Bug#780762: marked as done (unblock: debsums/2.0.53)

2015-03-18 Thread Debian Bug Tracking System 
Your message dated Thu, 19 Mar 2015 07:48:19 +0100
with message-id <550a7133.6030...@thykier.net>
and subject line Re: Bug#780762: unblock: debsums/2.0.53
has caused the Debian Bug report #780762,
regarding unblock: debsums/2.0.53
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
780762: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780762
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debsums/2.0.53

Release 2.0.53 of debsums fixes https://bugs.debian.org/773136 which
has been upped to RC recently and Niels has acked that I should go on
with a fix of #773136 for Jessie.

Compared to my previous NMUs of debsums, this release also contains
the takeover of debsums by the Debian Perl Group with me added as
additional Uploader. For the discussions about moving to group
maintenance, see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744398#722 and
https://lists.debian.org/debian-perl/2015/01/msg00010.html.

I initially planned this switch with the first post-Jessie upload, but
since we now do another upload target for Jessie, I included the
takeover in this upload, too. This makes the diff a little bit larger:

diff -Nru debsums-2.0.52+nmu3/debian/changelog debsums-2.0.53/debian/changelog
--- debsums-2.0.52+nmu3/debian/changelog2015-01-25 08:59:28.0 
+0100
+++ debsums-2.0.53/debian/changelog 2015-03-18 21:44:45.0 +0100
@@ -1,3 +1,19 @@
+debsums (2.0.53) unstable; urgency=medium
+
+  * Take package under maintenance of the Debian Perl Group
++ Move Maintainer to Uploaders
++ Set Maintainer to the Debian Perl Group
++ Update Vcs-* header to point to pkg-perl git repository
++ See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744398#722 and
+  https://lists.debian.org/debian-perl/2015/01/msg00010.html for
+  discussions about moving to group maintenance.
+  * Add myself as Uploader.
+  * Canonicalize Vcs-* headers.
+  * Apply patch by Vladimir N. Solovyov to also report modified files of
+arch-qualified (multiarch) packages. (Closes: #773136)
+
+ -- Axel Beckert   Wed, 18 Mar 2015 20:35:02 +0100
+
 debsums (2.0.52+nmu3) unstable; urgency=medium
 
   * Non-maintainer upload
diff -Nru debsums-2.0.52+nmu3/debian/control debsums-2.0.53/debian/control
--- debsums-2.0.52+nmu3/debian/control  2015-01-25 08:58:22.0 +0100
+++ debsums-2.0.53/debian/control   2015-03-18 21:44:45.0 +0100
@@ -1,12 +1,12 @@
 Source: debsums
 Section: admin
 Priority: optional
-Maintainer: Ryan Niebur 
-Uploaders: Anders Kaseorg 
+Maintainer: Debian Perl Group 
+Uploaders: Ryan Niebur , Anders Kaseorg , 
Axel Beckert 
 Build-Depends: debhelper (>= 8), po-debconf, po4a
 Standards-Version: 3.9.3
-Vcs-Git: git://git.debian.org/git/collab-maint/debsums.git
-Vcs-Browser: http://git.debian.org/?p=collab-maint/debsums.git;a=summary
+Vcs-Git: git://anonscm.debian.org/pkg-perl/packages/debsums.git
+Vcs-Browser: https://anonscm.debian.org/cgit/pkg-perl/packages/debsums.git
 
 Package: debsums
 Architecture: all
diff -Nru debsums-2.0.52+nmu3/debsums debsums-2.0.53/debsums
--- debsums-2.0.52+nmu3/debsums 2015-01-25 08:59:28.0 +0100
+++ debsums-2.0.53/debsums  2015-03-18 21:44:45.0 +0100
@@ -462,7 +462,7 @@
return 0;
}
 
-   my $correct_package = `dpkg-query "--admindir=$DPKG" -S "/$path" | awk 
-F: '{print \$1}'`;
+   my $correct_package = `dpkg-query "--admindir=$DPKG" -S "/$path" | awk 
-F': ' '{print \$1}'`;
chomp($correct_package);
if ($pack ne $correct_package) {
#print "$pack != $correct_package\n";

So please

unblock debsums/2.0.53

P.S.: Thanks to Niels for his help with stripping down the debdiff to
what's necessary to properly include the Maintainer switch.

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (600, 'testing'), (110, 'experimental'), (109, 
'buildd-unstable'), (109, 'buildd-experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.19.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
On 2015-03-18 22:37, Axel Beckert wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package debsums/2.0.53
> 
> Release 2.0.53 of debsums fixes https

Re: Hints for d-i jessie RC2, part 3

2015-03-18 Thread Niels Thykier 
On 2015-03-19 03:09, Cyril Brulebois wrote:
> [...]
> 
> Thank you. Could we get those added as well please?
> 
> 
> # fix for nasty bug #778773:
> unblock partman-base/183
> unblock-udeb partman-base/183
> 
> # no objection from d-i PoV at first glance:
> unblock-udeb openssh/1:6.7p1-4
> 

Ack, approved these as well.

> 
> 
> That one might be nice to get rid of for the time being, given the
> current status in [1,2]:
> 
> unblock partman-target/94
> 
>  [...]
> 
> 
> Mraw,
> KiBi.
> 

Ok, I have changed the unblock to a block it to make it clear that it
has been reviewed.

~Niels




-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/550a708f.7030...@thykier.net

Re: Fwd: Cap'n Proto security advisory / Debian

2015-03-18 Thread Tom Lee 
Thanks Vincent, new changeset looks like this (I swear I forget those DEP-3
headers every time):

https://github.com/thomaslee/capnproto-debian/compare/debian/0.4.1-2...maint-0.4.1

And updated package is up:

https://mentors.debian.net/package/capnproto

The unnecessary changes were rebased out of existence too. Thanks and
please do let me know if anything else looks amiss.

Cheers,
Tom


On Tue, Mar 17, 2015 at 11:29 PM, Vincent Bernat  wrote:

>  ❦ 17 mars 2015 21:32 -0700, Tom Lee  :
>
> > Let me know if there are any issues or concerns with the package on
> > m.d.o & I'll get it sorted out.
> >
> > Individual commits, if they're useful:
> >
> >
> https://github.com/thomaslee/capnproto-debian/compare/debian/0.4.1-2...maint-0.4.1
>
> Hi Tom!
>
> Please, use DEP-3 for patches:
>  http://dep.debian.net/deps/dep3/
>
> Since this is a security upload, you should just do the modifications
> that are strictly need. No Standards-Version change, no update of
> debian/watch.
> --
> Don't compare floating point numbers just for equality.
> - The Elements of Programming Style (Kernighan & Plauger)
>



-- 
*Tom Lee */ http://tomlee.co / @tglee

Re: Hints for d-i jessie RC2, part 3

2015-03-18 Thread Cyril Brulebois 
Niels Thykier  (2015-03-18):
> On 2015-03-18 16:25, Cyril Brulebois wrote:
> > Hi,
> > 
> > here's another list of stuff that would be nice to unblock. Feel free to
> > urgent anything (from this list or from the previous ones), so that we
> > don't get previous hints obsoleted.
> >  [...]
> > 
> > 
> > Mraw,
> > KiBi.
> > 
> 
> Unblocked, thanks.

Thank you. Could we get those added as well please?


# fix for nasty bug #778773:
unblock partman-base/183
unblock-udeb partman-base/183

# no objection from d-i PoV at first glance:
unblock-udeb openssh/1:6.7p1-4



That one might be nice to get rid of for the time being, given the
current status in [1,2]:

unblock partman-target/94

 1. https://bugs.debian.org/779075
 2. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761815#57


Mraw,
KiBi.


signature.asc
Description: Digital signature

Bug#779075: unblock: partman-target/94

2015-03-18 Thread Cyril Brulebois 
Cyril Brulebois  (2015-02-27):
> Control: tag -1 moreinfo
> 
> Since I'd like to perform some more tests with that one, tagging this
> bug report moreinfo to make sure this version doesn't get accidentally
> hinted into jessie too soon.

No good news for the time being, see:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761815#57

Mraw,
KiBi.


signature.asc
Description: Digital signature

Bug#780719: unblock: flightgear/3.0.0-5

2015-03-18 Thread Rebecca N. Palmer 

On 18/03/15 21:32, Markus Wanner wrote:

On 03/18/2015 09:09 PM, Adam D. Barratt wrote:

++write_allowed_paths.push_back("/tmp/*.xml");

Is that really intended? (Both the hardcoding of /tmp/ rather than using
something respecting TMPDIR and being allowed to write any ".xml"
there.)


It certainly matches Nasal/IOrules in flightgear-data,
Yes, the allowed-paths list is intentionally identical to the 
(post-#780716-fix) Nasal/IOrules: the purpose of this patch is to move 
the checking process to somewhere scripts can't disable.



I'm not quite sure what Nasal scripts need to write
temporary XML files.

I'm not aware of any that do, but haven't specifically looked.

Is untrusted scripts being able to write (not read) /tmp/*.xml a 
security or other RC bug (which would require a new upload of flightgear 
_and_ flightgear-data with the obvious fixes), or just not a good idea?



--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5509f867.9070...@zoho.com

Bug#780762: unblock: debsums/2.0.53

2015-03-18 Thread Axel Beckert 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debsums/2.0.53

Release 2.0.53 of debsums fixes https://bugs.debian.org/773136 which
has been upped to RC recently and Niels has acked that I should go on
with a fix of #773136 for Jessie.

Compared to my previous NMUs of debsums, this release also contains
the takeover of debsums by the Debian Perl Group with me added as
additional Uploader. For the discussions about moving to group
maintenance, see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744398#722 and
https://lists.debian.org/debian-perl/2015/01/msg00010.html.

I initially planned this switch with the first post-Jessie upload, but
since we now do another upload target for Jessie, I included the
takeover in this upload, too. This makes the diff a little bit larger:

diff -Nru debsums-2.0.52+nmu3/debian/changelog debsums-2.0.53/debian/changelog
--- debsums-2.0.52+nmu3/debian/changelog2015-01-25 08:59:28.0 
+0100
+++ debsums-2.0.53/debian/changelog 2015-03-18 21:44:45.0 +0100
@@ -1,3 +1,19 @@
+debsums (2.0.53) unstable; urgency=medium
+
+  * Take package under maintenance of the Debian Perl Group
++ Move Maintainer to Uploaders
++ Set Maintainer to the Debian Perl Group
++ Update Vcs-* header to point to pkg-perl git repository
++ See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744398#722 and
+  https://lists.debian.org/debian-perl/2015/01/msg00010.html for
+  discussions about moving to group maintenance.
+  * Add myself as Uploader.
+  * Canonicalize Vcs-* headers.
+  * Apply patch by Vladimir N. Solovyov to also report modified files of
+arch-qualified (multiarch) packages. (Closes: #773136)
+
+ -- Axel Beckert   Wed, 18 Mar 2015 20:35:02 +0100
+
 debsums (2.0.52+nmu3) unstable; urgency=medium
 
   * Non-maintainer upload
diff -Nru debsums-2.0.52+nmu3/debian/control debsums-2.0.53/debian/control
--- debsums-2.0.52+nmu3/debian/control  2015-01-25 08:58:22.0 +0100
+++ debsums-2.0.53/debian/control   2015-03-18 21:44:45.0 +0100
@@ -1,12 +1,12 @@
 Source: debsums
 Section: admin
 Priority: optional
-Maintainer: Ryan Niebur 
-Uploaders: Anders Kaseorg 
+Maintainer: Debian Perl Group 
+Uploaders: Ryan Niebur , Anders Kaseorg , 
Axel Beckert 
 Build-Depends: debhelper (>= 8), po-debconf, po4a
 Standards-Version: 3.9.3
-Vcs-Git: git://git.debian.org/git/collab-maint/debsums.git
-Vcs-Browser: http://git.debian.org/?p=collab-maint/debsums.git;a=summary
+Vcs-Git: git://anonscm.debian.org/pkg-perl/packages/debsums.git
+Vcs-Browser: https://anonscm.debian.org/cgit/pkg-perl/packages/debsums.git
 
 Package: debsums
 Architecture: all
diff -Nru debsums-2.0.52+nmu3/debsums debsums-2.0.53/debsums
--- debsums-2.0.52+nmu3/debsums 2015-01-25 08:59:28.0 +0100
+++ debsums-2.0.53/debsums  2015-03-18 21:44:45.0 +0100
@@ -462,7 +462,7 @@
return 0;
}
 
-   my $correct_package = `dpkg-query "--admindir=$DPKG" -S "/$path" | awk 
-F: '{print \$1}'`;
+   my $correct_package = `dpkg-query "--admindir=$DPKG" -S "/$path" | awk 
-F': ' '{print \$1}'`;
chomp($correct_package);
if ($pack ne $correct_package) {
#print "$pack != $correct_package\n";

So please

unblock debsums/2.0.53

P.S.: Thanks to Niels for his help with stripping down the debdiff to
what's necessary to properly include the Maintainer switch.

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (600, 'testing'), (110, 'experimental'), (109, 
'buildd-unstable'), (109, 'buildd-experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.19.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20150318213723.14236.23176.report...@c-cactus.deuxchevaux.org

Bug#780719: unblock: flightgear/3.0.0-5

2015-03-18 Thread Markus Wanner 
On 03/18/2015 09:09 PM, Adam D. Barratt wrote:
> Well, not really. A debdiff from which you'd filtered the patch was
> attached, as was the patch. I'm not convinced that actually provided any
> benefit over simply providing the unfiltered debdiff.

I personally always have trouble reading nested diffs ('+-' vs '-+',
anybody?). So this was intended to be helpful. Apologies, if it's not.
Granted, an entire file added is not quite as hard to read (i.e. no '-+'
possible).

> ++write_allowed_paths.push_back("/tmp/*.xml");
> 
> Is that really intended? (Both the hardcoding of /tmp/ rather than using
> something respecting TMPDIR and being allowed to write any ".xml"
> there.)

It certainly matches Nasal/IOrules in flightgear-data, so it seems well
intended, yes. And as advertized, it's clearly more restrictive than it
used to be.

According to the comment in that same file, only $FG_HOME and $FG_ROOT
are known variables to be replaced, there. Adding $TMPDIR might be a
bigger effort, but I'm not quite sure what Nasal scripts need to write
temporary XML files.

Rebecca, care to comment?

Regards

Markus Wanner




signature.asc
Description: OpenPGP digital signature

Processed: Re: Bug#780719: unblock: flightgear/3.0.0-5

2015-03-18 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + moreinfo
Bug #780719 [release.debian.org] unblock: flightgear/3.0.0-5
Added tag(s) moreinfo.

-- 
780719: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780719
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/handler.s.b780719.14267093902880.transcr...@bugs.debian.org

Bug#780719: unblock: flightgear/3.0.0-5

2015-03-18 Thread Adam D. Barratt 
Control: tags -1 + moreinfo

On Wed, 2015-03-18 at 11:50 +0100, Markus Wanner wrote:
> please unblock the package flightgear-3.0.0-5 as recently uploaded to
> unstable. It fixes a security issue by disallowing nasal scripts to
> access or modify files, see #780712. I kept the packaging changes as
> minimal as possible. A debdiff and the patch are attached for review.

Well, not really. A debdiff from which you'd filtered the patch was
attached, as was the patch. I'm not convinced that actually provided any
benefit over simply providing the unfiltered debdiff.

++write_allowed_paths.push_back("/tmp/*.xml");

Is that really intended? (Both the hardcoding of /tmp/ rather than using
something respecting TMPDIR and being allowed to write any ".xml"
there.)

Regards,

Adam


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1426709380.1658.19.ca...@adam-barratt.org.uk

Bug#780722: marked as done (unblock: flightgear-data/3.0.0-3)

2015-03-18 Thread Debian Bug Tracking System 
Your message dated Wed, 18 Mar 2015 20:20:44 +
with message-id <1426710044.1658.20.ca...@adam-barratt.org.uk>
and subject line Re: Bug#780722: unblock: flightgear-data/3.0.0-3
has caused the Debian Bug report #780722,
regarding unblock: flightgear-data/3.0.0-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
780722: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780722
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

please unblock the package flightgear-data-3.0.0-3 as recently uploaded
to unstable. It fixes a minor security issue by disallowing nasal
scripts read access to the entire filesystem, see #780716. I kept the
packaging changes as minimal as possible. A debdiff and the patch are
both attached for review.

unblock flightgear-data/3.0.0-3

Regards

Markus Wanner
diff -Nru flightgear-data-3.0.0/debian/changelog flightgear-data-3.0.0/debian/changelog
--- flightgear-data-3.0.0/debian/changelog	2014-11-07 17:28:14.0 +0100
+++ flightgear-data-3.0.0/debian/changelog	2015-03-18 11:24:45.0 +0100
@@ -1,3 +1,11 @@
+flightgear-data (3.0.0-3) unstable; urgency=high
+
+  * Add patch 60da20.patch removing FG_SCENERY from the list of
+allowed directories to disallow nasal scripts from reading any
+file as the user. Closes: #780716.
+
+ -- Markus Wanner   Wed, 18 Mar 2015 10:43:34 +0100
+
 flightgear-data (3.0.0-2) unstable; urgency=medium
 
   [ Rebecca N. Palmer ]
diff -Nru flightgear-data-3.0.0/debian/patches/60da20.patch flightgear-data-3.0.0/debian/patches/60da20.patch
--- flightgear-data-3.0.0/debian/patches/60da20.patch	1970-01-01 01:00:00.0 +0100
+++ flightgear-data-3.0.0/debian/patches/60da20.patch	2015-03-18 11:08:01.0 +0100
@@ -0,0 +1,21 @@
+Description: Drop FG_SCENERY from the accepted file access list
+ The allowed directories for reading include FG_SCENERY, which can
+ be changed from Nasal via /sim/terrasync/scenery-dir. Effectively
+ allowing a nasal script to access any file with the user's
+ permission.
+Author: Rebecca N. Palmer 
+Last-Update: 13-03-2015
+Origin: http://sourceforge.net/p/flightgear/fgdata/ci/60da2094252cee1a5cdfe737f29becd5c6800549
+
+diff --git a/Nasal/IOrules b/Nasal/IOrules
+index 71d2f67..ddb0189 100644
+--- a/Nasal/IOrules
 b/Nasal/IOrules
+@@ -28,7 +28,6 @@
+ READ ALLOW $FG_ROOT/*
+ READ ALLOW $FG_HOME/*
+ READ ALLOW $FG_AIRCRAFT/*
+-READ ALLOW $FG_SCENERY/*
+ 
+ WRITE ALLOW /tmp/*.xml
+ WRITE ALLOW $FG_HOME/*.sav
diff -Nru flightgear-data-3.0.0/debian/patches/series flightgear-data-3.0.0/debian/patches/series
--- flightgear-data-3.0.0/debian/patches/series	2014-11-06 20:12:35.0 +0100
+++ flightgear-data-3.0.0/debian/patches/series	2015-03-18 10:44:02.0 +0100
@@ -1,2 +1,3 @@
 766251.patch
 translation-update-pt.diff
+60da20.patch


signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
On Wed, 2015-03-18 at 12:15 +0100, Markus Wanner wrote:
> please unblock the package flightgear-data-3.0.0-3 as recently uploaded
> to unstable. It fixes a minor security issue by disallowing nasal
> scripts read access to the entire filesystem, see #780716. I kept the
> packaging changes as minimal as possible. A debdiff and the patch are
> both attached for review.

Unblocked, thanks.

Regards,

Adam--- End Message ---

Re: Hints for d-i jessie RC2, part 3

2015-03-18 Thread Niels Thykier 
On 2015-03-18 16:25, Cyril Brulebois wrote:
> Hi,
> 
> here's another list of stuff that would be nice to unblock. Feel free to
> urgent anything (from this list or from the previous ones), so that we
> don't get previous hints obsoleted.
>  [...]
> 
> 
> Mraw,
> KiBi.
> 

Unblocked, thanks.

~Niels



-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5509be0b.6070...@thykier.net

Bug#780723: marked as done (unblock: forked-daapd/22.0-2)

2015-03-18 Thread Debian Bug Tracking System 
Your message dated Wed, 18 Mar 2015 18:54:38 +0100
with message-id <5509bbde.8050...@thykier.net>
and subject line Re: Bug#780723: unblock: forked-daapd/22.0-2
has caused the Debian Bug report #780723,
regarding unblock: forked-daapd/22.0-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
780723: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780723
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear Release Team,

Please unblock latest forked-daapd in unstable. It fixes several RC bugs:

Changes:
 forked-daapd (22.0-2) unstable; urgency=medium
 .
   * Fix compatibility with iTunes 12.1 (Closes: #778995)
   * Fix two segfaults with upstream patches (Closes: #778996)
   * Fix playing audio locally (Closes: #779011)

Please see the debdiff is attached.

Cheers,
Balint


forked-daapd-22.0-2.debdiff
Description: Binary data
--- End Message ---
--- Begin Message ---
On 2015-03-18 12:21, Bálint Réczey wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Dear Release Team,
> 
> Please unblock latest forked-daapd in unstable. It fixes several RC bugs:
> 
> Changes:
>  forked-daapd (22.0-2) unstable; urgency=medium
>  .
>* Fix compatibility with iTunes 12.1 (Closes: #778995)
>* Fix two segfaults with upstream patches (Closes: #778996)
>* Fix playing audio locally (Closes: #779011)
> 
> Please see the debdiff is attached.
> 
> Cheers,
> Balint
> 

Unblocked, thanks.

~Niels--- End Message ---

Bug#780720: marked as done (unblock: gnome-boxes/3.14.2-2)

2015-03-18 Thread Debian Bug Tracking System 
Your message dated Wed, 18 Mar 2015 18:48:52 +0100
with message-id <5509ba84.2080...@thykier.net>
and subject line Re: Bug#780720: unblock: gnome-boxes/3.14.2-2
has caused the Debian Bug report #780720,
regarding unblock: gnome-boxes/3.14.2-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
780720: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780720
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package gnome-boxes

As discussed privately, jmm wanted to see fuseiso gone
and gnome-boxes had an unneccesary/useless dependency on it.
The new version simply drops the fuseiso dependency.

unblock gnome-boxes/3.14.2-2

-- System Information:
Debian Release: 8.0
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
On 2015-03-18 11:51, Andreas Henriksson wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package gnome-boxes
> 
> As discussed privately, jmm wanted to see fuseiso gone
> and gnome-boxes had an unneccesary/useless dependency on it.
> The new version simply drops the fuseiso dependency.
> 
> unblock gnome-boxes/3.14.2-2
> 
> [...]

Unblocked, thanks.

~Niels--- End Message ---

VOCÊ POSSUI UM AVAST ANTIVÍRUS ILEGAL

2015-03-18 Thread Tony Allbr 
 VOCÊ POSSUI UM AVAST ANTIVÍRUS ILEGAL
Eis a solução do seu problema! 
Siga todos os passos que você vai conseguir aqui... 
https://youtu.be/EqRQrIo3QNA

Bug#780465: jessie-pu: package glibc/2.19-17

2015-03-18 Thread Cyril Brulebois 
Hi,

Niels Thykier  (2015-03-14):
> Thanks for fixing one of the remaining Jessie blockers. :)  I have
> unblocked it from the RT side and am CC'ing KiBi for a d-i ack.
> Including the debdiff below for his convenience too.

I'll get to it before the week end. Thanks for bearing with me.

Mraw,
KiBi.


signature.asc
Description: Digital signature

Hints for d-i jessie RC2, part 3

2015-03-18 Thread Cyril Brulebois 
Hi,

here's another list of stuff that would be nice to unblock. Feel free to
urgent anything (from this list or from the previous ones), so that we
don't get previous hints obsoleted.


# update master list + l10n:
unblock choose-mirror/2.61
unblock-udeb choose-mirror/2.61

# l10n:
unblock clock-setup/0.122
unblock-udeb clock-setup/0.122

# l10n:
unblock console-setup/1.119
unblock-udeb console-setup/1.119:

# l10n:
unblock grub-installer/1.113
unblock-udeb grub-installer/1.113

# small bugfix:
unblock netcfg/1.130
unblock-udeb netcfg/1.130

# l10n:
unblock partman-iscsi/34
unblock-udeb partman-iscsi/34

# l10n:
unblock partman-partitioning/108
unblock-udeb partman-partitioning/108

# for kfreebsd:
unblock partman-zfs/43
unblock-udeb partman-zfs/43

# l10n:
unblock rescue/1.49
unblock-udeb rescue/1.49


Mraw,
KiBi.


signature.asc
Description: Digital signature

Bug#780726: unblock: xbmc-pvr-addons/13.0+git20140512+g91cc731+dfsg1-2

2015-03-18 Thread Bálint Réczey 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear Release Team,

Please unblock latest  xbmc-pvr-addons in unstable. It fixes FTBFS on
mips and drops an obsolete dependency:

 xbmc-pvr-addons (13.0+git20140512+g91cc731+dfsg1-2) unstable; urgency=low
 .
   [ Balint Reczey ]
   * Stop build-depending on libavcodec-dev (Closes: #755818)
 .
   [ James Cowgill ]
   * Fix build on MIPS by using generic atomics (Closes: #778830)

Please see the debdiff is attached.

Cheers,
Balint


xbmc-pvr-addons_13.0+git20140512+g91cc731+dfsg1-2.debdiff
Description: Binary data

Bug#780723: unblock: forked-daapd/22.0-2

2015-03-18 Thread Bálint Réczey 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear Release Team,

Please unblock latest forked-daapd in unstable. It fixes several RC bugs:

Changes:
 forked-daapd (22.0-2) unstable; urgency=medium
 .
   * Fix compatibility with iTunes 12.1 (Closes: #778995)
   * Fix two segfaults with upstream patches (Closes: #778996)
   * Fix playing audio locally (Closes: #779011)

Please see the debdiff is attached.

Cheers,
Balint


forked-daapd-22.0-2.debdiff
Description: Binary data

Bug#780722: unblock: flightgear-data/3.0.0-3

2015-03-18 Thread Markus Wanner 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

please unblock the package flightgear-data-3.0.0-3 as recently uploaded
to unstable. It fixes a minor security issue by disallowing nasal
scripts read access to the entire filesystem, see #780716. I kept the
packaging changes as minimal as possible. A debdiff and the patch are
both attached for review.

unblock flightgear-data/3.0.0-3

Regards

Markus Wanner
diff -Nru flightgear-data-3.0.0/debian/changelog flightgear-data-3.0.0/debian/changelog
--- flightgear-data-3.0.0/debian/changelog	2014-11-07 17:28:14.0 +0100
+++ flightgear-data-3.0.0/debian/changelog	2015-03-18 11:24:45.0 +0100
@@ -1,3 +1,11 @@
+flightgear-data (3.0.0-3) unstable; urgency=high
+
+  * Add patch 60da20.patch removing FG_SCENERY from the list of
+allowed directories to disallow nasal scripts from reading any
+file as the user. Closes: #780716.
+
+ -- Markus Wanner   Wed, 18 Mar 2015 10:43:34 +0100
+
 flightgear-data (3.0.0-2) unstable; urgency=medium
 
   [ Rebecca N. Palmer ]
diff -Nru flightgear-data-3.0.0/debian/patches/60da20.patch flightgear-data-3.0.0/debian/patches/60da20.patch
--- flightgear-data-3.0.0/debian/patches/60da20.patch	1970-01-01 01:00:00.0 +0100
+++ flightgear-data-3.0.0/debian/patches/60da20.patch	2015-03-18 11:08:01.0 +0100
@@ -0,0 +1,21 @@
+Description: Drop FG_SCENERY from the accepted file access list
+ The allowed directories for reading include FG_SCENERY, which can
+ be changed from Nasal via /sim/terrasync/scenery-dir. Effectively
+ allowing a nasal script to access any file with the user's
+ permission.
+Author: Rebecca N. Palmer 
+Last-Update: 13-03-2015
+Origin: http://sourceforge.net/p/flightgear/fgdata/ci/60da2094252cee1a5cdfe737f29becd5c6800549
+
+diff --git a/Nasal/IOrules b/Nasal/IOrules
+index 71d2f67..ddb0189 100644
+--- a/Nasal/IOrules
 b/Nasal/IOrules
+@@ -28,7 +28,6 @@
+ READ ALLOW $FG_ROOT/*
+ READ ALLOW $FG_HOME/*
+ READ ALLOW $FG_AIRCRAFT/*
+-READ ALLOW $FG_SCENERY/*
+ 
+ WRITE ALLOW /tmp/*.xml
+ WRITE ALLOW $FG_HOME/*.sav
diff -Nru flightgear-data-3.0.0/debian/patches/series flightgear-data-3.0.0/debian/patches/series
--- flightgear-data-3.0.0/debian/patches/series	2014-11-06 20:12:35.0 +0100
+++ flightgear-data-3.0.0/debian/patches/series	2015-03-18 10:44:02.0 +0100
@@ -1,2 +1,3 @@
 766251.patch
 translation-update-pt.diff
+60da20.patch


signature.asc
Description: OpenPGP digital signature

Bug#780720: unblock: gnome-boxes/3.14.2-2

2015-03-18 Thread Andreas Henriksson 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package gnome-boxes

As discussed privately, jmm wanted to see fuseiso gone
and gnome-boxes had an unneccesary/useless dependency on it.
The new version simply drops the fuseiso dependency.

unblock gnome-boxes/3.14.2-2

-- System Information:
Debian Release: 8.0
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20150318105158.31666.80289.report...@mbpah.endian.se

Bug#780719: unblock: flightgear/3.0.0-5

2015-03-18 Thread Markus Wanner 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

please unblock the package flightgear-3.0.0-5 as recently uploaded to
unstable. It fixes a security issue by disallowing nasal scripts to
access or modify files, see #780712. I kept the packaging changes as
minimal as possible. A debdiff and the patch are attached for review.

unblock flightgear/3.0.0-5

Regards

Markus Wanner
diff -Nru flightgear-3.0.0/debian/changelog flightgear-3.0.0/debian/changelog
--- flightgear-3.0.0/debian/changelog	2014-11-07 17:27:50.0 +0100
+++ flightgear-3.0.0/debian/changelog	2015-03-18 11:19:39.0 +0100
@@ -1,3 +1,10 @@
+flightgear (3.0.0-5) unstable; urgency=high
+
+  * Add patch 6a30e70.patch to better restrict file access from
+nasal scripts. Closes: #780712.
+
+ -- Markus Wanner   Wed, 18 Mar 2015 08:45:21 +0100
+
 flightgear (3.0.0-4) unstable; urgency=medium
 
   * Add patch 750939.patch. Closes: #750939.
diff -Nru flightgear-3.0.0/debian/patches/6a30e7.patch flightgear-3.0.0/debian/patches/6a30e7.patch
# patch attached directly for better readability
diff -Nru flightgear-3.0.0/debian/patches/series flightgear-3.0.0/debian/patches/series
--- flightgear-3.0.0/debian/patches/series	2014-10-27 11:33:44.0 +0100
+++ flightgear-3.0.0/debian/patches/series	2015-03-18 08:48:58.0 +0100
@@ -2,3 +2,4 @@
 nasal-fix.patch
 fix-mobile-tacan.patch
 750939.patch
+6a30e7.patch
Description: Restrict file access for Nasal scripts.
 Stop using property listener for fgValidatePath
 .   
 This was insecure: while removelistener() won't remove it, there are
 other ways to remove a listener from Nasal
Author: Rebecca N. Palmer 
Last-Update: 13-03-2015
Origin: http://sourceforge.net/p/flightgear/flightgear/ci/6a30e7086ea2f1a060dd77dab6e7e8a15b43e82d

--- a/src/Main/util.cxx
+++ b/src/Main/util.cxx
@@ -33,6 +33,7 @@
 #include 
 #include 
 
+#include 
 #include "fg_io.hxx"
 #include "fg_props.hxx"
 #include "globals.hxx"
@@ -71,32 +72,142 @@
 return current;
 }
 
-// Write out path to validation node and read it back in. A Nasal
-// listener is supposed to replace the path with a validated version
-// or an empty string otherwise.
-const char *fgValidatePath (const char *str, bool write)
+static string_list read_allowed_paths;
+static string_list write_allowed_paths;
+
+// Allowed paths here are absolute, and may contain _one_ *,
+// which matches any string
+// FG_SCENERY is deliberately not allowed, as it would make
+// /sim/terrasync/scenery-dir a security hole
+void fgInitAllowedPaths()
 {
-SGPropertyNode_ptr r, w;
-r = fgGetNode("/sim/paths/validate/read", true);
-r->setAttribute(SGPropertyNode::READ, true);
-r->setAttribute(SGPropertyNode::WRITE, true);
-
-w = fgGetNode("/sim/paths/validate/write", true);
-w->setAttribute(SGPropertyNode::READ, true);
-w->setAttribute(SGPropertyNode::WRITE, true);
-
-SGPropertyNode *prop = write ? w : r;
-prop->setStringValue(str);
-const char *result = prop->getStringValue();
-return result[0] ? result : 0;
+read_allowed_paths.clear();
+write_allowed_paths.clear();
+read_allowed_paths.push_back(globals->get_fg_root() + "/*");
+read_allowed_paths.push_back(globals->get_fg_home() + "/*");
+string_list const aircraft_paths = globals->get_aircraft_paths();
+for( string_list::const_iterator it = aircraft_paths.begin();
+ it != aircraft_paths.end();
+   ++it )
+{
+read_allowed_paths.push_back(*it + "/*");
+}
+
+for( string_list::const_iterator it = read_allowed_paths.begin();
+ it != read_allowed_paths.end();
+   ++it )
+{ // if we get the initialization order wrong, better to have an
+  // obvious error than a can-read-everything security hole...
+if (!(it->compare("/*"))){
+flightgear::fatalMessageBox("Nasal initialization error",
+"Empty string in FG_ROOT, FG_HOME or FG_AIRCRAFT",
+"or fgInitAllowedPaths() called too early");
+exit(-1);
+}
+}
+write_allowed_paths.push_back("/tmp/*.xml");
+write_allowed_paths.push_back(globals->get_fg_home() + "/*.sav");
+write_allowed_paths.push_back(globals->get_fg_home() + "/*.log");
+write_allowed_paths.push_back(globals->get_fg_home() + "/cache/*");
+write_allowed_paths.push_back(globals->get_fg_home() + "/Export/*");
+write_allowed_paths.push_back(globals->get_fg_home() + "/state/*.xml");
+write_allowed_paths.push_back(globals->get_fg_home() + "/aircraft-data/*.xml");
+write_allowed_paths.push_back(globals->get_fg_home() + "/Wildfire/*.xml");
+write_allowed_paths.push_back(globals->get_fg_home() + "/runtime-jetways/*.xml");
+write_allowed_paths.push_back(globals->get_fg_home()