Bug#699031: unblock: php-cas/1.3.1-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package php-cas The previous upload in 1.3.1-3 (security fix) included an incorrect fix from upstream (#698946). I've now applied the fix (taken from upstream again) and uploaded to unstable. Please make sure the fix transitions to wheezy. Many thanks in advance. Best regards, unblock php-cas/1.3.1-4 -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (650, 'testing'), (500, 'testing-proposed-updates') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru php-cas-1.3.1/debian/changelog php-cas-1.3.1/debian/changelog --- php-cas-1.3.1/debian/changelog 2012-12-12 18:43:39.0 +0100 +++ php-cas-1.3.1/debian/changelog 2013-01-26 15:54:51.0 +0100 @@ -1,3 +1,10 @@ +php-cas (1.3.1-4) unstable; urgency=high + + * Fix wrong call to setSslCaCert() thanks to Thijs Kinkhorst (Closes: +#698946). + + -- Olivier Berger ober...@debian.org Sat, 26 Jan 2013 15:43:53 +0100 + php-cas (1.3.1-3) unstable; urgency=high * The previous upload missed the CVE-2012-5583 reference. Rewriting the diff -Nru php-cas-1.3.1/debian/patches/0002-58-fix-bug-introduced-in-previous-patches.-Setting-o.patch php-cas-1.3.1/debian/patches/0002-58-fix-bug-introduced-in-previous-patches.-Setting-o.patch --- php-cas-1.3.1/debian/patches/0002-58-fix-bug-introduced-in-previous-patches.-Setting-o.patch 1970-01-01 01:00:00.0 +0100 +++ php-cas-1.3.1/debian/patches/0002-58-fix-bug-introduced-in-previous-patches.-Setting-o.patch 2013-01-26 15:54:51.0 +0100 @@ -0,0 +1,69 @@ +From: jfritschi jfrits...@freenet.de +Date: Sun, 16 Dec 2012 17:04:31 +0100 +Subject: =?UTF-8?q?#58=20fix=20bug=20introduced=20in=20previous=20patches.=20?= + =?UTF-8?q?Setting=20of=20the=20ssl=20certs=20was=0Anot=20performing=20prope?= + =?UTF-8?q?rly.?= + +--- + CAS-1.3.1/CAS/Client.php |7 +++ + CAS-1.3.1/CAS/Request/AbstractRequest.php |1 - + CAS-1.3.1/CAS/Request/CurlRequest.php |2 +- + 3 files changed, 4 insertions(+), 6 deletions(-) + +diff --git a/CAS-1.3.1/CAS/Client.php b/CAS-1.3.1/CAS/Client.php +index 02431ab..14be4bd 100644 +--- a/CAS-1.3.1/CAS/Client.php b/CAS-1.3.1/CAS/Client.php +@@ -1618,7 +1618,7 @@ class CAS_Client + * + * @hideinitializer + */ +-private $_cas_server_ca_cert = ''; ++private $_cas_server_ca_cert = null; + + + /** +@@ -1626,7 +1626,7 @@ class CAS_Client + * + * @hideinitializer + */ +-private $_cas_server_cn_validate = ''; ++private $_cas_server_cn_validate = true; + + /** + * Set to true not to validate the CAS server. +@@ -2427,8 +2427,7 @@ class CAS_Client + phpCAS::error('one of the methods phpCAS::setCasServerCACert() or phpCAS::setNoCasServerValidation() must be called.'); + } + if ($this-_cas_server_ca_cert != '') { +-$request-setSslCaCert($this-_cas_server_ca_cert); +-$request-setSslCaCert($this-_cas_server_cn_validate); ++$request-setSslCaCert($this-_cas_server_ca_cert, $this-_cas_server_cn_validate); + } + + // add extra stuff if SAML +diff --git a/CAS-1.3.1/CAS/Request/AbstractRequest.php b/CAS-1.3.1/CAS/Request/AbstractRequest.php +index 66ad2f2..390e956 100644 +--- a/CAS-1.3.1/CAS/Request/AbstractRequest.php b/CAS-1.3.1/CAS/Request/AbstractRequest.php +@@ -194,7 +194,6 @@ implements CAS_Request_RequestInterface + if ($this-_sent) { + throw new CAS_OutOfSequenceException('Request has already been sent cannot '.__METHOD__); + } +- + $this-caCertPath = $caCertPath; + $this-validateCN = $validate_cn; + } +diff --git a/CAS-1.3.1/CAS/Request/CurlRequest.php b/CAS-1.3.1/CAS/Request/CurlRequest.php +index f6026ba..7e4baaf 100644 +--- a/CAS-1.3.1/CAS/Request/CurlRequest.php b/CAS-1.3.1/CAS/Request/CurlRequest.php +@@ -124,7 +124,7 @@ implements CAS_Request_RequestInterface + } + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); + curl_setopt($ch, CURLOPT_CAINFO, $this-caCertPath); +-phpCAS::trace('CURL: Set CURLOPT_CAINFO'); ++phpCAS::trace('CURL: Set CURLOPT_CAINFO ' . $this-caCertPath); + } else { + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); + } diff -Nru php-cas-1.3.1/debian/patches/series php-cas-1.3.1/debian/patches/series --- php-cas-1.3.1/debian/patches/series 2012-12-12 18:00:38.0 +0100 +++ php-cas-1.3.1/debian/patches/series 2013-01-26 15:54:51.0 +0100 @@ -1 +1,2 @@ 0001-Fix-security-problem-on-libcurl-verification-of-SSL-cert-s-hostname.patch +0002-58-fix-bug-introduced-in-previous-patches.-Setting-o.patch
Requesting unfreeze of php-cas for CVE-2012-5583 fixed in 1.3.1-3 - Was: Re: Possible security issue in php-cas due to misuse of the libcurl API
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi. Please unblock php-cas so that the security fix for CVE-2012-5583 fixed in 1.3.1-3 can be shipped in wheezy. Cf. : http://http.debian.net/debian/pool/main/p/php-cas/php-cas_1.3.1-3.dsc I hope this is the correct procedure for such unblock during freeze, as I've never had to proceed along such paths in the past. Many thanks in advance. Best regards, Alessandro Ghedini gh...@debian.org writes: Hi, I recently discovered that php-cas is using the libcurl API in a way that may not be what the original author intended. In particular I'm referring to the fact that the CURLOPT_SSL_VERIFYHOST option is treated as it was a boolean value while in fact it isn't (it may take three different values): /* * Set SSL configuration */ if ($this-caCertPath) { curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt($ch, CURLOPT_CAINFO, $this-caCertPath); phpCAS::trace('CURL: Set CURLOPT_CAINFO'); } else { curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); } (from the file CAS-1.3.1/CAS/Request/CurlRequest.php) Setting the value to 0 disables the host checks, but setting it to 1 does not enable them (well, not all of them) and this may lead to security issues. The correct value to enable all the security checks is 2. From the libcurl documentation: When CURLOPT_SSL_VERIFYHOST is 2, that certificate must indicate that the server is the server to which you meant to connect, or the connection fails. Curl considers the server the intended one when the Common Name field or a Subject Alternate Name field in the certificate matches the host name in the URL to which you told Curl to connect. When the value is 1, the certificate must contain a Common Name field, but it doesn't matter what name it says. (This is not ordinarily a useful setting). When the value is 0, the connection succeeds regardless of the names in the certificate. After discussing this with the security team, it was decided that it would be best if this was fixed before the Wheezy release. Note that this should be fixed anyway, since as of curl v7.28.1 (which will soon be uploaded to experimental) the value 1 is not a valid value anymore and libcurl will return an error. A possible fix should be discussed with the php-cas upstream first. Cheers - -- Olivier BERGER (OpenPGP: 4096R/7C5BB6A5) http://www.olivierberger.com/weblog/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.9 http://mailcrypt.sourceforge.net/ iQIcBAEBCAAGBQJQzFZpAAoJEOlB3tp8W7alqYUQAIal1ll13jkQ32is55p3qPmv 97GhPUUGuxilFr1UdLEjBT+RsFwX3NYfWescLa9CMjDppGHi/KjG5CcN3sbQAPsI CSH0IunjwmvxoLs4hq5RatfP4eUjBpyTEXRJaEMuwZD8AVKiWEfdOfI/xM5wwnOJ o9CnG5U5RWpCCnqpEF53oO4oiJtw5eT5Lm9hHaZk8tlgL78fJdvurR+ucpJKzEm3 9M3U5GMULWVGlXVWadWaymB9wPkyhTg68+eFn53GNHHfrMQI+fCA7DqIAp8UQbAl +A3R+9cZWJXHv1pETIcdtE+VypxgHvxZNB7RnVq7rGQqjTjy5gpWvQen1D4ysIMB k12e6weGhOJ+lV0c5UZWtLIDrRdGmwVhtS8rgiubclXBVJkYqFS2plhz360kT7EE 1qYwkabP16nYALNXteec5i7l2k01PRV8f+qvnbdtv3WdU4AMOzMs6rbrmEz5QDqW BYjA4gXPfHr8Do09Joh4JvOcP/C4rWmq5ThjW+7Q/2r6x+NBrOPY0qxVFRIpQ2ZC OQ7p4e6OGA3n3bvUIiC5kGtJ1rEggFWKeVnVfqgtJBxmUuhq6XMjlYPQPZf5jlVi XxB7oB4cEV3WqwMhh9uJdTuopQfnmFdB8uf4DR49HnIO+bKeJN6ZnwTSWoZXaEfM 2JIWwIwEzAQUqoi3yvKh =ralv -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87ehir1tal@asustour.olivierberger.com
Bug#695998: unblock: php-cas/1.3.1-3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package php-cas Please unblock php-cas so that the security fix for CVE-2012-5583 fixed in 1.3.1-3 can be shipped in wheezy. Cf. : http://http.debian.net/debian/pool/main/p/php-cas/php-cas_1.3.1-3.dsc unblock php-cas/1.3.1-3 - -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (650, 'testing'), (500, 'testing-proposed-updates') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.9 http://mailcrypt.sourceforge.net/ iQIcBAEBCAAGBQJQzH8YAAoJEOlB3tp8W7alssQQAIsndDsOC5HPttm2Z34lIGPN 0mcguDcRyN+FT/2KqEyY/a/UI1j5pcWzjLLoA+iQrvNgfNnxb7iXBLKaSwanggSk ZJoh9x9itgeU5gyDVWeA7lki/H2N+dUIArsemfAjJgNk0S2TGlZKoqNKtdqxO1T2 76HT4OMkNw08T+d55kDEcO8GWZK4p41AEBuTuDgX3tmZztGwKqaVVymfImVWQKxj EHQeWLsxVZDPO7CVyRN/yUR5P6x+9LNKcVoJd3vNLSAMmVpg5ugMh0kP5eqK8eQ4 MvTGMeDaLHCEfYRM5ttkFB5r6pxgFIX/6OEso9ifKGYXz9/wpMa6v5nxiBaI4U1Z 5+f+Xh/lJnpeOVfNKI+ozybM0P50hjn1H0iEAS/0aN5XqJlvO2zwNT2clD81xVpM ictB27I5RLS/sVqHMb5ia1YLNR42JqpsTtKnlJNAGkY88Lgrx/65RBVUlP+h8DDd g1XHzpZL8+YK15iWcxW8x0x2k7Wy+nhH+QghgAIVU9E9jW/ddFbGlHy4Z9Hhte/Y bnajdTtbHgDe0xYk7STv347uzHe2lA+LpyoAsVlbX22YfraWkbk3rTC5riL3kfnT lMS6vqmEbTo1SyCElMstRpcr3RlVhhLJlsBi68nqMqRKsLHYYTstST3n3uON9cC6 IOUu47pifjFP9jWri+Tm =JXpd -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87a9tf1l96.fsf...@asustour.olivierberger.com
Bug#695998: unblock: php-cas/1.3.1-3
Hi. Here's the needed associate debdiff. Best regards, -- Olivier BERGER (OpenPGP: 4096R/7C5BB6A5) http://www.olivierberger.com/weblog/ diff -Nru php-cas-1.3.1/debian/changelog php-cas-1.3.1/debian/changelog --- php-cas-1.3.1/debian/changelog 2012-06-13 22:41:56.0 +0200 +++ php-cas-1.3.1/debian/changelog 2012-12-12 18:43:39.0 +0100 @@ -1,3 +1,18 @@ +php-cas (1.3.1-3) unstable; urgency=high + + * The previous upload missed the CVE-2012-5583 reference. Rewriting the +changelog message. + + -- Olivier Berger ober...@debian.org Wed, 12 Dec 2012 18:43:26 +0100 + +php-cas (1.3.1-2) unstable; urgency=high + + * Fix security problem on libcurl verification of SSL cert's hostname +(apply upstream fixes for issue #58 on github) (CVE-2012-5583 - +insecure usage of curl). + + -- Olivier Berger ober...@debian.org Fri, 30 Nov 2012 09:48:50 +0100 + php-cas (1.3.1-1) unstable; urgency=low * Initial release. (Closes: #495542) diff -Nru php-cas-1.3.1/debian/patches/0001-Fix-security-problem-on-libcurl-verification-of-SSL-cert-s-hostname.patch php-cas-1.3.1/debian/patches/0001-Fix-security-problem-on-libcurl-verification-of-SSL-cert-s-hostname.patch --- php-cas-1.3.1/debian/patches/0001-Fix-security-problem-on-libcurl-verification-of-SSL-cert-s-hostname.patch 1970-01-01 01:00:00.0 +0100 +++ php-cas-1.3.1/debian/patches/0001-Fix-security-problem-on-libcurl-verification-of-SSL-cert-s-hostname.patch 2012-12-12 18:00:38.0 +0100 @@ -0,0 +1,273 @@ +From: Olivier Berger olivier.ber...@telecom-sudparis.eu +Date: Fri, 30 Nov 2012 09:42:25 +0100 +Subject: Squashed commit of the following: + +commit bbe3d9e868d1fd0d922cd4a762949b0117bef543 +Author: jfritschi jfrits...@freenet.de +Date: Thu Nov 29 00:17:57 2012 +0100 + +#58 make the validate CN parameter optional in the RequestInterface + +commit f84099aa17557e1331b717c003acebdf5339 +Author: jfritschi jfrits...@freenet.de +Date: Wed Nov 28 22:53:43 2012 +0100 + +#58 Enable full CN valdiation of SSL certifcate and create a manual user +override to disable it. The new default is a proper CN +validation. +--- + CAS-1.3.1/CAS.php | 17 +++--- + CAS-1.3.1/CAS/Client.php | 15 +- + CAS-1.3.1/CAS/Request/AbstractRequest.php |5 +- + CAS-1.3.1/CAS/Request/CurlRequest.php |7 ++- + CAS-1.3.1/CAS/Request/RequestInterface.php |5 +- + docs/examples/example_no_ssl_cn_validation.php | 66 + 6 files changed, 102 insertions(+), 13 deletions(-) + create mode 100644 docs/examples/example_no_ssl_cn_validation.php + +diff --git a/CAS-1.3.1/CAS.php b/CAS-1.3.1/CAS.php +index 32674ff..fb4f1a5 100644 +--- a/CAS-1.3.1/CAS.php b/CAS-1.3.1/CAS.php +@@ -303,7 +303,7 @@ class phpCAS + * @param string $server_hostname the hostname of the CAS server + * @param string $server_port the port the CAS server is running on + * @param string $server_uri the URI the CAS server is responding on +- * @param bool $changeSessionID Allow phpCAS to change the session_id (Single ++ * @param bool $changeSessionID Allow phpCAS to change the session_id (Single + * Sign Out/handleLogoutRequests is based on that change) + * + * @return a newly created CAS_Client object +@@ -355,7 +355,7 @@ class phpCAS + * @param string $server_hostname the hostname of the CAS server + * @param string $server_port the port the CAS server is running on + * @param string $server_uri the URI the CAS server is responding on +- * @param bool $changeSessionID Allow phpCAS to change the session_id (Single ++ * @param bool $changeSessionID Allow phpCAS to change the session_id (Single + * Sign Out/handleLogoutRequests is based on that change) + * + * @return a newly created CAS_Client object +@@ -1630,13 +1630,15 @@ class phpCAS + } + + /** +- * Set the certificate of the CAS server CA. ++ * Set the certificate of the CAS server CA and if the CN should be properly ++ * verified. + * +- * @param string $cert CA certificate file name ++ * @param string $cert CA certificate file name ++ * @param bool $validate_host_name Validate CN in certificate (default true) + * + * @return void + */ +-public static function setCasServerCACert($cert) ++public static function setCasServerCACert($cert, $validate_cn = true) + { + phpCAS :: traceBegin(); + if (!is_object(self::$_PHPCAS_CLIENT)) { +@@ -1645,7 +1647,10 @@ class phpCAS + if (gettype($cert) != 'string') { + phpCAS :: error('type mismatched for parameter $cert (should be `string\')'); + } +-self::$_PHPCAS_CLIENT-setCasServerCACert($cert); ++if (gettype($validate_cn) != 'boolean') { ++phpCAS :: error('type mismatched for parameter $validate_cn
Re: Requesting unfreeze of php-cas for CVE-2012-5583 fixed in 1.3.1-3
Hi. Just for the records, unblock request filed in http://bugs.debian.org/695998 Thanks for your help. Best regards, Ivo De Decker ivo.dedec...@ugent.be writes: Hi Olivier, On Sat, Dec 15, 2012 at 11:52:34AM +0100, Olivier Berger wrote: Please unblock php-cas so that the security fix for CVE-2012-5583 fixed in 1.3.1-3 can be shipped in wheezy. Cf. : http://http.debian.net/debian/pool/main/p/php-cas/php-cas_1.3.1-3.dsc I hope this is the correct procedure for such unblock during freeze, as I've never had to proceed along such paths in the past. The correct procedure is to file an unblock request bug against release.debian.org (reportbug has a template for this). You should attach the debdiff between testing and unstable to this bug report. Cheers, Ivo -- Olivier BERGER (OpenPGP: 4096R/7C5BB6A5) http://www.olivierberger.com/weblog/ -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/8738z71hha.fsf...@asustour.olivierberger.com
Deleted users still being able to log in via ssh to fusionforge installs - Was: Re: Seeking pre-upload approval (was Re: MW 1.19 for wheezy)
Hi. FWIW, I think that the problem identified by Thorsten on FusionForge probably affects versions pre wheezy, hence my forwarding to the security team. This needs to be investigated, but I'm not really able to dedicate myself to it at the moment. Hope this helps. Best regards, ---BeginMessage--- On Thu, 30 Aug 2012, Thorsten Glaser wrote: I’m hereby seeking pre-upload approval for new uploads (not new […] • fusionforge_5.2~rc1wheezy1.debdiff The diff attached will also need to be added to this upload for security reasons. I found out today that deleted users can still log in via SSH using their old pre-deletion password (not with SSH pubkey auth, though, and they cannot do “much”, but it’s still a security risk). bye, //mirabilos -- tarent solutions GmbH Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/ Tel: +49 228 54881-393 • Fax: +49 228 54881-314 HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941 Geschäftsführer: Boris Esser, Sebastian ManckeIndex: debian/changelog === --- debian/changelog (revision 16198) +++ debian/changelog (working copy) @@ -11,8 +11,9 @@ * Check image upload is enabled before trying to do so (Closes: #679521) * Unbreak and silence the MediaWiki nightly dump cronjob (Closes: #680165) * Remove minified ECMAscript and binary *.jar from the source + * SECURITY: Upon user deletion, remove their Unix account as well - -- Thorsten Glaser t...@mirbsd.de Thu, 30 Aug 2012 11:06:02 +0200 + -- Thorsten Glaser t...@mirbsd.de Mon, 03 Sep 2012 11:55:51 +0200 fusionforge (5.2~rc1-5) unstable; urgency=low Index: db/20120903-no-unix-account-for-deleted-users.sql === --- db/20120903-no-unix-account-for-deleted-users.sql (revision 0) +++ db/20120903-no-unix-account-for-deleted-users.sql (revision 0) @@ -0,0 +1 @@ +UPDATE users SET unix_status='D' WHERE status!='A'; Index: common/include/User.class.php === --- common/include/User.class.php (revision 16198) +++ common/include/User.class.php (working copy) @@ -502,6 +502,7 @@ plugin_hook(user_delete, $hook_params); $this-setStatus('D'); + $this-setUnixStatus('D'); db_commit(); } return true; ___ Fusionforge-general mailing list fusionforge-gene...@lists.fusionforge.org http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-general---End Message--- -- Olivier BERGER http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingenieur Recherche - Dept INF Institut Mines-Telecom, Telecom SudParis, Evry (France)
Re: Security bugfix #595248: please unblock libnusoap-php
Hi. Le mercredi 08 décembre 2010 à 19:57 +0800, Thomas Goirand (GPLHost) a écrit : On 09/08/2010 12:02 PM, Thomas Goirand wrote: Hi, That leads me to say that I would suggest any DD to *not* sponsor any package from Olivier Berger in the future, as he really had a bad attitude on this case. I now believe I shouldn't have write the above, even with strong disagreement on the technical issue (which I btw don't withdraw, but that's not the point). I hadn't noticed the original email you had sent to debian-rele...@d.o... I think it's not time to argue now that a minimal politeness would have been to CC: me when I was mentioned on such a public list, and in such a bad tone, given that you now apologize (and reading now that the responders did respond publicly in an appropriate way, IMHO). I'll try forget about this episode. I should fix the issue and do an NMU, that's it, then I'm sure it would have been ok. If someone sees this later, please do not take it into account. I sent my apologies (privately) to Olivier for this (and the rest), but I wanted to as well do it publicly. Thomas Thanks for your apologies. I hope you'll be able to contribute to Debian in a more relaxed way in the future. End of the episode, and back to work ;-) -- Olivier BERGER olivier.ber...@it-sudparis.eu http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingénieur Recherche - Dept INF Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France) -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1291812653.15455.21.ca...@inf-8657.int-evry.fr
Re: Security bugfix #595248: please unblock libnusoap-php
Oh, and btw, please use a proper 'from' or reply-to address if you post and eventually expect a response... Here's the message I've sent to you earlier, but which bounced on Thomas Goirand (GPLHost) tho...@goirand.nospam.fr :-/ Le mercredi 08 décembre 2010 à 13:50 +0100, Olivier Berger a écrit : Hi. Le mercredi 08 décembre 2010 à 19:57 +0800, Thomas Goirand (GPLHost) a écrit : On 09/08/2010 12:02 PM, Thomas Goirand wrote: Hi, That leads me to say that I would suggest any DD to *not* sponsor any package from Olivier Berger in the future, as he really had a bad attitude on this case. I now believe I shouldn't have write the above, even with strong disagreement on the technical issue (which I btw don't withdraw, but that's not the point). I hadn't noticed the original email you had sent to debian-rele...@d.o... I think it's not time to argue now that a minimal politeness would have been to CC: me when I was mentioned on such a public list, and in such a bad tone, given that you now apologize (and reading now that the responders did respond publicly in an appropriate way, IMHO). I'll try forget about this episode. I should fix the issue and do an NMU, that's it, then I'm sure it would have been ok. If someone sees this later, please do not take it into account. I sent my apologies (privately) to Olivier for this (and the rest), but I wanted to as well do it publicly. Thomas Thanks for your apologies. I hope you'll be able to contribute to Debian in a more relaxed way in the future. End of the episode, and back to work ;-) -- Olivier BERGER olivier.ber...@it-sudparis.eu http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingénieur Recherche - Dept INF Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France) -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1291816541.15455.94.ca...@inf-8657.int-evry.fr
Bug#576196: RM: phpgroupware/1:0.9.16.012+dfsg-10
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Hi. phpgroupware 0.9.16 is not compatible with PHP 5.3, and upstream seems to have been unable to fix this (see #575247). As a consequence, I think it is wiser to ask for its removal from testing/squeeze. Should a new version of patches be provided by upstream or anyone else, we may still be able to provide unofficial packages starting from the latest svn-buildpackage state. Thanks in advance. Best regards, -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.32-3-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100401123706.23886.95687.report...@inf-8657.int-evry.fr
Re: remove sympa from lenny?
Le vendredi 03 octobre 2008 à 12:43 +0200, Thomas Viehmann a écrit : It does not seem to have reverse dependencies. There are a few users (double digit popcon), but not exceedingly many. As it is on the servers, I assume a single mailing-list manager may have thousands of users... so popularity contest may not be relevant here AFAICT. For the rest of the complains, I have unfortunately no time to help at the moment, but I'm not the maintainer either, so that doesn't make a difference. Still, /me would be worried if sympa was out of Debian :-/ My 2 cents, -- Olivier BERGER [EMAIL PROTECTED] http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC Ingénieur Recherche - Dept INF Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]