Bug#871652: jnoise: Italian translation of package description has a little typo
On 17-08-30 23:23, Mattia Rizzolo wrote: > Control: tag -1 l10n > > On Thu, Aug 10, 2017 at 02:24:41PM +0200, Leandro Noferini wrote: > > Package: jnoise > > Severity: minor > > > > The word "rumero" is a typo for "rumore" -> noise > > This is not coming from the package itself, but from the DDTP. > CCing debian-i...@lists.debian.org as I have no idea how to update the > translated description of the packages. Hi Leandro, you could use DDTSS for that https://ddtp2.debian.net/ddtss/index.cgi/it There is field 'Fetch specific description' with option 'Force fetching even if not untranslated' there. Put name of your package there and then you can retranslate package description. Afterwards someone should review your translation and then it'll be submitted. More information you can find here: https://www.debian.org/international/l10n/ddtp https://wiki.debian.org/it/L10n/Italian/DDTP/DDTSS/Tools -- Best regards, Andrey Skvortsov signature.asc Description: PGP signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
synthv1 0.8.4-1 MIGRATED to testing
FYI: The status of the synthv1 source package in Debian's testing distribution has changed. Previous version: 0.8.3-1 Current version: 0.8.4-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
samplv1 0.8.4-1 MIGRATED to testing
FYI: The status of the samplv1 source package in Debian's testing distribution has changed. Previous version: 0.8.3-1 Current version: 0.8.4-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
vlc 2.2.6-4 MIGRATED to testing
FYI: The status of the vlc source package in Debian's testing distribution has changed. Previous version: 2.2.6-3 Current version: 2.2.6-4 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
drumkv1 0.8.4-1 MIGRATED to testing
FYI: The status of the drumkv1 source package in Debian's testing distribution has changed. Previous version: 0.8.3-1 Current version: 0.8.4-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#873602: pd-xsample FTBFS on ppc64el: UInt32 does not name a type
Hi, I did a fix for this package and I'm sending the debdiff attached to this bug. I also sent the patch upstream but it was not reviewed yet [1]. -- [1] - https://github.com/g/xsample/pull/3 fix_ftbfs_ppc64le.debdiff Description: Binary data ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
jnoise_0.6.0-6_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 30 Aug 2017 23:19:27 +0200 Source: jnoise Binary: jnoise Architecture: source Version: 0.6.0-6 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Mattia Rizzolo Description: jnoise - white and pink noise generator Changes: jnoise (0.6.0-6) unstable; urgency=medium . * Team upload. * Bump Standards-Version to 4.1.0. + Use HTTPS in the Format field of d/copyright. * Fix cross build failure. + Drop implicitly satisfied build dependency on binutils. + Make g++ substitutable in source/Makefile. Checksums-Sha1: 95feed719315c29527e775fdb55961735301cb5c 2016 jnoise_0.6.0-6.dsc 9e6e60f56d432c903db97a97922367f4d0cd99dc 3776 jnoise_0.6.0-6.debian.tar.xz 5e027a43df355e387863fe92dff6a2b980cfce0a 5599 jnoise_0.6.0-6_amd64.buildinfo Checksums-Sha256: 9fb3259f7b0695850ff83493bc2777d678fd66bd890187419853f79a5f002f39 2016 jnoise_0.6.0-6.dsc 2899bf626ab324c9ac866d207f59f562389001fcff3db0f97254cfb895c8ac91 3776 jnoise_0.6.0-6.debian.tar.xz fc5dee553915d050acb43f3bb5fa9415f0a223da01444aaa8dee28615d5b24df 5599 jnoise_0.6.0-6_amd64.buildinfo Files: 0ab71b8b843023492d158d33f6f0cbed 2016 sound optional jnoise_0.6.0-6.dsc 772e2a966bd1da373f23ce107583a29e 3776 sound optional jnoise_0.6.0-6.debian.tar.xz 33f9541d49c1deee244c4278b6ca7e2e 5599 sound optional jnoise_0.6.0-6_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAlmnLdMACgkQCBa54Yx2 K61kWBAAoPAiGeeVWrPgNMbEio3IoQy6C+t2sf6XB8Vd6zLUOCDeqnBZNA7tHTYN If4bbYr8m32XRcQoM6aTHZnbyQOYbeh1su3Dhljj7R+Rq41YJHrygPCQoTgJpNMV jgsSMX5a3FjeYQF3Kbd4LNjwPmHTc5LlFp01L1q1spMPD0CEDixiwQSuRP9Fn+zj 5/Hfs0UxslsPHUwQIBhqWRnh+eh2lSCXRP4oz5TodxDLKCH+SQSUCcVSsVCPmUsY cSFCrAYHd4OqbuAhIG5WPjfl7/HaRNZs/49lW3NW0+/vj7U1Q3O92W6DGV4uumGg 3pJ0NLXRJjruD9RlqvwGGrLRslRhnahJ2qMG3FCysvnFO26Q6EzMxue/TdCkoanV tjawC694qHz880/CTGpIK8NXvvHhu/WdTVIaOs9/RHqGP/FlDn83GLq7Lpsi+9nA JEkFFBP7dP1DNCsoD0eEFMr1aypym42wFmi3anhGNIvgZBwmdi2LcS3Nqjhdikcy ly1eFpYLhQ7QwKo8y/Tz2vxrFL/KN52e16y7WEamG7RPNrXeuE283E0ntwtE7q+r CiYCE506Ssq7Rpb15jwmhykU/h9B4rPHhFFBwK1sSKDRqz9x+k7xBVZY7YqBTz+n W695UzHIfWRXwlZLro/knUwignhD1qIRJZ3MFNTZEqQgKKMJU6o= =4Cee -END PGP SIGNATURE- Thank you for your contribution to Debian. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processing of jnoise_0.6.0-6_source.changes
jnoise_0.6.0-6_source.changes uploaded successfully to localhost along with the files: jnoise_0.6.0-6.dsc jnoise_0.6.0-6.debian.tar.xz jnoise_0.6.0-6_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processed: Re: Bug#871652: jnoise: Italian translation of package description has a little typo
Processing control commands: > tag -1 l10n Bug #871652 [jnoise] jnoise: Italian translation of package description has a little typo Added tag(s) l10n. -- 871652: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871652 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#871652: jnoise: Italian translation of package description has a little typo
Control: tag -1 l10n On Thu, Aug 10, 2017 at 02:24:41PM +0200, Leandro Noferini wrote: > Package: jnoise > Severity: minor > > The word "rumero" is a typo for "rumore" -> noise This is not coming from the package itself, but from the DDTP. CCing debian-i...@lists.debian.org as I have no idea how to update the translated description of the packages. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#867724: Multiple security issues
On Sun, 27 Aug 2017 21:29:43 +0200 Fabian Greffrath wrote: > Am Sonntag, den 27.08.2017, 20:33 +0200 schrieb Markus Koschany: > > Are you aware of any issues with your patch? > > Yes, there was an issue with my patch! I added a field to a struct to > keep track of reading errors, but the struct was defined in two > different places in the source code. This led to a crash when free()ing > a pointer to this struct on Linux, but not on Windows which I used to > develop the patch (don't ask). > > Applying this patch on top of the one I sent to the Debian BTS should > fix this issue, although upstream decided to go a different way > and entirely replace the mp4ff library. > > https://sourceforge.net/p/faac/bugs/209/?limit=25&page=1#d838 > > - Fabian Hi, I uploaded a security update for faad2 to wheezy-security a few hours ago. I am attaching the debdiff to this bug report. Do you intend to fix the issue in Stretch too? I could prepare the update for Jessie and ask the release team for a jessie-pu. Markus diff -Nru faad2-2.7/debian/changelog faad2-2.7/debian/changelog --- faad2-2.7/debian/changelog 2012-03-18 14:08:08.0 +0100 +++ faad2-2.7/debian/changelog 2017-08-30 20:07:59.0 +0200 @@ -1,3 +1,15 @@ +faad2 (2.7-8+deb7u1) wheezy-security; urgency=high + + * Non-maintainer upload by the LTS team. + * Fix CVE-2017-9218, CVE-2017-9219, CVE-2017-9220, CVE-2017-9221, +CVE-2017-9222, CVE-2017-9223, CVE-2017-9253, CVE-2017-9254, CVE-2017-9255, +CVE-2017-9256, CVE-2017-9257. +Various issues were discovered in faad2, a fast audio decoder, that could +cause a denial of service (large loop and CPU consumption) via a crafted +mp4 file. + + -- Markus Koschany Wed, 30 Aug 2017 20:07:59 +0200 + faad2 (2.7-8) unstable; urgency=low [ Fabian Greffrath ] diff -Nru faad2-2.7/debian/patches/CVE-2017-92xx.patch faad2-2.7/debian/patches/CVE-2017-92xx.patch --- faad2-2.7/debian/patches/CVE-2017-92xx.patch1970-01-01 01:00:00.0 +0100 +++ faad2-2.7/debian/patches/CVE-2017-92xx.patch2017-08-30 20:07:59.0 +0200 @@ -0,0 +1,551 @@ +From: Markus Koschany +Date: Tue, 29 Aug 2017 22:04:32 +0200 +Subject: CVE-2017-92xx + +Bug-Debian: https://bugs.debian.org/867724 +Origin: https://sourceforge.net/p/faac/faad2/ci/a67c75ed600cf4b41205d69664d3d9106e9c5380/ +--- + common/mp4ff/mp4atom.c | 76 ++ + common/mp4ff/mp4ff.c| 22 - + common/mp4ff/mp4ff.h| 123 +++- + common/mp4ff/mp4ffint.h | 104 +--- + common/mp4ff/mp4meta.c | 4 +- + common/mp4ff/mp4util.c | 3 ++ + 6 files changed, 197 insertions(+), 135 deletions(-) + +diff --git a/common/mp4ff/mp4atom.c b/common/mp4ff/mp4atom.c +index c735c2a..e88ffb4 100644 +--- a/common/mp4ff/mp4atom.c b/common/mp4ff/mp4atom.c +@@ -258,6 +258,9 @@ uint64_t mp4ff_atom_read_header(mp4ff_t *f, uint8_t *atom_type, uint8_t *header_ + + static int32_t mp4ff_read_stsz(mp4ff_t *f) + { ++if (f->total_tracks == 0) ++return f->error++; ++ + mp4ff_read_char(f); /* version */ + mp4ff_read_int24(f); /* flags */ + f->track[f->total_tracks - 1]->stsz_sample_size = mp4ff_read_int32(f); +@@ -269,7 +272,10 @@ static int32_t mp4ff_read_stsz(mp4ff_t *f) + f->track[f->total_tracks - 1]->stsz_table = + (int32_t*)malloc(f->track[f->total_tracks - 1]->stsz_sample_count*sizeof(int32_t)); + +-for (i = 0; i < f->track[f->total_tracks - 1]->stsz_sample_count; i++) ++if (!f->track[f->total_tracks - 1]->stsz_table) ++return f->error++; ++ ++for (i = 0; i < f->track[f->total_tracks - 1]->stsz_sample_count && !f->stream->read_error; i++) + { + f->track[f->total_tracks - 1]->stsz_table[i] = mp4ff_read_int32(f); + } +@@ -283,6 +289,9 @@ static int32_t mp4ff_read_esds(mp4ff_t *f) + uint8_t tag; + uint32_t temp; + ++if (f->total_tracks == 0) ++return f->error++; ++ + mp4ff_read_char(f); /* version */ + mp4ff_read_int24(f); /* flags */ + +@@ -347,6 +356,9 @@ static int32_t mp4ff_read_mp4a(mp4ff_t *f) + uint8_t atom_type = 0; + uint8_t header_size = 0; + ++if (f->total_tracks == 0) ++return f->error++; ++ + for (i = 0; i < 6; i++) + { + mp4ff_read_char(f); /* reserved */ +@@ -380,12 +392,16 @@ static int32_t mp4ff_read_stsd(mp4ff_t *f) + int32_t i; + uint8_t header_size = 0; + ++/* CVE-2017-9218 */ ++if (f->total_tracks == 0) ++return f->error++; ++ + mp4ff_read_char(f); /* version */ + mp4ff_read_int24(f); /* flags */ + + f->track[f->total_tracks - 1]->stsd_entry_count = mp4ff_read_int32(f); + +-for (i = 0; i < f->track[f->total_tracks - 1]->stsd_entry_count; i++) ++for (i = 0; i < f->track[f->total_tracks - 1]->stsd_entry_count && !f->stream->read_error; i++) /* CVE-2017-9253 */ + { + uint64_t
Bug#868936: marked as done (vlc: port to libupnp-1.8)
