Processed: retitle 838960 to mpg123: CVE-2016-1000247: denial of service with crafted id3v2 tags
Processing commands for cont...@bugs.debian.org: > retitle 838960 mpg123: CVE-2016-1000247: denial of service with crafted id3v2 > tags Bug #838960 {Done: Sebastian Ramacher} [mpg123] denial of service with crafted id3v2 tags in all mpg123 versions since 0.60 Changed Bug title to 'mpg123: CVE-2016-1000247: denial of service with crafted id3v2 tags' from 'denial of service with crafted id3v2 tags in all mpg123 versions since 0.60'. > thanks Stopping processing here. Please contact me if you need assistance. -- 838960: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838960 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#839686: forked-daapd: does not recreate stuff in /var/cache after deletion
Hi Dominik, 2016-10-06 23:15 GMT+02:00 Dominik George: > Hi, > >> IMO it is unreasonable to think that removing the whole >> /var/cache/forked-daapd directory can be deleted and is expected to be >> recreated because many services drop root privileges thus can't create >> dirs in /var/cache: > >> In my interpretation of the FHS the _files_ can be removed and are >> expected to be recreated, while _directory structures_ need to be kept >> for applications to operate. > > I do not quite agree. > > The same would be true for /var/run, but there, the application or the > init system is expected to create the relevant directories before > dropping privileges. /var/run is different, see very different wording in FHS. http://www.pathname.com/fhs/2.2/fhs-5.13.html#FN37 5.13 /var/run : Run-time variable data 5.13.1 Purpose This directory contains system information data describing the system since it was booted. Files under this directory must be cleared (removed or truncated as appropriate) at the beginning of the boot process. Programs may have a subdirectory of /var/run; this is encouraged for programs that use more than one run-time file.[footnote 37] ... [37] /var/run should be unwritable for unprivileged users (root or users running daemons); it is a major security problem if any user can write in this directory. Process identifier (PID) files, which were originally placed in /etc, must be placed in /var/run. The naming convention for PID files is .pid. For example, the crond PID file is named /var/run/crond.pid. Cheers, Balint ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#839686: forked-daapd: does not recreate stuff in /var/cache after deletion
Hi, > IMO it is unreasonable to think that removing the whole > /var/cache/forked-daapd directory can be deleted and is expected to be > recreated because many services drop root privileges thus can't create > dirs in /var/cache: > In my interpretation of the FHS the _files_ can be removed and are > expected to be recreated, while _directory structures_ need to be kept > for applications to operate. I do not quite agree. The same would be true for /var/run, but there, the application or the init system is expected to create the relevant directories before dropping privileges. Cheers, Nik signature.asc Description: PGP signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processed: Re: forked-daapd: does not recreate stuff in /var/cache after deletion
Processing control commands: > notfound -1 24.1-1+b1 Bug #839686 [forked-daapd] forked-daapd: does not recreate stuff in /var/cache after deletion Ignoring request to alter found versions of bug #839686 to the same values previously set -- 839686: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839686 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#839686: marked as done (forked-daapd: does not recreate stuff in /var/cache after deletion)
Your message dated Thu, 6 Oct 2016 23:08:46 +0200 with message-id <410609ab-b066-b29a-5faf-07ce4d247...@balintreczey.hu> and subject line Re: forked-daapd: does not recreate stuff in /var/cache after deletion has caused the Debian Bug report #839686, regarding forked-daapd: does not recreate stuff in /var/cache after deletion to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 839686: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839686 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: forked-daapd Version: 24.1-1+b1 Severity: serious Justification: Policy 9.1.1 After deleting /var/cache/forked-daapd, forked-daapd cannot start up again because it fails to open the database. forked-daapd seems to require its data files there, while the FHS unmistakably states: "Unlike /var/spool, the cached files can be deleted without data loss. The data must remain valid between invocations of the application and rebooting the system. Files located under /var/cache may be expired in an application specific manner, by the system administrator, or both. The application must always be able to recover from manual deletion of these files (generally because of a disk space shortage). No other requirements are made on the data format of the cache directories." Please note that while the below information states this is Raspbian, I can assure that forked-daapd and all its dependencies on this system are plain Debian armhf ☺. -- System Information: Distributor ID: Raspbian Description:Raspbian GNU/Linux testing (stretch) Release:testing Codename: stretch Architecture: armv7l Kernel: Linux 4.4.21-v7+ (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages forked-daapd depends on: ii adduser 3.115 ii avahi-daemon0.6.32-1 ii libantlr3c-3.2-03.2-3 ii libasound2 1.1.2-1 ii libavahi-client30.6.32-1 ii libavahi-common30.6.32-1 ii libavcodec-extra57 7:3.1.3-1+b3 ii libavfilter67:3.1.3-1+b3 ii libavformat57 7:3.1.3-1+b3 ii libavutil55 7:3.1.3-1+b3 ii libc6 2.24-3 ii libconfuse1 3.0+dfsg-2 ii libcurl3-gnutls 7.50.1-1 ii libevent-2.0-5 2.0.21-stable-2+b1 ii libgcrypt20 1.7.3-1 ii libgnutls30 3.5.4-2 ii libgpg-error0 1.24-1 ii libjson-c3 0.12.1-1 ii libmxml12.10-1 ii libplist3 1.12-3.1 ii libprotobuf-c1 1.2.1-1+b1 ii libsqlite3-03.14.2-1 ii libswscale4 7:3.1.3-1+b3 ii libunistring0 0.9.6+really0.9.3-0.1 ii psmisc 22.21-2.1 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages forked-daapd recommends: ii libavcodec-extra 7:3.1.3-1 ii libavcodec-extra57 [libavcodec-extra] 7:3.1.3-1+b3 forked-daapd suggests no packages. -- Configuration Files: /etc/forked-daapd.conf changed [not included] -- no debconf information --- End Message --- --- Begin Message --- Control: notfound -1 24.1-1+b1 Hi Dominik, On Mon, 03 Oct 2016 23:23:26 +0200 Dominik Georgewrote: > Package: forked-daapd > Version: 24.1-1+b1 > Severity: serious > Justification: Policy 9.1.1 > > After deleting /var/cache/forked-daapd, forked-daapd cannot start up > again because it fails to open the database. > > forked-daapd seems to require its data files there, while the FHS > unmistakably states: > > "Unlike /var/spool, the cached files can be deleted without data loss. > The data must remain valid between invocations of the application and > rebooting the system. > > Files located under /var/cache may be expired in an application specific > manner, by the system administrator, or both. The application must > always be able to recover from manual deletion of these files (generally > because of a disk space shortage). No other requirements are made on the > data format of the cache directories." I have tested unstable's forked-daapd and if I remove cache files they get recreated but the directory structure is not. IMO it is unreasonable to think that removing the whole /var/cache/forked-daapd directory can be deleted and is expected to be recreated because many services drop root privileges thus can't create dirs in /var/cache: total 64 drwxr-xr-x 16 root root 4096 Oct 6 20:56 . drwxr-xr-x 11 root root 4096 Sep 5 23:27 .. drwxr-xr-x 3 root root 4096 Sep 7 14:08 app-info drwxr-xr-x 3 root root 4096 Oct 6 20:56 apt drwxr-xr-x 2
Bug#839686: forked-daapd: does not recreate stuff in /var/cache after deletion
Control: notfound -1 24.1-1+b1 Hi Dominik, On Mon, 03 Oct 2016 23:23:26 +0200 Dominik Georgewrote: > Package: forked-daapd > Version: 24.1-1+b1 > Severity: serious > Justification: Policy 9.1.1 > > After deleting /var/cache/forked-daapd, forked-daapd cannot start up > again because it fails to open the database. > > forked-daapd seems to require its data files there, while the FHS > unmistakably states: > > "Unlike /var/spool, the cached files can be deleted without data loss. > The data must remain valid between invocations of the application and > rebooting the system. > > Files located under /var/cache may be expired in an application specific > manner, by the system administrator, or both. The application must > always be able to recover from manual deletion of these files (generally > because of a disk space shortage). No other requirements are made on the > data format of the cache directories." I have tested unstable's forked-daapd and if I remove cache files they get recreated but the directory structure is not. IMO it is unreasonable to think that removing the whole /var/cache/forked-daapd directory can be deleted and is expected to be recreated because many services drop root privileges thus can't create dirs in /var/cache: total 64 drwxr-xr-x 16 root root 4096 Oct 6 20:56 . drwxr-xr-x 11 root root 4096 Sep 5 23:27 .. drwxr-xr-x 3 root root 4096 Sep 7 14:08 app-info drwxr-xr-x 3 root root 4096 Oct 6 20:56 apt drwxr-xr-x 2 root root 4096 Sep 7 14:08 cracklib drwxr-xr-x 2 root root 4096 Oct 5 09:25 debconf drwxr-xr-x 2 root root 4096 Sep 5 23:28 dictionaries-common drwxr-xr-x 2 root root 4096 Sep 8 20:40 fontconfig drwxr-xr-x 2 root root 4096 Feb 22 2016 fonts drwxr-xr-x 2 daapd root 4096 Oct 6 21:01 forked-daapd drwxr-xr-x 2 root root 4096 Aug 31 08:28 gdm drwx-- 2 root root 4096 Oct 6 20:56 ldconfig drwx--x--x 3 root root 4096 Sep 7 15:39 lightdm drwxr-sr-x 37 man root 4096 Oct 6 21:00 man drwxr-xr-x 3 root root 4096 Sep 7 14:08 PackageKit drwxr-xr-x 2 root root 4096 Aug 15 11:17 realmd In my interpretation of the FHS the _files_ can be removed and are expected to be recreated, while _directory structures_ need to be kept for applications to operate. Cheers, Balint ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#839941: whishlist ffmpeg
On 2016-10-06 19:19:49, Bálint Réczey wrote: > Hi Marc, > > 2016-10-06 17:28 GMT+02:00 Struminski, Marc: > > Package: ffmpeg > > Severity: wishlist > > > > Hi maintainers, > > > > Is it possible to add libfreetype, nvenc, decklink and libmfx to ffmpeg in > > Debian. > > Libfreetype seems to be possible. It's already used. Cheers -- Sebastian Ramacher signature.asc Description: PGP signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#839952: libambix: FTBFS on *i386: basic2extended_identity4x4_float32__{f64, i32} fail
Source: libambix Version: 0.1-1 Severity: important Justification: fails to build from source Builds of libambix for i386 and the non-release architectures hurd-i386 and kfreebsd-i386 all failed because the basic2extended_identity4x4_float32__{f64,i32} tests both did (along with the matrix test, reported separately just now as #839950). Could you please take a look? Thanks! -- Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org) http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#839950: libambix: FTBFS: matrix test fails
Source: libambix Version: 0.1-1 Severity: important Justification: fails to build from source Builds of libambix for several architectures failed due to an error in the matrix test. These builds didn't log further details, but I presume you should be able to reproduce the error on a porterbox. FWIW, the architectures that failed so far in this fashion are arm64, i386, powerpc, ppc64, and s390x, plus the non-release architectures hurd-i386, kfreebsd-i386, and ppc64. However, builds for several more architectures are still pending, so the problem may turn out to be somewhat wider. The *i386 builds also encountered two other test suite errors, which I'll report separately since they have not (so far) occurred elsewhere. -- Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org) http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#839941: whishlist ffmpeg
Hi Marc, 2016-10-06 17:28 GMT+02:00 Struminski, Marc: > Package: ffmpeg > Severity: wishlist > > Hi maintainers, > > Is it possible to add libfreetype, nvenc, decklink and libmfx to ffmpeg in > Debian. Libfreetype seems to be possible. nvenc is problematic because due to its license, but may be OK: http://ffmpeg.org/pipermail/ffmpeg-devel/2016-April/193467.html libmfx is not packaged. decklink is not packaged either and seems to be non-free. > When it is also possible libebur128. libebur128 is already used. Cheers, Balint ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
gmusicbrowser 1.1.15~ds0-1 MIGRATED to testing
FYI: The status of the gmusicbrowser source package in Debian's testing distribution has changed. Previous version: 1.1.14~ds0-1 Current version: 1.1.15~ds0-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#839941: whishlist ffmpeg
Package: ffmpeg Severity: wishlist Hi maintainers, Is it possible to add libfreetype, nvenc, decklink and libmfx to ffmpeg in Debian. When it is also possible libebur128. Decklink = Blackmagic Capture-Cards Nvenc = NVIDIA hw-encoding Libmfx = Intel hw-encoding Kind regards Marc Struminski ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#798043: lives: creates (and uses) world-writeable directory
Hi, On 01/10/16 07:23, salsaman wrote: > James, I was wondering what action should be taken regarding > directory/subdirectory permissions for existing users. The options I can > think of (from simplest to most complex): a) do nothing, only new users > get the benefit. b) add a note in Release Notes informing users how to > update the directory permissions manually, or c) Show a one time pop-up > when LiVES is upgraded asking the user if they want the program to > update permissions for the working directory for them, and if they click > Yes, do the update for them. > > Which of the options do you recommend ? Sorry for not replying sooner - I've been quite busy recently! I think c is the nicest solution for users so if you're prepared to implement it, that would be the best solution. Adding something to the release notes and possibly the debian/NEWS file is probably OK if not. I think we need to tell users somehow, so not option a :) Thanks, James signature.asc Description: OpenPGP digital signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processing of libambix_0.1-1_amd64.changes
libambix_0.1-1_amd64.changes uploaded successfully to localhost along with the files: libambix_0.1-1.dsc libambix_0.1.orig.tar.gz libambix_0.1-1.debian.tar.xz Greetings, Your Debian queue daemon (running on host franck.debian.org) ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
libambix_0.1-1_amd64.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 06 Oct 2016 14:55:13 +0200 Source: libambix Binary: libambix0 libambix-dev libambix-doc libambix-utils pd-ambix Architecture: source Version: 0.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia MaintainersChanged-By: IOhannes m zmölnig (Debian/GNU) Description: libambix-dev - AMBIsonics eXchange library (development files) libambix-doc - AMBIsonics eXchange library (documentation) libambix-utils - AMBIsonics eXchange library (utilities) libambix0 - AMBIsonics eXchange library pd-ambix - AMBIsonics eXchange objects for Pure Data Changes: libambix (0.1-1) unstable; urgency=medium . * New upstream version 0.1 . * Refreshed patches * Versioned B-D on libsndfile1-dev * Enabled 'make check' target * Updated d/libambix0.symbols * Updated d/copyright_hints * Updated d/copyright * Updated debian/README.source * Dropped d/control.in * Bumped standards-version to 3.9.8 Checksums-Sha1: c222bc635fc3c2cee850630e4014bce6ae82ef75 2376 libambix_0.1-1.dsc 78228fd564cd02f239fa400169d3008967e299c8 178768 libambix_0.1.orig.tar.gz 9809f4f7380afeefd1b3ee5e256bd5c27315a7b0 6904 libambix_0.1-1.debian.tar.xz Checksums-Sha256: 2f71425de9d9d0426b83b2ef1548ed9f56842f95ae926f8b70bb9f2a43b51543 2376 libambix_0.1-1.dsc 88c0d94d4af42569df25c19eb1a594e68477e6cc1020db0a4f37ff0bc1986bc4 178768 libambix_0.1.orig.tar.gz 9c7afe54f8ec5dc598921684866d0bdd7190cfd557d5f3ea64e24e49cbe4ac63 6904 libambix_0.1-1.debian.tar.xz Files: 5a71ce79506846fc9c91be95aa4c0edc 2376 devel optional libambix_0.1-1.dsc 72f27272a4999a1c3efded44f4895896 178768 devel optional libambix_0.1.orig.tar.gz 2c0e9db023aadd5bdfea8bcbeea8cb75 6904 devel optional libambix_0.1-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIcBAEBCAAGBQJX9k1hAAoJELZQGcR/ejb42ZsP/jPGLtHSDZyqxk/zd8KGjRWh JG9P/RJU25kQATNVn+v7My6g1hy3q4vWpew4l4omc/NQ9mYqI0wDkV28JYHcr0CZ C+YlSBY+kpLa75ENaqbuZgYxKMDJnV1Z/pYofzfs88g5WZRGsNq58DiPmbAsl4Pn SN6w3RwYCVimRISGhCsnfPmbDU7wvbg1B9pnRDzHiS7mjOAMQ5+J2uWowER3/at9 IieqHFwucFRknaEsayxyVH6I8ekvxZReUIlMHmbRqxX0+U4Bcw6DnmDW+Gfu0YyS 9qAVXKIgMSDccRCeiWA5fC5kxVYrvyInvc3IPSQlC3QxrByws8BrXdPzAUXsMUGn GH8rwhFxR/UkfFxyuLj2NHCJEHIk+zfmozGDaxYzu3F3TAedJMej08ZLLuVt9g8q XgywXg0pMtneDlsviJ4MODfQekuuPVPwkYT2LoWSd944xD+6Uvsbh7nIKrPak/Jj 3s57yqv6WKn5rzXCR/MDNkPVjLLFUTIYeh51+F+dpqcgmiTtJqlmvxBvznU3HWGk YzOqmMeb2JAxdxptssoDSUuhtVr+eqmnvecv4t6GVNhsR593MOpbYXW/JC5AuDgj jIdW9X1mGSP6Sc1z2WE9PVX2V4q6z5oBMHoyhRPZsY+fHCOTh8HF3orNgwA9iNbo mPnTgXzEIBehMPnqWyUd =oZwl -END PGP SIGNATURE- Thank you for your contribution to Debian. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers