Re: reason for removal of zeroc-ice on armhf and arm64.

2023-02-22 Thread Chris Knadle 

Greetings.

I'd like to know the status of mumble-server on armhf and arm64 and whether it 
can be restored for those architectures, because mumble server is commonly run 
on that hardware and is one one of the base expected programs for the FreedomBox 
project which has a number of hardware targets for armhf and arm64.


   https://freedombox.org/

If there's a way I can help let me know, and please keep me in the loop if 
feasible.

Thanks
   -- Chris

--
Chris Knadle
chris.kna...@coredump.us
(maintainer of mumble in Debian)

Adrian Bunk:

On Tue, Feb 14, 2023 at 11:56:40AM +, Peter Green wrote:

I recently became aware that mumble's build-dependencies were no longer
satisfiable on armhf due to a missing zeroc-ice. I looked at the build
logs for zeroc-ice and all were green. So I looked at the removal log
and found the following.


[Date: Sun, 12 Feb 2023 17:56:51 -] [ftpmaster: Scott Kitterman]
Removed the following packages from unstable:

libzeroc-ice-dev |  3.7.8-2.1 | arm64, armhf
libzeroc-ice3.7 |  3.7.8-2.1 | arm64, armhf
libzeroc-icestorm3.7 |  3.7.8-2.1 | arm64, armhf
mumble-server |1.3.4-4 | arm64, armhf
php-zeroc-ice |  3.7.8-2.1 | arm64, armhf
python3-zeroc-ice |  3.7.8-2.1 | arm64, armhf
zeroc-glacier2 |  3.7.8-2.1 | arm64, armhf
zeroc-ice-compilers |  3.7.8-2.1 | arm64, armhf
zeroc-ice-utils |  3.7.8-2.1 | arm64, armhf
zeroc-icebox |  3.7.8-2.1 | arm64, armhf
zeroc-icebridge |  3.7.8-2.1 | arm64, armhf
zeroc-icegrid |  3.7.8-2.1 | arm64, armhf
zeroc-icepatch2 |  3.7.8-2.1 | arm64, armhf
Closed bugs: 1031160

--- Reason ---
RoQA; openjfx no longer builds on arm64 and armhf, build-depends not available


This strikes me as strange in a couple of ways.

1. The only relationships of zeroc-ice to openjfx are in build-depends-indep
and in the binary dependencies of an arch all package. Afaict it is 
perfectly
normal for build-depends-indep and the binary dependencies of arch all
packages to only be satisfiable on a subset of the architectures where
2. Only one of the two binaries from the mumble source package was removed.

Was this removal just a mistake? or was there a reason behind it that I am not
seeing?


As requestor of #1031160 I would say this was a mistake,
perhaps due to

https://tracker.debian.org/pkg/openjfx
Issues preventing migration:
∙ ∙ removing openjfx/11.0.11+0-1.1/arm64 from testing makes 
beast2-mcmc/2.7.3+dfsg-1/arm64 uninstallable
∙ ∙ removing openjfx/11.0.11+0-1.1/arm64 from testing makes 
josm/0.0.svn18646+dfsg-1/arm64 uninstallable
∙ ∙ removing openjfx/11.0.11+0-1.1/arm64 from testing makes 
pdfsam/4.3.4-1/arm64 uninstallable

This will require a hint from the release team I have not yet requested,
since installability of binary-all packages is tested on amd64 and arm64
but there is no requirement that a binary-all package is installable on
arm64 and several are not.[1]

cu
Adrian

[1] https://release.debian.org/britney/testing_uninst.txt

Bug#987859: buster-pu: package mumble/1.3.0~git20190125.440b173+dfsg-2

2021-04-30 Thread Chris Knadle 

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Greetings.

Attached is a debdiff for mumble to fix CVE-2021-27229 in Buster marked no-dsa
by the security team, bug #982904.

As the upload to buster-proposed-updates only contains one patch and a
changelog entry (the same patch used for mumble in Sid), I'm going to go
ahead and do the upload as suggested in Debian Developers Reference §5.5.1
paragraph 3.

  -- Chris

--
Chris Knadle
chris.kna...@coredump.us
diff -Nru mumble-1.3.0~git20190125.440b173+dfsg/debian/changelog 
mumble-1.3.0~git20190125.440b173+dfsg/debian/changelog
--- mumble-1.3.0~git20190125.440b173+dfsg/debian/changelog  2019-02-28 
16:36:21.0 +
+++ mumble-1.3.0~git20190125.440b173+dfsg/debian/changelog  2021-04-30 
22:24:25.0 +
@@ -1,3 +1,16 @@
+mumble (1.3.0~git20190125.440b173+dfsg-2+deb10u1) buster; urgency=medium
+
+  * debian/patches:
+- Add 67-only-http-https-URLs-in-Connect.diff to fix CVE-2021-27229
+  "Mumble before 1.3.4 allows remote code execution if a victim navigates
+   to a crafted URL on a server list and clicks on the Open Webpage text."
+  This patch only allows "http"/"https" URLs in ConnectDialog
+  (Closes: #982904)
+  Thanks to Salvatore Bonaccorso  for reporting the bug
+  and giving links to the fix.
+
+ -- Christopher Knadle   Fri, 30 Apr 2021 22:24:25 
+
+
 mumble (1.3.0~git20190125.440b173+dfsg-2) unstable; urgency=medium
 
   * debian/patches:
diff -Nru 
mumble-1.3.0~git20190125.440b173+dfsg/debian/patches/67-only-http-https-URLs-in-Connect.diff
 
mumble-1.3.0~git20190125.440b173+dfsg/debian/patches/67-only-http-https-URLs-in-Connect.diff
--- 
mumble-1.3.0~git20190125.440b173+dfsg/debian/patches/67-only-http-https-URLs-in-Connect.diff
1970-01-01 00:00:00.0 +
+++ 
mumble-1.3.0~git20190125.440b173+dfsg/debian/patches/67-only-http-https-URLs-in-Connect.diff
2021-03-04 08:44:10.0 +
@@ -0,0 +1,61 @@
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982904
+Last-Updated: 2021-03-04
+From e59ee87abe249f345908c7d568f6879d16bfd648 Mon Sep 17 00:00:00 2001
+From: Davide Beatrici 
+Date: Fri, 5 Feb 2021 20:01:04 +0100
+Subject: [PATCH] FIX(client): Only allow "http"/"https" for URLs in
+ ConnectDialog
+
+Our public server list registration script doesn't have an URL scheme
+whitelist for the website field.
+
+Turns out a malicious server can register itself with a dangerous URL in
+an attempt to attack a user's machine.
+
+User interaction is required, as the URL has to be opened by
+right-clicking on the server entry and clicking on "Open Webpage".
+
+This commit introduces a client-side whitelist, which only allows "http"
+and "https" schemes. We will also implement it in our public list.
+
+In future we should probably add a warning QMessageBox informing the
+user that there's no guarantee the URL is safe (regardless of the
+scheme).
+
+Thanks a lot to https://positive.security for reporting the RCE
+vulnerability to us privately.
+---
+ src/mumble/ConnectDialog.cpp | 20 +---
+ 1 file changed, 17 insertions(+), 3 deletions(-)
+
+--- a/src/mumble/ConnectDialog.cpp
 b/src/mumble/ConnectDialog.cpp
+@@ -1259,11 +1259,25 @@
+ }
+ 
+ void ConnectDialog::on_qaUrl_triggered() {
+-  ServerItem *si = static_cast(qtwServers->currentItem());
+-  if (! si || si->qsUrl.isEmpty())
++  auto *si = static_cast< const ServerItem * >(qtwServers->currentItem());
++  if (!si || si->qsUrl.isEmpty()) {
+   return;
++  }
+ 
+-  QDesktopServices::openUrl(QUrl(si->qsUrl));
++  const QStringList allowedSchemes = { QLatin1String("http"), 
QLatin1String("https") };
++
++  const auto url = QUrl(si->qsUrl);
++  if (allowedSchemes.contains(url.scheme())) {
++  QDesktopServices::openUrl(url);
++  } else {
++  // Inform user that the requested URL has been blocked
++  QMessageBox msgBox;
++  msgBox.setText(QObject::tr("Blocked URL scheme 
\"%1\"").arg(url.scheme()));
++  msgBox.setInformativeText(QObject::tr("The URL uses a scheme 
that has been blocked for security reasons."));
++  msgBox.setDetailedText(QObject::tr("Blocked URL: 
\"%1\"").arg(url.toString()));
++  msgBox.setIcon(QMessageBox::Warning);
++  msgBox.exec();
++  }
+ }
+ 
+ void ConnectDialog::onFiltersTriggered(QAction *act) {
diff -Nru mumble-1.3.0~git20190125.440b173+dfsg/debian/patches/series 
mumble-1.3.0~git20190125.440b173+dfsg/debian/patches/series
--- mumble-1.3.0~git20190125.440b173+dfsg/debian/patches/series 2019-02-28 
16:36:21.0 +
+++ mumble-1.3.0~git20190125.440b173+dfsg/debian/patches/series 2021-03-04 
08:21:39.0 +
@@ -8,3 +8,4 @@
 52-use-update-rc.d-for-disable.diff
 60-crossbuild.diff
 65-fix-sample-path.diff
+67-only-http-https-URLs-in-Connect.diff

Re: Qt and OpenSSL transition metadata in relation to Mumble package

2016-03-30 Thread Chris Knadle 
Kurt Roeckx:
> On Mon, Mar 21, 2016 at 10:20:43PM +0100, Julien Cristau wrote:
>> I don't think dlopen(libssl) vs gcc -lssl makes any difference
>> licensing-wise, I suspect either they're both ok or they're both not
>> ok...
> 
> I assume the problem is not with Qt itself, but with other
> applications making use of Qt.

That's my understanding of the situation too, yes.

I've been discussing the mumble openssl transition issue with one of the Qt
maintainers in #818943.  There's a hackish idea of building a tiny dummy Qt
application or library that has OpenSSL as a dependency that could be
shipped alongside qtnetwork, in order to have part of Qt depend on OpenSSL
and thus have it binNMUed for OpenSSL transitions.

  -- Chris

-- 
Chris Knadle
chris.kna...@coredump.us

Re: Qt and OpenSSL transition metadata in relation to Mumble package

2016-03-21 Thread Chris Knadle 
Julien Cristau:
> On Mon, Mar 21, 2016 at 20:20:22 +0000, Chris Knadle wrote:
> 
>> Julien Cristau:
>>> On Sun, Mar 20, 2016 at 01:55:55 +, Chris Knadle wrote:
>>>
>>>> Emilio Pozuelo Monfort:
>>>>> On 19/03/16 19:23, Chris Knadle wrote:
>>>>>> Greetings.
>>>>>>
>>>>>> Executive summary:
>>>>>> I'd like to know if there is metadata that can be added to the Qt4 and 
>>>>>> Qt5
>>>>>> packages (qt4-x11 and qtbase-opensource-src) which will indicate that 
>>>>>> they
>>>>>> need to be binNMUed for OpenSSL transitions at nearly the same time that
>>>>>> Mumble gets binNMUed.
>>>> [...]
>>>>>> Is this possible?
>>>>>
>>>>> There's no way to express that kind of relationship. Not unless you get 
>>>>> into
>>>>> complex territory which isn't really worth it in this case. Normally 
>>>>> binNMUs
>>>>> are scheduled at the same time, so in theory this shouldn't be such a big
>>>>> issue. And it would only affect unstable users, only for a short amount of
>>>>> time.
>>>>
>>>> Ehhh... okay.  The last OpenSSL binNMU had an 11-day difference between
>>>> Mumble getting rebuilt and qt4-x11 being rebuilt in Sid.  That's a short
>>>> time in release terms, but a long time in terms of users finding Mumble
>>>> broken and waiting for it to be fixed.
>>>>
>>>> Either way I have my answer.  Thank you very much.
>>>>
>>> What would it take to fix qt to properly link with libssl?
>>
>> There's an -openssl-linked ./configure option for building Qt with:
>>
>>https://doc.qt.io/qt-4.8/ssl.html
>>
>> However it's thought that the -openssl-linked option isn't viable due to
>> licensing concerns that would result:
>>
>>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804487#147
>>
> I don't think dlopen(libssl) vs gcc -lssl makes any difference
> licensing-wise, I suspect either they're both ok or they're both not
> ok...
> 
> Cheers,
> Julien

I could try to talk to the maintainers of the Qt packages to see if they
know if using -openssl-linked is possible... I've been wanting to talk to
them about this for a while anyway.

   -- Chris

-- 
Chris Knadle
chris.kna...@coredump.us

Re: Qt and OpenSSL transition metadata in relation to Mumble package

2016-03-21 Thread Chris Knadle 
Julien Cristau:
> On Sun, Mar 20, 2016 at 01:55:55 +0000, Chris Knadle wrote:
> 
>> Emilio Pozuelo Monfort:
>>> On 19/03/16 19:23, Chris Knadle wrote:
>>>> Greetings.
>>>>
>>>> Executive summary:
>>>> I'd like to know if there is metadata that can be added to the Qt4 and Qt5
>>>> packages (qt4-x11 and qtbase-opensource-src) which will indicate that they
>>>> need to be binNMUed for OpenSSL transitions at nearly the same time that
>>>> Mumble gets binNMUed.
>> [...]
>>>> Is this possible?
>>>
>>> There's no way to express that kind of relationship. Not unless you get into
>>> complex territory which isn't really worth it in this case. Normally binNMUs
>>> are scheduled at the same time, so in theory this shouldn't be such a big
>>> issue. And it would only affect unstable users, only for a short amount of
>>> time.
>>
>> Ehhh... okay.  The last OpenSSL binNMU had an 11-day difference between
>> Mumble getting rebuilt and qt4-x11 being rebuilt in Sid.  That's a short
>> time in release terms, but a long time in terms of users finding Mumble
>> broken and waiting for it to be fixed.
>>
>> Either way I have my answer.  Thank you very much.
>>
> What would it take to fix qt to properly link with libssl?

There's an -openssl-linked ./configure option for building Qt with:

   https://doc.qt.io/qt-4.8/ssl.html

However it's thought that the -openssl-linked option isn't viable due to
licensing concerns that would result:

   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804487#147

Right now Qt5 (qtbase-opensource-src) uses the -openssl ./configure option
but not -openssl-linked, Qt4 (qt4-x11) uses neither.  Both Qt4 and Qt5 pull
in libssl-dev and libssl during the build, FWIW.

   -- Chris

-- 
Chris Knadle
chris.kna...@coredump.us

Re: Qt and OpenSSL transition metadata in relation to Mumble package

2016-03-19 Thread Chris Knadle 
Emilio Pozuelo Monfort:
> On 19/03/16 19:23, Chris Knadle wrote:
>> Greetings.
>>
>> Executive summary:
>> I'd like to know if there is metadata that can be added to the Qt4 and Qt5
>> packages (qt4-x11 and qtbase-opensource-src) which will indicate that they
>> need to be binNMUed for OpenSSL transitions at nearly the same time that
>> Mumble gets binNMUed.
[...]
>> Is this possible?
> 
> There's no way to express that kind of relationship. Not unless you get into
> complex territory which isn't really worth it in this case. Normally binNMUs
> are scheduled at the same time, so in theory this shouldn't be such a big
> issue. And it would only affect unstable users, only for a short amount of
> time.

Ehhh... okay.  The last OpenSSL binNMU had an 11-day difference between
Mumble getting rebuilt and qt4-x11 being rebuilt in Sid.  That's a short
time in release terms, but a long time in terms of users finding Mumble
broken and waiting for it to be fixed.

Either way I have my answer.  Thank you very much.

   -- Chris

-- 
Chris Knadle
chris.kna...@coredump.us

Qt and OpenSSL transition metadata in relation to Mumble package

2016-03-19 Thread Chris Knadle 
Greetings.

Executive summary:
I'd like to know if there is metadata that can be added to the Qt4 and Qt5
packages (qt4-x11 and qtbase-opensource-src) which will indicate that they
need to be binNMUed for OpenSSL transitions at nearly the same time that
Mumble gets binNMUed.



More detail:

Qt (both 4 and 5) use dlopen() to load libssl/libcrypto libraries [see lines
634-654]:


https://github.com/qtproject/qtbase/blob/dev/src/network/ssl/qsslsocket_openssl_symbols.cpp#L624-L727

and as a result during OpenSSL transitions where there's a library rename,
two different copies of libssl/libcrypto can get loaded when running
Mumble... one version Qt is compiled with, and one version Mumble is
compiled with, and they may have ABI differences.

This situation is non-trivial and caused Mumble to break (#804363) because
the SSL library wasn't getting initialized, and we believe the patch that
was used to fix this bug may be initializing both copies of SSL during the
transition period, and because of the unknown of what this might cause,
Mumble upstream is likely to implement code to disallow Mumble to continue
running when two different copies of libssl/libcrypto are loaded:

   https://github.com/mumble-voip/mumble/pull/2124

We're hoping that there's some way that metadata could be added (somewhere)
such that the Qt source packages and Mumble can be binNMUed/rebuilt around
the same time for OpenSSL transitions.

   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804487#97

Is this possible?
Thanks much.

P.S. Please To/CC me as I'm not on the [debian-release] mailing list.

   -- Chris

-- 
Chris Knadle
chris.kna...@coredump.us

Bug#808901: wheezy-pu: package libssh/0.5.4-1+deb7u1

2015-12-28 Thread Chris Knadle 
Adam D. Barratt:
> Control: tags -1 + pending
> 
> On 2015-12-27 18:21, Adam D. Barratt wrote:
>> Control: tags -1 + confirmed
>>
>> On 2015-12-24 9:03, Christopher Knadle wrote:
>>> I would like to update libssh in Wheezy via a sponsored NMU to fix
>>> CVE-2015-3146 and CVE-2015-8132, which are non-DSA security bugs and so
>>> would
>>> need to be fixed via stable-proposed-updates.  I updated libssh in Sid via
>>> sponsored NMU for these in Nov 2015.
>>
>> Please go ahead.
> 
> Uploaded and flagged for acceptance.
> 
> Regards,
> 
> Adam

Thank you very much.  :)
   -- Chris

-- 
Chris Knadle
chris.kna...@coredump.us

Bug#808890: jessie-pu: package libssh/0.6.3-4

2015-12-28 Thread Chris Knadle 
Adam D. Barratt:
> Control: tags -1 + pending
> 
> On 2015-12-27 18:15, Adam D. Barratt wrote:
>> Control: tags -1 + confirmed
>>
>> On 2015-12-24 8:44, Chris Knadle wrote:
>>> Oops... had trouble with reportbug and the patch I asked to be attached
>>> wasn't sent.  Attaching.
>>
>> Please go ahead.
> 
> Uploaded and flagged for acceptance.
> 
> Regards,
> 
> Adam

Thank you very much.  :)
   -- Chris

-- 
Chris Knadle
chris.kna...@coredump.us

Bug#808890: jessie-pu: package libssh/0.6.3-4

2015-12-24 Thread Chris Knadle 
Oops... had trouble with reportbug and the patch I asked to be attached
wasn't sent.  Attaching.

Thanks
   -- Chris

-- 
Chris Knadle
chris.kna...@coredump.us
diff -Nru libssh-0.6.3/debian/changelog libssh-0.6.3/debian/changelog
--- libssh-0.6.3/debian/changelog   2015-01-26 18:28:06.0 -0500
+++ libssh-0.6.3/debian/changelog   2015-12-04 09:53:48.0 -0500
@@ -1,3 +1,14 @@
+libssh (0.6.3-4+deb8u1) jessie; urgency=medium
+
+  * Non-maintainer upload.
+  * debian/patches:
+- Add 0002_CVE-2015-3146.patch
+  Fix "null pointer dereference due to a logical error in the handling
+  of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets"
+  (Closes: #784404, CVE-2015-3146)
+
+ -- Christopher Knadle <chris.kna...@coredump.us>  Mon, 23 Nov 2015 08:43:19 
-0500
+
 libssh (0.6.3-4) unstable; urgency=medium
 
   * Add debian/patches/0001_CVE-2014-8132.patch: Fixup error path in
diff -Nru libssh-0.6.3/debian/patches/0002_CVE-2015-3146.patch 
libssh-0.6.3/debian/patches/0002_CVE-2015-3146.patch
--- libssh-0.6.3/debian/patches/0002_CVE-2015-3146.patch1969-12-31 
19:00:00.0 -0500
+++ libssh-0.6.3/debian/patches/0002_CVE-2015-3146.patch2015-12-04 
09:53:32.0 -0500
@@ -0,0 +1,129 @@
+From 94f6955fbaee6fda9385a23e505497efe21f5b4f Mon Sep 17 00:00:00 2001
+From: Aris Adamantiadis <a...@0xbadc0de.be>
+Date: Wed, 15 Apr 2015 16:08:37 +0200
+Subject: [PATCH 1/2] CVE-2015-3146: Fix state validation in packet handlers
+
+The state validation in the packet handlers for SSH_MSG_NEWKEYS and
+SSH_MSG_KEXDH_REPLY had a bug which did not raise an error.
+
+The issue has been found and reported by Mariusz Ziule.
+
+Signed-off-by: Aris Adamantiadis <a...@0xbadc0de.be>
+Reviewed-by: Andreas Schneider <a...@cryptomilk.org>
+(cherry picked from commit bf0c7ae0aeb0ebe661d11ea6785fff2cbf4f3dbe)
+---
+ src/packet_cb.c | 16 ++--
+ src/server.c|  8 +---
+ 2 files changed, 15 insertions(+), 9 deletions(-)
+
+diff --git a/src/packet_cb.c b/src/packet_cb.c
+index a10dd1a..e6c613f 100644
+--- a/src/packet_cb.c
 b/src/packet_cb.c
+@@ -94,7 +94,7 @@ SSH_PACKET_CALLBACK(ssh_packet_dh_reply){
+   (void)type;
+   (void)user;
+   SSH_LOG(SSH_LOG_PROTOCOL,"Received SSH_KEXDH_REPLY");
+-  if(session->session_state!= SSH_SESSION_STATE_DH &&
++  if (session->session_state != SSH_SESSION_STATE_DH ||
+   session->dh_handshake_state != DH_STATE_INIT_SENT){
+   ssh_set_error(session,SSH_FATAL,"ssh_packet_dh_reply called in wrong 
state : %d:%d",
+   session->session_state,session->dh_handshake_state);
+@@ -135,12 +135,16 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
+   (void)user;
+   (void)type;
+   SSH_LOG(SSH_LOG_PROTOCOL, "Received SSH_MSG_NEWKEYS");
+-  if(session->session_state!= SSH_SESSION_STATE_DH &&
+-  session->dh_handshake_state != DH_STATE_NEWKEYS_SENT){
+-  ssh_set_error(session,SSH_FATAL,"ssh_packet_newkeys called in wrong 
state : %d:%d",
+-  session->session_state,session->dh_handshake_state);
+-  goto error;
++
++  if (session->session_state != SSH_SESSION_STATE_DH ||
++  session->dh_handshake_state != DH_STATE_NEWKEYS_SENT) {
++  ssh_set_error(session,
++SSH_FATAL,
++"ssh_packet_newkeys called in wrong state : %d:%d",
++session->session_state,session->dh_handshake_state);
++  goto error;
+   }
++
+   if(session->server){
+ /* server things are done in server.c */
+ session->dh_handshake_state=DH_STATE_FINISHED;
+diff --git a/src/server.c b/src/server.c
+index 35281ca..1637cce 100644
+--- a/src/server.c
 b/src/server.c
+@@ -165,7 +165,7 @@ static int ssh_server_kexdh_init(ssh_session session, 
ssh_buffer packet){
+ }
+ 
+ SSH_PACKET_CALLBACK(ssh_packet_kexdh_init){
+-  int rc;
++  int rc = SSH_ERROR;
+   (void)type;
+   (void)user;
+ 
+@@ -193,9 +193,11 @@ SSH_PACKET_CALLBACK(ssh_packet_kexdh_init){
+ ssh_set_error(session,SSH_FATAL,"Wrong kex type in 
ssh_packet_kexdh_init");
+ rc = SSH_ERROR;
+   }
+-  if (rc == SSH_ERROR)
++
++error:
++  if (rc == SSH_ERROR) {
+   session->session_state = SSH_SESSION_STATE_ERROR;
+-  error:
++  }
+ 
+   return SSH_PACKET_USED;
+ }
+-- 
+2.3.5
+
+
+From e9d16bd3439205ce7e75017405b1ac6ed5ead062 Mon Sep 17 00:00:00 2001
+From: Aris Adamantiadis <a...@0xbadc0de.be>
+Date: Wed, 15 Apr 2015 16:25:29 +0200
+Subject: [PATCH 2/2] buffers: Fix a possible null pointer dereference
+
+This is an addition to CVE-2015-3146 to fix the null pointer
+dereference. The patch is not required to fix the CVE but prevents
+issues in future.
+
+Signed-off-by: Aris Adamantiadis <a...@0xbadc0de.be>
+Reviewed-by: Andreas Schneider <a...@cryptomilk.org>
+(cherry picked from commit 309102547208281215

Bug#808890: jessie-pu: package libssh/0.6.3-4

2015-12-24 Thread Chris Knadle 
After filing #808901 I realize the source of the patch for #808890 is
elsewhere than I had originally stated: for the 0.6.x series for
CVE-20150-3146 the patch is within upstream tarball libssh-0.6.5.tar.xz:

   libssh-0.6.5/CVE-2015-3146-libssh-0.6.x.patch

Link to tarball:
   https://red.libssh.org/attachments/download/121/libssh-0.6.5.tar.xz

   -- Chris

-- 
Chris Knadle
chris.kna...@coredump.us

Bug#768139: unblock: mumble/1.2.8-1

2014-11-10 Thread Chris Knadle 
On Thu, Nov 06, 2014 at 02:24:20PM +, Adam D. Barratt wrote:
 On 2014-11-06 2:52, Chris Knadle wrote:
 On 05.11.14, Adam D. Barratt wrote:
 Control: tags -1 + moreinfo
 
 On Wed, 2014-11-05 at 05:43 -0500, Chris Knadle wrote:
  mumble_1.2.8-1 contains a bugfix of priority important for
  allowing installation with pre-allocated user/group and the
  package has been in Unstable for 6 days without new bugs reported.
  Additionally 1.2.8-1 is marked as a stable upstream version,
  where the current 1.2.8~7~g76f6870-2 in Jessie is a snapshot.
  The differences in code between the versions are small -- I believe
  it's literrally only two patches incorporated.
 
 There's also
 
  debian/mumble-server.init   |  143 +++
 
 which doesn't appear to be mentioned afaics.
 
 *sigh*  Thanks for catching this: it wasn't mentioned because I
 didn't make this change (AFAIK) and was unaware of it concerning this
 upload;
 [...]
 At one time I had accidentily included a debian/mumble-server.init
 (in a prior version) because it's something upstream includes in
 their PPA package for Ubuntu so I was testing using the file but had
 not committed it to git.
 [...]
 Other than that, do you have a suggestion as to how I should proceed
 from here?
 
 If it can happen really soon, I'd be happy with an upload that matches
 what you intended.

Okay, a new mumble 1.2.8-2 has been uploaded into Unstable, and I believe
it matches what we would all want.

I was asked to revert the Standards-Version back to 3.9.5 so this upload
is just slightly different from the last debdiff I sent; as such I've
attaching a new debdiff and an interdiff against the first debdiff
(mumble_1.2.8~7_to_1.2.8-1.diff) that I had started the bug with.  The
interdiff is just slightly larger than expected because the time zone
changed back an hour (-0400 to -0500) since the last upload.

Thanks much.

  -- Chris

--
Chris Knadle
chris.kna...@coredump.us
diffstat for mumble-1.2.8~7~g76f6870 mumble-1.2.8

 CHANGES  |   42 
 debian/changelog |   29 
 debian/control   |1 
 debian/mumble-server.postinst|4 -
 debian/patches/23-fix-pulseaudio-segfault-pt1.diff   |   66 ---
 debian/patches/24-fix-pulseaudio-segfault-pt2.diff   |   48 -
 debian/patches/25-make-logfiles-readable-by-adm.diff |   15 
 debian/patches/series|3 
 src/Version.h|2 
 src/mumble/PulseAudio.cpp|   26 ++-
 10 files changed, 112 insertions(+), 124 deletions(-)

diff -Nru mumble-1.2.8~7~g76f6870/CHANGES mumble-1.2.8/CHANGES
--- mumble-1.2.8~7~g76f6870/CHANGES	2014-07-04 06:15:44.0 -0400
+++ mumble-1.2.8/CHANGES	2014-08-08 11:51:59.0 -0400
@@ -1,3 +1,36 @@
+2014-08-08
+  Mikkel Krautz mik...@krautz.dk
+82c483e  scripts: modify git2cl.pl to work on the currently checked-out
+	 branch rather than origin/master.
+
+2014-07-23
+  Mikkel Krautz mik...@krautz.dk
+0bf4aa3  PulseAudio: don't call pa_stream_drop() for empty
+	 pa_stream_peek().
+
+2014-07-20
+  Mikkel Krautz mik...@krautz.dk
+633f905  PulseAudio: stricter pa_stream_peek() validation.
+
+2014-07-02
+  Mikkel Krautz mik...@krautz.dk
+76f6870  PulseAudio: fix access to protected enums in AudioInput and
+	 AudioOutput.
+9529651  installer: add the ability to use a custom bzip2 directory in
+	 the Win32 installer.
+8609912  installer: fix ability to use a custom OpenSslDir when
+	 building the Win32 installer.
+
+2014-06-29
+  Mikkel Krautz mik...@krautz.dk
+196a6f7  Allow building 1.2.x on Windows with
+	 mumble-releng/buildenv/1.2.x/win32
+
+2014-06-14
+  Mikkel Krautz mik...@krautz.dk
+414494d  Bump version to 1.2.8
+173ec2b  Update changelog
+
 2014-06-13
   Mikkel Krautz mik...@krautz.dk
 aef3509  Add CA certificate filter to MumbleSSL::addSystemCA() to work
@@ -31,6 +64,15 @@
 8323bd4  mumble: allow Log_macx.mm to build against the OS X 10.4 SDK
 	 (for universal builds).
 
+2013-08-02
+  Mikkel Krautz mik...@krautz.dk
+228f844  mumble: fix VoiceRecorderDialog build on Apple clang-500.1.70.
+
+2013-06-08
+  Mikkel Krautz mik...@krautz.dk
+9c06ecf  bonjour: use Qt::AutoConnection for BonjourServiceResolver's
+	 QSocketNotifier slot.
+
 2013-06-01
   Stefan Hacker d...@users.sourceforge.net
 5ff038e  Update changelog
diff -Nru mumble-1.2.8~7~g76f6870/debian/changelog mumble-1.2.8/debian/changelog
--- mumble-1.2.8~7~g76f6870/debian/changelog	2014-07-23 22:32:00.0 -0400
+++ mumble-1.2.8/debian/changelog	2014-11-09 11:10:08.0 -0500
@@ -1,3 +1,32 @@
+mumble (1.2.8-2) unstable; urgency=medium
+
+  * debian/mumble-server.init
+  - Remove file as it was included accidentily
+
+ -- Christopher Knadle

Bug#768139: unblock: mumble/1.2.8-1

2014-11-07 Thread Chris Knadle 
On 06.11.14, Adam D. Barratt wrote:
 On 2014-11-06 2:52, Chris Knadle wrote:
 On 05.11.14, Adam D. Barratt wrote:
 Control: tags -1 + moreinfo
 
 On Wed, 2014-11-05 at 05:43 -0500, Chris Knadle wrote:
  mumble_1.2.8-1 contains a bugfix of priority important for
  allowing installation with pre-allocated user/group and the
  package has been in Unstable for 6 days without new bugs reported.
  Additionally 1.2.8-1 is marked as a stable upstream version,
  where the current 1.2.8~7~g76f6870-2 in Jessie is a snapshot.
  The differences in code between the versions are small -- I believe
  it's literrally only two patches incorporated.
 
 There's also
 
  debian/mumble-server.init   |  143 +++
 
 which doesn't appear to be mentioned afaics.
 
 *sigh*  Thanks for catching this: it wasn't mentioned because I
 didn't make this change (AFAIK) and was unaware of it concerning this
 upload;
 [...]
 At one time I had accidentily included a debian/mumble-server.init
 (in a prior version) because it's something upstream includes in
 their PPA package for Ubuntu so I was testing using the file but had
 not committed it to git.
 [...]
 Other than that, do you have a suggestion as to how I should proceed
 from here?
 
 If it can happen really soon, I'd be happy with an upload that
 matches what you intended.

Thank you.

I've just uploaded mumble 1.2.8-2 to mentors.debian.net and pinged my
package sponsor.  I've double-checked a debdiff between the downloaded
versions between Jessie and the new upload to Mentors -- attached.
I made one additional change to bump the Standards-Version to 3.9.6
because no changes were needed.  Link to Mentors pacge in case you
would like a look:

   https://mentors.debian.net/package/mumble

This took me all night because the backup machine I'm using is
experiencing disk corruption, but only when the disk is under load,
so once I discovered that I had to be careful how and where I did
the work.  When lightly loaded such as mounted when running a Knoppix
DVD or when doing low-level hard disk checks it shows no errors.  Yet
every time I attempt to load Jessie, the filesystem is corrupted on
it's first use (or doesn't even survive the attempt to load it).  :-(
It's extremely frustrating.  [And for obvious reasons this new upload
was built on a different system.]

Thanks for your work and for your diligence.

  -- Chris

--
Chris Knadle
chris.kna...@coredump.us
diff -Nru mumble-1.2.8~7~g76f6870/CHANGES mumble-1.2.8/CHANGES
--- mumble-1.2.8~7~g76f6870/CHANGES	2014-07-04 06:15:44.0 -0400
+++ mumble-1.2.8/CHANGES	2014-08-08 11:51:59.0 -0400
@@ -1,3 +1,36 @@
+2014-08-08
+  Mikkel Krautz mik...@krautz.dk
+82c483e  scripts: modify git2cl.pl to work on the currently checked-out
+	 branch rather than origin/master.
+
+2014-07-23
+  Mikkel Krautz mik...@krautz.dk
+0bf4aa3  PulseAudio: don't call pa_stream_drop() for empty
+	 pa_stream_peek().
+
+2014-07-20
+  Mikkel Krautz mik...@krautz.dk
+633f905  PulseAudio: stricter pa_stream_peek() validation.
+
+2014-07-02
+  Mikkel Krautz mik...@krautz.dk
+76f6870  PulseAudio: fix access to protected enums in AudioInput and
+	 AudioOutput.
+9529651  installer: add the ability to use a custom bzip2 directory in
+	 the Win32 installer.
+8609912  installer: fix ability to use a custom OpenSslDir when
+	 building the Win32 installer.
+
+2014-06-29
+  Mikkel Krautz mik...@krautz.dk
+196a6f7  Allow building 1.2.x on Windows with
+	 mumble-releng/buildenv/1.2.x/win32
+
+2014-06-14
+  Mikkel Krautz mik...@krautz.dk
+414494d  Bump version to 1.2.8
+173ec2b  Update changelog
+
 2014-06-13
   Mikkel Krautz mik...@krautz.dk
 aef3509  Add CA certificate filter to MumbleSSL::addSystemCA() to work
@@ -31,6 +64,15 @@
 8323bd4  mumble: allow Log_macx.mm to build against the OS X 10.4 SDK
 	 (for universal builds).
 
+2013-08-02
+  Mikkel Krautz mik...@krautz.dk
+228f844  mumble: fix VoiceRecorderDialog build on Apple clang-500.1.70.
+
+2013-06-08
+  Mikkel Krautz mik...@krautz.dk
+9c06ecf  bonjour: use Qt::AutoConnection for BonjourServiceResolver's
+	 QSocketNotifier slot.
+
 2013-06-01
   Stefan Hacker d...@users.sourceforge.net
 5ff038e  Update changelog
diff -Nru mumble-1.2.8~7~g76f6870/debian/changelog mumble-1.2.8/debian/changelog
--- mumble-1.2.8~7~g76f6870/debian/changelog	2014-07-23 22:32:00.0 -0400
+++ mumble-1.2.8/debian/changelog	2014-11-07 04:29:22.0 -0500
@@ -1,3 +1,34 @@
+mumble (1.2.8-2) unstable; urgency=medium
+
+  * debian/mumble-server.init
+  - Remove file as it was included accidentily
+  * debian/control:
+  - Standards-Version updated to 3.9.6 (no changes needed)
+
+ -- Christopher Knadle chris.kna...@coredump.us  Fri, 07 Nov 2014 03:40:00 -0500
+
+mumble (1.2.8-1) unstable; urgency=medium
+
+  * New upstream stable release from 2014-08-09
+  * debian/control:
+  - Remove uploader Thorvald Natvig thorv

Bug#768139: unblock: mumble/1.2.8-1

2014-11-05 Thread Chris Knadle 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package mumble

mumble_1.2.8-1 contains a bugfix of priority important for
allowing installation with pre-allocated user/group and the
package has been in Unstable for 6 days without new bugs reported.
Additionally 1.2.8-1 is marked as a stable upstream version,
where the current 1.2.8~7~g76f6870-2 in Jessie is a snapshot.
The differences in code between the versions are small -- I believe
it's literrally only two patches incorporated.

debdiff attached.

I would have uploaded 1.2.8-1 earlier but my laptop had a hardware
failure and didn't have other hardware to read the disk.
[The Lenovo T61p uses an Nvidia G84 GPU which was misdesigned such
 that it eventually fails, requiring motherboard replacement.]
I and my package sponsor were unaware that the sid-jessie
transition time had been extended from 5 to 10 days for October.

Thanks much.

  -- Chris

--
Chris Knadle
chris.kna...@coredump.us
diffstat for mumble-1.2.8~7~g76f6870 mumble-1.2.8

 CHANGES  |   42 
 debian/changelog |   22 ++
 debian/control   |1 
 debian/mumble-server.postinst|4 -
 debian/patches/23-fix-pulseaudio-segfault-pt1.diff   |   66 ---
 debian/patches/24-fix-pulseaudio-segfault-pt2.diff   |   48 -
 debian/patches/25-make-logfiles-readable-by-adm.diff |   15 
 debian/patches/series|3 
 src/Version.h|2 
 src/mumble/PulseAudio.cpp|   26 ++-
 10 files changed, 105 insertions(+), 124 deletions(-)

diff -Nru mumble-1.2.8~7~g76f6870/CHANGES mumble-1.2.8/CHANGES
--- mumble-1.2.8~7~g76f6870/CHANGES	2014-07-04 06:15:44.0 -0400
+++ mumble-1.2.8/CHANGES	2014-08-08 11:51:59.0 -0400
@@ -1,3 +1,36 @@
+2014-08-08
+  Mikkel Krautz mik...@krautz.dk
+82c483e  scripts: modify git2cl.pl to work on the currently checked-out
+	 branch rather than origin/master.
+
+2014-07-23
+  Mikkel Krautz mik...@krautz.dk
+0bf4aa3  PulseAudio: don't call pa_stream_drop() for empty
+	 pa_stream_peek().
+
+2014-07-20
+  Mikkel Krautz mik...@krautz.dk
+633f905  PulseAudio: stricter pa_stream_peek() validation.
+
+2014-07-02
+  Mikkel Krautz mik...@krautz.dk
+76f6870  PulseAudio: fix access to protected enums in AudioInput and
+	 AudioOutput.
+9529651  installer: add the ability to use a custom bzip2 directory in
+	 the Win32 installer.
+8609912  installer: fix ability to use a custom OpenSslDir when
+	 building the Win32 installer.
+
+2014-06-29
+  Mikkel Krautz mik...@krautz.dk
+196a6f7  Allow building 1.2.x on Windows with
+	 mumble-releng/buildenv/1.2.x/win32
+
+2014-06-14
+  Mikkel Krautz mik...@krautz.dk
+414494d  Bump version to 1.2.8
+173ec2b  Update changelog
+
 2014-06-13
   Mikkel Krautz mik...@krautz.dk
 aef3509  Add CA certificate filter to MumbleSSL::addSystemCA() to work
@@ -31,6 +64,15 @@
 8323bd4  mumble: allow Log_macx.mm to build against the OS X 10.4 SDK
 	 (for universal builds).
 
+2013-08-02
+  Mikkel Krautz mik...@krautz.dk
+228f844  mumble: fix VoiceRecorderDialog build on Apple clang-500.1.70.
+
+2013-06-08
+  Mikkel Krautz mik...@krautz.dk
+9c06ecf  bonjour: use Qt::AutoConnection for BonjourServiceResolver's
+	 QSocketNotifier slot.
+
 2013-06-01
   Stefan Hacker d...@users.sourceforge.net
 5ff038e  Update changelog
diff -Nru mumble-1.2.8~7~g76f6870/debian/changelog mumble-1.2.8/debian/changelog
--- mumble-1.2.8~7~g76f6870/debian/changelog	2014-07-23 22:32:00.0 -0400
+++ mumble-1.2.8/debian/changelog	2014-10-28 15:54:13.0 -0400
@@ -1,3 +1,25 @@
+mumble (1.2.8-1) unstable; urgency=medium
+
+  * New upstream stable release from 2014-08-09
+  * debian/control:
+  - Remove uploader Thorvald Natvig thorv...@debian.org due to
+inactivity; thanks very much for your prior contributions.
+  * debian/patches:
+  - Remove 23-fix-pulseaudio-segfault-pt1.diff
+   24-fix-pulseaudio-segfault-pt2.diff
+Both patches incorporated upstream in 1.2.8
+  - Add 25-make-logfiles-readable-by-adm.diff to make mumble-server log
+files readable by group adm.  Closes: #759287
+Thanks to Jan Braun janbr...@gmx.net for reporting the bug and
+submitting a patch.
+  * debian/mumble-server.postinst:
+  - Add check for existance of mumble-server group entry before creation
+of group and user.  Closes: #758833
+Thanks to William Martin william.mar...@power-lan.com for reporting
+the bug and discussing a fix.
+
+ -- Christopher Knadle chris.kna...@coredump.us  Thu, 28 Aug 2014 16:23:17 -0400
+
 mumble (1.2.8~7~g76f6870-2) unstable; urgency=medium

Bug#768139: unblock: mumble/1.2.8-1

2014-11-05 Thread Chris Knadle 
On 05.11.14, Adam D. Barratt wrote:
 Control: tags -1 + moreinfo
 
 On Wed, 2014-11-05 at 05:43 -0500, Chris Knadle wrote:
  mumble_1.2.8-1 contains a bugfix of priority important for
  allowing installation with pre-allocated user/group and the
  package has been in Unstable for 6 days without new bugs reported.
  Additionally 1.2.8-1 is marked as a stable upstream version,
  where the current 1.2.8~7~g76f6870-2 in Jessie is a snapshot.
  The differences in code between the versions are small -- I believe
  it's literrally only two patches incorporated.
 
 There's also
 
  debian/mumble-server.init   |  143 +++
 
 which doesn't appear to be mentioned afaics.

*sigh*  Thanks for catching this: it wasn't mentioned because I
didn't make this change (AFAIK) and was unaware of it concerning this
upload; I believe what I uploaded to mentors.debian.net for 1.2.8-1
was this:

   ftp://ftp.coredump.us/debian-packages/mumble/mumble-1.2.8/

but I see that indeed the package now in unstable contains this file,
and a debdiff between that and the package linked to above shows the
debian/mumble-server.init (and no other differences).

At one time I had accidentily included a debian/mumble-server.init
(in a prior version) because it's something upstream includes in
their PPA package for Ubuntu so I was testing using the file but had
not committed it to git.  I had also configured git-buildpackage with
export = WC to export the working copy rather than only what's in
git to allow doing a debuild of things I'm not sure I want to commit
yet, so the file got included in one of the uploads -- I removed
it on the next upload which is why 1.2.8~7~g76f6870-2 in Jessie
doesn't contain it. I'll double-check with my package sponsor to see
if he has any insight on what happened in this case.

Other than that, do you have a suggestion as to how I should proceed
from here?

  debdiff attached.
  
  I would have uploaded 1.2.8-1 earlier but my laptop had a hardware
  failure and didn't have other hardware to read the disk.
  [The Lenovo T61p uses an Nvidia G84 GPU which was misdesigned such
   that it eventually fails, requiring motherboard replacement.]
  I and my package sponsor were unaware that the sid-jessie
  transition time had been extended from 5 to 10 days for October.
 
 Hmmm, it was mentioned on d-d-a five times.

Yes I see that (Johnathan -- thanks for the links).  Ugh.  Sorry I
missed this, but now that we've caught an error in thie upload, I'm
sort of glad that I did.

  -- Chris

--
Chris Knadle
chris.kna...@coredump.us


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141106025217.ga16...@anan7.coredump.us

Bug#760620: wheezy-pu: mumble/1.2.3-349-g315b5f5-2.2+deb7u2

2014-09-19 Thread Chris Knadle 
On Wednesday, September 17, 2014 19:07:48 Adam D. Barratt wrote:
 Control: tags -1 + moreinfo
 
 On Sat, 2014-09-06 at 02:02 -0400, Chris Knadle wrote:
  Dear release team:
 
  I'd like to update the Mumble package in Wheezy for the following:

 For the record, this never made it to debian-release@, most likely due
 to the size of the diff.

Thanks for finding it and having a look.

 [...]
 
- Add 37-fix-connect-dialog-hang-dee463ef.diff.  Closes: #688444
  Fix crashing when connecting to a server.
 
 According to the bug's metadata, this issue applies to the package in
 unstable and is not currently fixed there; is that correct?

No, it was fixed in unstable some time ago (version 1.2.4-0.1).  Thanks for 
pointing this out -- I'll look through the list of other bugs to see if they 
also need updating for the metadata.

 If the unstable package is not affected, please correct the metadata; if
 it is affected, please resolve the issue there first.

I believe I've corrected the metadata; the graph of the versions affected by 
#688444 look correct now.

Thanks.

  -- Chris

--

Chris Knadle
chris.kna...@coredump.us


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/2378730.WRm9hRuhnu@trelane

Bug#726165: mumble +b1 with protobuf 2.5.0-9 works

2014-02-05 Thread Chris Knadle 
On Wednesday, February 05, 2014 11:49:16 Robert Edmonds wrote:
 Chris Knadle wrote:
  On Monday, February 03, 2014 22:25:23 Robert Edmonds wrote:
   I've uploaded protobuf 2.5.0-8 to experimental, which has the exact same
   ABI/API as protobuf 2.5.0-5.  Can you tell me if the current version of
   mumble in the archive works with libprotobuf8 2.5.0-8, once it's
   available at your mirror?  (I suspect that it will, but just want to
   make sure.)
  
  Yes, the existing 1.2.4-0.1+b1 in Unstable works with libprotobuf8
  2.5.0-8.
 
 OK, I've uploaded -9 to unstable.  libprotobuf8's .so is byte identical,
 at least on amd64.  Can you check that mumble still works?  (I would be
 surprised if it did not.)

Yep, mumble 1.2.4-0.1+b1 works fine with libprotobuf8 2.5.0-9.

Thanks.
There are other fixes for mumble pending requiring a new upload so I'm glad to 
have the protobuf transition done.

  -- Chris

--
Chris Knadle
chris.kna...@coredump.us


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2729161.Tl8zacaL8u@trelane

Bug#726165: mumble +b1 with protobuf 2.5.0-8 works

2014-02-04 Thread Chris Knadle 
On Monday, February 03, 2014 22:25:23 Robert Edmonds wrote:
 Chris Knadle wrote:
  On Friday, January 31, 2014 15:18:18 Robert Edmonds wrote:
  [...]
  
   Chris Knadle's input in #737246 makes me believe that the changes in
   2.5.0-6 / -7 just aren't correct.  I'm thinking we should probably go
   back to the approach in 2.5.0-5 (though with a fallback atomic
   implementation for architectures where the default gcc is  4.7).
  
  Unfortunately the feedback I gave you about protobuf 2.5.0-6 / -7 turns
  out
  to have been wrong; my local cowbuilder had something weird going on. 
  That
  mumble works when built against protobuf 2.5.0-7 got reported to me in
  #737223 by Gonéri Le Bouder, with after some efforts was able to
  replicate with cowbuilder.
 
 Hi, Chris:
 
 After further investigation, reading upstream bug #351, and commits
 r409, r410, r413, r414, and r415 [1], I'm not convinced that the changes
 I made in protobuf 2.5.0-6 / -7 are complete, and in any case I'm now no
 longer convinced that it's feasible to forward port the once
 implementation from protobuf = 2.4.1 to later versions.

Okay.  Yeah I looked at #351 I see what you mean.

 I've uploaded protobuf 2.5.0-8 to experimental, which has the exact same
 ABI/API as protobuf 2.5.0-5.  Can you tell me if the current version of
 mumble in the archive works with libprotobuf8 2.5.0-8, once it's
 available at your mirror?  (I suspect that it will, but just want to
 make sure.)

Yes, the existing 1.2.4-0.1+b1 in Unstable works with libprotobuf8 2.5.0-8.

 I am pretty sure 2.5.0-8 will not work on ia64 or sparc, where the
 default compiler is gcc-4.6, but it also seems that this problem is not
 so serious now.

Right.

  Should I file a release.debian.org bug to binNMU mumble?
 
 I think this is a problem in the protobuf transition, so #726165 is the
 right bug for this discussion :-)

;-)  Makes sense.

 That is, with protobuf 2.5.0-8 there should be no additional binNMUs
 required.  If that's the case, I'll upload -8 to unstable as -9,
 provided it is acceptable to break the architectures with the old
 gcc-4.6 compiler.

I think thats fine concerning mumble.

  -- Chris

--
Chris Knadle
chris.kna...@coredump.us


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/10019212.SdvrCvNV5g@trelane

Bug#726165: mumble with protobuf 2.5.0-7 works

2014-02-03 Thread Chris Knadle 
On Friday, January 31, 2014 15:18:18 Robert Edmonds wrote:
[...]
 Chris Knadle's input in #737246 makes me believe that the changes in
 2.5.0-6 / -7 just aren't correct.  I'm thinking we should probably go
 back to the approach in 2.5.0-5 (though with a fallback atomic
 implementation for architectures where the default gcc is  4.7).

Unfortunately the feedback I gave you about protobuf 2.5.0-6 / -7 turns out
to have been wrong; my local cowbuilder had something weird going on.  That 
mumble works when built against protobuf 2.5.0-7 got reported to me in #737223 
by Gonéri Le Bouder, with after some efforts was able to replicate with 
cowbuilder.

Should I file a release.debian.org bug to binNMU mumble?

  -- Chris

--
Chris Knadle
chris.kna...@coredump.us


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/5877870.eFpzdOdMrl@trelane

Bug#693351: RM: kismet/2008-05-R1-4.3

2012-12-12 Thread Chris Knadle 
On Wednesday, December 12, 2012 10:18:54, Nick Andrik wrote:
 2012/12/12 intrigeri intrig...@debian.org:
  Hi,
  
  Nick Andrik wrote (12 Dec 2012 14:32:35 GMT) :
  I don't have strong feelings in any case, I don't expect someone to be
  using this version of the package nowadays.
  On the other hand, I don't also see the clear benefits from removing it.
  
  OK. I think the key question then becomes: as the upcoming maintainer
  of kismet in Debian, do you want to commit to maintain 2008-05-R1-4.3
  in stable once Wheezy is released? (as in: dealing with security
  issues, fixing RC bugs through stable updates, answering bug
  reports, etc.)
 
 If there are any bugs reported on functionality (which I doubt) then
 it makes no sense trying to fix the 2008 version.

Ubuntu has several SIGSEGV crashes reported on kismet 2008-05-R1-4.3:
   https://launchpad.net/ubuntu/+source/kismet/+bugs

Upstream (Mike Kershaw, who I see at MHVLUG meetings) is frustrated by the 
fact that this old version of kismet is still being shipped in Ubuntu, because 
he regularly gets bugs reported to him directly from users that he isn't able 
to help with because the version is ancient.  I'm adding Mike to the list of 
recipients so that he can have a chance to offer an opinion on whether 
2008-06-R1-4.3 should be shipped in Wheezy (and thus shipped for another two 
years in Debian).

It'll be good to get a newer Kismet package in Unstable, since Ubuntu is based 
on Unstable.

 All other bugs are OK.
 
 BTW, I guess there is no chance to have the new package in wheezy once
 it gets released, is this correct?

To get a new version in it would have had to have been in Unstable before the 
freeze in June.  Around that time I made a newer Kismet package using 
debhelper v9, but it wasn't ready before the freeze and the package I made 
still needs a couple of tweaks, which is why I hadn't tried to file an ITA.

Nick -- let me know if you'd like to see what I did re: /debian/* files.  The 
main thing that needs tweaking in the package I came up with had to do with 
the menu shortcut and how to handle access permissions correctly.

 If we need to fix anything then I will have to keep different branches,
 i.e. one for stable and one for testing, right?

Maybe.  There will be different package versions, but branches implies using 
a version control system which isn't a requirement AFAIK.

  -- Chris

--
Chris Knadle
chris.kna...@coredump.us


signature.asc
Description: This is a digitally signed message part.

Re: Bug#693351: RM: kismet/2008-05-R1-4.3

2012-12-12 Thread Chris Knadle 
 be to use backports.debian.org for having 
an upgraded package for Stable available, which could thus stick with the 
packages in Stable as much as possible, and thus continue to get security 
updates.

  -- Chris

--
Chris Knadle
chris.kna...@coredump.us


signature.asc
Description: This is a digitally signed message part.

Bug#691098: unblock: mumble/1.2.3-349-g315b5f5-2.1 [pre-approval request]

2012-10-22 Thread Chris Knadle 
On Monday, October 22, 2012 07:39:24, Julien Cristau wrote:
 On Mon, Oct 22, 2012 at 13:35:09 +0200, gregor herrmann wrote:
  On Mon, 22 Oct 2012 12:30:34 +0200, Julien Cristau wrote:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

I'd like to request a pre-approval for a future unblock of a
not-yet-uploaded NMU of mumble.
   
   IMO the package needs to be in sid before we consider it.
  
  Thanks for your quick reply!
  
  I was under the impression that the release team prefers to assess
  the situation before an upload in more complicated situations, but
  I'm happy to upload the NMU to a DELAYED queue later today.
 
 I guess I don't consider this a complicated situation.  Either the new
 version is ok, or we release without mumble.  Neither the current
 version in sid nor the current version in wheezy are suitable anyway,
 AIUI.

That's correct.  The 348-1 currently in Wheezy will not build due to 
library changes in Wheezy, and the 349-2 in Sid cannot communicate with the 
existing Mumble userbase.

Thanks much.

  -- Chris

--
Chris Knadle
chris.kna...@coredump.us


signature.asc
Description: This is a digitally signed message part.

patches for fixing RC bug, intent to upload NMU

2012-10-04 Thread Chris Knadle 
tags 675971 patch
thanks


Greetings.

CCing the tech-ctte and release-team, as the intent is to coordinate with both 
for approval to upload this NMU.


Ron, I tried contacting you about a month ago but I haven't heard back from 
you since the TC decision on Aug 30th.  I tried contacting Thorvald (the only 
other uploader) in early Sept (he is very busy so I knew this was a long shot) 
and he replied that he wanted a few days to try to contact you, but I haven't 
heard back from him since then either.

I contacted Gregor Hermann and with his help we created a minimal diff for a 
new upload targeted for Wheezy, as requested in TC #682010.  I'm posting it 
here to give you a chance to review it if you wish.  Unless you wish to 
discuss it, this will be uploaded soon to a DELAYED/XX queue at which time 
there will be an additional notification posted here.

Three patches attached:
   mumble-celt.diff-- the fix for #675971
   mumble-349-rules.diff   -- (optional) fix debian/rules to remove the Ice/
  directory in the 'clean' target to allow
  repeat building
   mumble-349-defuzz.diff  -- (optional) Removes fuzz from two quilt patches
  in the current package

Thanks.

  -- Chris

--
Chris Knadle
chris.kna...@coredump.us
diff -Nru mumble-1.2.3-349-g315b5f5/debian/changelog mumble-1.2.3-349-g315b5f5/debian/changelog
--- mumble-1.2.3-349-g315b5f5/debian/changelog	2012-07-08 13:42:05.0 -0400
+++ mumble-1.2.3-349-g315b5f5/debian/changelog	2012-10-04 21:03:18.0 -0400
@@ -1,3 +1,31 @@
+mumble (1.2.3-349-g315b5f5-2.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Fix Cannot communicate with the vast majority of Mumble servers due
+to lack of required baseline codec:
+re-enable using the bundled celt library:
+   debian/patches/series:
+ - add 07-use-embedded-celt-baseline patch
+   debian/patches/07-use-embedded-celt-baseline:
+ - build Celt 0.7.1 and not 0.11.0
+   debian/mumble.install:
+ - ship Celt 0.7.1 library from the embedded source
+   debian/rules:
+ - re-enable Celt using the bundled 0.7.1 version
+   debian/patches/20-add-opus-threshold-option:
+ - fix src/murmur/Meta.cpp to set default iOpusThreshold=100 to only
+   switch from Celt to Opus if 100% of connected clients support Opus
+   (instead of 1%)
+ - fix murmur.ini example for opusthreshold option to =100
+   (instead of =1)
+ - add #opusthreshold=100 comments to murmur.ini.system (shipped as
+   etc/mumble-server.ini) to match murmur.ini example
+Closes: #675971.
+This implements the TC decision in #682010.
+[Thanks to Gregor Hermann for his help and guidance.]
+
+ -- Christopher Knadle chris.kna...@coredump.us  Thu, 04 Oct 2012 11:45:05 -0400
+
 mumble (1.2.3-349-g315b5f5-2) unstable; urgency=low
 
   * Drop the hard dep on boost-1.46, that's been removed now.  Closes: #678759
diff -Nru mumble-1.2.3-349-g315b5f5/debian/mumble.install mumble-1.2.3-349-g315b5f5/debian/mumble.install
--- mumble-1.2.3-349-g315b5f5/debian/mumble.install	2012-07-08 13:42:05.0 -0400
+++ mumble-1.2.3-349-g315b5f5/debian/mumble.install	2012-10-04 21:02:08.0 -0400
@@ -1,6 +1,6 @@
 release/mumble usr/bin/
 release/libmumble.so* usr/lib/mumble/
-#release/libcelt0.so.?.?.? usr/lib/mumble/
+release/libcelt0.so.?.?.? usr/lib/mumble/
 release/plugins/lib*.so usr/lib/mumble/
 icons/mumble.xpm usr/share/pixmaps/
 icons/mumble.svg usr/share/icons/hicolor/scalable/apps/
diff -Nru mumble-1.2.3-349-g315b5f5/debian/patches/07-use-embedded-celt-baseline mumble-1.2.3-349-g315b5f5/debian/patches/07-use-embedded-celt-baseline
--- mumble-1.2.3-349-g315b5f5/debian/patches/07-use-embedded-celt-baseline	1969-12-31 19:00:00.0 -0500
+++ mumble-1.2.3-349-g315b5f5/debian/patches/07-use-embedded-celt-baseline	2012-10-04 21:02:08.0 -0400
@@ -0,0 +1,13 @@
+# build and bundle in only celt 0.7.1 if celt is embedded
+--- a/main.pro
 b/main.pro
+@@ -12,7 +12,8 @@
+ SUBDIRS *= speexbuild
+   }
+   !CONFIG(no-bundled-celt) {
+-SUBDIRS *= celt-0.7.0-build celt-0.11.0-build
++SUBDIRS *= celt-0.7.0-build
++SUBDIRS -= celt-0.11.0-build
+   }
+ 
+   CONFIG(opus) {
diff -Nru mumble-1.2.3-349-g315b5f5/debian/patches/20-add-opus-threshold-option mumble-1.2.3-349-g315b5f5/debian/patches/20-add-opus-threshold-option
--- mumble-1.2.3-349-g315b5f5/debian/patches/20-add-opus-threshold-option	2012-07-08 13:42:05.0 -0400
+++ mumble-1.2.3-349-g315b5f5/debian/patches/20-add-opus-threshold-option	2012-10-04 21:02:08.0 -0400
@@ -8,7 +8,7 @@
  
 +# Amount of users with Opus support needed to force Opus usage, in percent.
 +# 0 = Always enable Opus, 100 = enable Opus if it's supported by all clients.
-+#opusthreshold=1
++#opusthreshold=100
 +
  # Regular expression used to validate channel names
  # (note that you

Re: mumble and celt, #682010, TC

2012-07-19 Thread Chris Knadle 
On Thursday, July 19, 2012 12:56:05, Neil McGovern wrote:
 [resent... signed this time. Again]
 
 On Thu, Jul 19, 2012 at 05:45:27PM +0100, Ian Jackson wrote:
   * That the package is likely to be able to communicate with
   non-debian
   derived distributions.
  
  The information we seem to be getting is that it is indeed likely that
  the mumble we have will be able to do so, because mumble upstream have
  somehow nominated or blessed 0.7.1.
 
 The above may, or may not conflict with:
   * If we cannot find a maintainer for celt who looks like they'll be
   
 able to handle it for the lifetime of wheezy then we need to allow
 the current mumble (and perhaps other rdepends) in sid to propagate
 and will then be able to remove celt from wheezy.
 
 I would be concerned if the mumble client in wheezy isn't able to call
 non-debian derived mumble servers.

I just did additional testing and using the version of Mumble from Wheezy 
(along with libcelt0-0) I'm able to get server loopback working on public 
servers that report versions of:

   1.2.3 (Win)
   Protocol 1.2.3  (FreeBSD 8.0-RELEASE)
   Protocol 1.2.3. (Linux 2.6.38.6-nfo)
   Protocol 1.2.4  (Fedora release 14)
   Protocol 1.2.3  (Gentoo Base System release 2.0.3)

  -- Chris

--
Chris Knadle
chris.kna...@coredump.us
GPG Key: 4096R/0x1E759A726A9FDD74


signature.asc
Description: This is a digitally signed message part.