Your message dated Wed, 30 Aug 2017 19:40:28 + with message-id and subject line Bug#868936: fixed in vlc 2.2.6-5 has caused the Debian Bug report #868936, regarding vlc: port to libupnp-1.8 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 868936: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868936 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: src:vlc Version: 2.2.6-3ukl1 Severity: wishlist Tags: patch Hello, currently there are two versions of libupnp in the archive (libupnp6 and libupnp-1.8-10). To be able to remove libupnp6 (i.e. the older of the two) it is necessary to port vlc (and all other rdepends) to libupnp-1.8. The patch below implements this for vlc. With this applied I can still playback videos with vlc. Best regards and thanks Uwe -->8-- From: Uwe Kleine-König Date: Wed, 19 Jul 2017 17:26:52 +0200 Subject: [PATCH] Port vlc to libupnp-1.8 --- debian/changelog | 6 ++ debian/control| 2 +- debian/patches/0014-port-to-libupnp-1.8.patch | 107 ++ debian/patches/series | 1 + 4 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 debian/patches/0014-port-to-libupnp-1.8.patch diff --git a/debian/changelog b/debian/changelog index fffe2478af58..c9cc38b82630 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vlc (2.2.6-4) UNRELEASED; urgency=medium + + * Port to libupnp-1.8 + + -- Uwe Kleine-König Wed, 19 Jul 2017 17:25:10 +0200 + vlc (2.2.6-3) unstable; urgency=medium [ Mateusz Łukasik ] diff --git a/debian/control b/debian/control index b9c6addd8c3f..601971f80e55 100644 --- a/debian/control +++ b/debian/control @@ -87,7 +87,7 @@ Build-Depends: autopoint, libtheora-dev (>= 1.0), libtwolame-dev (>= 0.3.8), libudev-dev [linux-any], - libupnp-dev, + libupnp-1.8-dev, libv4l-dev [linux-any], libva-dev [kfreebsd-any linux-any], libvcdinfo-dev (>= 0.7.22), diff --git a/debian/patches/0014-port-to-libupnp-1.8.patch b/debian/patches/0014-port-to-libupnp-1.8.patch new file mode 100644 index ..a24f42c7417b --- /dev/null +++ b/debian/patches/0014-port-to-libupnp-1.8.patch @@ -0,0 +1,107 @@ +--- a/configure.ac b/configure.ac +@@ -4040,7 +4040,7 @@ + dnl + dnl UPnP Plugin (Intel SDK) + dnl +-PKG_ENABLE_MODULES_VLC([UPNP], [upnp], [libupnp], [Intel UPNP SDK],[auto]) ++PKG_ENABLE_MODULES_VLC([UPNP], [upnp], [libupnp-1.8], [Intel UPNP SDK],[auto]) + + EXTEND_HELP_STRING([Misc options:]) + +--- a/modules/services_discovery/upnp.hpp b/modules/services_discovery/upnp.hpp +@@ -28,8 +28,8 @@ + #include + #include + +-#include +-#include ++#include ++#include + + #include + +--- a/modules/services_discovery/upnp.cpp b/modules/services_discovery/upnp.cpp +@@ -80,7 +80,7 @@ + /* + * Local prototypes + */ +-static int Callback( Upnp_EventType event_type, void* p_event, void* p_user_data ); ++static int Callback( Upnp_EventType event_type, const void* p_event, void* p_user_data ); + + const char* xml_getChildElementValue( IXML_Element* p_parent, + const char* psz_tag_name ); +@@ -325,7 +325,7 @@ + /* + * Handles all UPnP events + */ +-static int Callback( Upnp_EventType event_type, void* p_event, void* p_user_data ) ++static int Callback( Upnp_EventType event_type, const void* p_event, void* p_user_data ) + { + services_discovery_t* p_sd = ( services_discovery_t* ) p_user_data; + services_discovery_sys_t* p_sys = p_sd->p_sys; +@@ -336,22 +336,23 @@ + case UPNP_DISCOVERY_ADVERTISEMENT_ALIVE: + case UPNP_DISCOVERY_SEARCH_RESULT: + { +-struct Upnp_Discovery* p_discovery = ( struct Upnp_Discovery* )p_event; ++const UpnpDiscovery* p_discovery = ( const UpnpDiscovery* )p_event; + + IXML_Document *p_description_doc = 0; + + int i_res; +-i_res = UpnpDownloadXmlDoc( p_discovery->Location, &p_description_doc ); ++i_res = UpnpDownloadXmlDoc( UpnpDiscovery_get_Location_cstr( p_discovery ), ++ &p_description_doc ); + if ( i_res != UPNP_E_SUCCESS ) + { + msg_Warn( p_sd, "Could not download device description! " + "Fetching data from %s failed: %s", +-p_discovery->Location, UpnpGetErrorMessage( i_res ) ); ++
vlc_2.2.6-5_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 30 Aug 2017 20:57:06 +0200 Source: vlc Binary: vlc libvlc-dev libvlc5 libvlccore-dev libvlccore8 libvlc-bin vlc-bin vlc-data vlc-l10n vlc-plugin-base vlc-plugin-access-extra vlc-plugin-video-output vlc-plugin-video-splitter vlc-plugin-visualization vlc-plugin-skins2 vlc-plugin-qt vlc-plugin-fluidsynth vlc-plugin-jack vlc-plugin-notify vlc-plugin-sdl vlc-plugin-svg vlc-plugin-zvbi vlc-plugin-samba Architecture: source Version: 2.2.6-5 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Sebastian Ramacher Description: libvlc-bin - tools for VLC's base library libvlc-dev - development files for libvlc libvlc5- multimedia player and streamer library libvlccore-dev - development files for libvlccore libvlccore8 - base library for VLC and its modules vlc- multimedia player and streamer vlc-bin- binaries from VLC vlc-data - Common data for VLC vlc-l10n - Translations for VLC vlc-plugin-access-extra - multimedia player and streamer (extra access plugins) vlc-plugin-base - multimedia player and streamer (base plugins) vlc-plugin-fluidsynth - FluidSynth plugin for VLC vlc-plugin-jack - Jack audio plugins for VLC vlc-plugin-notify - LibNotify plugin for VLC vlc-plugin-qt - multimedia player and streamer (Qt plugin) vlc-plugin-samba - Samba plugin for VLC vlc-plugin-sdl - SDL video and audio output plugin for VLC vlc-plugin-skins2 - multimedia player and streamer (Skins2 plugin) vlc-plugin-svg - SVG plugin for VLC vlc-plugin-video-output - multimedia player and streamer (video output plugins) vlc-plugin-video-splitter - multimedia player and streamer (video splitter plugins) vlc-plugin-visualization - multimedia player and streamer (visualization plugins) vlc-plugin-zvbi - VBI teletext plugin for VLC Closes: 868936 Changes: vlc (2.2.6-5) unstable; urgency=medium . * debian/control: Bump Standards-Version. * debian/patches: Add support for libupnp 1.8. (Closes: #868936) Checksums-Sha1: 8a2f8039995513c326849af5409be220825496ee 6205 vlc_2.2.6-5.dsc 1a476b124fae657e65c0f0b721402ee79269aef4 80696 vlc_2.2.6-5.debian.tar.xz Checksums-Sha256: 4026881ead94211c79055d50766b2e6e95030df56bef8d01129289ccb4eb96cc 6205 vlc_2.2.6-5.dsc 707d5f0518ba37091083c6c389c6b756da5353302293f1b630b3725d2ba4bebd 80696 vlc_2.2.6-5.debian.tar.xz Files: 2c9cff8323fe72da1f7a441027875c05 6205 video optional vlc_2.2.6-5.dsc d0211d1db60762a93324ed37c62869ae 80696 video optional vlc_2.2.6-5.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAlmnD1EACgkQafL8UW6n GZPtxw//TthggGQu4a+oBIzZosWLBbvmU82K0iQwZ/eV/3QcvPLZB8CCrYKfk/g1 Xs/0fxMlH+l+UXlvlJ2JL1nwqU8jVpIDUTVgeDPENQ4XodrQxcDq2q9x6NR4U0vM r7N88Bnkz9BcSK/YqUJABZtbmtzQAwT/tLszE6+6922wL3rMHOar9Git58yV3O96 RnnJgFOIhXiPEcqu7uz1tToKU08xtf0yJbKOOzMJC7eQRRgIo/mknZ79ozNmKHVB JPkc9QI9T/YRfWR9WnaCKSWVAEY9H2o91UnrwHroQjjn1zwpfpGJaitVYD4myube RzQF4vMD1nU/bplzMWbdmh67lOs1N9pYWP/DpuFGfWbCvtvp7cc6UOboopQQn8de gtaasrGpJ8po6G9JhZe/B+tGJxPekCfcpG3Ho9/UtDHMzn79knigOGoTAwlsCnwk sQNpzsvI+rmbdLRQhq4/cVjOyk5bRnVaOsXr30XKrmEaJjl6UdpITluSgnqAbefr CBen7jc8EpMVfFli9p0Ej2RXv5c5sH2V1zpIGAZD31KjkrQSTTvVgVCMI7EJctPm Exys4+ZocJeSW54W7wNZqYh642M0wWazVgsG3a/SNS73QmEjZqE8RLHzvjk2PxSi Qz07hxGBMBrwVhlCaELsOQhTbne9rCnV57EA4r8llcShvHiZA1w= =p3wt -END PGP SIGNATURE- Thank you for your contribution to Debian. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#868936: vlc: port to libupnp-1.8
Hi Uwe On 2017-08-30 10:20:03, Uwe Kleine-König wrote: > On 08/29/2017 09:24 PM, Sebastian Ramacher wrote: > > Control: clone -1 -2 > > Control: reassign -2 libupnp1.8-dev 1:1.8.2-1 > > Control: retitle -2 libupnp1.8-dev: Please take over libupnp-dev > > Control: block -1 by -2 > > > > As the title says, please take over libupnp-dev and coordinate the > > transition > > with the release team. > > This is the eventual plan and the reason I'm working on getting rdeps of > libupnp6 to move to the new libupnp1.8. Then libupnp6 can go away and I > maintain a package less :-) Then please follow the normal library transition procedure: - Prepare a libupnp-dev provided by pupnp-1.8 in experimental. - If reverse build dependencies of libupnp-dev do not build with the version in experimental, file bugs. - Coordinate the transition with the release team. This avoid a lot of really unnecessary changes in build dependencies. Thanks! > I'd like to create patches for all rdeps first though and vlc is my > stalking-horse. Once vlc is converted I want to address the other > affected packages. A patch for 1.8 support has been merged. Once the transition starts, vlc will switch to 1.8. Cheers -- Sebastian Ramacher signature.asc Description: PGP signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processing of vlc_2.2.6-5_source.changes
vlc_2.2.6-5_source.changes uploaded successfully to localhost along with the files: vlc_2.2.6-5.dsc vlc_2.2.6-5.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org) ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processed: Bug#868936 marked as pending
Processing commands for cont...@bugs.debian.org: > tag 868936 pending Bug #868936 [vlc] vlc: port to libupnp-1.8 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 868936: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868936 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#873718: Fixes for security vulnerabilities on libgig?
On Wednesday, August 30, 2017 15:09:39 Raphael Hertzog wrote: > [ Copy to the Debian bugtracker ] > > Hello Christian, Hi Raphael, > a few security issues have been reported against libgig: > http://seclists.org/fulldisclosure/2017/Aug/39 > > The reproducer files are attached too: > http://seclists.org/fulldisclosure/2017/Aug/att-39/poc_zip.bin > > I wanted to check that you were aware of those issues and if > you had any patch already. Thanks for letting me know. And no, I don't have any patch against those issues on my side yet. I see you already came up with some, so I will have a look at your patches. > I could not find any bug tracker > with open issues so I'm writing to you directly. The subversion > repository has no recent history related to those issues either. We do have a bug tracker: https://bugs.linuxsampler.org However it currently does not accept new user (self)registrations, because we had to struggle with massive spam bot attacks on that tracker. So we decided to disable self-registrations for a while. Thanks! CU Christian ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processed: found 873718 in 4.0.0-3
Processing commands for cont...@bugs.debian.org: > found 873718 4.0.0-3 Bug #873718 [src:libgig] Multiple security issues (CVE-2017-12950 to CVE-2017-12954) Marked as found in versions libgig/4.0.0-3. > thanks Stopping processing here. Please contact me if you need assistance. -- 873718: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873718 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#873718: Fixes for security vulnerabilities on libgig?
On Wed, Aug 30, 2017 at 04:34:44PM +0200, Salvatore Bonaccorso wrote: > Hi > > All, but not CVE-2017-12951 are probably fixed already with the > 4.0.0-4 upload to unstable today. Might actually just uncover another problem after the fix. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#873718: Fixes for security vulnerabilities on libgig?
Hi All, but not CVE-2017-12951 are probably fixed already with the 4.0.0-4 upload to unstable today. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processed: tagging 873718
Processing commands for cont...@bugs.debian.org: > tags 873718 + upstream Bug #873718 [src:libgig] Multiple security issues (CVE-2017-12950 to CVE-2017-12954) Added tag(s) upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 873718: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873718 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
About the security issues affecting mpg123 in Wheezy
Hello Sebastian, The Debian LTS team recently reviewed the security issue(s) affecting your package in Wheezy: https://security-tracker.debian.org/tracker/CVE-2017-12797 (and there are few other older issues that have been also ignored up to now) We decided that we would not prepare a wheezy security update (usually because the security impact is low and that we concentrate our limited resources on higher severity issues and on the most widely used packages). That said the wheezy users would most certainly benefit from a fixed package. If you want to work on such an update, you're welcome to do so. Please try to follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-...@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. However please make sure to submit a tested package. Thank you very much. Raphaël Hertzog, on behalf of the Debian LTS team. -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#873718: Fixes for security vulnerabilities on libgig?
[ Copy to the Debian bugtracker ] Hello Christian, a few security issues have been reported against libgig: http://seclists.org/fulldisclosure/2017/Aug/39 The reproducer files are attached too: http://seclists.org/fulldisclosure/2017/Aug/att-39/poc_zip.bin I wanted to check that you were aware of those issues and if you had any patch already. I could not find any bug tracker with open issues so I'm writing to you directly. The subversion repository has no recent history related to those issues either. Thank you! -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#873718: Multiple security issues (CVE-2017-12950 to CVE-2017-12954)
Source: libgig X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: grave Tags: security Hi, the following vulnerabilities were published for libgig. See http://seclists.org/fulldisclosure/2017/Aug/39 for the initial report with reproducer files. CVE-2017-12950[0]: | The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows | remote attackers to cause a denial of service (NULL pointer | dereference and application crash) via a crafted gig file. CVE-2017-12951[1]: | The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in | libgig 4.0.0 allows remote attackers to cause a denial of service | (stack-based buffer over-read and application crash) via a crafted gig | file. CVE-2017-12952[2]: | The LoadString function in helper.h in libgig 4.0.0 allows remote | attackers to cause a denial of service (NULL pointer dereference and | application crash) via a crafted gig file. CVE-2017-12953[3]: | The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in | libgig 4.0.0 allows remote attackers to cause a denial of service | (invalid memory write and application crash) via a crafted gig file. CVE-2017-12954[4]: | The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig | 4.0.0 allows remote attackers to cause a denial of service (invalid | memory read and application crash) via a crafted gig file. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-12950 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12950 [1] https://security-tracker.debian.org/tracker/CVE-2017-12951 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12951 [2] https://security-tracker.debian.org/tracker/CVE-2017-12952 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12952 [3] https://security-tracker.debian.org/tracker/CVE-2017-12953 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12953 [4] https://security-tracker.debian.org/tracker/CVE-2017-12954 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12954 Please adjust the affected versions in the BTS as needed. -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Yellow Croakers
[ View in browser ]( http://r.newsletter.bonescamail.nl/pr33rfq6oatrf.html ) UNLOADED TODAY: Yellow Croakers / Maluwa / Micropogonias Furnieri Size: 1 kilo up Packing: 10 kilo Origin: Argentina 1 box: € 2,55 10 box: € 2,35 1 palet (60 box) € 2,25 3 palets (180 box) € 2,05 (departure URK) 5 palets (300 box) € 1,99 per netto kilo (departure URK) Scroll down for some pictures of this loads: This email was sent to pkg-multimedia-maintainers@lists.alioth.debian.org You received this email because you are registered with Bonesca Import en Export BV [ Unsubscribe here ]( http://r.newsletter.bonescamail.nl/pr33rfq6oatrg.html ) Sent by [ ]( http://r.newsletter.bonescamail.nl/track/click/2v0cf1qwdaoatrd ) © 2017 Bonesca Import en Export BV ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#873710: gavl FTCBFS: tries to figure out whether CLOCK_MONOTONIC works
Source: gavl Version: 1.4.0-4 Tags: patch upstream User: helm...@debian.org Usertags: rebootstrap gavl fails to cross build from source, because it tries to figure out whether CLOCK_MONOTONIC works. Such a test has no meaning as that is a runtime property and may change from system to system (in theory). We are best off assuming that it works when it is available thus converting AC_TRY_RUN into AC_TRY_COMPILE and fixing the cross build. Please consider applying the attached patch. Helmut diff --minimal -Nru gavl-1.4.0/debian/changelog gavl-1.4.0/debian/changelog --- gavl-1.4.0/debian/changelog 2016-02-18 02:24:42.0 +0100 +++ gavl-1.4.0/debian/changelog 2017-08-30 12:13:35.0 +0200 @@ -1,3 +1,10 @@ +gavl (1.4.0-4.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Fix FTCBFS: 0004-cross.patch. (Closes: #-1) + + -- Helmut Grohne Wed, 30 Aug 2017 12:13:35 +0200 + gavl (1.4.0-4) unstable; urgency=medium * Team upload diff --minimal -Nru gavl-1.4.0/debian/patches/0004-cross.patch gavl-1.4.0/debian/patches/0004-cross.patch --- gavl-1.4.0/debian/patches/0004-cross.patch 1970-01-01 01:00:00.0 +0100 +++ gavl-1.4.0/debian/patches/0004-cross.patch 2017-08-30 12:13:35.0 +0200 @@ -0,0 +1,33 @@ +From: Helmut Grohne +Subject: fix cross compilation + +Trying to determine whether CLOCK_MONOTONIC works is in vein, because it may +differ from the buildd (in theory) being a runtime property of the kernel. For +compiling gavl, it is sufficient to know that the macro is defined and to +assume that on Debian systems CLOCK_MONOTONIC always works when it is defined. + +Index: gavl-1.4.0/configure.ac +=== +--- gavl-1.4.0.orig/configure.ac gavl-1.4.0/configure.ac +@@ -159,17 +159,12 @@ + + AC_MSG_CHECKING(for CLOCK_MONOTONIC) + +-AC_TRY_RUN([ ++AC_TRY_COMPILE([ + #include + #include +-main() +- { ++],[ + struct timespec tp; +- if(clock_gettime(CLOCK_MONOTONIC, &tp)) +-return -1; +- else +-return 0; +- } ++ clock_gettime(CLOCK_MONOTONIC, &tp); + ], + [ + # program could be run diff --minimal -Nru gavl-1.4.0/debian/patches/series gavl-1.4.0/debian/patches/series --- gavl-1.4.0/debian/patches/series2016-02-18 02:17:38.0 +0100 +++ gavl-1.4.0/debian/patches/series2017-08-30 12:11:26.0 +0200 @@ -1,3 +1,4 @@ 0001-ubuntu_armel_ftbfs.patch 0002-cpuid_x32.patch 0003-nonfatal-missing-doxygen.patch +0004-cross.patch ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#868936: vlc: port to libupnp-1.8
Hello Sebastian, On 08/29/2017 09:24 PM, Sebastian Ramacher wrote: > Control: clone -1 -2 > Control: reassign -2 libupnp1.8-dev 1:1.8.2-1 > Control: retitle -2 libupnp1.8-dev: Please take over libupnp-dev > Control: block -1 by -2 > > As the title says, please take over libupnp-dev and coordinate the transition > with the release team. This is the eventual plan and the reason I'm working on getting rdeps of libupnp6 to move to the new libupnp1.8. Then libupnp6 can go away and I maintain a package less :-) I'd like to create patches for all rdeps first though and vlc is my stalking-horse. Once vlc is converted I want to address the other affected packages. Best regards Uwe signature.asc Description: OpenPGP digital signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers