NEW changes in stable-new
Processing changes file: pam-shield_0.9.2-3.3~squeeze1_kfreebsd-i386.changes ACCEPT Processing changes file: base-files_6.0squeeze7_kfreebsd-i386.changes ACCEPT Processing changes file: dbus-glib_0.88-2.1+squeeze1_kfreebsd-i386.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u7bav-0003oc...@franck.debian.org
NEW changes in stable-new
Processing changes file: gmime2.2_2.2.25-2+squeeze1_ia64.changes ACCEPT Processing changes file: poppler_0.12.4-1.2+squeeze1_ia64.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u7zin-0004ua...@franck.debian.org
NEW changes in stable-new
Processing changes file: pam-shield_0.9.2-3.3~squeeze1_powerpc.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u7ymi-0004tz...@franck.debian.org
Bug#699395: unblock: mednafen/0.8.D.3-6
On Mon, 18 Feb 2013 18:44:12 +, Jonathan Wiltshire wrote: > On Thu, Jan 31, 2013 at 12:09:20AM +0100, Stephen Kitt wrote: > > Would it be possible to unblock mednafen? It fixes #699143 which I > > consider important (I replaced the version of libvorbisidec provided > > in the mednafen source code with a dependency on libvorbisidec-dev in > > Debian, but it doesn't work for audio CD playback). > > Unblocked. Please ensure the security team is aware of the embedded library > (they may already be). Thanks! I notified the security team at the end of January, and the information has been added to http://anonscm.debian.org/viewvc/secure-testing/data/embedded-code-copies?view=markup Regards, Stephen signature.asc Description: PGP signature
NEW changes in stable-new
Processing changes file: pam-shield_0.9.2-3.3~squeeze1_i386.changes ACCEPT Processing changes file: pam-shield_0.9.2-3.3~squeeze1_mipsel.changes ACCEPT Processing changes file: pam-shield_0.9.2-3.3~squeeze1_s390.changes ACCEPT Processing changes file: base-files_6.0squeeze7_mipsel.changes ACCEPT Processing changes file: dbus-glib_0.88-2.1+squeeze1_i386.changes ACCEPT Processing changes file: dbus-glib_0.88-2.1+squeeze1_mips.changes ACCEPT Processing changes file: dbus-glib_0.88-2.1+squeeze1_s390.changes ACCEPT Processing changes file: dbus-glib_0.88-2.1+squeeze1_sparc.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u7yji-0007b3...@franck.debian.org
NEW changes in stable-new
Processing changes file: pam-shield_0.9.2-3.3~squeeze1_armel.changes ACCEPT Processing changes file: pam-shield_0.9.2-3.3~squeeze1_kfreebsd-amd64.changes ACCEPT Processing changes file: pam-shield_0.9.2-3.3~squeeze1_mips.changes ACCEPT Processing changes file: pam-shield_0.9.2-3.3~squeeze1_sparc.changes ACCEPT Processing changes file: base-files_6.0squeeze7_armel.changes ACCEPT Processing changes file: base-files_6.0squeeze7_i386.changes ACCEPT Processing changes file: base-files_6.0squeeze7_ia64.changes ACCEPT Processing changes file: base-files_6.0squeeze7_kfreebsd-amd64.changes ACCEPT Processing changes file: base-files_6.0squeeze7_mips.changes ACCEPT Processing changes file: base-files_6.0squeeze7_powerpc.changes ACCEPT Processing changes file: base-files_6.0squeeze7_s390.changes ACCEPT Processing changes file: base-files_6.0squeeze7_sparc.changes ACCEPT Processing changes file: dbus-glib_0.88-2.1+squeeze1_armel.changes ACCEPT Processing changes file: dbus-glib_0.88-2.1+squeeze1_ia64.changes ACCEPT Processing changes file: dbus-glib_0.88-2.1+squeeze1_kfreebsd-amd64.changes ACCEPT Processing changes file: dbus-glib_0.88-2.1+squeeze1_mipsel.changes ACCEPT Processing changes file: dbus-glib_0.88-2.1+squeeze1_powerpc.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u7y5f-0004e8...@franck.debian.org
lvm2 and grub2 udeb unblocks
Hi Cyril, grub2 and lvm2 in sid fix RC bugs, can I haz an ack for their unblock-udebs? Thanks, Julien signature.asc Description: Digital signature
pixman udeb unblock
Hi, pixman has a small fix for a security issue (CVE-2013-1591) and a udeb. Please could I have an {n,}ack for an unblock-udeb? Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1361222392.9538.6.ca...@jacala.jungle.funky-badger.org
Bug#697764: marked as done (unblock: glib2.0/2.33.12+really2.32.4-5)
Your message dated Mon, 18 Feb 2013 21:55:40 +0100 with message-id <20130218205540.gd5...@radis.cristau.org> and subject line Re: Bug#697764: unblock: glib2.0/2.33.12+really2.32.4-4 has caused the Debian Bug report #697764, regarding unblock: glib2.0/2.33.12+really2.32.4-5 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 697764: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697764 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package glib2.0 It fixes two RC bugs. Related to #676485 is the pu request for gdm3/squeeze [1],[2]. glib2.0 (2.33.12+really2.32.4-4) unstable; urgency=low * Take into account multiarch when removing the cache files in postrm: Remove /usr/lib/gio/modules/giomodule.cache only for the native architecture for which this cache file was created. After removing /usr/share/glib-2.0/schemas/gschemas.compiled on purge, run dpkg-trigger explicitly, so in case libglib2.0-0 is installed for other architectures, the cache file is re-created. (Closes: #696389) * Drop the various Breaks from libglib2.0-0. Those are causing APT to fail on a dist-upgrade from squeeze to wheezy. (Closes: #676485) -- Michael Biebl Tue, 08 Jan 2013 23:30:04 +0100 Full debdiff is attached. In case you are wondering, why the gvfs Breaks was kept: We noticed in our upgrade tests, that only packages with an (indirect) dependency on libgdk-pixbuf2.0-0 were causing problems. So only those were dropped. Cheers, Michael unblock glib2.0/2.33.12+really2.32.4-4 [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697751 [2] https://lists.debian.org/debian-release/2012/12/msg00778.html -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru glib2.0-2.33.12+really2.32.4/debian/changelog glib2.0-2.33.12+really2.32.4/debian/changelog --- glib2.0-2.33.12+really2.32.4/debian/changelog 2012-10-24 11:51:16.0 +0200 +++ glib2.0-2.33.12+really2.32.4/debian/changelog 2013-01-08 23:30:05.0 +0100 @@ -1,3 +1,16 @@ +glib2.0 (2.33.12+really2.32.4-4) unstable; urgency=low + + * Take into account multiarch when removing the cache files in postrm: +Remove /usr/lib/gio/modules/giomodule.cache only for the native +architecture for which this cache file was created. +After removing /usr/share/glib-2.0/schemas/gschemas.compiled on purge, +run dpkg-trigger explicitly, so in case libglib2.0-0 is installed for +other architectures, the cache file is re-created. (Closes: #696389) + * Drop the various Breaks from libglib2.0-0. Those are causing APT to fail +on a dist-upgrade from squeeze to wheezy. (Closes: #676485) + + -- Michael Biebl Tue, 08 Jan 2013 23:30:04 +0100 + glib2.0 (2.33.12+really2.32.4-3) unstable; urgency=low * Team upload diff -Nru glib2.0-2.33.12+really2.32.4/debian/control glib2.0-2.33.12+really2.32.4/debian/control --- glib2.0-2.33.12+really2.32.4/debian/control 2012-10-24 12:33:11.0 +0200 +++ glib2.0-2.33.12+really2.32.4/debian/control 2013-01-08 23:33:01.0 +0100 @@ -38,14 +38,7 @@ ${shlibs:Depends} Recommends: libglib2.0-data, shared-mime-info -Breaks: gvfs (<< 1.8), -gnome-control-center (<< 1:3), -gnome-session (<< 3.0.0-3), -gdm3 (<< 3.0.3), -libgtk-3-0 (<< 3.0.12), -emacs23 (<< 23.4+1-3), -eog (<< 3.2.2-3), -gwaei (<< 3.2.0b1-2) +Breaks: gvfs (<< 1.8) Replaces: libglib2.0-dev (<< 2.23.2-2) Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} diff -Nru glib2.0-2.33.12+really2.32.4/debian/control.in glib2.0-2.33.12+really2.32.4/debian/control.in --- glib2.0-2.33.12+really2.32.4/debian/control.in 2012-09-23 09:31:12.0 +0200 +++ glib2.0-2.33.12+really2.32.4/debian/control.in 2013-01-08 08:00:23.0 +0100 @@ -38,14 +38,7 @@ ${shlibs:Depends} Recommends: @DATA_PKG@, shared-mime-info -Breaks: gvfs (<< 1.8), -gnome-control-center (<< 1:3), -gnome-session (<< 3.0.0-3), -gdm3 (<< 3.0.3), -libgtk-3-0 (<< 3.0.12), -emacs23 (<< 23.4+1-3), -eog (<< 3.2.2-3), -gwaei (<< 3.2.0b1-2) +Breaks: gvfs (<< 1.8) Replaces: @DEV_PKG@ (<< 2.23.2-2) Multi-Arch: same
Bug#691710: marked as done (unblock: mdadm/3.2.5-5)
Your message dated Mon, 18 Feb 2013 21:54:37 +0100 with message-id <20130218205437.gc5...@radis.cristau.org> and subject line Re: Bug#691710: unblock: mdadm/3.2.5-4 (pre-upload) has caused the Debian Bug report #691710, regarding unblock: mdadm/3.2.5-5 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 691710: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691710 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock This is a "pre-upload unblock request" for mdadm/3.2.5-4. Recently, upstream released a new version of mdadm, v3.2.6, which contains only bugfixes or documentation improvements. I'm cherry-picking only the most important changes from this version. These changes fixes a number of important bugs, each of which is not of RC severity, but important enough to be included into wheezy in my point of view. Each of the bug has relatively low impact or probability, or can be seen in only very specific configurations, but once you hit it, it might be difficult to recover the data which was on the raid array in question. This is why I consider these to be good candidates for wheezy. This "unblock request" consists of two parts. First, the "main" part, which talks about several bugfixes: Here are the list of changelog entries of this nature: * Fix 'enough' function for RAID10, to prevent starting of a RAID10 array which does not have required minimum of component devices. (Closes: #691668). * fix segfaults in Detail() - mdadm --detail may segfault if a drive has been removed from the array (Closes: #691670) * super0: do not override uuid with homehost. The bug prevented re-creating an array with v0.90 superblock with the specified uuid when homehost is also specified. (Closes: #686703) Each of the above 3 patches fixes specific bugs relevant to data stability, so to say. * several fixes for mdmon argument processing (Closes: #691671): - allow --takeover when original was started with --offroot - fix arg parsing. - fix arg processing for -a The last series - mdmon argument processing fixes - is not directly relevant for version of the package currently in wheezy, since mdmon utility there is not used right now. For this reason, the fixes above are of zero risk for configurations which are directly supported by mdadm debian package infrastructure. However, mdmon is required to support raid arrays with "external" metadata, which are all the "fakeraid" arrays (ahci and other in-chipset implementations), found in almost all modern motherboards or PCs. These tiny bugfixes allows usage of such arrays in saner way. More about mdmon is below. While at it, I'm also fixing 2 minor issues with packaging which were slipped in - one debian/changelog typo and an inverse logic in `/etc/init.d/mdadm status' handling (#686100). Debdiff between current version in wheezy (3.2.5-3) and the proposed release attached in file named mdadm_3.2.5-4.debdiff. Whole packaging is done in git, and each change is visible in the git repository on git.debian.org, maybe this one is easier to review: http://anonscm.debian.org/gitweb/?p=pkg-mdadm/mdadm.git;a=shortlog;h=master And second, there's a second part, which talks especially about mdmon and usage of arrays with external metadata. There's one bugreport of RC severity, filed by Miquel van Smoorenburg, who requested a new feature: adding support for raid arrays with "external" metadata. It is #684708. First, a little explanation. mdadm utility is used to manage raid arrays. For native linux arrays, only 2 components are necessary: mdadm utility to start/stop/etc, and the kernel to handle all the rest. However, for arrays with non-native formats/metadata, metadata updates are handled by external program, kernel sends events affecting metadata to userspace and expects an external program to udpate the metadata using whatever format it is in. This external program is mdmon. Kernel refuses to make the device read-write unless such external prgram is running for the array in question. When mdadm is asked to assemble such a non-native array, it tries to execute mdmon automatically. Once running, it will handle metadata updates from kernel, and the array becomes fully operational. No additional actions are necessary, mdadm does it all internally. If such non-native arrays are assembled from initramfs, mdmon should be in the initramfs too, because else, say, ext4 journal replay (which is done even on a
Bug#698976: unblock: libssh/0.5.4-1
Le Mon, 18 Feb 2013 18:37:22 +, Jonathan Wiltshire a écrit : Hi, > On Wed, Feb 06, 2013 at 04:24:24PM +0100, Laurent Bigonville wrote: > > retitle 698976 unblock: libssh/0.5.4-1 > > thanks > > > > Hello, > > > > I've uploaded the package into unstable. > > Sorry for the delay. The error in the error message is still present, > was that intentional? I've added that patch http://patch-tracker.debian.org/patch/series/view/libssh/0.5.4-1/0003-fix-typo.patch so that should be OK I guess? Cheers Laurent Bigonville signature.asc Description: PGP signature
Bug#699492: unblock bacula-doc/5.2.6-2
On Mon, Feb 18, 2013 at 07:55:41PM +, Jonathan Wiltshire wrote: > Control: tag -1 + moreinfo > > On Fri, Feb 01, 2013 at 02:55:54AM +0400, Alexander Golovko wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: unblock > > > > Hi! > > > > Please, unblock bacula-doc/5.2.6-2. > > This is change in major version, but this will fix situation, that we > > ship in wheezy different versions of package and documentation (package > > 5.2.6 and docs for 5.0.2). I also meant to say that debian/copyright claims the license is GFDL, Wheezy's upstream headers claim GPL and sid's upstream headers claim AGPL. That needs sorting out, preferably with a complete audit and update of debian/copyright. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 i have six years of solaris sysadmin experience, from 8->10. i am well qualified to say it is made from bonghits layered on top of bonghits signature.asc Description: Digital signature
Processed: Re: Bug#700807: tpu: package unbound/1.4.17-3
Processing control commands: > tag -1 + confirmed Bug #700807 [release.debian.org] tpu: package unbound/1.4.17-3 Added tag(s) confirmed. -- 700807: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700807 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b700807.136121853415767.transcr...@bugs.debian.org
Bug#700807: tpu: package unbound/1.4.17-3
Control: tag -1 + confirmed On Sun, Feb 17, 2013 at 01:24:40PM -0500, Robert Edmonds wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: tpu > > i'd like to upload unbound 1.4.17-3 with an updated D.ROOT-SERVERS.NET > hint to testing/testing-proposed-updates to fix #697351. unstable has a > newer upstream release (1.4.19-1) so the update will need to go via tpu. > debdiff is attached. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 i have six years of solaris sysadmin experience, from 8->10. i am well qualified to say it is made from bonghits layered on top of bonghits signature.asc Description: Digital signature
Processed: Re: Bug#699492: unblock bacula-doc/5.2.6-2
Processing control commands: > tag -1 + moreinfo Bug #699492 [release.debian.org] unblock bacula-doc/5.2.6-2 Added tag(s) moreinfo. -- 699492: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699492 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b699492.136121791811088.transcr...@bugs.debian.org
Bug#699492: unblock bacula-doc/5.2.6-2
Control: tag -1 + moreinfo On Fri, Feb 01, 2013 at 02:55:54AM +0400, Alexander Golovko wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Hi! > > Please, unblock bacula-doc/5.2.6-2. > This is change in major version, but this will fix situation, that we > ship in wheezy different versions of package and documentation (package > 5.2.6 and docs for 5.0.2). Whilst I agree that we should have same versions of the package and documentation, and I'd be more leniant that usual given that it's "just" documentation, there are problems that mean I'm not prepared to unblock this version. > +bacula-doc (5.2.6-2) unstable; urgency=low You aren't listed in Uploaders or Maintainers, so this should be an NMU version number and have a note in the changelog. > +bacula-doc (5.2.6-1) unstable; urgency=low > + > + [ Alexander Golovko ] > + * debian/patches/remove-config-generated-file-in-source.patch, > +debian/patches/series, debian/rules, debian/source.lintian-overrides: > ++ change method for remove config.{log,status} from sources. Why? Apart from the ick of using quilt to remove this file, you now have to update that patch every time the file changes, which is probably every upstream release. Was there a problem caused by the previous behaviour? > + * Bump standards to 3.9.4 (no changes). > + * debian/compat: bump to 9. > +debian/control: set dpendency debhelper to >9. These are a definite 'no' (although I realise the dependency was reverted). -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 i have six years of solaris sysadmin experience, from 8->10. i am well qualified to say it is made from bonghits layered on top of bonghits signature.asc Description: Digital signature
NEW changes in stable-new
Processing changes file: base-files_6.0squeeze7_amd64.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u7vyx-00078c...@franck.debian.org
Bug#699395: marked as done (unblock: mednafen/0.8.D.3-6)
Your message dated Mon, 18 Feb 2013 18:44:12 + with message-id <20130218184412.gb10...@lupin.home.powdarrmonkey.net> and subject line Re: Bug#699395: unblock: mednafen/0.8.D.3-6 has caused the Debian Bug report #699395, regarding unblock: mednafen/0.8.D.3-6 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 699395: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699395 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi, Would it be possible to unblock mednafen? It fixes #699143 which I consider important (I replaced the version of libvorbisidec provided in the mednafen source code with a dependency on libvorbisidec-dev in Debian, but it doesn't work for audio CD playback). The debdiff is as follows: diff -Nru mednafen-0.8.D.3/debian/changelog mednafen-0.8.D.3/debian/changelog --- mednafen-0.8.D.3/debian/changelog 2012-06-18 01:01:23.0 +0200 +++ mednafen-0.8.D.3/debian/changelog 2013-01-29 23:41:52.0 +0100 @@ -1,3 +1,10 @@ +mednafen (0.8.D.3-6) unstable; urgency=low + + * Build using the provided libvorbisidec source; mednafen doesn't work +correctly with the version currently in Debian (closes: #699143). + + -- Stephen Kitt Tue, 29 Jan 2013 23:40:10 +0100 + mednafen (0.8.D.3-5) unstable; urgency=low * Use ${source:Package} with dpkg-query to retrieve only the package diff -Nru mednafen-0.8.D.3/debian/patches/series mednafen-0.8.D.3/debian/patches/series --- mednafen-0.8.D.3/debian/patches/series 2012-06-17 23:16:13.0 +0200 +++ mednafen-0.8.D.3/debian/patches/series 2013-01-29 23:38:48.0 +0100 @@ -1,3 +1,2 @@ -use-system-tremor.patch hardening-fixes.patch zlib-1.2.6-fix.patch diff -Nru mednafen-0.8.D.3/debian/rules mednafen-0.8.D.3/debian/rules --- mednafen-0.8.D.3/debian/rules 2012-06-17 23:16:13.0 +0200 +++ mednafen-0.8.D.3/debian/rules 2013-01-29 23:39:07.0 +0100 @@ -18,9 +18,6 @@ cp src/compress/minilzo.h src/compress/minilzo.h.orig cp /usr/share/lzo/minilzo/*.[ch] src/compress - # Move bundled source code for external packages out of the way - mv src/tremor src/tremor.orig - dh_auto_build override_dh_auto_clean: @@ -30,9 +27,6 @@ [ ! -f src/compress/minilzo.c.orig ] || mv src/compress/minilzo.c.orig src/compress/minilzo.c [ ! -f src/compress/minilzo.h.orig ] || mv src/compress/minilzo.h.orig src/compress/minilzo.h - # Restore bundled source code - [ ! -d src/tremor.orig ] || mv src/tremor.orig src/tremor - dh_auto_clean override_dh_auto_configure: unblock mednafen/0.8.D.3-6 Thanks in advance, Stephen -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing'), (500, 'stable'), (200, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash --- End Message --- --- Begin Message --- On Thu, Jan 31, 2013 at 12:09:20AM +0100, Stephen Kitt wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Hi, > > Would it be possible to unblock mednafen? It fixes #699143 which I > consider important (I replaced the version of libvorbisidec provided > in the mednafen source code with a dependency on libvorbisidec-dev in > Debian, but it doesn't work for audio CD playback). Unblocked. Please ensure the security team is aware of the embedded library (they may already be). Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 i have six years of solaris sysadmin experience, from 8->10. i am well qualified to say it is made from bonghits layered on top of bonghits signature.asc Description: Digital signature --- End Message ---
Bug#698976: unblock: libssh/0.5.4-1
On Wed, Feb 06, 2013 at 04:24:24PM +0100, Laurent Bigonville wrote: > retitle 698976 unblock: libssh/0.5.4-1 > thanks > > Hello, > > I've uploaded the package into unstable. Sorry for the delay. The error in the error message is still present, was that intentional? -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 signature.asc Description: Digital signature
Bug#700872: unblock: dh-make-drupal/1.3-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package dh-make-drupal I received a bug report/pull request via GitHub¹ explaining that drupal.org no longer serves requests lacking a User-Agent string. This version fixes that problem and adds more descriptive error reporting, and a very simple modification allowing it to be run in Squeeze systems (debhelper >> 8.0.0 to >= 8.0.0). ¹ https://github.com/gwolf/dh-make-drupal/pull/2 Full diff between 1.2-1 and 1.3-1 follows. diff --git a/changelog.txt b/changelog.txt index 017964c..7294924 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,3 +1,11 @@ +1.3 (2013-02-18) + * Thanks to Stefan Kangas - This release is basically a pull request + of his work (https://github.com/gwolf/dh-make-drupal/pull/2) + * Provide a User-Agent to keep working despite drupal.org's new + restrictions + * Show the OpenURI::HTTPError exception reasons + * Fix the generated Build-Depends to work correctly on Squeeze + 1.2 (2012-08-13) * "Switch '-d' (Drupal version) was not accepting its needed argument. Fixed, thanks to Matthew Gabeler-Lee for the report diff --git a/debian/changelog b/debian/changelog index 66b44c7..dc3f979 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +dh-make-drupal (1.3-1) unstable; urgency=low + + * Merging Stefan Kangas' pull request - Thanks! + * Provide a User-Agent to keep working despite drupal.org's new +restrictions + * Show the OpenURI::HTTPError exception reasons + * Fix the generated Build-Depends to work correctly on Squeeze + + -- Gunnar Wolf Mon, 18 Feb 2013 12:07:02 -0600 + dh-make-drupal (1.2-1) unstable; urgency=low * Switch '-d' (Drupal version) was not accepting its needed argument - diff --git a/dh-make-drupal b/dh-make-drupal index b011b18..650e967 100755 --- a/dh-make-drupal +++ b/dh-make-drupal @@ -5,7 +5,7 @@ # # Creates Debian packages from Drupal projects (modules, themes, translations). -Version = '1.0' +Version = '1.3' Author = 'Gunnar Wolf ' Copyright = <' % [@maint_name, @maint_mail], - 