faust_0.9.90~repack1-1_amd64.changes is NEW

2016-09-27 Thread Debian FTP Masters 
binary:faust-common is NEW.

Your package has been put into the NEW queue, which requires manual action
from the ftpteam to process. The upload was otherwise valid (it had a good
OpenPGP signature and file hashes are valid), so please be patient.

Packages are routinely processed through to the archive, and do feel
free to browse the NEW queue[1].

If there is an issue with the upload, you will receive an email from a
member of the ftpteam.

If you have any questions, you may reply to this email.

[1]: https://ftp-master.debian.org/new.html

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Processing of faust_0.9.90~repack1-1_amd64.changes

2016-09-27 Thread Debian FTP Masters 
faust_0.9.90~repack1-1_amd64.changes uploaded successfully to localhost
along with the files:
  faust_0.9.90~repack1-1.dsc
  faust_0.9.90~repack1.orig.tar.gz
  faust_0.9.90~repack1-1.debian.tar.xz
  faust-common_0.9.90~repack1-1_all.deb
  faust-dbgsym_0.9.90~repack1-1_amd64.deb
  faust_0.9.90~repack1-1_amd64.deb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Re: [SCM] synthv1/master: Split package (4).

2016-09-27 Thread Jaromír Mikeš 
2016-09-27 20:59 GMT+02:00 IOhannes m zmölnig (Debian/GNU)
:
> On 09/27/2016 10:36 AM, mira-gu...@users.alioth.debian.org wrote:
>> + synthv1-common (>= ${source:Version}), synthv1-common (<< 
>> ${source:Upstream-Version}+1~),
>
> given the recent discussion on this list, triggered by drumkv1, i think
> that james is probably right and we should simplify that versioned
> dependency to "synthv1 (= ${binary:Version})"

Fixed ... ;)

best regards

mira

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Re: [SCM] synthv1/master: Split package (4).

2016-09-27 Thread Debian/GNU 
On 09/27/2016 10:36 AM, mira-gu...@users.alioth.debian.org wrote:
> + synthv1-common (>= ${source:Version}), synthv1-common (<< 
> ${source:Upstream-Version}+1~),

given the recent discussion on this list, triggered by drumkv1, i think
that james is probably right and we should simplify that versioned
dependency to "synthv1 (= ${binary:Version})"

same goes for samplv1.

fdmas
IOhannes



signature.asc
Description: OpenPGP digital signature
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#838960: denial of service with crafted id3v2 tags in all mpg123 versions since 0.60

2016-09-27 Thread Florian Weimer 
* Thomas Orgis:

> Am Tue, 27 Sep 2016 10:27:04 +0100
> schrieb James Cowgill : 
>
>> Does this have a CVE ID? If not it should get one.
>
> I wondered about that. At the moment I just acted on the bug report and
> pushed the fix. I have to personal experience with the CVE procedure.
> In the past, just "someone" made them appear.
>
> I tried to apply for a CVE using the horrific Google docs form
> (http://iwantacve.org/) now. How can they resort to such a third-party
> ECMAScript-fest instead of a simple HTML form for _security_ issue
> reporting?!

This is the first time I have heard about that site.  The official
form is at:

  

(It still uses Javascript.)

But I'm not sure if this is in scope here because the web form
requires you to confirm that the issue is not in a “CNA-covered
product”.  Debian is a CNA-covered product, mpg123 is part of Debian,
so it is unclear what to do here.  I'll ask around.

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

libhdcd 1.1-1 MIGRATED to testing

2016-09-27 Thread Debian testing watch 
FYI: The status of the libhdcd source package
in Debian's testing distribution has changed.

  Previous version: 1.0-1
  Current version:  1.1-1

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#838960: denial of service with crafted id3v2 tags in all mpg123 versions since 0.60

2016-09-27 Thread Thomas Orgis 
Am Tue, 27 Sep 2016 10:27:04 +0100
schrieb James Cowgill : 

> Does this have a CVE ID? If not it should get one.

