Re: Please wheezy-ignore #695716

2013-01-21 Thread Adam D. Barratt 
On Thu, 2013-01-17 at 23:28 +, Robert Lemmen wrote:
> a) repackage the source (a bit messsy), upload to TPU.

I'm not sure why there'd be any repackaging needed? aiui no files have
been removed, the license information contained in them has simply been
updated.

> b) it was suggested that this could be a wheezy-ignore case. I heard
> your arguments against it and agree in principle, but one could also 
> argue that this is a little bit of an academic problem given that a free
> version of the same file is already floating around...

Have upstream stated whether the relicensing applies retrospectively, or
only to 0.6.7 and above?

Regards,

Adam


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/1358840039.7670.15.ca...@jacala.jungle.funky-badger.org

NEW changes in stable-new

2013-01-21 Thread Debian FTP Masters 
Processing changes file: linux-2.6_2.6.32-47_armel.changes
  ACCEPT


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1txu7i-0003qw...@franck.debian.org

Bug#698671: unblock: mercurial/2.2.2-2

2013-01-21 Thread Javi Merino 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package mercurial

mercurial 2.2.2-2 fixed an important bug[0] by adding a patch from
upstream.  It's the only difference with 2.2.2-1, the current version
in wheezy.  The debdiff is attached

[0] http://bugs.debian.org/698634

unblock mercurial/2.2.2-2

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/6 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru mercurial-2.2.2/debian/changelog mercurial-2.2.2/debian/changelog
--- mercurial-2.2.2/debian/changelog	2012-06-03 18:21:58.0 +0100
+++ mercurial-2.2.2/debian/changelog	2013-01-21 23:33:20.0 +
@@ -1,3 +1,10 @@
+mercurial (2.2.2-2) unstable; urgency=low
+
+  * Fix "Please add patch from http://bz.selenic.com/show_bug.cgi?id=3511";
+by adding it (Closes: #698634)
+
+ -- Javi Merino   Mon, 21 Jan 2013 23:33:20 +
+
 mercurial (2.2.2-1) unstable; urgency=low
 
   * New upstream release
diff -Nru mercurial-2.2.2/debian/patches/from_upstream__reinclude_root_directory_in_directory_rename_detection.patch mercurial-2.2.2/debian/patches/from_upstream__reinclude_root_directory_in_directory_rename_detection.patch
--- mercurial-2.2.2/debian/patches/from_upstream__reinclude_root_directory_in_directory_rename_detection.patch	1970-01-01 01:00:00.0 +0100
+++ mercurial-2.2.2/debian/patches/from_upstream__reinclude_root_directory_in_directory_rename_detection.patch	2013-01-21 22:56:37.0 +
@@ -0,0 +1,30 @@
+Origin: http://selenic.com/hg/rev/8b7cd9a998f0
+Description: copies: re-include root directory in directory rename detection (issue3511)
+Bug: http://bugs.debian.org/698634
+Bug-mercurial: http://bz.selenic.com/show_bug.cgi?id=3511
+Applied-Upstream: 2.2.3
+
+--- a/mercurial/context.py
 b/mercurial/context.py
+@@ -1043,7 +1043,7 @@ class workingctx(changectx):
+ wlock.release()
+ 
+ def dirs(self):
+-return self._repo.dirstate.dirs()
++return set(self._repo.dirstate.dirs())
+ 
+ class workingfilectx(filectx):
+ """A workingfilectx object makes access to data related to a particular
+--- a/mercurial/copies.py
 b/mercurial/copies.py
+@@ -308,7 +308,9 @@ def mergecopies(repo, c1, c2, ca):
+ 
+ # generate a directory move map
+ d1, d2 = c1.dirs(), c2.dirs()
+-invalid = set([""])
++d1.add('')
++d2.add('')
++invalid = set()
+ dirmove = {}
+ 
+ # examine each file copy for a potential directory move, which is
diff -Nru mercurial-2.2.2/debian/patches/series mercurial-2.2.2/debian/patches/series
--- mercurial-2.2.2/debian/patches/series	2012-06-03 18:21:58.0 +0100
+++ mercurial-2.2.2/debian/patches/series	2013-01-21 22:55:36.0 +
@@ -7,3 +7,4 @@
 deb_specific__install-mo-fhs.patch
 deb_specific__disable_libdir_replacement.patch
 deb_specific__fix_hg-ssh_interpreter.patch
+from_upstream__reinclude_root_directory_in_directory_rename_detection.patch

Bug#697957: marked as done (unblock: connman/1.0-1.1)

2013-01-21 Thread Debian Bug Tracking System 
Your message dated Mon, 21 Jan 2013 22:48:34 +
with message-id <1358808514.7670.14.ca...@jacala.jungle.funky-badger.org>
and subject line Re: Bug#697957: unblock: connman/1.0-1.1
has caused the Debian Bug report #697957,
regarding unblock: connman/1.0-1.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
697957: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697957
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package connman

connman/1.0-1.1 contains just one patch from upstream which fixes the
vulnerability CVE-2012-6459 [1]. I am attaching the debdiff.

Cheers,

Adrian

unblock connman/1.0-1.1

> [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697580

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru connman-1.0/debian/changelog connman-1.0-CVE-2012-6459/debian/changelog
--- connman-1.0/debian/changelog	2012-05-25 04:27:50.0 +0200
+++ connman-1.0-CVE-2012-6459/debian/changelog	2013-01-09 15:34:04.186261911 +0100
@@ -1,3 +1,11 @@
+connman (1.0-1.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Include patch to fix bluetooth offline visibility
+issue CVE-2012-6459 (Closes: #697580).
+
+ -- John Paul Adrian Glaubitz   Wed, 09 Jan 2013 15:32:22 +0100
+
 connman (1.0-1) unstable; urgency=high
 