'Build-Depends: debhelper (>> 8.0.0)', + 'Build-Depends: debhelper (>= 8.0.0)', 'Standards-Version: 3.9.3', 'Homepage: %s' % @project.url, '', @@ -648,9 +648,9 @@ module DrupalProject auth = self.new begin -doc = Hpricot(open(url)) +doc = Hpricot(open(url, 'User-Agent' => "dh-make-drupal %s" % [Version])) rescue OpenURI::HTTPError -raise IOError, "Could not open author information site at #{url}" +raise IOError, "Could not open author information site at #{url}: " + $! end auth.info_url = url auth.name = doc.search('dd.profile-profile_full_name').inner_text @@ -671,9 +671,9 @@ module DrupalProject Logger.instance.debug "Fetching project information from #{@url}" begin -@html = Hpricot(open(@url)) +@html = Hpricot(open(@url, 'User-Agent' => "dh-make-drupal %s" % [Version])) rescue OpenURI::HTTPError -raise IOError, "Could not open #{name} project website at #{@url}" +raise IOError, "Could not open #{name} project website at #{@url}: " + $! end # Get the project description. Fetch only the first paragraph - @@ -883,9 +883,10 @@ module DrupalProject raise Errno::EEXIST, "Destination filename for source tarball "+ "(#{dest_file}) already exists. Cannot continue." end -File.open(dest_file, 'w') {|f| f.write open(url).read} +File.open(dest_file, 'w') {|f| + f.write open(url, 'User-Agent' => "dh-make-drupal %s" % [Version]).read} rescue OpenURI::HTTPError -Logger.instance.error "Requested URI #{url} could not be retreived" +Logger.instance.error "Requested URI #{url} could not be retreived: " + $! end end unblock dh-make-drupal/1.3-1 -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130218181645.24330.84966.report...@mosca.iiec.unam.mx
NEW changes in stable-new
Processing changes file: pam-shield_0.9.2-3.3~squeeze1_amd64.changes ACCEPT Processing changes file: dbus-glib_0.88-2.1+squeeze1_amd64.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u7uny-0005vm...@franck.debian.org
Bug#699696: pu: package libpam-shield/0.9.2-3.2
Thank you Adam (and Jonathan Wiltshire for sponsoring the upload.) -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/canqxixnosnzkyzg8cvxqhay4yez8ma3neplghv7dolfu1nk...@mail.gmail.com
Bug#694378: please allow up-to-date apt-cacher-ng in wheezy
Hi, again (cf. #683803) I was bitten by (apt-cacher-ng 0.7.6-1): Sun Feb 17 11:47:50 2013|http.debian.net/debian/pool/main/p/popt/libpopt0_1.16-7_i386.deb storage error [301 Moved Permanently], last errno: Operation now in progress Sun Feb 17 11:56:55 2013|http.debian.net/debian/pool/main/libc/libcap2/libcap2_2.22-1.2_i386.deb storage error [301 Moved Permanently], last errno: Operation now in progress This happens rarely, but even with "RedirMax: 0", and it spoils the debian-lan setup. So please consider the fixed package for wheezy. Offering a fixed package in backports doesn't make Debian better, because either you use the package from backports which will not be better by being in backports or you don't use acng at all - which will not need a fixed package. And it causes extra work to include backport repositories, especially for debian-lan. Best regards, Andi -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130218174724.GA12095@fuzi
Processed: Re: Bug#700864: pu: package dbus-glib/0.88-2.1+squeeze1
Processing control commands: > tags -1 + pending squeeze Bug #700864 [release.debian.org] pu: package dbus-glib/0.88-2.1+squeeze1 Added tag(s) squeeze and pending. -- 700864: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700864 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b700864.13612089118834.transcr...@bugs.debian.org
Processed: Re: Bug#699696: pu: package libpam-shield/0.9.2-3.2
Processing control commands: > tags -1 + pending Bug #699696 [release.debian.org] pu: package libpam-shield/0.9.2-3.2 Added tag(s) pending. -- 699696: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699696 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b699696.13612089789244.transcr...@bugs.debian.org
Bug#700864: pu: package dbus-glib/0.88-2.1+squeeze1
Control: tags -1 + pending squeeze On 18.02.2013 16:05, Simon McVittie wrote: Moritz asked me to upload dbus-glib to squeeze for #700638 (CVE-2013-0292). I've already uploaded it, with permission from adsb, since the 6.0.7 point release is imminent. Debdiff below. Flagged for acceptance; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1b8425e41f9a124a2598a11adaee...@mail.adsl.funky-badger.org
Bug#699696: pu: package libpam-shield/0.9.2-3.2
Control: tags -1 + pending On 15.02.2013 18:19, Adam D. Barratt wrote: On Sun, 2013-02-03 at 13:33 -0700, Jonathan Niehof wrote: The diff is a minimal change for this bug only. It is identical to 0.9.2-3.3 in testing, with the exception of targeting stable. +pam-shield (0.9.2-3.3+squeeze1) stable; urgency=low The version needs to be /smaller/ than what's currently in testing / unstable; please use "0.9.2-3.3~squeeze1". With that change, and assuming that the resulting package has been tested on a squeeze system please go ahead; thanks. Flagged for acceptance. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1987c5c06a2daee509a2ed71207f5...@mail.adsl.funky-badger.org
Bug#700864: pu: package dbus-glib/0.88-2.1+squeeze1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: pu Moritz asked me to upload dbus-glib to squeeze for #700638 (CVE-2013-0292). I've already uploaded it, with permission from adsb, since the 6.0.7 point release is imminent. Debdiff below. Regards, S diffstat for dbus-glib_0.88-2.1 dbus-glib_0.88-2.1+squeeze1 dbus-glib-0.88/debian/changelog |8 + debian/patches/0001-CVE-2013-0292-dbus-gproxy-Verify-sender-of-NameOwner.patch | 52 ++ 2 files changed, 60 insertions(+) diff -u dbus-glib-0.88/debian/changelog dbus-glib-0.88/debian/changelog --- dbus-glib-0.88/debian/changelog +++ dbus-glib-0.88/debian/changelog @@ -1,3 +1,11 @@ +dbus-glib (0.88-2.1+squeeze1) stable; urgency=low + + * Apply patch from upstream 0.100.1 to fix insufficient checking +leading to authentication bypass in pam_fprintd (CVE-2013-0292) +(Closes: #700638) + + -- Simon McVittie Fri, 15 Feb 2013 17:58:34 + + dbus-glib (0.88-2.1) unstable; urgency=high * Non-maintainer upload. only in patch2: unchanged: --- dbus-glib-0.88.orig/debian/patches/0001-CVE-2013-0292-dbus-gproxy-Verify-sender-of-NameOwner.patch +++ dbus-glib-0.88/debian/patches/0001-CVE-2013-0292-dbus-gproxy-Verify-sender-of-NameOwner.patch @@ -0,0 +1,52 @@ +From 166978a09cf5edff4028e670b6074215a4c75eca Mon Sep 17 00:00:00 2001 +From: Colin Walters +Date: Thu, 14 Feb 2013 10:19:34 -0500 +Subject: [PATCH] CVE-2013-0292: dbus-gproxy: Verify sender of + NameOwnerChanged signals to be o.f.DBus + +Anyone can hop on the bus and emit a signal whose interface is +o.f.DBus; it's expected at the moments that clients (and notably DBus +libraries) check the sender. + +This could previously be used to trick a system service using dbus-glib +into thinking a malicious signal came from a privileged source, by +claiming that ownership of the privileged source's well-known name had +changed from the privileged source's real unique name to the attacker's +unique name. + +[altered to be NULL-safe so it won't crash on peer connections -smcv] +Signed-off-by: Simon McVittie +Reviewed-by: Simon McVittie +--- + dbus/dbus-gproxy.c |7 --- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/dbus/dbus-gproxy.c b/dbus/dbus-gproxy.c +index 2fc52f9..c3ae9ec 100644 +--- a/dbus/dbus-gproxy.c b/dbus/dbus-gproxy.c +@@ -1250,8 +1250,11 @@ dbus_g_proxy_manager_filter (DBusConnection *connection, + GSList *tmp; + const char *sender; + ++ sender = dbus_message_get_sender (message); ++ + /* First we handle NameOwnerChanged internally */ +- if (dbus_message_is_signal (message, ++ if (g_strcmp0 (sender, DBUS_SERVICE_DBUS) == 0 && ++dbus_message_is_signal (message, + DBUS_INTERFACE_DBUS, + "NameOwnerChanged")) + { +@@ -1280,8 +1283,6 @@ dbus_g_proxy_manager_filter (DBusConnection *connection, + } + } + +- sender = dbus_message_get_sender (message); +- + /* dbus spec requires these, libdbus validates */ + g_assert (dbus_message_get_path (message) != NULL); + g_assert (dbus_message_get_interface (message) != NULL); +-- +1.7.10.4 + -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130218160535.ga31...@reptile.pseudorandom.co.uk
Re: [Pkg-mediawiki-devel] Bug#700595: mediawiki: Upstream bug: Bug 39635 - PostgreSQL LOCK IN SHARE MODE option is a syntax error
Thorsten Glaser schreef op 2013-02-18 10:31: On Fri, 15 Feb 2013, Hans Spaans wrote: Please apply upstream patch r32085 from bugreport 39635[1] to make Mediawiki 1.19.3-1 work on Debian again. Indeed, I had already applied it, as a cow-orker spotted the same issue last week, but not yet uploaded to Debian, which I just did. If you’ll want this in wheezy, please take this up with the Release Team. I saw I quoted the wrong patchset, it should be "Gerrit change #21606" and I have the patch now running on multiple installations. But as this affects the running of mediawiki on PostgreSQL I included the Release Team in this e-mail to give them a notice. As a notice in advance I'm also preparing another bugreport as the upgrade statements for PostgreSQL are incomplete as it look now. But I need to confirm that the patchset I may propose is correct and I expect to finish that one coming weekend so it is correct in one go. Hans -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/3aed5b788f46dd47ca72a2904fe10...@imap-proxy.nexit.nl
NEW changes in stable-new
Processing changes file: linux-kernel-di-s390-2.6_0.59+squeeze9_multi.changes ACCEPT Processing changes file: linux-kernel-di-sparc-2.6_1.64+squeeze9_multi.changes ACCEPT Processing changes file: linux-kernel-di-powerpc-2.6_1.76+squeeze9_multi.changes ACCEPT Processing changes file: linux-kernel-di-i386-2.6_1.99+squeeze9_multi.changes ACCEPT Processing changes file: linux-kernel-di-ia64-2.6_1.63+squeeze9_multi.changes ACCEPT Processing changes file: linux-kernel-di-armel-2.6_1.56+squeeze9_multi.changes ACCEPT Processing changes file: linux-kernel-di-mips-2.6_1.31+squeeze9_multi.changes ACCEPT Processing changes file: linux-kernel-di-amd64-2.6_1.76+squeeze9_amd64.changes ACCEPT Processing changes file: linux-kernel-di-mipsel-2.6_1.31+squeeze9_multi.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u7nnl-000396...@franck.debian.org
Bug#698647: unblock: ejabberd/2.1.10-3.1
On Mon, 21 Jan 2013 19:20:47 +0100 root wrote: > Package: release.debian.org > Severity: normal > Tags: patch > User: release.debian@packages.debian.org > Usertags: unblock > > Please approve package ejabberd for unblocking: > > Please consider #660186 release-critical: in many environment, > JPEG photos are used in Jabber, and in companies, these usually > come from the LDAP. This bug effectively prevents such environ- > ments from using ejabberd, or upgrading to the wheezy version. > > The patch to fix this is a one-liner, apparently some forgotten > escape, and does its job well. > > I’ve prepared a locally patched package with that and would like > to ask the Release Team hereby for a pre-upload approval, and > then either the package maintainers to upload a fixed version to > sid which can migrate, or I will do an NMU. The patch is attached. As I've just prepared fixes [2] for the three important bugs including #660186 and asked Rhonda for upload (see the attachment), I'm now interested in how exactly to handle this NMU request. As I gather from the upload history in [1], this NMU did not happen, and I also think I did not see any messages from the archive software regarding it. I think I did not see any messages from the release ream as well. So what do you propose? I might re-do the commit 30784fb0a9bc9ca75a229406bf5b2bc21df5ffc2 to acknowledge the NMU but if it has not actually happened, it doesn't feel quite right to me. 1. http://packages.qa.debian.org/e/ejabberd.html 2. http://git.deb.at/w/pkg/ejabberd.git/shortlog/refs/heads/wheezy --- Begin Message --- I have prepared and pushed fixes for #691125 package installation creates /root/.erlang.cookie #660186 mod_vcard_ldap Broken JPEG Photo in 2.1.10 #698309 broken shared roster group support, only support 30 users max into the "wheezy" branch at git.deb.at. The first two are rather trivial, the last one required a bit of tweaking (but nothing special). I was only able to verify the first patch (through several install -- `logrotate -f` -- purge) runs. I also checked that application of the third patch did not break HTTPS (by setting up a TLS-protected web_admin listener and messing with it using my browser). Can't test the second (JPEG photos via LDAP) patch myself (it's doable but deploying slapd and populating it with the user data is an uphill battle -- I did that once in some now lost sandbox, and I recall that required much hair-pulling and cursing along the way). In any case I propose to build 2.1.10-4 from the tip of the "wheezy" branch from and upload it to unstable so I could prod the relevant bug reporters asking them to test this upload and ask the release team for wheezy exclusion. --- End Message ---
Re: openjdk maintenance for wheezy and squeeze
On 18/02/2013 07:26, Andreas Kuckartz wrote: > Thanks a lot for explaining the situation and alternative paths forward. > > My view as a user: > > I only want OpenJDK7 (maybe OpenJDK8 when that becomes generally > available on September 9, 2013 :-) > > Oracle has announced that no more new public updates of Java SE 6 will > be made available after February 2013: > http://www.oracle.com/technetwork/java/eol-135779.html > > OpenJDK6 therefore should be considered obsolete when Wheezy is released. > > Is there any collaboration with other distributions and/or the OpenJDK > project on this ? Andrew from RedHat said that OpenJDK will still be maintained after that: http://lists.debian.org/debian-java/2013/02/msg5.html Sylvestre -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5121dfc9.3000...@debian.org