Bug#1027856: RM: wesnoth-1.14/1:1.14.17-2
retitle 1027856 RM: wesnoth-1.14 -- ROM; Package is superseded by wesnoth-1.16 reassign 1027856 ftp.debian.org thanks On Wed, Jan 4, 2023 at 12:11 AM Paul Gevers wrote: > > Hi Vincent, > > On 04-01-2023 07:47, Vincent Cheng wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: rm > > > > src:wesnoth-1.14 has been superseded by wesnoth-1.16; please remove the > > former > > from the archive. Thanks! > > If you want it removed from the archive (which sounds logical) than the > bug should be reassigned to ftp.debian.org (and probably the title > should be adapted to their format). Filing an RM bug against > release.debian.org is what you should do if you want/need the package to > remain in unstable for whatever reason but the package should be removed > from testing (or stable). I think that's not what you meant, right? Whoops, thanks for pointing me in the right direction! Regards, Vincent
Bug#1027856: RM: wesnoth-1.14/1:1.14.17-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm src:wesnoth-1.14 has been superseded by wesnoth-1.16; please remove the former from the archive. Thanks!
Bug#968328: transition: gloox
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi, I'd like to request a transition slot for src:gloox. This is a relatively small transition, with only 2 source packages affected (tested builds against newer gloox, currently in experimental, results are as follows): 0ad (build ok, needs binNMU) uwsgi (build ok, needs binNMU) Ben file: https://release.debian.org/transitions/html/auto-gloox.html is accurate. Regards, Vincent
Bug#900334: transition: gloox
Hi Emilio, On Wed, May 30, 2018 at 2:41 PM, Emilio Pozuelo Monfort wrote: > Control: tags -1 confirmed > > On 29/05/18 11:00, Emilio Pozuelo Monfort wrote: >> On 29/05/18 10:49, Vincent Cheng wrote: >>> Package: release.debian.org >>> User: release.debian@packages.debian.org >>> Usertags: transition >>> Severity: normal >>> >>> Hi, >>> >>> I'd like to request a transition slot for src:gloox. This is a >>> relatively small transition, with only 2 source packages affected >>> (tested builds against newer gloox, currently in experimental, results >>> are as follows): >>> >>> 0ad (build ok, needs binNMU) >>> uwsgi (build ok, needs binNMU) >> >> Let's wait for the curl transition to finish. > > curl has migrated to testing today. Go ahead. I've uploaded gloox to sid and have confirmed that it's built on all release archs. Please go ahead and schedule binNMUs, thanks! Regards, Vincent
Bug#900334: transition: gloox
Package: release.debian.org User: release.debian@packages.debian.org Usertags: transition Severity: normal Hi, I'd like to request a transition slot for src:gloox. This is a relatively small transition, with only 2 source packages affected (tested builds against newer gloox, currently in experimental, results are as follows): 0ad (build ok, needs binNMU) uwsgi (build ok, needs binNMU) Ben file: (https://release.debian.org/transitions/html/auto-gloox.html is accurate) Regards, Vincent
Bug#836250: transition: gloox
Package: release.debian.org User: release.debian@packages.debian.org Usertags: transition Severity: normal Hi, I'd like to request a transition slot for src:gloox. This is a relatively small transition, with only 2 source packages affected, both of which aren't in testing so this bug report might be completely unnecessary (I guess this bug could be considered a binNMU request for 0ad instead): 0ad (not in testing due to RC bug in dependency, #811612) uwsgi (FTBFS, #828785 and #833055) Ben file: (https://release.debian.org/transitions/html/auto-gloox.html is accurate) Regards, Vincent
Bug#822744: transition: gloox
On Wed, Apr 27, 2016 at 12:12 AM, Emilio Pozuelo Monfort <po...@debian.org> wrote: > Control: tags -1 confirmed > > On 27/04/16 03:59, Vincent Cheng wrote: >> Package: release.debian.org >> User: release.debian@packages.debian.org >> Usertags: transition >> Severity: normal >> >> Hi, >> >> I'd like to request a transition slot for src:gloox. This is a relatively >> small >> transition, with only 3 source packages affected (tested builds against newer >> gloox, currently in experimental, results are as follows): >> >> licq (FTBFS not related to gloox, #820106, pending autoremoval) >> 0ad (build ok, needs binNMU) >> uwsgi (build ok, needs binNMU) > > Go ahead. Uploaded, built and installed on all archs. Thanks in advance for scheduling binNMUs! Regards, Vincent
Bug#822744: transition: gloox
Package: release.debian.org User: release.debian@packages.debian.org Usertags: transition Severity: normal Hi, I'd like to request a transition slot for src:gloox. This is a relatively small transition, with only 3 source packages affected (tested builds against newer gloox, currently in experimental, results are as follows): licq (FTBFS not related to gloox, #820106, pending autoremoval) 0ad (build ok, needs binNMU) uwsgi (build ok, needs binNMU) Ben file: (https://release.debian.org/transitions/html/auto-gloox.html is accurate) Regards, Vincent
Bug#791051: gloox: library transition may be needed when GCC 5 is the default
On Tue, Sep 1, 2015 at 12:40 AM, Simon McVittie <s...@debian.org> wrote: > Control: tags 791051 + pending > > On Sat, 04 Jul 2015 at 00:08:58 -0700, Vincent Cheng wrote: >> Debdiff below. Please feel free to NMU gloox as needed for the transition. > > gloox does not appear to have any build-dependencies that need a transition, > so I have uploaded to DELAYED/2 with those changes (it's effectively > a "sponsored upload"). Please let me know if I should reschedule or > cancel. In particular, if you are happy for this to enter the NEW queue > immediately, let me know and I will reschedule it to 0-day. If I'm not mistaken, gnutls28 has to transition first before gloox can (which is why I've been holding off on uploading this myself). Regards, Vincent
Bug#791051: gloox: library transition may be needed when GCC 5 is the default
On Tue, Sep 1, 2015 at 12:37 PM, Simon McVittie <s...@debian.org> wrote: > On 01/09/15 19:59, Vincent Cheng wrote: >> If I'm not mistaken, gnutls28 has to transition first before gloox can >> (which is why I've been holding off on uploading this myself). > > gnutls28 does build a C++ library, which I'll admit I hadn't previously > spotted; thanks for noticing that! > > However, it has been built since the beginning of August (hence with > g++-5), and does not appear to have any reference to the cxx11 symbols > in the `objdump -Tx` output. Also, the headers in /usr/include/gnutls > only mention std:: symbols std::exception and std::vector, which I > believe are unaffected. So I don't think gnutls28 needs a transition, > hence this is still OK. > > (Also, Ubuntu haven't done the rename, despite being ahead of Debian in > many of the other renames due to having a more targeted set of packages.) Ah, thanks for investigating (I merely assumed that gnutls28 would need a transition because it's listed in the transition tracker [1]). In that case, feel free to reschedule it as a 0-day upload. Regards, Vincent [1] https://release.debian.org/transitions/html/libstdc++6.html
Bug#794516: nmu: gnote_3.16.2-1
Package: release.debian.org User: release.debian@packages.debian.org Usertags: binnmu Severity: normal X-Debbugs-Cc: riese...@lxtec.de, 794...@bugs.debian.org Hi release team, On Sat, Aug 1, 2015 at 11:54 AM, Elimar Riesebieter riese...@lxtec.de wrote: Package: gnote Version: 3.16.2-1 Severity: grave Justification: renders package unusable Due to the transition to gcc-5 gnote needs a rebuild against libgcc1. Otherwise it would be removed or substituded by tomboy which blows up installations with mono stuff. Pick up the chance to upgrade to 5.17. nmu gnote_3.16.2-1 . ALL . -m rebuild for gcc-5 transition Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caczd_tdmj+wyb24gli3_kpzamcgggj6zzfiu2jdn6pg0h7s...@mail.gmail.com
Bug#790939: jessie-pu: package wesnoth-1.10/1:1.10.7-2+deb8u1
Package: release.debian.org User: release.debian@packages.debian.org Usertags: pu Tags: jessie Severity: normal X-Debbugs-CC: rho...@debian.org Hi, I'd like to upload wesnoth-1.10/1:1.10.7-2+deb8u1 to jessie-pu to fix CVE-2015-5069 and CVE-2015-5070 (these CVEs are marked no-dsa in the security tracker and the security team has asked me to get these CVEs fixed via a point update instead). These CVEs have already been fixed in sid as of wesnoth-1.12/1:1.12.4-1. Debdiff below, thanks! Regards, Vincent diff -Nru wesnoth-1.10-1.10.7/debian/changelog wesnoth-1.10-1.10.7/debian/changelog --- wesnoth-1.10-1.10.7/debian/changelog 2015-04-09 03:12:42.0 -0700 +++ wesnoth-1.10-1.10.7/debian/changelog 2015-07-01 13:31:50.0 -0700 @@ -1,3 +1,10 @@ +wesnoth-1.10 (1:1.10.7-2+deb8u1) jessie; urgency=medium + + * Security fix: Disallowed inclusion of .pbl files from WML, independent of +extension case (CVE-2015-5069, CVE-2015-5070). + + -- Vincent Cheng vch...@debian.org Wed, 01 Jul 2015 13:30:12 -0700 + wesnoth-1.10 (1:1.10.7-2) unstable; urgency=high * Pull af61f9fd from upstream to fix Private file disclosure through diff -Nru wesnoth-1.10-1.10.7/debian/patches/CVE-2015-5069-CVE-2015-5070.patch wesnoth-1.10-1.10.7/debian/patches/CVE-2015-5069-CVE-2015-5070.patch --- wesnoth-1.10-1.10.7/debian/patches/CVE-2015-5069-CVE-2015-5070.patch 1969-12-31 16:00:00.0 -0800 +++ wesnoth-1.10-1.10.7/debian/patches/CVE-2015-5069-CVE-2015-5070.patch 2015-07-01 13:32:55.0 -0700 @@ -0,0 +1,23 @@ +Description: Disallowed inclusion of .pbl files from WML, independent of + extension case (CVE-2015-5069, CVE-2015-5070). +Origin: upstream, commits 055fea16479a755d6744a52f78f63548b692c440 + and d20f8015bc3653a10d6d4dfd751e62651d1180b7 +Bug: https://gna.org/bugs/?23504 +Last-Update: 2015-07-01 + +diff --git a/src/filesystem.cpp b/src/filesystem.cpp +index 7b4bd95..510da80 100644 +--- a/src/filesystem.cpp b/src/filesystem.cpp +@@ -1157,6 +1157,11 @@ std::string get_wml_location(const std::string filename, const std::string cur + return result; + } + ++ if (looks_like_pbl(filename)) { ++ ERR_FS Illegal path ' filename ' (.pbl files are not allowed). std::endl; ++ return result; ++ } ++ + bool already_found = false; + + if (filename[0] == '~') diff -Nru wesnoth-1.10-1.10.7/debian/patches/series wesnoth-1.10-1.10.7/debian/patches/series --- wesnoth-1.10-1.10.7/debian/patches/series 2015-04-08 10:14:12.0 -0700 +++ wesnoth-1.10-1.10.7/debian/patches/series 2015-07-01 13:30:05.0 -0700 @@ -1,3 +1,4 @@ 02wesnoth-nolog-desktop-file 03wesnothd-name af61f9fdd15cd439da9e2fe5fa39d174c923eaae.patch +CVE-2015-5069-CVE-2015-5070.patch -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CACZd_tDQEXEZcE2h78HkN8CeLHLHn+HMKxzXa=shs+nguhg...@mail.gmail.com
Bug#790940: wheezy-pu: package wesnoth-1.10/1:1.10.3-3+deb7u2
Package: release.debian.org User: release.debian@packages.debian.org Usertags: pu Tags: wheezy Severity: normal X-Debbugs-CC: rho...@debian.org Hi, I'd like to upload wesnoth-1.10/1:1.10.3-3+deb7u2 to wheezy-pu to fix CVE-2015-5069 and CVE-2015-5070 (these CVEs are marked no-dsa in the security tracker and the security team has asked me to get these CVEs fixed via a point update instead). These CVEs have already been fixed in sid as of wesnoth-1.12/1:1.12.4-1. Debdiff below, thanks! Regards, Vincent diff -Nru wesnoth-1.10-1.10.3/debian/changelog wesnoth-1.10-1.10.3/debian/changelog --- wesnoth-1.10-1.10.3/debian/changelog 2015-04-09 07:00:48.0 -0700 +++ wesnoth-1.10-1.10.3/debian/changelog 2015-07-01 13:51:32.0 -0700 @@ -1,3 +1,10 @@ +wesnoth-1.10 (1:1.10.3-3+deb7u2) wheezy; urgency=medium + + * Security fix: Disallowed inclusion of .pbl files from WML, independent of +extension case (CVE-2015-5069, CVE-2015-5070). + + -- Vincent Cheng vch...@debian.org Wed, 01 Jul 2015 13:30:12 -0700 + wesnoth-1.10 (1:1.10.3-3+deb7u1) wheezy-security; urgency=high * Pull af61f9fd from upstream to fix Private file disclosure through diff -Nru wesnoth-1.10-1.10.3/debian/patches/CVE-2015-5069-CVE-2015-5070.patch wesnoth-1.10-1.10.3/debian/patches/CVE-2015-5069-CVE-2015-5070.patch --- wesnoth-1.10-1.10.3/debian/patches/CVE-2015-5069-CVE-2015-5070.patch 1969-12-31 16:00:00.0 -0800 +++ wesnoth-1.10-1.10.3/debian/patches/CVE-2015-5069-CVE-2015-5070.patch 2015-07-01 13:32:55.0 -0700 @@ -0,0 +1,23 @@ +Description: Disallowed inclusion of .pbl files from WML, independent of + extension case (CVE-2015-5069, CVE-2015-5070). +Origin: upstream, commits 055fea16479a755d6744a52f78f63548b692c440 + and d20f8015bc3653a10d6d4dfd751e62651d1180b7 +Bug: https://gna.org/bugs/?23504 +Last-Update: 2015-07-01 + +diff --git a/src/filesystem.cpp b/src/filesystem.cpp +index 7b4bd95..510da80 100644 +--- a/src/filesystem.cpp b/src/filesystem.cpp +@@ -1157,6 +1157,11 @@ std::string get_wml_location(const std::string filename, const std::string cur + return result; + } + ++ if (looks_like_pbl(filename)) { ++ ERR_FS Illegal path ' filename ' (.pbl files are not allowed). std::endl; ++ return result; ++ } ++ + bool already_found = false; + + if (filename[0] == '~') diff -Nru wesnoth-1.10-1.10.3/debian/patches/series wesnoth-1.10-1.10.3/debian/patches/series --- wesnoth-1.10-1.10.3/debian/patches/series 2015-04-08 10:14:12.0 -0700 +++ wesnoth-1.10-1.10.3/debian/patches/series 2015-07-01 13:51:48.0 -0700 @@ -1,3 +1,4 @@ 02wesnoth-nolog-desktop-file 03wesnothd-name af61f9fdd15cd439da9e2fe5fa39d174c923eaae.patch +CVE-2015-5069-CVE-2015-5070.patch -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caczd_tcaywzc4v62eclpxuhwbbapt6tigezzi4vhrzyxcre...@mail.gmail.com
Bug#787391: transition: evolution-data-server
On Thu, Jun 11, 2015 at 3:23 PM, Emilio Pozuelo Monfort po...@debian.org wrote: Hi Vincent, On 01/06/15 11:31, Vincent Cheng wrote: Hi Emilio, On Sun, May 31, 2015 at 6:07 PM, Emilio Pozuelo Monfort po...@debian.org wrote: These currently fail to build: eweouz sflphone bijiben I've gone ahead and uploaded bijiben/3.16.2-1 to experimental after verifying it builds against e-d-s in experimental. Please either ping me, or just go ahead and NMU bijiben to upload it to sid once the transition starts. I've uploaded e-d-s 3.16 to sid. If you can upload bijiben, that'd be great. Uploaded, thanks for the ping! Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caczd_tdgb2ha5pvx-vvag+khejmv_ughsdjxbj8pywm54+-...@mail.gmail.com
Bug#787391: transition: evolution-data-server
Hi Emilio, On Sun, May 31, 2015 at 6:07 PM, Emilio Pozuelo Monfort po...@debian.org wrote: These currently fail to build: eweouz sflphone bijiben I've gone ahead and uploaded bijiben/3.16.2-1 to experimental after verifying it builds against e-d-s in experimental. Please either ping me, or just go ahead and NMU bijiben to upload it to sid once the transition starts. Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CACZd_tAd=zHzK2cDKxH=nsp8uyuoxl775g5aue+-gbvypqm...@mail.gmail.com
Bug#784724: transition: gloox
On Fri, May 8, 2015 at 1:22 AM, Jonathan Wiltshire j...@debian.org wrote: Control: tag -1 confirmed On 2015-05-08 04:16, Vincent Cheng wrote: I'd like to request a transition slot for src:gloox. This is a relatively small transition, with only 4 source packages affected (tested builds against newer gloox, currently in experimental, results are as follows): licq (build ok, needs binNMU) 0ad (build ok, needs binNMU) uwsgi (build ok, needs binNMU) fatrat (NOT in testing, removed due to boost-related FTBFS - #713663) Please go ahead. Uploaded to sid and now built on all archs. Thanks in advance for scheduling binNMUs! Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caczd_tccphp7_-trfgugy3otpevb8al7jsshb2ggwr+lrk-...@mail.gmail.com
Bug#784724: transition: gloox
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi, I'd like to request a transition slot for src:gloox. This is a relatively small transition, with only 4 source packages affected (tested builds against newer gloox, currently in experimental, results are as follows): licq (build ok, needs binNMU) 0ad (build ok, needs binNMU) uwsgi (build ok, needs binNMU) fatrat (NOT in testing, removed due to boost-related FTBFS - #713663) Ben file: title = gloox; is_affected = .depends ~ libgloox12 | .depends ~ libgloox13; is_good = .depends ~ libgloox13; is_bad = .depends ~ libgloox12; Regards, Vincent -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (700, 'testing'), (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.18-3-vclaptop-amd64 (SMP w/8 CPU cores; PREEMPT) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150508031600.6680.54101.reportbug@vincent-tlaptop
Bug#774428: unblock: simpleburn/1.7.0-2
On Tue, Jan 6, 2015 at 1:39 PM, John Paul Adrian Glaubitz glaub...@physik.fu-berlin.de wrote: On 01/06/2015 10:35 PM, Holger Levsen wrote: well, yes, but then probably not really (in all cases) for scripts which were explicitly written for bash... Alright, I guess we will have to go the t-p-u way then. Would it be ok if I prepared an upload of simpleburn_1.7.0-1+deb8u1 for t-p-u with the proposed change of the shebang? Why not just upload simpleburn to sid with the proposed shebang change, and revert the patch that was added in the latest upload as well (since it's broken as Adam suggested)? The maintainer can always deal with fixing the actual bashisms (ideally upstream as well) after the freeze. Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CACZd_tAn9dWQzLw+DT_d4iU0UM4niqGpMDSa=dqo+o4rabb...@mail.gmail.com
Bug#774740: nmu: chromaprint_1.1-1~bpo70+1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hi, chromaprint (and hence VLC) is currently not installable in wheezy-backports (reported on debian-backports [1]). nmu chromaprint_1.1-1~bpo70+1 . ALL . wheezy-backports . -m Rebuild due to libav ABI bump Regards, Vincent [1] https://lists.debian.org/debian-backports/2015/01/msg9.html -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (700, 'testing'), (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.17-3-vclaptop-amd64 (SMP w/8 CPU cores; PREEMPT) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150106230816.1719.32447.reportbug@vincent-tlaptop
Bug#772501: RM: wesnoth-1.11/1:1.11.18-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Please remove wesnoth-1.11 from testing. It is a development snapshot of wesnoth's 1.12 branch, and is unsuitable for release. Unfortunately wesnoth-1.12 is still stuck in NEW, so I'm requesting removal of wesnoth-1.11 from testing only first. Thanks! Regards, Vincent -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (700, 'testing'), (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.17-3-vclaptop-amd64 (SMP w/8 CPU cores; PREEMPT) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141207203217.13291.37430.reportbug@vincent-tlaptop
Bug#771236: please unblock xchat 2.8.8-7.3 or maybe remove
Hi Sebastian, On Thu, Nov 27, 2014 at 1:49 PM, Sebastian Andrzej Siewior sebast...@breakpoint.cc wrote: Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Please unblock package xchat. Its been 16 days in unstable after an NMU upload by Sven Hoexter. Sven fixed #766005 (severity important) which allows users to connect via SSL to IRC servers which have SSLv3 disabled. It would be nice to have this in Jessie. The alternative would be to use Hexchat. That one is a xchat fork and seems to have more active upstream (last release on 28-Aug-2010 for xchat vs 25 Nov 2014 for Hexchat) and it leads to the question why to keep xchat. Please don't forget to attach a debdiff as per jessie's freeze policy [1]. Anyways, for the release team's convenience, here it is. Regards, Vincent [1] https://release.debian.org/jessie/freeze_policy.html diff -Nru xchat-2.8.8/debian/changelog xchat-2.8.8/debian/changelog --- xchat-2.8.8/debian/changelog 2014-10-13 12:57:31.0 -0700 +++ xchat-2.8.8/debian/changelog 2014-11-07 01:56:49.0 -0800 @@ -1,3 +1,11 @@ +xchat (2.8.8-7.3) unstable; urgency=low + + * Non-maintainer upload. + * Add debian/patches/68_dont_force_sslv3.patch. +Provided via LP: #1381484. (Closes: #766005) + + -- Sven Hoexter hoex...@debian.org Fri, 07 Nov 2014 10:55:27 +0100 + xchat (2.8.8-7.2) unstable; urgency=medium * Non-maintainer upload. diff -Nru xchat-2.8.8/debian/patches/68_dont_force_sslv3.patch xchat-2.8.8/debian/patches/68_dont_force_sslv3.patch --- xchat-2.8.8/debian/patches/68_dont_force_sslv3.patch 1969-12-31 16:00:00.0 -0800 +++ xchat-2.8.8/debian/patches/68_dont_force_sslv3.patch 2014-11-07 05:31:25.0 -0800 @@ -0,0 +1,33 @@ +Description: Don't force the use of SSLv3 +Author: Marc Deslauriers marc.deslauri...@canonical.com +Bug: http://sourceforge.net/p/xchat/bugs/1598/ +Bug-Ubuntu: https://bugs.launchpad.net/xchat-gnome/+bug/1381484 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766005 +Forwarded: yes + +--- + src/common/ssl.c |4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: b/src/common/ssl.c +=== +--- a/src/common/ssl.c b/src/common/ssl.c +@@ -70,7 +70,7 @@ _SSL_context_init (void (*info_cb_func), + + SSLeay_add_ssl_algorithms (); + SSL_load_error_strings (); +- ctx = SSL_CTX_new (server ? SSLv3_server_method() : SSLv3_client_method ()); ++ ctx = SSL_CTX_new (server ? SSLv23_server_method() : SSLv23_client_method ()); + + SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH); + SSL_CTX_set_timeout (ctx, 300); +@@ -281,7 +281,7 @@ _SSL_socket (SSL_CTX *ctx, int sd) + __SSL_critical_error (SSL_new); + + SSL_set_fd (ssl, sd); +- if (ctx-method == SSLv3_client_method()) ++ if (ctx-method == SSLv23_client_method()) + SSL_set_connect_state (ssl); + else +SSL_set_accept_state(ssl); diff -Nru xchat-2.8.8/debian/patches/series xchat-2.8.8/debian/patches/series --- xchat-2.8.8/debian/patches/series 2014-10-13 12:58:48.0 -0700 +++ xchat-2.8.8/debian/patches/series 2014-11-07 01:52:49.0 -0800 @@ -25,3 +25,4 @@ 65_save_sound.patch 66_load_libnotify4.patch 67_configure_with_gmodule.patch +68_dont_force_sslv3.patch \ No newline at end of file -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caczd_tc-m6g7mvxy3qwpqbbpqgqwoua8geqapjfhbv83bs2...@mail.gmail.com
Bug#769570: unblock: love/0.9.1-3
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Severity: normal Fixes RC bug #768206. Debdiff below. unblock love/0.9.1-3 diff -Nru love-0.9.1/debian/changelog love-0.9.1/debian/changelog --- love-0.9.1/debian/changelog 2014-04-28 14:00:57.0 -0700 +++ love-0.9.1/debian/changelog 2014-11-13 23:19:06.0 -0800 @@ -1,3 +1,11 @@ +love (0.9.1-3) unstable; urgency=medium + + * Team upload. + * Add Breaks+Replaces relation against older versions of love to fix +wheezy - jessie upgrades. (Closes: #768206) + + -- Vincent Cheng vch...@debian.org Thu, 13 Nov 2014 23:17:35 -0800 + love (0.9.1-2) unstable; urgency=medium * Don't use luajit for architectures where it is not supported: diff -Nru love-0.9.1/debian/control love-0.9.1/debian/control --- love-0.9.1/debian/control 2014-04-28 13:39:21.0 -0700 +++ love-0.9.1/debian/control 2014-11-13 23:21:00.0 -0800 @@ -55,6 +55,8 @@ Architecture: all Depends: ${misc:Depends} Suggests: love +Breaks: love ( 0.9.1-2) +Replaces: love ( 0.9.1-2) Description: 2D game development framework - documentation LÖVE was created to be a user-friendly engine in which simple (or complicated) games could be made without having extensive knowledge -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caczd_tbohgoyjbttv87xpzpwv33679zfyi8jq7kvu65ugjd...@mail.gmail.com
Bug#769506: unblock: python-babel/1.3+dfsg.1-5
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Severity: normal Fixes RC bug #741834. Debdiff below. unblock python-babel/1.3+dfsg.1-5 diff -Nru python-babel-1.3+dfsg.1/debian/changelog python-babel-1.3+dfsg.1/debian/changelog --- python-babel-1.3+dfsg.1/debian/changelog 2014-06-24 00:06:24.0 -0700 +++ python-babel-1.3+dfsg.1/debian/changelog 2014-11-13 23:07:22.0 -0800 @@ -1,3 +1,12 @@ +python-babel (1.3+dfsg.1-5) unstable; urgency=medium + + * Team upload. + + [ Thomas Viehmann ] + * Call test suite with LC_ALL=C to avoid test failures. (Closes: #741834) + + -- Vincent Cheng vch...@debian.org Thu, 13 Nov 2014 23:06:03 -0800 + python-babel (1.3+dfsg.1-4) unstable; urgency=medium * Fixed removal of pyshared folder stuff (that directory doesn't exist diff -Nru python-babel-1.3+dfsg.1/debian/rules python-babel-1.3+dfsg.1/debian/rules --- python-babel-1.3+dfsg.1/debian/rules 2014-06-24 00:06:24.0 -0700 +++ python-babel-1.3+dfsg.1/debian/rules 2014-11-13 23:08:28.0 -0800 @@ -72,6 +72,6 @@ override_dh_auto_test: ifeq (,$(findstring nocheck, $(DEB_BUILD_OPTIONS))) - py.test - py.test-3 + LC_ALL=C py.test + LC_ALL=C py.test-3 endif -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caczd_tdoqzgfw0a3fhfnibnxfqk6gut9eqqsgjwwksf2rmv...@mail.gmail.com
Bug#768786: unblock: wxglade/0.6.8-2.2
On Sun, Nov 9, 2014 at 8:10 AM, Georges Khaznadar georges.khazna...@free.fr wrote: Please Vincent, go ahead! and many thanks in advance. If the unblock query for wxglade-0.7.0 is accepted, wxglade will be part of Jessie, but this is not sure. So please upload wxglade_0.6.8-2.2 now :) Thanks (both to you and to Jonathan for approving the upload); uploaded wxglade/0.6.8-2.2 to t-p-u just now. Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CACZd_tDgacb33RAWc+6iYKZDBZiMszG3Az=6a8vpt6nsun1...@mail.gmail.com
Bug#768786: unblock: wxglade/0.6.8-2.2
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Severity: normal X-Debbugs-CC: georg...@debian.org Hi, I'd like to upload wxglade/0.6.8-2.2 as a NMU to testing-proposed-updates to fix RC bug #766743. I'm suggesting an upload to t-p-u because the version of wxglade in sid contains changes that don't look suitable for jessie at this point (among other things, a new upstream release); I just cherrypicked the relevant changes from the package in sid (where this bug is marked as fixed). AFAIK it's not possible to upload a package to the delayed queue for t-p-u, so George, I've cc-ed you in this unblock request; please shout if you don't want me to upload this for some reason. unblock wxglade/0.6.8-2.2 diff -Nru wxglade-0.6.8/debian/changelog wxglade-0.6.8/debian/changelog --- wxglade-0.6.8/debian/changelog 2014-10-12 19:55:16.0 -0700 +++ wxglade-0.6.8/debian/changelog 2014-11-09 01:33:17.0 -0800 @@ -1,3 +1,11 @@ +wxglade (0.6.8-2.2) testing-proposed-updates; urgency=medium + + * Non-maintainer upload. + * modified common.py assigned icons_path to '/usr/share/wxglade/icons' +Closes: #766743 + + -- Vincent Cheng vch...@debian.org Sun, 09 Nov 2014 01:32:57 -0800 + wxglade (0.6.8-2.1) unstable; urgency=low * Non-maintainer upload. diff -Nru wxglade-0.6.8/debian/patches/70-common.py.patch wxglade-0.6.8/debian/patches/70-common.py.patch --- wxglade-0.6.8/debian/patches/70-common.py.patch 1969-12-31 16:00:00.0 -0800 +++ wxglade-0.6.8/debian/patches/70-common.py.patch 2014-10-25 09:05:58.0 -0700 @@ -0,0 +1,22 @@ +Index: wxglade-0.6.8/common.py +=== +--- wxglade-0.6.8.orig/common.py wxglade-0.6.8/common.py +@@ -112,7 +112,7 @@ Path to wxGlade documentation (e.g. html + @note: This path will be set during initialisation + + +-icons_path = 'icons' ++icons_path = '/usr/share/wxglade/icons' + \ + Path to wxGlade icons + +@@ -374,7 +374,7 @@ def make_object_button(widget, icon_path + from tree import WidgetTree + id = wx.NewId() + if not os.path.isabs(icon_path): +-icon_path = os.path.join(wxglade_path, icon_path) ++icon_path = os.path.join(/usr/share/wxglade, icon_path) + if wx.Platform == '__WXGTK__': + style = wx.NO_BORDER + else: diff -Nru wxglade-0.6.8/debian/patches/series wxglade-0.6.8/debian/patches/series --- wxglade-0.6.8/debian/patches/series 2014-10-12 18:44:24.0 -0700 +++ wxglade-0.6.8/debian/patches/series 2014-11-09 01:33:46.0 -0800 @@ -5,3 +5,4 @@ 50-setup.py transition-towards-wx30.patch 60-wxpython3.0.patch +70-common.py.patch -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CACZd_tCgs24S7Ks6EDc+Uiqy-n1=7Z1EZYg1G-f5Y6OUTpm9=q...@mail.gmail.com
Bug#767945: unblock: nvidia-graphics-drivers/340.46-4
Hi, On Mon, Nov 3, 2014 at 7:33 AM, Andreas Beckmann a...@debian.org wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package nvidia-graphics-drivers fix some misplaced files (#766343) and add missing bits for the reorganization in 340.46-2 unblock nvidia-graphics-drivers/340.46-4 I noticed that #767945 didn't come with a debdiff as requested by the freeze policy, so attaching a diff between the version in testing (340.46-3) and in sid (340.46-4). Regards, Vincent nvidia-graphics-drivers_340.46-4.debdiff Description: Binary data
Bug#767879: nmu: handbrake_0.9.9+dfsg-2~2.gbpa4c3e9~bpo70+1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hi, Handbrake is currently not installable in wheezy-backports [1]. nmu handbrake_0.9.9+dfsg-2~2.gbpa4c3e9~bpo70+1 . ALL . wheezy-backports . -m Rebuild due to libav ABI bump Regards, Vincent [1] https://lists.debian.org/debian-backports/2014/10/msg00081.html -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (700, 'testing'), (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-3-vclaptop-amd64 (SMP w/8 CPU cores; PREEMPT) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141103081436.17416.24201.reportbug@vincent-tlaptop
Re: Shinken packages strange state
Hi Thibault, On Thu, Oct 23, 2014 at 7:40 PM, Thibault Cohen thibault.co...@savoirfairelinux.com wrote: I don't really know if I write to the right persons No, the right group to contact for removal of source/binary packages from sid is the ftpteam, not the release team... We opened a bug here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766131 But we are not sure that is the good place to report this bug ...and opening a RM bug on the BTS is indeed the right thing to do. Just give ftpmasters some time, or ping them directly if you feel that they're not responding in a timely manner. Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caczd_tdj3jzcksw8_5iwssy_goxusp-1tf_wrmoohoy+sfn...@mail.gmail.com
Bug#760128: nmu: guacamole-server_0.8.3-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu guacamole-server_0.8.3-1 . ALL . -m rebuild due to freerdp soname change This would fix #758478. libfreerdp1's soname change is tracked as #757605. -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (700, 'testing'), (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.15-2-vclaptop-amd64 (SMP w/8 CPU cores; PREEMPT) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140901033512.4535.69813.reportbug@vincent-tlaptop
Bug#756355: nmu: openchange_1:2.1-1~bpo70+1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Dear release team, Please binNMU the current version of openchange in wheezy-backports; it has a dependency on libc6 = 2.14, which makes it uninstallable on wheezy. Jelmer, please take care to build backported packages in a clean wheezy chroot next time. nmu openchange_1:2.1-1~bpo70+1 . ALL . -m rebuild against eglibc 2.13 Regards, Vincent -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (700, 'testing'), (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.15-2-vclaptop-amd64 (SMP w/8 CPU cores; PREEMPT) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140729062154.32286.73551.reportbug@vincent-tlaptop
Bug#756355: nmu: openchange_1:2.1-1~bpo70+1
On Mon, Jul 28, 2014 at 11:21 PM, Vincent Cheng vch...@debian.org wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Dear release team, Please binNMU the current version of openchange in wheezy-backports; it has a dependency on libc6 = 2.14, which makes it uninstallable on wheezy. Jelmer, please take care to build backported packages in a clean wheezy chroot next time. nmu openchange_1:2.1-1~bpo70+1 . ALL . -m rebuild against eglibc 2.13 Err, sorry, I meant amd64...this should be correct: nmu openchange_1:2.1-1~bpo70+1 . amd64 . -m rebuild against eglibc 2.13 Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CACZd_tBzZhkspJmuYWH3n6eDZ5=4wtff-s0i6xuwvcuemtr...@mail.gmail.com
Bug#744820:
On Sun, Jun 8, 2014 at 10:57 PM, Alexander Wirt formo...@debian.org wrote: On Sun, 08 Jun 2014, Vincent Cheng wrote: Hi Andreas, On Thu, Jun 5, 2014 at 3:35 PM, Andreas Rönnquist gus...@gusnan.se wrote: The version in squeeze-proposed-updates (0.3.2-1+deb6u1) still got this wrong - running catfish from the terminal gives: python: can't open file '/usr/share/catfish/bin/catfish.py': [Errno 2] No such file or directory Where the /usr/bin/catfish has got: #!/usr/bin/env bash python /usr/share/catfish/bin/catfish.py $@ it should be: #!/usr/bin/env bash python /usr/share/catfish/catfish.py $@ (I just tested it in a Squeeze VM) Fixed and uploaded as 0.3.2-1+deb6u2, thanks! Jackson, I pinged you on IRC, but since it doesn't look like you're going to respond anytime soon, I just went ahead with a team upload. (Jackson: I can't believe I have to keep on saying this, but please actually test your packages before asking for an upload!) if you uploaded the package, you have the same responsibility. I expect from anyone _uploading_ a package - be it a sponsor or the maintainer - to test their backports. That means installing the backport in a _fresh_ environment, before the upload. Testing means: - installation - using the software if you are uploading a bunch of dependencys, only upload after all backports are build and test with the whole dependency chain. #744820 has nothing to do with a backport. Also, I don't want to play the blame game here, but I disagree with the assertion that sponsors have the same set of responsibilities as the actual maintainer of the package. In this specific case, I'm not a catfish user, I am merely interested in fixing a bunch of CVEs against this package that have gone unfixed for a while in stable/oldstable. Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CACZd_tABQucT-svxc+PTWm3p=pzzkicuxekrt5rgcnxt9om...@mail.gmail.com
Bug#744820:
On Sun, Jun 8, 2014 at 11:10 PM, Alexander Wirt formo...@debian.org wrote: On Sun, 08 Jun 2014, Vincent Cheng wrote: On Sun, Jun 8, 2014 at 10:57 PM, Alexander Wirt formo...@debian.org wrote: On Sun, 08 Jun 2014, Vincent Cheng wrote: Hi Andreas, On Thu, Jun 5, 2014 at 3:35 PM, Andreas Rönnquist gus...@gusnan.se wrote: The version in squeeze-proposed-updates (0.3.2-1+deb6u1) still got this wrong - running catfish from the terminal gives: python: can't open file '/usr/share/catfish/bin/catfish.py': [Errno 2] No such file or directory Where the /usr/bin/catfish has got: #!/usr/bin/env bash python /usr/share/catfish/bin/catfish.py $@ it should be: #!/usr/bin/env bash python /usr/share/catfish/catfish.py $@ (I just tested it in a Squeeze VM) Fixed and uploaded as 0.3.2-1+deb6u2, thanks! Jackson, I pinged you on IRC, but since it doesn't look like you're going to respond anytime soon, I just went ahead with a team upload. (Jackson: I can't believe I have to keep on saying this, but please actually test your packages before asking for an upload!) if you uploaded the package, you have the same responsibility. I expect from anyone _uploading_ a package - be it a sponsor or the maintainer - to test their backports. That means installing the backport in a _fresh_ environment, before the upload. Testing means: - installation - using the software if you are uploading a bunch of dependencys, only upload after all backports are build and test with the whole dependency chain. #744820 has nothing to do with a backport. Also, I don't want to play the blame game here, but I disagree with the assertion that sponsors have the same set of responsibilities as the actual maintainer of the package. In this specific case, I'm not a catfish user, I am merely interested in fixing a bunch of CVEs against this package that have gone unfixed for a while in stable/oldstable. Uhm, sorry. I got the wrong mailinglist. Anyhow, I disagree the sponsor has the same responsibility as the maintainer. If they don't understand the package, they shouldn't upload it. If sponsors were required to be domain experts in the packages that they sponsor, then we'd see a lot less sponsoring taking place in Debian, and a lot more packages bitrotting in the archive. I've always advocated for lower barriers for contributing to Debian, and that applies to both maintainership and sponsorship. In terms of sponsorship, as long as the sponsor is able to fix anything he/she breaks, that's fine by me; I don't see why we should be discouraging people from sponsoring packages that they aren't necessarily familiar with (and frankly, that's the last thing that we should be doing - making it harder for prospective contributors to find someone, anyone, who might be interested in sponsoring their package(s); just take a look at the ever-increasing length of the sponsorship-requests queue). Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CACZd_tCuf�rBOUY0zfi-0i_iNTO=zk3vl+po+lut5rtsw...@mail.gmail.com
Bug#744820:
On Sun, Jun 8, 2014 at 11:30 PM, Alexander Wirt formo...@debian.org wrote: On Sun, 08 Jun 2014, Vincent Cheng wrote: On Sun, Jun 8, 2014 at 11:10 PM, Alexander Wirt formo...@debian.org wrote: On Sun, 08 Jun 2014, Vincent Cheng wrote: On Sun, Jun 8, 2014 at 10:57 PM, Alexander Wirt formo...@debian.org wrote: On Sun, 08 Jun 2014, Vincent Cheng wrote: Hi Andreas, On Thu, Jun 5, 2014 at 3:35 PM, Andreas Rönnquist gus...@gusnan.se wrote: The version in squeeze-proposed-updates (0.3.2-1+deb6u1) still got this wrong - running catfish from the terminal gives: python: can't open file '/usr/share/catfish/bin/catfish.py': [Errno 2] No such file or directory Where the /usr/bin/catfish has got: #!/usr/bin/env bash python /usr/share/catfish/bin/catfish.py $@ it should be: #!/usr/bin/env bash python /usr/share/catfish/catfish.py $@ (I just tested it in a Squeeze VM) Fixed and uploaded as 0.3.2-1+deb6u2, thanks! Jackson, I pinged you on IRC, but since it doesn't look like you're going to respond anytime soon, I just went ahead with a team upload. (Jackson: I can't believe I have to keep on saying this, but please actually test your packages before asking for an upload!) if you uploaded the package, you have the same responsibility. I expect from anyone _uploading_ a package - be it a sponsor or the maintainer - to test their backports. That means installing the backport in a _fresh_ environment, before the upload. Testing means: - installation - using the software if you are uploading a bunch of dependencys, only upload after all backports are build and test with the whole dependency chain. #744820 has nothing to do with a backport. Also, I don't want to play the blame game here, but I disagree with the assertion that sponsors have the same set of responsibilities as the actual maintainer of the package. In this specific case, I'm not a catfish user, I am merely interested in fixing a bunch of CVEs against this package that have gone unfixed for a while in stable/oldstable. Uhm, sorry. I got the wrong mailinglist. Anyhow, I disagree the sponsor has the same responsibility as the maintainer. If they don't understand the package, they shouldn't upload it. If sponsors were required to be domain experts in the packages that they sponsor, then we'd see a lot less sponsoring taking place in Debian, and a lot more packages bitrotting in the archive. I've always advocated for lower barriers for contributing to Debian, and that applies to both maintainership and sponsorship. In terms of sponsorship, as long as the sponsor is able to fix anything he/she breaks, that's fine by me; I don't see why we should be discouraging people from sponsoring packages that they aren't necessarily familiar with (and frankly, that's the last thing that we should be doing - making it harder for prospective contributors to find someone, anyone, who might be interested in sponsoring their package(s); just take a look at the ever-increasing length of the sponsorship-requests queue). That way you are just wasting other peoples time, buildd time and so on. If such a policy prevents broken, packages with low quality and so on from being uploaded I am happy with it. And to just test some binarys, you don't have to be an expert. What are you trying to imply? That I'd deliberately upload broken packages to the archive just to waste everyone's time? Yeah, right, I can assure you that I have better things to do with my time. I've always advocated for a more liberal sponsorship policy within Debian (and also w.r.t. NMUs as well, but that's another story). Otherwise there's no hope of DD sponsors being able to meet the needs of sponsorees. I think it's fine for sponsors to know less than the actual maintainer(s) about the package that they choose to sponsor, as long as they're willing to fix any breakage that they cause. At the end of the day, I think that a buggy package with an active maintainer/sponsor is better than an abandoned, bitrotting package that nobody wants to take care of because of an overly bureaucratic and restrictive sponsorship policy. Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CACZd_tCS6XE_D6E-S48q9jQVARGyfbFNF_ofWKCCg2u=dra...@mail.gmail.com
Bug#744820:
Hi Andreas, On Thu, Jun 5, 2014 at 3:35 PM, Andreas Rönnquist gus...@gusnan.se wrote: The version in squeeze-proposed-updates (0.3.2-1+deb6u1) still got this wrong - running catfish from the terminal gives: python: can't open file '/usr/share/catfish/bin/catfish.py': [Errno 2] No such file or directory Where the /usr/bin/catfish has got: #!/usr/bin/env bash python /usr/share/catfish/bin/catfish.py $@ it should be: #!/usr/bin/env bash python /usr/share/catfish/catfish.py $@ (I just tested it in a Squeeze VM) Fixed and uploaded as 0.3.2-1+deb6u2, thanks! Jackson, I pinged you on IRC, but since it doesn't look like you're going to respond anytime soon, I just went ahead with a team upload. (Jackson: I can't believe I have to keep on saying this, but please actually test your packages before asking for an upload!) Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CACZd_tDRZFd-ebt=hpf_0PEq=5Xiu5Nxf-2_GaHwOM=8gho...@mail.gmail.com
Bug#744820:
On Tue, Jun 3, 2014 at 2:17 PM, Adam D. Barratt a...@adam-barratt.org.uk wrote: Control: tags -1 + confirmed On Thu, 2014-05-29 at 12:59 +1000, Jackson Doak wrote: diff -u catfish-0.3.2/debian/changelog catfish-0.3.2/debian/changelog --- catfish-0.3.2/debian/changelog +++ catfish-0.3.2/debian/changelog @@ -1,3 +1,10 @@ +catfish (0.3.2-1+deb6u1) squeeze; urgency=medium + + * Add 50Fix_cve.dpatch. Closes: #739958 +- CVE-2014-2093 CVE-2014-2094 CVE-2014-2095 CVE-2014-2096 Please go ahead. Uploaded, thanks! Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caczd_tc66hwq-dnkpsndyptg8wt85wueed-0w6hcq_+c1bd...@mail.gmail.com
Bug#745209: transition: gloox
On Tue, May 13, 2014 at 2:05 PM, Julien Cristau jcris...@debian.org wrote: Control: tags -1 confirmed On Fri, Apr 18, 2014 at 15:47:35 -0700, Vincent Cheng wrote: I'd like to request a transition slot for src:gloox. This is a relatively small transition (just like #736219 was), with only 4 source packages affected, and only 2 of them are in testing: licq (build ok, needs binNMU) 0ad (build ok, needs binNMU) Assuming the release team has no objections, I'll go ahead and upload this to unstable directly. Sorry for the delay. Yes, feel free to go ahead. Updated gloox now in sid and built+installed on all archs (except sparc). Please schedule binNMUs for 0ad and licq. nmu 0ad_0.0.16-2 . ALL . -m 'Rebuild against libgloox12' nmu licq_1.8.1-2 . ALL . -m 'Rebuild against libgloox12' Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caczd_tdf8jpdlwtcttowcveg-+2ut_elzk_md3dbuoyenby...@mail.gmail.com
Bug#744820: squeeze-pu: package catfish/0.3.2-2+deb6u1
++%python% %prefix%/share/catfish/bin/catfish.py $@ The attached debdiff for catfish/0.3.2-2+deb6u1 is broken (see line above) and would cause #746251 if uploaded as-is. Jackson, please fix and re-send your debdiff to #744820. Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CACZd_tDrCc_jpGmGO+fRQP=76fgN9abhwgvNWra=fnySDnQ=v...@mail.gmail.com
Bug#744820: squeeze-pu: package catfish/0.3.2-2+deb6u1
On Tue, May 13, 2014 at 1:36 PM, Jackson Doak nosk...@ubuntu.com wrote: I still lack access to a computer where i can do this. Could you please NMU it? The package hasn't been approved by the release team, nor uploaded to squeeze yet, so there's nothing to NMU. Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CACZd_tDosMf0zCimcFr7L=jytSSk_C8NVn8qb8o=pygqm5d...@mail.gmail.com
Bug#747061: wheezy-pu: package catfish/0.3.2-2+deb7u1.1
On Sun, May 11, 2014 at 9:04 AM, Adam D. Barratt a...@adam-barratt.org.uk wrote: Control: tags -1 + confirmed On Mon, 2014-05-05 at 00:15 -0700, Vincent Cheng wrote: The following debdiff (provided by Andreas Rönnquist) fixes a regression (#746251) in catfish introduced in version 0.3.2-2+deb7u1. Thanks! Please go ahead; thanks. Uploaded, thanks! Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caczd_tbt0zgyshz+p4+-2hz6s+ozv+7kchxa22n_vyhosof...@mail.gmail.com
Bug#747061: wheezy-pu: package catfish/0.3.2-2+deb7u1.1
Package: release.debian.org Severity: normal Tags: wheezy User: release.debian@packages.debian.org Usertags: pu Dear Release team, The following debdiff (provided by Andreas Rönnquist) fixes a regression (#746251) in catfish introduced in version 0.3.2-2+deb7u1. Thanks! diff -u catfish-0.3.2/debian/changelog catfish-0.3.2/debian/changelog --- catfish-0.3.2/debian/changelog +++ catfish-0.3.2/debian/changelog @@ -1,3 +1,11 @@ +catfish (0.3.2-2+deb7u1.1) stable; urgency=low + + * Non-maintainer upload. + * Fix the patch 50Fix_cve.dpatch, correcting the calling +python command (Closes: #746251) + + -- Andreas Rönnquist gus...@gusnan.se Fri, 02 May 2014 16:20:45 +0200 + catfish (0.3.2-2+deb7u1) stable; urgency=medium * Add 50Fix_cve.dpatch. Closes: #739958 diff -u catfish-0.3.2/debian/patches/50Fix_cve.dpatch catfish-0.3.2/debian/patches/50Fix_cve.dpatch --- catfish-0.3.2/debian/patches/50Fix_cve.dpatch +++ catfish-0.3.2/debian/patches/50Fix_cve.dpatch @@ -22 +22 @@ -+%python% %prefix%/share/catfish/bin/catfish.py $@ ++python %prefix%/share/catfish/catfish.py $@ Regards, Vincent -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (700, 'testing'), (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.14-2-vclaptop-amd64 (SMP w/8 CPU cores; PREEMPT) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140505071544.18635.41542.reportbug@vincent-tlaptop
Bug#735399: RFS - pu: policyd-weight/0.1.15.2-5+wheezy1
Hi Werner, On Sat, Apr 19, 2014 at 4:35 AM, Werner Detter wer...@aloah-from-hell.de wrote: Package: sponsorship-requests Severity: low low isn't a valid bug severity. Also, for future RFS requests, please file a bug against the sponsorship-requests pseudo-package, rather than sending mail to the package-sponsorship-requests list (it's easier to keep track of individual RFS requests, for one thing). Usertags: pu Dear Maintainers, recently I've upgraded policyd-weight in unstable. I've added a patch that fixes DNS::Net usage in policyd-weight which lead to infinite loop on machines which dispose only of IPv6 resolvers. The relevant bugreport against release.debian.org can be found here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735399 * Package name: policyd-weight Version : policyd-weight/0.1.15.2-5+wheezy1 Upstream Author : Robert Felber * URL : www.policyd-weight.org * License : GPL-2+ Section : mail I've uploaded the package to mentors.debian.net - it would be great if someone could upload this package. The URL of your package is: http://mentors.debian.net/package/policyd-weight The respective dsc file can be found at: http://mentors.debian.net/debian/pool/main/p/policyd-weight/policyd-weight_0.1.15.2-5+wheezy1.dsc Built, signed, and uploaded; thanks for your contribution to Debian! Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CACZd_tD_8YjRRMgMwnaQ1RPkC==jttnbqjnude6p9o-g5sy...@mail.gmail.com
Bug#745209: transition: gloox
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition I'd like to request a transition slot for src:gloox. This is a relatively small transition (just like #736219 was), with only 4 source packages affected, and only 2 of them are in testing: licq (build ok, needs binNMU) 0ad (build ok, needs binNMU) Assuming the release team has no objections, I'll go ahead and upload this to unstable directly. Ben file: title = gloox; is_affected = .depends ~ libgloox11 | .depends ~ libgloox12; is_good = .depends ~ libgloox12; is_bad = .depends ~ libgloox11; Regards, Vincent -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (700, 'testing'), (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13-5-vclaptop-amd64 (SMP w/8 CPU cores; PREEMPT) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140418224735.21703.2056.reportbug@vincent-tlaptop
Bug#742313: wheezy-pu: package catfish/0.3.2-2+deb7u1
On Sun, Apr 13, 2014 at 10:36 AM, Adam D. Barratt a...@adam-barratt.org.uk wrote: Control: tags -1 + confirmed On Sat, 2014-03-22 at 01:17 -0700, Vincent Cheng wrote: catfish currently has 4 unfixed CVE bugs that affect the version in wheezy. All of them were deemed to be minor issues (no DSA) according to the security tracker, so I'd like to fix them via an upload to stable instead. Debdiff is attached below. Please go ahead; thanks. Uploaded, thanks! Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CACZd_tDHwtDpHSbK_vztpP=o0GzHLh_ZQEVAqJ0=ng3-uwh...@mail.gmail.com
Bug#742313: wheezy-pu: package catfish/0.3.2-2+deb7u1
Package: release.debian.org Severity: normal Tags: wheezy User: release.debian@packages.debian.org Usertags: pu Hi, catfish currently has 4 unfixed CVE bugs that affect the version in wheezy. All of them were deemed to be minor issues (no DSA) according to the security tracker, so I'd like to fix them via an upload to stable instead. Debdiff is attached below. Jackson: I'll leave it to you to file a bug requesting an upload to squeeze, just so you know how to handle bugs like this in the future. Ping me for an upload when approved by the release team. diff -u catfish-0.3.2/debian/changelog catfish-0.3.2/debian/changelog --- catfish-0.3.2/debian/changelog +++ catfish-0.3.2/debian/changelog @@ -1,3 +1,10 @@ +catfish (0.3.2-2+deb7u1) stable; urgency=medium + + * Add 50Fix_cve.dpatch. Closes: #739958 +- CVE-2014-2093 CVE-2014-2094 CVE-2014-2095 CVE-2014-2096 + + -- Jackson Doak nosk...@ubuntu.com Sat, 01 Mar 2014 08:05:44 +1100 + catfish (0.3.2-2) unstable; urgency=low * Team upload. diff -u catfish-0.3.2/debian/patches/00list catfish-0.3.2/debian/patches/00list --- catfish-0.3.2/debian/patches/00list +++ catfish-0.3.2/debian/patches/00list @@ -4,0 +5 @@ +50Fix_cve.dpatch \ No newline at end of file only in patch2: unchanged: --- catfish-0.3.2.orig/debian/patches/50Fix_cve.dpatch +++ catfish-0.3.2/debian/patches/50Fix_cve.dpatch @@ -0,0 +1,22 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' catfish-0.3.2~/catfish.py catfish-0.3.2/catfish.py +--- a/catfish.in 2013-02-13 02:45:27 + b/catfish.in 2014-02-28 04:26:26 + +@@ -1,14 +1,2 @@ + #!/usr/bin/env bash +- +-APPNAME=catfish +- +-if [ -e $APPNAME.pyc ] +-then python $APPNAME.pyc $@ +-else +-if [ -e $APPNAME.py ] +-then python $APPNAME.py $@ +-else +-cd %prefix%/share/$APPNAME +-python $APPNAME.pyc $@ +-fi +-fi ++%python% %prefix%/share/catfish/bin/catfish.py $@ Regards, Vincent -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (700, 'testing'), (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13-5-vclaptop-amd64 (SMP w/8 CPU cores; PREEMPT) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140322081703.23306.59591.reportbug@vincent-tlaptop
Bug#736219: transition: gloox
On Sun, Mar 16, 2014 at 11:44 AM, Julien Cristau jcris...@debian.org wrote: Control: tag -1 confirmed On Mon, Jan 20, 2014 at 22:45:02 -0800, Vincent Cheng wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition I'd like to request a transition slot for src:gloox. This is a relatively small transition, with only 4 source packages affected (tested builds against newer gloox, currently in NEW queue, results are as follows): licq (build ok, needs binNMU) 0ad (build ok, needs binNMU) uwsgi (NOT in testing, removed due to removal of openjdk6 - #720571) fatrat (NOT in testing, removed due to boost-related FTBFS - #713663) Feel free to upload to sid. Let us know when the package is built on all archs so binNMUs can be scheduled. I've uploaded gloox to sid and can confirm that it's been successfully built on all archs. Thanks! Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caczd_tb7rslsshynvpzdu9n+mb-c_omzdp0zypgnm-k-crm...@mail.gmail.com
Bug#739467: nmu: veusz_1.20.1-1
On Tue, Feb 18, 2014 at 4:50 PM, Andreas Beckmann a...@debian.org wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu veusz_1.20.1-1 . amd64 . -m Rebuild against sip-api-10.1 The maintainer upload of veusz was built in wheezy (sip-api-8.1), but uploaded to sid. Andreas @Jeremy: please build packages for sid in a clean and up-to-date sid environment. Thanks. It's my fault entirely, not Jeremy's, for building it in a wheezy environment (I was also preparing wheezy-backports uploads at the same time as I was sponsoring veusz). Sorry for the hassle! Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caczd_tdwvves8flu3ddga-mftenc12w4z4cez1cp5fwrkv_...@mail.gmail.com
Bug#736219: transition: gloox
Hi, gloox is now in experimental, and awaiting approval from the release team before uploading to unstable. Thanks! Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caczd_tcj0aqo42ju-gl791axf70pzubxhlnnktu+98vob_t...@mail.gmail.com
Bug#736219: transition: gloox
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition I'd like to request a transition slot for src:gloox. This is a relatively small transition, with only 4 source packages affected (tested builds against newer gloox, currently in NEW queue, results are as follows): licq (build ok, needs binNMU) 0ad (build ok, needs binNMU) uwsgi (NOT in testing, removed due to removal of openjdk6 - #720571) fatrat (NOT in testing, removed due to boost-related FTBFS - #713663) Ben file: title = gloox; is_affected = .depends ~ libgloox8 | .depends ~ libgloox11; is_good = .depends ~ libgloox11; is_bad = .depends ~ libgloox8; Thanks, Vincent -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (700, 'testing'), (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.12-5-vclaptop-amd64 (SMP w/8 CPU cores; PREEMPT) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140121064502.16445.87458.reportbug@vincent-tlaptop
Bug#709813: Please give back 0ad on amd64
On Mon, Jun 24, 2013 at 12:41 PM, Kurt Roeckx k...@roeckx.be wrote: On Mon, Jun 24, 2013 at 12:19:03AM -0700, Vincent Cheng wrote: Dear wanna-build team, Please give back 0ad on amd64 on a buildd other than barber (i.e. retry until some other buildd takes it). I understand that the issue is in nvidia-texture-tools (#713966), and maybe we should wait for that to get fixed? I've set a dep-wait for that. As far as I can see, 0ad ended up being given to and getting built successfully on brahms [1]. Well, at least 0ad is no longer blocking the enet transition... Regards, Vincent [1] https://buildd.debian.org/status/logs.php?pkg=0adver=0.0.13-2%2Bb1arch=amd64 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CACZd_tA_L0z-D_2Oq0SQFnK_SO7=q9nzeqg-kmv5undjcqn...@mail.gmail.com
Bug#709813: Please give back 0ad on amd64
On Tue, Jun 25, 2013 at 10:00 AM, Kurt Roeckx k...@roeckx.be wrote: On Tue, Jun 25, 2013 at 03:36:42AM -0700, Vincent Cheng wrote: On Mon, Jun 24, 2013 at 12:41 PM, Kurt Roeckx k...@roeckx.be wrote: On Mon, Jun 24, 2013 at 12:19:03AM -0700, Vincent Cheng wrote: Dear wanna-build team, Please give back 0ad on amd64 on a buildd other than barber (i.e. retry until some other buildd takes it). I understand that the issue is in nvidia-texture-tools (#713966), and maybe we should wait for that to get fixed? I've set a dep-wait for that. As far as I can see, 0ad ended up being given to and getting built successfully on brahms [1]. Well, at least 0ad is no longer blocking the enet transition... It looks I wasn't in time to undo that give-back and setting it to dep-wait. I suggest you make a new upload at some point and add a versioned build-depends or build-conflicts. Will do, thanks! Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CACZd_tAJbqC_eA_u1K0PC6=PFzvXqpM+vEHrqCxY6KmEsM=k...@mail.gmail.com
Bug#709813: Please give back 0ad on amd64
Dear wanna-build team, Please give back 0ad on amd64 on a buildd other than barber (i.e. retry until some other buildd takes it). Currently, it FTBFS on barber due to Illegal instruction when running its testsuite, and it's proving to be problematic to trace the root cause of the issue. I cannot reproduce the FTBFS locally with an up-to-date pbuilder, and the build log doesn't seem to give any clues as to why barber is bailing out on the testsuite (ansgar and others on #debian-devel noted the presence of -msse, but that shouldn't be an issue on amd64). A bug against 0ad has already been filed concerning this issue (#712956) and I've filed a ticket with upstream [1] (which I'll pursue more agressively when I have time), I don't think it's a regression, and this is blocking the enet transition (#709813), so can you please give back 0ad? Thanks! gb 0ad_0.0.13-2+b1 . amd64 [1] http://trac.wildfiregames.com/ticket/1994 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CACZd_tCBovmU3pbnt+ofePnOH=V=wmx0swlw3hcb0pp7ubr...@mail.gmail.com
Bug#701857: unblock: mpi4py/1.3+hg20120611-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package mpi4py. It contains a fix for RC bug #700995 (directory vs. symlink conflict: /usr/include/python3.2), and another bug fix for #691244 (to fix failing unittests with python3.3). Debdiff is as follows: diff -Nru mpi4py-1.3+hg20120611/debian/changelog mpi4py-1.3+hg20120611/debian/changelog --- mpi4py-1.3+hg20120611/debian/changelog 2012-06-11 18:51:02.0 -0700 +++ mpi4py-1.3+hg20120611/debian/changelog 2013-02-20 12:00:26.0 -0800 @@ -1,3 +1,18 @@ +mpi4py (1.3+hg20120611-3) unstable; urgency=medium + + * Create a suffixed (e.g. python3.2mu) python3 directory matching the +one present on the system for the given version of python3 (Closes: +#700995) + + -- Yaroslav Halchenko deb...@onerussian.com Wed, 20 Feb 2013 14:51:54 -0500 + +mpi4py (1.3+hg20120611-2) unstable; urgency=low + + * Cherry-picked patch from upstream for python3.3 compatibility (failing +unittests) (Closes: #691244) + + -- Yaroslav Halchenko deb...@onerussian.com Tue, 23 Oct 2012 10:23:29 -0400 + mpi4py (1.3+hg20120611-1) unstable; urgency=low [ Bradley M. Froehle ] diff -Nru mpi4py-1.3+hg20120611/debian/patches/series mpi4py-1.3+hg20120611/debian/patches/series --- mpi4py-1.3+hg20120611/debian/patches/series 2012-06-11 18:51:02.0 -0700 +++ mpi4py-1.3+hg20120611/debian/patches/series 2013-02-20 12:00:26.0 -0800 @@ -1,2 +1,3 @@ up_no_modlibs cython_version_check.patch +up_test_win_python3.3.patch diff -Nru mpi4py-1.3+hg20120611/debian/patches/up_test_win_python3.3.patch mpi4py-1.3+hg20120611/debian/patches/up_test_win_python3.3.patch --- mpi4py-1.3+hg20120611/debian/patches/up_test_win_python3.3.patch 1969-12-31 16:00:00.0 -0800 +++ mpi4py-1.3+hg20120611/debian/patches/up_test_win_python3.3.patch 2013-02-20 12:00:26.0 -0800 @@ -0,0 +1,43 @@ +Author: Lisandro Dalcin dalc...@gmail.com +Subject: Python 3.3 compatibility patch from upstream + +Origin: upstream +Bug-Debian: http://bugs.debian.org/691244 +Applied-Upstream: https://code.google.com/p/mpi4py/source/detail?r=330fde6ffccbdf68f5e3bdd0378bf4d6cfa82f50 +Last-Update: 2012-10-23 + +diff --git a/test/test_win.py b/test/test_win.py +--- a/test/test_win.py b/test/test_win.py +@@ -25,7 +25,10 @@ + if type(self.memory).__name__ == 'buffer': + self.assertEqual(sys.getrefcount(self.memory), refcnt+1) + else: +-self.assertEqual(sys.getrefcount(self.memory), refcnt) ++if sys.version_info[:3] (3, 3): ++self.assertEqual(sys.getrefcount(self.memory), refcnt) ++else: ++self.assertEqual(sys.getrefcount(self.memory), refcnt+1) + + def tearDown(self): + refcnt = sys.getrefcount(self.memory) +@@ -33,7 +36,10 @@ + if type(self.memory).__name__ == 'buffer': + self.assertEqual(sys.getrefcount(self.memory), refcnt-1) + else: +-self.assertEqual(sys.getrefcount(self.memory), refcnt) ++if sys.version_info[:3] (3, 3): ++self.assertEqual(sys.getrefcount(self.memory), refcnt) ++else: ++self.assertEqual(sys.getrefcount(self.memory), refcnt-1) + if self.mpi_memory: + MPI.Free_mem(self.mpi_memory) + +@@ -46,7 +52,6 @@ + self.assertEqual(dunit, 1) + self.assertEqual(base, pointer) + +- + def testAttributes(self): + cgroup = self.COMM.Get_group() + wgroup = self.WIN.Get_group() diff -Nru mpi4py-1.3+hg20120611/debian/rules mpi4py-1.3+hg20120611/debian/rules --- mpi4py-1.3+hg20120611/debian/rules 2012-06-11 18:51:02.0 -0700 +++ mpi4py-1.3+hg20120611/debian/rules 2013-02-20 12:00:26.0 -0800 @@ -54,10 +54,14 @@ done : # Python 3 + : # Can have python$$v symlink pointing to python3.?m or python3.?mu + : # see #700995 for more details. So first look where it points to + : # and use that directory set -e; for v in $(PY3VERS); do \ [ -d $(CURDIR)/debian/python3-mpi4py/usr/include/python$$v ] || \ - mkdir -p $(CURDIR)/debian/python3-mpi4py/usr/include/python$$v; \ - dh_link -ppython3-mpi4py usr/lib/python3/dist-packages/mpi4py/include/mpi4py usr/include/python$$v/mpi4py; \ + pythonv_inc_dir=$$(readlink -f /usr/include/python$$v); \ + mkdir -p $(CURDIR)/debian/python3-mpi4py$$pythonv_inc_dir; \ + dh_link -ppython3-mpi4py usr/lib/python3/dist-packages/mpi4py/include/mpi4py $${pythonv_inc_dir#/}/mpi4py; \ done : # share -dbg and normal package doc dirs unblock mpi4py/1.3+hg20120611-3 Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive:
Bug#701859: pre-approval unblock: python-bsddb3/5.2.0-1+deb7u1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock I've attached a proposed debdiff to fix RC bug #700996 (directory vs. symlink conflict: /usr/include/python3.2). It's pretty straightforward, but this has to go through testing-proposed-updates so I assume that a pre-approval is needed? diff -u python-bsddb3-5.2.0/debian/control python-bsddb3-5.2.0/debian/control --- python-bsddb3-5.2.0/debian/control +++ python-bsddb3-5.2.0/debian/control @@ -2,7 +2,7 @@ Section: python Priority: optional Maintainer: Matthias Klose d...@debian.org -Build-Depends: debhelper (= 6), libdb5.1-dev, python-all-dev (= 2.6.6-1~), python-all-dbg, python3-all-dev (= 3.1.2-10~), python3-all-dbg +Build-Depends: debhelper (= 6), libdb5.1-dev, python-all-dev (= 2.6.6-1~), python-all-dbg, python3-all-dev (= 3.1.2-10~), python3-all-dbg, python3.2-dev (= 3.2.3-7) Build-Depends-Indep: python-sphinx Standards-Version: 3.9.2 XS-Python-Version: = 2.6 diff -u python-bsddb3-5.2.0/debian/changelog python-bsddb3-5.2.0/debian/changelog --- python-bsddb3-5.2.0/debian/changelog +++ python-bsddb3-5.2.0/debian/changelog @@ -1,3 +1,11 @@ +python-bsddb3 (5.2.0-1+deb7u1) testing-proposed-updates; urgency=low + + * Non-maintainer upload. + * Build-depend on python3.2-dev (= 3.2.3-7) to fix directory vs. symlink +conflict on /usr/include/python3.2. Closes: #700996. + + -- Vincent Cheng vincentc1...@gmail.com Wed, 27 Feb 2013 22:36:16 -0800 + python-bsddb3 (5.2.0-1) unstable; urgency=low * New upstream release. Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CACZd_tBR21ggj=zmt0oehch9e6e2unny9ad_b9ysxb-axex...@mail.gmail.com
Bug#701860: unblock: pycxx/6.2.4-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package pycxx. It contains a fix for RC bug #700782 (directory vs. symlink conflict relating to /usr/include/python3.2). Debdiff is as follows: diff -Nru pycxx-6.2.4/debian/changelog pycxx-6.2.4/debian/changelog --- pycxx-6.2.4/debian/changelog2012-12-30 11:24:04.0 -0800 +++ pycxx-6.2.4/debian/changelog2013-02-27 10:50:34.0 -0800 @@ -1,3 +1,10 @@ +pycxx (6.2.4-3) unstable; urgency=low + + * install into real include/python3* folder instead of symlink folder +Thanks to Sebastian Ramacher for the patch. (Closes: #700782) + + -- Julian Taylor jtaylor.deb...@googlemail.com Wed, 27 Feb 2013 19:34:50 +0100 + pycxx (6.2.4-2) unstable; urgency=low * Remove symlink /usr/share/doc/python{,3}-cxx-dev before installing diff -Nru pycxx-6.2.4/debian/control pycxx-6.2.4/debian/control --- pycxx-6.2.4/debian/control 2012-12-30 11:24:04.0 -0800 +++ pycxx-6.2.4/debian/control 2013-02-27 10:47:27.0 -0800 @@ -5,7 +5,8 @@ Uploaders: Julian Taylor jtaylor.deb...@googlemail.com Build-Depends: debhelper (= 7.0.50~), python-all (= 2.6.6-3~), - python3-all (= 3.1.2-10~) + python3-all-dev (= 3.1.2-10~), + python3-all-dbg XS-Python-Version: all Standards-Version: 3.9.3 Homepage: http://cxx.sourceforge.net diff -Nru pycxx-6.2.4/debian/rules pycxx-6.2.4/debian/rules --- pycxx-6.2.4/debian/rules2012-12-30 11:24:04.0 -0800 +++ pycxx-6.2.4/debian/rules2013-02-27 10:47:27.0 -0800 @@ -30,10 +30,12 @@ set -e for i in $(PY3VERS); do \ $${i} setup.py install --force --root=$(CURDIR)/debian/tmp --no-compile -O0 --install-layout=deb; \ 2to3 -w -n $(CURDIR)/debian/tmp/usr/lib; \ - dh_install -ppython3-cxx-dev CXX/*.hxx /usr/include/$${i}/CXX/; \ - dh_install -ppython3-cxx-dev CXX/*.h /usr/include/$${i}/CXX/; \ - dh_install -ppython3-cxx-dev CXX/Python3/* /usr/include/$${i}/CXX/Python3; \ - dh_link -ppython3-cxx-dev /usr/include/$${i}/CXX/ /usr/include/$${i}_d/CXX; \ + python_inc_dir=$$(readlink -f /usr/include/$$i); \ + pythond_inc_dir=$$(readlink -f /usr/include/$${i}_d); \ + dh_install -ppython3-cxx-dev CXX/*.hxx $${python_inc_dir}/CXX/; \ + dh_install -ppython3-cxx-dev CXX/*.h $${python_inc_dir}/CXX/; \ + dh_install -ppython3-cxx-dev CXX/Python3/* $${python_inc_dir}/CXX/Python3; \ + dh_link -ppython3-cxx-dev $${python_inc_dir}/CXX/ $${pythond_inc_dir}/CXX; \ dh_install -ppython3-cxx-dev Src/*.c /usr/share/$${i}/CXX/; \ dh_install -ppython3-cxx-dev Src/*.cxx /usr/share/$${i}/CXX/; \ dh_install -ppython3-cxx-dev Src/Python3/* /usr/share/$${i}/CXX/Python3; \ unblock pycxx/6.2.4-3 Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CACZd_tC7dfTB3_ON7uecJWXtij4qqhP8sw-SLxeno=+9ept...@mail.gmail.com
Bug#698201: unblock: pygame/1.9.1release+dfsg-8
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Severity: normal Please unblock package pygame. This fixes RC bug #698169. Debdiff is as follows: diff -Nru pygame-1.9.1release+dfsg/debian/changelog pygame-1.9.1release+dfsg/debian/changelog --- pygame-1.9.1release+dfsg/debian/changelog 2012-09-10 15:10:20.0 -0700 +++ pygame-1.9.1release+dfsg/debian/changelog 2013-01-14 19:25:46.0 -0800 @@ -1,3 +1,12 @@ +pygame (1.9.1release+dfsg-8) unstable; urgency=low + + [ Sébastien Villemot ] + * Following the ABI change in python-numpy = 1:1.6.1 (see #685812), add +Depends on python-numpy (= 1:1.6.1) and python-numpy-abi9 in order to +support partial upgrades. (Closes: #698169) + + -- Vincent Cheng vincentc1...@gmail.com Mon, 14 Jan 2013 19:23:48 -0800 + pygame (1.9.1release+dfsg-7) unstable; urgency=low * Add missing licenses and copyright holders in debian/copyright. diff -Nru pygame-1.9.1release+dfsg/debian/control pygame-1.9.1release+dfsg/debian/control --- pygame-1.9.1release+dfsg/debian/control 2012-04-19 20:21:47.0 -0700 +++ pygame-1.9.1release+dfsg/debian/control 2013-01-14 19:26:15.0 -0800 @@ -27,7 +27,8 @@ Package: python-pygame Architecture: any Depends: - python-numpy, + python-numpy (= 1:1.6.1), + python-numpy-abi9, ttf-freefont, ${misc:Depends}, ${python:Depends}, unblock pygame/1.9.1release+dfsg-8 -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (700, 'testing'), (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.7.1-1-vclaptop-amd64 (SMP w/8 CPU cores; PREEMPT) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caczd_tcrn0db+7oodq7cg2ce9d5xqavfzo5lp1mnlvuho2u...@mail.gmail.com
Bug#694038: unblock: wesnoth-1.10/1:1.10.3-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package wesnoth-1.10 This fixes RC bug #688712 by reverting /usr/share/doc/{wesnoth,wesnoth-core, wesnoth-music} back into symlinks as they were in previous versions (in squeeze), and includes postinst scripts to do this manually for users who already have the wheezy version installed (since apparently dpkg doesn't replace symlinks with directories and vice versa itself). debdiff is as follows: diff -Nru wesnoth-1.10-1.10.3/debian/changelog wesnoth-1.10-1.10.3/debian/changelog --- wesnoth-1.10-1.10.3/debian/changelog2012-09-02 04:11:53.0 -0700 +++ wesnoth-1.10-1.10.3/debian/changelog2012-11-22 00:06:08.0 -0800 @@ -1,3 +1,10 @@ +wesnoth-1.10 (1:1.10.3-3) unstable; urgency=low + + * Team upload. + * Revert /usr/share/doc/wesnoth back into a symlink. (Closes: #688712) + + -- Vincent Cheng vincentc1...@gmail.com Wed, 21 Nov 2012 23:55:27 -0800 + wesnoth-1.10 (1:1.10.3-2) unstable; urgency=low [ Vincent Cheng ] diff -Nru wesnoth-1.10-1.10.3/debian/rules wesnoth-1.10-1.10.3/debian/rules --- wesnoth-1.10-1.10.3/debian/rules2012-09-02 04:04:18.0 -0700 +++ wesnoth-1.10-1.10.3/debian/rules2012-11-18 23:57:27.0 -0800 @@ -144,7 +144,7 @@ debian/wesnoth-$(BRANCH_VERSION)-data/usr/share/icons/hicolor/64x64/apps/wesnoth-$(BRANCH_VERSION)_editor-icon.png # /usr/share/doc symlinks - for i in wesnoth-$(BRANCH_VERSION); do \ + for i in wesnoth wesnoth-core wesnoth-music wesnoth-$(BRANCH_VERSION); do \ install -p -d -m755 debian/$$i/usr/share/doc; \ ln -s wesnoth-$(BRANCH_VERSION)-data debian/$$i/usr/share/doc/$$i; \ done diff -Nru wesnoth-1.10-1.10.3/debian/wesnoth-core.postinst wesnoth-1.10-1.10.3/debian/wesnoth-core.postinst --- wesnoth-1.10-1.10.3/debian/wesnoth-core.postinst1969-12-31 16:00:00.0 -0800 +++ wesnoth-1.10-1.10.3/debian/wesnoth-core.postinst2012-11-18 23:58:37.0 -0800 @@ -0,0 +1,17 @@ +#!/bin/sh +# postinst script for wesnoth-core +set -e + +if dpkg --compare-versions $2 lt-nl 1:1.10.3-3; then + # Replace directory with symlink. See BTS #688712 + if [ ! -L /usr/share/doc/wesnoth-core ] \ + [ -d /usr/share/doc/wesnoth-core ]; then + if rmdir /usr/share/doc/wesnoth-core 2/dev/null; then + ln -sf wesnoth-1.10-data /usr/share/doc/wesnoth-core + fi + fi +fi + +#DEBHELPER# + +exit 0 diff -Nru wesnoth-1.10-1.10.3/debian/wesnoth-core.postinst.in wesnoth-1.10-1.10.3/debian/wesnoth-core.postinst.in --- wesnoth-1.10-1.10.3/debian/wesnoth-core.postinst.in 1969-12-31 16:00:00.0 -0800 +++ wesnoth-1.10-1.10.3/debian/wesnoth-core.postinst.in 2012-11-18 23:58:50.0 -0800 @@ -0,0 +1,17 @@ +#!/bin/sh +# postinst script for wesnoth-core +set -e + +if dpkg --compare-versions $2 lt-nl 1:1.10.3-3; then + # Replace directory with symlink. See BTS #688712 + if [ ! -L /usr/share/doc/wesnoth-core ] \ + [ -d /usr/share/doc/wesnoth-core ]; then + if rmdir /usr/share/doc/wesnoth-core 2/dev/null; then + ln -sf wesnoth-BRANCH-data /usr/share/doc/wesnoth-core + fi + fi +fi + +#DEBHELPER# + +exit 0 diff -Nru wesnoth-1.10-1.10.3/debian/wesnoth-music.postinst wesnoth-1.10-1.10.3/debian/wesnoth-music.postinst --- wesnoth-1.10-1.10.3/debian/wesnoth-music.postinst 1969-12-31 16:00:00.0 -0800 +++ wesnoth-1.10-1.10.3/debian/wesnoth-music.postinst 2012-11-18 23:56:25.0 -0800 @@ -0,0 +1,17 @@ +#!/bin/sh +# postinst script for wesnoth-music +set -e + +if dpkg --compare-versions $2 lt-nl 1:1.10.3-3; then + # Replace directory with symlink. See BTS #688712 + if [ ! -L /usr/share/doc/wesnoth-music ] \ + [ -d /usr/share/doc/wesnoth-music ]; then + if rmdir /usr/share/doc/wesnoth-music 2/dev/null; then + ln -sf wesnoth-1.10-data /usr/share/doc/wesnoth-music + fi + fi +fi + +#DEBHELPER# + +exit 0 diff -Nru wesnoth-1.10-1.10.3/debian/wesnoth-music.postinst.in wesnoth-1.10-1.10.3/debian/wesnoth-music.postinst.in --- wesnoth-1.10-1.10.3/debian/wesnoth-music.postinst.in1969-12-31 16:00:00.0 -0800 +++ wesnoth-1.10-1.10.3/debian/wesnoth-music.postinst.in2012-11-18 23:52:11.0 -0800 @@ -0,0 +1,17 @@ +#!/bin/sh +# postinst script for wesnoth-music +set -e + +if dpkg --compare-versions $2 lt-nl 1:1.10.3-3; then + # Replace directory with symlink. See BTS #688712 + if [ ! -L /usr/share/doc/wesnoth-music ] \ + [ -d /usr/share/doc/wesnoth-music ]; then + if rmdir /usr/share/doc/wesnoth-music 2/dev/null; then + ln -sf wesnoth-BRANCH-data /usr/share/doc/wesnoth-music + fi + fi +fi
Freeze exception for warsow{-data}
Dear release team, Warsow and warsow-data were removed from unstable/testing (#648317 and #652949 respectively) back in November of 2011 due to several open FTBFS bugs against warsow, and no response from the Debian Games team or any of warsow's uploaders. I had originally intended to re-introduce warsow back to unstable by packaging a new upstream release and fixing all the FTBFS bugs currently filed against warsow, but I unfortunately didn't do so in time for the freeze. However, I would still like to see warsow packaged for wheezy, even if it's an older release. Would warsow (and warsow-data) qualify for a freeze exception if I uploaded the last version that migrated to testing (0.50+dfsg1-1) prior to being removed, with only the following changes? - Fix FTBFS bugs #593700, #564108, and #564109, with the patches attached in those bug reports - Add myself to warsow's list of Uploaders The above changes should address all the concerns that led to warsow's removal (namely, the unfixed FTBFS bugs and the fact that warsow was essentially unmaintained). Regards, Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CACZd_tAQwjz4tXoXqn1sWBkRRkY+visE_9x3osBh=oc2prg...@mail.gmail.com
Bug#676313: nmu: supertuxkart_0.7.3-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu supertuxkart_0.7.3-2 . ALL . -m Re-build against libirrlicht1.7a now that the changed soname has been reverted. (Closes: #675917) -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (700, 'testing'), (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120606053741.1092.72200.reportbug@vincent-laptop
Please run giveback of dbus-c++ (kfreebsd-amd64)
Hi, dbus-c++ FTBFS on kfreebsd-amd64 due to a buildd timeout, whereas it built successfully on all other archs (including kfreebsd-i386), and there's been no changes to the latest version of the source package that could've caused this FTBFS to suddenly appear. gb dbus-c++_0.9.0-5 . kfreebsd-amd64 Thanks! Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CACZd_tDGQrvA8rZCixLrZ=u3jlxtykwmtrdwseoxfy7dlhb...@mail.gmail.com
Re: TEMP-0612033-026F3E (conky)
On Fri, Jul 29, 2011 at 1:24 AM, Adam D. Barratt a...@adam-barratt.org.uk wrote: The Release Team don't upload fixed packages ourselves, but please feel free to upload packages using the diffs you supplied. I'm not a DD/DM, so I don't think I'll be able to upload those packages myself. Jonathan, if it isn't too much trouble for you, could you upload those packages on my behalf? I'd greatly appreciate it. Thanks in advance! :) Kind regards, - Vincent -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CACZd_tCKE-VM8vJM4c=auszn_mipqgl9_hobxuwqwsbbyud...@mail.gmail.com
TEMP-0612033-026F3E (conky)
Hi, Conky currently has an open issue [1] on the security tracker for stable and oldstable, but the security team has decided that it's not important enough for a DSA, so I would like to ask if the release team could upload fixed conky packages directly to stable/oldstable instead. A patch cherry-picked from upstream git [2] fixes this issue and applies cleanly to stable; the patch needs to be slightly modified for oldstable (diffs are attached). Background info on this issue can be found on the BTS [3], Launchpad [4], and Secunia [5]. Thanks in advance! Kind regards, - Vincent Cheng [1] http://security-tracker.debian.org/tracker/TEMP-0612033-026F3E [2] http://git.omp.am/?p=conky.git;a=patch;h=70b6f35a846f7b85bd11e66c1f23feee6b369688 [3] http://bugs.debian.org/612033 [4] https://bugs.launchpad.net/bugs/607309 [5] http://secunia.com/advisories/43225 diff -Nru a/debian/changelog b/debian/changelog --- a/debian/changelog 2011-07-16 16:23:58.0 -0700 +++ b/debian/changelog 2011-07-27 18:29:34.0 -0700 @@ -1,3 +1,10 @@ +conky (1.6.0-2+lenny1) oldstable; urgency=low + + * Patch TEMP-0612033-026F3E: security issue in Conky's eve module, which +causes Conky to be vulnerable to rewriting any user file. + + -- Vincent Cheng vincentc1...@gmail.com Wed, 27 Jul 2011 18:29:12 -0700 + conky (1.6.0-2) testing; urgency=low * Backport of fixes from version 1.6.1-1. diff -Nru a/debian/patches/fix-race-condition.patch b/debian/patches/fix-race-condition.patch --- a/debian/patches/fix-race-condition.patch 1969-12-31 16:00:00.0 -0800 +++ b/debian/patches/fix-race-condition.patch 2011-07-27 18:28:51.0 -0700 @@ -0,0 +1,78 @@ +Description: Avoid rewriting an arbitrary user file + This patch fixes issue TEMP-0612033-026F3E in Debian's security tracker. +Origin: upstream, http://git.omp.am/?p=conky.git;a=patch;h=70b6f35a846f7b85bd11e66c1f23feee6b369688 +Bug-Debian: http://bugs.debian.org/612033 +Bug-Ubuntu: https://launchpad.net/bugs/607309 + +--- a/src/eve.c b/src/eve.c +@@ -161,7 +161,7 @@ + char *eve(char *userid, char *apikey, char *charid) + { + Character *chr = NULL; +- const char *skillfile = /tmp/.cesf; ++ char skillfile[] = /tmp/.cesfXX; + int i = 0; + char *output = 0; + char *timel = 0; +@@ -169,6 +169,7 @@ + char *content = 0; + time_t now = 0; + char *error = 0; ++ int tmp_fd, old_umask; + + + for (i = 0; i MAXCHARS; i++) { +@@ -221,6 +222,14 @@ + + output = (char *)malloc(200 * sizeof(char)); + timel = formatTime(chr-ends); ++ old_umask = umask(0066); ++ tmp_fd = mkstemp(skillfile); ++ umask(old_umask); ++ if (tmp_fd == -1) { ++ error = strdup(Cannot create temporary file); ++ return error; ++ } ++ close(tmp_fd); + skill = getSkillname(skillfile, chr-skill); + + chr-skillname = strdup(skill); +@@ -294,19 +303,6 @@ + return 1; + } + +-int file_exists(const char *filename) +-{ +- struct stat fi; +- +- if ((stat(filename, fi)) == 0) { +- if (fi.st_size 0) +- return 1; +- else +- return 0; +- } else +- return 0; +-} +- + void writeSkilltree(char *content, const char *filename) + { + FILE *fp = fopen(filename, w); +@@ -322,13 +318,12 @@ + xmlDocPtr doc = 0; + xmlNodePtr root = 0; + +- if (!file_exists(file)) { +- skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE); +- writeSkilltree(skilltree, file); +- free(skilltree); +- } ++ skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE); ++ writeSkilltree(skilltree, file); ++ free(skilltree); + + doc = xmlReadFile(file, NULL, 0); ++ unlink(file); + if (!doc) + return NULL; + diff -Nru a/debian/patches/series b/debian/patches/series --- a/debian/patches/series 2011-07-16 16:23:58.0 -0700 +++ b/debian/patches/series 2011-07-27 18:28:51.0 -0700 @@ -3,3 +3,4 @@ man_page_type_first_char move_compile_end_man_page fix_hyphen_man_page +fix-race-condition.patch diff -Nru a/debian/changelog b/debian/changelog --- a/debian/changelog 2010-04-01 07:42:19.0 -0700 +++ b/debian/changelog 2011-07-27 18:25:07.0 -0700 @@ -1,3 +1,10 @@ +conky (1.8.0-1+squeeze1) stable; urgency=low + + * Patch TEMP-0612033-026F3E: security issue in Conky's eve module, which +causes Conky to be vulnerable to rewriting any user file. + + -- Vincent Cheng vincentc1...@gmail.com Wed, 27 Jul 2011 18:21:50 -0700 + conky (1.8.0-1) unstable; urgency=low * New upstream release: diff -Nru a/debian/patches/fix-race-condition.patch b/debian/patches/fix-race-condition.patch --- a/debian/patches/fix-race-condition.patch 1969-12-31 16:00:00.0 -0800 +++ b/debian/patches/fix-race-condition.patch 2011-07-15 11:31:46.0 -0700 @@ -0,0 +1,80 @@ +Description: Avoid rewriting an arbitrary user file + This patch fixes issue TEMP-0612033-026F3E in Debian's security tracker. +Origin: upstream, http://git.omp.am/?p=conky.git;a=patch;h=70b6f35a846f7b85bd11e66c1f23feee6b369688 +Bug-Debian: http://bugs.debian.org/612033 +Bug-Ubuntu: https://launchpad.net