   [ Andrew Brouwers ]
diff -Nru connman-1.0/debian/patches/02-CVE-2012-6459.patch connman-1.0-CVE-2012-6459/debian/patches/02-CVE-2012-6459.patch
--- connman-1.0/debian/patches/02-CVE-2012-6459.patch	1970-01-01 01:00:00.0 +0100
+++ connman-1.0-CVE-2012-6459/debian/patches/02-CVE-2012-6459.patch	2013-01-09 15:31:58.677492862 +0100
@@ -0,0 +1,48 @@
+From 01126286f96856aab6b0de171830f4e8e842e1da Mon Sep 17 00:00:00 2001
+From: Gustavo Padovan 
+Date: Thu, 9 Aug 2012 18:57:25 -0300
+Subject: [PATCH] bluetooth: Add device to hash before registration
+
+During the connman_device_register() procedure a lookup to the
+bluetooth_devices hash table happens, however the device is not on the
+hash at this point and the look out fails.
+
+If the registration fails, technology_disable() returns the Failed
+message on D-Bus with the error status zero. That happens because we
+don't have any device registered.
+
+This patch moves the insertion of the device to before the device
+registration.
+---
+ plugins/bluetooth.c |5 +++--
+ 1 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/plugins/bluetooth.c b/plugins/bluetooth.c
+index b06460a..2ab29a6 100644
+--- a/plugins/bluetooth.c
 b/plugins/bluetooth.c
+@@ -660,6 +660,8 @@ static void adapter_properties_reply(DBusPendingCall *call, void *user_data)
+ 	if (device != NULL)
+ 		goto update;
+ 
++	g_hash_table_insert(bluetooth_devices, g_strdup(path), device);
++
+ 	ether_aton_r(address, &addr);
+ 
+ 	snprintf(ident, 13, "%02x%02x%02x%02x%02x%02x",
+@@ -680,11 +682,10 @@ static void adapter_properties_reply(DBusPendingCall *call, void *user_data)
+ 
+ 	if (connman_device_register(device) < 0) {
+ 		connman_device_unref(device);
++		g_hash_table_remove(bluetooth_devices, path);
+ 		goto done;
+ 	}
+ 
+-	g_hash_table_insert(bluetooth_devices, g_strdup(path), device);
+-
+ update:
+ 	connman_device_set_string(device, "Address", address);
+ 	connman_device_set_string(device, "Name", name);
+-- 
+1.7.7.6
+
diff -Nru connman-1.0/debian/patches/series connman-1.0-CVE-2012-6459/debian/patches/series
--- connman-1.0/debian/patches/series	2012-05-25 04:27:50.0 +0200
+++ connman-1.0-CVE-2012-6459/debian/patches/series	2013-01-09 15:32:17.892998525 +0100
@@ -1 +1,2 @@
 01-init-script-lsb-headers.patch
+02-CVE-2012-6459.patch
--- End Message ---
--- Begin Message ---
On Mon, 2013-01-21 at 15:05 +0100, John Paul Adrian Glaubitz wrote:
> On 01/21/2013 10:23 AM, Adam D. Barratt wrote:
> > I've been pondering this and arguing with myself a little. There is the
> > potential for confusion if the version in t-p-u goes backwards, so let's
> > go with the unstable route; thanks.
> 
> Just uploaded 1.0-1.2 into unstable.

1.0-1.1+wheezy1 unblocked; thanks.

Regards,

Adam--- End Message ---

Bug#697867: unblock: alsa-utils/1.0.25-4

2013-01-21 Thread Julien Cristau 
On Mon, Jan 21, 2013 at 21:15:54 +0100, Cyril Brulebois wrote:

> Julien Cristau  (12/01/2013):
> > OK as far as I'm concerned, but needs a d-i ack.
> 
> * Drop debian/udev.{rules,script} entirely and just rely on upstream's
>   simpler udev rule file. Our rules were wrong or pointless.
> 
> If you have more intel on the impacts of that change, you've got all
> my attention. Either way, I guess we want that into rc1 to spot any
> regressions coming from alsa-utils, so ACK.
> 
1.0.25-3 does not install an udev rule.

squeeze has
KERNEL=="controlC[0-7]", ACTION=="add", RUN+="/lib/udev/alsa-utils"

with /lib/udev/alsa-utils being:
#!/bin/sh -e
#
# udev script for alsa-utils

(
. /lib/udev/hotplug.functions
wait_for_file /usr/sbin/alsactl
DEV_BASENAME="${DEVNAME##*/}"
N="${DEV_BASENAME#controlC}"
exec /etc/init.d/alsa-utils start $N
) &

1.0.25-4 does:
ACTION=="add", SUBSYSTEM=="sound", KERNEL=="controlC*", KERNELS=="card*", \
TEST=="/usr/sbin/alsactl", RUN+="/usr/sbin/alsactl restore $attr{number}

Compared to current wheezy, that means hw that shows up after
/etc/init.d/alsa-utils is run gets correctly restored.  Compared to
squeeze it probably doesn't make a difference.

Added the unblock-udeb, thanks.

Cheers,
Julien


signature.asc
Description: Digital signature

Bug#698661: unblock: openmotif/2.3.3-7

2013-01-21 Thread Paul Gevers 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Please unblock package openmotif

Openmotif 2.3.3-7 is an update to 2.3.3-5 to allow two release goals:
- - code hardening
- - multi-arch
and a fix for policy violation 6.8:
- - openmotif leaves files behind after purge.

debdiff is attached.

unblock openmotif/2.3.3-7

- -- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJQ/avbAAoJEJxcmesFvXUKXeIH/0X3UNM2B5thrwhWB96itng9
f6/ZHtzGc6lfaCO2DbsEuWU7fLHipumecc9R/oeEFwAoMsVtz96tbn0eVGzJiIEw
5/gOmSDmXopO/aRgop2ycbWyrMXRMpA7VvHRaUPc1o5/PA7dD9vRYiIqs8AWq+Wu
Nvx/ru9sS/tEgh3XQ0rTij3MFlCr71Zy7rJUKasP7hnMT8M4uoSv1hwytKd/bTMs
O539WEG2YCzz0V7roM9tpZkMUHXR4WqYDUcYSvckU/+lFYzWfTSBzzxjcnxO6b2t
FdF+NVXvn4w4DWHmPN2frA8qkkyieTHAarurMg0V/3JoFP3xBgTlCu8z/vT7Mtk=
=CIpm
-END PGP SIGNATURE-
diff -u openmotif-2.3.3/debian/changelog openmotif-2.3.3/debian/changelog
--- openmotif-2.3.3/debian/changelog
+++ openmotif-2.3.3/debian/changelog
@@ -1,3 +1,31 @@
+openmotif (2.3.3-7) unstable; urgency=low
+
+  * QA upload.
+  * Improve 0005-sprintf-error-message-hardening-format-security.patch to use
+strcpy i.s.o. sprintf and properly format string.
+
+ -- Paul Gevers   Sat, 05 Jan 2013 21:36:38 +0100
+
+openmotif (2.3.3-6) unstable; urgency=low
+
+  * QA upload.
+- Set maintainer to QA group
+  * Allow multiarch (Closes: #673690)
+- Multi-Arch: same for libmotif4
+- Add Pre-Depends: multiarch-support
+- d/*.files use wild-card
+- d/rules export DEB_HOST_MULTIARCH and use it for configure with --libdir
+- Add patch to NOT move /usr/lib/X11 files (thanks Sergio Gelato)
+  * Enable hardening
+- Build-Depend on dpkg-dev (>=1.6.1)
+- d/rules: move declaration of CFLAGS earlier
+- Add patch to prevent "format not a string literal and no format arguments"
+- Add patch to prevent a case of "format '%d' expects argument of type
+  'int', but argument 5 has type 'size_t'"
+  * Remove update-menu created configuration files on purge (Closes: #656169)
+
+ -- Paul Gevers   Tue, 25 Dec 2012 09:04:47 +0100
+
 openmotif (2.3.3-5) unstable; urgency=low
 
   * Fix hopefully the build problems on mips* 
reverted:
--- openmotif-2.3.3/debian/motif-clients.postrm.off
+++ openmotif-2.3.3.orig/debian/motif-clients.postrm.off
@@ -1,3 +0,0 @@
-#!/bin/sh
-test -x /usr/bin/update-menus && /usr/bin/update-menus
-#DEBHELPER#
diff -u openmotif-2.3.3/debian/libmotif-dev.files openmotif-2.3.3/debian/libmotif-dev.files
--- openmotif-2.3.3/debian/libmotif-dev.files
+++ openmotif-2.3.3/debian/libmotif-dev.files
@@ -1,7 +1,7 @@
-/usr/lib/libMrm.a
-/usr/lib/libUil.a
-/usr/lib/libXm.a
-/usr/lib/lib*.so
+/usr/lib/*/libMrm.a
+/usr/lib/*/libUil.a
+/usr/lib/*/libXm.a
+/usr/lib/*/lib*.so
 /usr/include/Xm
 /usr/include/Mrm
 /usr/include/uil
diff -u openmotif-2.3.3/debian/rules openmotif-2.3.3/debian/rules
--- openmotif-2.3.3/debian/rules
+++ openmotif-2.3.3/debian/rules
@@ -10,10 +10,16 @@
 
 include /usr/share/quilt/quilt.make
 
+# Enable hardening options
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk
+CFLAGS += -fno-strict-aliasing -D_FILE_OFFSET_BITS=64
+
 # From /usr/share/doc/autotools-dev/README.Debian.gz
 export DEB_HOST_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
 export DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
 export DEB_HOST_ARCH_CPU  ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_CPU)
+export DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
 
 ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE))
   confflags += $(DEB_HOST_GNU_TYPE)
@@ -22,18 +28,18 @@
 endif
 
 ifeq '$(DEB_HOST_ARCH_CPU)' 'mips'
-CFLAGS_NEW =-mplt
+CFLAGS +=-mplt
 endif
 
 ifeq '$(DEB_HOST_ARCH_CPU)' 'mipsel'
-CFLAGS_NEW =-mplt
+CFLAGS +=-mplt
 endif
 
 build: build-stamp
 
 build-stamp: $(QUILT_STAMPFN)
 	dh_testdir
-	CFLAGS="-g -O2 -fno-strict-aliasing -D_FILE_OFFSET_BITS=64 $(CFLAGS_NEW)" ./configure --prefix=/usr --mandir=/usr/share/man --build=$(DEB_HOST_GNU_TYPE) --host=$(DEB_HOST_GNU_TYPE)
+	./configure --prefix=/usr --mandir=/usr/share/man --build=$(DEB_HOST_GNU_TYPE) --host=$(DEB_HOST_GNU_TYPE) --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH)
 		make;
 		touch build-stamp
 
diff -u openmotif-2.3.3/debian/libmotif4.files openmotif-2.3.3/debian/libmotif4.files
--- openmotif-2.3.3/debian/libmotif4.files
+++ openmotif-2.3.3/debian/libmotif4.files
@@ -1,3 +1,3 @@
-/usr/lib/lib*.so.*
+/usr/lib/*/lib*.so.*
 /usr/lib/X11/bindings
 /usr/include/X11/bitmaps
diff -u openmotif-2.3.3/debian/control openmotif-2.3.3/debian/contr

Bug#698658: bind9 with fix for 698641

2013-01-21 Thread Adam D. Barratt 
On Mon, 2013-01-21 at 13:07 -0700, LaMont Jones wrote:
> I need to upload 1:9.8.4.dfsg.P1-3 with the rest of the fix for 697681.
> In the meantime, a more invasive patch (attached) has been recommended
> by DSA for inclusion in wheezey (see bug 698641).  Because of the size
> of the diff, I would like to have some discussion with the release team
> before I upload it to sid on its way to wheezy.

For the benefit of those not following on IRC and who haven't looked up
the bug mentioned, to quote from it:

"
Debian admin has deployed the patch at [2] to the bind running the
debian.org nameservers - else debian.org's nameservers would not have
any resources left to answer legitimate queries.

We think it important that the bind version Debian ships be actually
useable by the internet community in general, and ourselves in
particular.  Therefore we ask you (and the release folks) to consider
shipping wheezy's bind with the rate limiting patches applied.
"

The raw patch comes to

 73 files changed, 6779 insertions(+), 1523 deletions(-)

which is significantly more than we'd usually consider at this point.
Given Peter's comments above, I'm not sure we can avoid pulling the
changes in at this point, disruptive as it might be.

Opinions from others welcome...

Regards,

Adam


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/1358801095.7670.12.ca...@jacala.jungle.funky-badger.org

Bug#697764: unblock: glib2.0/2.33.12+really2.32.4-4

2013-01-21 Thread Cyril Brulebois 
Julien Cristau  (19/01/2013):
> Also this needs a kibi-ack for the udeb.

As nothing is expected to change/be fixed on the udeb side, I'd like
to see this postponed until rc1 is out.

Mraw,
KiBi.


signature.asc
Description: Digital signature

Bug#697867: unblock: alsa-utils/1.0.25-4

2013-01-21 Thread Cyril Brulebois 
Julien Cristau  (12/01/2013):
> OK as far as I'm concerned, but needs a d-i ack.

* Drop debian/udev.{rules,script} entirely and just rely on upstream's
  simpler udev rule file. Our rules were wrong or pointless.

If you have more intel on the impacts of that change, you've got all
my attention. Either way, I guess we want that into rc1 to spot any
regressions coming from alsa-utils, so ACK.

Mraw,
KiBi.


signature.asc
Description: Digital signature

Bug#697547: unblock: tpu (pre-approval) qcontrol/0.4.2-7+wheezy2

2013-01-21 Thread Cyril Brulebois 
Adam D. Barratt  (06/01/2013):
> Thanks. It looks okay to me, but then so did the previous
> versions. :-( Doing the CC-for-a-d-i-ack too in case there are any
> comments from that side.

AFAICT from the comments, can't be worse than without that patch, so
let's get that in for rc1…

Also, sorry for the lag, really.

Mraw,
KiBi.


signature.asc
Description: Digital signature

NEW changes in stable-new

2013-01-21 Thread Debian FTP Masters 
Processing changes file: linux-2.6_2.6.32-47_mipsel.changes
  ACCEPT


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1txn6e-00076z...@franck.debian.org

Processed: Re: Bug#698621: pu: package swath/0.4.0-4

2013-01-21 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + confirmed squeeze
Bug #698621 [release.debian.org] pu: package swath/0.4.0-4
Added tag(s) squeeze and confirmed.

-- 
698621: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698621
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/handler.s.b698621.135879475315975.transcr...@bugs.debian.org

Bug#698621: pu: package swath/0.4.0-4

2013-01-21 Thread Adam D. Barratt 
Control: tags -1 + confirmed squeeze

On Mon, 2013-01-21 at 16:40 +0700, Theppitak Karoonboonyanan wrote:
> swath has got a trivial security fix, addressing Bug #698189, which the
> security team considers trivial enough to upload to stable-proposed-updates.

Such a lovely way of wording it. ;-)

Please go ahead; thanks.

Regards,

Adam


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/1358794741.7670.0.ca...@jacala.jungle.funky-badger.org

Re: Bug#689578: sysklogd modifies /etc/syslog.conf with helper script

2013-01-21 Thread Russ Allbery 
Michael Biebl  writes:

> If sysklogd/klogd are converted to transitional packages, which simply
> pull in rsyslog, then any configuration changes should be migrated over
> to then new config file, imo.
> sysklogd uses /etc/syslog.conf and rsyslog /etc/rsyslog.conf

I don't recall if there's anything allowed in the sysklogd configuration
that rsyslog doesn't support, but at least for all of our systems
installing an /etc/rsyslog.d fragment that did:

$IncludeConfig /etc/syslog.conf

was all that was required to transition without changing any existing
configurations.

-- 
Russ Allbery (r...@debian.org)   


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87obgijrxr@windlord.stanford.edu

Re: Bug#698538: ca-certificates_20130119, ca-certificates-java_20121112+nmu1 - unblock together

2013-01-21 Thread Michael Shuler 
On 01/21/2013 11:58 AM, Andreas Beckmann wrote:
>> When allowing ca-certificates[-java] to migrate to wheezy, please, allow
>> them together so they are installable:
> 
> If dependencies are set up correctly, britney won't migrate only half of
> the packages if that leads to an uninstallable state.

Thanks! I asked the same on #debian-release and..

> And what about #694888?
> c-c-java will introduce a new RC bug into wheezy that has been open for
> 52 days and was reassigned to c-c-java 30 days ago - after I found the
> time to analyze it in more detail. (It will also solve one, so its +-0
> in total.)
> 
> Just verified that it's still reproducible in a minimal sid pbuilder:
>   apt-get install openjdk-7-source

..yeah, I just noticed this bug report after jcristau suggested looking
at 'grep-excuses ca-certificates-java'.. I also reproduced this bug with
'apt-get install openjdk-7-jre-headless'.  (openjdk-6-jre-headless
installs ok; the sed still fails, but it looks like
openjdk-6-jre-headless doesn't claim the config file, so the install
continues.)

I don't have the extra time at the moment to fix c-c-java. I was looking
at debian/jks-keystore.hook.in to see if I could find the one-liner low
hanging fruit, but on a quick look, there may be a few different ways to
fix this and I'm not sure what is best answer. I can try to come back to
it in a week or so, but if someone else would look, please do!

-- 
Kind regards,
Michael


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/50fd890d@pbandjelly.org

Bug#698647: unblock: ejabberd/2.1.10-3.1

2013-01-21 Thread root 
Package: release.debian.org
Severity: normal
Tags: patch
User: release.debian@packages.debian.org
Usertags: unblock

Please approve package ejabberd for unblocking:

Please consider #660186 release-critical: in many environment,
JPEG photos are used in Jabber, and in companies, these usually
come from the LDAP. This bug effectively prevents such environ-
ments from using ejabberd, or upgrading to the wheezy version.

The patch to fix this is a one-liner, apparently some forgotten
escape, and does its job well.

I’ve prepared a locally patched package with that and would like
to ask the Release Team hereby for a pre-upload approval, and
then either the package maintainers to upload a fixed version to
sid which can migrate, or I will do an NMU. The patch is attached.

Thanks!

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/mksh-static
diff -u ejabberd-2.1.10/debian/changelog ejabberd-2.1.10/debian/changelog
--- ejabberd-2.1.10/debian/changelog
+++ ejabberd-2.1.10/debian/changelog
@@ -1,3 +1,9 @@
+ejabberd (2.1.10-3tarent1) unstable; urgency=high
+
+  * Apply patch from EJAB-1526 (Closes: #660186)
+
+ -- Thorsten Glaser   Mon, 21 Jan 2013 19:03:52 +0100
+
 ejabberd (2.1.10-3) unstable; urgency=low
 
   [ Konstantin Khomoutov ]
diff -u ejabberd-2.1.10/debian/patches/series ejabberd-2.1.10/debian/patches/series
--- ejabberd-2.1.10/debian/patches/series
+++ ejabberd-2.1.10/debian/patches/series
@@ -7,0 +8 @@
+bug660186-EJAB-1526.patch
only in patch2:
unchanged:
--- ejabberd-2.1.10.orig/debian/patches/bug660186-EJAB-1526.patch
+++ ejabberd-2.1.10/debian/patches/bug660186-EJAB-1526.patch
@@ -0,0 +1,9 @@
+--- a/src/eldap/eldap_filter.erl
 b/src/eldap/eldap_filter.erl
+@@ -181,5 +181,6 @@ do_sub(S, {RegExp, New, Times}, Iter) ->
+ replace_amps(String) ->
+ lists:flatmap(
+   fun($&) -> "\\&";
++  ($\\) -> "";
+ 	 (Chr) -> [Chr]
+   end, String).

Processed: Re: Bug#694761: unblock pre-approval: python-scipy missing sources, how to proceed

2013-01-21 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> retitle 694761 unblock python-scipy: missing sources in tarball
Bug #694761 [release.debian.org] unblock pre-approval: python-scipy missing 
sources, how to proceed
Changed Bug title to 'unblock python-scipy: missing sources in tarball' from 
'unblock pre-approval: python-scipy missing sources, how to proceed'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
694761: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694761
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/handler.s.c.135879203227927.transcr...@bugs.debian.org

Bug#694761: unblock pre-approval: python-scipy missing sources, how to proceed

2013-01-21 Thread Julian Taylor 
retitle 694761 unblock python-scipy: missing sources in tarball
thanks

after discussion wit jcristau in irc I prepared an upload regenerating all
sources which was sponsored by Yaroslav Halchenko.
Please unblock it for wheezy, as it does not fix a (known) runtime issue you
can take your time.


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/50fd8554.1000...@googlemail.com

Bug#698252: pre-approve: re-adding phonon-backend-xine as transitional package

2013-01-21 Thread Lisandro Damián Nicanor Pérez Meyer 
On Tue 15 Jan 2013 20:29:02 Andreas Beckmann escribió:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Hi,
> 
> since #669278: "Could not perform immediate configuration on
> 'phonon-backend-vlc'" was not fixable by removing the libqt4-dbus
> circular dependency, I'm suggesting again the re-introduction of
> phonon-backend-xine as a transitional package depending on
> phonon-backend-vlc. I tested some of the packages that are currently
> failing the squeeze2wheezy piuparts test with the above error and all
> upgrades went smooth once phonon-backend-xine was available again.
> 
> If this gets approved, I'll prepare a NMU and look for a sponsor.

