Re: Seeking for sponsorship for linuxptp (PTP/IEEE1588 implementation)

[Tino Mettler]

On Tue, 2015-02-17 at 15:50 -0300, Felipe Sateler wrote:
> On Tue, Feb 17, 2015 at 1:44 PM, Adrian Knoth  
> wrote:

> I am happy to upload, but I cannot commit to reviewing the packaging
> on my own. If other members of the team help up reviewing the package,
> I am willing to sponsor.

Hi Felipe,

thanks for the offer.

> > What about the original ptpd maintainer?
> >
> > Package: ptpd
> > Version: 2.3.0-dfsg-1
> > Maintainer: Roland Stigge 
> 
> Indeed.

I already contacted him a few weeks ago but got no reply.

> > For those less familiar with contemporary audio hardware: PTP is the
> > foundation of low-latency audio-over-IP. Every recent AoIP protocol
> > uses it, and so does AES67, a standard that people finally agreed on to
> > replace the many competing AoIP protocols out there.
> >
> 
> Out of curiosity, which apps should end up adding such support?
> End-user apps like ardour or more plumbing layers like jack and
> pulseaudio? Or maybe even ALSA?

I think jack, pulseaudio and ALSA would be more appropriate. For
Windows, there is already a virtual sound card driver, for example.

> Is there already a free implementation of this protocol somewhere?

It is not a new protocol standard, but an interoperability standard that
involves existing protocols like RTP, RTCP, SIP and PTP and defines
certain usage profiles. There is no free Linux implementation that I am
aware of, yet. However, linuxptp can also be used to provide PTP data to
other devices in the network, which is why I started to work on a Debian
package.

Regards,
Tino



___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#778669: mediatomb allows anyone to browse and export the whole filesystem

[Olivier Le Thanh Duong]

Package: mediatomb-daemon
Version:  0.12.1-4
Severity: grave
Tag: security

This is a regression of the bug that was fixed in #580120, but somehow the
patch applied got revert. Anyone can list and download all the file
accessible to the mediatomb user via the daemon web interface, which is
binded to 0.0.0.0

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580120


-- 
Olivier Lê Thanh Duong 
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Processed: unarchiving 580120

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> unarchive 580120
Bug #580120 {Done: Alexander Reichle-Schmehl } [mediatomb] 
mediatomb allows anyone to browse and export the whole filesystem
Unarchived Bug 580120
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
580120: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580120
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Processed (with 1 errors): unarchiving 580120, reopening 580120, found 580120 in 0.12.0~svn2018-6 ..., found 580120 in 0.12.1-4

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> unarchive 580120
> reopen 580120
Bug #580120 {Done: Alexander Reichle-Schmehl } [mediatomb] 
mediatomb allows anyone to browse and export the whole filesystem
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions mediatomb/0.12.0~svn2018-6.1.
> found 580120 0.12.0~svn2018-6
Bug #580120 [mediatomb] mediatomb allows anyone to browse and export the whole 
filesystem
Ignoring request to alter found versions of bug #580120 to the same values 
previously set
> fixed 580120 0.12.0~svn2018-6.1
Bug #580120 [mediatomb] mediatomb allows anyone to browse and export the whole 
filesystem
Marked as fixed in versions mediatomb/0.12.0~svn2018-6.1.
> found 580120 0.12.1-4
Bug #580120 [mediatomb] mediatomb allows anyone to browse and export the whole 
filesystem
Marked as found in versions mediatomb/0.12.1-4.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
580120: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580120
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#778529: lame: fill_buffer_resample segmentation fault

[Fabian Greffrath]

Am Dienstag, den 17.02.2015, 11:19 +0100 schrieb Fabian Greffrath: 
> But, the sample at hand reports -251 channels. Adding "... ||
> gfp->num_channels < 0)" to Maks' patch actually fixes the crash.

But this is still not the cause of the crash, sigh! Patching the sample
to report 1 channel, it still crashes at the same location.

- Fabian

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#778529: lame: fill_buffer_resample segmentation fault

[Fabian Greffrath]

Control: tags -1 + patch

Am Mittwoch, den 18.02.2015, 10:53 +0100 schrieb Fabian Greffrath: 
> But this is still not the cause of the crash, sigh! Patching the sample
> to report 1 channel, it still crashes at the same location.

Phew, got it.

This time, it was a simple logical error in the lame sources: The "fake"
sample rate of the fuzzed input file is 1631 kHz which lame tries to
sample down to 48 kHz in the process of encoding. The ratio between
input and output samplerates is thus 1631/48000=339.79 which is
very close, but only close, to the integer value 340.

In libmp3lame/util.c:fill_buffer_resample(), lame checks if the ratio
between input and output sample rate is an integer by the following
calculation (l. 547):

intratio = (fabs(resample_ratio - floor(.5 + resample_ratio)) < .0001);

Please note that the value of .0001, which the fabs() of the difference
is compared against here, is a rather arbitrary value and is *not*
sufficient to tell the difference between an integer and a floating
point ratio in the case at hand (where it is actually about 0.2)!
The value of "intratio" is added to another variable "filter_l" a few
lines later, which in turn is used in the calculation of the value of
the "offset" variable, which triggers the assertion (l. 594f):

offset = (time0 - esv->itime[ch] - (j + .5 * (filter_l % 2)));
assert(fabs(offset) <= .501);

In the case at hand, "filter_l" has got an even value by addition of
"intratio", which in turn was set to 1 in good faith that the sample
rate ratio is integer, whereas in reality it is not. Thus, the latter
part of the equation above is not substracted from the "offset"
variable, so its value is higher than it should. In the following line,
"offset" is used to calculate the value of "joff", which is used to
dereference "esv->blackfilt", where it causes an overflow and finally a
segfault (l. 608):

xvalue += y * esv->blackfilt[joff][i];


The trivial fix for this would be to decrease the arbitrary value
of .0001 by another factor 10 and compare against 0.1, but this
would only suffice until the next fuzzed sample with an even higher
sample rate is provided. I thus suggest to compare against the smallest
number of type double (resample_ratio is of type double) that can still
be distinguished from 0: DBL_EPSILON. The attached patch does exact
that.

Cheers,

Fabian


-- 
Dr.-Ing. Fabian Greffrath, Dipl.-Phys.
RWTH Aachen University
Institute of Mineral Engineering (GHI)
Mauerstr. 5, D-52064 Aachen
Phone: +49-241-8094979, Fax: +49-241-8092226
Subject: Fix decision if sample rate ratio is an integer value or not
 If the sample rate of the input file is sufficiently close to an
 integer multiple of the output sample rate, the value of the intratio
 variable is calculated incorrectly. This leads to further values
 being miscalculated up to the joff variable which is used as an index
 to dereference the esv->blackfilt array. This leads top an overflow
 and causes a segmentation fault.
Author: Fabian Greffrath 
Bug-Debian: https://bugs.debian.org/778529

--- a/libmp3lame/util.c
+++ b/libmp3lame/util.c
@@ -26,6 +26,7 @@
 # include 
 #endif
 
+#include 
 #include "lame.h"
 #include "machine.h"
 #include "encoder.h"
@@ -544,7 +545,7 @@ fill_buffer_resample(lame_internal_flags
 if (bpc > BPC)
 bpc = BPC;
 
-intratio = (fabs(resample_ratio - floor(.5 + resample_ratio)) < .0001);
+intratio = (fabs(resample_ratio - floor(.5 + resample_ratio)) <= DBL_EPSILON);
 fcn = 1.00 / resample_ratio;
 if (fcn > 1.00)
 fcn = 1.00;
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Processed: Re: Bug#778529: lame: fill_buffer_resample segmentation fault

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + patch
Bug #778529 [lame] lame: fill_buffer_resample segmentation fault
Added tag(s) patch.

-- 
778529: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778529
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#778529: lame: fill_buffer_resample segmentation fault

[Henri Salo]

On Wed, Feb 18, 2015 at 12:11:35PM +0100, Fabian Greffrath wrote:
> Phew, got it.

Thank you for your comprehensive analysis. I have verified that the patch fixes
this issue. Should I report this to upstream bug tracker or does package
maintainer handle that? Bug tracker in sourceforge.net does not seem to be very
active.

-- 
Henri Salo

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#778529: lame: fill_buffer_resample segmentation fault

[Fabian Greffrath]

Am Mittwoch, den 18.02.2015, 12:11 +0100 schrieb Fabian Greffrath: 
> This time, it was a simple logical error in the lame sources: The "fake"
> sample rate of the fuzzed input file is 1631 kHz which lame tries to
> sample down to 48 kHz in the process of encoding. The ratio between
> input and output samplerates is thus 1631/48000=339.79 which is
> very close, but only close, to the integer value 340.

Actually, the bug is easy to reproduce even without a fuzzed sample.
Take a random valid WAV file and convert it to another sample rate, e.g.

sox /path/to/dummy.wav --rate 95999 crash.wav

This time, I set the input sample frequency to 95999 Hz, which is
2*48kHz-1Hz. The "intratio" variable will be set to 1 again, although
fabs(resample_ratio - floor(.5 + resample_ratio)) == 0.2 < 0.0001 !=
0. The crash.wav sample will thus crash LAME.

- Fabian

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Processed: tagging 778669

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 778669 + security
Bug #778669 [mediatomb-daemon] mediatomb allows anyone to browse and export the 
whole filesystem
Added tag(s) security.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
778669: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778669
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Processing of mpv_0.8.0-1+ffmpeg_amd64.changes

[Debian FTP Masters]

mpv_0.8.0-1+ffmpeg.dsc has incorrect md5 checksum; deleting it
mpv_0.8.0-1+ffmpeg.debian.tar.xz has incorrect size; deleting it
mpv_0.8.0-1+ffmpeg_amd64.deb has incorrect size; deleting it

Greetings,

Your Debian queue daemon (running on host coccia.debian.org)

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Processing of mpv_0.8.0-1_amd64.changes

[Debian FTP Masters]

mpv_0.8.0-1_amd64.changes uploaded successfully to ftp-master.debian.org
along with the files:
  mpv_0.8.0-1.dsc
  mpv_0.8.0.orig.tar.gz
  mpv_0.8.0-1.debian.tar.xz
  mpv_0.8.0-1_amd64.deb
  mpv-dbg_0.8.0-1_amd64.deb
  libmpv1_0.8.0-1_amd64.deb
  libmpv-dev_0.8.0-1_amd64.deb
  libmpv-dbg_0.8.0-1_amd64.deb

Greetings,

Your Debian queue daemon (running on host coccia.debian.org)

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Processing of mpv_0.8.0-1_amd64.changes

[Debian FTP Masters]

mpv_0.8.0-1_amd64.changes uploaded successfully to localhost
along with the files:
  mpv_0.8.0-1.dsc
  mpv_0.8.0.orig.tar.gz
  mpv_0.8.0-1.debian.tar.xz
  mpv_0.8.0-1_amd64.deb
  mpv-dbg_0.8.0-1_amd64.deb
  libmpv1_0.8.0-1_amd64.deb
  libmpv-dev_0.8.0-1_amd64.deb
  libmpv-dbg_0.8.0-1_amd64.deb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Processing of mpv_0.8.0-1+ffmpeg_amd64.changes

[Debian FTP Masters]

mpv_0.8.0-1+ffmpeg.dsc doesn't exist
mpv_0.8.0-1+ffmpeg.debian.tar.xz doesn't exist
mpv_0.8.0-1+ffmpeg_amd64.deb doesn't exist
mpv-dbg_0.8.0-1+ffmpeg_amd64.deb has incorrect size; deleting it
Due to the errors above, the .changes file couldn't be processed.
Please fix the problems for the upload to happen.

Greetings,

Your Debian queue daemon (running on host coccia.debian.org)

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

mpv_0.8.0-1_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Wed, 18 Feb 2015 15:12:55 +0100
Source: mpv
Binary: mpv mpv-dbg libmpv1 libmpv-dev libmpv-dbg
Architecture: source amd64
Version: 0.8.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers 

Changed-By: Alessandro Ghedini 
Description:
 libmpv-dbg - video player based on MPlayer/mplayer2 (client library debug)
 libmpv-dev - video player based on MPlayer/mplayer2 (client library dev files)
 libmpv1- video player based on MPlayer/mplayer2 (client library)
 mpv- video player based on MPlayer/mplayer2
 mpv-dbg- video player based on MPlayer/mplayer2 (debug)
Changes:
 mpv (0.8.0-1) unstable; urgency=medium
 .
   * New upstream release
   * Update to waf 1.8.4
   * Don't run clean if no waf is present
   * Refresh patches
   * Update symbols file
   * Only enable joystick support on linux
Checksums-Sha1:
 1d719219868e22d3d3ee3f1fe464114c3ab9bff7 2794 mpv_0.8.0-1.dsc
 8185c54989a92d7e622850ef869180cf3e239d2f 2661713 mpv_0.8.0.orig.tar.gz
 1615cb278850376789fa644c0786d226adb3a52e 95188 mpv_0.8.0-1.debian.tar.xz
 7437d8bed036dabcae9291bf3b81b491d726f9b3 775066 mpv_0.8.0-1_amd64.deb
 0229b8f67f44104f70ff0ce569ba243dfa4f39e7 1973088 mpv-dbg_0.8.0-1_amd64.deb
 0cf5bb767118c0e0e26d30f339dd5c073c0859c3 603390 libmpv1_0.8.0-1_amd64.deb
 619ff40dfc520878e75a361f35c5ed5c6520aad2 43514 libmpv-dev_0.8.0-1_amd64.deb
 407c7e012b12dd8820a74a8430d68fca85a97165 1960350 libmpv-dbg_0.8.0-1_amd64.deb
Checksums-Sha256:
 069c42397750dcf11ae62fc8148920626a3574bf26fa25102c0cf23fd4aeb9df 2794 
mpv_0.8.0-1.dsc
 e3655279450cd37ddf036ab511c0c2070f269f7ce34a44757880bf67db241584 2661713 
mpv_0.8.0.orig.tar.gz
 55ef18cf2617e2c29ed60644986a66452819924965b298502de40648b4e3250d 95188 
mpv_0.8.0-1.debian.tar.xz
 e68195b2da7092a89cc4bdbed3efb98df266eac70e8a031f92df71bdb428cc5c 775066 
mpv_0.8.0-1_amd64.deb
 e9583222e2fab52a07fe06ad4ae318ae76e929b85a62b3ffea1cf1b1e1860c1b 1973088 
mpv-dbg_0.8.0-1_amd64.deb
 91789ec69f6a48a4f0412d8cd0316de4ffd172400f5b666080cc30e3597bb6ba 603390 
libmpv1_0.8.0-1_amd64.deb
 39ce64a20f0d93c4e45ed9157cc32b17e27c51d9f1caa6db90b174ebea9929ed 43514 
libmpv-dev_0.8.0-1_amd64.deb
 3e50a56d5b495c45972a8d4ead5aa7235723cdb9e9304f0dba0c0465feca4659 1960350 
libmpv-dbg_0.8.0-1_amd64.deb
Files:
 bcbbad38fd863fab34897dd7d292a59f 2794 video optional mpv_0.8.0-1.dsc
 b3d02a0db096e77ce38c3946dd631e58 2661713 video optional mpv_0.8.0.orig.tar.gz
 48231f8893f674030aa4c9cbfc4ef6d2 95188 video optional mpv_0.8.0-1.debian.tar.xz
 b95a1704d979c75503d43f345ec70691 775066 video optional mpv_0.8.0-1_amd64.deb
 fb607156c4411d413ce4738ec4ab9c88 1973088 debug extra mpv-dbg_0.8.0-1_amd64.deb
 ed963b1b3ab72a254b008e40bcfceaba 603390 libs optional libmpv1_0.8.0-1_amd64.deb
 1af0fa9ccd7836664e2e061441d07ce3 43514 libdevel optional 
libmpv-dev_0.8.0-1_amd64.deb
 b42ed279b0d7b45e8cec0e75e6b152ff 1960350 debug extra 
libmpv-dbg_0.8.0-1_amd64.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJU5J7dAAoJEK+lG9bN5XPLpvQP/14gTUayvrVl1V3GXhLjEAUd
CZI/QlJyIdr19nBtSLv5BYmAUhGko5pgU0AJujBWbKYjARzOyk7LFFuW9hA2WBHb
29AqZ6Gci0FRmajqS6BcTF9B/0poX8oe3mr0MYqefuDd0WVivJW4d6h0iAZBZ1I1
oP32uHpmn040Edl7Bmn5t9aDUDZFByZlqPvvt9WLPVmbynVm+COoyOJ50nmoEqzL
O52DKOp0dXndzGjSsa0Ewli9P4//oM3+ctFJY563QCGuzeGV2VADB/pP3bsl3Sir
vCeeg6SrKxCrtILjQzpggiW92Jhw1m14e6OA4hiwCRHva3drkrvsiQGuZjgYz1jz
UMLwQOc2W8KP3xPoEHi+LKPR3VMCfZK2Q1hcFrrxE8NbLpHYfFIeUO7Ksff+K1Dx
rca1W2r898Zoqo1J5jvBWa3Pg0EPqiFXvrf6eDGAgFAB+DmUwTvOswYQBFtVu+FR
u225X70lVXGmHDV7WQFpPOfohbbP/Ncp6iCd9Tz8Jmutz449rGIHu5X4hcdTzF2i
780h7sHeszciqIkUcDZBj34PwnS6tRNGRhp3CXLMernI/eFf41TJmsBVMI7gVpV0
pDCj3bwbwcNAHBAOQPlNRzm69WXrU41tQ9im3Hiv2Nd0gdfNTDPu/IG8bU2y0SMK
yDjtBt7v3GGOSR8Qslpa
=1LJa
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Re: vlevel_0.5-1_amd64.changes REJECTED with python backtrace, then ACCEPTED, but still not in the package list

[Axel Beckert]

Hi,

Nearly fullquote for reference:

Axel Beckert wrote on 6th of January 2015:
> Debian FTP Masters wrote:
> > An exception was raised while processing the package:
> > Traceback (most recent call last):
> >   File "/srv/ftp-master.debian.org/dak/dak/process_policy.py", line 99, in 
> > wrapper
> > function(upload, srcqueue, comments, transaction)
> >   File "/srv/ftp-master.debian.org/dak/dak/process_policy.py", line 160, in 
> > comment_accept
> > transaction.copy_source(upload.source, suite, 
> > source_component_func(upload.source), allow_tainted=allow_tainted)
> >   File "/srv/ftp-master.debian.org/dak/dak/process_policy.py", line 147, in 
> > source_component_func
> > return get_mapped_component(component, session=session)
> >   File "/srv/ftp-master.debian.org/dak/dak/daklib/dbconn.py", line 160, in 
> > wrapped
> > return fn(*args, **kwargs)
> >   File "/srv/ftp-master.debian.org/dak/dak/daklib/dbconn.py", line 717, in 
> > get_mapped_component
> > component = 
> > session.query(Component).filter_by(component_name=component_name).first()
> >   File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line 
> > 2156, in first
> > ret = list(self[0:1])
> >   File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line 
> > 2023, in __getitem__
> > return list(res)
> >   File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line 
> > 2227, in __iter__
> > return self._execute_and_instances(context)
> >   File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line 
> > 2242, in _execute_and_instances
> > result = conn.execute(querycontext.statement, self._params)
> >   File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 
> > 1449, in execute
> > params)
> >   File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 
> > 1584, in _execute_clauseelement
> > compiled_sql, distilled_params
> >   File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 
> > 1698, in _execute_context
> > context)
> >   File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 
> > 1691, in _execute_context
> > context)
> >   File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/default.py", 
> > line 331, in do_execute
> > cursor.execute(statement, parameters)
> > ProgrammingError: (ProgrammingError) can't adapt type 'Component' 'SELECT 
> > component.id AS component_id, component.name AS component_name, 
> > component.description AS component_description, component.meets_dfsg AS 
> > component_meets_dfsg, component.created AS component_created, 
> > component.modified AS component_modified, component.ordering AS 
> > component_ordering \nFROM component \nWHERE component.name = %(name_1)s \n 
> > LIMIT %(param_1)s' {'name_1': , 'param_1': 1}
> > 
> > Original comments:
> > 
> > 
> > ===
> > 
> > Please feel free to respond to this email if you don't understand why
> > your files were rejected, [...]
> 
> Eh, yes, I don't understand it. :-)
> 
> Looks like either a programming error or (probably more likely) a not
> available database connection. Or is it related to the fact that the
> package was signed with my (now removed) 1024-bit key?

I've uploaded vlevel again signed with my new key and it got accepted
on 13th of February 2015, i.e. like five days ago. This is more than
enough time to propagate to the buildds, but the package hasn't been
built yet on any buildd.

Nevertheless the package never seems to have hit the archive and the
common places where I can track a package's state look inconsistent:

(Half) found here:

https://packages.qa.debian.org/v/vlevel.html
https://tracker.debian.org/pkg/vlevel
http://ftp.ch.debian.org/debian/pool/main/v/vlevel/
https://qa.debian.org/developer.php?login=abe

Not found here:

https://buildd.debian.org/status/package.php?p=vlevel
https://packages.debian.org/search?keywords=vlevel
https://qa.debian.org/developer.php?login=pkg-multimedia-maintainers%40lists.alioth.debian.org

root@plattenberg:/export/mirror/debian/dists/sid/main/binary-amd64/ # xzgrep 
vlevel Packages.xz
root@plattenberg:/export/mirror/debian/dists/sid/main/binary-amd64/ # cd 
../source/
root@plattenberg:/export/mirror/debian/dists/sid/main/source/ # xzgrep vlevel 
Sources.xz
root@plattenberg:/export/mirror/debian/dists/sid/main/source/ #

(plattenberg = debian.ethz.ch = ftp.ch.debian.org)

http://incoming.debian.org/debian-buildd/pool/main/v/ (not sure if
should still be visible here, but since it hadn't hit the buildds yet...)

It would be nice if someone from the FTP Masters or Assistants could
have a look at this inconsistency. TIA! (I'll happily reupload the
package if necessary, just tell me.)

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E 

Re: Bugs with forked-daapd (Itunes 12.1)

[Bálint Réczey]

Hi,

2015-02-17 14:18 GMT+01:00  :
> Package:forked-daapd
> Version: 22.0-1
>
> When I try to connect the newest Itunes version 12.1 to my server with
> forked-daapd on it, it shows that the library is empty. With previous
> versions of Itunes that did not happen, so i think apple changed something
> in the protocol.
>
> I am using debian jessie with with kernel 3.16-2-amd64.
Please open a proper bug report about the issue to let us manage it
according to our usual process:
https://www.debian.org/Bugs/

Thanks,
Balint

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Fwd: Thank YOU! GrooveBasin

[Andrew Kelley]

Happy Groove Basin user :-)

Not a Debian user but still, I thought it would be nice to see a happy user
of a project packaged by the Multimedia Team.


-- Forwarded message --
From: kevin folz 
Date: Wed, Feb 18, 2015 at 11:54 AM
Subject: Thank YOU! GrooveBasin
To: superjo...@gmail.com


Where can I help / donate $$ to this project. You sir need a beer on me.

Honestly, I have been searching for the perfect (linux) media player for 3
years... and so happy to have found you. I just installed 1.5.0 on arch
linux. BLOWN AWAY!

I am also a software engineer...  and thats a problem, hard to settle on
"crap" software, that you know you would make differently. your software is
EXACTLY how I would make it.

Searching through the library, most software fails at searching for
file/folder names! Some modify your music folder / add metadata (awful).
Groove '/' keyboard shortcut + random_folder_name + 'enter' BAM! LOVE IT!

I used Winamp on Windows for 10 years+, the simple "playlist first" UI is
what I liked+ "Jump To File" for queue but I use Linux at work since
2011. I also have 33,000 songs, so very few players survive.

My Carputer (arch + bluetooth + pulse) -> car stereo will also switch to
this (vs audacious) as I now have an android app (MPDroid) to control
it :D :D Bluez doesn't support AVRCP properly yet either so a simple
tablet mounted to dash will work just fine.

Audacious (with search tool plugin) in Ubuntu comes close, but lacks Web UI
/ Android apps. Mpris is an awesome protocol though.
http://specifications.freedesktop.org/mpris-spec/latest/

My only todo, is implementing global hotkeys... I should be able to rig
that through window manger -> mpd console cmd, I would hope?

Your biggest fan, sorry for the long email, I am SUPER excited.
-Kevin

pps. love the streaming! I actually don't need to bring my USB HDD to work
anymore ! Much awesome. Such respect. Wow!
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Re: Thank YOU! GrooveBasin

[Felipe Sateler]

On Wed, Feb 18, 2015 at 4:22 PM, Andrew Kelley  wrote:
> Happy Groove Basin user :-)
>
> Not a Debian user but still, I thought it would be nice to see a happy user
> of a project packaged by the Multimedia Team.

:) Thanks for forwarding this.


-- 

Saludos,
Felipe Sateler

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#778707: differing dependencies between builds

[Reiner Herrmann]

Source: pyliblo
Version: 0.9.2-1
User: reproducible-bui...@lists.alioth.debian.org
Usertags: randomness

Hi!

While working on Debian's “reproducible builds” effort [1], we have
noticed that pyliblo-utils had different dependencies in two different
builds [2].

In the first build it had:
 Depends: python-liblo, python, python:any (>= 2.5~)

While on the second build:
 Depends: python-liblo, python3, python:any (>= 2.5~)
(python3 instead of python)

The included scripts also had different shebangs, #!/usr/bin/python
vs. #!/usr/bin/python3.

Regards,
 Reiner

[1]: https://wiki.debian.org/ReproducibleBuilds
[2]: https://reproducible.debian.net/pyliblo



signature.asc
Description: OpenPGP digital signature
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Re: Seeking for sponsorship for linuxptp (PTP/IEEE1588 implementation)

[IOhannes m zmölnig (Debian/GNU)]

(oops, forgot to include tino, who might not be subscribed to p-m-m;
sorry for the noise)

On 02/17/2015 07:50 PM, Felipe Sateler wrote:
>> As for DDs: ales...@debian.org or umlae...@debian.org, we have even more
>> in the multimedia team.
> 
> I am happy to upload, but I cannot commit to reviewing the packaging
> on my own. If other members of the team help up reviewing the package,
> I am willing to sponsor.
> 

me too (and I am personally interested in ptp packages).
however, i would welcome it if the package would be team-maintained
under the pkg-multimedia umbrella.

anyhow, i'm currently doing a quick review of the package.
some notes:

- i very much prefer to build the package using git(-buildpackage) to
just buliding packages from mentors.d.n, as this is my proven toolchain
to build in a chroot environment.
i am not a gitpkg user though, so i need some help, which you already
provide in the debian/README.source (thanks for that!).
unfortunately the information therein is not sufficient (and the
pristine-tar line mentioning "syncevolution" is rather suspicious).
i cloned http://tikei.de/git/linuxptp-debian.git and setup the
quilt-patches hook; but running `gitpkg master` gives me the following
error:

~~~
$ gitpkg master
git archive exporting master
preparing ../deb-packages/linuxptp/linuxptp-1.5
dpkg-source -b linuxptp-1.5
dpkg-source: info: using source format `3.0 (quilt)'
dpkg-source: info: building linuxptp using existing
./linuxptp_1.5.orig.tar.gz
patching file makefile
Reversed (or previously applied) patch detected!  Skipping patch.
1 out of 1 hunk ignored
dpkg-source: info: the patch has fuzz which is not allowed, or is malformed
dpkg-source: info: if patch
'0001-Adjust-installation-directory-for-Debian.patch' is correctly
applied by quilt, use 'quilt refresh' to update it
dpkg-source: error: LC_ALL=C patch -t -F 0 -N -p1 -u -V never -g0 -E -b
-B .pc/0001-Adjust-installation-directory-for-Debian.patch/
--reject-file=- <
linuxptp-1.5.orig.zcTD_d/debian/patches/0001-Adjust-installation-directory-for-Debian.patch
gave error exit status 1
~~~


- as this package has never been in debian before, you can trim the
debian/changelog to a bare minimum (that is: a single section for
"1.5-1" [sic!])

- there's a typo in README.Debian: "I also uses eth0" should probably
read "It also uses eth0".
it also might make a bit more sense to use "eth1" in the example (as the
example you give does changes the behaviour to the original one :-))

- debian/rules
there seems to be some cruft at the beginning of the file.
e.g. why don't you just use `dpkg-parsechangelog -S Source` to get the
srcpackage name?
also you go through some hoops to parse the upstream-version from the
debian/changelog, but then you hardcode UPSTREAMTAG to "upstream/1.5".
most likely you can delete lines 3..8

- configuration files:
any reasons you don't put all configuration files into /etc/ptp4l/ ?
this might allow you to replace the override_dh_auto_install cruft by a
simple debian/install file (but this might rename the /etc/ptp4l.conf to
/etc/ptp4l/default.conf)


i still have to do some functionality tests of the package...


fgmsard
IOhannes







signature.asc
Description: OpenPGP digital signature
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Re: Seeking for sponsorship for linuxptp (PTP/IEEE1588 implementation)

[IOhannes m zmölnig]

On 02/17/2015 07:50 PM, Felipe Sateler wrote:
>> As for DDs: ales...@debian.org or umlae...@debian.org, we have even more
>> in the multimedia team.
> 
> I am happy to upload, but I cannot commit to reviewing the packaging
> on my own. If other members of the team help up reviewing the package,
> I am willing to sponsor.
> 

me too (and I am personally interested in ptp packages).
however, i would welcome it if the package would be team-maintained
under the pkg-multimedia umbrella.

anyhow, i'm currently doing a quick review of the package.
some notes:

- i very much prefer to build the package using git(-buildpackage) to
just buliding packages from mentors.d.n, as this is my proven toolchain
to build in a chroot environment.
i am not a gitpkg user though, so i need some help, which you already
provide in the debian/README.source (thanks for that!).
unfortunately the information therein is not sufficient (and the
pristine-tar line mentioning "syncevolution" is rather suspicious).
i cloned http://tikei.de/git/linuxptp-debian.git and setup the
quilt-patches hook; but running `gitpkg master` gives me the following
error:

~~~
$ gitpkg master
git archive exporting master
preparing ../deb-packages/linuxptp/linuxptp-1.5
dpkg-source -b linuxptp-1.5
dpkg-source: info: using source format `3.0 (quilt)'
dpkg-source: info: building linuxptp using existing
./linuxptp_1.5.orig.tar.gz
patching file makefile
Reversed (or previously applied) patch detected!  Skipping patch.
1 out of 1 hunk ignored
dpkg-source: info: the patch has fuzz which is not allowed, or is malformed
dpkg-source: info: if patch
'0001-Adjust-installation-directory-for-Debian.patch' is correctly
applied by quilt, use 'quilt refresh' to update it
dpkg-source: error: LC_ALL=C patch -t -F 0 -N -p1 -u -V never -g0 -E -b
-B .pc/0001-Adjust-installation-directory-for-Debian.patch/
--reject-file=- <
linuxptp-1.5.orig.zcTD_d/debian/patches/0001-Adjust-installation-directory-for-Debian.patch
gave error exit status 1
~~~


- as this package has never been in debian before, you can trim the
debian/changelog to a bare minimum (that is: a single section for
"1.5-1" [sic!])

- there's a typo in README.Debian: "I also uses eth0" should probably
read "It also uses eth0".
it also might make a bit more sense to use "eth1" in the example (as the
example you give does changes the behaviour to the original one :-))

- debian/rules
there seems to be some cruft at the beginning of the file.
e.g. why don't you just use `dpkg-parsechangelog -S Source` to get the
srcpackage name?
also you go through some hoops to parse the upstream-version from the
debian/changelog, but then you hardcode UPSTREAMTAG to "upstream/1.5".
most likely you can delete lines 3..8

- configuration files:
any reasons you don't put all configuration files into /etc/ptp4l/ ?
this might allow you to replace the override_dh_auto_install cruft by a
simple debian/install file (but this might rename the /etc/ptp4l.conf to
/etc/ptp4l/default.conf)


i still have to do some functionality tests of the package...


fgmsard
IOhannes





signature.asc
Description: OpenPGP digital signature
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

mediatomb is marked for autoremoval from testing

[Debian testing autoremoval watch]

mediatomb 0.12.1-7 is marked for autoremoval from testing on 2015-03-05

It is affected by these RC bugs:
580120: mediatomb: mediatomb allows anyone to browse and export the whole 
filesystem


___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Processed: Re: Bug#778703: lame: segmentation fault at get_audio.c:865

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + patch security
Bug #778703 [lame] lame: segmentation fault at get_audio.c:865
Added tag(s) security and patch.

-- 
778703: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778703
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#778703: lame: segmentation fault at get_audio.c:865

[Fabian Greffrath]

Control: tags -1 + patch security

Hi again Henri,

Am Mittwoch, den 18.02.2015, 20:59 +0200 schrieb Henri Salo: 
> I found another segmentation fault crash while fuzzing with AFL
> . For some reason I can't get full backtrace
> with gdb.

now this is really only caused by the fact that num_channels has a
negative value. It was a bit tricky to investigate since the stack was
smashed (thus no backtrace) but the analysis should be reasonable.

The sample at hand reports to have num_channels = -251, and it is really
unbelievable that there is no early sanity check yet for this value.
However, in get_audio_common() the num_channels variable is set to this
value (l. 733), which is then multiplied with the value of
samples_to_read (= 576) and passed over to read_samples_pcm() (l. 800).
This function, in turn, passes the value of samples_to_read (now
-144576) over to unpack_read_samples() (l. 1289) together with a pointer
to sample_buffer which is a static int array of size 2304. In
unpack_read_samples() finally the value of samples_to_read is passed
over to a fread() call as the number of elements of size
"bytes_per_sample" (= 1) to read from the pcm_in stream (l. 1188).

The arguments in question of fread() are of type size_t, i.e. unsigned.
The value of samples_to_read (= -144576) translates to
18446744073709407040 as size_t type, i.e. "unlimited". And indeed
fread() returns 3967 bytes into the samples_read variable.
Unfortunately, these 3967 bytes have been written into the static int
array "sample_buffer" which was of size 2304. Boom, stack corrupted!

I suggest to fix this issue at its root and extend Maks' patch to also
bail out if (num_channels < 0). Patching the sample you provided to
num_channels = 1, LAME processes this file without problems. The
attached patch does that, simply copy it over the previous patch. Also,
I have set the "security" tag for this bug, because I think being able
to override chosen parts of the stack with data of your own choice is
rather critical.

- Fabian

From 1ea4eac3e7d57dbad42fb067a32ac1600a0397a0 Mon Sep 17 00:00:00 2001
From: Maks Naumov 
Date: Thu, 22 Jan 2015 16:20:40 +0200
Subject: [PATCH] Add check for invalid input sample rate

Signed-off-by: Maks Naumov 
---
 libmp3lame/lame.c | 6 ++
 1 file changed, 6 insertions(+)

--- a/libmp3lame/lame.c
+++ b/libmp3lame/lame.c
@@ -822,6 +822,12 @@ lame_init_params(lame_global_flags * gfp
 }
 #endif
 
+if (gfp->samplerate_in < 0 || gfp->num_channels < 0) {
+freegfc(gfc);
+gfp->internal_flags = NULL;
+return -1;
+}
+
 cfg->disable_reservoir = gfp->disable_reservoir;
 cfg->lowpassfreq = gfp->lowpassfreq;
 cfg->highpassfreq = gfp->highpassfreq;
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#778703: lame: segmentation fault at get_audio.c:865

[Fabian Greffrath]

Am Donnerstag, den 19.02.2015, 07:21 +0100 schrieb Fabian Greffrath: 
> 18446744073709407040 as size_t type, i.e. "unlimited". And indeed
> fread() returns 3967 bytes into the samples_read variable.
> Unfortunately, these 3967 bytes have been written into the static int
> array "sample_buffer" which was of size 2304. Boom, stack corrupted!

No, wait, that should fit. I think the real problem is that the value of
samples_read is used in the subsequent line to point the op* pointer way
beyond the sample_buffer[] array and override the values there in the
GA_URS_IFLOOP() loops that follow.

- Fabian

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#760763: shouldn't the bug be closed.

[shirish शिरीष]

Hi all,
I purged and installed the libavtools package. I do not see the
.conffile any longer.

$ pkg=libav-tools ; adequate $pkg ; dpkg-query -W -f='${Conffiles}\n'
$pkg | grep obsolete
$

$ dpkg -L libav-tools | grep avserver.conf
$

So it seems the conffile is no longer there.
-- 
  Regards,
  Shirish Agarwal  शिरीष अग्रवाल
  My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A  2C2F 9F3D C7A4 E1C4 D2D8

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Processing of glyr_1.0.8-1~exp1_i386.changes

[Debian FTP Masters]

glyr_1.0.8-1~exp1_i386.changes uploaded successfully to localhost
along with the files:
  glyr_1.0.8-1~exp1.dsc
  glyr_1.0.8.orig.tar.gz
  glyr_1.0.8-1~exp1.debian.tar.xz
  libglyr1_1.0.8-1~exp1_i386.deb
  libglyr1-dbg_1.0.8-1~exp1_i386.deb
  libglyr-dev_1.0.8-1~exp1_i386.deb
  libglyr-doc_1.0.8-1~exp1_all.deb
  glyrc_1.0.8-1~exp1_i386.deb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers