/xz/list.c |6 ++--
src/xz/xz.1| 18 +++-
6 files changed, 96 insertions(+), 12 deletions(-)
debdiff attached. Thoughts?
Thanks for your hard work,
Jonathan
diff -Nru xz-utils-5.1.1alpha+20120614/debian/changelog
xz-utils-5.1.1alpha+20120614/debian/changelog
--- xz-utils-5.1.1alpha+20120614/debian/changelog 2012-06-16
13:03:18.0 -0700
+++ xz-utils-5.1.1alpha+20120614/debian/changelog 2012-09-10
14:35:33.0 -0700
@@ -1,3 +1,18 @@
+xz-utils (5.1.1alpha+20120614-2) unstable; urgency=low
+
+ * Apply fixes from 5.1.2alpha. Closes: #685220.
+- liblzma: report a LZMA_DATA_ERROR when range encoded data starts
+ with a nonzero byte. This is a sanity check to catch malformed
+ files that no known encoders produce.
+- xz -v -v --list: Support for decompressing blocks with
+ zero-length uncompressed data was added in xz 5.0.2, not 5.0.3.
+- xz.1: xz --robot -v -v --list gained a minimum xz version to
+ decompress field.
+ * xz-utils/README.Debian: Document differences from upstream.
+Closes: #685217.
+
+ -- Jonathan Nieder jrnie...@gmail.com Mon, 10 Sep 2012 14:35:33 -0700
+
xz-utils (5.1.1alpha+20120614-1) unstable; urgency=low
* New snapshot, taken from upstream commit f1675f76.
diff -Nru xz-utils-5.1.1alpha+20120614/debian/patches/decoder-check-first-0x00
xz-utils-5.1.1alpha+20120614/debian/patches/decoder-check-first-0x00
--- xz-utils-5.1.1alpha+20120614/debian/patches/decoder-check-first-0x00
1969-12-31 16:00:00.0 -0800
+++ xz-utils-5.1.1alpha+20120614/debian/patches/decoder-check-first-0x00
2012-09-10 14:10:45.0 -0700
@@ -0,0 +1,69 @@
+From: Lasse Collin lasse.col...@tukaani.org
+Date: Thu, 28 Jun 2012 10:47:49 +0300
+Subject: liblzma: Check that the first byte of range encoded data is 0x00.
+
+It is just to be more pedantic and thus perhaps catch broken
+files slightly earlier.
+
+Signed-off-by: Jonathan Nieder jrnie...@gmail.com
+---
+ src/liblzma/lzma/lzma_decoder.c|8 ++--
+ src/liblzma/rangecoder/range_decoder.h | 12 +---
+ 2 files changed, 15 insertions(+), 5 deletions(-)
+
+diff --git a/src/liblzma/lzma/lzma_decoder.c b/src/liblzma/lzma/lzma_decoder.c
+index 5abbc0d..b8f9317 100644
+--- a/src/liblzma/lzma/lzma_decoder.c
b/src/liblzma/lzma/lzma_decoder.c
+@@ -289,8 +289,12 @@ lzma_decode(lzma_coder *restrict coder, lzma_dict
*restrict dictptr,
+ // Initialization //
+
+
+- if (!rc_read_init(coder-rc, in, in_pos, in_size))
+- return LZMA_OK;
++ {
++ const lzma_ret ret = rc_read_init(
++ coder-rc, in, in_pos, in_size);
++ if (ret != LZMA_STREAM_END)
++ return ret;
++ }
+
+ ///
+ // Variables //
+diff --git a/src/liblzma/rangecoder/range_decoder.h
b/src/liblzma/rangecoder/range_decoder.h
+index fb96180..e0b051f 100644
+--- a/src/liblzma/rangecoder/range_decoder.h
b/src/liblzma/rangecoder/range_decoder.h
+@@ -25,20 +25,26 @@ typedef struct {
+
+
+ /// Reads the
Bug#692298: unblock: git/1:1.7.10.4-2
On Sun, Nov 18, 2012 at 12:16:05 -0800, Jonathan Nieder wrote: Julien Cristau wrote: On Sun, Nov 4, 2012 at 11:30:04 -0800, Jonathan Nieder wrote: Please unblock git/1:1.7.10.4-2 to get fixes to #678137 -- incompatibility with SVN 1.7 and #587650 -- Byte order is not compatible at ../../lib/Storable.pm errors when accessing git-svn repositories created with perl/squeeze [...] The first of those is big, and svn 1.7 is not in wheezy... In light of [1], I'm happy to skip b8c78e2a git svn: work around SVN 1.7 mishandling of svn:special changes in a tpu upload. Proposed upload attached. What do you think? Dropping git@pdo from cc because I'm sick its C/R thingy. Ack, please go ahead. Cheers, Julien signature.asc Description: Digital signature
Bug#693351: RM: kismet/2008-05-R1-4.3
On Mon, Nov 19, 2012 at 19:36:58 +0100, Arno Töll wrote: Also note, there is someone looking for a sponsor of an updated kismet package: http://mentors.debian.net/package/kismet http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670176 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662105 That isn't really relevant to wheezy (and thus, to this bug), though. Cheers, Julien signature.asc Description: Digital signature
Re: Bug#693475: unblock: evince/3.4.0-3.1
Sorry if it doesn't make sense for me to ask this here, but: On Fri, Nov 16, 2012 at 01:50:59PM -0800, Don Armstrong wrote: -Uploaders: Frederic Peters fpet...@debian.org, Michael Biebl bi...@debian.org +Uploaders: Michael Biebl bi...@debian.org Was that meant to be in there? -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20121119192035.GA25842@debian
Re: Bug#693475: unblock: evince/3.4.0-3.1
On Mon, 2012-11-19 at 19:20 +, Jon Dowland wrote: Sorry if it doesn't make sense for me to ask this here, but: On Fri, Nov 16, 2012 at 01:50:59PM -0800, Don Armstrong wrote: -Uploaders: Frederic Peters fpet...@debian.org, Michael Biebl bi...@debian.org +Uploaders: Michael Biebl bi...@debian.org Was that meant to be in there? It's automatically generated during the package build based on the team members who performed the last N uploads (see /usr/share/gnome-pkg-tools/1/rules/uploaders.mk from gnome-pkg-tools). Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1353353113.6296.4.ca...@jacala.jungle.funky-badger.org
Bug#693584: marked as done (unblock: getfem++/4.1.1+dfsg1-11)
Your message dated Mon, 19 Nov 2012 19:22:15 +
with message-id 1353352935.6296.2.ca...@jacala.jungle.funky-badger.org
and subject line Re: Bug#693584: unblock: getfem++/4.1.1+dfsg1-11
has caused the Debian Bug report #693584,
regarding unblock: getfem++/4.1.1+dfsg1-11
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
693584: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693584
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package getfem++
it fixes the RC-Bug #693567 and a minor one #680549
The diff is attached.
unblock getfem++/4.1.1+dfsg1-11
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff --git a/debian/changelog b/debian/changelog
index 625f626..024967b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+getfem++ (4.1.1+dfsg1-11) unstable; urgency=low
+
+ [ Anton Gladky ]
+ * [2cba162] Add libmumps-dev to Depends of libgmm++-dev. (Closes: #680549)
+ * [f22dd56] Imported Upstream version 4.1.1+dfsg1. (Closes: #693567)
+
+ [ Sylvestre Ledru ]
+ * [0b9acd3] Add a missing header for Scilab build.
+
+ -- Anton Gladky gladky.an...@gmail.com Sat, 17 Nov 2012 22:44:01 +0100
+
getfem++ (4.1.1-10) unstable; urgency=low
* [da2d323] Fix FTBFS with gcc-4.7. Thanks to Philipp Büttgenbach.
diff --git a/debian/control b/debian/control
index 55ef618..7a93d5e 100644
--- a/debian/control
+++ b/debian/control
@@ -57,7 +57,7 @@ Description: Development files for the GETFEM++ generic finite element library
Package: libgmm++-dev
Section: libdevel
Architecture: all
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, libmumps-dev
Description: Generic C++ template library for sparse, dense and skyline matrices
GMM++ is a framework of pre-defined methods for matrix computation. It is built
as a set of generic algorithms for any interfaced vector type or matrix type.
diff --git a/debian/patches/series b/debian/patches/series
index 50598df..ffdc602 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@ addgetfempath.diff
ld-no-add-needed.patch
fix-gcc-4.7-ftbfs.patch
fix-gcc-4.7-ftbfs_part2.patch
+stream_redirect.diff
diff --git a/debian/patches/stream_redirect.diff b/debian/patches/stream_redirect.diff
new file mode 100644
index 000..e753060
--- /dev/null
+++ b/debian/patches/stream_redirect.diff
@@ -0,0 +1,108 @@
+Index: getfem/interface/src/scilab/sci_gateway/c/stream_redirect.h
+===
+--- /dev/null 1970-01-01 00:00:00.0 +
getfem/interface/src/scilab/sci_gateway/c/stream_redirect.h 2012-11-17 16:54:43.115859494 +0100
+@@ -0,0 +1,103 @@
++/* -*- c++ -*- (enables emacs c++ mode) */
++/*
++
++ Copyright (C) 2009-2011 Yann Collette
++
++ This file is a part of GETFEM++
++
++ Getfem++ is free software; you can redistribute it and/or modify
++ it under the terms of the GNU Lesser General Public License as
++ published by the Free Software Foundation; either version 2.1 of the
++ License, or (at your option) any later version.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU Lesser General Public License for more details.
++ You should have received a copy of the GNU Lesser General Public
++ License along with this program; if not, write to the Free Software
++ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,
++ USA.
++
++ As a special exception, you may use this file as part of a free software
++ library without restriction. Specifically, if other files instantiate
++ templates or use macros or inline functions from this file, or you compile
++ this file and link it with other files to produce an executable, this
++ file does not by itself cause the resulting executable to be covered by
++ the GNU General Public License. This exception does not however
++ invalidate any other reasons why the executable file might be covered by
++ the GNU General Public License.
++
++
Re: Bug#577635: nmu
On Sat, Nov 17, 2012 at 22:58:48 -0500, Michael Gilbert wrote: On Sat, Nov 17, 2012 at 7:03 PM, Norbert Preining wrote: May I remind you Michael about the proper NMU procedure??? It seems that your D-D courses have been become a bit forgotten. You're a DD. You have the power to cancel stuff in the deferred queue. That's why it's deferred: to give you a chance to review and cancel. That's absolutely no excuse for going ahead with a NMU over the maintainer's objection. Cheers, Julien signature.asc Description: Digital signature
Bug#693740: unblock (pre-approval): rawtherapee/4.0.9-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package rawtherapee I'd like to check the chance for unblocking before bothering my sponsor. A user made me consider this problem as RC today: RawTherapee corrupts Exif MarkerNotes for some Canon cameras. This was reported on upstreams bugtracker and is fixed upstream for five month now. The patch is only one line and fixes the bug by using the correct size for multi-byte EXIF tags which use TagDirectoryTable. As no problem was reported I think the patch is safe. This data corruption affects at least the following Canon cameras: EOS 450D, EOS 350D, EOS 50D, EOS 60D and EOS 600D. As these cameras are quite popular many users will face this data corruption which makes rawtherapee (almost) useless for them as keeping the EXIF information is one of the key needs for raw converters. See bug #693736 for all details: http://bugs.debian.org/cgi- bin/bugreport.cgi?bug=693736 I attached the debdiff and uploaded the fixed version to mentors.debian.net: http://mentors.debian.net/package/rawtherapee What do you think? -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (800, 'unstable'), (150, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) diff -Nru rawtherapee-4.0.9/debian/changelog rawtherapee-4.0.9/debian/changelog --- rawtherapee-4.0.9/debian/changelog 2012-06-21 18:31:45.0 +0200 +++ rawtherapee-4.0.9/debian/changelog 2012-11-19 21:11:56.0 +0100 @@ -1,3 +1,11 @@ +rawtherapee (4.0.9-4) unstable; urgency=low + + * Fix RC bug that corrupts EXIF data in some cases (closes: #693736): + - add debian/patches/03-fix_exif_corruption.patch: Use the correct + size for multibyte EXIF tags which use TagDirectoryTable + + -- Philip Rinn ri...