Bug#701002: nmu: fpgatools_0.0+201212-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu fpgatools_0.0+201212-1 . amd64 . -m Rebuild in a clean Debian sid environment. libfpga0/amd64 unsatisfiable Depends: libc6 (= 2.14) Once again a package built on Ubuntu (or experimental) was uploaded to sid ... Andreas -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130220101125.24758.94087.report...@cake.ae.cs.uni-frankfurt.de
Bug#701005: unblock: fonts-hanazono/20120421-1.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package fonts-hanazono fonts-hanazono does not clean up old ttf-japanese-*.ttf alternatives on upgrades from squeeze. * ttf-hanazono.preinst: Unregister the ttf-japanese-mincho.ttf alternative. * fonts-hanazono.preinst: Clean up the ttf-japanese-mincho.ttf alternative set up by ttf-hanazono in squeeze. This needs to be done in fonts-hanazono as well since there is no guarantee that the transitional ttf-hanazono package was installed and did clean this up. Since new installations of fonts-hanazono cannot be distinguished from upgrades from ttf-hanazono this needs to be run on new installations, too. (Closes: #700058) unblock fonts-hanazono/20120421-1.1 diffstat for fonts-hanazono-20120421 fonts-hanazono-20120421 changelog | 13 + fonts-hanazono.preinst |9 + ttf-hanazono.preinst | 13 + 3 files changed, 35 insertions(+) diff -Nru fonts-hanazono-20120421/debian/changelog fonts-hanazono-20120421/debian/changelog --- fonts-hanazono-20120421/debian/changelog 2012-05-29 10:59:35.0 +0200 +++ fonts-hanazono-20120421/debian/changelog 2013-02-11 14:57:21.0 +0100 @@ -1,3 +1,16 @@ +fonts-hanazono (20120421-1.1) unstable; urgency=low + + * Non-maintainer upload. + * ttf-hanazono.preinst: Unregister the ttf-japanese-mincho.ttf alternative. + * fonts-hanazono.preinst: Clean up the ttf-japanese-mincho.ttf alternative +set up by ttf-hanazono in squeeze. This needs to be done in fonts-hanazono +as well since there is no guarantee that the transitional ttf-hanazono +package was installed and did clean this up. Since new installations of +fonts-hanazono cannot be distinguished from upgrades from ttf-hanazono +this needs to be run on new installations, too. (Closes: #700058) + + -- Andreas Beckmann a...@debian.org Mon, 11 Feb 2013 14:56:52 +0100 + fonts-hanazono (20120421-1) unstable; urgency=low * New upstream release. diff -Nru fonts-hanazono-20120421/debian/fonts-hanazono.preinst fonts-hanazono-20120421/debian/fonts-hanazono.preinst --- fonts-hanazono-20120421/debian/fonts-hanazono.preinst 2012-03-06 00:23:39.0 +0100 +++ fonts-hanazono-20120421/debian/fonts-hanazono.preinst 2013-02-11 14:57:43.0 +0100 @@ -2,6 +2,9 @@ set -e +OLD_ALT_NAME=ttf-japanese-mincho +OLD_FONT_ENTRY=/usr/share/fonts/truetype/hanazono/hanazono.ttf + PKG=ttf-hanazono PKG_VERSION_DEFOMA=20090909-1 @@ -34,6 +37,12 @@ rm_conffile $PKG $FILE fi + # do this on new installations, too, as these could be upgrades + # from ttf-hanazono + if dpkg --compare-versions $2 lt 20120421-1.1~; then + update-alternatives --remove $OLD_ALT_NAME.ttf $OLD_FONT_ENTRY + fi + esac #DEBHELPER# diff -Nru fonts-hanazono-20120421/debian/ttf-hanazono.preinst fonts-hanazono-20120421/debian/ttf-hanazono.preinst --- fonts-hanazono-20120421/debian/ttf-hanazono.preinst 1970-01-01 01:00:00.0 +0100 +++ fonts-hanazono-20120421/debian/ttf-hanazono.preinst 2013-02-11 14:57:54.0 +0100 @@ -0,0 +1,13 @@ +#!/bin/sh +set -e + +OLD_ALT_NAME=ttf-japanese-mincho +OLD_FONT_ENTRY=/usr/share/fonts/truetype/hanazono/hanazono.ttf + +if [ $1 = install ] || [ $1 = upgrade ]; then + if dpkg --compare-versions $2 lt-nl 20120421-1.1~; then + update-alternatives --remove $OLD_ALT_NAME.ttf $OLD_FONT_ENTRY + fi +fi + +#DEBHELPER#
Bug#701006: unblock: fonts-takao/003.02.01-7.1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package fonts-takao
fonts-takao dos not clean up obsolete ttf-japanese-*.tff alternatives on
upgrades from squeeze.
* fonts-takao-mincho.preinst: Fix OTF alternative cleanup.
* ttf-takao-*.preinst: Unregister the ttf-japanese-*.ttf alternatives.
* fonts-takao-*.preinst: Clean up the ttf-japanese-*.ttf alternatives set up
by ttf-takao-* in squeeze. This needs to be done in fonts-takao-* as well
since there is no guarantee that the transitional ttf-takao-* packages
were installed and did clean this up. Since new installations of
fonts-takao-* cannot be distinguished from upgrades from ttf-takao-*
this needs to be run on new installations, too. (Closes: #700054)
Andreas
unblock fonts-takao/003.02.01-7.1
diffstat for fonts-takao-003.02.01 fonts-takao-003.02.01
changelog | 14 ++
fonts-takao-gothic.preinst |8 ++--
fonts-takao-mincho.preinst | 12 +++-
ttf-takao-gothic.preinst | 13 +
ttf-takao-mincho.preinst | 13 +
5 files changed, 53 insertions(+), 7 deletions(-)
diff -Nru fonts-takao-003.02.01/debian/changelog fonts-takao-003.02.01/debian/changelog
--- fonts-takao-003.02.01/debian/changelog 2012-06-12 21:14:12.0 +0200
+++ fonts-takao-003.02.01/debian/changelog 2013-02-11 14:37:01.0 +0100
@@ -1,3 +1,17 @@
+fonts-takao (003.02.01-7.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * fonts-takao-mincho.preinst: Fix OTF alternative cleanup.
+ * ttf-takao-*.preinst: Unregister the ttf-japanese-*.ttf alternatives.
+ * fonts-takao-*.preinst: Clean up the ttf-japanese-*.ttf alternatives set up
+by ttf-takao-* in squeeze. This needs to be done in fonts-takao-* as well
+since there is no guarantee that the transitional ttf-takao-* packages
+were installed and did clean this up. Since new installations of
+fonts-takao-* cannot be distinguished from upgrades from ttf-takao-*
+this needs to be run on new installations, too. (Closes: #700054)
+
+ -- Andreas Beckmann a...@debian.org Mon, 11 Feb 2013 14:36:53 +0100
+
fonts-takao (003.02.01-7) unstable; urgency=low
* debian/rules
diff -Nru fonts-takao-003.02.01/debian/fonts-takao-gothic.preinst fonts-takao-003.02.01/debian/fonts-takao-gothic.preinst
--- fonts-takao-003.02.01/debian/fonts-takao-gothic.preinst 2011-09-23 06:47:55.0 +0200
+++ fonts-takao-003.02.01/debian/fonts-takao-gothic.preinst 2013-02-11 14:37:20.0 +0100
@@ -7,9 +7,10 @@
OLD_ALT_NAME=ttf-japanese-gothic
FONT_ENTRY_OTF=/usr/share/fonts/opentype/takao/TakaoPGothic.otf
-CHECK_VERSION=003.02.01-5
+CHECK_VERSION=003.02.01-7.1
FONT_ENTRY=/usr/share/fonts/truetype/takao/TakaoPGothic.ttf
+
check_broken_ttf_japanese_gothic()
{
update-alternatives --remove \
@@ -17,13 +18,16 @@
$FONT_ENTRY_OTF
}
+
case $1 in
install|upgrade)
if [ -f $FONT_ENTRY_OTF ]; then
check_broken_ttf_japanese_gothic
fi
-if dpkg --compare-versions $2 lt-nl $CHECK_VERSION; then
+# do this on new installations, too, as these could be upgrades
+# from ttf-takao-gothic
+if dpkg --compare-versions $2 lt $CHECK_VERSION~; then
update-alternatives --remove $OLD_ALT_NAME.ttf $FONT_ENTRY
fi
diff -Nru fonts-takao-003.02.01/debian/fonts-takao-mincho.preinst fonts-takao-003.02.01/debian/fonts-takao-mincho.preinst
--- fonts-takao-003.02.01/debian/fonts-takao-mincho.preinst 2011-09-23 06:47:55.0 +0200
+++ fonts-takao-003.02.01/debian/fonts-takao-mincho.preinst 2013-02-11 14:37:39.0 +0100
@@ -7,8 +7,8 @@
OLD_ALT_NAME=ttf-japanese-mincho
FONT_ENTRY_OTF=/usr/share/fonts/opentype/takao/TakaoPMincho.otf
-CHECK_VERSION=003.02.01-5
-FONT_ENTRY=/usr/share/fonts/opentype/takao/TakaoPMincho.ttf
+CHECK_VERSION=003.02.01-7.1
+FONT_ENTRY=/usr/share/fonts/truetype/takao/TakaoPMincho.ttf
check_broken_ttf_japanese_mincho()
@@ -19,16 +19,18 @@
}
-
case $1 in
install|upgrade)
- if [ -f $FONT_ENTRY ]; then
+ if [ -f $FONT_ENTRY_OTF ]; then
check_broken_ttf_japanese_mincho
fi
-if dpkg --compare-versions $2 lt-nl $CHECK_VERSION; then
+# do this on new installations, too, as these could be upgrades
+# from ttf-takao-mincho
+if dpkg --compare-versions $2 lt $CHECK_VERSION~; then
update-alternatives --remove $OLD_ALT_NAME.ttf $FONT_ENTRY
fi
+
;;
abort-upgrade)
diff -Nru fonts-takao-003.02.01/debian/ttf-takao-gothic.preinst fonts-takao-003.02.01/debian/ttf-takao-gothic.preinst
--- fonts-takao-003.02.01/debian/ttf-takao-gothic.preinst 1970-01-01 01:00:00.0 +0100
+++ fonts-takao-003.02.01/debian/ttf-takao-gothic.preinst 2013-02-11 14:37:53.0 +0100
@@ -0,0 +1,13 @@
+#!/bin/sh
+set -e
+
+OLD_ALT_NAME=ttf-japanese-gothic
Bug#701008: unblock: nagvis/1:1.6.6+dfsg.1-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: freeze-exception Please unblock package nagvis I uploaded a backport with wrong version to squeeze-backports, so upgrades from squeeze+squeeze-backports to wheezy are broken. The easiest fix is to bump the version in the sid/wheezy package to be higher again, so as discussed in #debian-release I uploaded a new package. The debdiff is: $ debdiff nagvis_1.6.6+dfsg.1-2.dsc nagvis_1.6.6+dfsg.1-3.dsc diff -Nru nagvis-1.6.6+dfsg.1/debian/changelog nagvis-1.6.6+dfsg.1/debian/changelog --- nagvis-1.6.6+dfsg.1/debian/changelog2012-06-11 18:45:44.0 +0200 +++ nagvis-1.6.6+dfsg.1/debian/changelog2013-02-20 11:40:40.0 +0100 @@ -1,3 +1,10 @@ +nagvis (1:1.6.6+dfsg.1-3) unstable; urgency=medium + + * Bump version number to allow smooth upgrades from squeeze-backports +(Containing a backport versioned 1:1.6.6+dfsg.1-3~bpo60+1 by mistake) + + -- Alexander Reichle-Schmehl toli...@debian.org Mon, 02 Jul 2012 12:46:07 +0200 + nagvis (1:1.6.6+dfsg.1-2) unstable; urgency=low [ The missed upload by 12 minutes release ] unblock nagvis/1:1.6.6+dfsg.1-3 -- System Information: Debian Release: 6.0.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130220110131.27939.92737.report...@iara.alphamar.org
Bug#701008: marked as done (unblock: nagvis/1:1.6.6+dfsg.1-3)
Your message dated Wed, 20 Feb 2013 12:21:00 +0100 with message-id 5124b19c.70...@thykier.net and subject line Re: Bug#701008: unblock: nagvis/1:1.6.6+dfsg.1-3 has caused the Debian Bug report #701008, regarding unblock: nagvis/1:1.6.6+dfsg.1-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 701008: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701008 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: freeze-exception Please unblock package nagvis I uploaded a backport with wrong version to squeeze-backports, so upgrades from squeeze+squeeze-backports to wheezy are broken. The easiest fix is to bump the version in the sid/wheezy package to be higher again, so as discussed in #debian-release I uploaded a new package. The debdiff is: $ debdiff nagvis_1.6.6+dfsg.1-2.dsc nagvis_1.6.6+dfsg.1-3.dsc diff -Nru nagvis-1.6.6+dfsg.1/debian/changelog nagvis-1.6.6+dfsg.1/debian/changelog --- nagvis-1.6.6+dfsg.1/debian/changelog2012-06-11 18:45:44.0 +0200 +++ nagvis-1.6.6+dfsg.1/debian/changelog2013-02-20 11:40:40.0 +0100 @@ -1,3 +1,10 @@ +nagvis (1:1.6.6+dfsg.1-3) unstable; urgency=medium + + * Bump version number to allow smooth upgrades from squeeze-backports +(Containing a backport versioned 1:1.6.6+dfsg.1-3~bpo60+1 by mistake) + + -- Alexander Reichle-Schmehl toli...@debian.org Mon, 02 Jul 2012 12:46:07 +0200 + nagvis (1:1.6.6+dfsg.1-2) unstable; urgency=low [ The missed upload by 12 minutes release ] unblock nagvis/1:1.6.6+dfsg.1-3 -- System Information: Debian Release: 6.0.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ---End Message--- ---BeginMessage--- On 2013-02-20 12:01, Alexander Reichle-Schmehl wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: freeze-exception Please unblock package nagvis I uploaded a backport with wrong version to squeeze-backports, so upgrades from squeeze+squeeze-backports to wheezy are broken. The easiest fix is to bump the version in the sid/wheezy package to be higher again, so as discussed in #debian-release I uploaded a new package. The debdiff is: [...] [ The missed upload by 12 minutes release ] unblock nagvis/1:1.6.6+dfsg.1-3 [...] Unblocked, thanks. ~Niels---End Message---
cleanup of incorrect update-alternatives handling
Hi, I've now cleaned up most of the incorrect alternatives handling in wheezy and squeeze-wheezy updates, and most of these fixes have already migrated to wheezy or are unblocked. Thanks for this! There are a few packages left that cannot be fixed via unstable, a fix would have to go via TPU - should I try this? tucnak2 #668442 (fixed in unstable, but unstable has a new upstream release, that does FTBFS on everything but the maintainers machine) 0m28.6s ERROR: WARN: Broken symlinks: /usr/bin/tucnak2 - /etc/alternatives/tucnak /etc/alternatives/tucnak - /usr/bin/tucnak (does not remove the alternative on package removal) fonts-vlgothic #699905 (not fixed in unstable, patch available unstable has new upstream release) 0m54.7s INFO: Warning: Package purging left files on system: /etc/alternatives/ttf-japanese-gothic.ttf - /usr/share/fonts/truetype/vlgothic/VL-Gothic-Regular.ttf not owned /usr/share/fonts/ owned by: fonts-vlgothic /usr/share/fonts/truetype/ owned by: fonts-vlgothic /usr/share/fonts/truetype/ttf-japanese-gothic.ttf - /etc/alternatives/ttf-japanese-gothic.ttfnot owned (does not clean up obsolete alternatives on upgrades from squeeze) and of course openjdk-6-jre #685185 1m37.1s INFO: Warning: Package purging left files on system: /etc/alternatives/javaws - /usr/lib/jvm/java-6-openjdk/jre/bin/javaws not owned /etc/alternatives/javaws.1.gz - /usr/lib/jvm/java-6-openjdk/jre/man/man1/javaws.1.gz not owned /etc/alternatives/pluginappletviewer - /usr/lib/jvm/java-6-openjdk/jre/bin/pluginappletviewer not owned /usr/bin/javaws - /etc/alternatives/javawsnot owned /usr/bin/pluginappletviewer - /etc/alternatives/pluginappletviewer not owned /usr/share/man/man1/javaws.1.gz - /etc/alternatives/javaws.1.gz not owned (does not clean up obsolete alternatives on upgrades from squeeze) A patch is attached to the bug, I verified that this works properly, but there is no way that I'd NMU/TPU this package :-) That needs to be done by the maintainers. More than 300 packages seem to be affected by this on squeeze-wheezy updates, making it hard to spot packages that hav ebad alternatives handling on their own. But I'm afraid that still does not qualify to raise the severity to RC - or is leaving broken symlinks in /usr/bin RC? Andreas -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5124bb8d.1090...@debian.org
Bug#700956: RM: djmount/0.71-5
Hi All, On 02/19/2013 05:32 PM, Michael Gilbert wrote: Package: release.debian.org User: release.debian@packages.debian.org Usertags: rm Severity: normal Please remove djmount (it has no reverse dependencies). It embeds libupnp, which has an incredibly large number of security issues, which aren't being fixed in a timely manner in this package (bug #699561). Thanks, Mike djmount is always built using --with-external-libupnp and --with-external-talloc arguments to ensure is using libs provided by libtalloc-dev and libupnp-dev debian packages. Regards. [0] http://anonscm.debian.org/gitweb/?p=collab-maint/djmount.git;a=blob;f=debian/rules;h=7683551167bd3fe00699b8fa7fd8d05b8324c55c;hb=62fbae304ac64ad51495818382269f700d6b3598 -- Dario Minnucci mid...@debian.org Phone: +34 902884117 | Fax: +34 902024417 | Support: +34 80745 Key fingerprint = BAA1 7AAF B21D 6567 D457 D67D A82F BB83 F3D5 7033 signature.asc Description: OpenPGP digital signature
Re: 6.0.7 planning
On Wed, 2013-02-20 at 07:17 +, Adam D. Barratt wrote: On Sun, 2013-02-17 at 15:36 -0800, dann frazier wrote: Agreed; and I think I was unclear. I was taking for granted that we *will* do a 46squeeze2 now w/ the CVE-2013-0871 fix and bypass 46squeeze1. 46squeeze2 would provide the security-only option. The question was whether or not we should try and fix p-u by getting a -49 into -stable now w/ the CVE-2013-0871 fix, or just make sure there's a 48squeeze1 in security for after. Ah - but maybe the point you're making is that a 48squeeze1 in security would make 46squeeze2 harder to find/install - if so, I can understand that point. What's the current thinking here? [...] Dann identified and backported a large series of older changes as dependencies for the recent fix. Given that this is very tricky code and we don't have any particular experience with it, I think it's too much of a risk to apply these before the point release. Ben. -- Ben Hutchings Sturgeon's Law: Ninety percent of everything is crap. signature.asc Description: This is a digitally signed message part
Bug#700956: RM: djmount/0.71-5
On 2013-02-20 15:03, Dario Minnucci wrote: Hi All, On 02/19/2013 05:32 PM, Michael Gilbert wrote: Package: release.debian.org User: release.debian@packages.debian.org Usertags: rm Severity: normal Please remove djmount (it has no reverse dependencies). It embeds libupnp, which has an incredibly large number of security issues, which aren't being fixed in a timely manner in this package (bug #699561). Thanks, Mike djmount is always built using --with-external-libupnp and --with-external-talloc arguments to ensure is using libs provided by libtalloc-dev and libupnp-dev debian packages. Regards. [...] Why have you (still) not mentioned this in the bug log of #699561 ? ~Niels -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/512501c6.70...@thykier.net
Bug#697589: unblock: gnome-menus/3.4.2-7
On Tue, Feb 19, 2013 at 08:30:15PM +0100, Bill Allombert wrote: On Tue, Feb 19, 2013 at 07:15:11PM +, Jonathan Wiltshire wrote: On Thu, Feb 14, 2013 at 08:47:16PM +0100, Josselin Mouette wrote: Le vendredi 25 janvier 2013 à 13:52 +0100, Josselin Mouette a écrit : Le lundi 07 janvier 2013 à 11:41 +0100, Josselin Mouette a écrit : gnome-menus (3.4.2-7) unstable; urgency=low * gnome-menus.postinst: clean up the desktop files once upon upgrades, in order to get rid of files generated by a buggy script. Ping? Sorry you've been waiting. On the basis that Julien downgraded #696530 to normal this isn't strictly RC; conversely, menu-xdg has considerable popcon. As I understand it the problem shows up when update-menus is run as a user. Bill, is that an unusual thing to do or would you expect it from many users? I would says this is rather unusual for GNOME users. I like to add that if they do not like the result of running update-menus, they can revert it by running update-menus --remove, or they can configure menu not to use menu-xdg by doing mkdir ~/.menu-methods Cheers, -- Bill. ballo...@debian.org Imagine a large red swirl here. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130220173951.GC21084@yellowpig
Bug#700956: RM: djmount/0.71-5
Hi Niels, On 02/20/2013 06:03 PM, Niels Thykier wrote: On 2013-02-20 15:03, Dario Minnucci wrote: Hi All, On 02/19/2013 05:32 PM, Michael Gilbert wrote: Package: release.debian.org User: release.debian@packages.debian.org Usertags: rm Severity: normal Please remove djmount (it has no reverse dependencies). It embeds libupnp, which has an incredibly large number of security issues, which aren't being fixed in a timely manner in this package (bug #699561). Thanks, Mike djmount is always built using --with-external-libupnp and --with-external-talloc arguments to ensure is using libs provided by libtalloc-dev and libupnp-dev debian packages. Regards. [...] Why have you (still) not mentioned this in the bug log of #699561 ? ~Niels Oops, I wasn't aware of #699561. I'll update and downgrade it in a minute. Sorry and thanks for the pointer. Regards, -- Dario Minnucci mid...@debian.org Phone: +34 902884117 | Fax: +34 902024417 | Support: +34 80745 Key fingerprint = BAA1 7AAF B21D 6567 D457 D67D A82F BB83 F3D5 7033 signature.asc Description: OpenPGP digital signature
Re: Fixing lucky 13 CVE-2013-0169 in gnutls28
Le dimanche 10 février 2013 16:26:40, Andreas Metzler a écrit : PS: My first idea was to simply pull gnutls28, providing guile-gnutls and gnutls-bin from gnutls26 again. However there is a reverse dependency (pan) on libgnutls28 in testing nowadays. Pan is not distributable currently http://bugs.debian.org/699892 but that might still be fixed in time for the release. I've fixed the license bug by dropping SSL support from pan. pan no longer depends on any libgnutls. All the best Dominique signature.asc Description: This is a digitally signed message part.
Bug#701037: unblock: pan/0.139-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package pan This new version fixes Bug#699892 (pan: Incompatible license: GPLv2 binary linked against LGPLv3+ library) by dropping SSL support. I've also added a missing copyright entry in debian/copyright. See attached debdiff All the best unblock pan/0.139-2 -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash $ debdiff pan_0.139-1.dsc pan_0.139-2.dsc diff -Nru pan-0.139/debian/changelog pan-0.139/debian/changelog --- pan-0.139/debian/changelog 2012-06-30 18:15:52.0 +0200 +++ pan-0.139/debian/changelog 2013-02-19 19:04:50.0 +0100 @@ -1,3 +1,12 @@ +pan (0.139-2) unstable; urgency=low + + * copyright: added missing copyright statement + * rules: removed support of gnutls (Closes: #699892) + * control: removed build depend on libgnutls + * updated NEWS to warn about SSL/TLS drop + + -- Dominique Dumont d...@debian.org Mon, 18 Feb 2013 22:35:51 +0100 + pan (0.139-1) unstable; urgency=low * Imported Upstream version 0.139 diff -Nru pan-0.139/debian/control pan-0.139/debian/control --- pan-0.139/debian/control2012-06-30 18:15:52.0 +0200 +++ pan-0.139/debian/control2013-02-19 19:04:50.0 +0100 @@ -8,7 +8,6 @@ libgmime-2.6-dev, libgtk2.0-dev, libgtkspell-dev, - libgnutls28-dev, libnotify-dev, libgnome-keyring-dev, libdbus-1-dev diff -Nru pan-0.139/debian/copyright pan-0.139/debian/copyright --- pan-0.139/debian/copyright 2012-06-30 18:15:52.0 +0200 +++ pan-0.139/debian/copyright 2013-02-19 19:04:50.0 +0100 @@ -203,6 +203,19 @@ misrepresented as being the original software. 3. This notice may not be removed or altered from any source distribution. +Files: uulib/fptools.* +Copyright: Unknown +License: GPL-1 +Comment: No copyright owner is specified in the files. Only the license is mentioned. + +License: GPL-1 + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 1, February 1989 + . + On Debian systems, the complete text of version 1 of the GNU General + Public License can be found in `/usr/share/common-licenses/GPL-1'. + License: GPL-2 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff -Nru pan-0.139/debian/NEWS pan-0.139/debian/NEWS --- pan-0.139/debian/NEWS 2012-06-30 18:15:52.0 +0200 +++ pan-0.139/debian/NEWS 2013-02-19 19:04:50.0 +0100 @@ -1,3 +1,12 @@ +pan (0.139-2) unstable; urgency=low + +TLS/SSL support was removed due to license incompatiblities +(bug #699892). TLS/SSL support will be enabled once the license +issues are resolved upstream. You will have to rework your news +server setup if you are currently using SSL. + + -- Dominique Dumont d...@debian.org Mon, 18 Feb 2013 22:32:51 +0100 + pan (0.139-1) unstable; urgency=low gnome-keyring support is still compiled in pan for Debian. But it diff -Nru pan-0.139/debian/rules pan-0.139/debian/rules --- pan-0.139/debian/rules 2012-06-30 18:15:52.0 +0200 +++ pan-0.139/debian/rules 2013-02-19 19:04:50.0 +0100 @@ -12,5 +12,6 @@ %: dh $@ --with autotools-dev +# --with-gnutls is forbidden until pan goes to license GPL-2+ (#699892) override_dh_auto_configure: - dh_auto_configure -- --with-gnutls --enable-gkr --enable-silent-rules --enable-libnotify --with-dbus + dh_auto_configure -- --enable-gkr --enable-silent-rules --enable-libnotify --with-dbus
Bug#701037: marked as done (unblock: pan/0.139-2)
Your message dated Wed, 20 Feb 2013 19:16:25 + with message-id 1361387785.1011.4.ca...@jacala.jungle.funky-badger.org and subject line Re: Bug#701037: unblock: pan/0.139-2 has caused the Debian Bug report #701037, regarding unblock: pan/0.139-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 701037: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701037 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package pan This new version fixes Bug#699892 (pan: Incompatible license: GPLv2 binary linked against LGPLv3+ library) by dropping SSL support. I've also added a missing copyright entry in debian/copyright. See attached debdiff All the best unblock pan/0.139-2 -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash $ debdiff pan_0.139-1.dsc pan_0.139-2.dsc diff -Nru pan-0.139/debian/changelog pan-0.139/debian/changelog --- pan-0.139/debian/changelog 2012-06-30 18:15:52.0 +0200 +++ pan-0.139/debian/changelog 2013-02-19 19:04:50.0 +0100 @@ -1,3 +1,12 @@ +pan (0.139-2) unstable; urgency=low + + * copyright: added missing copyright statement + * rules: removed support of gnutls (Closes: #699892) + * control: removed build depend on libgnutls + * updated NEWS to warn about SSL/TLS drop + + -- Dominique Dumont d...@debian.org Mon, 18 Feb 2013 22:35:51 +0100 + pan (0.139-1) unstable; urgency=low * Imported Upstream version 0.139 diff -Nru pan-0.139/debian/control pan-0.139/debian/control --- pan-0.139/debian/control2012-06-30 18:15:52.0 +0200 +++ pan-0.139/debian/control2013-02-19 19:04:50.0 +0100 @@ -8,7 +8,6 @@ libgmime-2.6-dev, libgtk2.0-dev, libgtkspell-dev, - libgnutls28-dev, libnotify-dev, libgnome-keyring-dev, libdbus-1-dev diff -Nru pan-0.139/debian/copyright pan-0.139/debian/copyright --- pan-0.139/debian/copyright 2012-06-30 18:15:52.0 +0200 +++ pan-0.139/debian/copyright 2013-02-19 19:04:50.0 +0100 @@ -203,6 +203,19 @@ misrepresented as being the original software. 3. This notice may not be removed or altered from any source distribution. +Files: uulib/fptools.* +Copyright: Unknown +License: GPL-1 +Comment: No copyright owner is specified in the files. Only the license is mentioned. + +License: GPL-1 + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 1, February 1989 + . + On Debian systems, the complete text of version 1 of the GNU General + Public License can be found in `/usr/share/common-licenses/GPL-1'. + License: GPL-2 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff -Nru pan-0.139/debian/NEWS pan-0.139/debian/NEWS --- pan-0.139/debian/NEWS 2012-06-30 18:15:52.0 +0200 +++ pan-0.139/debian/NEWS 2013-02-19 19:04:50.0 +0100 @@ -1,3 +1,12 @@ +pan (0.139-2) unstable; urgency=low + +TLS/SSL support was removed due to license incompatiblities +(bug #699892). TLS/SSL support will be enabled once the license +issues are resolved upstream. You will have to rework your news +server setup if you are currently using SSL. + + -- Dominique Dumont d...@debian.org Mon, 18 Feb 2013 22:32:51 +0100 + pan (0.139-1) unstable; urgency=low gnome-keyring support is still compiled in pan for Debian. But it diff -Nru pan-0.139/debian/rules pan-0.139/debian/rules --- pan-0.139/debian/rules 2012-06-30 18:15:52.0 +0200 +++ pan-0.139/debian/rules 2013-02-19 19:04:50.0 +0100 @@ -12,5 +12,6 @@ %: dh $@ --with autotools-dev +# --with-gnutls is forbidden until pan goes to license GPL-2+ (#699892) override_dh_auto_configure: - dh_auto_configure -- --with-gnutls --enable-gkr --enable-silent-rules --enable-libnotify --with-dbus + dh_auto_configure -- --enable-gkr --enable-silent-rules --enable-libnotify --with-dbus ---End Message--- ---BeginMessage--- On Wed, 2013-02-20
Bug#700968: release.debian.org: pre-approval unblock: cacti/0.8.8a+dfsg-3 recommends typo fix
On 19-02-13 23:21, Jonathan Wiltshire wrote: It's a regression and a trivial fix, so you can go ahead with this change. Please ping this bug when it's uploaded. Ping. (Only difference with the previous debdiff, is that I now had a bug number [1] to close). Paul [1] http://bugs.debian.org/700999 signature.asc Description: OpenPGP digital signature
Bug#700956: marked as done (RM: djmount/0.71-5)
Your message dated Wed, 20 Feb 2013 22:49:01 +0100 with message-id 512544cd.1010...@thykier.net and subject line Re: Bug#700956: RM: djmount/0.71-5 has caused the Debian Bug report #700956, regarding RM: djmount/0.71-5 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 700956: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700956 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org User: release.debian@packages.debian.org Usertags: rm Severity: normal Please remove djmount (it has no reverse dependencies). It embeds libupnp, which has an incredibly large number of security issues, which aren't being fixed in a timely manner in this package (bug #699561). Thanks, Mike ---End Message--- ---BeginMessage--- On 2013-02-20 19:20, Dario Minnucci wrote: Hi Niels, On 02/20/2013 06:03 PM, Niels Thykier wrote: On 2013-02-20 15:03, Dario Minnucci wrote: [...] djmount is always built using --with-external-libupnp and --with-external-talloc arguments to ensure is using libs provided by libtalloc-dev and libupnp-dev debian packages. Regards. [...] [...] Oops, I wasn't aware of #699561. I'll update and downgrade it in a minute. Sorry and thanks for the pointer. Regards, Thanks for following up to #699561, I have taken the liberty of closing it[1] along with this request so both will be removed from our TODO list. ~Niels [1] Due to Yves-Alexis Perez's suggestion to do so and because it is currently still of RC severity.---End Message---
Bug#700968: marked as done (release.debian.org: pre-approval unblock: cacti/0.8.8a+dfsg-3 recommends typo fix)
Your message dated Wed, 20 Feb 2013 22:04:40 + with message-id 20130220220440.ga7...@ernie.home.powdarrmonkey.net and subject line Re: Bug#700968: release.debian.org: pre-approval unblock: cacti/0.8.8a+dfsg-3 recommends typo fix has caused the Debian Bug report #700968, regarding release.debian.org: pre-approval unblock: cacti/0.8.8a+dfsg-3 recommends typo fix to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 700968: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700968 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 After cacti/0.8.8a+dfsg-2 migrated to testing it turned out [1] that I had a typo in the recommends, thus under normal circumstances creating the regression in cacti that we wanted to prevent (bug: 694850, [2]). The fix is trivial, but I believe that normally the bug would not qualify for an unblock. I ask anyway because it was introduced with the previous approved solution for the license issue in cacti. But feel free to reject this report immediately. Debdiff attached. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679980#54 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694850 - -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJRI9z/AAoJEJxcmesFvXUKzw0IALdQrMwHddquelO5/vspDMPc G6yIDPiqkSPsRyc5/qOddgjCotZL9olq4nC3wN4nWNYfOLGE8XwCOd9DbCyu2HuA mCXvvEKaC2XD5Nb3kGEp/KJ+nm3LklnYIjSF6VOgxBek+FE5EoripQPp8nQbuZJ5 YQRD6LfX2EWncb+vuMEKk96Ac3bgsJr1QVcVrEcYFaBaDo46GC6YfrFXQfzuh3hA U1ZvvoIFtXDuYCGqYc3ifJW6iir/7TkS30m6cOr+AdqKudMrUfwkvkIRFqg5h/RA OEEsGSnJw0WKUvDnHuxf+52y1v5FVyje8PkBuh0aUkjEWr+Sw5/5TxKaIjPt7Tc= =Vuou -END PGP SIGNATURE- diff -Nru cacti-0.8.8a+dfsg/debian/changelog cacti-0.8.8a+dfsg/debian/changelog --- cacti-0.8.8a+dfsg/debian/changelog 2013-01-29 20:43:50.0 +0100 +++ cacti-0.8.8a+dfsg/debian/changelog 2013-02-19 20:51:06.0 +0100 @@ -1,3 +1,9 @@ +cacti (0.8.8a+dfsg-3) unstable; urgency=low + + * Fixed typo in recommends libjs-jquery* i.s.o. libjs-query + + -- Paul Gevers elb...@debian.org Tue, 19 Feb 2013 20:33:20 +0100 + cacti (0.8.8a+dfsg-2) unstable; urgency=low * Upload to unstable after acknowledge by the RT, see #694850. diff -Nru cacti-0.8.8a+dfsg/debian/control cacti-0.8.8a+dfsg/debian/control --- cacti-0.8.8a+dfsg/debian/control 2012-12-10 21:49:51.0 +0100 +++ cacti-0.8.8a+dfsg/debian/control 2013-02-19 20:25:51.0 +0100 @@ -30,8 +30,8 @@ Recommends: apache2 | lighttpd | nginx | httpd, inetutils-ping | iputils-ping, logrotate, -libjs-query, -libjs-query-cookie, +libjs-jquery, +libjs-jquery-cookie, mysql-server Suggests: php5-ldap, moreutils, ---End Message--- ---BeginMessage--- On Wed, Feb 20, 2013 at 10:21:56PM +0100, Paul Gevers wrote: On 19-02-13 23:21, Jonathan Wiltshire wrote: It's a regression and a trivial fix, so you can go ahead with this change. Please ping this bug when it's uploaded. Ping. (Only difference with the previous debdiff, is that I now had a bug number [1] to close). Paul [1] http://bugs.debian.org/700999 Thanks, unblocked. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 directhex i have six years of solaris sysadmin experience, from 8-10. i am well qualified to say it is made from bonghits layered on top of bonghits signature.asc Description: Digital signature ---End Message---
Bug#696671: tpu: isc-dhcp/4.2.2.dfsg.1-5+deb70u3
On Sun, Feb 17, 2013 at 8:50 AM, Philipp Kern wrote: On Sat, Feb 16, 2013 at 04:20:45PM -0500, Michael Gilbert wrote: On Sat, Feb 16, 2013 at 4:18 PM, Michael Gilbert wrote: I've attached an updated proposed patch, which also fixes #698582 (and consequentially #700363). File attached. Really attached this time ... thanks. Please go ahead. Uploaded. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANTw=mp96aou1rtudivm2cjbfijj+g_z5dqfpszgfcj+ftz...@mail.gmail.com