Hi Andreas! We the qt-kde team, maintainers of the package, would like to 
avoid this approach.

We suspect it's a subtle bug somewhere else or a bug in apt. Sune was trying 
to get David Kalnischkies to help us in this.

In our opinion, the transitional package should be left as a last resort.

Reintroducing it may confuse users to think they have the xine backend 
installed, and we will receive lots of "it doesn't works" bugs, even if it's 
marked as a transitional package.

Of course, if no other fix can be achieved, then we will have no other choice.

Kinds regards, Lisandro.

-- 
Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/


signature.asc
Description: This is a digitally signed message part.

Bug#698538: ca-certificates_20130119, ca-certificates-java_20121112+nmu1 - unblock together

2013-01-21 Thread Andreas Beckmann 
> When allowing ca-certificates[-java] to migrate to wheezy, please, allow
> them together so they are installable:

If dependencies are set up correctly, britney won't migrate only half of
the packages if that leads to an uninstallable state.

> ca-certificates_20130119 was uploaded to unstable on 01/20 and, barring
> any issues, will be available to migrate on 01/31.
> 
> -java has been in unstable 53 days, so an unblock at this moment would
> cause a few days of install problems that I would like to avoid. Thank you!

And what about #694888?
c-c-java will introduce a new RC bug into wheezy that has been open for
52 days and was reassigned to c-c-java 30 days ago - after I found the
time to analyze it in more detail. (It will also solve one, so its +-0
in total.)

Just verified that it's still reproducible in a minimal sid pbuilder:
apt-get install openjdk-7-source

It's only that single package in sid for now (and probably its
rdepends), but a few packages in experimental also trigger this, e.g.
upgrading openjdk-7-jre-lib from sid to experimental ...

Andreas


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/50fd81d9.90...@abeckmann.de

Bug#698502: unblock: glusterfs/3.2.7-4

2013-01-21 Thread Patrick Matthäi 
Am 19.01.2013 18:14, schrieb Julien Cristau:
> Control: tag -1 moreinfo
> 
> On Sat, Jan 19, 2013 at 14:27:47 +0100, Patrick Matthäi wrote:
> 
>> +diff -Naur glusterfs-3.2.7.orig/libglusterfs/src/statedump.c 
>> glusterfs-3.2.7/libglusterfs/src/statedump.c
>> +--- glusterfs-3.2.7.orig/libglusterfs/src/statedump.c  2012-06-10 
>> 19:44:15.0 +0200
>>  glusterfs-3.2.7/libglusterfs/src/statedump.c   2013-01-19 
>> 13:49:26.415982036 +0100
>> +@@ -408,12 +404,13 @@
>> + void
>> + gf_proc_dump_info (int signum)
>> + {
>> +-int   ret = -1;
>> +-glusterfs_ctx_t   *ctx = NULL;
>> +-
>> ++int   ret = -1;
>> ++glusterfs_ctx_t  *ctx = NULL;
>> ++char brick_name[PATH_MAX] = {0,};
>> ++char  tmp_dump_name[] = "/tmp/dumpXX";
>> ++char   path[PATH_MAX] = {0,};
>> + 
>> + gf_proc_dump_lock ();
>> +-ret = gf_proc_dump_open ();
>> + if (ret < 0)
>> + goto out;
>> + 
> 
> How can that possibly work?
> 
> Cheers,
> Julien

Just very short, do you agree with this updated patch:
http://misc.linux-dev.org/g327.patch

If yes I would prepare an update tomorrow.

-- 
/*
Mit freundlichem Gruß / With kind regards,
 Patrick Matthäi
 GNU/Linux Debian Developer

  Blog: http://www.linux-dev.org/
E-Mail: pmatth...@debian.org
patr...@linux-dev.org
*/



signature.asc
Description: OpenPGP digital signature

NEW changes in stable-new

2013-01-21 Thread Debian FTP Masters 
Processing changes file: claws-mail_3.7.6-4+squeeze1_ia64.changes
  ACCEPT
Processing changes file: linux-2.6_2.6.32-47_ia64.changes
  ACCEPT


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1txkl7-0007ii...@franck.debian.org

Bug#698643: unblock: kde-workspace/4.8.4-6

2013-01-21 Thread Lisandro Damián Nicanor Pérez Meyer 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package kde-workspace

This upload closes to RC bugs:

- #664225: removal of plasma-scriptengine-googlegadgets. We could not find a
  fix for it.
- #697668: add Breaks+Replaces to kde-style-oxygen against kdebase-runtime
  << 4:4.7.2

I have also updated the symbols files.

diffstat:
 changelog |   16 
 control   |   20 +---
 libkwineffects1abi3.symbols   |4 ++--
 libprocesscore4abi1.symbols   |4 +++-
 not-installed |7 +++
 plasma-scriptengine-googlegadgets.install |4 
 6 files changed, 33 insertions(+), 22 deletions(-)

Kinds regards, Lisandro.

unblock kde-workspace/4.8.4-6

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru kde-workspace-4.8.4/debian/changelog kde-workspace-4.8.4/debian/changelog
--- kde-workspace-4.8.4/debian/changelog	2012-12-03 18:26:19.0 -0300
+++ kde-workspace-4.8.4/debian/changelog	2013-01-21 13:12:12.0 -0300
@@ -1,3 +1,19 @@
+kde-workspace (4:4.8.4-6) unstable; urgency=low
+
+  [ José Manuel Santamaría Lema ]
+  * Remove plasma-scriptengine-googlegadgets, it's unmaintaned, buggy, and the
+few widgets which would work have good replacements in plasma.
+(Closes: #664225)
+
+  [ Lisandro Damián Nicanor Pérez Meyer ]
+  * Add Breaks+Replaces to kde-style-oxygen against kdebase-runtime << 4:4.7.2
+(Closes: #697668).
+  * Confirm symbols files:
+- From buildds' logs.
+- Using the current build.
+
+ -- Lisandro Damián Nicanor Pérez Meyer   Mon, 21 Jan 2013 13:12:08 -0300
+
 kde-workspace (4:4.8.4-5) unstable; urgency=low
 
   [ Lisandro Damián Nicanor Pérez Meyer ]
diff -Nru kde-workspace-4.8.4/debian/control kde-workspace-4.8.4/debian/control
--- kde-workspace-4.8.4/debian/control	2012-11-30 20:04:40.0 -0300
+++ kde-workspace-4.8.4/debian/control	2013-01-20 13:14:26.0 -0300
@@ -17,7 +17,6 @@
  zlib1g-dev,
  libdbusmenu-qt-dev (>= 0.6.0),
  libfontconfig-dev,
- libggadget-1.0-dev (>= 0.11.2), libggadget-qt-1.0-dev (>= 0.11.2),
  libglu1-mesa-dev, libqt4-opengl-dev,
  python-dev (>= 2.6.6-3~),
  shared-desktop-ontologies (>= 0.8),
@@ -207,7 +206,7 @@
  plasma-scriptengine-ruby (>= ${source:Version}),
  plasma-scriptengine-python (>= ${source:Version}),
  plasma-scriptengine-webkit (>= ${source:Version}),
- plasma-scriptengine-googlegadgets (>= ${source:Version}), ${misc:Depends}
+ ${misc:Depends}
 Recommends: plasma-scriptengine-superkaramba
 Suggests: plasma-scriptengine-kimono
 Description: metapackage to install all Plasma script engines
@@ -255,17 +254,6 @@
  .
  This package is part of the KDE base workspace module.
 
-Package: plasma-scriptengine-googlegadgets
-Architecture: any
-Depends: ${shlibs:Depends}, google-gadgets-qt, ${misc:Depends}
-Description: Google Gadgets script engine for Plasma
- This package contains the Google Gadgets script engine for Plasma. It enables
- Plasma to serve as a Google Gadgets host and allows one to load and use any
- gadget as if it was a Plasma widget. It also integrates download and
- installation of new gadgets from the official Google Desktop Gadgets website.
- .
- This package is part of the KDE base workspace module.
-
 Package: freespacenotifier
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}
@@ -400,8 +388,10 @@
 Package: kde-style-oxygen
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}
-Breaks: kdebase-workspace-bin (<< 4:4.7.2), kdebase-workspace-data (<< 4:4.7.2)
-Replaces: kdebase-workspace-bin (<< 4:4.7.2), kdebase-workspace-data (<< 4:4.7.2)
+Breaks: kdebase-workspace-bin (<< 4:4.7.2), kdebase-workspace-data (<< 4:4.7.2),
+ kdebase-runtime (<< 4:4.7.2)
+Replaces: kdebase-workspace-bin (<< 4:4.7.2), kdebase-workspace-data (<< 4:4.7.2),
+ kdebase-runtime (<< 4:4.7.2)
 Description: Oxygen widget style
  This package provides the Oxygen widget style. It may be used for KDE and Qt
  applications.
diff -Nru kde-workspace-4.8.4/debian/libkwineffects1abi3.symbols kde-workspace-4.8.4/debian/libkwineffects1abi3.symbols
--- kde-workspace-4.8.4/debian/libkwineffects1abi3.symbols	2012-09-30 16:56:53.0 -0300
+++ kde-workspace-4.8.4/debian/libkwineffects1abi3.symbols	2013-01-21 13:10:16.0 -0300
@@ -1,4 +1,4 @@
-# SymbolsHelper-Confirmed: 4:4.8.4 armel armhf mips mipsel sparc
+# SymbolsHelper-Confirmed: 4:4.8.4 amd64 armel armhf hurd-i386 i386 kfreebsd-amd64 kfreebsd-i386 mips mipsel sparc
 libkwineffects.so.1abi3 libkwineffects1abi3 #MINVER#
  ABI_1_3@ABI_1_3 4:4.8.1
  _ZN4KWin10Extensions10has_

ca-certificates_20130119, ca-certificates-java_20121112+nmu1 - unblock together

2013-01-21 Thread Michael Shuler 
Dear release team,

When allowing ca-certificates[-java] to migrate to wheezy, please, allow
them together so they are installable:

Package: ca-certificates
Version: 20130119
Breaks: ca-certificates-java (<< 20121112+nmu1)
-
Package: ca-certificates-java
Version: 20121112+nmu1
Depends: ca-certificates (>= 20121114)

ca-certificates_20130119 was uploaded to unstable on 01/20 and, barring
any issues, will be available to migrate on 01/31.

-java has been in unstable 53 days, so an unblock at this moment would
cause a few days of install problems that I would like to avoid. Thank you!

-- 
Kind regards,
Michael



signature.asc
Description: OpenPGP digital signature

Bug#697957: unblock: connman/1.0-1.1

2013-01-21 Thread John Paul Adrian Glaubitz 

On 01/21/2013 10:23 AM, Adam D. Barratt wrote:

I've been pondering this and arguing with myself a little. There is the
potential for confusion if the version in t-p-u goes backwards, so let's
go with the unstable route; thanks.


Just uploaded 1.0-1.2 into unstable.

Adrian

--
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/50fd4b20.9090...@physik.fu-berlin.de

Re: Bug#689578: sysklogd modifies /etc/syslog.conf with helper script

2013-01-21 Thread Thorsten Glaser 
Andres Salomon dixit:

>Hm.  Rather than simply remove it, can we actually provide an upgrade
>path to rsyslog?  I'd be happy to NMU a version of ksyslogd that
>does this in unstable (for consideration in wheezy), as long as rsyslog
>is truly a drop-in replacement.

No, I veto that, I’m happily using sysklogd in sid.
Do *not* break that.

>It seems that new squeeze installs default to using rsyslog.  However,

Lenny started with that beast, actually.

bye,
//mirabilos
-- 
„nein: BerliOS und Sourceforge sind Plattformen für Projekte, github ist
eine Plattform für Einzelkämpfer“
-- dieses Zitat ist ein Beweis dafür, daß auch ein blindes Huhn
   mal ein Korn findet, bzw. – in diesem Fall – Recht haben kann


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/pine.bsm.4.64l.1301211352001.10...@herc.mirbsd.org

NEW changes in stable-new

2013-01-21 Thread Debian FTP Masters 
Processing changes file: pam-pgsql_0.7.1-4+squeeze2_mipsel.changes
  ACCEPT


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1txgxk-00025i...@franck.debian.org

NEW changes in stable-new

2013-01-21 Thread Debian FTP Masters 
Processing changes file: linux-2.6_2.6.32-47_mips.changes
  ACCEPT


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1txh0o-da...@franck.debian.org

Bug#698221: unblock: qemu/1.1.2+dfsg-5 qemu-kvm/1.1.2+dfsg-5

2013-01-21 Thread Michael Tokarev 
19.01.2013 15:23, Julien Cristau wrote:
> qemu{,-kvm} unblocked.

Thank you very much Julien!

/mjt


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/50fd25b0.8070...@msgid.tls.msk.ru

NEW changes in stable-new

2013-01-21 Thread Debian FTP Masters 
Processing changes file: linux-2.6_2.6.32-47_i386.changes
  ACCEPT


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1txdju-0005cz...@franck.debian.org

Bug#698621: pu: package swath/0.4.0-4

2013-01-21 Thread Theppitak Karoonboonyanan 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

swath has got a trivial security fix, addressing Bug #698189, which the
security team considers trivial enough to upload to stable-proposed-updates.
(See the quoted conversation below.)

The prepared upload can be found here:

  http://linux.thai.net/~thep/debs/swath-squeeze/swath_0.4.0-4+squeeze1.dsc

The debdiff is also attached for your review.


On Mon, Jan 21, 2013 at 4:14 PM, Yves-Alexis Perez  wrote:
> On lun., 2013-01-21 at 15:56 +0700, Theppitak Karoonboonyanan wrote:
>> Dear security team,
>>
>> I have been reported a potential buffer overflow vulnerability in
>> swath,
>> which allows shell injection via long command-line argument:
>>
>>   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698189
>>
>> The exploit is not known yet, but the report is already public
>> (in the bug log).
>>
>> Both stable (0.4.0-4) and testing/unstable (0.4.3-2) versions are
>> affected.
>>
>> For testing/unstable, the fix has been uploaded (0.4.3-3).
>> For stable, I have prepared the deb for your review here:
>>
>>   http://linux.thai.net/~thep/debs/swath-squeeze/swath_0.4.0-4
>> +squeeze1.dsc
>>
>> The debdiff is also attached.
>
> Thanks for the report. It doesn't look bad enough to warrant a DSA imho.
> Can you please ask release team for a stable upload? I'll contact
> oss-sec to have a CVE assigned.
>
> Regards,
> --
> Yves-Alexis


-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=th_TH.utf8, LC_CTYPE=th_TH.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru swath-0.4.0/debian/changelog swath-0.4.0/debian/changelog
--- swath-0.4.0/debian/changelog2010-01-14 15:24:18.0 +0700
+++ swath-0.4.0/debian/changelog2013-01-21 16:26:19.0 +0700
@@ -1,3 +1,11 @@
+swath (0.4.0-4+squeeze1) stable; urgency=high
+
+  * debian/patches/01_buffer-overflow.patch: backport patch from upstream
+to fix potential buffer overflow in Mule mode.
+Thanks Dominik Maier for the report. (Closes: #698189)
+
+ -- Theppitak Karoonboonyanan   Mon, 21 Jan 2013 15:03:30 
+0700
+
 swath (0.4.0-4) unstable; urgency=low
 
   * debian/rules: Fix failure to build twice in a row:
diff -Nru swath-0.4.0/debian/patches/01_buffer-overflow.patch 
swath-0.4.0/debian/patches/01_buffer-overflow.patch
--- swath-0.4.0/debian/patches/01_buffer-overflow.patch 1970-01-01 
07:00:00.0 +0700
+++ swath-0.4.0/debian/patches/01_buffer-overflow.patch 2013-01-21 
16:26:19.0 +0700
@@ -0,0 +1,22 @@
+Author: Theppitak Karoonboonyanan 
+Description: Fix potential buffer overflow
+Origin: backport, 
http://linux.thai.net/websvn/wsvn/software.swath/trunk?op=revision&rev=238&peg=238
+Bug-Debian: http://bugs.debian.org/698189
+
+Index: swath/src/wordseg.cpp
+===
+--- swath.orig/src/wordseg.cpp 2013-01-21 13:19:24.261886743 +0700
 swath/src/wordseg.cpp  2013-01-21 13:20:31.693890376 +0700
+@@ -253,11 +253,7 @@
+ }
+ delete FltX;
+   }else{
+-char stopstr[20];
+-if (muleMode)
+-  strcpy(stopstr,wbr);
+-else
+-  stopstr[0]='\0';
++const char *stopstr = muleMode ? wbr : "";
+ for (;;) { // read until end of file.
+   if (mode == 0) printf("Input : ");
+   for (i = 0; ((c = fgetc(tmpin)) != '\n')
diff -Nru swath-0.4.0/debian/patches/series swath-0.4.0/debian/patches/series
--- swath-0.4.0/debian/patches/series   1970-01-01 07:00:00.0 +0700
+++ swath-0.4.0/debian/patches/series   2013-01-21 16:26:19.0 +0700
@@ -0,0 +1 @@
+01_buffer-overflow.patch

Re: Bug#689578: sysklogd modifies /etc/syslog.conf with helper script

2013-01-21 Thread Andres Salomon 
On Mon, 21 Jan 2013 07:59:58 +0100
Michael Biebl  wrote:

> Am 21.01.2013 02:32, schrieb Andres Salomon:
> >>> A better approach imho would be to simply remove sysklogd from the
> >>> archive. It's dead upstream, apparently no longer properly
> >>> maintained in Debian, and there are enough more then suitable
> >>> alternatives. With rsyslog we even have a drop-in replacement.
> >>>
> >> I've added a hint to remove it from wheezy.
> > 
> > Hm.  Rather than simply remove it, can we actually provide an
> > upgrade path to rsyslog?  I'd be happy to NMU a version of ksyslogd
> > that does this in unstable (for consideration in wheezy), as long
> > as rsyslog is truly a drop-in replacement.
> 
> It was an explicit decision back then, to not remove sysklogd
> automatically on upgrades.
> If sysklogd/klogd are converted to transitional packages, which simply
> pull in rsyslog, then any configuration changes should be migrated
> over to then new config file, imo.
> sysklogd uses /etc/syslog.conf and rsyslog /etc/rsyslog.conf

*Nod*.

> 
> > It seems that new squeeze installs default to using rsyslog.
> > However, I still have several older systems that've been upgraded
> > from earlier Debian releases that are still using ksyslogd/klogd.
> > There's been no indication that ksyslogd had been deprecated in
> > favor of something else.
> 
> Something like
> http://www.debian.org/releases/lenny/i386/release-notes/ch-whats-new#system-changes

"We're switching to a new default syslogd" != "remove sysklogd (the
old default syslogd), as it is deprecated and unmaintained".  Debian's
default MTA is exim; that doesn't mean postfix and sendmail are
unmaintained.


> 
> That said, a removal of the package is a clear indication that the
> package is no longer maintained and should be replaced, isn't it?

Yes, as long as one notices that the package is removed.  Like I said,
I wouldn't have noticed if not for a bug in the package.  The package
is still in sid.  If it's slated to be dropped from the archive, I
think it's worth either automating an upgrade to the replacement, or
informing users.




signature.asc
Description: PGP signature

Bug#697957: unblock: connman/1.0-1.1

2013-01-21 Thread Adam D. Barratt 

On 21.01.2013 00:42, John Paul Adrian Glaubitz wrote:

On 01/20/2013 11:06 PM, Adam D. Barratt wrote:
That would work, yeah; it's not the cleanest solution ever, but the 
tpu

appears to have built on the majority of architectures already. The
alternative is we drop the earlier tpu packages followed by a
re-versioned upload.


Sure, if you can simply remove the package from t-p-u, I'll rebuild
the package for Wheezy with 1.0-1.1~wheezy1 in the version, if you
agree.


I've been pondering this and arguing with myself a little. There is the 
potential for confusion if the version in t-p-u goes backwards, so let's 
go with the unstable route; thanks.


Regards,

Adam


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/dda1d7b96074dac212c748968fff7...@mail.adsl.funky-badger.org

Bug#698619: marked as done (unblock: swath/0.4.3-3)

2013-01-21 Thread Debian Bug Tracking System 
Your message dated Mon, 21 Jan 2013 09:18:51 +
with message-id 
and subject line Re: Bug#698619: unblock: swath/0.4.3-3
has caused the Debian Bug report #698619,
regarding unblock: swath/0.4.3-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
698619: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698619
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package swath

It fixes potential security hole.
(Security team has been contacted for stable version fix.)

The debdiff has been attached for your review.

unblock swath/0.4.3-3

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=th_TH.utf8, LC_CTYPE=th_TH.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru swath-0.4.3/debian/changelog swath-0.4.3/debian/changelog
--- swath-0.4.3/debian/changelog2012-08-10 17:54:12.0 +0700
+++ swath-0.4.3/debian/changelog2013-01-16 22:42:14.0 +0700
@@ -1,3 +1,12 @@
+swath (0.4.3-3) unstable; urgency=medium
+
+  * Urgency medium for security fix.
+  * debian/patches/01_buffer-overflow.patch: backport patch from upstream
+to fix potential buffer overflow in Mule mode.
+Thanks Dominik Maier for the report. (Closes: #698189)
+
+ -- Theppitak Karoonboonyanan   Wed, 16 Jan 2013 22:34:04 
+0700
+
 swath (0.4.3-2) unstable; urgency=low
 
   * Build with xz compression.
diff -Nru swath-0.4.3/debian/patches/01_buffer-overflow.patch 
swath-0.4.3/debian/patches/01_buffer-overflow.patch
--- swath-0.4.3/debian/patches/01_buffer-overflow.patch 1970-01-01 
07:00:00.0 +0700
+++ swath-0.4.3/debian/patches/01_buffer-overflow.patch 2013-01-16 
22:42:14.0 +0700
@@ -0,0 +1,22 @@
+Author: Theppitak Karoonboonyanan 
+Description: Fix potential buffer overflow
+Origin: backport, 
http://linux.thai.net/websvn/wsvn/software.swath/trunk?op=revision&rev=238&peg=238
+Bug-Debian: http://bugs.debian.org/698189
+
+Index: swath/src/wordseg.cpp
+===
+--- swath.orig/src/wordseg.cpp 2012-02-08 15:45:57.893937559 +0700
 swath/src/wordseg.cpp  2013-01-16 22:08:29.341085326 +0700
+@@ -282,11 +282,7 @@
+ }
+   else
+ {
+-  char stopstr[20];
+-  if (muleMode)
+-strcpy (stopstr, wbr);
+-  else
+-stopstr[0] = '\0';
++  const char *stopstr = muleMode ? wbr : "";
+   for (;;)
+ {   // read until end of file.
+   if (mode == 0)
diff -Nru swath-0.4.3/debian/patches/series swath-0.4.3/debian/patches/series
--- swath-0.4.3/debian/patches/series   1970-01-01 07:00:00.0 +0700
+++ swath-0.4.3/debian/patches/series   2013-01-16 22:42:14.0 +0700
@@ -0,0 +1 @@
+01_buffer-overflow.patch
--- End Message ---
--- Begin Message ---

On 21.01.2013 09:07, Theppitak Karoonboonyanan wrote:

Please unblock package swath

It fixes potential security hole.


Unblocked; thanks.

Regards,

Adam--- End Message ---

NEW changes in stable-new

2013-01-21 Thread Debian FTP Masters 
Processing changes file: pam-pgsql_0.7.1-4+squeeze2_powerpc.changes
  ACCEPT
Processing changes file: linux-2.6_2.6.32-47_powerpc.changes
  ACCEPT


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1txdgy-0003uk...@franck.debian.org

Bug#698619: unblock: swath/0.4.3-3

2013-01-21 Thread Theppitak Karoonboonyanan 
On Mon, Jan 21, 2013 at 4:07 PM, Theppitak Karoonboonyanan
 wrote:

> It fixes potential security hole.

The bug report:
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698189

Regards,
-- 
Theppitak Karoonboonyanan
http://linux.thai.net/~thep/


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cacvhritcbzhzfcfceadnbu9qxcw7_4xqqcuzxy6ertub_ao...@mail.gmail.com

Bug#698619: unblock: swath/0.4.3-3

2013-01-21 Thread Theppitak Karoonboonyanan 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package swath

It fixes potential security hole.
(Security team has been contacted for stable version fix.)

The debdiff has been attached for your review.

unblock swath/0.4.3-3

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=th_TH.utf8, LC_CTYPE=th_TH.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru swath-0.4.3/debian/changelog swath-0.4.3/debian/changelog
--- swath-0.4.3/debian/changelog2012-08-10 17:54:12.0 +0700
+++ swath-0.4.3/debian/changelog2013-01-16 22:42:14.0 +0700
@@ -1,3 +1,12 @@
+swath (0.4.3-3) unstable; urgency=medium
+
+  * Urgency medium for security fix.
+  * debian/patches/01_buffer-overflow.patch: backport patch from upstream
+to fix potential buffer overflow in Mule mode.
+Thanks Dominik Maier for the report. (Closes: #698189)
+
+ -- Theppitak Karoonboonyanan   Wed, 16 Jan 2013 22:34:04 
+0700
+
 swath (0.4.3-2) unstable; urgency=low
 
   * Build with xz compression.
diff -Nru swath-0.4.3/debian/patches/01_buffer-overflow.patch 
swath-0.4.3/debian/patches/01_buffer-overflow.patch
--- swath-0.4.3/debian/patches/01_buffer-overflow.patch 1970-01-01 
07:00:00.0 +0700
+++ swath-0.4.3/debian/patches/01_buffer-overflow.patch 2013-01-16 
22:42:14.0 +0700
@@ -0,0 +1,22 @@
+Author: Theppitak Karoonboonyanan 
+Description: Fix potential buffer overflow
+Origin: backport, 
http://linux.thai.net/websvn/wsvn/software.swath/trunk?op=revision&rev=238&peg=238
+Bug-Debian: http://bugs.debian.org/698189
+
+Index: swath/src/wordseg.cpp
+===
+--- swath.orig/src/wordseg.cpp 2012-02-08 15:45:57.893937559 +0700
 swath/src/wordseg.cpp  2013-01-16 22:08:29.341085326 +0700
+@@ -282,11 +282,7 @@
+ }
+   else
+ {
+-  char stopstr[20];
+-  if (muleMode)
+-strcpy (stopstr, wbr);
+-  else
+-stopstr[0] = '\0';
++  const char *stopstr = muleMode ? wbr : "";
+   for (;;)
+ {   // read until end of file.
+   if (mode == 0)
diff -Nru swath-0.4.3/debian/patches/series swath-0.4.3/debian/patches/series
--- swath-0.4.3/debian/patches/series   1970-01-01 07:00:00.0 +0700
+++ swath-0.4.3/debian/patches/series   2013-01-16 22:42:14.0 +0700
@@ -0,0 +1 @@
+01_buffer-overflow.patch