@gmx.net Mon, 19 Nov 2012 21:11:43 + + rawtherapee (4.0.9-3) unstable; urgency=low * Fix upgrade failure to testing (closes: #677575). diff -Nru rawtherapee-4.0.9/debian/patches/03-fix_exif_corruption.patch rawtherapee-4.0.9/debian/patches/03-fix_exif_corruption.patch --- rawtherapee-4.0.9/debian/patches/03-fix_exif_corruption.patch 1970-01-01 01:00:00.0 +0100 +++ rawtherapee-4.0.9/debian/patches/03-fix_exif_corruption.patch 2012-11-19 19:38:27.0 +0100 @@ -0,0 +1,14 @@ +Author: Upstream +Description: Use correct size on all multibyte EXIF tags which use TagDirectoryTable +--- a/rtexif/rtexif.cc b/rtexif/rtexif.cc +@@ -902,7 +902,7 @@ + size += valuesize + (valuesize%2); // we align tags to even byte positions + +if (makerNoteKind!=NOMK) +-count = directory[0]-calculateSize (); ++count = directory[0]-calculateSize () / getTypeSize(type); + +if (makerNoteKind==NIKON3 || makerNoteKind==OLYMPUS2 || makerNoteKind==FUJI) + size += valuesize; + diff -Nru rawtherapee-4.0.9/debian/patches/series rawtherapee-4.0.9/debian/patches/series --- rawtherapee-4.0.9/debian/patches/series 2012-06-13 20:07:45.0 +0200 +++ rawtherapee-4.0.9/debian/patches/series 2012-11-19 19:37:03.0 +0100 @@ -1,2 +1,3 @@ 01-AboutThisBuild.patch 02-fix_color_artifacts.patch +03-fix_exif_corruption.patch
Bug#684437: pre-approval for fpc/2.6.0-7 upload
Hi, Le 19/11/2012 13:26, Abou Al Montacir a écrit : Can you please give more hints so that I can re-upload a more suitable version? Let me put it another way: the upload you are proposing is actually fixing an important bug (#686038: Policy 3.9.1 violation), by simply making all user-visible messages translatable (and all messages have been reviewed by the -l10n-english team while we were at it). It also includes the updated translations. As such it strictly is following the freeze policy. My guess is the way you presented initially, it sounded like a huge change, over the freeze borderline, explaining the initial NACK from Julien. Anyway, the proper way to hopefully get an answer from the release team would be to present the debdiff (please, --exclude the translations from it), via a new bug report. Hope this helps Regards David signature.asc Description: OpenPGP digital signature
Bug#693743: unblock: qtwebkit/2.2.1-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package qtwebkit The most important thing here is RC bug #673268, which was the need to properly write the copyright file. Note that in this mail I will be *not* aataching the debdiff with this changes, as the copyright file is now 12k+ lines long. I'll send it as a followup to the bug, just in case is too big for the list. Of course, while it is a huge change, it's all text which doesn't change the behaviour of the package sit builds. There are two other changes: - This upload fixes the M-A uninstallability due to a binNMU (Closes: #676162). - This upload will get rebuilt with xz compression, asked for making space in the first CD (Closes: #687036). diffstat, with the copyright changes: changelog | 14 copyright |12760 +- rules |3 3 files changed, 12742 insertions(+), 35 deletions(-) Thanks, Lisandro. unblock qtwebkit/2.2.1-5 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: mips i386 Kernel: Linux 3.2.21+edid (SMP w/2 CPU cores) Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash diff -Nru --exclude '*copyright' qtwebkit-2.2.1/debian/changelog qtwebkit-2.2.1/debian/changelog --- qtwebkit-2.2.1/debian/changelog 2012-05-13 06:29:51.0 -0300 +++ qtwebkit-2.2.1/debian/changelog 2012-11-18 18:01:22.0 -0300 @@ -1,3 +1,17 @@ +qtwebkit (2.2.1-5) unstable; urgency=low + + * Team upload. + * Re upload the package to fix the M-A uninstallability due to a binNMU +(Closes: #676162). + * This upload will get rebuilt with xz compression (Closes: #687036). +Thanks Ansgar Burchardt for the patch. + * Rewrite debian/copyright to DEP-5 (Closes: #673268). +Thanks Elena ``of Valhalla'' Grandi and Tobias Bengfort. +The current copyright is *huge*: 12637 lines. I have reviewed it but +there still could be errors. + + -- Lisandro Damián Nicanor Pérez Meyer lisan...@debian.org Sun, 18 Nov 2012 18:01:12 -0300 + qtwebkit (2.2.1-4) unstable; urgency=high * Confirm new symbol file on all arches except armel and mipsel. However, diff -Nru --exclude '*copyright' qtwebkit-2.2.1/debian/rules qtwebkit-2.2.1/debian/rules --- qtwebkit-2.2.1/debian/rules 2012-05-01 16:16:54.0 -0300 +++ qtwebkit-2.2.1/debian/rules 2012-11-18 15:38:28.0 -0300 @@ -37,3 +37,6 @@ rm -f Source/Makefile dh_auto_clean dh_auto_clean --sourcedirectory=$(QWEBVIEW_DIR) + +override_dh_builddeb: + dh_builddeb -- -Zxz
Bug#693743: marked as done (unblock: qtwebkit/2.2.1-5)
Your message dated Mon, 19 Nov 2012 21:37:53 + with message-id 1353361073.6296.5.ca...@jacala.jungle.funky-badger.org and subject line Re: Bug#693743: unblock: qtwebkit/2.2.1-5 has caused the Debian Bug report #693743, regarding unblock: qtwebkit/2.2.1-5 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 693743: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693743 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package qtwebkit The most important thing here is RC bug #673268, which was the need to properly write the copyright file. Note that in this mail I will be *not* aataching the debdiff with this changes, as the copyright file is now 12k+ lines long. I'll send it as a followup to the bug, just in case is too big for the list. Of course, while it is a huge change, it's all text which doesn't change the behaviour of the package sit builds. There are two other changes: - This upload fixes the M-A uninstallability due to a binNMU (Closes: #676162). - This upload will get rebuilt with xz compression, asked for making space in the first CD (Closes: #687036). diffstat, with the copyright changes: changelog | 14 copyright |12760 +- rules |3 3 files changed, 12742 insertions(+), 35 deletions(-) Thanks, Lisandro. unblock qtwebkit/2.2.1-5 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: mips i386 Kernel: Linux 3.2.21+edid (SMP w/2 CPU cores) Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash diff -Nru --exclude '*copyright' qtwebkit-2.2.1/debian/changelog qtwebkit-2.2.1/debian/changelog --- qtwebkit-2.2.1/debian/changelog 2012-05-13 06:29:51.0 -0300 +++ qtwebkit-2.2.1/debian/changelog 2012-11-18 18:01:22.0 -0300 @@ -1,3 +1,17 @@ +qtwebkit (2.2.1-5) unstable; urgency=low + + * Team upload. + * Re upload the package to fix the M-A uninstallability due to a binNMU +(Closes: #676162). + * This upload will get rebuilt with xz compression (Closes: #687036). +Thanks Ansgar Burchardt for the patch. + * Rewrite debian/copyright to DEP-5 (Closes: #673268). +Thanks Elena ``of Valhalla'' Grandi and Tobias Bengfort. +The current copyright is *huge*: 12637 lines. I have reviewed it but +there still could be errors. + + -- Lisandro Damián Nicanor Pérez Meyer lisan...@debian.org Sun, 18 Nov 2012 18:01:12 -0300 + qtwebkit (2.2.1-4) unstable; urgency=high * Confirm new symbol file on all arches except armel and mipsel. However, diff -Nru --exclude '*copyright' qtwebkit-2.2.1/debian/rules qtwebkit-2.2.1/debian/rules --- qtwebkit-2.2.1/debian/rules 2012-05-01 16:16:54.0 -0300 +++ qtwebkit-2.2.1/debian/rules 2012-11-18 15:38:28.0 -0300 @@ -37,3 +37,6 @@ rm -f Source/Makefile dh_auto_clean dh_auto_clean --sourcedirectory=$(QWEBVIEW_DIR) + +override_dh_builddeb: + dh_builddeb -- -Zxz ---End Message--- ---BeginMessage--- On Mon, 2012-11-19 at 18:28 -0300, Lisandro Damián Nicanor Pérez Meyer wrote: Please unblock package qtwebkit The most important thing here is RC bug #673268, which was the need to properly write the copyright file. Note that in this mail I will be *not* aataching the debdiff with this changes, as the copyright file is now 12k+ lines long. I'll send it as a followup to the bug, just in case is too big for the list. [...] - This upload fixes the M-A uninstallability due to a binNMU (Closes: #676162). - This upload will get rebuilt with xz compression, asked for making space in the first CD (Closes: #687036). Unblocked; thanks. Regards, Adam---End Message---
Bug#691142: pu: package moodle/1.9.9.dfsg2-2.1+squeeze4
Control: tags -1 + squeeze confirmed On Mon, 2012-10-22 at 08:28 +0200, Didier Raboud wrote: moodle (1.9.9.dfsg2-2.1+squeeze4) stable; urgency=low * Minor security updates. * Backporting security fixes from MOODLE_19_STABLE: - CVE-2012-1155 - MSA-12-0013: database activity module entries exporting does not respect separate groups (Closes: #668411). - CVE-2012-2362 - MSA-12-0033: XSS bug in blog/index.php in IE. - CVE-2012-2363 - MSA-12-0034: Stored SQL Injection in calendar. - CVE-2012-2367 - MSA-12-0038: Calendar New Entry still shows and works for roles preventing calendar entry. (Closes: #674163) Please go ahead; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1353366334.6296.6.ca...@jacala.jungle.funky-badger.org
Processed: Re: Bug#691142: pu: package moodle/1.9.9.dfsg2-2.1+squeeze4
Processing control commands: tags -1 + squeeze confirmed Bug #691142 [release.debian.org] pu: package moodle/1.9.9.dfsg2-2.1+squeeze4 Added tag(s) squeeze and confirmed. -- 691142: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691142 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b691142.135336643028131.transcr...@bugs.debian.org
Re: Bug#577635: nmu
On Mon, Nov 19, 2012 at 3:06 PM, Julien Cristau wrote: On Sat, Nov 17, 2012 at 22:58:48 -0500, Michael Gilbert wrote: On Sat, Nov 17, 2012 at 7:03 PM, Norbert Preining wrote: May I remind you Michael about the proper NMU procedure??? It seems that your D-D courses have been become a bit forgotten. You're a DD. You have the power to cancel stuff in the deferred queue. That's why it's deferred: to give you a chance to review and cancel. That's absolutely no excuse for going ahead with a NMU over the maintainer's objection. I didn't see the objection until after the deferred timer ran out. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANTw=MNwKLLK=uQsUeS2Nz6XF3-cUXmZL__Tsx_+VfuK=uk...@mail.gmail.com
Bug#693759: unblock: texlive-bin/2012.20120628-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release managers, I would like to ask for a freeze exception for texlive-bin 2012.20120628-4 (source package name) This release fixes three things: * one documentation fix * one upgrade-from-wheezy fix * one usability fix ad documentation fix #688893 the man page for updmap.cfg still carries outdated information on updmap handling. I updated the man page in upstream TeX Live svn, and included the whole man page as is in the debian package, as future packages (new source releases) will automatically ship the corrected man page. Besides the actual inclusion of the man page in debian/man-pages/updmap.cfg.5 the following diff is included: --- a/debian/texlive-binaries.manpages 2012-08-02 12:16:48.0 +0900 +++ b/debian/texlive-binaries.manpages 2012-11-20 09:30:39.0 +0900 @@ -3,3 +3,4 @@ debian/man-pages/etex.1 debian/man-pages/omfonts.1 debian/man-pages/texconfig-dialog.1 +debian/man-pages/updmap.cfg.5 ad upgrade-from-wheezy fix #689005 -- simply add a breaks to debian/config on the purely virtual packages jtex-bin, multex-bin as otherwise upgrades from stable will not work. (piuparts testing, see bug report) --- texlive-bin-2012.20120628/debian/control2012-08-02 12:16:46.0 +0900 +++ texlive-bin-2012.20120628/debian/control2012-11-20 09:11:52.0 +0900 @@ -13,7 +13,7 @@ Recommends: texlive-base, luatex, python, ruby, wish Replaces: texlive-metapost ( 2010), texlive-base ( 2010), ptex-bin, mendexk, jmpost Conflicts: mendexk, makejvf, jmpost -Breaks: texlive-base ( 2010) +Breaks: texlive-base ( 2010), jtex-bin, multex-bin Provides: texlive-base-bin, makejvf, mendexk, jmpost Description: Binaries for TeX Live This package contains all the binaries of TeX Live packages. ad usability fix (no bug number, reported on the TeX Live mailing list) the package texlive-binaries ships the program dvisvgm which converts dvi files to svg files. Dvi files can contain refrences to PostScript files. Rendering these ps files into svg needs ghostscript. Now dvisvgm normally tries to open libgs.so and if that works, also works with dvi files with ps refrences. But on Debian libgs.so is shipped by libgs-dev, which normally is not installed, and dvisvgm does not find libgs.so.9 as currently shipped. At the current moment one has to use dvisvgm --libgs=/usr/lib/libgs.so.9 to get support for PostScript in dvisvgm. The changes related to this fix adds libgs-dev to the build dependencies, and adds --with-system-libgs to the configure options. The effect of this is that nothing changes but dvisvgm gets linked with libgs. --- texlive-bin-2012.20120628/debian/control2012-08-02 12:16:46.0 +0900 +++ texlive-bin-2012.20120628/debian/control2012-11-20 09:11:52.0 +0900 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Debian TeX Maintainers debian-tex-ma...@lists.debian.org Uploaders: Norbert Preining prein...@debian.org, Frank Küster frank@kueste rei.ch -Build-Depends: debhelper (= 7.0.50~), sharutils, ed, libncurses5-dev | libncurses-dev, libxaw7-dev, libpng-dev, zlib1g-dev | libz-dev, libgd2-xpm-dev | libgd2-noxpm-dev, flex, bison, libpoppler-private-dev (= 0.12.4), libfontconfig1-dev, dh-autoreconf, time, libgraphite-dev (= 1:2.3.1), quilt +Build-Depends: debhelper (= 7.0.50~), sharutils, ed, libncurses5-dev | libncurses-dev, libxaw7-dev, libpng-dev, zlib1g-dev | libz-dev, libgd2-xpm-dev | libgd2-noxpm-dev, flex, bison, libpoppler-private-dev (= 0.12.4), libfontconfig1-dev, dh-autoreconf, time, libgraphite-dev (= 1:2.3.1), quilt, libgs-dev Standards-Version: 3.9.3 Homepage: http://www.tug.org/texlive/ and --- texlive-bin-2012.20120628/debian/rules 2012-08-02 12:16:46.0 +0900 +++ texlive-bin-2012.20120628/debian/rules 2012-11-20 08:11:51.0 +0900 @@ -51,6 +51,7 @@ --with-system-xpdf \ --with-system-poppler \ --with-system-graphite \ + --with-system-libgs \ --with-freetype2-include=/usr/include/freetype2 \ --with-x\ --with-mf-x-toolkit \ For completeness I attach the full debdiff. Thanks a lot and all the best Norbert unblock texlive-bin/2012.20120628-4 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.7.0-rc6+ (SMP w/4 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash diff -Nru texlive-bin-2012.20120628/debian/changelog texlive-bin-2012.20120628/debian/changelog --- texlive-bin-2012.20120628/debian/changelog 2012-09-04
Re: [Pkg-libvirt-maintainers] Why did you upload netcf 0.2.2 to SID after the freeze?
On 11/19/2012 10:51 PM, Al Stone wrote: My apologies; my only reason for uploading the new version was simply that I had time to do it (which I have not had very often lately). I simply forgot that we were under a freeze. There is no critical reason for fixing it, and we could go back to the earlier version if that's what makes most sense. That being said, the latest version is a qualitative improvement over the older one. Is it enough to justify redoing the 13 other packages? I am not entirely convinced; I think the freeze is more important right now. Again, my apologies; I have to say I just wasn't paying attention :(... Hi, I'd love to have the more tested version, but that's (IMO unfortunately) not the the rules we have in Debian during the freeze. I would love to have some of my packages updated as well, but I know it would be refused by the release team because of too many changes. Besides this, it's not up to me to reply to this question, but up to the release team. If you don't have an explicit agreement on upgrading to a newer version of libvirt, then you simply shouldn't do it. So just talk with them... Thomas -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50aae91c.7020...@debian.org
Unblock request for dovecot
[CCs requested as I am not subscribed to the list.] Dear RMs, I know the time is late and this is a long shot but I am requesting that the current version of dovecot 1:2.1.7-5 be unblocked for testing because: 1. Since -2 (the current version in testing) we have fixed 16 bugs including 7 RC ones. 2. The package has been thoroughly tested by many people including several DDs. I am extremely confident that this version will be as stable if not more than the one currently in testing. (One silly typo was recently discovered (#693621) which I'd like to fix with your permission but it doesn't affect the operation of dovecot in any way so its not a big deal if you refuse.) 3. Dovecot has no reverse dependencies except dovecot-antispam which has been tested so even if some big problem were to be discovered, it would not disrupt the rest of the release. 4. Pleasepleasepleasepleaseplease. Now, I'm sure your major concern will be the 8 patches that have been added since -2 considerably bloating the diff. The vast majority of that is due to the pigeonhole sieve/managesieve server which is basically a seperate upstream project which is patched into the dovecot source. Updating pigeonhole was recommended by the upstream author and necessary due to reports of segfaults (and possible attendant security implications.) Concerning the others: fix-checkscript-segfault.patch ...is also related to sieve segfault issues. chgrp-error.patch default-mail_location.patch ...are needed to make dovecot policy compliant. Unfortunately there is a discrepancy between how we do things and how dovecot expects to work. I believe I have got things so that there will be as little aggravation to our users as possible but alas it is still 0. (See #693114 for instance.) hurd-compat.patch ...was provided by upstream at the request of our hurd porters. mutf7-patch utf8-namespace.patch ...also come from upstream and fix an error in how dovecot handles the IMAP protocol. Definitely needed on a production server. ssl-cert-location.patch ...is part of moving dovecots default generated ssl certificates out of /etc/ssl. tcpwrapper.patch ...adds tcpwrapper configuration. (Actual support was just an additional configure option in /debian/rules.) So to sum up, yes there are a lot of changes and I do understand why they might not be considered appropriate at this stage of the freeze. And I do wish I could have got this all done a long time ago but real life intervened as it annoyingly does. Nevertheless I have tried my best to get this package to a place where we can be proud to call it part of a Debian stable release. I hope you will agree. -- Jaldhar H. Vyas jald...@debian.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/alpine.DEB.2.02.1211192136280.10007@kubuntu
Bug#691807: marked as done (unblock: mysql-5.5/5.5.28+dfsg-1)
Your message dated Tue, 20 Nov 2012 05:57:06 + with message-id 1353391026.6296.7.ca...@jacala.jungle.funky-badger.org and subject line Re: Bug#691807: unblock: mysql-5.5/5.5.28+dfsg-1 has caused the Debian Bug report #691807, regarding unblock: mysql-5.5/5.5.28+dfsg-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 691807: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691807 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package mysql-5.5 14 CVE's fixed. As usual for this package we are not able to cherry pick the changes. (include/attach the debdiff against the package in testing) unblock mysql-5.5/5.5.28+dfsg-1 -- System Information: Debian Release: wheezy/sid Architecture: i386 (i686) Kernel: Linux 3.2.0-3-686-pae (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ---End Message--- ---BeginMessage--- On Tue, 2012-10-30 at 01:16 +, Nicholas Bamber wrote: Please unblock package mysql-5.5 14 CVE's fixed. As usual for this package we are not able to cherry pick the changes. Yay. :-( Unblocked. Regards, Adam---End Message---