I wondered about that. At the moment I just acted on the bug report and
pushed the fix. I have to personal experience with the CVE procedure.
In the past, just "someone" made them appear.

I tried to apply for a CVE using the horrific Google docs form
(http://iwantacve.org/) now. How can they resort to such a third-party
ECMAScript-fest instead of a simple HTML form for _security_ issue
reporting?!

Not sure if/when I'll get a response to that.


Alrighty then,

Thomas


pgpCvisWpxPAK.pgp
Description: Digitale Signatur von OpenPGP
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#816494: me too

2016-09-27 Thread Benda Xu 
I am meeting the same bug with inkscape 0.91-11.

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Re: [SCM] drumkv1/master: Split package (4)

2016-09-27 Thread James Cowgill 
Hi,

On 27/09/16 09:47, IOhannes m zmölnig (Debian/GNU) wrote:
> On 2016-09-27 10:28, Jonas Smedegaard wrote:
>> What is the benefit of doing this over 'drumkv1-common (=
>> ${binary:Version})?

 it's the usual pattern to cater for binNMUs.
>> I believe it is the _old_ pattern.
> 
> aha. didn't know this.
> what is the _new_ pattern then?

https://wiki.debian.org/binNMU

I'm fairly certain (= ${binary:Version}) is the right thing to use here
(both packages are arch:any).

>> And I believe that is the reason for 
>> the question (you didn't answer the comparative part of the question).
> 
> applying a pattern helps in sparing some brain cycles.
> not having to think was the main benefit of the chosen solution over any
> other one (to answer the comparative part of the question).
> 
> but of course not having to think comes has some limitations, so
> patterns need to be re-evaluated ever so often.
> 
> or to put otherwise: what is the drawback of my pattern compared so a
> simple 'drumkv1-common (= ${binary:Version})'.

Your method attaches an ABI guarantee stating that the package won't
break the ABI of libdrumkv1.so as long as the upstream version stays the
same.

Eg if you broke the ABI in a patch in version 0.7.6-2, the new
drumkv1-common would still satisfy the dependency of the old drumkv1.

James



signature.asc
Description: OpenPGP digital signature
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Processed: Re: Bug#838960: denial of service with crafted id3v2 tags in all mpg123 versions since 0.60

2016-09-27 Thread Debian Bug Tracking System 
Processing control commands:

> severity -1 grave
Bug #838960 [mpg123] denial of service with crafted id3v2 tags in all mpg123 
versions since 0.60
Severity set to 'grave' from 'normal'
> tags -1 security fixed-upstream
Bug #838960 [mpg123] denial of service with crafted id3v2 tags in all mpg123 
versions since 0.60
Added tag(s) security and fixed-upstream.
> found -1 0.60-1
Bug #838960 [mpg123] denial of service with crafted id3v2 tags in all mpg123 
versions since 0.60
Marked as found in versions mpg123/0.60-1.

-- 
838960: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838960
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#838960: denial of service with crafted id3v2 tags in all mpg123 versions since 0.60

2016-09-27 Thread James Cowgill 
Control: severity -1 grave
Control: tags -1 security fixed-upstream
Control: found -1 0.60-1

Hi,

On 27/09/16 06:47, Thomas Orgis wrote:
> Package: mpg123
> 
> This is mpg123 upstream formally informing you of a vulnerability
> (crash on illegal memory read) in all mpg123 versions since 0.60, so
> very likely all debian versions of mpg123 and libmpg123 are affected.
> 
> See more detail at http://mpg123.org/bugs/240 . A one-line fix for any
> version is this:
> 
>   perl -pi -e 's:(while\()(tagpos < length-10\)):${1}length >= 10 && $2:' 
> $(find src -name id3.c)

Thanks for letting Debian know!

Does this have a CVE ID? If not it should get one.

James



signature.asc
Description: OpenPGP digital signature
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Re: drumkv1_0.7.6-1_amd64.changes REJECTED

2016-09-27 Thread Jaromír Mikeš 
2016-09-26 19:01 GMT+02:00 Jaromír Mikeš :
> 2016-09-26 18:54 GMT+02:00 Debian FTP Masters 
> :
>>
>>
>> ACL dm: NEW uploads are not allowed
>
> Oppss ...
>
> I will need help from some DD here ... ;)
> Can someone upload this please?
>
> samplv1 and synthv1 will follow soon ... ;)

Thank you IOhannes for upload.

samplv1 and synthv1 are now splitted same way as drumkv1.

best regards

mira

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Re: [SCM] drumkv1/master: Split package (4)

2016-09-27 Thread Jonas Smedegaard 
Quoting IOhannes m zmölnig (Debian/GNU) (2016-09-27 09:33:13)
> On 2016-09-26 22:55, James Cowgill wrote:
> > Hi,
> >>  Depends:
> >>   ${misc:Depends},
> >> - ${shlibs:Depends}
> >> + ${shlibs:Depends},
> >> + drumkv1-common (>= ${source:Version}), drumkv1-common (<< 
> >> ${source:Upstream-Version}+1~),
> > 
> > What is the benefit of doing this over 'drumkv1-common (=
> > ${binary:Version})?
> 
> it's the usual pattern to cater for binNMUs.

I believe it is the _old_ pattern.  And I believe that is the reason for 
the question (you didn't answer the comparative part of the question).


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Re: [SCM] drumkv1/master: Split package (4)

2016-09-27 Thread Debian/GNU 
On 2016-09-26 22:55, James Cowgill wrote:
> Hi,
>>  Depends:
>>   ${misc:Depends},
>> - ${shlibs:Depends}
>> + ${shlibs:Depends},
>> + drumkv1-common (>= ${source:Version}), drumkv1-common (<< 
>> ${source:Upstream-Version}+1~),
> 
> What is the benefit of doing this over 'drumkv1-common (=
> ${binary:Version})?

it's the usual pattern to cater for binNMUs.

>>  Depends:
>>   ${misc:Depends},
>>   ${shlibs:Depends},
>> - drumkv1
>> + drumkv1-common,
> 
> Why doesn't this dependency need version qualified?
> 

that's an oversight.

gmasdr
IOhannes

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

drumkv1_0.7.6-1_amd64.changes ACCEPTED into unstable, unstable

2016-09-27 Thread Debian FTP Masters 


Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 20 Sep 2016 02:54:18 +0200
Source: drumkv1
Binary: drumkv1 drumkv1-lv2 drumkv1-common
Architecture: source amd64
Version: 0.7.6-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers 

Changed-By: Jaromír Mikeš 
Description:
 drumkv1- old-school drum-kit sampler - standalone
 drumkv1-common - old-school drum-kit sampler - common files
 drumkv1-lv2 - old-school drum-kit sampler - lv2-plugin
Changes:
 drumkv1 (0.7.6-1) unstable; urgency=medium
 .
   * New upstream version 0.7.6
   * Patches refreshed.
   * Split package.
   * Rename and install man page.
Checksums-Sha1:
 98c3285511ea2208474309302999cf6614c035b7 2212 drumkv1_0.7.6-1.dsc
 8fe58fd3da23b5bb0049abe2f654347ffe0d9b41 271254 drumkv1_0.7.6.orig.tar.gz
 54a8523b1b4c6b2f72cd1097213b11b98f71a2ce 3928 drumkv1_0.7.6-1.debian.tar.xz
 b69f780bc6a4b6500407987c6dfd5377b56a 75516 drumkv1-common_0.7.6-1_amd64.deb
 616f8b3ecc4d9b7e349a7ddc4f63415e5f3b4059 3392432 
drumkv1-lv2-dbgsym_0.7.6-1_amd64.deb
 20ee7cc0e3bec58a90093af80025df284d4c789f 150070 drumkv1-lv2_0.7.6-1_amd64.deb
 8f4a93edf98d2b3d94df74e59de41de446128064 136278 drumkv1_0.7.6-1_amd64.deb
Checksums-Sha256:
 ef9cedbb9d948dc694964a3e06544145987886a391a0244f01375e08f7f3a70c 2212 
drumkv1_0.7.6-1.dsc
 26ae80e6fa69a4e1ebf586f4246c973d994e3b9202eacfd3db4b5b23e4ca8132 271254 
drumkv1_0.7.6.orig.tar.gz
 c22e5d434346043e541d9f8b9a780ae9a9b3071964b0fc7364693c454d308361 3928 
drumkv1_0.7.6-1.debian.tar.xz
 8138ca5b77985f82a4ae5752ad7d95f3ed110c804b4473f911443071fc254613 75516 
drumkv1-common_0.7.6-1_amd64.deb
 eab4d673932f2197d50fa1fc11d745878d5db0a604a16763c7c7b21e43c72f9e 3392432 
drumkv1-lv2-dbgsym_0.7.6-1_amd64.deb
 9039de706e61e0da23a8655ce644e8cf19920f1bf117e318015725e414b788dc 150070 
drumkv1-lv2_0.7.6-1_amd64.deb
 6a24469f543b9665c0869881115392b9e8dfa001aee5f36b69a0db90d2616a88 136278 
drumkv1_0.7.6-1_amd64.deb
Files:
 4ad0914cd5835eaa2529eb3c51fb5bdd 2212 sound optional drumkv1_0.7.6-1.dsc
 2859ee48000b66cb9d227d46cb6a0467 271254 sound optional 
drumkv1_0.7.6.orig.tar.gz
 e114c14356b1b6ba0ec3c722ee3dc990 3928 sound optional 
drumkv1_0.7.6-1.debian.tar.xz
 e4868a9ca12c2efd1c0a8eeb009afc37 75516 sound optional 
drumkv1-common_0.7.6-1_amd64.deb
 ff01388408b1f1f1b5bf7b53fbd89a0c 3392432 debug extra 
drumkv1-lv2-dbgsym_0.7.6-1_amd64.deb
 74ccbe5892ca5d6d1b053c9c010c62e5 150070 sound optional 
drumkv1-lv2_0.7.6-1_amd64.deb
 87ad9b4b2af3af7fdef50fed0d67557b 136278 sound optional 
drumkv1_0.7.6-1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIcBAEBCAAGBQJX6X5eAAoJELZQGcR/ejb4faAP/i7ECQsBNXBfpWlNk1gWH+y+
VSL3grlUDgD5Ec9VmtHdMdb+nLpunItgx/U0tFivXdMRa66nQ1wzduAE/Dqh+Bpt
PkOEka4wS1GCVt5uy/W3BfQjG/oWACsrP4jQ8GxWKzYJZhT9tDGQ8GPRY2Z9ml+m
S1QRyGwC1khV/lZx32W3o8+fK9S1bSUBeFdoyYgvHvKqI4BVVPaIQmw4ZZtYLVUh
+8RhMrEgaLR4q6bKvSxu2TnLU3MrTL5cbxFmK9X8AaZDAubmiaIDM7Tos7Sc4NBN
X1c/720FL+O7v7v/GDwB1PQVZpFUMf0zgnD1s8oKnIjjH6ITA2UxitevwtV1BB11
TCvUNvpC1hoCX/dYfjs3UhNzpULXK2bCDfiwlGFERI6iU1JDxjKjpVo7zvhwBGut
sXEtuxsKgQkKe1nsniXnAOjqaoE/KQgL/6JFvHTu8N+A1LD6KoKkFN7eW/LFx033
koPcr1hLetNK9AzDhXt9yI6qKLSV9GAlt64+dIyRliuZChrH+eeLCpXiIfg7VFQv
Pmq3uV7PrAkiUuPIPYaJadHuAWMvt0J4gr0iUjUEvjD7WW9SAq+B9rKv/qLyh5wj
bT8XEgd/zu8uyLjZJW09v+WRn/4ZuiGPs2UXFUYnP2yBZBzU+rOCboabB6jru0kx
x2vdltsRhb9VAkpeHWpa
=nIxh
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers