Processed: bug 726385 is forwarded to http://release.debian.org/transitions/html/harfbuzz.html
Processing commands for cont...@bugs.debian.org: forwarded 726385 http://release.debian.org/transitions/html/harfbuzz.html Bug #726385 [release.debian.org] transition: harfbuzz Set Bug forwarded-to-address to 'http://release.debian.org/transitions/html/harfbuzz.html'. thanks Stopping processing here. Please contact me if you need assistance. -- 726385: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726385 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.138615189623002.transcr...@bugs.debian.org
Processed: tagging 726385
Processing commands for cont...@bugs.debian.org: tags 726385 + pending Bug #726385 [release.debian.org] transition: harfbuzz Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 726385: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726385 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.138615242126168.transcr...@bugs.debian.org
Bug#717418: marked as done (transition: libudev)
Your message dated Wed, 4 Dec 2013 11:57:05 +0100
with message-id 20131204105705.ge4...@betterave.cristau.org
and subject line Re: Bug#717418: transition: libudev
has caused the Debian Bug report #717418,
regarding transition: libudev
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
717418: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717418
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
In version 183, the following symbols were dropped from libudev
udev_monitor_from_socket()
udev_queue_get_failed_list_entry()
udev_get_{dev,sys,run}_path()
In addition, upstream introduced symbol versioning.
The soversion was bumped from 0 to 1.
We currently have libudev1 in experimental. I've filed bugs against
affected packages quite a while ago, and they've been updated to no
longer use that API. So we should only need a round of binNMUs.
Please let us know, when we can move the package from experimental to
unstable to start this transition.
Michael,
on behalf of the pkg-systemd-maintainers team.
Ben file:
title = libudev;
is_affected = .depends ~ libudev0 | .depends ~ libudev1;
is_good = .depends ~ libudev1;
is_bad = .depends ~ libudev0;
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.10-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
---End Message---
---BeginMessage---
On Sat, Jul 20, 2013 at 19:09:24 +0200, Michael Biebl wrote:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
In version 183, the following symbols were dropped from libudev
udev_monitor_from_socket()
udev_queue_get_failed_list_entry()
udev_get_{dev,sys,run}_path()
In addition, upstream introduced symbol versioning.
The soversion was bumped from 0 to 1.
With libvirt finally migrating yesterday, there are no libudev0 rdeps
left in testing. Waiting on #731210 being processed for it to go away,
but let's close this one now.
Cheers,
Julien
signature.asc
Description: Digital signature
---End Message---
Processed: tagging 714398
Processing commands for cont...@bugs.debian.org: tags 714398 + pending Bug #714398 [release.debian.org] transition: glpk Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 714398: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714398 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.138615720525343.transcr...@bugs.debian.org
SQLAlchemy updates in stable
Hi guys, I want to start updating sqlalchemy source package in stable to the latest point release. Upstream is sane and makes sure 3rd party code doesn't break by 0.X.Y releases (every bug fix has a test case, testsuite is huge¹, changelog is very verbose², each 0.X→0.Y update is described in a migration guide³). Once 0.X+1 is released, 0.X.* versions get bug fixes mostly, sometimes additional features are also backported which makes debdiff not small (big enough to not call it release team friendly). My question is: is it worth my time or will you reject it basing on debdiff size? I can start with preparing 0.7.10 (released upstream in February) upload to stable [¹] http://sources.debian.net/src/sqlalchemy/latest/test [²] http://docs.sqlalchemy.org/en/latest/changelog/changelog_08.html [³] http://docs.sqlalchemy.org/en/latest/changelog/migration_08.html PS please CC me on replies -- Piotr Ożarowski Debian GNU/Linux Developer www.ozarowski.pl www.griffith.cc www.debian.org GPG Fingerprint: 1D2F A898 58DA AF62 1786 2DF7 AEF6 F1A2 A745 7645 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131204122802.gp3...@sts0.p1otr.com
Bug#731343: pu: package gtk+3.0/3.4.2-7
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: pu Hi, I’d like to upload an update (prepared by Raphaël) for gtk+3.0, which is necessary in order to fix librsvg’s CVE-2013-1881. Thanks for considering. -- Josselin Mouette Index: debian/changelog === --- debian/changelog (révision 40301) +++ debian/changelog (copie de travail) @@ -1,3 +1,11 @@ +gtk+3.0 (3.4.2-7) stable; urgency=low + + [ Raphaël Geissert ] + * Workaround new behaviour of librsvg (which implemented an origin +policy) by loading the file icon via a data: URI. + + -- Josselin Mouette j...@debian.org Wed, 04 Dec 2013 14:06:28 +0100 + gtk+3.0 (3.4.2-6) unstable; urgency=low * Team upload. Index: debian/patches/001_use_data_uris_for_symbolic_icons.patch === --- debian/patches/001_use_data_uris_for_symbolic_icons.patch (révision 0) +++ debian/patches/001_use_data_uris_for_symbolic_icons.patch (copie de travail) @@ -0,0 +1,37 @@ +Index: gtk+3.0-3.4.2/gtk/gtkicontheme.c +=== +--- gtk+3.0-3.4.2.orig/gtk/gtkicontheme.c 2012-05-02 14:46:50.0 +0200 gtk+3.0-3.4.2/gtk/gtkicontheme.c 2013-11-27 14:16:27.393901153 +0100 +@@ -3170,6 +3170,8 @@ _gtk_icon_info_load_symbolic_internal (G + GdkPixbuf *pixbuf; + gchar *data; + gchar *success, *warning, *err; ++ gchar *file_data, *escaped_file_data; ++ gsize file_len; + + /* css_fg can't possibly have failed, otherwise +* that would mean we have a broken style */ +@@ -3193,6 +3195,11 @@ _gtk_icon_info_load_symbolic_internal (G + err = gdk_color_to_css (error_default_color); + } + ++ if (!g_file_get_contents (icon_info-filename, file_data, file_len, NULL)) ++return NULL; ++ ++ escaped_file_data = g_markup_escape_text (file_data, file_len); ++ g_free (file_data); + + data = g_strconcat (?xml version=\1.0\ encoding=\UTF-8\ standalone=\no\?\n + svg version=\1.1\\n +@@ -3214,9 +3221,10 @@ _gtk_icon_info_load_symbolic_internal (G + fill: , css_success ? css_success : success, !important;\n + }\n + /style\n +-xi:include href=\, icon_info-filename, \/\n ++xi:include href=\data:text/xml,, escaped_file_data, \/\n + /svg, + NULL); ++ g_free (escaped_file_data); + g_free (warning); + g_free (err); + g_free (success); Index: debian/patches/series === --- debian/patches/series (révision 40301) +++ debian/patches/series (copie de travail) @@ -1,3 +1,4 @@ +001_use_data_uris_for_symbolic_icons.patch 015_default-fallback-icon-theme.patch 016_no_offscreen_widgets_grabbing.patch 017_no_offscreen_device_grabbing.patch
Processed: libllvm-3.3-ocaml-dev: missing ABI dependency
Processing control commands: block 718767 with -1 Bug #718767 [release.debian.org] transition: ocaml 4.01.0 718767 was blocked by: 730196 731277 726010 731218 718767 was not blocking any bugs. Added blocking bug(s) of 718767: 731344 Warning: Unknown package 'src:libllvm-3.3-ocaml-dev' -- 718767: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718767 731344: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731344 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b.13861629581879.transcr...@bugs.debian.org
Bug#729531: transition: icu
Julien Cristau jcris...@debian.org wrote: I'd like to upgrade the version of ICU from 4.8 to 52. They changed their version numbering scheme essentially multiplying everything by 10. We skipped a few versions (49, 50, 51) because of the freeze before wheezy. This is the first major version to be released since Wheezy. (A major ICU version is released every six months.) ICU 52 should be source compatible but not binary compile with ICU 4.8. Many bugs have been fixed since ICU 4.8. I have basically done a library transition approximately every other ICU version, and they have all gone smoothly up to this point. The dev package name is versionless (libicu-dev) so this transition should be able to be done with just a forced rebuild of ICU's reverse dependencies. Please go ahead, and let us know when icu 52 is installed on all archs so we can start the rebuilds. ICU 52 is installed on all architectures now. Thanks! -- Jay Berkenbilt q...@debian.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131204082445.0398451667.qww314...@soup.q.qbilt.org
Bug#693216: pu: firebird2.5/2.5.2.26539.ds4-1
On Tue, Dec 3, 2013 at 22:50:18 +0200, Damyan Ivanov wrote: -=| Damyan Ivanov, 06.10.2013 23:57:15 +0300 |=- -=| Cyril Brulebois, 29.09.2013 22:59:31 +0200 |=- looking at it for 7.2 now, sorry it took so long. Is there a chance to have firebird2.5 updated with 7.3? What can I do about it? (#693216 has the story so far). Assuming this has been tested in a wheezy environment, please go ahead and upload. Cheers, Julien signature.asc Description: Digital signature
Bug#731285: pu: package kexec-tools/1:2.0.3-1
Hi, On 2013-12-04 00:04, Khalid Aziz wrote: A debdiff of proposed changes is attached. Please go ahead. (For reference, the real bug is #708034.) -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 directhex i have six years of solaris sysadmin experience, from 8-10. i am well qualified to say it is made from bonghits layered on top of bonghits -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/3ae78e0b6bc6823be4d83dca0dad2...@hogwarts.powdarrmonkey.net
Bug#699818: pre-approval for pu: eglibc - timer_settime broken on kfreebsd-amd64
On Wed, Oct 2, 2013 at 16:44:41 +0100, Adam D. Barratt wrote: On 2013-10-02 16:14, Adam Conrad wrote: On Tue, Oct 01, 2013 at 10:23:22PM +0100, Adam D. Barratt wrote: That looks okay. In terms of the other suggested updates, as a non-release architecture for wheezy, hurd-specific patches aren't really appropriate for a stable update. Perhaps not appropriate to upload just for Hurd, but hurd-specific patches that don't touch other arches also seem harmless. I'm happy to back them out, though, if it's a sticking point. Well, they don't really meet the definition of minimal changes. :-) If someone puts together a debdiff including them, I'm more than happy to look at that and we can make a call from there. (Bearing in mind that the window for 7.2 closes over the coming weekend.) Any news here? We're now nearing the end of the window for 7.3. Cheers, Julien signature.asc Description: Digital signature
Bug#704601: marked as done (pu: hdf5/1.8.8-9+deb7u1)
Your message dated Wed, 4 Dec 2013 15:04:13 +0100
with message-id 20131204140413.gh4...@betterave.cristau.org
and subject line Re: Bug#704601: unblock: hdf5/1.8.8-9.1
has caused the Debian Bug report #704601,
regarding pu: hdf5/1.8.8-9+deb7u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
704601: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704601
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package hdf5
This update fixes several upgrade issues (see #667599 and duplicates)
involving hdf5. While it is not a perfect solution (there are still some
upgrade paths failing), it is an improvement over what is currently in
wheezy. A better solution would require significant reorganization of
the hdf5 package stack.
Andreas
unblock hdf5/1.8.8-9.1
diffstat for hdf5-1.8.8 hdf5-1.8.8
changelog | 21 +
control| 43 ---
control.in | 43 ---
3 files changed, 77 insertions(+), 30 deletions(-)
diff -Nru hdf5-1.8.8/debian/changelog hdf5-1.8.8/debian/changelog
--- hdf5-1.8.8/debian/changelog 2012-03-08 11:09:55.0 +0100
+++ hdf5-1.8.8/debian/changelog 2013-03-18 16:25:07.0 +0100
@@ -1,3 +1,24 @@
+hdf5 (1.8.8-9.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Remove unneded Conflicts/Replaces/Provides to help apt finding a proper
+upgrade path. Suggested by Margarita Manterola. (Closes: #667599)
+- Drop Conflicts/Provides: libhdf5-@MAJOR_VERSION@.
+- Drop Conflicts/Replaces: libhdf5-1.8.4, libhdf5-*-1.8.4. The library
+ packages from squeeze are co-installable without file conflicts.
+ * libhdf5{,-mpich2,-openmpi}-7: Add Breaks: libnetcdf6 ( 1:4.1.1-7~) to
+ease upgrades from squeeze. Apt (the squeeze version) may assign
+priorities that cause a precedence of libhdf5-7 libnetcdf6 libnetcdfc7
+resulting in netcdf not being upgraded in some upgrade paths.
+ * libhdf5{,-mpich2,-openmpi}-dev: Add unversioned Conflicts: libjpeg62-dev
+to fix the libjpeg-dev transition on some upgrade paths by preventing
+apt from holding back libjpeg62-dev/squeeze (to satisfy Depends:
+libjpeg-dev) instead of installing libjpeg8-dev/wheezy and removing
+libjpeg62-dev. Versioned Breaks/Conflicts did not achieve this, causing
+the hdf5 stack not being upgraded in some cases.
+
+ -- Andreas Beckmann a...@debian.org Mon, 25 Feb 2013 11:26:57 +0100
+
hdf5 (1.8.8-9) unstable; urgency=low
* Force the dependency on the serpack for hdf5-tools hdf5-helpers.
diff -Nru hdf5-1.8.8/debian/control hdf5-1.8.8/debian/control
--- hdf5-1.8.8/debian/control 2012-03-08 11:18:22.0 +0100
+++ hdf5-1.8.8/debian/control 2013-03-18 16:26:18.0 +0100
@@ -17,11 +17,15 @@
Section: libs
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
-Conflicts: libhdf5-7, libhdf5-1.8,
- libhdf5-1.8.4, libhdf5-serial-1.8.4, libhdf5-1.8.6, libhdf5-serial-1.8.6,
+Conflicts: libhdf5-7,
+ libhdf5-1.8.6, libhdf5-serial-1.8.6,
libhdf5-1.8.7, libhdf5-serial-1.8.7
-Provides: libhdf5-7, libhdf5-1.8
-Replaces: libhdf5-1.8.4, libhdf5-serial-1.8.4, libhdf5-1.8.6, libhdf5-serial-1.8.6, libhdf5-1.8.7, libhdf5-serial-1.8.7
+Provides: libhdf5-7,
+Replaces:
+ libhdf5-1.8.6, libhdf5-serial-1.8.6,
+ libhdf5-1.8.7, libhdf5-serial-1.8.7
+Breaks:
+ libnetcdf6 ( 1:4.1.1-7~),
Description: Hierarchical Data Format 5 (HDF5) - runtime files - serial version
HDF5 is a file format and library for storing scientific data.
HDF5 was designed and implemented to address the deficiencies of
@@ -52,7 +56,8 @@
Suggests: libhdf5-doc
Provides: libhdf5-serial-dev
Replaces: libhdf5-serial-dev ( 1.8.8-2)
-Conflicts: libhdf5-serial-dev ( 1.8.8-2)
+Conflicts: libhdf5-serial-dev ( 1.8.8-2),
+ libjpeg62-dev,
Description: Hierarchical Data Format 5 (HDF5) - development files - serial version
HDF5 is a file format and library for storing scientific data.
HDF5 was designed and implemented to address the deficiencies of
@@ -78,12 +83,15 @@
Priority: extra
Architecture: alpha armel armhf amd64 i386 ia64 powerpc sparc kfreebsd-i386 kfreebsd-amd64 hurd-i386
Depends: ${shlibs:Depends}, ${misc:Depends}
-Conflicts: libhdf5-7, libhdf5-1.8,
- libhdf5-1.8.4, libhdf5-openmpi-1.8.4, libhdf5-1.8.6, libhdf5-openmpi-1.8.6,
+Conflicts: libhdf5-7,
+ libhdf5-1.8.6, libhdf5-openmpi-1.8.6,
libhdf5-1.8.7, libhdf5-openmpi-1.8.7
-Provides: libhdf5-7, libhdf5-1.8
Bug#706281: marked as done (pu: libusb/0.1.12-20+nmu2)
Your message dated Wed, 4 Dec 2013 15:08:24 +0100 with message-id 20131204140824.gi4...@betterave.cristau.org and subject line Re: Bug#706281: t-p-u: libusb/0.1.12-20+nmu2 has caused the Debian Bug report #706281, regarding pu: libusb/0.1.12-20+nmu2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 706281: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706281 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock I identified three packages that don't ship a SONAME symlink and cause spurious creation and removal of this link by ldconfig. Spurious since the packages themselves don't call ldconfig, so another installation will trigger the ldconfig run - 2 seconds or 2 months later. As this makes the (dis-)appearance nondeterministic, this could produce heisenbugs that will be hard to debug. So better ship the link in the package and let dpkg instead of ldconfig manage creation/removal. libusb-dev is one of them (#706278), due to the /usr/lib/triplet/libusb.so - /lib/triplet/libusb-0.1.so.4.4.4 link. The SONAME is libusb-0.1.so.4 and ldconfig will create /usr/lib/triplet/libusb-0.1.so.4 - libusb.so The attached patch adds this link to the libusb-dev package: /usr/lib/triplet/libusb-0.1.so.4 /lib/triplet/libusb-0.1.so.4 As libusb builds an udeb, too, this will probably have to wait for r1. libusb currently has a non-standard NMU version, we could fix this into 0.1.12-20.1 (or 0.1.12-20.2), but using the more canonical +deb7u1 suffix will be difficult. So I just incremented the bad version. Andreas unblock libusb/0.1.12-20+nmu2 diff -Nru libusb-0.1.12/debian/changelog libusb-0.1.12/debian/changelog --- libusb-0.1.12/debian/changelog 2012-09-22 16:02:30.0 +0200 +++ libusb-0.1.12/debian/changelog 2013-04-27 18:22:54.0 +0200 @@ -1,3 +1,12 @@ +libusb (2:0.1.12-20+nmu2) testing; urgency=low + + * Non-maintainer upload. + * libusb-dev: Ship /usr/lib/triplet/libusb-0.1.so.4 - +/lib/triplet/libusb-0.1.so.4 symlink to prevent spurious creation of +that SONAME link by ldconfig. (Closes: #706278) + + -- Andreas Beckmann a...@debian.org Sat, 27 Apr 2013 18:16:00 +0200 + libusb (2:0.1.12-20+nmu1) testing-proposed-updates; urgency=low * Non-maintainer upload. diff -Nru libusb-0.1.12/debian/libusb-dev.install libusb-0.1.12/debian/libusb-dev.install --- libusb-0.1.12/debian/libusb-dev.install 2011-07-16 12:59:12.0 +0200 +++ libusb-0.1.12/debian/libusb-dev.install 2013-04-27 18:15:47.0 +0200 @@ -1,5 +1,6 @@ usr/bin/libusb-config usr/include/usb.h usr/lib/*/libusb.a +usr/lib/*/libusb-0.1.so.4 usr/lib/*/libusb.so usr/lib/*/pkgconfig/libusb.pc diff -Nru libusb-0.1.12/debian/rules libusb-0.1.12/debian/rules --- libusb-0.1.12/debian/rules 2011-12-31 01:56:04.0 +0100 +++ libusb-0.1.12/debian/rules 2013-04-27 18:34:34.0 +0200 @@ -147,6 +147,8 @@ $(CURDIR)/debian/tmp/lib/$(DEB_HOST_MULTIARCH) ln -sf /lib/$(DEB_HOST_MULTIARCH)/libusb-0.1.so.4.4.4 \ $(CURDIR)/debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libusb.so + ln -sf /lib/$(DEB_HOST_MULTIARCH)/libusb-0.1.so.4 \ + $(CURDIR)/debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libusb-0.1.so.4 # Move all files in their corresponding package dh_install -s -Nlibusb-0.1-udeb --list-missing --sourcedir=debian/tmp ---End Message--- ---BeginMessage--- On Mon, Sep 30, 2013 at 00:24:13 +0200, Cyril Brulebois wrote: Control: tag -1 moreinfo Andreas Beckmann a...@debian.org (2013-06-03): On 2013-05-22 01:57, Cyril Brulebois wrote: I'm not sure about the practical impact, besides “it's not nice to have undeterministic behaviours”. AFAICT, the extra .so doesn't hurt when it's here (you wouldn't suggest shipping it in the package otherwise, right?), and nobody has ever complained about its being missing AFAICT from your bug report. the src:json-c packages in unstable have a similar problem and people are getting spurious libjson0: error while loading shared libraries: libjson.so.0 errors (#709512), maybe that could be attributed to this ldconfig issue: leaving around a dangling SONAME symlink for an indefinite time That's not really an answer to the question about practical impacts. So I guess I'll prefer sticking to the current status quo… Accordingly, that's still true. NAKing this one until/unless it stops being a merely theoretical issue. Cheers, Julien signature.asc Description: Digital signature ---End Message---
Bug#706286: marked as done (pu: libpng/1.2.49-1+deb7u1)
Your message dated Wed, 4 Dec 2013 15:09:13 +0100
with message-id 20131204140913.gj4...@betterave.cristau.org
and subject line Re: Bug#706286: pre-approve: libpng/1.2.49-4
has caused the Debian Bug report #706286,
regarding pu: libpng/1.2.49-1+deb7u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
706286: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706286
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
I identified three packages that don't ship a SONAME symlink and cause
spurious creation and removal of this link by ldconfig. Spurious since
the packages themselves don't call ldconfig, so another installation
will trigger the ldconfig run - 2 seconds or 2 months later.
As this makes the (dis-)appearance nondeterministic, this could produce
heisenbugs that will be hard to debug. So better ship the link in the
package and let dpkg instead of ldconfig manage creation/removal.
libpng12-dev is one of them (#706181), due to the
/usr/lib/triplet/libpng12.so - /lib/triplet/libpng12.so.0
link. ldconfig would create
/usr/lib/triplet/libpng12.so.0 - libpng.so
The attached patch changes the symlinks in the -dev package to
/usr/lib/triplet/libpng12.so - libpng12.so.0 - /lib/triplet/libpng12.so.0
Anibal has already signaled to prepare an updated package, so I filed an
unblock versioned as a new maintainer upload.
This fix could go via unstable, the only difference between sid and
wheezy are some changelog entries.
Andreas
unblock libpng/1.2.49-4
diff -Nru libpng-1.2.49/debian/changelog libpng-1.2.49/debian/changelog
--- libpng-1.2.49/debian/changelog 2012-04-09 04:14:09.0 +0200
+++ libpng-1.2.49/debian/changelog 2013-04-27 20:04:03.0 +0200
@@ -1,3 +1,27 @@
+libpng (1.2.49-3.1) UNRELEASED; urgency=low
+
+ * Non-maintainer upload.
+ * libpng12-dev: Ship /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 -
+/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 symlink, too, to prevent ldconfig
+from playing ping-pong with the SONAME link. (Closes: #706181)
+
+ -- Andreas Beckmann a...@debian.org Fri, 26 Apr 2013 00:33:36 +0200
+
+libpng (1.2.49-3) unstable; urgency=low
+
+ * Remove patches/02-681408-CVE-2012-3386-Makefile.in.patch.
+This patch is unnecessary. This issue is already fixed in automake.
+
+ -- Nobuhiro Iwamatsu iwama...@debian.org Tue, 28 Aug 2012 16:22:51 +0900
+
+libpng (1.2.49-2) unstable; urgency=high
+
+ * Change a+w to u+w in Makefile.in to fix CVE-2012-3386
+Add 02-681408-CVE-2012-3386-Makefile.in.patch
+Closes: #681408
+
+ -- Anibal Monsalve Salazar ani...@debian.org Fri, 13 Jul 2012 12:31:39 +1000
+
libpng (1.2.49-1) unstable; urgency=high
* New upstream version 1.2.49
diff -Nru libpng-1.2.49/debian/libpng12-dev.links.in libpng-1.2.49/debian/libpng12-dev.links.in
--- libpng-1.2.49/debian/libpng12-dev.links.in 2011-07-18 13:52:43.0 +0200
+++ libpng-1.2.49/debian/libpng12-dev.links.in 2013-04-26 00:32:55.0 +0200
@@ -1,3 +1,4 @@
/usr/share/man/man1/libpng12-config.1.gz /usr/share/man/man1/libpng-config.1.gz
/usr/include/libpng12 /usr/include/libpng
-/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so
+/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0
+/usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so
[The following lists of changes regard files as different if they have
different names, permissions or owners.]
Files in second .deb but not in first
-
lrwxrwxrwx root/root /usr/lib/x86_64-linux-gnu/libpng12.so - libpng12.so.0
lrwxrwxrwx root/root /usr/lib/x86_64-linux-gnu/libpng12.so.0 -
/lib/x86_64-linux-gnu/libpng12.so.0
Files in first .deb but not in second
-
lrwxrwxrwx root/root /usr/lib/x86_64-linux-gnu/libpng12.so -
/lib/x86_64-linux-gnu/libpng12.so.0
Control files: lines which differ (wdiff format)
Depends: libpng12-0 (= [-1.2.49-1),-] {+1.2.49-3.1),+} zlib1g-dev
Installed-Size: [-588-] {+589+}
Version: [-1.2.49-1-] {+1.2.49-3.1+}
---End Message---
---BeginMessage---
On Wed, May 22, 2013 at 01:59:21 +0200, Cyril Brulebois wrote:
Control: tag -1 moreinfo
Andreas Beckmann a...@debian.org (27/04/2013):
I identified three packages that don't ship a SONAME symlink and cause
spurious creation and removal of this link by ldconfig. Spurious since
the packages themselves
Bug#731351: pu: package librsvg/2.36.1-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu
Hi,
Raphaël has prepared a stable update for librsvg in order to fix
CVE-2013-1881.
Thanks for considering.
--
.''`.Josselin Mouette
: :' :
`. `'
`-
Index: debian/changelog
===
--- debian/changelog (révision 40303)
+++ debian/changelog (copie de travail)
@@ -1,3 +1,11 @@
+librsvg (2.36.1-2) stable; urgency=low
+
+ [ Raphaël Geissert ]
+ * Fix CVE-2013-1881: disable loading of external entities.
+Closes: #724741.
+
+ -- Josselin Mouette j...@debian.org Wed, 04 Dec 2013 15:06:01 +0100
+
librsvg (2.36.1-1) unstable; urgency=low
* New upstream release.
Index: debian/patches/01_CVE-2013-1881_policy.patch
===
--- debian/patches/01_CVE-2013-1881_policy.patch (révision 0)
+++ debian/patches/01_CVE-2013-1881_policy.patch (copie de travail)
@@ -0,0 +1,165 @@
+From f01aded72c38f0e18bc7ff67dee800e380251c8e Mon Sep 17 00:00:00 2001
+From: Christian Persch c...@gnome.org
+Date: Mon, 11 Feb 2013 21:36:58 +
+Subject: io: Implement strict load policy
+
+Allow any file to load from data:, and any resource to load from other
+resources. Only allow file: to load other file: URIs from below the path
+of the base file. Any other loads are denied.
+
+Bug #691708.
+---
+Index: librsvg-2.36.1/rsvg-base.c
+===
+--- librsvg-2.36.1.orig/rsvg-base.c 2012-03-26 14:25:08.0 +0200
librsvg-2.36.1/rsvg-base.c 2013-11-26 16:07:42.481471848 +0100
+@@ -25,6 +25,7 @@
+ */
+
+ #include config.h
++#define _GNU_SOURCE 1
+
+ #include rsvg.h
+ #include rsvg-private.h
+@@ -1001,6 +1002,7 @@ void
+ rsvg_handle_set_base_uri (RsvgHandle * handle, const char *base_uri)
+ {
+ gchar *uri;
++GFile *file;
+
+ g_return_if_fail (handle != NULL);
+
+@@ -1012,11 +1014,10 @@ rsvg_handle_set_base_uri (RsvgHandle * h
+ else
+ uri = rsvg_get_base_uri_from_filename (base_uri);
+
+-if (uri) {
+-if (handle-priv-base_uri)
+-g_free (handle-priv-base_uri);
+-handle-priv-base_uri = uri;
+-}
++file = g_file_new_for_uri (uri ? uri : data:);
++rsvg_handle_set_base_gfile (handle, file);
++g_object_unref (file);
++g_free (uri);
+ }
+
+ /**
+@@ -2146,12 +2147,84 @@ _rsvg_handle_allow_load (RsvgHandle *han
+ const char *uri,
+ GError **error)
+ {
+-RsvgLoadPolicy policy = handle-priv-load_policy;
++RsvgHandlePrivate *priv = handle-priv;
++GFile *base;
++char *path, *dir;
++char *scheme = NULL, *cpath = NULL, *cdir = NULL;
+
+-if (policy == RSVG_LOAD_POLICY_ALL_PERMISSIVE)
+-return TRUE;
++g_assert (handle-priv-load_policy == RSVG_LOAD_POLICY_STRICT);
++
++scheme = g_uri_parse_scheme (uri);
++
++/* Not a valid URI */
++if (scheme == NULL)
++goto deny;
++
++/* Allow loads of data: from any location */
++if (g_str_equal (scheme, data))
++goto allow;
++
++/* No base to compare to? */
++if (priv-base_gfile == NULL)
++goto deny;
++
++/* Deny loads from differing URI schemes */
++if (!g_file_has_uri_scheme (priv-base_gfile, scheme))
++goto deny;
++
++/* resource: is allowed to load anything from other resources */
++if (g_str_equal (scheme, resource))
++goto allow;
+
++/* Non-file: isn't allowed to load anything */
++if (!g_str_equal (scheme, file))
++goto deny;
++
++base = g_file_get_parent (priv-base_gfile);
++if (base == NULL)
++goto deny;
++
++dir = g_file_get_path (base);
++g_object_unref (base);
++
++/* FIXME portability */
++cdir = canonicalize_file_name (dir);
++g_free (dir);
++if (cdir == NULL)
++goto deny;
++
++path = g_filename_from_uri (uri, NULL, NULL);
++if (path == NULL)
++goto deny;
++
++/* FIXME portability */
++cpath = canonicalize_file_name (path);
++g_free (path);
++
++if (cpath == NULL)
++goto deny;
++
++/* Now check that @cpath is below @cdir */
++if (!g_str_has_prefix (cpath, cdir) ||
++cpath[strlen (cdir)] != G_DIR_SEPARATOR)
++goto deny;
++
++/* Allow load! */
++
++ allow:
++g_free (scheme);
++free (cpath);
++free (cdir);
+ return TRUE;
++
++ deny:
++g_free (scheme);
++free (cpath);
++free (cdir);
++
++g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
++ File may not link to URI \%s\, uri);
++return FALSE;
+ }
+
+ guint8*
+Index: librsvg-2.36.1/rsvg-io.c
+===
+--- librsvg-2.36.1.orig/rsvg-io.c 2012-03-26 14:25:08.0 +0200
librsvg-2.36.1/rsvg-io.c 2013-11-26 16:07:25.021364586 +0100
+@@ -79,7 +79,7 @@
Bug#729747: pu: package apt-listbugs/0.1.8
Control: tag -1 confirmed Hi, On 2013-11-16 16:43, Francesco Poli (wintermute) wrote: Hence, I prepared apt-listbugs/0.1.8+deb7u1 for wheezy: please find the source diff attached (the only other changes are the result of running make update-po in order to update the .pot and .po l10n files). If you agree, I can ask my usual sponsor to upload the prepared package to stable, so that it will end up in the next point release. Yes, please. Be aware that the window closes on Saturday. P.S.: after this, I may perhaps find the time to do the same for oldstable (squeeze), unless you say I shouldn't bother... Please do. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 directhex i have six years of solaris sysadmin experience, from 8-10. i am well qualified to say it is made from bonghits layered on top of bonghits -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/78398791c0bafb91e0a90b9d20182...@hogwarts.powdarrmonkey.net
Processed: Re: Bug#729747: pu: package apt-listbugs/0.1.8
Processing control commands: tag -1 confirmed Bug #729747 [release.debian.org] pu: package apt-listbugs/0.1.8+deb7u1 Added tag(s) confirmed. -- 729747: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729747 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b729747.138616647924490.transcr...@bugs.debian.org
Processed: Re: Bug#706386: unblock: lua-sql/2.3.0-1+build1
Processing control commands: tag -1 confirmed Bug #706386 [release.debian.org] pu: lua-sql/2.3.0-1+build0 Added tag(s) confirmed. -- 706386: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706386 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b706386.138616697727651.transcr...@bugs.debian.org
Bug#714140: marked as done (pu: package tgt/1.0.17-1)
Your message dated Wed, 4 Dec 2013 15:25:00 +0100
with message-id 20131204142500.gl4...@betterave.cristau.org
and subject line Re: Bug#714140: pu: package tgt/1.0.17-1
has caused the Debian Bug report #714140,
regarding pu: package tgt/1.0.17-1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
714140: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714140
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu
Dear release team,
Wheezy has been released with a version of tgt which doesn't have an init
script. I fixed the version in Sid on the 2013-05-21 (adding the missing
init.d script).
Now, I would like to upload a fix for Wheezy. The debdiff between
1:1.0.17-1 and 1:1.0.17-1.1 is attached.
Would you allow me to upload the fixed tgt package into s-p-u?
Cheers,
Thomas Goirand (zigo)
diff -Nru tgt-1.0.17/debian/changelog tgt-1.0.17/debian/changelog
--- tgt-1.0.17/debian/changelog 2011-06-21 17:48:54.0 +0800
+++ tgt-1.0.17/debian/changelog 2013-05-14 22:35:02.0 +0800
@@ -1,3 +1,13 @@
+tgt (1:1.0.17-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Adds an init script:
+- Depends: lsb-base
+- Adds dh_installinit call in debian/rules
+- adds debian/init
+
+ -- Thomas Goirand z...@debian.org Thu, 11 Apr 2013 23:25:08 +0800
+
tgt (1:1.0.17-1) unstable; urgency=low
* New upstream release.
diff -Nru tgt-1.0.17/debian/control tgt-1.0.17/debian/control
--- tgt-1.0.17/debian/control 2011-06-21 21:55:45.0 +0800
+++ tgt-1.0.17/debian/control 2013-05-14 22:34:21.0 +0800
@@ -9,7 +9,7 @@
Package: tgt
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, libconfig-general-perl, sg3-utils
+Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base, libconfig-general-perl, sg3-utils
Description: Linux SCSI target user-space tools
The Linux target framework (tgt) allows a Linux system to provide SCSI
devices (targets) over networked SCSI transports.
diff -Nru tgt-1.0.17/debian/init tgt-1.0.17/debian/init
--- tgt-1.0.17/debian/init 1970-01-01 08:00:00.0 +0800
+++ tgt-1.0.17/debian/init 2013-05-14 22:51:08.0 +0800
@@ -0,0 +1,178 @@
+#!/bin/bash
+### BEGIN INIT INFO
+# Provides: tgtd
+# Required-Start:$remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Should-Start: zfs
+# Should-Stop: zfs
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: iscsi target daemon
+# Description: iscsi target daemon
+### END INIT INFO
+
+DESC=target framework daemon
+NAME=tgtd
+DAEMON=/usr/sbin/${NAME}
+
+TGTD_CONFIG=/etc/tgt/targets.conf
+
+TASK=$1
+
+. /lib/lsb/init-functions
+
+[ -x $DAEMON ] || exit 0
+
+start()
+{
+ log_daemon_msg Starting $DESC $NAME
+ # Start tgtd first.
+ tgtd /dev/null
+ RETVAL=$?
+ if [ $RETVAL -ne 0 ] ; then
+ log_end_msg 1
+ exit 1
+ else
+ log_end_msg 0
+ fi
+ # Put tgtd into offline state until all the targets are configured.
+ # We don't want initiators to (re)connect and fail the connection
+ # if it's not ready.
+ tgtadm --op update --mode sys --name State -v offline
+ # Configure the targets.
+ tgt-admin -e -c $TGTD_CONFIG
+ # Put tgtd into ready state.
+ tgtadm --op update --mode sys --name State -v ready
+}
+
+stop()
+{
+ if [ $RUNLEVEL == 0 -o $RUNLEVEL == 6 ] ; then
+ forcedstop
+ fi
+ log_daemon_msg Stopping $DESC $NAME
+ # Remove all targets. It only removes targets which are not in use.
+ tgt-admin --update ALL -c /dev/null /dev/null
+ # tgtd will exit if all targets were removed
+ tgtadm --op delete --mode system /dev/null
+ RETVAL=$?
+ if [ $RETVAL -eq 107 ] ; then
+ if [ $TASK != restart ] ; then
+ log_end_msg 1
+ exit 1
+ else
+ log_end_msg 0
+ fi
+ elif [ $RETVAL -ne 0 ] ; then
+ log_end_msg 1
+ echo Some initiators are still connected - could not stop tgtd
+ exit 2
+ else
+ log_end_msg 0
+ fi
+ echo -n
+}
+
+forcedstop()
+{
+ # NOTE: Forced shutdown of the iscsi target may cause data corruption
+ # for initiators that are connected.
+ echo Force-stopping target framework daemon
+ # Offline everything first. May be needed if we're rebooting, but
+ # expect the initiators to reconnect cleanly when we boot again
+ # (i.e. we don't want them to reconnect to a tgtd which is still
+ # working, but the target is gone).
+ tgtadm --op update --mode sys --name State -v offline /dev/null
+ RETVAL=$?
+ if [ $RETVAL -eq 107 ] ; then
+ echo tgtd is not running
+ [ $TASK != restart ] exit 1
+ else
+
Bug#706386: unblock: lua-sql/2.3.0-1+build1
Control: tag -1 confirmed On Mon, Apr 29, 2013 at 15:17:15 +0200, Andreas Beckmann wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package lua-sql No-change rebuild to clear binNMU state and restore multiarch co-installability. Uploaded to DELAYED/1. No udebs involved, binary debdiff shows no artefacts. Please go ahead. Cheers, Julien signature.asc Description: Digital signature
Bug#731357: opu: package librsvg/2.26.3-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: opu
Hi,
Raphaël has prepared an oldstable update for librsvg in order to fix
CVE-2013-1881.
Thanks for considering.
--
.''`.Josselin Mouette
: :' :
`. `'
`-
Index: debian/changelog
===
--- debian/changelog (révision 40310)
+++ debian/changelog (copie de travail)
@@ -1,3 +1,11 @@
+librsvg (2.26.3-2) oldstable; urgency=low
+
+ [ Raphaël Geissert ]
+ * Fix CVE-2013-1881: disable loading of external entities.
+Closes: #724741.
+
+ -- Josselin Mouette j...@debian.org Wed, 04 Dec 2013 15:35:15 +0100
+
librsvg (2.26.3-1) unstable; urgency=low
* New upstream bugfix release.
Index: debian/patches/CVE-2013-1881.policy.patch
===
--- debian/patches/CVE-2013-1881.policy.patch (révision 0)
+++ debian/patches/CVE-2013-1881.policy.patch (copie de travail)
@@ -0,0 +1,90 @@
+Index: librsvg-2.26.3/rsvg-image.c
+===
+--- librsvg-2.26.3.orig/rsvg-image.c 2013-11-28 12:01:22.865236793 +0100
librsvg-2.26.3/rsvg-image.c 2013-11-28 12:17:25.242370794 +0100
+@@ -356,6 +356,51 @@ rsvg_acquire_vfs_resource (const char *f
+ }
+ #endif
+
++/* Partial origin-based policy, based on the one implemented in f01aded72c38f0e1 */
++gboolean
++_rsvg_acquire_xlink_allow_load (const char *href, const char *base_uri, GError ** err)
++{
++char *base_scheme = NULL, *href_scheme = NULL;
++
++if (base_uri)
++base_scheme = g_uri_parse_scheme (base_uri);
++if (href)
++href_scheme = g_uri_parse_scheme (href);
++
++/* Not a valid URI */
++if (href_scheme == NULL)
++goto deny;
++
++/* Allow loads of data: from any location */
++if (g_str_equal (href_scheme, data))
++return TRUE;
++
++/* no valid base URI */
++if (base_scheme == NULL)
++goto deny;
++
++/* Deny loads from differing URI schemes */
++if (href_scheme == NULL || !g_str_equal (href_scheme, base_scheme))
++goto deny;
++
++/* resource: is allowed to load anything from other resources */
++if (g_str_equal (href_scheme, resource))
++return TRUE;
++
++/* Non-file: isn't allowed to load anything */
++if (!g_str_equal (href_scheme, file))
++goto deny;
++
++/* no local-file policy is applied here */
++
++return TRUE;
++
++deny:
++g_set_error (err, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
++ File may not link to URI \%s\, href);
++return FALSE;
++}
++
+ GByteArray *
+ _rsvg_acquire_xlink_href_resource (const char *href, const char *base_uri, GError ** err)
+ {
+@@ -367,6 +412,9 @@ _rsvg_acquire_xlink_href_resource (const
+ if (!strncmp (href, data:, 5))
+ arr = rsvg_acquire_base64_resource (href, NULL);
+
++if (!_rsvg_acquire_xlink_allow_load(href, base_uri, err))
++return NULL;
++
+ if (!arr)
+ arr = rsvg_acquire_file_resource (href, base_uri, NULL);
+
+Index: librsvg-2.26.3/rsvg-base.c
+===
+--- librsvg-2.26.3.orig/rsvg-base.c 2013-11-28 12:01:22.865236793 +0100
librsvg-2.26.3/rsvg-base.c 2013-11-28 12:13:54.913248784 +0100
+@@ -1049,12 +1049,13 @@ rsvg_handle_set_base_uri (RsvgHandle * h
+ else
+ uri = rsvg_get_base_uri_from_filename (base_uri);
+
+-if (uri) {
+-if (handle-priv-base_uri)
+-g_free (handle-priv-base_uri);
+-handle-priv-base_uri = uri;
+-rsvg_defs_set_base_uri (handle-priv-defs, handle-priv-base_uri);
+-}
++if (!uri)
++uri = g_strdup(data:);
++
++if (handle-priv-base_uri)
++g_free (handle-priv-base_uri);
++handle-priv-base_uri = uri;
++rsvg_defs_set_base_uri (handle-priv-defs, handle-priv-base_uri);
+ }
+
+ /**
Index: debian/patches/CVE-2013-1881.xmlentities.patch
===
--- debian/patches/CVE-2013-1881.xmlentities.patch (révision 0)
+++ debian/patches/CVE-2013-1881.xmlentities.patch (copie de travail)
@@ -0,0 +1,20 @@
+Index: librsvg-2.26.3/rsvg-base.c
+===
+--- librsvg-2.26.3.orig/rsvg-base.c 2010-05-01 01:10:51.0 +0200
librsvg-2.26.3/rsvg-base.c 2013-11-26 16:24:02.903472891 +0100
+@@ -602,6 +602,7 @@ rsvg_start_xinclude (RsvgHandle * ctx, R
+ int result;
+
+ xml_parser = xmlCreatePushParserCtxt (rsvgSAXHandlerStruct, ctx, NULL, 0, NULL);
++xml_parser-options |= XML_PARSE_NONET;
+ result = xmlParseChunk (xml_parser, (char *) data-data, data-len, 0);
+ result = xmlParseChunk (xml_parser, , 0, TRUE);
+
+@@ -1118,6 +1119,7 @@ rsvg_handle_write_impl (RsvgHandle * han
+ if (handle-priv-ctxt == NULL) {
NEW changes in stable-new
Processing changes file: openjpeg_1.3+dfsg-4.7_i386.changes ACCEPT Processing changes file: openjpeg_1.3+dfsg-4.7_amd64.changes ACCEPT Processing changes file: openjpeg_1.3+dfsg-4.7_armel.changes ACCEPT Processing changes file: openjpeg_1.3+dfsg-4.7_armhf.changes ACCEPT Processing changes file: openjpeg_1.3+dfsg-4.7_ia64.changes ACCEPT Processing changes file: openjpeg_1.3+dfsg-4.7_kfreebsd-amd64.changes ACCEPT Processing changes file: openjpeg_1.3+dfsg-4.7_kfreebsd-i386.changes ACCEPT Processing changes file: openjpeg_1.3+dfsg-4.7_mips.changes ACCEPT Processing changes file: openjpeg_1.3+dfsg-4.7_mipsel.changes ACCEPT Processing changes file: openjpeg_1.3+dfsg-4.7_powerpc.changes ACCEPT Processing changes file: openjpeg_1.3+dfsg-4.7_s390.changes ACCEPT Processing changes file: openjpeg_1.3+dfsg-4.7_s390x.changes ACCEPT Processing changes file: openjpeg_1.3+dfsg-4.7_sparc.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1voecq-00088v...@franck.debian.org
Bug#731261: transition: Qt5 switching qreal == double for all platforms
On Tue, Dec 3, 2013 at 3:09 PM, Lisandro Damián Nicanor Pérez Meyer lisan...@debian.org wrote: [snip] I've called other distro's maintainers in Qt's devel ML [QTMSG] with little feedback and over IRC to Fedora and OpenSuse people. Over Fedora lands, one Qt maintainer told me they where going to push the ABI change without SONAME bump while an ARM maintainer cried for a SONAME bump. I had no reply from OpenSuse. Just for the record, the Fedora guys have just told me that they went away swiching qreal to double in Qt5 without SONAME bump because they also had few packages builded against it. -- Lisandro Damián Nicanor Pérez Meyer http://perezmeyer.com.ar/ http://perezmeyer.blogspot.com/ -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CA+QPbz2A8_7tAi2fC9X=pgtt_e_-e6rucxtagodoavb0bt8...@mail.gmail.com
Bug#731261: transition: Qt5 switching qreal == double for all platforms
On Tue, Dec 3, 2013 at 15:09:18 -0300, Lisandro Damián Nicanor Pérez Meyer wrote: So I would like what the RT and arm* porters thinks. This is just my opinion, but if you decide to break ABI, I think you should bump SONAME, and I think you must change package names. Cheers, Julien signature.asc Description: Digital signature
Processed: Re: Bug#730119: pu: package gnome-settings-daemon/3.4.2+git20121218.7c1322-3+deb7u3
Processing control commands: tags -1 + confirmed Bug #730119 [release.debian.org] pu: package gnome-settings-daemon/3.4.2+git20121218.7c1322-3+deb7u3 Added tag(s) confirmed. -- 730119: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730119 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b730119.138618618421014.transcr...@bugs.debian.org
Bug#730119: pu: package gnome-settings-daemon/3.4.2+git20121218.7c1322-3+deb7u3
Control: tags -1 + confirmed On Thu, 2013-11-21 at 17:19 +0100, Josselin Mouette wrote: I’ve prepared another update for gnome-settings-daemon. It is just to remove an obsolete patch that makes things very annoying for some touchpad users. The change should be harmless and was already done in jessie. Please go ahead; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1386186173.18166.13.ca...@jacala.jungle.funky-badger.org
Processed: Re: Bug#731343: pu: package gtk+3.0/3.4.2-7
Processing control commands: tags -1 + wheezy moreinfo Bug #731343 [release.debian.org] pu: package gtk+3.0/3.4.2-7 Added tag(s) wheezy and moreinfo. -- 731343: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731343 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b731343.138618663523567.transcr...@bugs.debian.org
Bug#731343: pu: package gtk+3.0/3.4.2-7
Control: tags -1 + wheezy moreinfo On Wed, 2013-12-04 at 14:13 +0100, Josselin Mouette wrote: I’d like to upload an update (prepared by Raphaël) for gtk+3.0, which is necessary in order to fix librsvg’s CVE-2013-1881. Does this work correctly in conjunction with a librsvg which does not include the CVE fix? Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1386186627.18166.17.ca...@jacala.jungle.funky-badger.org
Processed: Re: Bug#731351: pu: package librsvg/2.36.1-2
Processing control commands: tags -1 + wheezy confirmed Bug #731351 [release.debian.org] pu: package librsvg/2.36.1-2 Added tag(s) wheezy and confirmed. -- 731351: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731351 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b731351.138618658623225.transcr...@bugs.debian.org
Bug#731357: opu: package librsvg/2.26.3-2
user release.debian@packages.debian.org usertags 731357 = pu tags 731357 + squeeze confirmed retitle 731357 pu: package librsvg/2.26.3-2 thanks On Wed, 2013-12-04 at 15:45 +0100, Josselin Mouette wrote: Raphaël has prepared an oldstable update for librsvg in order to fix CVE-2013-1881. Please go ahead; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1386186551.18166.15.ca...@jacala.jungle.funky-badger.org
Bug#731351: pu: package librsvg/2.36.1-2
Control: tags -1 + wheezy confirmed On Wed, 2013-12-04 at 15:12 +0100, Josselin Mouette wrote: Raphaël has prepared a stable update for librsvg in order to fix CVE-2013-1881. Please go ahead; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1386186578.18166.16.ca...@jacala.jungle.funky-badger.org
Processed: Re: Bug#731357: opu: package librsvg/2.26.3-2
Processing commands for cont...@bugs.debian.org: user release.debian@packages.debian.org Setting user to release.debian@packages.debian.org (was a...@adam-barratt.org.uk). usertags 731357 = pu Usertags were: opu. Usertags are now: pu. tags 731357 + squeeze confirmed Bug #731357 [release.debian.org] opu: package librsvg/2.26.3-2 Added tag(s) squeeze and confirmed. retitle 731357 pu: package librsvg/2.26.3-2 Bug #731357 [release.debian.org] opu: package librsvg/2.26.3-2 Changed Bug title to 'pu: package librsvg/2.26.3-2' from 'opu: package librsvg/2.26.3-2' thanks Stopping processing here. Please contact me if you need assistance. -- 731357: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731357 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.138618655923077.transcr...@bugs.debian.org
Processed: tagging 731285
Processing commands for cont...@bugs.debian.org: tags 731285 + wheezy Bug #731285 [release.debian.org] pu: package kexec-tools/1:2.0.3-1 Added tag(s) wheezy. thanks Stopping processing here. Please contact me if you need assistance. -- 731285: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731285 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.138618685425152.transcr...@bugs.debian.org
Bug#731343: pu: package gtk+3.0/3.4.2-7
Le mercredi 04 décembre 2013 à 19:50 +, Adam D. Barratt a écrit : Control: tags -1 + wheezy moreinfo On Wed, 2013-12-04 at 14:13 +0100, Josselin Mouette wrote: I’d like to upload an update (prepared by Raphaël) for gtk+3.0, which is necessary in order to fix librsvg’s CVE-2013-1881. Does this work correctly in conjunction with a librsvg which does not include the CVE fix? It does. This change makes gtk+ stop using the “feature” that the librsvg upload removes. On the other hand, you might want to see a Breaks: libgtk-3-0 3.4.2-7 in the updated librsvg – I have forgotten it so far. Cheers, -- .''`. Josselin Mouette : :' : `. `' `- -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1386186779.5639.20.camel@tomoe
Processed: tagging 731285
Processing commands for cont...@bugs.debian.org: # See message #10 tags 731285 + confirmed Bug #731285 [release.debian.org] pu: package kexec-tools/1:2.0.3-1 Added tag(s) confirmed. thanks Stopping processing here. Please contact me if you need assistance. -- 731285: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731285 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.138618689125291.transcr...@bugs.debian.org
Processed: Re: Bug#730783: pu: openttd/1.2.1-3 opu: openttd/1.0.4-7 (Fix for CVE-2013-6411)
Processing commands for cont...@bugs.debian.org: clone 730783 -1 Bug #730783 [release.debian.org] pu: openttd/1.2.1-3 opu: openttd/1.0.4-7 (Fix for CVE-2013-6411) Bug 730783 cloned as bug 731380 user release.debian@packages.debian.org Setting user to release.debian@packages.debian.org (was a...@adam-barratt.org.uk). usertags 730783 = pu Usertags were: opu pu. Usertags are now: pu. tags 730783 + confirmed wheezy Bug #730783 [release.debian.org] pu: openttd/1.2.1-3 opu: openttd/1.0.4-7 (Fix for CVE-2013-6411) Added tag(s) wheezy and confirmed. retitle 730783 pu: openttd/1.2.1-3 Bug #730783 [release.debian.org] pu: openttd/1.2.1-3 opu: openttd/1.0.4-7 (Fix for CVE-2013-6411) Changed Bug title to 'pu: openttd/1.2.1-3' from 'pu: openttd/1.2.1-3 opu: openttd/1.0.4-7 (Fix for CVE-2013-6411)' usertags -1 = pu There were no usertags set. Usertags are now: pu. tags -1 + confirmed squeeze Bug #731380 [release.debian.org] pu: openttd/1.2.1-3 opu: openttd/1.0.4-7 (Fix for CVE-2013-6411) Added tag(s) squeeze and confirmed. retitle -1 pu: openttd/1.0.4-7 Bug #731380 [release.debian.org] pu: openttd/1.2.1-3 opu: openttd/1.0.4-7 (Fix for CVE-2013-6411) Changed Bug title to 'pu: openttd/1.0.4-7' from 'pu: openttd/1.2.1-3 opu: openttd/1.0.4-7 (Fix for CVE-2013-6411)' thanks Stopping processing here. Please contact me if you need assistance. -- 730783: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730783 731380: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731380 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.138618728927920.transcr...@bugs.debian.org
Bug#730783: pu: openttd/1.2.1-3 opu: openttd/1.0.4-7 (Fix for CVE-2013-6411)
clone 730783 -1 user release.debian@packages.debian.org usertags 730783 = pu tags 730783 + confirmed wheezy retitle 730783 pu: openttd/1.2.1-3 usertags -1 = pu tags -1 + confirmed squeeze retitle -1 pu: openttd/1.0.4-7 thanks On Fri, 2013-11-29 at 15:35 +0100, Matthijs Kooijman wrote: upstream developers for the openttd package have identified a remote denial-of-service (program crash) in the openttd game. They have made patches available, which I'd like to include in wheezy and squeeze. [...] Attached are debdiffs against the current squeeze and wheezy versions, which add the upstream patches. The debdiff still uses the -security archives, for the actual upload I'll change that to stable/oldstable instead. Please use wheezy and squeeze instead. With that change, please go ahead; thanks. I don't think special care wrt including orig tarballs is needed, like with the security archive? No, it's still the same archive so you can just treat it like any other upload. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1386187281.18166.21.ca...@jacala.jungle.funky-badger.org
Bug#731343: pu: package gtk+3.0/3.4.2-7
Control: tags -1 -moreinfo +confirmed On Wed, 2013-12-04 at 20:52 +0100, Josselin Mouette wrote: Le mercredi 04 décembre 2013 à 19:50 +, Adam D. Barratt a écrit : On Wed, 2013-12-04 at 14:13 +0100, Josselin Mouette wrote: I’d like to upload an update (prepared by Raphaël) for gtk+3.0, which is necessary in order to fix librsvg’s CVE-2013-1881. [...] On the other hand, you might want to see a Breaks: libgtk-3-0 3.4.2-7 in the updated librsvg – I have forgotten it so far. That would be good; thanks. Assuming that the resulting packages have been tested in a wheezy environment, please go ahead. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1386187478.18166.24.ca...@jacala.jungle.funky-badger.org
Processed: Re: Bug#731343: pu: package gtk+3.0/3.4.2-7
Processing control commands: tags -1 -moreinfo +confirmed Bug #731343 [release.debian.org] pu: package gtk+3.0/3.4.2-7 Removed tag(s) moreinfo. Bug #731343 [release.debian.org] pu: package gtk+3.0/3.4.2-7 Added tag(s) confirmed. -- 731343: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731343 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b731343.138618748728573.transcr...@bugs.debian.org
Processed: Re: Bug#724861: pu: package intel-microcode/1.20130906.1
Processing control commands: tags -1 + confirmed Bug #724861 [release.debian.org] pu: package intel-microcode/1.20130906.1 Added tag(s) confirmed. -- 724861: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724861 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b724861.138618789231520.transcr...@bugs.debian.org
Bug#724861: pu: package intel-microcode/1.20130906.1
Control: tags -1 + confirmed On Sun, 2013-09-29 at 03:04 -0300, Henrique de Moraes Holschuh wrote: On Sun, 29 Sep 2013, Cyril Brulebois wrote: There is not much data on what release managers think about rushing upgrades into p-u, but the fact there's no definitive data point on the microcode update, and the fact that it has been available for less than a week seem to point out that letting this update reach p-u before the next point release is highly unlikely. Let it cook for a while if you think its best, it is not like we really know how emergencial these updates are (or are not). wheezy-backports is there to help anyone that requires less latency on microcode updates. Assuming this is still (a|the) version that you'd like to provide via p-u, please go ahead; apologies for the delay. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1386187881.18166.25.ca...@jacala.jungle.funky-badger.org
Bug#728253: pu: package libnet-smtp-tls-butmaintained-perl/0.17-1+deb7u1
Control: tags -1 + confirmed On Tue, 2013-10-29 at 23:50 +0100, Salvatore Bonaccorso wrote: The Perl module found int libnet-smtp-tls-butmaintained-perl (Net::SMTP::TLS::ButMaintained) suffers from an error in the use of SSL_version in the code, which in the version in wheezy is used as SSL_version = SSLv3 TLSv1 I have opened http://bugs.debian.org/728248. This causes first a error message and sending a mail actually fails. Please go ahead; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1386188686.18166.26.ca...@jacala.jungle.funky-badger.org
Processed: Re: Bug#728253: pu: package libnet-smtp-tls-butmaintained-perl/0.17-1+deb7u1
Processing control commands: tags -1 + confirmed Bug #728253 [release.debian.org] pu: package libnet-smtp-tls-butmaintained-perl/0.17-1+deb7u1 Added tag(s) confirmed. -- 728253: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728253 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b728253.13861886943021.transcr...@bugs.debian.org
Bug#729708: pu: package fcitx-cloudpinyin/0.2.2-1+deb7u1
Control: tags -1 + confirmed On Sat, 2013-11-16 at 11:13 +0800, Aron Xu wrote: I would like to apply the following patch to fcitx-cloudpinyin. It uses an anonymous web API service provided Sogou by default, but the API is gone for quite some time and upstream has switched to use Google's similar service by default in newer versions. The service provided by Google is using HTTPS by default, while the original one isn't. Please go ahead; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1386189011.18166.29.ca...@jacala.jungle.funky-badger.org
Bug#728575: pu: package calendarserver/3.2.dfsg-4
Control: tags -1 + moreinfo On Sun, 2013-11-03 at 14:05 +0530, Rahul Amaram wrote: Updated zoneinfo data Is there a plan for doing so in unstable? Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1386189104.18166.30.ca...@jacala.jungle.funky-badger.org
Processed: Re: Bug#729708: pu: package fcitx-cloudpinyin/0.2.2-1+deb7u1
Processing control commands: tags -1 + confirmed Bug #729708 [release.debian.org] pu: package fcitx-cloudpinyin/0.2.2-1+deb7u1 Added tag(s) confirmed. -- 729708: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729708 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b729708.13861890195070.transcr...@bugs.debian.org
Processed: Re: Bug#728575: pu: package calendarserver/3.2.dfsg-4
Processing control commands: tags -1 + moreinfo Bug #728575 [release.debian.org] pu: package calendarserver/3.2.dfsg-4 Added tag(s) moreinfo. -- 728575: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728575 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b728575.13861891135935.transcr...@bugs.debian.org
Bug#730764: pu: package ctdb/1.12+git20120201-4
Control: tags -1 + confirmed On Fri, 2013-11-29 at 12:23 +0100, Mathieu Parent wrote: 2013/11/29 Cyril Brulebois k...@debian.org: (...) If that's not the case, please adjust found/fixed version in the BTS. done. This was fixed in 2.3 (or maybe before). Please go ahead. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1386189310.18166.31.ca...@jacala.jungle.funky-badger.org
Processed: Re: Bug#730764: pu: package ctdb/1.12+git20120201-4
Processing control commands: tags -1 + confirmed Bug #730764 [release.debian.org] pu: package ctdb/1.12+git20120201-4 Added tag(s) confirmed. -- 730764: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730764 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b730764.13861893187035.transcr...@bugs.debian.org
Bug#729747: pu: package apt-listbugs/0.1.8
On Wed, 04 Dec 2013 14:04:41 + Jonathan Wiltshire wrote: [...] On 2013-11-16 16:43, Francesco Poli (wintermute) wrote: [...] If you agree, I can ask my usual sponsor to upload the prepared package to stable, so that it will end up in the next point release. Yes, please. OK, thanks for your reply. I've just asked my usual sponsor to perform the upload. Be aware that the window closes on Saturday. That's a close deadline... What happens if the upload does not make it before Saturday? Would it be just postponed to the successive stable update? P.S.: after this, I may perhaps find the time to do the same for oldstable (squeeze), unless you say I shouldn't bother... Please do. I'll see what I can do: when will the current window for oldstable (squeeze) close? Is there an already decided deadline? -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgphIW_PUlVU7.pgp Description: PGP signature
Bug#717923: transition: tiff 4.x (libtiff5)
Julien Cristau jcris...@debian.org wrote:
On Tue, Dec 3, 2013 at 16:02:17 -0500, Jay Berkenbilt wrote:
If you're good with this plan, give me the word, and I will do the
upload. I can probably take care of the mass bug filing...I can script
it locally unless you have a quick way to do it.
Sounds good to me, I think we can go ahead with this.
I've got it ready to go but with two changes, so I wanted to get
confirmation.
1. Why is it necessary for the transition packages to depend on the
binary libraries and not just the dev package? If libtiff4-dev and
libtiff5-alt-dev depend on libtiff5-dev ( 4.0.3-6~), isn't this
sufficient? Is there some special reason that the dependency on
libtiff5 (and presumably also libtiffxx5) has to be explicit?
2. I think I'm going punt on libtiff4-alt-dev. Fedora switched over
to tiff 4.x a while ago and never provided any way for people to build
against 3.x libraries. There were only something like 3 packages that
had any issues, and by now, fixes are available in all cases. Also,
unlike libtiff5-alt-dev, which was totally transparent because of
pkg-config, tiff 3.x doesn't use pkg-config, so having people use it
would require changes to their builds anyway.
The new package will 4.0.3-6. For libtiff4-dev and libtiff5-alt-dev,
both provided by the tiff source package, I have
Depends: ${misc:Depends}, libtiff5-dev ( 4.0.3-6~)
and for libtiff5-dev, I have
Replaces: libtiff5-alt-dev ( 4.0.3-6~), libtiff4-dev ( 4.0.3-6~)
Conflicts: libtiff5-alt-dev ( 4.0.3-6~), libtiff4-dev ( 4.0.3-6~)
Provides: libtiff-dev
For the tiff3 package, I just dropped the libtiff4-dev package and the
provides of libtiff-dev along with it. There will be no -dev package
for tiff 3.x.
I won't upload today because I want to compose a message to debian-devel
first, but if this sounds okay, I will do the upload tomorrow. I did
various tests including installing libtiff4-dev and libtiff5-alt-dev and
upgrading. The upgrade pulled in libtiff5-dev and libtiff5xx (libtiff5
was already on my system) and autoremoved libtiffxx0c2, and then it was
safe for me to remove the two transitional packages as expected. I also
tested building vips in a chroot with the updated packages. vips has
tons of dependencies including both tiff4 and tiff5 indirectly.
Everything looks good there as well.
--
Jay Berkenbilt q...@debian.org
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/20131204165927.0208763127.qww314...@jberkenbilt-linux.appiancorp.com
Bug#731261: transition: Qt5 switching qreal == double for all platforms
On Wednesday 04 December 2013 20:38:09 Julien Cristau wrote: On Tue, Dec 3, 2013 at 15:09:18 -0300, Lisandro Damián Nicanor Pérez Meyer wrote: So I would like what the RT and arm* porters thinks. This is just my opinion, but if you decide to break ABI, I think you should bump SONAME, and I think you must change package names. Had it been part of a stable release or had it been used by more packages than what I can count on my fingers. Then maybe. Had it been on all architectures. Then maybe. Or hadn't it been a package where in general the abi is actually the same across several distributions, then maybe. But all in all, the fallout is minimal, and breaking compatibility with the rest of the world isn't worth it. So let's paper it over and not repeat it again in the future. /sune -- Genius, I cannot explore a tool from the control drawer menu inside Flash 3.2, how does it work? From the file within Office you should never link with the FPU, in such way then from the control options menu inside Outlook Express you must disable a Fast periferic of the memory for saving the controller to the secret code. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1730515.14yUBsGM5O@dabney
Bug#717923: transition: tiff 4.x (libtiff5)
On Wed, Dec 4, 2013 at 16:59:27 -0500, Jay Berkenbilt wrote:
Julien Cristau jcris...@debian.org wrote:
On Tue, Dec 3, 2013 at 16:02:17 -0500, Jay Berkenbilt wrote:
If you're good with this plan, give me the word, and I will do the
upload. I can probably take care of the mass bug filing...I can script
it locally unless you have a quick way to do it.
Sounds good to me, I think we can go ahead with this.
I've got it ready to go but with two changes, so I wanted to get
confirmation.
1. Why is it necessary for the transition packages to depend on the
binary libraries and not just the dev package? If libtiff4-dev and
libtiff5-alt-dev depend on libtiff5-dev ( 4.0.3-6~), isn't this
sufficient? Is there some special reason that the dependency on
libtiff5 (and presumably also libtiffxx5) has to be explicit?
None, as far as I know.
2. I think I'm going punt on libtiff4-alt-dev. Fedora switched over
to tiff 4.x a while ago and never provided any way for people to build
against 3.x libraries. There were only something like 3 packages that
had any issues, and by now, fixes are available in all cases. Also,
unlike libtiff5-alt-dev, which was totally transparent because of
pkg-config, tiff 3.x doesn't use pkg-config, so having people use it
would require changes to their builds anyway.
The new package will 4.0.3-6. For libtiff4-dev and libtiff5-alt-dev,
both provided by the tiff source package, I have
Depends: ${misc:Depends}, libtiff5-dev ( 4.0.3-6~)
and for libtiff5-dev, I have
Replaces: libtiff5-alt-dev ( 4.0.3-6~), libtiff4-dev ( 4.0.3-6~)
Conflicts: libtiff5-alt-dev ( 4.0.3-6~), libtiff4-dev ( 4.0.3-6~)
Provides: libtiff-dev
For the tiff3 package, I just dropped the libtiff4-dev package and the
provides of libtiff-dev along with it. There will be no -dev package
for tiff 3.x.
Seems fine to me. I think the Conflicts could be Breaks, but that can
always be changed later anyway.
Cheers,
Julien
signature.asc
Description: Digital signature
Bug#728253: pu: package libnet-smtp-tls-butmaintained-perl/0.17-1+deb7u1
Hi Adam, On Wed, Dec 04, 2013 at 08:24:46PM +, Adam D. Barratt wrote: Control: tags -1 + confirmed On Tue, 2013-10-29 at 23:50 +0100, Salvatore Bonaccorso wrote: The Perl module found int libnet-smtp-tls-butmaintained-perl (Net::SMTP::TLS::ButMaintained) suffers from an error in the use of SSL_version in the code, which in the version in wheezy is used as SSL_version = SSLv3 TLSv1 I have opened http://bugs.debian.org/728248. This causes first a error message and sending a mail actually fails. Please go ahead; thanks. Thanks a lot Adam. Just uploaded the package. Regards, Salvatore signature.asc Description: Digital signature
Bug#731261: transition: Qt5 switching qreal == double for all platforms
2013/12/3 Lisandro Damián Nicanor Pérez Meyer lisan...@debian.org: So we think the best thing we could do is, for this very exceptional case, set qreal to double on all archs and break ABI on arm* and sh4, which could be fixed by [bin]NMUing the three apps that currently build-depend against it (I think python's bindings will need a sourcefull upload too). I'd also support not bumping in this special case, and following the upstream default change of switching for those archs. -Timo -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAJtFfxm9hmyu-zXVtJ4UtsPqk5Hm2eqJ+UVTBk=xb_so37f...@mail.gmail.com
PostgreSQL 8.4.19/9.1.11 stable updates
Hello Adam, release team, Adam D. Barratt [2013-11-26 22:53 +]: On Mon, 2013-11-25 at 10:29 +0100, Christoph Berg wrote: Re: Adam D. Barratt 2013-11-15 ea713561bd4ba8b10305bba85e1e2...@mail.adsl.funky-badger.org On 2013-11-05 9:59, Martin Pitt wrote: *brown paper bag* Thanks for pointing out, signed and all uploaded now. All flagged for acceptance; thanks. A critical/annoying/bad replication bug was discovered in 9.1.10 (in s-p-u) that doesn't exist in 9.1.9 (in stable). 9.1.11 will be released on Dec 5th, so it would be a good idea if 9.1.10 wouldn't leave s-p-u until then. https://wiki.postgresql.org/wiki/Nov2013ReplicationIssue Thanks for the note. There won't be a point release before that date, but I guess we should get 9.1.11 in p-u as soon as feasible. :| Christoph already prepared 9.1.11/9.3.2 for unstable, I prepared squeeze (8.4.19) and wheezy (8.4.19/9.1.11) updates: http://people.debian.org/~mpitt/psql/squeeze/ http://people.debian.org/~mpitt/psql/wheezy/ It's going to be publicly announced at some point today, until then we should hold the uploads. But you can already review the updates. Same old story really, built/tested, upstream and p-common tests pass, no packaging/patch changes, full and filtered debdiffs available in above directories. OK to upload these once upstream sends out the announcement? Thank you, Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) signature.asc Description: Digital signature
Processed: galax: FTBFS with ocaml 4.01.0
Processing control commands: block 718767 with -1 Bug #718767 [release.debian.org] transition: ocaml 4.01.0 718767 was blocked by: 730196 726010 731277 731344 731218 718767 was not blocking any bugs. Added blocking bug(s) of 718767: 731398 -- 718767: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718767 731398: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731398 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b.138622541325887.transcr...@bugs.debian.org
Processed: jocaml: needs update for ocaml 4.01.0
Processing control commands: block 718767 with -1 Bug #718767 [release.debian.org] transition: ocaml 4.01.0 718767 was blocked by: 730196 731398 731277 726010 731344 731218 718767 was not blocking any bugs. Added blocking bug(s) of 718767: 731399 -- 718767: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718767 731399: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731399 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b.138622553126298.transcr...@bugs.debian.org
Processed: ocamlduce: needs update for ocaml 4.01.0
Processing control commands: block 718767 with -1 Bug #718767 [release.debian.org] transition: ocaml 4.01.0 718767 was blocked by: 730196 731398 726010 731277 731344 731399 731218 718767 was not blocking any bugs. Added blocking bug(s) of 718767: 731400 -- 718767: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718767 731400: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731400 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b.138622559226696.transcr...@bugs.debian.org
Processed: otags: needs update for ocaml 4.01.0
Processing control commands: block 718767 with -1 Bug #718767 [release.debian.org] transition: ocaml 4.01.0 718767 was blocked by: 731400 730196 726010 731398 731277 731344 731399 731218 718767 was not blocking any bugs. Added blocking bug(s) of 718767: 731401 -- 718767: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718767 731401: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731401 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b.138622572527991.transcr...@bugs.debian.org
Bug#731402: transition: spatialite
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Dear Release Team, For the Debian GIS team I'd like to request a transition slot for the SpatiaLite transition. The upgrade from spatialite 3.1.0~rc2 to 4.1.1 involves a SONAME bump from libspatialite.so.3 to libspatialite.so.5. Several packages in the SpatiaLite family and related Gaia-SINS software are updated to support the new libspatialite. This includes librasterlite, a former dependency of spatialite-gui, which is updated from librasterlite1 (1.1~svn11) to librasterlite2 (1.1g). A seperate transition slot will be requested for librasterlite. The SpatiaLite packages were updated in experimental to 4.0.0 some time ago but this effort was stalled. The packages FTBFS on several architectures due to improper sqlite3 linking. These problems have been adressed in the 4.1.1 packages. The following packages were updated for the SpatiaLite transition: 1) libgaiagraphics (0.5-1) available in experimental 2) freexl (1.0.0f-2) available in unstable 3) readosm (1.0.0b+dfsg1-2) available in unstable 4) spatialite (4.1.1-4)available in experimental 5) librasterlite(1.1g-2) available in experimental 6) spatialite-tools (4.1.1-1)available in experimental 7) spatialite-gui (1.7.1-1)available in experimental 8) pyspatialite (3.0.1-3)available in experimental The spatialite transition affects the following source packages: 1) gdal(build OK) 2) merkaartor (build OK) 3) librasterlite (build OK) 4) spatialite-gui (build OK)requires libgaiagraphics (0.5) 5) spatialite-tools(build OK) 6) pyspatialite(build OK) 7) qgis(build OK)requires fixed OpenSceneGraph packages Only BinNMUs are required for gdal, merkaartor and qgis. The other packages can be copied from experimental. The gdal package has its own transition from 1.9.x to 1.10.x in the queue, and is tracked in #712688. Rebuilding qgis is currently not possible because libopenscenegraph99 is uninstabable due to the libav transition. The openscenegraph transition is tracked in #729289. More information about the changes made for the spatialite transition, see the thread on debian-gis@ starting at: https://lists.debian.org/debian-gis/2013/10/msg9.html For the spatialite transition the following Ben file is suggested: title = libspatialite5; is_affected = .build-depends ~ libspatialite-dev; is_good = .depends ~ libspatialite5; is_bad = .depends ~ libspatialite3; Kind Regards, Bas -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131205065148.29760.94229.report...@osiris.linuxminded.xs4all.nl
Bug#731403: transition: librasterlite
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Dear Release Team, For the Debian GIS team I've requested a transition slot for the SpatiaLite transition, it includes an update of librasterlite requiring its own transition. The upgrade from librasterlite 1.1~svn11 to 1.1g involves a SONAME bump from librasterlite.so.1 to librasterlite.so.2. And affects the following source packages in unstable: 1) mapnik (build OK) 2) spatialite-gui (build OK) Only a BinNMU is required for mapnik. The spatialite-gui package in experimental can be copied to unstable. The updated spatialite-gui package requires the libgaiagraphics and spatialite packages available in experimental. The 1.2.1 version of spatialite-gui in unstable depends on librasterlite, but the new 1.7.1 version no longer links to librasterlite. The librasterlite transition goes hand in hand with the spatialite transition (#731402). The new librasterlite package will build with the spatialite version in unstable, but it should be built with the new spatialite version also used by spatialite-gui and spatialite-tools. For more information about the librasterlite and spatialite transitions, see the thread on debian-gis@ starting at: https://lists.debian.org/debian-gis/2013/10/msg9.html For the librasterlite transition the following Ben file is suggested: title = librasterlite2; is_affected = .build-depends ~ librasterlite-dev; is_good = .depends ~ librasterlite2; is_bad = .depends ~ librasterlite1; Kind Regards, Bas -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131205065532.30352.92501.report...@osiris.linuxminded.xs4all.nl
Re: Bug#731261: transition: Qt5 switching qreal == double for all platforms
On Tue, Dec 03, 2013 at 03:09:18PM -0300, Lisandro Damián Nicanor Pérez Meyer wrote: So I would like what the RT and arm* porters thinks. Would Qt5 really work with two versions linked into one process? This would happen with a changed SONAME. Qt works with a lot of plugins and other stuff. The correct way to do that would be: - Change the binary package name and make it break the old one (see the long double transition some years ago) - Don't change the SONAME Bastian -- You're dead, Jim. -- McCoy, Amok Time, stardate 3372.7 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131205064551.ga21...@mail.waldi.eu.org
Bug#731402: transition: spatialite
On 12/05/2013 07:51 AM, Bas Couwenberg wrote: Several packages in the SpatiaLite family and related Gaia-SINS software are updated to support the new libspatialite. This includes librasterlite, a former dependency of spatialite-gui, which is updated from librasterlite1 (1.1~svn11) to librasterlite2 (1.1g). A seperate transition slot will be requested for librasterlite. For reference, the librasterlite transition is tracked in #731403. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/52a0263e.3040...@xs4all.nl
Processed: ocaml-data-notation: FTBFS with ocaml 4.01.0
Processing control commands: block 718767 with -1 Bug #718767 [release.debian.org] transition: ocaml 4.01.0 718767 was blocked by: 730196 731400 726010 731398 731277 731344 731401 731399 731218 718767 was not blocking any bugs. Added blocking bug(s) of 718767: 731404 -- 718767: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718767 731404: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731404 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b.138622818712457.transcr...@bugs.debian.org
Processed: ocamldap: FTBFS with ocaml 4.01.0
Processing control commands: block 718767 with -1 Bug #718767 [release.debian.org] transition: ocaml 4.01.0 718767 was blocked by: 731400 730196 726010 731398 731277 731404 731344 731218 731401 731399 718767 was not blocking any bugs. Added blocking bug(s) of 718767: 731405 -- 718767: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718767 731405: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731405 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b.138622830412991.transcr...@bugs.debian.org
