Re: [SCM] ardour3/master: New upstream revision

2013-03-17 Thread Adrian Knoth 
On 03/13/2013 02:19 AM, edwardw-gu...@users.alioth.debian.org wrote:

> Author: Edward Wang 
> Date:   Tue Mar 12 18:47:57 2013 -0400
> 
> New upstream revision
> 
> diff --git a/debian/changelog b/debian/changelog
> index 2e3b6ac..3e5da3e 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,6 +1,11 @@
> -ardour3 (3.0.0~svn10909-1) UNRELEASED; urgency=low
> +ardour3 (3.0-1) unstable; urgency=low

Nice to see some work on the new A3.

I guess we're deep into new territory with packaging A3, since A3 is
usually built by building all the dependency libraries when building A3
itself.

We certainly don't want embedded copies but rely on the already packaged
versions in Debian.

Here's a list of build dependencies:


http://subversion.ardour.org/svn/ardour2/branches/2.0-ongoing/tools/build-ardour-stack

See the defmod section in the middle.

We may also need to file a bug report against libgnomecanvas to update
the .pc file (see link above, right at the bottom).


According to the website, the distro approach hasn't been thoroughly
tested, so expect all kinds of problems. And when we fuck it up,
upstream will rightfully yell at us, so let's get this right. ;)

That said, let me know whenever you need help or somebody to talk to
upstream.


Cheers

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Atenciosamente;

2013-03-17 Thread Mr Victor Mensah 
Atenciosamente;Meu nome é o Sr. Victor Mensah.I sou um gerente de uma instituição financeira. Eu tenho o seu contato do Ministério das Relações Exteriores e do Ministério da Indústria e Comércio Internacional. Preciso de sua ajuda para transferir EUA $ 3,5 milhões.Este dinheiro é parte dos lucros do nosso banco no ano passado (2012). Eu já enviou relatório anual para o ano passado minha sede do banco, em Acra-Gana e eles não perceberam lucros excessivos. Eu depositei a 3,5 EUA $ milhões em uma conta vinculada, sem um beneficiário (Anônimo) para evitar qualquer vestígio.Eu não pode ser diretamente ligado a esse dinheiro, porque eu ainda trabalho com o banco. Então, eu preciso de sua ajuda para transferir esse dinheiro para o seu país para mim e para você compartilhar. Eu ofereço-lhe 45% deste dinheiro como meu parceiro estrangeiro e 55% seria para mim. Não há risco envolvido, porque vai ser uma transferência de banco para banco.Tudo que você precisa é a sua cooperação honesta para nos permitir ver esta operação através de. Se você está interessado e disposto a ajudar (victormensah2...@gmail.com) responda com você detalhesUm. Seu nome completo:2. Sua ocupação / posição no escritório:3. Sua data de nascimento:4. Estado civil:5. nacionalidade:6. O seu endereço de contato total (casa / escritório):7. Seu passaporte internacional:Oito. O seu telefone privado / fax:Eu vou estar ansioso para receber os detalhes acima. Toda a correspondência será via e-mail ou telefone.Atenciosamente,Sr. Victor Mensah.

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Processed: tagging as pending bugs that are closed by packages in NEW

2013-03-17 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> # Sunday 17 March  19:03:16 UTC 2013
> # Tagging as pending bugs that are closed by packages in NEW
> # http://ftp-master.debian.org/new.html
> #
> # Source package in NEW:  href="http://packages.qa.debian.org/handbrake";>handbrake
> tags 691067 + pending
Bug #691067 [handbrake-gtk] handbrake-gtk: Handbrake SIGABRTs while scanning 
DVD titles
Added tag(s) pending.
> # Source package in NEW:  href="http://packages.qa.debian.org/handbrake";>handbrake
> tags 696471 + pending
Bug #696471 {Done: Fabian Greffrath } [handbrake-cli] 
handbrake-cli: Info page for handbrake not present
Added tag(s) pending.
> # Source package in NEW:  href="http://packages.qa.debian.org/handbrake";>handbrake
> tags 701039 + pending
Bug #701039 [handbrake] handbrake: libhb/decavcodec.c and 
libhb/encavcodecaudio.c in handbrake are missing prototypes
Added tag(s) pending.
> # Source package in NEW: python-stem
> tags 697880 + pending
Bug #697880 [wnpp] ITP: python-stem -- Tor control library for Python
Added tag(s) pending.
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
691067: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691067
696471: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696471
697880: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697880
701039: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701039
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#697144: dir2ogg: Broken sound speed of converted files

2013-03-17 Thread Thomas Orgis 
TLDR: Please check with current mpg123 snapshot and think about either
prescribing format and letting mpg123 write really raw data or make
proper use of the improper WAV header.

Hello,

mpg123 upstream here. I really did not intend to break dir2ogg in
various ways. I totally regret touching WAV writing code at all. While
I think that it is a bit bold to pipe something like WAV to stdout and
expect it to work (many programs really are not happy with the
inconsistent headers that this produces, take audacity or even just
libsndfile), there are some that could make use of this. Among those
are oggenc and lame, for that matter.

I do wonder why you have

opts=['-r', '-R', str(mutagen.File(self.song).info.sample_rate)]

for mpg123 output in dir2ogg. Is this already an attempt to fix broken
WAV output by mpg123? If not, I really have to wonder why you do not just use

mpg123 -s input.mp3 | ogggenc -r -R $rate -C $channels -B 16 -o 
output.ogg

or rather

mpg123 -e s24  -s input.mp3 | ogggenc -r -R $rate -C $channels -B 24 -o 
output.ogg

for avoiding extra quality impact from rounding to 16 bit in between
(sadly, oggenc does not seem to support float, which would avoid
integer intermediate altogether).

Note $channels ... current dir2ogg will screw up if the input is a mono
file. It assumes stereo. 

Thing is, you tell mpg123 to write WAV headers and then tell oggenc to
ignore them via -r. That confuses me. If you want raw data, tell mpg123
to deliver raw data to stdout via the -s switch.

But, once we got through this mess with the repeatedly messed up
WAV-to-stdout (which I always recommend to use with caution only ...),
for example using current http://mpg123.org/snapshot, which shall
become mpg123 1.16.0, you can just do that:

src/mpg123 -w - -e s24 input.mp3 | oggenc  -o output.ogg -

and have it magically work. Note that the '-e s24' might not be
available on certain builds of mpg123. If it is supported, it appears in

mpg123 --longhelp

in this line:

 -e  --encoding  force a specific encoding (s16 u16 u8 s8 ulaw alaw 
f32 s32 u32 s24 u24)

I might add a specific switch to ask about that (mpg123
--list-encodings or such) to 1.16.0, if it's desired.

To support all versions of mpg123, you can extend your hack that
inserts the sample rate via mutagen and have it provide the full format
(including channel count) and just pipe the raw data from mpg123 via
-s. The option for s24 format would just reduce the quality loss a
bit ... if you care about that when converting between lossy formats;-)

Using the WAV output of a minimally required mpg123 >= 1.16.0 would
avoid the question of checking which output format is available. People
can make different builds of mpg123 that have different (default)
sample format (floating point, for example).

It's interesting that oggenc and lame are the only tools I found with
some quick tests that are happy with the kind of broken WAV you get via
pipes. But then, if you intend to store such files, you'd better write
them properly.


Alrighty then,

Thomas


signature.asc
Description: PGP signature
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#703200: libav: CVE-2013-0894 CVE-2013-2277 CVE-2013-2495 CVE-2013-2496

2013-03-17 Thread Reinhard Tartler 
On Sat, Mar 16, 2013 at 9:09 PM, Michael Gilbert  wrote:
> package: src:libav
> severity: grave
> version: 6:0.8.5-1
>
> Hi, the following vulnerabilities were published for libav.  These are
> currently unfixed in 0.8.5-1.
>
> CVE-2013-0894[0]:
> | Buffer overflow in the vorbis_parse_setup_hdr_floors function in the
> | Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3,
> | as used in Google Chrome before 25.0.1364.97 on Windows and Linux and
> | before 25.0.1364.99 on Mac OS X and other products, allows remote
> | attackers to cause a denial of service (divide-by-zero error or
> | out-of-bounds array access) or possibly have unspecified other impact
> | via vectors involving a zero value for a bark map size.

scheduled for 0.8.6, commit v0.8.5-12-ge050af9

> CVE-2013-2277[1]:
> | The ff_h264_decode_seq_parameter_set function in h264_ps.c in
> | libavcodec in FFmpeg before 1.1.3 does not validate the relationship
> | between luma depth and chroma depth, which allows remote attackers to
> | cause a denial of service (out-of-bounds array access and application
> | crash) or possibly have unspecified other impact via crafted H.264
> | data.
>

Scheduled for 0.8.6, commit v0.8.5-19-g9e48d77

> CVE-2013-2495[2]:
> | The iff_read_header function in iff.c in libavformat in FFmpeg through
> | 1.1.3 does not properly handle data sizes for Interchange File Format
> | (IFF) data during operations involving a CMAP chunk or a video codec,
> | which allows remote attackers to cause a denial of service (integer
> | overflow, out-of-bounds array access, and application crash) or
> | possibly have unspecified other impact via a crafted header.

Patch proposed: http://patches.libav.org/patch/36075/

We are currently discussing this issue; we are unsure if the fix from
FFmpeg is correct.

> CVE-2013-2496[3]:
> | The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in
> | FFmpeg through 1.1.3 does not properly determine certain end pointers,
> | which allows remote attackers to cause a denial of service
> | (out-of-bounds array access and application crash) or possibly have
> | unspecified other impact via crafted Microsoft RLE data.

scheduled for 0.8.6, commit v0.8.5-38-g4160398

> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

Will do.

As for the timeline, I actually intended to release 0.8.6 this
weekend, but since you have raised these four issues, I'm considering
to delay the release for another week to allow further testing, espc.
given that one of the issues did not even land in master yet.

Thanks for raising these security issues.

-- 
regards,
Reinhard

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers