Re: Fixing #654506 and #674386 in Wheezy
On 11/07/12 16:01, Felipe Sateler wrote: On Wed, Jul 11, 2012 at 8:20 AM, Mehdi Dogguy wrote: Hi, We would like to fix #654506 and #674386 in Wheezy. Unfortunately, we are not able to accept supercollider/1:3.5.2-1 from Unstable since the changes are quite large. I think you mean 1:3.5.3~repack-1? Yes, sorry. It was a bad copy/paste :/ That is what's currently in unstable, and 1:3.5.2-1 was uploaded before the freeze. Unfortunately, it couldn't migrate because it failed to build on non-x86 archs. We are currently working on fixing that. So, in a way, the changes are not that large ;). We don't seem to have the same definition of "large". For this specific case, the changes between the unblocked version and sid's current version look like: $ debdiff supercollider_3.5.2-1.dsc supercollider_3.5.3~repack-1.dsc \ | diffstat | tail -n1 3040 files changed, 5266 insertions(+), 581639 deletions(-) This pretty looks as "large". Ignoring the bits that were deleted when repacking, the debian/ directory, etc… this leads us to: 53 files changed, 746 insertions(+), 701 deletions(-) which is nicer indeed but still qualifies as large. Why did you import 3.5.3 instead of working on fixing 3.5.2? (I'm not sure it is relevant now but that might help us to understand the situation better). I had planned to mail d-r after we got the last round of fixes ready. Is there a chance we can convince you to let 3.5.3 migrate to testing? We would prefer targeted fixes based on the version of testing. Kind Regards, -- Mehdi Dogguy مهدي الدڤي ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Fixing #654506 and #674386 in Wheezy
Hi, We would like to fix #654506 and #674386 in Wheezy. Unfortunately, we are not able to accept supercollider/1:3.5.2-1 from Unstable since the changes are quite large. Usually, we ask the maintainer to prepare an upload based on testing's source package and targeting testing-proposed-updates. But for this specific case, I'm not sure what would the best step forward as you seem not interested in fixing #674386 (cf. [1]). Since the package has not been part of any previous stable release, one solution could be to remove this package from testing. What do you think? Regards, [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674386#10 -- Mehdi Dogguy مهدي الدڤي ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#646937: [Secure-testing-team] Bug#646937: CVE-2011-3625: Buffer overflow in SAMI parsing
On 10/28/2011 07:57 PM, Michael Gilbert wrote: > On Fri, Oct 28, 2011 at 9:20 AM, Mehdi Dogguy wrote: >> Package: mplayer2 >> Version: 2.0-134-g84d8671-8 >> Severity: grave >> Tags: security >> Justification: user security hole >> >> Please see: >> http://www.openwall.com/lists/oss-security/2011/10/14/1 >> http://labs.mwrinfosecurity.com/files/Advisories/mwri_mplayer-sami-subtitles_2011-08-12.pdf >> >> Fix: >> http://git.mplayer2.org/mplayer2/commit/?id=27b88a09c5319deb62221b8cd0ecc14cd1136e4a > > How is this different from #645987? > #645987 was reported against mplayer (not mplayer2). I could have cloned the bugreport bug didn't think about that when closing it ; and re-assigning isn't appropriate since the issue is valid for both packages. I cc'ed the security team so that you can update security-tracker's data. Regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#646937: CVE-2011-3625: Buffer overflow in SAMI parsing
Package: mplayer2 Version: 2.0-134-g84d8671-8 Severity: grave Tags: security Justification: user security hole Please see: http://www.openwall.com/lists/oss-security/2011/10/14/1 http://labs.mwrinfosecurity.com/files/Advisories/mwri_mplayer-sami-subtitles_2011-08-12.pdf Fix: http://git.mplayer2.org/mplayer2/commit/?id=27b88a09c5319deb62221b8cd0ecc14cd1136e4a Regards, -- Mehdi -- System Information: Debian Release: 6.0.3 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'proposed-updates') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: x264 mini-transition
On 10/27/2011 07:08 PM, Reinhard Tartler wrote: > Hi dear release team, > > Now with libx264-118 in the archive, we can start transtion the existing > packages to the archive so that the new x264 package can transition to > testing. The following source packages need to be rebuilt: > > gst-plugins-ugly0.10 > libav-extra > libquicktime > mplayer > vlc > ben says that there is also: libquicktime and libav. http://release.debian.org/transitions/html/x264.html Regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: Upcoming Libav 0.7 transition
Package: release.debian.org Owner: siret...@debian.org Subject: transition: libav 0.7 User: release.debian@packages.debian.org Usertags: transition On 05/01/2011 06:46 PM, Reinhard Tartler wrote: I'd like to ask for permission to start a new Libav (the new FFmpeg) transition in unstable. The current package can be seen in experimental, basically all libraries bumped SONAME, so that the new release is co-installable with the Libav 0.6 series. I'm turning this into a bugreport, so that we don't forget about it. Regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Re: [Fwd: fatal error: audacious/util.h: No such file or directory]
On 15/04/2011 23:30, Bilal Akhtar wrote: Hi Mehdi and others, Thanks for notifying! I'll look into the issue tomorrow and am confident about a resolution this weekend. Thanks again, You're welcome. Are there any news? Regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Re: [Fwd: fatal error: audacious/util.h: No such file or directory]
On 04/12/2011 06:36 PM, Benjamin Drung wrote: Audacious is now under the hood of the Debian Multimedia Maintainers. hum... adding to CC: folks marked as Uploaders for audacious. are there any news here? Weitergeleitete Nachricht Von: Mehdi Dogguy An: audaci...@packages.debian.org Betreff: fatal error: audacious/util.h: No such file or directory Datum: Tue, 12 Apr 2011 10:56:27 +0200 Hi. It seems that audacious 2.4.4-1 misses some files in audacious-dev. Specifically, I don't see "audacious/util.h" and "audacious/output.h", although they are present in the source package. Maybe this was intended, but it's causing some packages to FTBFS (see list below). I didn't try to bring them back in the package to see it's enough to let other packages build... but can you please tell me if those are part of a deprecated API thrown away by upstream (and that's why they are not installed), or simply because they were forgotten at some point? This change introduced this list of FTBFSes: http://bugs.debian.org/620915 http://bugs.debian.org/620917 http://bugs.debian.org/620918 http://bugs.debian.org/620919 Those failures are preventing audacious and libmowgli from migrating to testing. Regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
fatal error: audacious/util.h: No such file or directory
Hi. It seems that audacious 2.4.4-1 misses some files in audacious-dev. Specifically, I don't see "audacious/util.h" and "audacious/output.h", although they are present in the source package. Maybe this was intended, but it's causing some packages to FTBFS (see list below). I didn't try to bring them back in the package to see it's enough to let other packages build... but can you please tell me if those are part of a deprecated API thrown away by upstream (and that's why they are not installed), or simply because they were forgotten at some point? This change introduced this list of FTBFSes: http://bugs.debian.org/620915 http://bugs.debian.org/620917 http://bugs.debian.org/620918 http://bugs.debian.org/620919 Those failures are preventing audacious and libmowgli from migrating to testing. Regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Bug#602860: mixxx: segfault on startup with QT network socket error
On 11/09/2010 02:01 PM, Alessio Treglia wrote: > On Mon, Nov 8, 2010 at 11:31 PM, Jonathan E. Magen > wrote: >> Warning: [Main]: Qt: Session management error: Could not open network socket >> Segmentation fault > > Although I cannot reproduce this segfault on my Squeeze with ATI > graphics driver enabled, I can confirm that the package is seriously > broken. > >> I asked the devs about it in #mixxx on irc.freenode.net and they encouraged >> me to request an upgrade to a more recent version of mixxx. I am reporting >> this bug as I do not want Squeeze to ship with a broken version of this >> package. Can we get an upgraded version of mixxx into squeeze? > > No, I am sorry but deep-freeze is in effect and recent upstream > release introduces too many new features. > > Dear release team, would you remove the package 'mixxx' from Squeeze? > Removal hint added. Regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Re: vlc 1.1.3
On 08/27/2010 12:28 AM, Christophe Mutricy wrote: > Hello, > > Mehdi Dogguy wrote: >> I'll unblock it later… > > vlc/1.1.3-1 has now built on all archs and is 5 days old. > Could you unblock it ? > Done. -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Bug#475279: Bug#555233: mediatomb: diff for NMU version 0.12.0~svn2018-4.1
Andres Mejia wrote: > On Thursday 04 February 2010 04:36:30 Mehdi wrote: >> tags 475279 + patch pending >> tags 555232 + patch pending >> tags 555233 + patch pending >> tags 560468 + patch pending >> thanks >> >> Dear maintainer, >> >> I've prepared an NMU for mediatomb (versioned as 0.12.0~svn2018-4.1) and >> uploaded it to DELAYED/2. Please feel free to tell me if I >> should delay it longer. >> >> I updated "mediatomb-get-orig-source" to remove the embedded >> prototype.js and use the one from the Debian package libjs-prototype, >> which seems to work fine with the Web UI. > > Thank you. I've applied your patch to the packaging for version > 0.12.0~svn2018-5 and uploaded it, save for one change. I've left out the Ok. I'll cancel my NMU then as soon as I see 0.12.0~svn2018-5 appear somewhere. I forgot to remove the mediatomb-common.lintian-override which became useless. Please remove it. > change to the meditomb-get-orig-source script, since a new orig tarball is > not > being uploaded. Also, I prefer to implement a way where mediatomb's build Even if you don't upload a new version, having the change applied to the script doesn't harm and doesn't force to upload a new tarball. > system has an option to either use the system libjs-prototype library, or the > internal one. Reason being that using the system library has had other > problems before (web interface being completely unusable). > Yes, I saw that in the bugreports. It appears that libjs-prototype is used by several packages. The maintainer of libjs-prototype (CC'ed) should coordinate with you future uploads and agree on the version you want to have in the distribution (like what's done with C libraries for example). Cheers, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Bug#475279: Fwd: Bug#475279: mediatomb-common: Don't embedd prototype.js
Sergey 'Jin' Bostandzhyan wrote: > Hi, > > On Wed, Feb 03, 2010 at 10:12:08PM +0100, Mehdi wrote: >>> I'm not sure if Leo already told you this, but here's a bug asking for >>> mediatomb not to use an embedded prototype.js. >>> >>> I've already tried using the prototype.js delivered in Debian (version >>> 1.6.0.2). It's giving me problems with the web UI where I can't click over >>> to "Filesystem" to browse my computer. The prototype.js embedded in >>> mediatomb >>> is version 1.5.1.1. >>> >> I've just test mediatomb with debian-shipped prototype 1.6.1 but got >> no issues. The UI is working fine, and I'm able to click over >> "Filesystem" to browse my computer. Do you think that 1.6.1 fixed the >> problems encoutered while using 1.6.0? > > we have prototype 1.6.1 in SVN now and the web UI works fine with it. We are > still embedding it, because prototype updates can break functionality, at > least > it did happen in the past a couple of times. > thanks for the fast answer! > You could patch it out in the .deb package so that the system wide prototype > is used, however care should be takaen when it is being updated, i.e. it will > need testing to be sure that a newer prototype version does not break the UI. > That could be coordinated with the usual libjs-prototype maintainer (CC'ed) when updates happen. At least, maintainers of software using prototypejs should be warned before a new version is being uploaded so that they can test their packages and detect possible breakage. Kind regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Bug#555233: duplicate
forcemerge 475279 555233 severity 555233 serious thanks 555233 seems to be a duplicate of #475279. The security team considers this as an RC bug. Thus, I'm raising the severity to « serious ». Regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers