Bug#942440: transition: libevent
On Mon, Nov 11, 2019 at 11:07 PM Paul Gevers wrote: > > Control: tags -1 confirmed > > Hi Balint, > > On 16-10-2019 13:44, Balint Reczey wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: transition > > > > Dear Release Team, > > > > I would like to update libevent in unstable. > > > > I have performed test rebuilds [1] in Ubuntu 19.10 which found no > > libenvent-specific FTBFS issue. > > Please go ahead. Uploaded, thanks. Cheers, Balint -- Balint Reczey Ubuntu & Debian Developer
Bug#942440: transition: libevent
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Dear Release Team, I would like to update libevent in unstable. I have performed test rebuilds [1] in Ubuntu 19.10 which found no libenvent-specific FTBFS issue. In terms of 'ben' lingo, the transition has the following parameters: Affected: .depends ~ /\b(libevent\-2\.1\-7|libevent\-core\-2\.1\-7|libevent\-extra\-2\.1\-7|libevent\-openssl\-2\.1\-7|libevent\-pthreads\-2\.1\-7|libevent\-2\.1\-6|libevent\-core\-2\.1\-6|libevent\-extra\-2\.1\-6|libevent\-openssl\-2\.1\-6|libevent\-pthreads\-2\.1\-6)\b/ Good: .depends ~ /\b(libevent\-2\.1\-7|libevent\-core\-2\.1\-7|libevent\-extra\-2\.1\-7|libevent\-openssl\-2\.1\-7|libevent\-pthreads\-2\.1\-7)\b/ Bad: .depends ~ /\b(libevent\-2\.1\-6|libevent\-core\-2\.1\-6|libevent\-extra\-2\.1\-6|libevent\-openssl\-2\.1\-6|libevent\-pthreads\-2\.1\-6)\b/ Cheers, Balint [1]: https://launchpad.net/~rbalint/+archive/ubuntu/scratch4/+packages -- Balint Reczey Ubuntu & Debian Developer
Bug#918706: nmu: multiple imagemagick reverse dependencies
Package: release.debian.org User: release.debian@packages.debian.org Usertags: binnmu Severity: normal Dear Release Team, Imagemagick upstream temporarily broke ABI (#916839) and the following packages may need a binNMU as the current packages were built and linked with the broken imagemagick libraries while they were present in the archive: nmu aiscm_0.18.1-1 . ANY . -m 'Rebuild against imagemagick that fixed ABI breakage.' nmu chafa_1.0.1-2 . ANY . -m 'Rebuild against imagemagick that fixed ABI breakage.' nmu emacs_1:25.2+1-11 . ANY . -m 'Rebuild against imagemagick that fixed ABI breakage.' nmu gem_1:0.94~pre1-1 . ANY . -m 'Rebuild against imagemagick that fixed ABI breakage.' nmu graphicsmagick_1.4~hg15873-1 . ANY . -m 'Rebuild against imagemagick that fixed ABI breakage.' nmu inkscape_0.92.3-7 . ANY . -m 'Rebuild against imagemagick that fixed ABI breakage.' nmu pqiv_2.11-1 . ANY . -m 'Rebuild against imagemagick that fixed ABI breakage.' nmu vips_8.7.2-1 . ANY . -m 'Rebuild against imagemagick that fixed ABI breakage.' Imagemagick already build for the release architectures but on some ports a dependency-wait could be applied for imagemagick (8:6.9.10.23+dfsg-1). Thanks, Balint -- Balint Reczey Ubuntu & Debian Developer
Bug#877374: stretch-pu: shadow 1:4.4-4.1+deb9u1
On Sat, Jan 13, 2018 at 5:14 PM, Julien Cristau <jcris...@debian.org> wrote: > Control: tag -1 moreinfo > > On Sun, Oct 1, 2017 at 08:04:48 +0200, Balint Reczey wrote: > >> shadow (1:4.4-4.1+deb9u1) stretch; urgency=medium >> . >>* Revert adding pts/0 and pts/1 to securetty. >> Adding pts/* defeats the purpose of securetty. Let containers add it if >> needed as described in #830255. > > I'm not sure I'm comfortable with the regression risk for users from > this one. How long have those been listed in securetty? It was added in 1:4.4-2 since 2017-01-19 to 2017-09-27 when 1:4.5-1 reverted it. Cheers, Balint
Bug#877374: stretch-pu: shadow 1:4.4-4.1+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Dear Release Team, I have prepared an update for the shadow package which may be released as a stable update: Changes: shadow (1:4.4-4.1+deb9u1) stretch; urgency=medium . * Revert adding pts/0 and pts/1 to securetty. Adding pts/* defeats the purpose of securetty. Let containers add it if needed as described in #830255. * Fix buffer overflow if NULL line is present in db (CVE-2017-12424) (Closes: #756630) The Security Team suggested fixing those minor security-related issues via proposed-updates rather than via stretch-security. Thanks, Balint diff -Nru shadow-4.4/debian/changelog shadow-4.4/debian/changelog --- shadow-4.4/debian/changelog 2017-05-17 13:59:59.0 +0200 +++ shadow-4.4/debian/changelog 2017-09-30 03:30:30.0 +0200 @@ -1,3 +1,13 @@ +shadow (1:4.4-4.1+deb9u1) stretch; urgency=medium + + * Revert adding pts/0 and pts/1 to securetty. +Adding pts/* defeats the purpose of securetty. Let containers add it if +needed as described in #830255. + * Fix buffer overflow if NULL line is present in db (CVE-2017-12424) +(Closes: #756630) + + -- Balint Reczey <bal...@balintreczey.hu> Fri, 29 Sep 2017 21:30:30 -0400 + shadow (1:4.4-4.1) unstable; urgency=high * Non-maintainer upload. diff -Nru shadow-4.4/debian/patches/0009-Fix-buffer-overflow-if-NULL-line-is-present-in-db.patch shadow-4.4/debian/patches/0009-Fix-buffer-overflow-if-NULL-line-is-present-in-db.patch --- shadow-4.4/debian/patches/0009-Fix-buffer-overflow-if-NULL-line-is-present-in-db.patch 1970-01-01 01:00:00.0 +0100 +++ shadow-4.4/debian/patches/0009-Fix-buffer-overflow-if-NULL-line-is-present-in-db.patch 2017-09-30 03:30:30.0 +0200 @@ -0,0 +1,42 @@ +From 954e3d2e7113e9ac06632aee3c69b8d818cc8952 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz <tm...@fedoraproject.org> +Date: Fri, 31 Mar 2017 16:25:06 +0200 +Subject: [PATCH] Fix buffer overflow if NULL line is present in db. + +If ptr->line == NULL for an entry, the first cycle will exit, +but the second one will happily write past entries buffer. +We actually do not want to exit the first cycle prematurely +on ptr->line == NULL. +Signed-off-by: Tomas Mraz <tm...@fedoraproject.org> +--- + lib/commonio.c | 8 + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/lib/commonio.c b/lib/commonio.c +index b10da06a..31edbaaf 100644 +--- a/lib/commonio.c b/lib/commonio.c +@@ -751,16 +751,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *)) + for (ptr = db->head; + (NULL != ptr) + #if KEEP_NIS_AT_END +- && (NULL != ptr->line) +- && ( ('+' != ptr->line[0]) +- && ('-' != ptr->line[0])) ++ && ((NULL == ptr->line) ++ || (('+' != ptr->line[0]) ++ && ('-' != ptr->line[0]))) + #endif + ; + ptr = ptr->next) { + n++; + } + #if KEEP_NIS_AT_END +- if ((NULL != ptr) && (NULL != ptr->line)) { ++ if (NULL != ptr) { + nis = ptr; + } + #endif +-- +2.11.0 + diff -Nru shadow-4.4/debian/patches/series shadow-4.4/debian/patches/series --- shadow-4.4/debian/patches/series 2017-05-17 13:59:59.0 +0200 +++ shadow-4.4/debian/patches/series 2017-09-30 03:30:30.0 +0200 @@ -6,6 +6,7 @@ 0006-French-manpage-translation.patch 0007-Fix-some-spelling-issues-in-the-Norwegian-translatio.patch 0008-su-properly-clear-child-PID.patch +0009-Fix-buffer-overflow-if-NULL-line-is-present-in-db.patch 301-Reset-pid_child-only-if-waitpid-was-successful.patch # These patches are only for the testsuite: diff -Nru shadow-4.4/debian/securetty.linux shadow-4.4/debian/securetty.linux --- shadow-4.4/debian/securetty.linux 2017-05-17 13:59:59.0 +0200 +++ shadow-4.4/debian/securetty.linux 2017-09-30 03:30:30.0 +0200 @@ -164,11 +164,6 @@ ttyM1 #... -# Unix98 PTY slaves -pts/0 -pts/1 -#... - # Technology Concepts serial card ttyT0 ttyT1
Bug#869956: transition: libevent 2.1.8-stable-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Block: -1 by 869900 869902 869951 Dear Release Team, I would like to upload libevent 2.1.8-stable to unstable. Test rebuild in Debian revealed 3 reverse build dependencies which FTBFS and I filed bugs against them linking to the build logs [1]. Test rebuild in Ubuntu showed similar results with a few unrelated build failures [2] Thanks, Balint [1] https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=libevent-20170726=rbalint%40ubuntu.com;dist=unstable [2] https://launchpad.net/~rbalint/+archive/ubuntu/libevent-2.1/+packages -- Balint Reczey Debian & Ubuntu Developer
Bug#863476: unblock: kodi/2:17.1+dfsg1-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear Release Team, Please unblock the kodi update which fixes a security issue: Changes: kodi (2:17.1+dfsg1-3) unstable; urgency=medium . * Fix zip file directory traversal vulnerability (CVE-2017-8314) (Closes: #863230) Please find the debdiff attached. Cheers, Balint -- Balint Reczey Debian & Ubuntu Developer diff -Nru kodi-17.1+dfsg1/debian/changelog kodi-17.1+dfsg1/debian/changelog --- kodi-17.1+dfsg1/debian/changelog 2017-04-14 00:07:38.0 +0200 +++ kodi-17.1+dfsg1/debian/changelog 2017-05-27 02:49:58.0 +0200 @@ -1,3 +1,10 @@ +kodi (2:17.1+dfsg1-3) unstable; urgency=medium + + * Fix zip file directory traversal vulnerability (CVE-2017-8314) +(Closes: #863230) + + -- Balint Reczey <rbal...@ubuntu.com> Sat, 27 May 2017 00:50:34 +0200 + kodi (2:17.1+dfsg1-2) unstable; urgency=medium * Upload to unstable diff -Nru kodi-17.1+dfsg1/debian/patches/0005-filesystem-ZipManager-skip-path-traversal.patch kodi-17.1+dfsg1/debian/patches/0005-filesystem-ZipManager-skip-path-traversal.patch --- kodi-17.1+dfsg1/debian/patches/0005-filesystem-ZipManager-skip-path-traversal.patch 1970-01-01 01:00:00.0 +0100 +++ kodi-17.1+dfsg1/debian/patches/0005-filesystem-ZipManager-skip-path-traversal.patch 2017-05-27 02:49:58.0 +0200 @@ -0,0 +1,107 @@ +From 35cfe35608b15335ef21d798947fceab3f47c8d7 Mon Sep 17 00:00:00 2001 +From: Rechi <re...@users.noreply.github.com> +Date: Wed, 10 May 2017 10:21:42 +0200 +Subject: [PATCH] [filesystem] ZipManager: skip path traversal + +--- + xbmc/filesystem/ZipManager.cpp | 3 ++- + xbmc/filesystem/ZipManager.h| 3 +++ + xbmc/filesystem/test/CMakeLists.txt | 3 ++- + xbmc/filesystem/test/TestZipManager.cpp | 38 + + 4 files changed, 45 insertions(+), 2 deletions(-) + create mode 100644 xbmc/filesystem/test/TestZipManager.cpp + +diff --git a/xbmc/filesystem/ZipManager.cpp b/xbmc/filesystem/ZipManager.cpp +index df6220b..f2c6973 100644 +--- a/xbmc/filesystem/ZipManager.cpp b/xbmc/filesystem/ZipManager.cpp +@@ -199,7 +199,8 @@ bool CZipManager::GetZipList(const CURL& url, std::vector& items) + // Jump after central file header extra field and file comment + mFile.Seek(ze.eclength + ze.clength,SEEK_CUR); + +-items.push_back(ze); ++if (!std::regex_search(strName, PATH_TRAVERSAL)) ++ items.push_back(ze); + } + + /* go through list and figure out file header lengths */ +diff --git a/xbmc/filesystem/ZipManager.h b/xbmc/filesystem/ZipManager.h +index 551fe5d..93243b9 100644 +--- a/xbmc/filesystem/ZipManager.h b/xbmc/filesystem/ZipManager.h +@@ -32,12 +32,15 @@ + #define ECDREC_SIZE 22 + + #include ++#include + #include + #include + #include + + class CURL; + ++static const std::regex PATH_TRAVERSAL(R"_((^|\/|\\)\.{2}($|\/|\\))_"); ++ + struct SZipEntry { + unsigned int header; + unsigned short version; +diff --git a/xbmc/filesystem/test/CMakeLists.txt b/xbmc/filesystem/test/CMakeLists.txt +index 5d77633..5be4e3d 100644 +--- a/xbmc/filesystem/test/CMakeLists.txt b/xbmc/filesystem/test/CMakeLists.txt +@@ -2,6 +2,7 @@ set(SOURCES TestDirectory.cpp + TestFile.cpp + TestFileFactory.cpp + TestRarFile.cpp +-TestZipFile.cpp) ++TestZipFile.cpp ++TestZipManager.cpp) + + core_add_test_library(filesystem_test) +diff --git a/xbmc/filesystem/test/TestZipManager.cpp b/xbmc/filesystem/test/TestZipManager.cpp +new file mode 100644 +index 000..b72dbb6 +--- /dev/null b/xbmc/filesystem/test/TestZipManager.cpp +@@ -0,0 +1,38 @@ ++/* ++ * Copyright (C) 2017 Team XBMC ++ * http://xbmc.org ++ * ++ * This Program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2, or (at your option) ++ * any later version. ++ * ++ * This Program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with XBMC; see the file COPYING. If not, see ++ * <http://www.gnu.org/licenses/>. ++ * ++ */ ++ ++#include "filesystem/ZipManager.h" ++ ++#include "gtest/gtest.h" ++ ++TEST(TestZipManager, PathTraversal) ++{ ++ ASSERT_TRUE(std::regex_search("..", PATH_TRAVERSAL)); ++ ASSERT_TRUE(std::regex_search("../test.txt", PATH_TRAVERSAL)); ++ ASSERT_TRUE(std::regex_search("..\\test.txt", PATH_TRAVERSAL)); ++ ASSERT_TRUE(std::regex_search("test/../test.txt", PATH_TRAVERSAL)); ++ ASSERT_T
Bug#859708: unblock: kodi/2:17.1+dfsg1-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear Release Team, Current kodi version in Stretch is 2:17.0+dfsg1-3 but upstream already released Kodi 17.1 which is available from experimental as 2:17.1+dfsg1-1. Among many other bugfixes it fixes #847701 which made kodi unusable on many slower i386 machines. I believe 17.1 would be a better fit for Stretch, while the diff between 17.0 and 17.1 contains quite a lot bug fixes: https://github.com/xbmc/xbmc/compare/a10c5048f2487bd9b2dc1f35d2fee48a2594...fc1619b118f6d503f920a49cf4ac4afcd0dd6b41 At the moment 2:17.1+dfsg1-1 is uploaded to experimental only and I would like to upload 2:17.0+dfsg1-2 with no new changes to unstable if it would be allowed to migrate to testing. Otherwise I will just triage and add the fix for #847701 to 2:17.0+dfsg1-3 and upload that minimal change to unstable as 2:17.0+dfsg1-4, but would prefer going th 17.1 way. Please share your opinion about the options. The attached patch contains the packaging changes only because the full debdiff is ~400k. Cheers, Balint unblock kodi/2:17.1+dfsg1-2 diff --git a/debian/changelog b/debian/changelog index cd613f2..5bda691 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,22 @@ +kodi (2:17.1+dfsg1-1) experimental; urgency=medium + + * Depend on fonts-noto-mono package which contains NotoMono-Regular.ttf +(Closes: #856668) + * Fix FTBFS on alpha by not using Intel assempler code (Closes: #856815) + * Imported Upstream version 17.1+dfsg1 +See: https://kodi.tv/kodi-v17-1-krypton + * Update my Uploader email address to my Ubuntu one + * Fix extract-components target in d/rules + + -- Balint Reczey <rbal...@ubuntu.com> Sun, 02 Apr 2017 11:01:21 +0200 + +kodi (2:17.1~rc1+dfsg1-1) experimental; urgency=medium + + * Imported Upstream version 17.1~rc1+dfsg1 + * Refresh patches + + -- Balint Reczey <bal...@balintreczey.hu> Tue, 28 Feb 2017 02:21:54 +0100 + kodi (2:17.0+dfsg1-3) unstable; urgency=medium * Ship disabled systemd service file (Closes: #854985, #801886) diff --git a/debian/control b/debian/control index f15679b..bb44790 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: kodi Section: video Priority: optional Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintain...@lists.alioth.debian.org> -Uploaders: Balint Reczey <bal...@balintreczey.hu> +Uploaders: Balint Reczey <rbal...@ubuntu.com> Build-Depends: autoconf, automake, autopoint, @@ -140,6 +140,7 @@ Multi-Arch: foreign Depends: mesa-utils, x11-utils, fonts-noto-hinted, + fonts-noto-mono, fonts-roboto-hinted, libjs-jquery, libjs-iscroll, diff --git a/debian/patches/06-use-external-libraries.patch b/debian/patches/06-use-external-libraries.patch index 2f2952e..01953b0 100644 --- a/debian/patches/06-use-external-libraries.patch +++ b/debian/patches/06-use-external-libraries.patch @@ -15,7 +15,7 @@ Forwarded: not-needed all: $(BOOTSTRAP_TARGETS) --- a/configure.ac +++ b/configure.ac -@@ -2391,18 +2391,11 @@ +@@ -2392,18 +2392,11 @@ ], [0]) XB_CONFIG_MODULE([lib/gtest], [ diff --git a/debian/patches/10-dont-use-omitted-files.patch b/debian/patches/10-dont-use-omitted-files.patch index 4b018ac..ca1d57d 100644 --- a/debian/patches/10-dont-use-omitted-files.patch +++ b/debian/patches/10-dont-use-omitted-files.patch @@ -1,6 +1,6 @@ --- a/configure.ac +++ b/configure.ac -@@ -2203,7 +2203,6 @@ +@@ -2204,7 +2204,6 @@ tools/Linux/kodi-standalone.sh \ tools/Linux/kodi-xsession.desktop \ tools/EventClients/Makefile \ diff --git a/debian/patches/12-build-cpluff-pic-only.patch b/debian/patches/12-build-cpluff-pic-only.patch index 2668b4f..5b483f1 100644 --- a/debian/patches/12-build-cpluff-pic-only.patch +++ b/debian/patches/12-build-cpluff-pic-only.patch @@ -1,6 +1,6 @@ --- a/configure.ac +++ b/configure.ac -@@ -2385,7 +2385,7 @@ +@@ -2386,7 +2386,7 @@ --prefix="${prefix}" --includedir="${includedir}" --libdir="${libdir}" --datadir="${datadir}" \ --host=$host_alias \ --build=$build_alias \ diff --git a/debian/patches/14-ignore-test-results.patch b/debian/patches/14-ignore-test-results.patch index d180146..5dbbc20 100644 --- a/debian/patches/14-ignore-test-results.patch +++ b/debian/patches/14-ignore-test-results.patch @@ -1,6 +1,6 @@ --- a/Makefile.in +++ b/Makefile.in -@@ -611,7 +611,7 @@ +@@ -615,7 +615,7 @@ ifeq (1,@GTEST_CONFIGURED@) check: testsuite diff --git a/debian/patches/16-fix-alpha-build.patch b/debian/patches/16-fix-alpha-build.patch new file mode 100644 index 000..0acfb99 --- /dev/null +++ b/debian/patches/16-fix-alpha-build.patch @@ -0,0 +1,84 @@ +Description: Fix alpha build +Forwarded: not-needed +Author: Michael Cree <mc...@orcon.net.nz> +Bug: https://bugs.
Bug#859332: unblock: forked-daapd/24.2-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear Release Team, Please unblock latest forked-daapd in unstable. Changes: forked-daapd (24.2-2) unstable; urgency=medium . * Update my Uploader email address to my Ubuntu one * Install systemd service enabled by default (Closes: #858696) Cheers, Balint unblock: forked-daapd/24.2-2 -- Balint Reczey Debian & Ubuntu Developer diff -Nru forked-daapd-24.2/debian/changelog forked-daapd-24.2/debian/changelog --- forked-daapd-24.2/debian/changelog 2016-11-10 21:15:49.0 +0100 +++ forked-daapd-24.2/debian/changelog 2017-04-02 13:11:25.0 +0200 @@ -1,3 +1,10 @@ +forked-daapd (24.2-2) unstable; urgency=medium + + * Update my Uploader email address to my Ubuntu one + * Install systemd service enabled by default (Closes: #858696) + + -- Balint Reczey <rbal...@ubuntu.com> Sun, 02 Apr 2017 12:06:56 +0200 + forked-daapd (24.2-1) unstable; urgency=medium [ Espen Jürgensen ] diff -Nru forked-daapd-24.2/debian/control forked-daapd-24.2/debian/control --- forked-daapd-24.2/debian/control 2016-11-10 21:15:49.0 +0100 +++ forked-daapd-24.2/debian/control 2017-04-02 13:11:25.0 +0200 @@ -1,6 +1,6 @@ Source: forked-daapd Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintain...@lists.alioth.debian.org> -Uploaders: Balint Reczey <bal...@balintreczey.hu> +Uploaders: Balint Reczey <rbal...@ubuntu.com> Section: sound Priority: optional Build-Depends: debhelper (>= 9~), @@ -31,6 +31,7 @@ gperf, autotools-dev, dh-autoreconf, + dh-systemd, libcurl4-gnutls-dev Standards-Version: 3.9.8 Vcs-Browser: https://anonscm.debian.org/cgit/pkg-multimedia/forked-daapd.git diff -Nru forked-daapd-24.2/debian/rules forked-daapd-24.2/debian/rules --- forked-daapd-24.2/debian/rules 2016-11-10 21:15:49.0 +0100 +++ forked-daapd-24.2/debian/rules 2017-04-02 13:11:25.0 +0200 @@ -13,7 +13,7 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all %: - dh $@ --with autoreconf + dh $@ --with autoreconf --with systemd override_dh_auto_configure: dh_auto_configure -- --enable-lastfm --enable-mpd --enable-itunes --enable-chromecast --with-pulseaudio
Bug#857119: unblock: wireshark/2.2.5+g440fd4d-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Tags: patch Dear Release Team, I have prepared wireshark 2.2.5+g440fd4d-1 in experimental which fixes 9 vulnerabilities and other bugs which are not listed here, just on the release notes link. Changes: wireshark (2.2.5+g440fd4d-1) experimental; urgency=medium . * New upstream release - release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.2.5.html - security fixes: - The STANAG 4607 file parser could go into an infinite loop (CVE-2017-6014) - The NetScaler file parser could go into an infinite loop (CVE-2017-6467) - The NetScaler file parser could crash (CVE-2017-6468) - The LDSS dissector could crash (CVE-2017-6469) - The IAX2 dissector could go into an infinite loop (CVE-2017-6470) - The WSP dissector could go into an infinite loop (CVE-2017-6471) - The RTMTP dissector could go into an infinite loop (CVE-2017-6472) - The K12 file parser could crash (CVE-2017-6473) - The NetScaler file parser could go into an infinite loop (CVE-2017-6474) * Update symbols file for libwireshark8 I believe wireshark point releases very rarely cause regressions due to the heavy testing performed upstream and I think it would be safe to upload this point release to unstable and let it migrate to testing. If you wouldn't like to accept the full point release to Stretch I will happily backport the security fixes to 2.2.4 and upload that to unstable. Please find the patch in the following link because it was too big for inclusion in the email: https://people.debian.org/~rbalint/wireshark_2.2.5+g440fd4d-1.patch Please share your preference regarding the next upload. Cheers, Balint unblock wireshark/2.2.5+g440fd4d-2
Bug#855112: unblock: libevent/2.0.21-stable-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear Release Team, Please unblock latest libevent in unstable. Changes: libevent (2.0.21-stable-3) unstable; urgency=medium . * Fix three vulnerabilites (Closes: #854092): - DNS remote stack overread vulnerability (CVE-2016-10195) - (Stack) buffer overflow in evutil_parse_sockaddr_port() (CVE-2016-10196) - Out-of-bounds read in search_make_new() (CVE-2016-10197) * Add myself as an uploader * ACK NMU Cheers, Balint unblock libevent/2.0.21-stable-3 diff -Nru libevent-2.0.21-stable/debian/changelog libevent-2.0.21-stable/debian/changelog --- libevent-2.0.21-stable/debian/changelog 2016-11-03 08:43:46.0 +0100 +++ libevent-2.0.21-stable/debian/changelog 2017-02-12 21:45:49.0 +0100 @@ -1,3 +1,15 @@ +libevent (2.0.21-stable-3) unstable; urgency=medium + + * Fix three vulnerabilites (Closes: #854092): +- DNS remote stack overread vulnerability (CVE-2016-10195) +- (Stack) buffer overflow in evutil_parse_sockaddr_port() + (CVE-2016-10196) +- Out-of-bounds read in search_make_new() (CVE-2016-10197) + * Add myself as an uploader + * ACK NMU + + -- Balint Reczey <bal...@balintreczey.hu> Sun, 12 Feb 2017 21:43:18 +0100 + libevent (2.0.21-stable-2.1) unstable; urgency=medium [ Helmut Grohne ] diff -Nru libevent-2.0.21-stable/debian/control libevent-2.0.21-stable/debian/control --- libevent-2.0.21-stable/debian/control 2014-08-25 18:02:38.0 +0200 +++ libevent-2.0.21-stable/debian/control 2017-02-12 21:45:49.0 +0100 @@ -2,7 +2,8 @@ Section: libs Priority: optional Maintainer: Anibal Monsalve Salazar <ani...@debian.org> -Uploaders: Leo Costela <cost...@debian.org> +Uploaders: Leo Costela <cost...@debian.org>, + Balint Reczey <bal...@balintreczey.hu> Build-Depends: dpkg-dev (>= 1.16.1~), debhelper (>= 9), libssl-dev, dh-autoreconf Standards-Version: 3.9.3 Homepage: http://libevent.org/ diff -Nru libevent-2.0.21-stable/debian/patches/0001-evdns-fix-searching-empty-hostnames.patch libevent-2.0.21-stable/debian/patches/0001-evdns-fix-searching-empty-hostnames.patch --- libevent-2.0.21-stable/debian/patches/0001-evdns-fix-searching-empty-hostnames.patch 1970-01-01 01:00:00.0 +0100 +++ libevent-2.0.21-stable/debian/patches/0001-evdns-fix-searching-empty-hostnames.patch 2017-02-12 21:45:49.0 +0100 @@ -0,0 +1,65 @@ +From ec65c42052d95d2c23d1d837136d1cf1d9ecef9e Mon Sep 17 00:00:00 2001 +From: Azat Khuzhin <a3at.m...@gmail.com> +Date: Fri, 25 Mar 2016 00:33:47 +0300 +Subject: [PATCH] evdns: fix searching empty hostnames + +From #332: + Here follows a bug report by **Guido Vranken** via the _Tor bug bounty program_. Please credit Guido accordingly. + + ## Bug report + + The DNS code of Libevent contains this rather obvious OOB read: + + ```c + static char * + search_make_new(const struct search_state *const state, int n, const char *const base_name) { + const size_t base_len = strlen(base_name); + const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1; + ``` + + If the length of ```base_name``` is 0, then line 3125 reads 1 byte before the buffer. This will trigger a crash on ASAN-protected builds. + + To reproduce: + + Build libevent with ASAN: + ``` + $ CFLAGS='-fomit-frame-pointer -fsanitize=address' ./configure && make -j4 + ``` + Put the attached ```resolv.conf``` and ```poc.c``` in the source directory and then do: + + ``` + $ gcc -fsanitize=address -fomit-frame-pointer poc.c .libs/libevent.a + $ ./a.out + = + ==22201== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6006efdf at pc 0x4429da bp 0x7ffe1ed47300 sp 0x7ffe1ed472f8 + READ of size 1 at 0x6006efdf thread T0 + ``` + +P.S. we can add a check earlier, but since this is very uncommon, I didn't add it. + +Fixes: #332 +--- + evdns.c | 5 - + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/evdns.c b/evdns.c +index 905ff6b..e9dbc35 100644 +--- a/evdns.c b/evdns.c +@@ -3175,9 +3175,12 @@ search_set_from_hostname(struct evdns_base *base) { + static char * + search_make_new(const struct search_state *const state, int n, const char *const base_name) { + const size_t base_len = strlen(base_name); +- const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1; ++ char need_to_append_dot; + struct search_domain *dom; + ++ if (!base_len) return NULL; ++ need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1; ++ + for (dom = state->head; dom; dom = dom->next) { + if (!n--) { + /* this is the postfix we want */ +-- +2.1.4 + diff -Nru libevent-2.0.21-stable/debian/patches/0002-test-dns-regression-for-empty-hostname.patch libevent-2.0.21-stable/debian/patches/0002-test-dns-regression-for-empty-hostname.patch --- libeve
Bug#854910: unblock: ffmpeg/7:3.2.4-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear Release Team, The new FFmpeg upstream release contains bug fixes incuding fixes for security issues. I believe most non-security releated issues would deserve important severity, too. I would like to upload the new upstream release to unstable and ship it in Stretch, but I can also cherry-pick most fixes to the current package it this would be acceptable. Please share your opinion about the options. Cheers, Balint unblock ffmpeg/7:3.2.4-1 diff -Nru ffmpeg-3.2.2/Changelog ffmpeg-3.2.4/Changelog --- ffmpeg-3.2.2/Changelog 2016-12-06 00:28:58.0 +0100 +++ ffmpeg-3.2.4/Changelog 2017-02-10 14:25:37.0 +0100 @@ -1,6 +1,51 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +version 3.2.4: +- avcodec/h264_slice: Clear ref_counts on redundant slices +- lavf/mov.c: Avoid heap allocation wrap in mov_read_uuid +- lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr +- avcodec/pictordec: Fix logic error +- ffserver_config: Setup codecpar in add_codec() +- Changelog: fix typos + +version 3.2.3: +- avcodec/movtextdec: Fix decode_styl() cleanup +- lavf/matroskadec: fix is_keyframe for early Blocks +- configure: bump year +- avcodec/pngdec: Check trns more completely +- avcodec/interplayvideo: Move parameter change check up +- avcodec/dca_lbr: Fix off by 1 error in freq check +- avcodec/mjpegdec: Check for for the bitstream end in mjpeg_decode_scan_progressive_ac() +- pgssubdec: reset rle_data_len/rle_remaining_len on allocation error +- swscale: save ebx register when it is not available +- avformat/flacdec: Check avio_read result when reading flac block header. +- avcodec/utils: correct align value for interplay +- avcodec/vp56: Check for the bitstream end, pass error codes on +- avcodec/mjpegdec: Check remaining bitstream in ljpeg_decode_yuv_scan() +- avcodec/pngdec: Fix off by 1 size in decode_zbuf() +- libopenmpt: add missing avio_read return value check +- avcodec/bsf: Fix av_bsf_list_free() +- avcodec/omx: Do not pass negative value into av_malloc() +- avformat/avidec: skip odml master index chunks in avi_sync +- avcodec/mjpegdec: Check for rgb before flipping +- lavf/utils.c Protect against accessing entries[nb_entries] +- avutil/random_seed: Reduce the time needed on systems with very low precision clock() +- swscale/swscale: Fix dereference of stride array before null check +- avutil/random_seed: Improve get_generic_seed() with higher precision clock() +- avformat/mp3dec: fix msan warning when verifying mpa header +- avformat/utils: Print verbose error message if stream count exceeds max_streams +- avformat/options_table: Set the default maximum number of streams to 1000 +- lavf/chromaprint: Update for version 1.4 +- avutil: Add av_image_check_size2() +- avformat: Add max_streams option +- avcodec/ffv1enc: Allocate smaller packet if the worst case size cannot be allocated +- avcodec/mpeg4videodec: Fix undefined shifts in mpeg4_decode_sprite_trajectory() +- avformat/oggdec: Skip streams in duration correction that did not had their duration set. +- avcodec/ffv1enc: Fix size of first slice +- ffplay: fix sws_scale possible out of bounds array access +- avfilter/vf_hwupload_cuda: Add min/max limits for the 'device' option + version 3.2.2: - ffserver: Check chunk size - Avoid using the term "file" and prefer "url" in some docs and comments diff -Nru ffmpeg-3.2.2/configure ffmpeg-3.2.4/configure --- ffmpeg-3.2.2/configure 2016-12-06 00:28:58.0 +0100 +++ ffmpeg-3.2.4/configure 2017-02-10 14:25:25.0 +0100 @@ -6703,7 +6703,7 @@ #define FFMPEG_CONFIG_H #define FFMPEG_CONFIGURATION "$(c_escape $FFMPEG_CONFIGURATION)" #define FFMPEG_LICENSE "$(c_escape $license)" -#define CONFIG_THIS_YEAR 2016 +#define CONFIG_THIS_YEAR 2017 #define FFMPEG_DATADIR "$(eval c_escape $datadir)" #define AVCONV_DATADIR "$(eval c_escape $datadir)" #define CC_IDENT "$(c_escape ${cc_ident:-Unknown compiler})" diff -Nru ffmpeg-3.2.2/debian/changelog ffmpeg-3.2.4/debian/changelog --- ffmpeg-3.2.2/debian/changelog 2017-01-22 00:01:34.0 +0100 +++ ffmpeg-3.2.4/debian/changelog 2017-02-10 22:26:43.0 +0100 @@ -1,3 +1,14 @@ +ffmpeg (7:3.2.4-1) unstable; urgency=medium + + * Import new upstream bugfix release 3.2.4. + - Fixes CVE-2016-9561, CVE-2017-5024 and CVE-2017-5025. + * Drop patches, included upstream: + - lavf-chromaprint-Update-for-version-1.4.patch + - libopenmpt-add-missing-avio_read-return-value-check.patch + - swscale-save-ebx-register-when-it-is-not-available.patch + + -- Andreas CadhalpunFri, 10 Feb 2017 22:24:45 +0100 + ffmpeg (7:3.2.2-2) unstable; urgency=medium * Cherry-pick patches from upstream: diff -Nru ffmpeg-3.2.2/debian/patches/lavf-chromaprint-Update-for-version-1.4.patch
Bug#847490: unblock: ffmpeg/7:3.2.2-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-CC: pkg-multimedia-maintain...@lists.alioth.debian.org Please unblock package ffmpeg and please decrease the migration delay to 2 days. According to Andreas Cadhalpun ffmpeg maintainer it fixes the following security issues: 1: https://trac.ffmpeg.org/ticket/5992 2: https://trac.ffmpeg.org/ticket/5994 Please see the debdiff attached. Thanks, Balint unblock ffmpeg/7:3.2.2-1 diff -Nru ffmpeg-3.2.1/Changelog ffmpeg-3.2.2/Changelog --- ffmpeg-3.2.1/Changelog 2016-11-26 03:12:05.0 +0100 +++ ffmpeg-3.2.2/Changelog 2016-12-06 00:28:58.0 +0100 @@ -1,6 +1,26 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +version 3.2.2: +- ffserver: Check chunk size +- Avoid using the term "file" and prefer "url" in some docs and comments +- avformat/rtmppkt: Check for packet size mismatches +- zmqsend: Initialize ret to 0 +- avcodec/flacdec: Fix undefined shift in decode_subframe() +- avcodec/get_bits: Fix get_sbits_long(0) +- avformat/ffmdec: Check media type for chunks +- avcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed() +- avcodec/flacdsp_template: Fix undefined shift in flac_decorrelate_indep_c +- avformat/oggparsespeex: Check frames_per_packet and packet_size +- avformat/utils: Check start/end before computing duration in update_stream_timings() +- avcodec/flac_parser: Update nb_headers_buffered +- avformat/idroqdec: Check chunk_size for being too large +- avcodec/me_cmp: Fix median_sad size +- avformat/utils: Fix type mismatch +- configure: check for strtoull on msvc +- http: move chunk handling from http_read_stream() to http_buf_read(). +- http: make length/offset-related variables unsigned + version 3.2.1: - avcodec/aac_adtstoasc_bsf: validate and forward extradata if the stream is already ASC - mss2: only use error correction for matching block counts diff -Nru ffmpeg-3.2.1/configure ffmpeg-3.2.2/configure --- ffmpeg-3.2.1/configure 2016-11-26 03:12:05.0 +0100 +++ ffmpeg-3.2.2/configure 2016-12-06 00:28:58.0 +0100 @@ -6271,6 +6271,7 @@ EOF fi check_func strtoll || add_cflags -Dstrtoll=_strtoi64 +check_func strtoull || add_cflags -Dstrtoull=_strtoui64 # the new SSA optimzer in VS2015 U3 is mis-optimizing some parts of the code # this flag should be re-checked on newer compiler releases and put under a # version check once its fixed diff -Nru ffmpeg-3.2.1/debian/changelog ffmpeg-3.2.2/debian/changelog --- ffmpeg-3.2.1/debian/changelog 2016-11-27 02:27:33.0 +0100 +++ ffmpeg-3.2.2/debian/changelog 2016-12-06 23:59:13.0 +0100 @@ -1,3 +1,12 @@ +ffmpeg (7:3.2.2-1) unstable; urgency=medium + + * Import new upstream bugfix release 3.2.2. + * Fix log messages in autopkgtest. + * Enable frei0r on powerpcspe. + * Drop --disable-tesseract. + + -- Andreas Cadhalpun <andreas.cadhal...@googlemail.com> Tue, 06 Dec 2016 23:58:20 +0100 + ffmpeg (7:3.2.1-1) unstable; urgency=medium [ Balint Reczey ] diff -Nru ffmpeg-3.2.1/debian/control ffmpeg-3.2.2/debian/control --- ffmpeg-3.2.1/debian/control 2016-11-27 02:27:33.0 +0100 +++ ffmpeg-3.2.2/debian/control 2016-12-06 23:59:13.0 +0100 @@ -25,7 +25,7 @@ # --enable-libflite flite1-dev, # --enable-frei0r - frei0r-plugins-dev [!powerpcspe] , + frei0r-plugins-dev , # --enable-ladspa ladspa-sdk, # --enable-libass diff -Nru ffmpeg-3.2.1/debian/rules ffmpeg-3.2.2/debian/rules --- ffmpeg-3.2.1/debian/rules 2016-11-27 02:27:33.0 +0100 +++ ffmpeg-3.2.2/debian/rules 2016-12-06 23:59:13.0 +0100 @@ -47,7 +47,6 @@ --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \ --incdir=/usr/include/$(DEB_HOST_MULTIARCH) \ --enable-gpl \ - --disable-libtesseract \ --disable-stripping \ --enable-avresample \ --enable-avisynth \ @@ -142,10 +141,10 @@ --disable-libopencv \ --disable-libx264 else - CONFIG += --enable-libopencv + CONFIG += --enable-libopencv \ + --enable-frei0r ifeq (,$(filter $(DEB_HOST_ARCH),powerpcspe)) - CONFIG += --enable-frei0r \ - --enable-libx264 + CONFIG += --enable-libx264 endif ifeq (,$(filter $(DEB_HOST_ARCH),sh4)) CONFIG += --enable-chromaprint diff -Nru ffmpeg-3.2.1/debian/tests/encdec ffmpeg-3.2.2/debian/tests/encdec --- ffmpeg-3.2.1/debian/tests/encdec 2016-11-27 02:27:33.0 +0100 +++ ffmpeg-3.2.2/debian/tests/encdec 2016-12-06 23:59:13.0 +0100 @@ -313,7 +313,7 @@ else failures="${failures}${errmsg}\n" fi -echo -e "FAILED: $errmsg\n\n" +echo -e "\nFAILED: $errmsg\n\n" continue fi ret=0 @@ -326,7 +326,7 @@ else failures="${failures}${errmsg}\n" fi -echo -e "FAILED: $errmsg\n\n" +echo -e "\nFAILED: $er
Re: Porter roll call for Debian Stretch
On 08/22/2016 07:12 PM, Bálint Réczey wrote: > Hi Guillem, > > 2016-08-21 14:02 GMT+02:00 Guillem Jover: >> Hi! >> >> On Sun, 2016-08-21 at 10:24:42 +0200, Bálint Réczey wrote: >>> I'm testing a set of patches [2] for gcc and dpkg which enable bindnow for >>> all >>> arches and PIE for amd64, ppc64el and s390x in sync with Ubuntu. >>> >>> My assumption was that this set of architectures need the least amount of >>> additional work since they are tested already in Ubuntu, but I would be >>> happy >>> if more ports would opt in for PIE. >>> >>> I plan filing wishlist bugs against dpkg and gcc with the patches >>> after I rebuilt a >>> few packages with the defaults. >> >> TBH I think PIE should in fact be safer to enable globally than >> bindnow, because the latter changes the run-time behavior and things >> might break (perhaps even silently) when failing to load plugins >> or similar. > > Yes, in that sense enabling PIE is safer indeed. Regarding bindnow > I don't expect too many surprises either, since other distributions > already tested enabling bindnow and probably they found > most issues. > >> >> From dpkg PoV enabling both, would at least require a full-archive >> rebuild, for bindnow ideally also a full autopkgtest run (as the >> updated dpkg FAQ states now, after Lucas Nussbaum approached me some >> weeks ago mentioning he was willing to do such archive-wide rebuild). > > The patches at [2] seem to work well and since you expressed that you would > prefer changing both toolchain and dpkg, too, I would like to suggest running > the rebuild with those patches. > > I think Matthias would be OK with the patch since it is very small and brings > Debian's gcc closer to Ubuntu's. > > Lucas, could you please run the rebuild with the three patches? > > I'll attach the patches to the bug reports. For the record I have opened #835146, #835148 and #835149 against dpkg and gcc-6 with the patches. > > [2] https://people.debian.org/~rbalint/ppa/pie-bindnow/ >
Bug#833145: RM: libcec-platform -- ROM;obsolete; FTBFS, RC-buggy
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Hi, Please remove libcec-platform from unstable. The source package has been replaced by p8-platform. All reverse dependencies have migrated to p8-platform's binary packages. Thanks, Balint
Bug#829650: jessie-pu: package ruby-eventmachine/1.0.3-6+deb8u1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Dear Release Team, The Security Team suggested fixing the TEMP-0678512-2E167C [1] security issue through a point release. The issue is a remotely triggerable crash due to stack overflow. Please see the debdiff attached. The fix for Wheezy which is very similar was discussed [2] on the Wheezy LTS list. Cheers, Balint [1] https://security-tracker.debian.org/tracker/TEMP-0678512-2E167C [2] https://lists.debian.org/debian-lts/2016/06/msg00141.html diff -Nru ruby-eventmachine-1.0.3/debian/changelog ruby-eventmachine-1.0.3/debian/changelog --- ruby-eventmachine-1.0.3/debian/changelog 2014-04-07 00:34:46.0 +0200 +++ ruby-eventmachine-1.0.3/debian/changelog 2016-07-04 22:00:03.0 +0200 @@ -1,3 +1,12 @@ +ruby-eventmachine (1.0.3-6+deb8u1) stable; urgency=medium + + * Team upload + * Fix remotely triggerable crash due to FD handling +(Closes: #678512, #696015) + * Fix memory leak caused when fixing crash + + -- Balint Reczey <bal...@balintreczey.hu> Mon, 04 Jul 2016 21:48:06 +0200 + ruby-eventmachine (1.0.3-6) unstable; urgency=low * Bump gem2deb build dependency to 0.7.5~ diff -Nru ruby-eventmachine-1.0.3/debian/patches/0001-use-ruby-select-api-with-expandable-fd-sets.patch ruby-eventmachine-1.0.3/debian/patches/0001-use-ruby-select-api-with-expandable-fd-sets.patch --- ruby-eventmachine-1.0.3/debian/patches/0001-use-ruby-select-api-with-expandable-fd-sets.patch 1970-01-01 01:00:00.0 +0100 +++ ruby-eventmachine-1.0.3/debian/patches/0001-use-ruby-select-api-with-expandable-fd-sets.patch 2016-07-04 22:00:03.0 +0200 @@ -0,0 +1,217 @@ +From eab3baaba75c8c9e549aea54d3b356ab287a57b0 Mon Sep 17 00:00:00 2001 +From: Patrick Reynolds <patrick.reyno...@github.com> +Date: Tue, 11 Mar 2014 16:01:25 -0500 +Subject: [PATCH 1/3] use ruby select api with expandable fd sets + +Conflicts: + ext/em.h +--- + ext/em.cpp | 54 +- + ext/em.h | 10 +- + tests/test_many_fds.rb | 22 + 3 files changed, 54 insertions(+), 32 deletions(-) + create mode 100644 tests/test_many_fds.rb + +diff --git a/ext/em.cpp b/ext/em.cpp +index 670da31..6a3a2ef 100644 +--- a/ext/em.cpp b/ext/em.cpp +@@ -524,12 +524,12 @@ void EventMachine_t::_RunEpollOnce() + #ifdef HAVE_RB_WAIT_FOR_SINGLE_FD + if ((ret = rb_wait_for_single_fd(epfd, RB_WAITFD_IN|RB_WAITFD_PRI, )) < 1) { + #else +- fd_set fdreads; ++ rb_fdset_t fdreads; + +- FD_ZERO(); +- FD_SET(epfd, ); ++ rb_fd_init(); ++ rb_fd_set(epfd, ); + +- if ((ret = rb_thread_select(epfd + 1, , NULL, NULL, )) < 1) { ++ if ((ret = rb_thread_fd_select(epfd + 1, , NULL, NULL, )) < 1) { + #endif + if (ret == -1) { + assert(errno != EINVAL); +@@ -601,12 +601,12 @@ void EventMachine_t::_RunKqueueOnce() + #ifdef HAVE_RB_WAIT_FOR_SINGLE_FD + if ((ret = rb_wait_for_single_fd(kqfd, RB_WAITFD_IN|RB_WAITFD_PRI, )) < 1) { + #else +- fd_set fdreads; ++ rb_fdset_t fdreads; + +- FD_ZERO(); +- FD_SET(kqfd, ); ++ rb_fd_init(); ++ rb_fd_set(kqfd, ); + +- if ((ret = rb_thread_select(kqfd + 1, , NULL, NULL, )) < 1) { ++ if ((ret = rb_thread_fd_select(kqfd + 1, , NULL, NULL, )) < 1) { + #endif + if (ret == -1) { + assert(errno != EINVAL); +@@ -792,9 +792,9 @@ SelectData_t::SelectData_t + SelectData_t::SelectData_t() + { + maxsocket = 0; +- FD_ZERO (); +- FD_ZERO (); +- FD_ZERO (); ++ rb_fd_init (); ++ rb_fd_init (); ++ rb_fd_init (); + } + + +@@ -807,7 +807,7 @@ _SelectDataSelect + static VALUE _SelectDataSelect (void *v) + { + SelectData_t *sd = (SelectData_t*)v; +- sd->nSockets = select (sd->maxsocket+1, &(sd->fdreads), &(sd->fdwrites), &(sd->fderrors), &(sd->tv)); ++ sd->nSockets = rb_fd_select (sd->maxsocket+1, &(sd->fdreads), &(sd->fdwrites), &(sd->fderrors), &(sd->tv)); + return Qnil; + } + #endif +@@ -848,9 +848,9 @@ void EventMachine_t::_RunSelectOnce() + + SelectData_t SelectData; + /* +- fd_set fdreads, fdwrites; +- FD_ZERO (); +- FD_ZERO (); ++ rb_fdset_t fdreads, fdwrites; ++ rb_fd_init (); ++ rb_fd_init (); + + int maxsocket = 0; + */ +@@ -860,7 +860,7 @@ void EventMachine_t::_RunSelectOnce() + // running on localhost with a randomly-chosen port. (*Puke*) + // Windows has a version of the Unix pipe() library function, but it doesn't + // give you back descriptors that are selectable. +- FD_SET (LoopBreakerReader, &(SelectData.fdreads)); ++ rb_fd_set (LoopBreakerReader, &(SelectData.fdreads)); + if (SelectData.maxsocket < LoopBreakerReader) + SelectData.maxsocket = LoopBreakerReader; + +@@ -875,15 +875,15 @@ void EventMachine_t::_RunSelectOnce() + assert (sd != INVALID_SOCKET); + + if (ed->SelectForRead()) +- FD_SET (sd, &(SelectData.fdreads)); ++ rb_fd_set (sd, &(SelectData.fdre
Bug#795002: nmu: motion
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Dear Release Team, Motion seems to be built in an outdated chroot for the upload. Please rebuild it to use the latest version of libav.*-dev packages which are now built from ffmpeg. nmu motion_3.2.12+git20140228-6 . amd64 . unstable . -m Rebuild against ffmpeg Cheers, Balint signature.asc Description: OpenPGP digital signature
Bug#771804: unblock: xbmc/2:13.2+dfsg1-4
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Severity: normal Dear Release Team, Please unblock xbmc to let it migrate to Jessie. The update contains only two fixes for important bugs and one minor source cleaning change which does not affect the built binaries: Changes: xbmc (2:13.2+dfsg1-4) unstable; urgency=medium . * Version check is now removed from source, no need to remove it during the build * Fix suspend/hibernate with upower = 0.99.1 (Closes: #767161) * Fix random failure in playing video using VDPAU (Closes: #742896) Thanks: Balint diff -Nru xbmc-13.2+dfsg1/debian/changelog xbmc-13.2+dfsg1/debian/changelog --- xbmc-13.2+dfsg1/debian/changelog2014-10-25 00:40:28.0 +0200 +++ xbmc-13.2+dfsg1/debian/changelog2014-11-08 00:05:40.0 +0100 @@ -1,3 +1,11 @@ +xbmc (2:13.2+dfsg1-4) unstable; urgency=medium + + * Version check is now removed from source, no need to remove it during the build + * Fix suspend/hibernate with upower = 0.99.1 (Closes: #767161) + * Fix random failure in playing video using VDPAU (Closes: #742896) + + -- Balint Reczey bal...@balintreczey.hu Fri, 07 Nov 2014 23:52:10 +0100 + xbmc (2:13.2+dfsg1-3) unstable; urgency=medium [ Balint Reczey ] diff -Nru xbmc-13.2+dfsg1/debian/patches/0017-libav-Fix-uninitialized-read.patch xbmc-13.2+dfsg1/debian/patches/0017-libav-Fix-uninitialized-read.patch --- xbmc-13.2+dfsg1/debian/patches/0017-libav-Fix-uninitialized-read.patch 1970-01-01 01:00:00.0 +0100 +++ xbmc-13.2+dfsg1/debian/patches/0017-libav-Fix-uninitialized-read.patch 2014-11-08 00:05:40.0 +0100 @@ -0,0 +1,26 @@ +From 414522d5049a230e71a2c2fef45a6b525d6a9803 Mon Sep 17 00:00:00 2001 +From: Anton Khirnov an...@khirnov.net +Date: Sun, 26 Oct 2014 18:29:48 +0100 +Subject: [PATCH] Fix uninitialized read. + +--- + xbmc/cores/dvdplayer/DVDCodecs/Video/VDPAU.cpp | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/xbmc/cores/dvdplayer/DVDCodecs/Video/VDPAU.cpp b/xbmc/cores/dvdplayer/DVDCodecs/Video/VDPAU.cpp +index 932985a..9d90a9c 100644 +--- a/xbmc/cores/dvdplayer/DVDCodecs/Video/VDPAU.cpp b/xbmc/cores/dvdplayer/DVDCodecs/Video/VDPAU.cpp +@@ -1095,9 +1095,6 @@ int CDecoder::Decode(AVCodecContext *avctx, AVFrame *pFrame) + + CSingleLock lock(m_DecoderSection); + +- if (m_DecoderError pFrame) +-return VC_ERROR; +- + if (!m_vdpauConfigured) + return VC_ERROR; + +-- +2.0.0.rc2 + diff -Nru xbmc-13.2+dfsg1/debian/patches/0018-linux-Check-for-Logind-first-then-Kit-s-with-UPower-.patch xbmc-13.2+dfsg1/debian/patches/0018-linux-Check-for-Logind-first-then-Kit-s-with-UPower-.patch --- xbmc-13.2+dfsg1/debian/patches/0018-linux-Check-for-Logind-first-then-Kit-s-with-UPower-.patch 1970-01-01 01:00:00.0 +0100 +++ xbmc-13.2+dfsg1/debian/patches/0018-linux-Check-for-Logind-first-then-Kit-s-with-UPower-.patch 2014-11-08 00:05:40.0 +0100 @@ -0,0 +1,30 @@ +From c6ae8568b99785465d1461c8878cdee08ff44eae Mon Sep 17 00:00:00 2001 +From: Balint Reczey bal...@balintreczey.hu +Date: Tue, 4 Nov 2014 00:13:21 +0100 +Subject: [PATCH] linux: Check for Logind first, then *Kit-s with UPower when + detecting PM framework + +Logind is the most likely candidate to work nowadays and latest UPower does +not provide suspend/hibernate API. +--- + xbmc/powermanagement/PowerManager.cpp | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/xbmc/powermanagement/PowerManager.cpp b/xbmc/powermanagement/PowerManager.cpp +@@ -78,12 +78,12 @@ + m_instance = new CAndroidPowerSyscall(); + #elif defined(TARGET_POSIX) + #if defined(HAS_DBUS) +- if (CConsoleUPowerSyscall::HasConsoleKitAndUPower()) ++ if (CLogindUPowerSyscall::HasLogind()) ++m_instance = new CLogindUPowerSyscall(); ++ else if (CConsoleUPowerSyscall::HasConsoleKitAndUPower()) + m_instance = new CConsoleUPowerSyscall(); + else if (CConsoleDeviceKitPowerSyscall::HasDeviceConsoleKit()) + m_instance = new CConsoleDeviceKitPowerSyscall(); +- else if (CLogindUPowerSyscall::HasLogind()) +-m_instance = new CLogindUPowerSyscall(); + else if (CUPowerSyscall::HasUPower()) + m_instance = new CUPowerSyscall(); + #if defined(HAS_HAL) diff -Nru xbmc-13.2+dfsg1/debian/patches/series xbmc-13.2+dfsg1/debian/patches/series --- xbmc-13.2+dfsg1/debian/patches/series 2014-10-25 00:40:28.0 +0200 +++ xbmc-13.2+dfsg1/debian/patches/series 2014-11-08 00:05:40.0 +0100 @@ -11,6 +11,8 @@ 0013-mips-Add-configure-option-for-mips-and-mipsel.patch 0014-mips-Don-t-use-ASM-round-and-truncate-on-MIPS.patch 0016-mips-Fix-build-with-using-OpenGL-rendering.patch +0017-libav-Fix-uninitialized-read.patch +0018-linux-Check-for-Logind-first-then-Kit-s-with-UPower-.patch 03-privacy.patch 04-differentiate-from-vanilla-XBMC.patch 05-Fix-GLES-with-X11.patch @@ -19,3 +21,4 @@ 08-armel.patch 09-use-correct-ftgl.h 11-fix-vdpau-include.patch
Bug#770879: unblock: meld/3.12.1-2
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Severity: normal Dear Release Team, Please unblock meld to let it migrate to Jessie. The update contains only a single fix for a regression compared to Wheezy-s version. Changes: meld (3.12.1-2) unstable; urgency=medium . * Fix SIGINT handling by cherry-picking patch from upstream (Closes: #768180) Thanks: Balint diff -Nru meld-3.12.1/debian/changelog meld-3.12.1/debian/changelog --- meld-3.12.1/debian/changelog 2014-10-28 00:46:24.0 +0100 +++ meld-3.12.1/debian/changelog 2014-11-14 22:26:00.0 +0100 @@ -1,3 +1,10 @@ +meld (3.12.1-2) unstable; urgency=medium + + * Fix SIGINT handling by cherry-picking patch from upstream +(Closes: #768180) + + -- Balint Reczey bal...@balintreczey.hu Tue, 28 Oct 2014 00:52:16 +0100 + meld (3.12.1-1) unstable; urgency=medium * New upstream release diff -Nru meld-3.12.1/debian/patches/0002-bin-meld-Hook-SIGINT-using-GLib-instead-of-Python-fo.patch meld-3.12.1/debian/patches/0002-bin-meld-Hook-SIGINT-using-GLib-instead-of-Python-fo.patch --- meld-3.12.1/debian/patches/0002-bin-meld-Hook-SIGINT-using-GLib-instead-of-Python-fo.patch 1970-01-01 01:00:00.0 +0100 +++ meld-3.12.1/debian/patches/0002-bin-meld-Hook-SIGINT-using-GLib-instead-of-Python-fo.patch 2014-11-24 22:17:28.0 +0100 @@ -0,0 +1,42 @@ +From 74e15dda8536b1b381e91496527ead06c3182c35 Mon Sep 17 00:00:00 2001 +From: Kai Willadsen kai.willad...@gmail.com +Date: Sat, 22 Nov 2014 08:07:16 +1000 +Subject: [PATCH] bin/meld: Hook SIGINT using GLib instead of Python for + instant quitting + +The previous solution worked, but waited until the window got focus, +repainted or we otherwise ran the event loop, which was weird. This +just works straight away. +--- + bin/meld | 7 +-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/bin/meld b/bin/meld +@@ -21,6 +21,7 @@ + import locale + import logging + import os ++import signal + import subprocess + import sys + +@@ -130,7 +131,7 @@ + + pyver = (2, 7) + gtk_requirement = (3, 6) +-glib_requirement = (2, 34, 0) ++glib_requirement = (2, 36, 0) + gtksourceview_requirement = (3, 6, 0) + + def missing_reqs(mod, ver, exception=None): +@@ -243,5 +244,9 @@ + setup_resources() + + import meld.meldapp ++if sys.platform != 'win32': ++from gi.repository import GLib ++GLib.unix_signal_add(GLib.PRIORITY_DEFAULT, signal.SIGINT, ++ lambda *args: meld.meldapp.app.quit(), None) + status = meld.meldapp.app.run(sys.argv) + sys.exit(status) diff -Nru meld-3.12.1/debian/patches/series meld-3.12.1/debian/patches/series --- meld-3.12.1/debian/patches/series 2014-10-27 10:13:21.0 +0100 +++ meld-3.12.1/debian/patches/series 2014-11-24 22:13:33.0 +0100 @@ -1,2 +1,3 @@ 01_skip_compile_schema_and_icon_cache_update.patch 0001-meld.vc.svn-Make-repository-validity-check-relative-.patch +0002-bin-meld-Hook-SIGINT-using-GLib-instead-of-Python-fo.patch
Re: Bug#607969: sqlite: Still useful?
Hi, On Mon, 4 Aug 2014 20:08:21 +0100 Manuel A. Fernandez Montecelo manuel.montez...@gmail.com wrote: Control: severity -1 serious Hi, I stumbled upon this bug by chance when looking at why it did not compile in some new ports. Raising severity so at the very least it gets auto-removed from testing and thus it does not get included in the next stable release (it already was included in the last, despite opinions in this bug about the contrary). I guess that it's better to just ask FTP masters to remove the package, but I'll leave that to other people, since they were interested in doing that in the past (all in copy now). Filing bugs against reverse dependencies to migrate to sqlite 3 would be a better start IMO. Probably it is too late to convert everything for Jessie: $ apt-cache rdepends sqlite sqlite Reverse Depends: phpbb3 |movabletype-opensource sqlite:i386 sqlite-doc qsf phpbb3 lire imms-common csync2 beancounter Dear Release Team, should this package be released with Jessie? Cheers, Balint -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5450b46c.9050...@balintreczey.hu
Re: Bug#607969: sqlite: Still useful?
Hi Laszlo, On Wed, 29 Oct 2014 10:52:02 +0100 =?UTF-8?B?TMOhc3psw7MgQsO2c3rDtnJtw6lueWkgKEdDUyk=?= g...@debian.org wrote: On Wed, Oct 29, 2014 at 10:33 AM, Balint Reczey bal...@balintreczey.hu wrote: On Mon, 4 Aug 2014 20:08:21 +0100 Manuel A. Fernandez Montecelo manuel.montez...@gmail.com wrote: I stumbled upon this bug by chance when looking at why it did not compile in some new ports. It should compile on all of them by now. The buildd archive shows that arm64 and ppc64el are fine, even mips and sparc. I guess that it's better to just ask FTP masters to remove the package, but I'll leave that to other people, since they were interested in doing that in the past (all in copy now). Yes, I was about to ask its removal as upstream no longer supports it. But it works correctly and I got personal mails that they would still use it on low-end (embedded?) machines where sqlite3 would require more CPU and/or memory. In this case I think this bug could be simply closed by answering the question (Yes.). :-) Having reverse dependencies is actually useful to keep the code tested. Cheers, Balint -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/545123ad.1030...@balintreczey.hu
Re: Bug#763148: Prevent migration to jessie
Dear Security and Release Teams, On Sun, 05 Oct 2014 23:23:07 +0200 Andreas Cadhalpun andreas.cadhal...@googlemail.com wrote: Hi Andreas, On 05.10.2014 22:54, Andreas Barth wrote: * Andreas Cadhalpun (andreas.cadhal...@googlemail.com) [141005 22:36]: That's because the last message from a release team member in this bug said [1]: 'However (and please note that I'm not a member of the security team and just speak for myself here as always when not otherwise marked) if As I said, I was just speaking for myself. That I might be at other times speaking as a member of the release team doesn't make it an opinion of the release team. For the release team opinion on this topic seen Cyrils mails. Also, the re-evaluation happened. It however didn't had the outcome you wanted (basically because the web browser needs so many security updates which only could be done by backporting all of it that the embedded copy doesn't make any difference - this is an exceptional thing which does happen but not very often. I can understand it, and of course it's the call of the security team how to ensure that Debian has security updates. I hadn't know that at the time I though about the possibility, otherwise I would have already achived at that moment at the conclusion). Conclusion: Though I'm usually an optimistic person how to get things achived, I don't see any way left how at this late time it's possible to ship with ffmpeg in jessie. I'm sorry but we have to face the facts. Independend if we like them or not (and I can fully understand that you don't like them, but it's no good pretending facts are different than they are). Sorry. Thanks for explaining. It's sad that it isn't possible to have FFmpeg in jessie, but hopefully it'll be in jessie+1. Could you please confirm that bug will be closed and FFmpeg will be let migrating to testing after Jessie's release no matter if Libav is still present there? The current packaging of FFmpeg lets it to co-exist with Libav and the next release cycle could be used to test it more extensively. Cheers, Balint -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5442825b.9070...@balintreczey.hu
Please bump urgency for xbmc and xbmc-pvr-addons
Dear Release Team, Could you please bump urgency of xbmc and xbmc-pvr-addons to medium to let them migrate to testing faster before I upload the next major version? Thanks, Balint -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53708496.8010...@balintreczey.hu
Please bump urgency for xbmc and xbmc-pvr-addons
Dear Release Team, Could you please bump urgency of xbmc and xbmc-pvr-addons to medium to let them migrate to testing faster before I upload the next major version? Thanks, Balint signature.asc Description: OpenPGP digital signature
Bug#703125: tpu: wireshark/1.8.2-5wheezy1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: tpu Hi, I would like to upload wireshark/1.8.2-5wheezy1 to testing-proposed-updates to fix open security issues in wheezy. It would have the same content as wireshark/1.8.2-5 just bumping the changelog. Currently 1.8.2-2 is in testing and 1.8.6-1 is in unstable. Originally I wanted to let 1.8.2-5 migrate to wheezy, but I have uploaded 1.8.6-1 to unstable (instead of experimental) accidentally which prevents the migration. Thanks, Balint signature.asc Description: OpenPGP digital signature