Bug#725144: libvirt-bin: Please build with apparmor support.

[Felix Geyer]

I've ported and tested the libvirt AppArmor support from the Ubuntu package.

The only difference in the profiles is this addition to 
usr.lib.libvirt.virt-aa-helper:
  /etc/libnl-[0-9]/classid r,

It can be enabled by setting this in /etc/libvirt/qemu.conf:
security_driver = "apparmor"

Cheers,
Felix

PS: Could you please enable parallel building: dh $@ 
--builddirectory=$(DEB_BUILDDIR) --parallel.
That makes test-building so much more fun ;)
diff -Nru libvirt-1.2.0/debian/apparmor/libvirt-qemu 
libvirt-1.2.0/debian/apparmor/libvirt-qemu
--- libvirt-1.2.0/debian/apparmor/libvirt-qemu  1970-01-01 01:00:00.0 
+0100
+++ libvirt-1.2.0/debian/apparmor/libvirt-qemu  2013-11-12 18:47:24.0 
+0100
@@ -0,0 +1,140 @@
+# Last Modified: Wed Jul  8 09:57:41 2009
+
+  #include 
+  #include 
+  #include 
+
+  # required for reading disk images
+  capability dac_override,
+  capability dac_read_search,
+  capability chown,
+
+  # needed to drop privileges
+  capability setgid,
+  capability setuid,
+
+  # this is needed with libcap-ng support, however it breaks a lot of things
+  # atm, so just silence the denial until libcap-ng works right. LP: #522845
+  deny capability setpcap,
+
+  network inet stream,
+  network inet6 stream,
+
+  /dev/net/tun rw,
+  /dev/tap* rw,
+  /dev/kvm rw,
+  /dev/ptmx rw,
+  /dev/kqemu rw,
+  @{PROC}/*/status r,
+  owner @{PROC}/*/auxv r,
+  @{PROC}/sys/vm/overcommit_memory r,
+
+  # For hostdev access. The actual devices will be added dynamically
+  /sys/bus/usb/devices/ r,
+  /sys/devices/**/usb[0-9]*/** r,
+
+  # WARNING: this gives the guest direct access to host hardware and specific
+  # portions of shared memory. This is required for sound using ALSA with kvm,
+  # but may constitute a security risk. If your environment does not require
+  # the use of sound in your VMs, feel free to comment out or prepend 'deny' to
+  # the rules for files in /dev.
+  /{dev,run}/shm r,
+  /{dev,run}/shmpulse-shm* r,
+  /{dev,run}/shmpulse-shm* rwk,
+  /dev/snd/* rw,
+  capability ipc_lock,
+  # spice
+  /usr/bin/qemu-system-i386-spice rmix,
+  /usr/bin/qemu-system-x86_64-spice rmix,
+  /run/shm/ r,
+  owner /run/shm/spice.* rw,
+  # 'kill' is not required for sound and is a security risk. Do not enable
+  # unless you absolutely need it.
+  deny capability kill,
+
+  # Uncomment the following if you need access to /dev/fb*
+  #/dev/fb* rw,
+
+  /etc/pulse/client.conf r,
+  @{HOME}/.pulse-cookie rwk,
+  owner /root/.pulse-cookie rwk,
+  owner /root/.pulse/ rw,
+  owner /root/.pulse/* rw,
+  /usr/share/alsa/** r,
+  owner /tmp/pulse-*/ rw,
+  owner /tmp/pulse-*/* rw,
+  /var/lib/dbus/machine-id r,
+
+  # access to firmware's etc
+  /usr/share/kvm/** r,
+  /usr/share/qemu/** r,
+  /usr/share/bochs/** r,
+  /usr/share/openbios/** r,
+  /usr/share/openhackware/** r,
+  /usr/share/proll/** r,
+  /usr/share/vgabios/** r,
+  /usr/share/seabios/** r,
+  /usr/share/ovmf/** r,
+
+  # access PKI infrastructure
+  /etc/pki/libvirt-vnc/** r,
+
+  # the various binaries
+  /usr/bin/kvm rmix,
+  /usr/bin/qemu rmix,
+  /usr/bin/qemu-system-arm rmix,
+  /usr/bin/qemu-system-cris rmix,
+  /usr/bin/qemu-system-i386 rmix,
+  /usr/bin/qemu-system-m68k rmix,
+  /usr/bin/qemu-system-mips rmix,
+  /usr/bin/qemu-system-mips64 rmix,
+  /usr/bin/qemu-system-mips64el rmix,
+  /usr/bin/qemu-system-mipsel rmix,
+  /usr/bin/qemu-system-ppc rmix,
+  /usr/bin/qemu-system-ppc64 rmix,
+  /usr/bin/qemu-system-ppcemb rmix,
+  /usr/bin/qemu-system-sh4 rmix,
+  /usr/bin/qemu-system-sh4eb rmix,
+  /usr/bin/qemu-system-sparc rmix,
+  /usr/bin/qemu-system-sparc64 rmix,
+  /usr/bin/qemu-system-x86_64 rmix,
+  /usr/bin/qemu-system-x86_64-spice rmix,
+  /usr/bin/qemu-alpha rmix,
+  /usr/bin/qemu-arm rmix,
+  /usr/bin/qemu-armeb rmix,
+  /usr/bin/qemu-cris rmix,
+  /usr/bin/qemu-i386 rmix,
+  /usr/bin/qemu-m68k rmix,
+  /usr/bin/qemu-mips rmix,
+  /usr/bin/qemu-mipsel rmix,
+  /usr/bin/qemu-ppc rmix,
+  /usr/bin/qemu-ppc64 rmix,
+  /usr/bin/qemu-ppc64abi32 rmix,
+  /usr/bin/qemu-sh4 rmix,
+  /usr/bin/qemu-sh4eb rmix,
+  /usr/bin/qemu-sparc rmix,
+  /usr/bin/qemu-sparc64 rmix,
+  /usr/bin/qemu-sparc32plus rmix,
+  /usr/bin/qemu-sparc64 rmix,
+  /usr/bin/qemu-x86_64 rmix,
+
+  # for save and resume
+  /bin/dash rmix,
+  /bin/dd rmix,
+  /bin/cat rmix,
+  /etc/pki/CA/ r,
+  /etc/pki/CA/* r,
+  /etc/pki/libvirt/ r,
+  /etc/pki/libvirt/** r,
+
+  # for rbd
+  /etc/ceph/ceph.conf r,
+
+  # for access to hugepages
+  owner "/run/hugepages/kvm/libvirt/qemu/**" rw,
+
+  # for usb access
+  /dev/bus/usb/ r,
+  /etc/udev/udev.conf r,
+  /sys/bus/ r,
+  /sys/class/ r,
diff -Nru libvirt-1.2.0/debian/apparmor/local-usr.sbin.libvirtd 
libvirt-1.2.0/debian/apparmor/local-usr.sbin.libvirtd
--- libvirt-1.2.0/debian/apparmor/local-usr.sbin.libvirtd   1970-01-01 
01:00:00.0 +0100
+++ libvirt-1.2.0/debian/apparmor/local-usr.sbin.libvirtd   2012-12-05 
23:37:34.0 +0100
@@ -0,0 +1,2 @@
+# Site-specific additions and overrides 

Bug#725144: [Pkg-libvirt-maintainers] Bug#725144: libvirt-bin: Please build with apparmor support.

[Felix Geyer]

Hi,

On 04.01.2014 18:19, Guido Günther wrote:
> Hi Felix,
> On Fri, Jan 03, 2014 at 10:58:14PM +0100, Felix Geyer wrote:
>> I've ported and tested the libvirt AppArmor support from the Ubuntu package.
>>
>> The only difference in the profiles is this addition to 
>> usr.lib.libvirt.virt-aa-helper:
>>   /etc/libnl-[0-9]/classid r,
>>
>> It can be enabled by setting this in /etc/libvirt/qemu.conf:
>> security_driver = "apparmor"
> 
> Can you please work on upsreaming this? I don't see why this should be
> in the Debian package. Who is going to maintain this policies in the
> future?
> Cheers,
>  -- Guido

The upstream source already contains example profiles. It's generally not 
feasible to
maintain AppArmor profiles upstream because of distro differences and changes.

The profiles usr.sbin.libvirtd and usr.lib.libvirt.virt-aa-helper could be 
easily
maintained in a separate apparmor profile package. intrigeri proposed a
apparmor-profiles-extra package [1] that would be maintained by an AppArmor 
Debian team.
I am committed to maintain the libvirt profiles.

Having libvirt-qemu outside of libvirt is problematic because the AppArmor 
driver of
libvirt uses it to generate profiles for the VMs. When it's missing starting 
VMs will
fail (when the AppArmor driver is enabled).

Cheers,
Felix

[1] https://lists.ubuntu.com/archives/apparmor/2014-January/004876.html


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#604763: Missing IRC-More plugin

[Felix Geyer]

severity 604763 important
thanks

Increasing severity to important as this is a regression.




-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#736087: [debian-mysql] Bug#736087: mysql-5.5: Please install AppArmor profile on Debian too

[Felix Geyer]

dh_apparmor is still only called on Ubuntu:
if [ "$(DISTRIBUTION)" = "Ubuntu" ]; then \
  dh_apparmor -pmysql-server-5.5 --profile-name=usr.sbin.mysqld; \
fi

That means all the postinst magic is missing to create 
/etc/apparmor.d/local/usr.sbin.mysqld and load the profile.


Cheers,
Felix


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#725144: [Pkg-libvirt-maintainers] Bug#725144: libvirt-bin: Please build with apparmor support.

[Felix Geyer]

Hi,

On 07.01.2014 17:18, Guido Günther wrote:
> We should at least maintain the common parts upstream then. The include
> mechanism could cater for distro specific changes. We could also
> preprocess these files during build time to fixup path differences like
> we do for init scripts and other stuff already. Additinoally we can use
> a diff against the upstream example. All is better than doing this all
> by hand.
> 
> I'd be happy to help with that given that your patient enough with me
> being a apparmor newbie. If looked at the profiles in a bit more detail:
> 
> * libvirt-qemu - this file has several additions that aren't needed for
>   Debian, the upstream file could be adopted with minimal additions
> * TEMPLATE: 100% identical
> * usr.lib.libvirt.virt-aa-helper This file has several additions which
>   puzzle me - we do allow access to images _and_ certain directories.
>   isn't the former enough?

No, "/path/** r" doesn't give you access to /path/, so I think stat, readdir, 
etc.
on /path are not allowed.

> * usr.sbin.libvirtd minimal differences suitable upstream

I'll have a more detailed look at the differences between the upstream and
Ubuntu profiles tomorrow to see which parts are upstreamable.
Would you accept a patch with the necessary profile changes in the meantime?
The policies shipped by upstream don't work as they are right now (starting VMs 
fails).

>> The profiles usr.sbin.libvirtd and usr.lib.libvirt.virt-aa-helper could be 
>> easily
>> maintained in a separate apparmor profile package. intrigeri proposed a
>> apparmor-profiles-extra package [1] that would be maintained by an AppArmor 
>> Debian team.
>> I am committed to maintain the libvirt profiles.
> 
> Great! I'd still prefer if this would happen upstream but that's totally
> your decision as maintainer of the profiles. See above.
> 
>> Having libvirt-qemu outside of libvirt is problematic because the AppArmor 
>> driver of
>> libvirt uses it to generate profiles for the VMs. When it's missing starting 
>> VMs will
>> fail (when the AppArmor driver is enabled).
> 
> That seems to happen in virt-aa-helper in create_profile. It looks as it
> wouldn't matter if libvirt-qemu is in libvirt-bin or a separate profile
> package. In case we find security_driver = "apparmor" in qemu.conf we
> could just error out if the (suggested by libvirt-bin) profile package
> isn't installed.
> 
> Would it already help if we build in apparmor support but don't ship any
> profiles until this is sorted out?

I was wrong about when the apparmor driver is enabled:
It's automatically enabled when /usr/sbin/libvirtd has an apparmor profile 
attached to it
and /etc/apparmor.d/libvirt/TEMPLATE exists. There's no need to enable it in 
the config.

So it would be feasible to maintain the profiles in a separate package. 
Personally I'd
prefer to ship them in libvirt since it requires some integration work and is 
not just
a profile that you stick into /etc/apparmor.d/.

I see you've already enabled the apparmor driver but the required binary
/usr/lib/libvirt/virt-aa-helper is not installed into libvirt-bin.
The postinst, postrm and cron.daily parts of my original patch are also 
desirable.
For example without the postinst changes the profiles are only loaded after a 
reboot.

Cheers,
Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#736459: Please enable hardened build flags

[Felix Geyer]

On 23.01.2014 21:41, Moritz Muehlenhoff wrote:
> Package: virtualbox
> Severity: important
> 
> Please build virtualbox with hardened build flags:
> https://wiki.debian.org/HardeningWalkthrough
> 
> Cheers,
> Moritz
> 

Unfortunately I don't think it's possible to pass build flags
to the virtualbox build system.
The only feasible way probably is to use hardening-wrapper.

Cheers,
Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#735410: virtualbox: CVE-2013-5892 CVE-2014-0407 CVE-2014-0406 CVE-2014-0404

[Felix Geyer]

On 15.01.2014 09:19, Moritz Muehlenhoff wrote:
> Package: virtualbox
> Severity: grave
> Tags: security
> 
> http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
> 
> Several vulnerabilities have been reported in VirtualBox. Details are scarce, 
> so
> please get in touch with upstream for more information on eventual backports
> to oldstable/stable. Judging from the CVSS scores this is likely only local
> denial of service, in that case we likely don't need a DSA.
> 
> CVE-2013-5892   
> CVE-2014-0407
> CVE-2014-0406
> CVE-2014-0404

Upstream kindly provided a patch that fixes the 4 CVEs. Attached are yet 
untested
debdiffs for wheezy and squeeze.
Do you want to handle this through a security update?
According to upstream the vulnerabilities are mostly about users on the VM 
being able
to crash their VM. No ways to execute code on the host are known.

> In addition CVE-2014-0405 seems to affect virtualbox-guest-additions-iso from 
> non-free

I guess we can't really fix that. The only option would be to upgrade the 
package
to 4.1.30 / 3.2.12.

Regards,
Felix
diff -Nru virtualbox-4.1.18-dfsg/debian/changelog 
virtualbox-4.1.18-dfsg/debian/changelog
--- virtualbox-4.1.18-dfsg/debian/changelog 2013-03-31 20:45:33.0 
+0200
+++ virtualbox-4.1.18-dfsg/debian/changelog 2014-01-28 21:18:42.0 
+0100
@@ -1,3 +1,11 @@
+virtualbox (4.1.18-dfsg-2+deb7u2) wheezy; urgency=high
+
+  * Apply fixes from the January 2014 security advisory. (Closes: #735410)
+- Add debian/patches/38-security-fixes-2014-01.patch
+- CVE-2013-5892, CVE-2014-0407, CVE-2014-0406, CVE-2014-0404
+
+ -- Felix Geyer   Tue, 28 Jan 2014 21:12:21 +0100
+
 virtualbox (4.1.18-dfsg-2+deb7u1) unstable; urgency=high
 
   * Fix build failure with the Debian wheezy kernel which backports the drm
diff -Nru virtualbox-4.1.18-dfsg/debian/patches/38-security-fixes-2014-01.patch 
virtualbox-4.1.18-dfsg/debian/patches/38-security-fixes-2014-01.patch
--- virtualbox-4.1.18-dfsg/debian/patches/38-security-fixes-2014-01.patch   
1970-01-01 01:00:00.0 +0100
+++ virtualbox-4.1.18-dfsg/debian/patches/38-security-fixes-2014-01.patch   
2014-01-28 21:20:29.0 +0100
@@ -0,0 +1,471 @@
+--- a/include/VBox/VMMDev.h
 b/include/VBox/VMMDev.h
+@@ -114,6 +114,10 @@
+ 
+ /** Maximum request packet size. */
+ #define VMMDEV_MAX_VMMDEVREQ_SIZE   _1M
++/** Maximum number of HGCM parameters. */
++#define VMMDEV_MAX_HGCM_PARMS   1024
++/** Maximum total size of hgcm buffers in one call. */
++#define VMMDEV_MAX_HGCM_DATA_SIZE   UINT32_C(0x7FFF)
+ 
+ /**
+  * VMMDev request types.
+--- a/src/VBox/Devices/Graphics/DevVGA_VBVA.cpp
 b/src/VBox/Devices/Graphics/DevVGA_VBVA.cpp
+@@ -613,6 +613,13 @@
+ 
+ if (fShape)
+ {
++ if (pShape->u32Width > 8192 || pShape->u32Height > 8192)
++ {
++ Log(("vbvaMousePointerShape: unsupported size %ux%u\n",
++   pShape->u32Width, pShape->u32Height));
++ return VERR_INVALID_PARAMETER;
++ }
++
+  cbPointerData = pShape->u32Width + 7) / 8) * pShape->u32Height + 
3) & ~3)
+  + pShape->u32Width * 4 * pShape->u32Height;
+ }
+--- a/src/VBox/Devices/VMMDev/VMMDev.cpp
 b/src/VBox/Devices/VMMDev/VMMDev.cpp
+@@ -795,6 +795,20 @@
+ 
+ #endif /* VBOX_WITH_PAGE_SHARING */
+ 
++static int vmmdevVerifyPointerShape(VMMDevReqMousePointer *pReq)
++{
++/* Should be enough for most mouse pointers. */
++if (pReq->width > 8192 || pReq->height > 8192)
++return VERR_INVALID_PARAMETER;
++
++uint32_t cbShape = (pReq->width + 7) / 8 * pReq->height; /* size of the 
AND mask */
++cbShape = ((cbShape + 3) & ~3) + pReq->width * 4 * pReq->height; /* + gap 
+ size of the XOR mask */
++if (RT_UOFFSETOF(VMMDevReqMousePointer, pointerData) + cbShape > 
pReq->header.size)
++return VERR_INVALID_PARAMETER;
++
++return VINF_SUCCESS;
++}
++
+ /**
+  * Port I/O Handler for the generic request interface
+  * @see FNIOMIOPORTOUT for details.
+@@ -1163,6 +1177,10 @@
+ /* forward call to driver */
+ if (fShape)
+ {
++pRequestHeader->rc = 
vmmdevVerifyPointerShape(pointerShape);
++if (RT_FAILURE(pRequestHeader->rc))
++break;
++
+ pThis->pDrv->pfnUpdatePointerShape(pThis->pDrv,
+fVisible,
+fAlpha,
+--- a/src/VBox/Devices/VMMDev/VMMDevHGCM.cpp
 b/src/VBox/Devices/VMMDev/VMMDevHGCM.cpp
+@@ -97,6 +97,9 @@
+  */
+ VBOXHGCMSVCPARM *paHostParms;
+ 
++/* Number of elements in paHostParms */
++uint32_t cHostParms;
++
+ 

Bug#725144: [Pkg-libvirt-maintainers] Bug#725144: libvirt-bin: Please build with apparmor support.

[Felix Geyer]

On 22.01.2014 07:27, Guido Günther wrote:
>> > The postinst, postrm and cron.daily parts of my original patch are also 
>> > desirable.
>> > For example without the postinst changes the profiles are only loaded 
>> > after a reboot.
> The whole setup currently has the problem that it doesn't allow for a
> read only /etc and that it removes files out of /etc/ which can confuse
> users. The generated profiles shouldn't life in /etc but in
> /var/cache/libvirt/apparmor. Once this is moved we can clean the up. Can
> you fix that up (e.g. by a symlink).

virsh also removes the VM definition file from /etc/libvirt/qemu/ so I don't see
how this is different.

libvirt generates 2 AppArmor profile files:
- libvirt-: auto-generated once, then user-modifiable
- libvirt-.files: auto-generated, automatically regenerated

The first one should actually live in /etc, the second one could be moved to 
/var/cache.
I'm not a huge fan of having both files in different directories though.
Jamie, what do you think about this?


> The postinst part is fine but we should move tha aa-status call out of
> the loop. No need to do it several times:
> 
> if aa-status --enabled 2>/dev/null; then
>   
> fi

Ok, will fix that.

Regards,
Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#737952: nmu: gammaray_1.3.0-1

[Felix Geyer]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

gammaray was sitting in NEW for a while so on amd64 it's still
built against Qt 5.2 (depends on libqt5core5 and qtbase-abi-5-1-0).
Please schedule a binNMU for gammaray:

nmu gammaray_1.3.0-1 . amd64 . -m "Rebuild against Qt 5.2."


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#737952: nmu: gammaray_1.3.0-1

[Felix Geyer]

Control: retitle -1 nmu: gammaray_2.0.0-1

On 2014-02-07 08:28, Felix Geyer wrote:

Please schedule a binNMU for gammaray:

nmu gammaray_1.3.0-1 . amd64 . -m "Rebuild against Qt 5.2."


Sorry, obviously 2.0.0-1 should be rebuilt, not 1.3.0-1:

nmu gammaray_2.0.0-1 . amd64 . -m "Rebuild against Qt 5.2."

Felix


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#727146: ITP: dooble -- WebKit based light browser

[Felix Geyer]

Please don't introduce any new browsers that use QtWebkit into the archive.

QtWebkit receives no security support once it's branched from webkit trunk.
The current QtWebkit version in unstable hasn't picked up security fixes
for over 2 years.
Since Qt decided to switch to Blink it's probably going to get even worse.

The description "[...] to create a safe browsing environment" is almost
cynical in this regard.

Cheers,
Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#727757: ITP: ruby-mizuho -- Mizuho documentation formatting tool

[Felix Geyer]

Package: wnpp
Severity: wishlist
Owner: Felix Geyer 

* Package name: ruby-mizuho
  Version : 0.9.19
  Upstream Author : Hongli Lai
* URL : https://github.com/FooBarWidget/mizuho
* License : Expat
  Programming Lang: Ruby
  Description : Mizuho documentation formatting tool

Mizuho is a documentation formatting tool, best suited for small to
medium-sized documentation.
Mizuho converts Asciidoc input files into nicely outputted HTML,
possibly one file per chapter. Multiple templates are supported,
so you can write your own.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#726358: pu: package ruby-passenger/3.0.13debian-1+deb7u1

[Felix Geyer]

On 29.10.2013 21:15, Adam D. Barratt wrote:
> Control: tags -1 + pending
> 
> On Tue, 2013-10-22 at 21:19 +0100, Adam D. Barratt wrote:
>> On Mon, 2013-10-14 at 23:35 +0200, Felix Geyer wrote:
>>> There are two minor security issues in ruby-passenger:
>>> CVE-2013-2119 and CVE-2013-4136: insecure tmp files usage
>>>
>>> I'd like to fix those by backporting four upstream commits,
>>> see the attached debdiff.
> [...]
>> That being said, please go ahead; thanks.
> 
> For the record, the upload happened and I've flagged it for acceptance.

Sorry, forgot to mention that here.

Anyway thanks for reviewing and accepting it.

Cheers,
Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#728585: FTBFS: cp: not writing through dangling symlink

[Felix Geyer]

Source: jenkins-job-builder
Version: 0.5.0-1
Severity: serious
Tags: patch
Justification: fails to build from source

jenkins-job-builder 0.5.0-1 fails to build from source, see the build log below.
The problem seems to be that dh_link is called too early. dh_installdocs/cp then
refuses to overwrite the dangling symlinks.
Note that "dh_link X Y" also processes the links config files.

This patch should fix the problem:

diff -Nru jenkins-job-builder-0.5.0/debian/links 
jenkins-job-builder-0.5.0/debian/links
--- jenkins-job-builder-0.5.0/debian/links  2013-07-28 16:32:22.0 
+0200
+++ jenkins-job-builder-0.5.0/debian/links  2013-11-03 12:50:11.0 
+0100
@@ -5,3 +5,5 @@
 # Overwrite underscore.js from upstream tarball with a link to 
underscore.min.js
 # provided by Underscore Debian package
 /usr/share/javascript/underscore/underscore.min.js 
usr/share/doc/jenkins-job-builder/html/_static/underscore.js
+
+/usr/share/jenkins-job-builder/jenkins-jobs usr/bin/jenkins-jobs
diff -Nru jenkins-job-builder-0.5.0/debian/rules 
jenkins-job-builder-0.5.0/debian/rules
--- jenkins-job-builder-0.5.0/debian/rules  2013-07-28 16:32:22.0 
+0200
+++ jenkins-job-builder-0.5.0/debian/rules  2013-11-03 12:50:05.0 
+0100
@@ -21,7 +21,6 @@
dh_install
mv debian/jenkins-job-builder/usr/bin/jenkins-jobs \
debian/jenkins-job-builder/usr/share/jenkins-job-builder
-   dh_link /usr/share/jenkins-job-builder/jenkins-jobs 
/usr/bin/jenkins-jobs
 
 override_dh_installchangelogs:
dh_installchangelogs ChangeLog


Build log:
   debian/rules override_dh_install
make[1]: Entering directory `/tmp/buildd/jenkins-job-builder-0.5.0'
dh_install
mv debian/jenkins-job-builder/usr/bin/jenkins-jobs \
debian/jenkins-job-builder/usr/share/jenkins-job-builder
dh_link /usr/share/jenkins-job-builder/jenkins-jobs /usr/bin/jenkins-jobs
make[1]: Leaving directory `/tmp/buildd/jenkins-job-builder-0.5.0'
   dh_installdocs
cp: not writing through dangling symlink 
'/tmp/buildd/jenkins-job-builder-0.5.0/debian/jenkins-job-builder/usr/share/doc/jenkins-job-builder/html/_static/jquery.js'
cp: not writing through dangling symlink 
'/tmp/buildd/jenkins-job-builder-0.5.0/debian/jenkins-job-builder/usr/share/doc/jenkins-job-builder/html/_static/underscore.js'
dh_installdocs: cd 'build/docs/html/..' && find 'html' \( -type f -or -type l 
\) -and ! -empty -print0 | xargs -0 -I {} cp --parents -dp {} 
/tmp/buildd/jenkins-job-builder-0.5.0/debian/jenkins-job-builder/usr/share/doc/jenkins-job-builder
 returned exit code 123
make: *** [binary] Error 123
dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2


Regards,
Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#728586: FTBFS: missing build-dependency on dh-autoreconf

[Felix Geyer]

Package: gramadoir
Version: 0.7-1
Severity: serious
Tags: patch
Justification: fails to build from source

gramadoir lacks a build-dependency on dh-autoreconf.

Trivial patch (dh-autoreconf pulls in all the auto* packages it needs):

diff -Nru gramadoir-0.7/debian/control gramadoir-0.7/debian/control
--- gramadoir-0.7/debian/control2013-10-15 11:07:41.0 +0200
+++ gramadoir-0.7/debian/control2013-11-03 13:05:41.0 +0100
@@ -2,7 +2,7 @@
 Section: misc
 Priority: optional
 Maintainer: Alastair McKinstry 
-Build-Depends: debhelper (>= 9), autotools-dev
+Build-Depends: debhelper (>= 9), dh-autoreconf
 Build-Depends-Indep: libstring-approx-perl, liblocale-po-perl
 Homepage: http://borel.slu.edu/gramadoir/index.html
 Standards-Version: 3.9.4


Build log:

dpkg-buildpackage: host architecture amd64
 fakeroot debian/rules clean
dh clean --with autoreconf
dh: unable to load addon autoreconf: Can't locate 
Debian/Debhelper/Sequence/autoreconf.pm in @INC (you may need to install the 
Debian::Debhelper::Sequence::autoreconf module) (@INC contains: /etc/perl 
/usr/local/lib/perl/5.18.1 /usr/local/share/perl/5.18.1 /usr/lib/perl5 
/usr/share/perl5 /usr/lib/perl/5.18 /usr/share/perl/5.18 
/usr/local/lib/site_perl .) at (eval 10) line 2.
BEGIN failed--compilation aborted at (eval 10) line 2.

make: *** [clean] Error 2
dpkg-buildpackage: error: fakeroot debian/rules clean gave error exit status 2


Regards,
Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#728588: FTBFS: test requires internet connectivity

[Felix Geyer]

Package: libnet-https-nb-perl
Version: 0.20-1
Severity: serious
Justification: fails to build from source

This package requires internet connectivity for its test suite
to pass. Package builds must not not rely on external network
connectivity, but should be self-contained.

t/proxy-with-https.t tries to fetch 
https://www.google.co.uk/images/srpr/logo4w.png

Build log:

   dh_auto_test
make[1]: Entering directory `/tmp/buildd/libhttp-async-perl-0.20'
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 
'blib/lib', 'blib/arch')" t/*.t
t/bad-connections.t ... ok
t/bad-headers.t ... ok
t/bad-hosts.t . ok
t/dead-connection.t ... ok
t/headers.t ... ok
t/local-addr.t  skipped: test requires Sys::HostIP to be installed
t/make-url-absolute.t . ok
t/not-modified.t .. ok
t/pod-coverage.t .. ok
t/pod.t ... ok
t/polite.t  ok
t/poll-interval.t . ok

#   Failed test 'check for proxy header 'yes''
#   at t/proxy-with-https.t line 47.
#  got: ''
# expected: 'yes'
# Looks like you failed 1 test of 5.
t/proxy-with-https.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/5 subtests 
t/proxy.t . ok
t/real-servers.t .. skipped: enable these tests by setting REAL_SERVERS
t/redirects.t . ok
t/release-cpan-changes.t .. skipped: install Test::CPAN::Changes to run this 
test
t/setup.t . ok
t/strip-host-from-uri.t ... ok
t/template.t .. skipped: just a template to base other tests on
t/timeout.t ... ok

Test Summary Report
---
t/proxy-with-https.t(Wstat: 256 Tests: 5 Failed: 1)
  Failed test:  5
  Non-zero exit status: 1
Files=21, Tests=163, 37 wallclock secs ( 0.09 usr  0.03 sys +  2.56 cusr  0.44 
csys =  3.12 CPU)
Result: FAIL
Failed 1/21 test programs. 1/163 subtests failed.
make[1]: *** [test_dynamic] Error 255
make[1]: Leaving directory `/tmp/buildd/libhttp-async-perl-0.20'
dh_auto_test: make -j1 test returned exit code 2
make: *** [build] Error 2
dpkg-buildpackage: error: debian/rules build gave error exit status 2


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#728709: cups-browsed: please include AppArmor profile

[Felix Geyer]

Package: cups-browsed
Version: 1.0.34-3
Severity: wishlist
Tags: patch
User: appar...@packages.debian.org
Usertags: new-profile

Hi,

Please include an AppArmor profile for cups-browsed.

Since it's a network daemon that runs as root, it seems like a
good candidate for confining:
https://wiki.debian.org/AppArmor

I have tested it on a Debian unstable system without running into
a single issue.

Attached is a patch that adds this AppArmor support to cups-browsed.
Please consider applying it.

Note that enforcing AppArmor profiles is currently opt-in: applying
the attached does not change anything for users unless they enable
AppArmor system-wide themselves.

Thanks,
Felix
diff -Nru cups-filters-1.0.34/debian/apparmor/usr.sbin.cups-browsed cups-filters-1.0.34/debian/apparmor/usr.sbin.cups-browsed
--- cups-filters-1.0.34/debian/apparmor/usr.sbin.cups-browsed	1970-01-01 01:00:00.0 +0100
+++ cups-filters-1.0.34/debian/apparmor/usr.sbin.cups-browsed	2013-11-04 14:55:02.0 +0100
@@ -0,0 +1,12 @@
+#include 
+
+/usr/sbin/cups-browsed {
+  #include 
+  #include 
+  #include 
+
+  /etc/cups/cups-browsed.conf r,
+
+  # Site-specific additions and overrides. See local/README for details.
+  #include 
+}
diff -Nru cups-filters-1.0.34/debian/control cups-filters-1.0.34/debian/control
--- cups-filters-1.0.34/debian/control	2013-06-09 12:17:29.0 +0200
+++ cups-filters-1.0.34/debian/control	2013-11-04 14:38:41.0 +0100
@@ -13,6 +13,7 @@
  cdbs (>= 0.4.93~),
  debhelper (>= 9~),
  dpkg-dev (>= 1.16.1~),
+ dh-apparmor,
  pkg-config,
  sharutils,
  ghostscript (>= 9.02~),
diff -Nru cups-filters-1.0.34/debian/cups-browsed.install cups-filters-1.0.34/debian/cups-browsed.install
--- cups-filters-1.0.34/debian/cups-browsed.install	2013-06-04 14:56:47.0 +0200
+++ cups-filters-1.0.34/debian/cups-browsed.install	2013-11-04 14:47:20.0 +0100
@@ -1,2 +1,3 @@
 usr/sbin/cups-browsed
 etc/cups/cups-browsed.conf
+../apparmor/usr.sbin.cups-browsed etc/apparmor.d/
diff -Nru cups-filters-1.0.34/debian/rules cups-filters-1.0.34/debian/rules
--- cups-filters-1.0.34/debian/rules	2013-06-04 14:56:47.0 +0200
+++ cups-filters-1.0.34/debian/rules	2013-11-04 14:36:34.0 +0100
@@ -60,3 +60,6 @@
 	# Make the serial backend run as root, since /dev/ttyS* are
 	# root:dialout and thus not accessible as user lp
 	chmod 700 debian/$(cdbs_curpkg)/usr/lib/cups/backend/serial
+
+binary-post-install/cups-browsed::
+	dh_apparmor -pcups-browsed --profile-name=usr.sbin.cups-browsed

Bug#728869: gammaray FTBFS: build failed on post-compile-test on mips/mipsel

[Felix Geyer]

Control: forwarded -1 https://github.com/KDAB/GammaRay/issues/63
Control: severity -1 important

I see you've already forwarded it upstream, so hopefully
it will be fixed soon.
I'm downgrading the severity as gammaray never built on mips*.

Cheers,
Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#728709: cups-browsed: please include AppArmor profile

[Felix Geyer]

Attached is a new version of the profile that adds some rules
so it also works on Ubuntu.

Cheers,
Felix
diff -Nru cups-filters-1.0.34/debian/apparmor/usr.sbin.cups-browsed cups-filters-1.0.34/debian/apparmor/usr.sbin.cups-browsed
--- cups-filters-1.0.34/debian/apparmor/usr.sbin.cups-browsed	1970-01-01 01:00:00.0 +0100
+++ cups-filters-1.0.34/debian/apparmor/usr.sbin.cups-browsed	2013-11-04 14:55:02.0 +0100
@@ -0,0 +1,15 @@
+#include 
+
+/usr/sbin/cups-browsed {
+  #include 
+  #include 
+  #include 
+  #include 
+  #include 
+
+  /etc/cups/cups-browsed.conf r,
+  /{var/,}run/cups/certs/* r,
+
+  # Site-specific additions and overrides. See local/README for details.
+  #include 
+}
diff -Nru cups-filters-1.0.34/debian/control cups-filters-1.0.34/debian/control
--- cups-filters-1.0.34/debian/control	2013-06-09 12:17:29.0 +0200
+++ cups-filters-1.0.34/debian/control	2013-11-04 14:38:41.0 +0100
@@ -13,6 +13,7 @@
  cdbs (>= 0.4.93~),
  debhelper (>= 9~),
  dpkg-dev (>= 1.16.1~),
+ dh-apparmor,
  pkg-config,
  sharutils,
  ghostscript (>= 9.02~),
diff -Nru cups-filters-1.0.34/debian/cups-browsed.install cups-filters-1.0.34/debian/cups-browsed.install
--- cups-filters-1.0.34/debian/cups-browsed.install	2013-06-04 14:56:47.0 +0200
+++ cups-filters-1.0.34/debian/cups-browsed.install	2013-11-04 14:47:20.0 +0100
@@ -1,2 +1,3 @@
 usr/sbin/cups-browsed
 etc/cups/cups-browsed.conf
+../apparmor/usr.sbin.cups-browsed etc/apparmor.d/
diff -Nru cups-filters-1.0.34/debian/rules cups-filters-1.0.34/debian/rules
--- cups-filters-1.0.34/debian/rules	2013-06-04 14:56:47.0 +0200
+++ cups-filters-1.0.34/debian/rules	2013-11-04 14:36:34.0 +0100
@@ -60,3 +60,6 @@
 	# Make the serial backend run as root, since /dev/ttyS* are
 	# root:dialout and thus not accessible as user lp
 	chmod 700 debian/$(cdbs_curpkg)/usr/lib/cups/backend/serial
+
+binary-post-install/cups-browsed::
+	dh_apparmor -pcups-browsed --profile-name=usr.sbin.cups-browsed

Bug#718004: paramiko-doc: fails to upgrade from 'wheezy' - trying to overwrite /usr/share/doc-base/python-paramiko

[Felix Geyer]

Control: tags -1 patch

Proper Breaks/Replaces is missing for paramiko-doc:

diff -Nru paramiko-1.10.1/debian/control paramiko-1.10.1/debian/control
--- paramiko-1.10.1/debian/control2013-05-27 07:07:38.0 +0200
+++ paramiko-1.10.1/debian/control2013-11-22 23:40:37.0 +0100
@@ -17,6 +17,8 @@
 Section: doc
 Architecture: all
 Depends: ${misc:Depends}
+Breaks: python-paramiko (<< 1.10.1-1~)
+Replaces: python-paramiko (<< 1.10.1-1~)
 Description: Make ssh v2 connections with Python (Documentation)
  This is a library for making SSH2 connections (client or server).
  Emphasis is on using SSH2 as an alternative to SSL for making secure


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#729740: debian/copyright appears to list the wrong license

[Felix Geyer]

Control: tags -1 patch

Attached is a patch with copyright file updates.

Cheers,
Felix

diff -Nru ipe-7.1.4/debian/copyright ipe-7.1.4/debian/copyright
--- ipe-7.1.4/debian/copyright	2008-11-07 11:14:17.0 +0100
+++ ipe-7.1.4/debian/copyright	2013-11-23 15:28:03.0 +0100
@@ -4,33 +4,39 @@
 It was downloaded from: http://ipe.compgeom.org/ 
 Current site: http://tclab.kaist.ac.kr/ipe/
 
-Copyright (C) 1993-2007 Otfried Cheong
+Copyright (C) 1993-2013 Otfried Cheong
+Copyright (C) 2003 Kepler Project
 
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2 of the License, or (at
-your option) any later version.
-
-As a special exception, you have permission to link Ipe with the CGAL
-library and distribute executables, as long as you follow the
-requirements of the Gnu General Public License in regard to all of the
-software in the executable aside from CGAL.
-
-This program is distributed in the hope that it will be useful, but
-WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-General Public License for more details.
+Ipe is free software; you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+As a special exception, you have permission to link Ipe with the
+CGAL library and distribute executables, as long as you follow the
+requirements of the Gnu General Public License in regard to all of
+the software in the executable aside from CGAL.
+
+Ipe is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
 
-Version 2 of the GPL may be found in /usr/share/common-licenses/GPL-2
+Version 3 of the GPL may be found in /usr/share/common-licenses/GPL-3
 
 
 
 Ipe uses the Zlib library by Jean-loup Gailly and Mark Adler
 (www.gzip.org/zlib), the Freetype~2 library by David Turner, Robert
 Wilhelm, and Werner Lemberg (www.freetype.org), as well as some code
-from Xpdf by Derek B. Noonburg (www.foolabs.com/xpdf).
+from Xpdf by Derek B. Noonburg (www.foolabs.com/xpdf) and pdfTeX by
+Han The Thanh .
 
 
 
-Xpdf is icensed under the GNU General Public License (GPL), version 2.
+Xpdf is icensed under the GNU General Public License (GPL), version 2 and 3.
 
+
+
+pdfTeX is licensed under the GNU General Public License (GPL) either version 2
+of the License, or (at your option) any later version.

Bug#725511: yorick-gl: FTBFS: No rule to make target `check.i', needed by `check-dll'

[Felix Geyer]

Control: tags -1 patch

yorick-gl doesn't seem to ship unit tests so making dh_auto_test
seems to be a sensible thing to do:

diff -Nru yorick-gl-1.1+cvs20070922+dfsg/debian/rules 
yorick-gl-1.1+cvs20070922+dfsg/debian/rules
--- yorick-gl-1.1+cvs20070922+dfsg/debian/rules2012-06-28 
15:40:38.0 +0200
+++ yorick-gl-1.1+cvs20070922+dfsg/debian/rules2013-11-23 
16:06:36.0 +0100
@@ -20,6 +20,8 @@
 #CFLAGS="$(CFLAGS)" ./configure
 # also make sure yorz.doc is not built (or installed)
 
+override_dh_auto_test:
+# make check fails and upstream doesn't actually ship unit tests
 
 override_dh_auto_clean:
 touch Makegl


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#718139: zeroc-icee-translators: FTBFS: Trying patch debian/patches/10-add-common-flags.patch at level 1 ... 0 ... 2 ... failure.

[Felix Geyer]

Control: tags -1 patch

Make.rules.GNU and Make.rules.GNU_kFreeBSD are just symlinks to
Make.rules.Linux so the patch should only be applied to Make.rules.Linux.
A patch for the patch is attached.

Cheers,
Felix

diff -u zeroc-icee-translators-1.2.0/debian/patches/10-add-common-flags.patch zeroc-icee-translators-1.2.0/debian/patches/10-add-common-flags.patch
--- zeroc-icee-translators-1.2.0/debian/patches/10-add-common-flags.patch
+++ zeroc-icee-translators-1.2.0/debian/patches/10-add-common-flags.patch
@@ -1,27 +1,3 @@
-diff -Nur zeroc-icee-translators-1.2.0/config/Make.rules.GNU zeroc-icee-translators-1.2.0.new/config/Make.rules.GNU
 zeroc-icee-translators-1.2.0/config/Make.rules.GNU	2007-01-15 16:49:09.0 +0100
-+++ zeroc-icee-translators-1.2.0.new/config/Make.rules.GNU	2007-05-16 11:07:44.0 +0200
-@@ -83,7 +83,7 @@
-   lp64suffix	= 64
-endif
- 
--   CXXFLAGS		= $(CXXARCHFLAGS) -ftemplate-depth-128 -Wall -D_REENTRANT
-+   CXXFLAGS		= $(CXXARCHFLAGS) -ftemplate-depth-128 -Wall -D_REENTRANT -DHAVE_ENDIAN_H -DHAVE_LIMITS_H
- 
-ifeq ($(STATICLIBS),)
-   CXXFLAGS		+= -fPIC
-diff -Nur zeroc-icee-translators-1.2.0/config/Make.rules.GNU_kFreeBSD zeroc-icee-translators-1.2.0.new/config/Make.rules.GNU_kFreeBSD
 zeroc-icee-translators-1.2.0/config/Make.rules.GNU_kFreeBSD	2007-01-15 16:49:09.0 +0100
-+++ zeroc-icee-translators-1.2.0.new/config/Make.rules.GNU_kFreeBSD	2007-05-16 11:07:44.0 +0200
-@@ -83,7 +83,7 @@
-   lp64suffix	= 64
-endif
- 
--   CXXFLAGS		= $(CXXARCHFLAGS) -ftemplate-depth-128 -Wall -D_REENTRANT
-+   CXXFLAGS		= $(CXXARCHFLAGS) -ftemplate-depth-128 -Wall -D_REENTRANT -DHAVE_ENDIAN_H -DHAVE_LIMITS_H
- 
-ifeq ($(STATICLIBS),)
-   CXXFLAGS		+= -fPIC
 diff -Nur zeroc-icee-translators-1.2.0/config/Make.rules.Linux zeroc-icee-translators-1.2.0.new/config/Make.rules.Linux
 --- zeroc-icee-translators-1.2.0/config/Make.rules.Linux	2007-01-15 16:49:09.0 +0100
 +++ zeroc-icee-translators-1.2.0.new/config/Make.rules.Linux	2007-05-16 11:07:44.0 +0200

Bug#751766: libsdl2: diff for NMU version 2.0.2+dfsg1-3.1

[Felix Geyer]

Hi,

On 16.06.2014 15:25, Hector Oron wrote:
> Package: libsdl2
> Version: 2.0.2+dfsg1-3
> Severity: important
> Tags: patch pending
> 
> Dear maintainer,
> 
>   I've prepared an NMU for libsdl2 (versioned as 2.0.2+dfsg1-3.1) and
>   I have not uploaded it. Please let me know if you are fine with it.
> 
>   The patch drops tslib dependency as it is planned to be removed (or 
> deprecated).

No need for an NMU. I've prepared an upload which includes your patch.

Cheers,
Felix



signature.asc
Description: OpenPGP digital signature

Bug#751853: polkit-kde-1: polkit-kde broken: bad exec path

[Felix Geyer]

Hi,

> When launching polkit auth in KDE, it fails in logs with:
> /usr/lib/polkit-1/polkit-agent-helper-1 no such file or directory
>
> ln -s /usr/lib/policykit-1 /usr/lib/polkit-1 fix the issue.
>
> polkit-kde-1 should use policykit-1 as agent path.

Are you maybe using some libpolkit* package from experimental?
In experimental the path changed from /usr/lib/policykit-1 to /usr/lib/polkit-1.
So your problem sounds a lot like a half-upgraded policykit.

Otherwise please provide instructions on how to reproduce this.

Cheers,
Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#742994: Non-free images in warmux data package (superman logo)

[Felix Geyer]

On 29.03.2014 21:39, Grant H. wrote:
> Package: warmux-data
> Version: 1:11.04.1+repack-5
> Severity: serious
> 
> See:
> * https://bugzilla.redhat.com/show_bug.cgi?id=1071866
> * https://trisquel.info/en/issues/11228
> * http://www.dccomics.com/copyright
> * http://www.dccomics.com/terms-of-use
> 
> The superman logo is copyrighted and not available for redistribution.
> These files are located in
> 
> warmux-11.04/data/weapon/supertux/superman.png
> warmux-11.04/data/weapon/supertux/supertux_ico.png
> warmux-11.04/data/weapon/supertux/supertux.png

If no one else has a better idea I'll just remove the "S" from those images
and repackage the orig tarball.

Cheers,
Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#741602: virtualbox: CVE-2014-0981 CVE-2014-0982 CVE-2014-0983

[Felix Geyer]

Hi Moritz,

On 14.03.2014 13:11, Moritz Muehlenhoff wrote:
> Package: virtualbox
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> Hi,
> please see 
> http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities

Attached are tested debdiffs for squeeze- and wheezy-security.
Please let me know if I can upload them to security-master.

Cheers,
Felix
diff -u virtualbox-ose-3.2.10-dfsg/debian/changelog 
virtualbox-ose-3.2.10-dfsg/debian/changelog
--- virtualbox-ose-3.2.10-dfsg/debian/changelog
+++ virtualbox-ose-3.2.10-dfsg/debian/changelog
@@ -1,3 +1,12 @@
+virtualbox-ose (3.2.10-dfsg-1+squeeze3) squeeze-security; urgency=high
+
+  * Fix memory corruption vulnerabilities in 3D acceleration. (Closes: #741602)
+- CVE-2014-0981, CVE-2014-0983
+- Backport fixes from version 3.2.22 in debian/patches/CVE-2014-0981.patch
+  and debian/patches/CVE-2014-0983.patch
+
+ -- Felix Geyer   Mon, 14 Apr 2014 11:33:29 +0200
+
 virtualbox-ose (3.2.10-dfsg-1+squeeze2) squeeze-security; urgency=high
 
   * Apply fixes from the January 2014 security advisory. (Closes: #735410)
diff -u virtualbox-ose-3.2.10-dfsg/debian/patches/series 
virtualbox-ose-3.2.10-dfsg/debian/patches/series
--- virtualbox-ose-3.2.10-dfsg/debian/patches/series
+++ virtualbox-ose-3.2.10-dfsg/debian/patches/series
@@ -14,0 +15,2 @@
+CVE-2014-0981.patch
+CVE-2014-0983.patch
only in patch2:
unchanged:
--- virtualbox-ose-3.2.10-dfsg.orig/debian/patches/CVE-2014-0981.patch
+++ virtualbox-ose-3.2.10-dfsg/debian/patches/CVE-2014-0981.patch
@@ -0,0 +1,52 @@
+--- a/src/VBox/GuestHost/OpenGL/util/net.c
 b/src/VBox/GuestHost/OpenGL/util/net.c
+@@ -956,7 +956,7 @@
+ conn->InstantReclaim( conn, (CRMessage *) msg );
+ }
+ 
+-
++#ifdef IN_GUEST
+ /**
+  * Called by the main receive function when we get a CR_MESSAGE_WRITEBACK
+  * message.  Writeback is used to implement glGet*() functions.
+@@ -989,7 +989,7 @@
+ (*writeback)--;
+ crMemcpy( dest_ptr, ((char *)rb) + sizeof(*rb), payload_len );
+ }
+-
++#endif
+ 
+ /**
+  * This is used by the SPUs that do packing (such as Pack, Tilesort and
+@@ -1067,13 +1067,21 @@
+ }
+ break;
+ case CR_MESSAGE_READ_PIXELS:
+-crError( "Can't handle read pixels" );
++crWarning( "Can't handle read pixels" );
+ return;
+ case CR_MESSAGE_WRITEBACK:
++#ifdef IN_GUEST
+ crNetRecvWriteback( &(pRealMsg->writeback) );
++#else
++crWarning("CR_MESSAGE_WRITEBACK not expected\n");
++#endif
+ return;
+ case CR_MESSAGE_READBACK:
++#ifdef IN_GUEST
+ crNetRecvReadback( &(pRealMsg->readback), len );
++#else
++crWarning("CR_MESSAGE_READBACK not expected\n");
++#endif
+ return;
+ case CR_MESSAGE_CRUT:
+ /* nothing */
+@@ -1091,7 +1099,7 @@
+ {
+ char string[128];
+ crBytesToString( string, sizeof(string), msg, len );
+-crError("crNetDefaultRecv: received a bad message: type=%d 
buf=[%s]\n"
++crWarning("crNetDefaultRecv: received a bad message: type=%d 
buf=[%s]\n"
+ "Did you add a new message type and forget to 
tell "
+ "crNetDefaultRecv() about it?\n",
+ msg->header.type, string );
only in patch2:
unchanged:
--- virtualbox-ose-3.2.10-dfsg.orig/debian/patches/CVE-2014-0983.patch
+++ virtualbox-ose-3.2.10-dfsg/debian/patches/CVE-2014-0983.patch
@@ -0,0 +1,69 @@
+--- a/src/VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py
 b/src/VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py
+@@ -46,6 +46,7 @@
+ for func_name in keys:
+ current = 0
+ array = ""
++condition = ""
+ m = re.search( r"^(Color|Normal)([1234])(ub|b|us|s|ui|i|f|d)$", func_name 
)
+ if m :
+ current = 1
+@@ -68,6 +69,7 @@
+ name = "texCoord"
+ type = m.group(3) + m.group(2)
+ array = "[texture-GL_TEXTURE0_ARB]"
++condition = "if (texture >= GL_TEXTURE0_ARB && texture < 
GL_TEXTURE0_ARB + CR_MAX_TEXTURE_UNITS)"
+ m = re.match( r"^(Index)(ub|b|us|s|ui|i|f|d)$", func_name )
+ if m :
+ current = 1
+@@ -91,18 +93,23 @@
+ name = string.lower( m.group(1)[:1] ) + m.group(1)[1:]
+ type = m.group(3) + m.group(2)
+ array = "[index]"
++condition = "if (index < CR_MAX_VERTEX_ATTRIBS)"
+ if func_name == "VertexAttrib4NubARB":
+ current = 1
+ name = "vertexAttrib"
+ type = "ub4"
+ array = "[index]"
++co

Bug#744922: check_packages: check for security updates broken

[Felix Geyer]

Package: nagios-plugins-contrib
Version: 9.20140106
Tags: patch

check_packages incorrectly determines whether a security update is available
in the following cases:

1)
libxml2:
  Installed: 2.8.0+dfsg1-7+nmu2
  Candidate: 2.8.0+dfsg1-7+nmu3
  Version table:
 2.8.0+dfsg1-7+nmu3 0
500 http://ftp.fr.debian.org/debian/ wheezy-proposed-updates/main amd64 
Packages
 *** 2.8.0+dfsg1-7+nmu2 0
500 http://ftp.fr.debian.org/debian/ wheezy/main amd64 Packages
500 http://security.debian.org/ wheezy/updates/main amd64 Packages
100 /var/lib/dpkg/status

check_packages thinks there is a security update because it sees the security 
line
without checking if that is actually part of the update.
$candidate_found is set to 1 after the "2.8.0+dfsg1-7+nmu3 0" line and never 
reset to 0.

2)
[this apt-cache policy output is faked]
libxml2:
  Installed: 2.8.0+dfsg1-7+nmu2
  Candidate: 2.8.0+dfsg1-7+nmu4
  Version table:
 2.8.0+dfsg1-7+nmu4 0
500 http://ftp.fr.debian.org/debian/ wheezy-updates/main amd64 Packages
 2.8.0+dfsg1-7+nmu3 0
500 http://security.debian.org/ wheezy/updates/main amd64 Packages
 *** 2.8.0+dfsg1-7+nmu2 0
500 http://ftp.fr.debian.org/debian/ wheezy/main amd64 Packages
100 /var/lib/dpkg/status

Here it fails to notice the security update. $candidate_found is set to 0 after
the "2.8.0+dfsg1-7+nmu3 0" line so it fails to notice that a previous unapplied 
update
fixed a security issue.

The attached updated security_updates_critical patch fixes this by resetting
$candidate_found only when parsing a different package from the apt-cache 
output or
when parsing the installed version.

Cheers,
Felix
--- a/dsa/checks/dsa-check-packages
+++ b/dsa/checks/dsa-check-packages
@@ -94,6 +94,7 @@ sub get_packages {
 	chomp(@lines);
 
 	my $pkgname = undef;
+my $candidate_found = 0;
 	while (defined($line = shift @lines)) {
 		if ($line =~ /^([^ ]*):$/) {
 			# when we have multi-arch capable fu, we require that
@@ -115,6 +116,7 @@ sub get_packages {
 			# For squeeze systems (no m-a), apt-cache policy output
 			# is all different.
 			$pkgname = $1;
+			$candidate_found = 0;
 			if ($has_arch) {
 my $from_list = shift @installed_packages;
 next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
@@ -132,12 +133,22 @@ sub get_packages {
 		} elsif ($line =~ /^ +Installed: (.*)$/) {
 			# etch dpkg -l does not print epochs, so use this info, it's better
 			$installed->{$pkgname}{'installed'} = $1;
+# initialize security-update
+$installed->{$pkgname}{'security-update'} = 0;
 		} elsif ($line =~ /^ +Candidate: (.*)$/) {
 			$installed->{$pkgname}{'candidate'} = $1;
+} elsif ($line =~ / ([^ ]+) [0-9]+/) {
+# check if the next lines show the sources of our candidate
+if ($1 eq $installed->{$pkgname}{'candidate'}) {
+$candidate_found = 1;
+}
+} elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
+$installed->{$pkgname}{'security-update'} = 1;
 		} elsif ($line =~ /^ +\*\*\*/) {
 			$line = shift @lines;
 			my @l = split(/ +/, $line);
 			$installed->{$pkgname}{'origin'} = $l[2];
+			$candidate_found = 0;
 		}
 	}
 
@@ -141,7 +153,7 @@ sub get_packages {
 		}
 	}
 
-	my (%current, %obsolete, %outofdate);
+	my (%current, %obsolete, %outofdate, %security_outofdate);
 	for my $pkgname (keys %$installed) {
 		my $pkg = $installed->{$pkgname};
 
@@ -151,7 +163,11 @@ sub get_packages {
 		}
 
 		if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
-			$outofdate{$pkgname} = $pkg;
+			if ($pkg->{'security-update'}) {
+$security_outofdate{$pkgname} = $pkg;
+			} else {
+$outofdate{$pkgname} = $pkg;
+			}
 			next;
 		};
 		if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
@@ -163,6 +179,7 @@ sub get_packages {
 
 	$pkgs{'current'} = \%current;
 	$pkgs{'outofdate'} = \%outofdate;
+	$pkgs{'security_outofdate'} = \%security_outofdate;
 	$pkgs{'obsolete'} = \%obsolete;
 	return \%pkgs;
 }
@@ -298,6 +315,12 @@ my @reportform = (
 	  'short' => "%d pc",
 	  'perf' => "prg_conf=%d;1;;0",
 	  'status' => 'WARNING' },
+	{ 'key' => 'security_outofdate',
+	  'listpackages' => 1,
+	  'long' => "%d packages with outstanding security updates: %s",
+	  'short' => "%d security-updates",
+	  'perf' => "security_outdated=%d;;1;0",
+	  'status' => 'CRITICAL' },
 	);
 
 my @longout;

Bug#741080: libclamunrar: Please enable hardened build flags

[Felix Geyer]

Source: libclamunrar
Version: 0.96.4-1
Severity: normal
Tags: patch
User: hardening-disc...@lists.alioth.debian.org
Usertags: goal-hardening

Hi,

Please consider applying the attached patch that enables the default
set of hardening buildflags.

It would also be nice to enable verbose build logs so you can see
which flags are actually passed to the compiler/linker.
Passing V=1 to make does that.

Cheers,
Felix
diff -u libclamunrar-0.96.4/debian/rules libclamunrar-0.96.4/debian/rules
--- libclamunrar-0.96.4/debian/rules
+++ libclamunrar-0.96.4/debian/rules
@@ -42,7 +42,8 @@
 	cp -f /usr/share/misc/config.guess config.guess
 endif
 	chmod a+x configure
-	./configure $(CROSS) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info CFLAGS="$(CFLAGS)" LDFLAGS="-Wl,-z,defs" --disable-clamav
+	./configure $(CROSS) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --disable-clamav \
+	  $(shell DEB_LDFLAGS_MAINT_APPEND="-Wl,-z,defs" dpkg-buildflags --export=configure)
 
 
 build: build-stamp

Bug#741118: wheezy-pu: package ruby-passenger/3.0.13debian-1+deb7u2

[Felix Geyer]

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian@packages.debian.org
Usertags: pu

Hi,

There is another minor security issue in ruby-passenger concerning
insecure usage of temp files.
CVE-2014-1831 and CVE-2014-1832 have been assigned for this issue.

I'd like to fix those by backporting the relevant upstream commits,
see the attached debdiff.

Cheers,
Felix
diff -Nru ruby-passenger-3.0.13debian/debian/changelog ruby-passenger-3.0.13debian/debian/changelog
--- ruby-passenger-3.0.13debian/debian/changelog	2013-10-14 22:43:12.0 +0200
+++ ruby-passenger-3.0.13debian/debian/changelog	2014-03-08 19:43:55.0 +0100
@@ -1,3 +1,11 @@
+ruby-passenger (3.0.13debian-1+deb7u2) wheezy; urgency=medium
+
+  * Fix CVE-2014-1831 and CVE-2014-1832: insecure use of /tmp.
+(Closes: #736958)
+- Backport upstream commits in CVE-2014-1831.patch and CVE-2014-1832.patch
+
+ -- Felix Geyer   Sat, 08 Mar 2014 19:42:03 +0100
+
 ruby-passenger (3.0.13debian-1+deb7u1) wheezy; urgency=low
 
   * Fix CVE-2013-2119 and CVE-2013-4136: insecure tmp files usage.
diff -Nru ruby-passenger-3.0.13debian/debian/patches/CVE-2014-1831.patch ruby-passenger-3.0.13debian/debian/patches/CVE-2014-1831.patch
--- ruby-passenger-3.0.13debian/debian/patches/CVE-2014-1831.patch	1970-01-01 01:00:00.0 +0100
+++ ruby-passenger-3.0.13debian/debian/patches/CVE-2014-1831.patch	2014-03-08 19:41:41.0 +0100
@@ -0,0 +1,100 @@
+From 34b1087870c2bf85ebfd72c30b78577e10ab9744 Mon Sep 17 00:00:00 2001
+From: "Hongli Lai (Phusion)" 
+Date: Tue, 28 Jan 2014 19:17:39 +0100
+Subject: [PATCH] Fix low-urgency security vulnerability: writing files to
+ arbitrary directory by hijacking temp directories.
+
+---
+ ext/common/ServerInstanceDir.h |  2 +-
+ ext/common/Utils.cpp   | 29 +
+ ext/common/Utils.h |  8 +++-
+ 4 files changed, 67 insertions(+), 2 deletions(-)
+
+diff --git a/ext/common/ServerInstanceDir.h b/ext/common/ServerInstanceDir.h
+index 136437a..8da3cf3 100644
+--- a/ext/common/ServerInstanceDir.h
 b/ext/common/ServerInstanceDir.h
+@@ -213,7 +213,7 @@ class ServerInstanceDir: public noncopyable {
+ 		 * generations no matter what user they're running as.
+ 		 */
+ 		if (owner) {
+-			switch (getFileType(path)) {
++			switch (getFileTypeNoFollowSymlinks(path)) {
+ 			case FT_NONEXISTANT:
+ createDirectory(path);
+ break;
+diff --git a/ext/common/Utils.cpp b/ext/common/Utils.cpp
+index 1f3dec5..d1db8d6 100644
+--- a/ext/common/Utils.cpp
 b/ext/common/Utils.cpp
+@@ -143,6 +143,35 @@
+ 	}
+ }
+ 
++FileType
++getFileTypeNoFollowSymlinks(const StaticString &filename) {
++	struct stat buf;
++	int ret;
++	
++	ret = lstat(filename.c_str(), &buf);
++	if (ret == 0) {
++		if (S_ISREG(buf.st_mode)) {
++			return FT_REGULAR;
++		} else if (S_ISDIR(buf.st_mode)) {
++			return FT_DIRECTORY;
++		} else if (S_ISLNK(buf.st_mode)) {
++			return FT_SYMLINK;
++		} else {
++			return FT_OTHER;
++		}
++	} else {
++		if (errno == ENOENT) {
++			return FT_NONEXISTANT;
++		} else {
++			int e = errno;
++			string message("Cannot lstat '");
++			message.append(filename);
++			message.append("'");
++			throw FileSystemException(message, e, filename);
++		}
++	}
++}
++
+ void
+ createFile(const string &filename, const StaticString &contents, mode_t permissions, uid_t owner,
+ 	gid_t group, bool overwrite)
+diff --git a/ext/common/Utils.h b/ext/common/Utils.h
+index 41e6214..5cfaf92 100644
+--- a/ext/common/Utils.h
 b/ext/common/Utils.h
+@@ -65,6 +65,8 @@
+ 	FT_REGULAR,
+ 	/** A directory. */
+ 	FT_DIRECTORY,
++	/** A symlink. Only returned by getFileTypeNoFollowSymlinks(), not by getFileType(). */
++	FT_SYMLINK,
+ 	/** Something else, e.g. a pipe or a socket. */
+ 	FT_OTHER
+ } FileType;
+@@ -110,7 +112,7 @@ bool fileExists(const StaticString &filename, CachedFileStat *cstat = 0,
+ /**
+  * Check whether 'filename' exists and what kind of file it is.
+  *
+- * @param filename The filename to check.
++ * @param filename The filename to check. It MUST be NULL-terminated.
+  * @param mstat A CachedFileStat object, if you want to use cached statting.
+  * @param throttleRate A throttle rate for cstat. Only applicable if cstat is not NULL.
+  * @return The file type.
+@@ -121,6 +123,10 @@ bool fileExists(const StaticString &filename, CachedFileStat *cstat = 0,
+  */
+ FileType getFileType(const StaticString &filename, CachedFileStat *cstat = 0,
+  unsigned int throttleRate = 0);
++/**
++ * Like getFileType(), but does not follow symlinks.
++ */
++FileType getFileTypeNoFollowSymlinks(const StaticString &filename);
+ 
+ /**
+  * Create the given file with the given contents, permissions and ownership.
+-- 
+1.8.5.5
diff -Nru ruby-passenger-3.0.13debian/debian/patches/CVE-2014-1832.patch ruby-passenger-3.0.13debian/debian/patches/CVE-2014-18

Bug#735410: Information on recent VBox CVEs

[Felix Geyer]

Hi,

On 09.02.2014 02:04, Moritz Mühlenhoff wrote:
> On Sun, Feb 09, 2014 at 01:14:08AM +1300, Matthew Daley wrote:
>> Hi,
>>
>> I've recently released some more detailed information on these CVEs
>> that can hopefully help out; see
>> .
> 
> Saw that, thanks for following up in the bug log.
> 
> Felix, given that the scope is actually broader than local DoS
> we should handle this via -security.

I finally got around to test the fixed packages for squeeze and wheezy.
Sorry it took so long ...

The debdiffs I posted to this bug work fine.
>From my perspective they can be pushed to the security archive.
Please let me know if you want me to upload them.

Cheers,
Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#741587: wheezy-pu: package quassel/0.8.0-1+deb7u1

[Felix Geyer]

On 01.04.2014 22:44, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Fri, 2014-03-14 at 08:28 +0100, Felix Geyer wrote:
>> The quassel package in wheezy is affected by CVE-2013-6404:
>> clients can access backlogs belonging to other users.
>>
>> The security team has classified it as a minor security issues
>> so I would like to fix it through a stable update.
>>
>> See the attached debdiff that contains a backport of the
>> upstream fix.
> 
> Please go ahead; thanks.

Thanks, I've uploaded the package.

Cheers,
Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#748910: CVE-2014-0240: Possibility of local privilege escalation when using daemon, mode

[Felix Geyer]

On 2014-05-22 09:57, Eric Sesterhenn wrote:

Package: libapache2-mod-wsgi
Version: 3.3-4
Severity: critical
Tags: security
Justification: root security hole

Dear Maintainer,

as far as I can tell, CVE-2014-0240 affects the stable package of
mod-wsgi. The
patch provided by the mod-wsgi team applies wih fuzzing to the source
shipped
by debian. If a kernel >= 2.6.0 and < 3.1.0 is installed, this issue 
might

allow local privilege escalation


I'll upload fixed packages for squeeze and wheezy later today.

Cheers,
Felix


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#748948: RM: blobby [armel] -- ROM; requires std::future

[Felix Geyer]

Package: ftp.debian.org
Severity: normal

Hi,

Starting with version 1.0 blobby uses std::future which is not supported on 
armel [0].
Please remove the blobby binary from armel so the package can migrate to 
testing.

Thanks,
Felix

[0] https://lists.debian.org/debian-arm/2013/12/msg0.html



signature.asc
Description: OpenPGP digital signature

Bug#749019: vnstati: vnstat Fails to create backup database .eth0

[Felix Geyer]

On 2014-05-23 03:57, Adam Brenner wrote:

Package: vnstati
Version: 1.11-2
Severity: important

Howdy,

Upon installing vnstat using the following command:

  $ apt-get install vnstati

the vnstat daemon is able to create its own database for each 
interface.

However, when trying to update its own database, it attempts to create
a backup database '.eth0' for example. It is unable to.

The error in syslog shows:

  vnstatd[12464]: Error: Unable create database backup 
"/var/lib/vnstat/.eth0".
  vnstatd[12464]: Error: Unable to write database, continuing with 
cached data.

  vnstatd[12464]: Database write possible again.

Running the following command has resolved the issue. I was able to
reproduce this issue on two machines running the same version of jess.

The fix for me was the following command

  $ touch /var/lib/vnstat/.eth0
  $ chown -R vnstat:vnstat /var/lib/vnstat/.eth0


I don't see a reason why vnstat would be able to create 
/var/lib/vnstat/eth0 but not .eth0.


When did the error occur? Right after the installation of vnstat?

What's the output of:
stat /var/lib/vnstat/ /var/lib/vnstat/*

Regards,
Felix


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#749406: ansible: Please run unit tests

[Felix Geyer]

Source: ansible
Version: 1.6.1+dfsg-1
Severity: wishlist
Tags: patch

Please run the upstream unit tests during the build.
A patch is attached.

Thanks,
Felix
diff -Nru ansible-1.6.1+dfsg/debian/control ansible-1.6.1+dfsg/debian/control
--- ansible-1.6.1+dfsg/debian/control	2014-05-16 09:02:27.0 +0200
+++ ansible-1.6.1+dfsg/debian/control	2014-05-26 21:22:31.0 +0200
@@ -5,7 +5,8 @@
 Uploaders: Michael Vogt ,
  Harlan Lieberman-Berg 
 Build-Depends: debhelper (>= 9), python-all, python-crypto, 
- python-setuptools, python-sphinx, python-yaml, asciidoc
+ python-setuptools, python-sphinx, python-yaml, asciidoc,
+ python-nose, python-passlib
 Standards-Version: 3.9.5
 Homepage: http://ansible.com
 Vcs-Git: git://anonscm.debian.org/collab-maint/ansible.git
diff -Nru ansible-1.6.1+dfsg/debian/rules ansible-1.6.1+dfsg/debian/rules
--- ansible-1.6.1+dfsg/debian/rules	2014-05-16 09:02:27.0 +0200
+++ ansible-1.6.1+dfsg/debian/rules	2014-05-26 21:22:44.0 +0200
@@ -19,6 +19,9 @@
 	# man pages for the "man3" section
 	make docs
 
+override_dh_auto_test:
+	make tests
+
 override_dh_auto_clean:
 	# sphinx auto-build stuff
 	rm -rf html docs/man/man3/*.3

Bug#717364: ninja-build: diff for NMU version 1.3.4-1.2

[Felix Geyer]

tags 717364 + pending
thanks

Dear maintainer,

Upstream has accepted Stevens patch.

I've prepared an NMU for ninja-build (versioned as 1.3.4-1.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Felix
diff -Nru ninja-build-1.3.4/debian/changelog ninja-build-1.3.4/debian/changelog
--- ninja-build-1.3.4/debian/changelog	2013-07-18 10:09:58.0 +0200
+++ ninja-build-1.3.4/debian/changelog	2014-05-31 10:02:40.0 +0200
@@ -1,3 +1,11 @@
+ninja-build (1.3.4-1.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add gnukfreebsd.patch to fix platform detection on gnukfreebsd 9 and later.
+Thanks to Steven Chamberlain for the patch. (Closes: #717364)
+
+ -- Felix Geyer   Sat, 31 May 2014 10:01:37 +0200
+
 ninja-build (1.3.4-1.1) unstable; urgency=low
 
   * Non-maintainer upload.
diff -Nru ninja-build-1.3.4/debian/patches/gnukfreebsd.patch ninja-build-1.3.4/debian/patches/gnukfreebsd.patch
--- ninja-build-1.3.4/debian/patches/gnukfreebsd.patch	1970-01-01 01:00:00.0 +0100
+++ ninja-build-1.3.4/debian/patches/gnukfreebsd.patch	2014-05-31 10:02:48.0 +0200
@@ -0,0 +1,24 @@
+Description: Fix platform detection on Debian gnukfreebsd >= 9.
+Author: Steven Chamberlain 
+Forwarded: https://github.com/martine/ninja/pull/770
+
+--- a/platform_helper.py
 b/platform_helper.py
+@@ -19,7 +19,7 @@
+ 
+ def platforms():
+ return ['linux', 'darwin', 'freebsd', 'openbsd', 'solaris', 'sunos5',
+-'mingw', 'msvc', 'gnukfreebsd8']
++'mingw', 'msvc', 'gnukfreebsd']
+ 
+ class Platform( object ):
+ def __init__( self, platform):
+@@ -31,7 +31,7 @@
+ self._platform = 'linux'
+ elif self._platform.startswith('freebsd'):
+ self._platform = 'freebsd'
+-elif self._platform.startswith('gnukfreebsd8'):
++elif self._platform.startswith('gnukfreebsd'):
+ self._platform = 'freebsd'
+ elif self._platform.startswith('openbsd'):
+ self._platform = 'openbsd'
diff -Nru ninja-build-1.3.4/debian/patches/series ninja-build-1.3.4/debian/patches/series
--- ninja-build-1.3.4/debian/patches/series	2013-07-01 01:25:05.0 +0200
+++ ninja-build-1.3.4/debian/patches/series	2014-05-31 10:02:59.0 +0200
@@ -1,3 +1,4 @@
 00bootstrap.patch
 01configure.patch
 asciidoc.patch
+gnukfreebsd.patch

Bug#750131: SDL2_gfx: patch for pkg-config support

[Felix Geyer]

Hi,

On 2014-06-02 01:01, Andreas Schiffler wrote:

Thanks - added:
http://sourceforge.net/p/sdl2gfx/code/15/

On 6/1/2014 1:54 PM, b...@debian.org wrote:

Hi Andreas,

Here's a patch to add pkg-config support in SDL2_gfx, that is add a
SDL2_gfx.pc on install.  It's mostly a merge being the old one in
SDL_gfx and the new ones in SDL_Mixer & cie.

It is useful for people who use PKG_CHECK_MODULES in their autoconf.
Would you consider including it in SDL2_gfx?

I'm submitting it to Debian too.


We shouldn't apply this as a patch in the Debian package. Otherwise 
projects will start to rely on it but it's not available in other 
distros.


So I'd prefer to wait until upstream releases a new version with the 
pkg-config file.


Cheers,
Felix


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#741118: wheezy-pu: package ruby-passenger/3.0.13debian-1+deb7u2

[Felix Geyer]

On 11.03.2014 23:16, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sat, 2014-03-08 at 20:25 +0100, Felix Geyer wrote:
>> There is another minor security issue in ruby-passenger concerning
>> insecure usage of temp files.
>> CVE-2014-1831 and CVE-2014-1832 have been assigned for this issue.
>>
>> I'd like to fix those by backporting the relevant upstream commits,
>> see the attached debdiff.
> 
> Please go ahead; thanks.

Thanks, I've uploaded the package.

Cheers,
Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#741587: wheezy-pu: package quassel/0.8.0-1+deb7u1

[Felix Geyer]

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian@packages.debian.org
Usertags: pu

Hi,

The quassel package in wheezy is affected by CVE-2013-6404:
clients can access backlogs belonging to other users.

The security team has classified it as a minor security issues
so I would like to fix it through a stable update.

See the attached debdiff that contains a backport of the
upstream fix.

Cheers,
Felix
diff -Nru quassel-0.8.0/debian/changelog quassel-0.8.0/debian/changelog
--- quassel-0.8.0/debian/changelog	2012-04-25 01:02:03.0 +0200
+++ quassel-0.8.0/debian/changelog	2014-03-09 13:42:01.0 +0100
@@ -1,3 +1,10 @@
+quassel (0.8.0-1+deb7u1) wheezy; urgency=medium
+
+  * Fix CVE-2013-6404: clients can access backlogs belonging to other users
+- Backport upstream commit in CVE-2013-6404.patch
+
+ -- Felix Geyer   Sun, 09 Mar 2014 13:41:50 +0100
+
 quassel (0.8.0-1) unstable; urgency=low
 
   * New upstream release
diff -Nru quassel-0.8.0/debian/patches/CVE-2013-6404.patch quassel-0.8.0/debian/patches/CVE-2013-6404.patch
--- quassel-0.8.0/debian/patches/CVE-2013-6404.patch	1970-01-01 01:00:00.0 +0100
+++ quassel-0.8.0/debian/patches/CVE-2013-6404.patch	2014-03-09 13:41:48.0 +0100
@@ -0,0 +1,49 @@
+From a1a24daa615a4e0679546c8a7a673720d0dcc60f Mon Sep 17 00:00:00 2001
+From: Marcus Eggenberger 
+Date: Sun, 24 Nov 2013 17:03:34 +0100
+Subject: [PATCH] Make sure that clients can't access buffers belonging to
+ other users
+
+A manipulated, but properly authenticated client was able to retrieve
+the backlog of other users on the same core in some cases by providing
+an appropriate BufferID to the storage engine. Note that proper
+authentication was still required, so exploiting this requires
+malicious users on your core. This commit fixes this issue by ensuring
+that foreign BufferIDs are off-limits.
+---
+ src/core/SQL/PostgreSQL/16/select_buffer_by_id.sql | 2 +-
+ src/core/SQL/PostgreSQL/16/update_network.sql  | 3 ++-
+ src/core/SQL/SQLite/17/select_buffer_by_id.sql | 2 +-
+ 3 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/core/SQL/PostgreSQL/16/select_buffer_by_id.sql b/src/core/SQL/PostgreSQL/16/select_buffer_by_id.sql
+index 09f202e..cccfa7c 100644
+--- a/src/core/SQL/PostgreSQL/16/select_buffer_by_id.sql
 b/src/core/SQL/PostgreSQL/16/select_buffer_by_id.sql
+@@ -1,3 +1,3 @@
+ SELECT bufferid, networkid, buffertype, groupid, buffername
+ FROM buffer
+-WHERE bufferid = :bufferid
++WHERE userid = :userid AND bufferid = :bufferid
+diff --git a/src/core/SQL/PostgreSQL/16/update_network.sql b/src/core/SQL/PostgreSQL/16/update_network.sql
+index a000f61..d2dea84 100644
+--- a/src/core/SQL/PostgreSQL/16/update_network.sql
 b/src/core/SQL/PostgreSQL/16/update_network.sql
+@@ -17,4 +17,5 @@ rejoinchannels = :rejoinchannels,
+ usesasl = :usesasl,
+ saslaccount = :saslaccount,
+ saslpassword = :saslpassword
+-WHERE networkid = :networkid
++WHERE userid = :userid AND networkid = :networkid
++
+diff --git a/src/core/SQL/SQLite/17/select_buffer_by_id.sql b/src/core/SQL/SQLite/17/select_buffer_by_id.sql
+index 09f202e..6bd35f0 100644
+--- a/src/core/SQL/SQLite/17/select_buffer_by_id.sql
 b/src/core/SQL/SQLite/17/select_buffer_by_id.sql
+@@ -1,3 +1,3 @@
+ SELECT bufferid, networkid, buffertype, groupid, buffername
+ FROM buffer
+-WHERE bufferid = :bufferid
++WHERE bufferid = :bufferid AND userid = :userid
+-- 
+1.8.5.1
diff -Nru quassel-0.8.0/debian/patches/series quassel-0.8.0/debian/patches/series
--- quassel-0.8.0/debian/patches/series	2012-04-25 00:18:37.0 +0200
+++ quassel-0.8.0/debian/patches/series	2014-03-09 13:41:48.0 +0100
@@ -1,2 +1,3 @@
 01_default_network_channel.patch
+CVE-2013-6404.patch
 

Bug#697892: src:virtualbox: FTBFS in sid and experimental: /usr/bin/mk_sed: file /tmp/buildd/virtualbox-4.1.8-dfsg/src/VBox/Runtime/common/err/errmsg.sed line 31: Unmatched [ or [^

[Felix Geyer]

On 14.01.2013 15:27, James McCoy wrote:
> The kbuild NMU, which migrated on Jan. 12th, seems to have exposed a bug
> in kmk_sed which is affecting the virtualbox build.  I've tried
> rebuilding kbuild with Wheezy's gcc-4.6, since upstream indicates this
> is a gcc-4.7-specific problem, but that didn't make a difference.
>
> Reassigning to kbuild.

I just did a rebuild of kbuild with the hardcoded "-O3" flag removed.
This seems to fix the virtualbox FTBFS but I need to do some more tests.

Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#698292: Attachments for 698292

[Felix Geyer]

On 16.01.2013 19:50, John Paul Adrian Glaubitz wrote:
> Forgot the attachments, sorry.
>
> Adrian
>

The debdiff looks good but uploading it is blocked by kbuild
bug #697892.

Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#698486: unblock: kbuild/1:0.1.9998svn2543+dfsg-1

[Felix Geyer]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package kbuild

The current version of kbuild in wheezy causes virtualbox to FTBFS (bug #697892)
and thus blocks a security fix of virtualbox (bug #698292).

unblock kbuild/1:0.1.9998svn2543+dfsg-1
diff -Nru kbuild-0.1.9998svn2543+dfsg/debian/changelog kbuild-0.1.9998svn2543+dfsg/debian/changelog
--- kbuild-0.1.9998svn2543+dfsg/debian/changelog	2012-12-30 21:27:08.0 +0100
+++ kbuild-0.1.9998svn2543+dfsg/debian/changelog	2013-01-18 19:18:56.0 +0100
@@ -1,3 +1,13 @@
+kbuild (1:0.1.9998svn2543+dfsg-1) unstable; urgency=high
+
+  * Stop hardcoding the -O3 optimization flag as it causes kmk_sed to
+miscompile. (Closes: #697892)
+- Add 08_no_o3_optimization.diff
+  * Set urgency to high as it fixes an RC bug which blocks a virtualbox
+security fix.
+
+ -- Felix Geyer   Fri, 18 Jan 2013 19:00:28 +0100
+
 kbuild (1:0.1.9998svn2543+dfsg-0.1) unstable; urgency=low
 
   * Non-maintainer upload.
diff -Nru kbuild-0.1.9998svn2543+dfsg/debian/patches/08_no_o3_optimization.diff kbuild-0.1.9998svn2543+dfsg/debian/patches/08_no_o3_optimization.diff
--- kbuild-0.1.9998svn2543+dfsg/debian/patches/08_no_o3_optimization.diff	1970-01-01 01:00:00.0 +0100
+++ kbuild-0.1.9998svn2543+dfsg/debian/patches/08_no_o3_optimization.diff	2013-01-17 22:45:23.0 +0100
@@ -0,0 +1,17 @@
+Description: Stop hardcoding the -O3 optimization flag as it causes kmk_sed to miscompile.
+Author: Felix Geyer 
+Bug-Debian: http://bugs.debian.org/697892
+
+--- a/Config.kmk
 b/Config.kmk
+@@ -299,8 +299,8 @@ ifndef TEMPLATE_BIN_TOOL
+  endif
+  TEMPLATE_BIN_LDFLAGS   = -g
+  TEMPLATE_BIN_LDFLAGS.profile   = -pg -p
+- TEMPLATE_BIN_CFLAGS.release= -O3
+- TEMPLATE_BIN_CFLAGS.profile= -O3 -pg -p
++ TEMPLATE_BIN_CFLAGS.release= -O2
++ TEMPLATE_BIN_CFLAGS.profile= -O2 -pg -p
+  ifeq ($(KBUILD_TARGET),freebsd)
+   TEMPLATE_BIN_INCS+= $(PATH_GNUMAKE_SRC)/glob /usr/local/include
+  endif
diff -Nru kbuild-0.1.9998svn2543+dfsg/debian/patches/series kbuild-0.1.9998svn2543+dfsg/debian/patches/series
--- kbuild-0.1.9998svn2543+dfsg/debian/patches/series	2010-05-14 01:42:34.0 +0200
+++ kbuild-0.1.9998svn2543+dfsg/debian/patches/series	2013-01-17 22:45:37.0 +0100
@@ -5,3 +5,4 @@
 05_hppa-disable-threads.diff
 06_binutils-gold.diff
 07_special-chars-build-path.diff
+08_no_o3_optimization.diff

Bug#633272: libggi: Getting rid of unneeded *.la / emptying dependency_libs

[Felix Geyer]

tags 633272 + patch
user ubuntu-de...@lists.ubuntu.com
usertags 633272 + precise
usertags 633272 + ubuntu-patch
thanks

Attaching the debdiff for an NMU to drop all .la files.

diff -u libggi-2.2.2/debian/changelog libggi-2.2.2/debian/changelog
--- libggi-2.2.2/debian/changelog
+++ libggi-2.2.2/debian/changelog
@@ -1,3 +1,10 @@
+libggi (1:2.2.2-5.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Don't ship .la files. (Closes: #633272)
+
+ -- Felix Geyer   Tue, 15 Nov 2011 11:12:48 +0100
+
 libggi (1:2.2.2-5) unstable; urgency=low
 
   * Change arch line of correct package.
diff -u libggi-2.2.2/debian/libggi2-dev.install libggi-2.2.2/debian/libggi2-dev.install
--- libggi-2.2.2/debian/libggi2-dev.install
+++ libggi-2.2.2/debian/libggi2-dev.install
@@ -1,7 +1,3 @@
 debian/tmp/usr/lib/*.so usr/lib
-debian/tmp/usr/lib/*.la usr/lib
 debian/tmp/usr/lib/*.a usr/lib
-debian/tmp/usr/lib/ggi/display/*.la usr/lib/ggi/display
-debian/tmp/usr/lib/ggi/helper/*.la usr/lib/ggi/helper
-debian/tmp/usr/lib/ggi/default/*.la usr/lib/ggi/default
 debian/tmp/usr/include/* usr/include
diff -u libggi-2.2.2/debian/libggi-target-fbdev.install libggi-2.2.2/debian/libggi-target-fbdev.install
--- libggi-2.2.2/debian/libggi-target-fbdev.install
+++ libggi-2.2.2/debian/libggi-target-fbdev.install
@@ -2,3 +2,3 @@
 debian/tmp/usr/lib/ggi/display/linvtsw.so usr/lib/ggi/display
-debian/tmp/usr/lib/ggi/default/fbdev/* usr/lib/ggi/default/fbdev/
+debian/tmp/usr/lib/ggi/default/fbdev/*.so usr/lib/ggi/default/fbdev/
 debian/tmp/etc/ggi/targets/fbdev.conf etc/ggi

Bug#633311: libshout: Emptying dependency_libs in .la files

[Felix Geyer]

tags 633311 + patch
user ubuntu-de...@lists.ubuntu.com
usertags 633311 + precise
usertags 633311 + ubuntu-patch
thanks

Attaching a patch that clears out dependency_libs in libshout.la.

diff -u libshout-2.2.2/debian/rules libshout-2.2.2/debian/rules
--- libshout-2.2.2/debian/rules
+++ libshout-2.2.2/debian/rules
@@ -27,6 +27,7 @@
 # Let d-shlibs calculate development package dependencies
 #  and handle shared library install
 common-binary-post-install-arch::
+	sed -i "/dependency_libs/ s/'.*'/''/" debian/tmp/usr/lib/libshout.la
 #	d-devlibdeps debian/libshout3-dev.substvars debian/tmp/usr/lib/libshout.so
 #	d-shlibmove --commit --movedev "debian/tmp/usr/include/*" usr/include/ debian/tmp/usr/lib/libshout.so
 	bash debian/d-devlibdeps debian/libshout3-dev.substvars debian/tmp/usr/lib/libshout.so

Bug#640029: libkqueue ftbfs in unstable

[Felix Geyer]

found 640029 libkqueue/1.0.4-2
thanks

The -Wno-error=unused-result fix hasn't actually made it into the package.




-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#683075: spatialite in wheezy FTBFS

[Felix Geyer]

I've created a patch to fix the freexl compatibility issues.
Together with the patch from Evgeni this seem to fix the build failure.

I'm attaching the debdiff. Hopefully someone can test the resulting
package.

Felix

diff -Nru spatialite-3.0.0~beta20110817/debian/changelog 
spatialite-3.0.0~beta20110817/debian/changelog
--- spatialite-3.0.0~beta20110817/debian/changelog  2011-11-21 
12:12:12.0 +0100
+++ spatialite-3.0.0~beta20110817/debian/changelog  2013-01-04 
11:48:56.0 +0100
@@ -1,3 +1,12 @@
+spatialite (3.0.0~beta20110817-3+deb7u1) testing-proposed-updates; urgency=low
+
+  * Non-maintainer upload.
+  * Fix FTBFS in wheezy. (Closes: #683075)
+- Add 05-fix_libgeos_search.patch from Evgeni Golov to fix configure 
checks.
+- Add 06-freexl_compat.patch to restore compatibility with freexl in 
wheezy.
+
+ -- Felix Geyer   Fri, 04 Jan 2013 10:27:35 +0100
+
 spatialite (3.0.0~beta20110817-3) unstable; urgency=medium
 
   [ Francesco Paolo Lovergine ]
diff -Nru 
spatialite-3.0.0~beta20110817/debian/patches/05-fix_libgeos_search.patch 
spatialite-3.0.0~beta20110817/debian/patches/05-fix_libgeos_search.patch
--- spatialite-3.0.0~beta20110817/debian/patches/05-fix_libgeos_search.patch
1970-01-01 01:00:00.0 +0100
+++ spatialite-3.0.0~beta20110817/debian/patches/05-fix_libgeos_search.patch
2013-01-04 10:27:16.0 +0100
@@ -0,0 +1,70 @@
+Index: spatialite-3.0.0~beta20110817/libspatialite/configure
+===
+--- spatialite-3.0.0~beta20110817.orig/libspatialite/configure 2011-08-17 
17:50:56.0 +0200
 spatialite-3.0.0~beta20110817/libspatialite/configure  2012-11-25 
13:31:19.0 +0100
+@@ -16593,7 +16593,7 @@
+ ac_res="none required"
+   else
+ ac_res=-l$ac_lib
+-LIBS="-l$ac_lib -lm -lgeos $ac_func_search_save_LIBS"
++LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+   fi
+   if ac_fn_c_try_link "$LINENO"; then :
+   ac_cv_search_GEOSTopologyPreserveSimplify=$ac_res
+@@ -16663,7 +16663,7 @@
+ ac_res="none required"
+   else
+ ac_res=-l$ac_lib
+-LIBS="-l$ac_lib -lm -lgeos $ac_func_search_save_LIBS"
++LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+   fi
+   if ac_fn_c_try_link "$LINENO"; then :
+   ac_cv_search_GEOSCoveredBy=$ac_res
+Index: spatialite-3.0.0~beta20110817/libspatialite/configure.ac
+===
+--- spatialite-3.0.0~beta20110817.orig/libspatialite/configure.ac  
2011-08-17 17:50:56.0 +0200
 spatialite-3.0.0~beta20110817/libspatialite/configure.ac   2012-11-25 
13:31:19.0 +0100
+@@ -120,7 +120,7 @@
+ if test x"$enable_geos" != "xno"; then
+   OMIT_GEOS_FLAGS=
+   AC_CHECK_HEADERS(geos_c.h,, [AC_MSG_ERROR([cannot find geos_c.h, bailing 
out])])
+-  
AC_SEARCH_LIBS(GEOSTopologyPreserveSimplify,geos_c,,AC_MSG_ERROR(['libgeos_c' 
is required but it doesn't seems to be installed on this system.]),-lm -lgeos)
++  
AC_SEARCH_LIBS(GEOSTopologyPreserveSimplify,geos_c,,AC_MSG_ERROR(['libgeos_c' 
is required but it doesn't seems to be installed on this system.]),)
+   #---
+   #   --enable-geosadvanced
+   #
+@@ -129,7 +129,7 @@
+ [], [geosadvanced=yes])
+   if test x"$enable_geosadvanced" != "xno"; then
+ GEOSADVANCED_FLAGS=-DGEOS_ADVANCED
+-AC_SEARCH_LIBS(GEOSCoveredBy,geos_c,,AC_MSG_ERROR([obsolete 
'libgeos_c' (< v.3.3.0). please retry specifying: --disable-geosadvanced.]),-lm 
-lgeos)
++AC_SEARCH_LIBS(GEOSCoveredBy,geos_c,,AC_MSG_ERROR([obsolete 
'libgeos_c' (< v.3.3.0). please retry specifying: --disable-geosadvanced.]),)
+   else
+ GEOSADVANCED_FLAGS=
+   fi
+Index: spatialite-3.0.0~beta20110817/spatialite-tools/configure
+===
+--- spatialite-3.0.0~beta20110817.orig/spatialite-tools/configure  
2012-11-25 13:31:19.0 +0100
 spatialite-3.0.0~beta20110817/spatialite-tools/configure   2012-11-25 
13:34:04.917588983 +0100
+@@ -16547,7 +16547,7 @@
+   $as_echo_n "(cached) " >&6
+ else
+   ac_check_lib_save_LIBS=$LIBS
+-LIBS="-lgeos_c -lm -lgeos $LIBS"
++LIBS="-lgeos_c $LIBS"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+ 
+Index: spatialite-3.0.0~beta20110817/spatialite-tools/configure.ac
+===
+--- spatialite-3.0.0~beta20110817.orig/spatialite-tools/configure.ac   
2012-11-25 13:31:19.0 +0100
 spatialite-3.0.0~beta20110817/spatialite-tools/configure.ac
2012-11-25 13:33:53.009624090 +0100
+@@ -72,7 +72,7 @@
+ 
+ AC_CHECK_LIB(expat,XML_ParserCreate,,AC_M

Bug#691125: ejabberd: package installation creates /root/.erlang.cookie

[Felix Geyer]

ejabberdctl is also called from /etc/logrotate.d/ejabberd as root.

It should be changed to
> postrotate
> su ejabberd -c "/usr/sbin/ejabberdctl reopen-log" > /dev/null
> endscript

Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#692117: FTBFS: missing build-dep for test suite

[Felix Geyer]

Source: libcatalyst-plugin-customerrormessage-perl
Version: 0.6-1
Severity: serious
Justification: fails to build from source

libcatalyst-plugin-customerrormessage-perl fails to build from source as it
is missing a build-dependency on libclass-data-inheritable-perl.

Build log:

> Checking prerequisites...
>   requires:
> !  Class::Data::Inheritable is not installed
>
> ERRORS/WARNINGS FOUND IN PREREQUISITES.  You may wish to install the versions
> of the modules indicated above before proceeding with this installation
>
> Run 'Build installdeps' to install missing prerequisites.
>
> Created MYMETA.yml and MYMETA.json
> Creating new 'Build' script for 'Catalyst-Plugin-CustomErrorMessage' version 
> '0.06'
>dh_auto_build
> Building Catalyst-Plugin-CustomErrorMessage
>dh_auto_test
>
> #   Failed test 'use Catalyst::Plugin::CustomErrorMessage;'
> #   at /usr/share/perl5/Test/Distribution.pm line 177.
> # Tried to use 'Catalyst::Plugin::CustomErrorMessage'.
> # Error:  Base class package "Class::Data::Inheritable" is empty.
> # (Perhaps you need to 'use' the module which defines that package first,
> # or make that module available in @INC (@INC contains: 
> /tmp/buildd/libcatalyst-plugin-customerrormessage-perl-0.6/blib/lib 
> /tmp/buildd/libcatalyst-plugin-customerrormessage-perl-0.6/blib/arch 
> /etc/perl /usr/local/lib/perl/5.14.2 /usr/local/share/perl/5.14.2 
> /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.14 /usr/share/perl/5.14 
> /usr/local/lib/site_perl .).
> #  at 
> /tmp/buildd/libcatalyst-plugin-customerrormessage-perl-0.6/blib/lib/Catalyst/Plugin/CustomErrorMessage.pm
>  line 36
> # BEGIN failed--compilation aborted at 
> /tmp/buildd/libcatalyst-plugin-customerrormessage-perl-0.6/blib/lib/Catalyst/Plugin/CustomErrorMessage.pm
>  line 36.
> # Compilation failed in require at (eval 43) line 2.
> # BEGIN failed--compilation aborted at (eval 43) line 2.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#691148: Please package virtualbox 4.2.2

[Felix Geyer]

On 22.10.2012 09:49, Sjoerd Simons wrote:
> Package: virtualbox
> Version: 4.1.18-dfsg-1.1
> Severity: wishlist
>
> Hey,
>
> While virtualbox 4.1.18 seems to work well, its guest additions can't cope 
> with
> newer kernels (e.g. 3.5) and newere Xorg (1.13). Even though these aren't
> the default in debian yet, this makes it hard to run a virtualbox iwth guest
> additions for other linux based platforms. Having virtualbox 4.2.2 available
> (e.g. in experimental) would be very nice 

Agreed, though virtualbox 4.2 is not DFSG-free [1] anymore which doesn't exactly
motivate me to invest time into this package.

Felix


[1] The BIOS requires a non-free compiler (Open Watcom) to build.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#691148: [Pkg-virtualbox-devel] Bug#691148: Please package virtualbox 4.2.2

[Felix Geyer]

On 12.11.2012 11:28, Alexey Eromenko wrote:
>> Agreed, though virtualbox 4.2 is not DFSG-free [1] anymore which doesn't 
>> exactly
>> motivate me to invest time into this package.
> Can you elaborate ?
> I'm not aware of any changes in the VBox BIOS.
>
> AFAIK VBox BIOS was always based on the bochs BIOS, not anymore ?

I don't know the details but they said bcc was too buggy so they ported
the BIOS for Open Watcom.

This commit might be interesting:
https://www.virtualbox.org/changeset/38699/vbox

Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#691148: [Pkg-virtualbox-devel] Bug#691148: Bug#691148: Please package virtualbox 4.2.2

[Felix Geyer]

On 12.11.2012 12:19, Frank Mehnert wrote:
> It is correct that we switched from bcc to Open Watcom to compile
> the PC BIOS as well as the VGA BIOS. The reason is indeed that bcc
> is unmaintained since years, has many bugs and creates code which
> is far away from being optimized. And we didn't find an appropriate
> alternative to Open Watcom.
>
> But it is not true that Open Watcom is required to build the BIOS
> of VirtualBox. If Open Watcom is not available, an alternative Assembler
> file can be used to create the BIOS. See here:
>
> https://www.virtualbox.org/browser/vbox/trunk/src/VBox/Devices/BiosCommonCode

Right, but Open Watcom is required to build the BIOS from source
("preferred form for modification").
That makes VirtualBox a candidate for the Debian contrib repository as it
is free but requires non-free software to build from source. When the
package is in contrib the assembler file could be used to build the BIOS.

Felix


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#691148: [Pkg-virtualbox-devel] Bug#691148: Bug#691148: Please package virtualbox 4.2.2

[Felix Geyer]

On 14.11.2012 08:27, Frank Mehnert wrote:
> On Tuesday 13 November 2012 17:55:14 Felix Geyer wrote:
>> On 12.11.2012 12:19, Frank Mehnert wrote:
>>> It is correct that we switched from bcc to Open Watcom to compile the PC 
>>> BIOS as well as
>>> the VGA BIOS. The reason is indeed that bcc is unmaintained since years, 
>>> has many bugs
>>> and creates code which is far away from being optimized. And we didn't find 
>>> an
>>> appropriate alternative to Open Watcom.
>>> 
>>> But it is not true that Open Watcom is required to build the BIOS of 
>>> VirtualBox. If Open
>>> Watcom is not available, an alternative Assembler file can be used to 
>>> create the BIOS.
>>> See here:
>>> 
>>> https://www.virtualbox.org/browser/vbox/trunk/src/VBox/Devices/BiosCommon 
>>> Code
>> 
>> Right, but Open Watcom is required to build the BIOS from source ("preferred 
>> form for
>> modification"). That makes VirtualBox a candidate for the Debian contrib 
>> repository as it 
>> is free but requires non-free software to build from source. When the 
>> package is in contrib
>> the assembler file could be used to build the BIOS.
> 
> In my opinion this depends on the definition of the term "source code".

Debian has basically adopted the GPL definition of source code:
The source code for a work means the preferred form of the work for making
modifications to it.

> The VirtualBox source code tarball ships two alternative variants of the BIOS 
> source code:
> The first variant is C code mixed with Assembler code (in 
> src/VBox/Devices/PC/BIOS/* and
> src/VBox/Devices/Graphics/BIOS/*). The second variant is pure Assembler code 
> which can be
> found in
> 
> src/VBox/Devices/PC/BIOS/VBoxBiosAlternative.asm and 
> src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative.asm

When you want to modify the BIOS you change the code in the files of the
first variant so only that is considered the source code of the BIOS.

The BiosAlternative assembler files are just pre-generated files that need to
be updated whenever the code changes.

> Both variants are part of the source code tarball, and the second variant 
> allows it to build
> VirtualBox even if Open Watcom is not available. It should not matter that 
> the second variant
> is generated from the first variant because that generation is done by the 
> VirtualBox team
> and we ensure that the 2nd variant will produce the same object code as the 
> 1st variant.

That is a problem because it's impossible to modify the BIOS (e.g. by adding
a distro patch) without someone running Open Watcom.
Building and running software in Debian main needs to be self-contained but 
Open Watcom is
required at least when you modify the upstream BIOS code.

Regards,
Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#689616: blhc: false positive for Qt moc

[Felix Geyer]

Package: blhc
Version: 0.03+20120626+git93afe23-1
Severity: normal

blhc seems to think these moc-qt4/moc-qt5 calls link/compile an executable and 
issues warnings about missing flags.
moc is just a C++ preprocessor for Qt where all the dpkg-buildflags are 
irrelevant.

Some examples:

CXXFLAGS missing (-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat 
-Werror=format-security): /tmp/buildd/qt4-x11-4.8.3+dfsg/bin/moc-qt4 
-DQT_OPENGL_SUPPORT -D_LARGEFILE64_SOURCE -D_LARGEFILE_SOURCE -DQT_NO_DEBUG 
-DQT_DECLARATIVE_LIB -DQT_SQL_LIB -DQT_XML_LIB -DQT_OPENGL_LIB -DQT_GUI_LIB 
-DQT_NETWORK_LIB -DQT_CORE_LIB -DQT_HAVE_MMX -DQT_HAVE_3DNOW -DQT_HAVE_SSE 
-DQT_HAVE_MMXEXT -DQT_HAVE_SSE2 -DQT_HAVE_SSE3 -DQT_HAVE_SSSE3 -DQT_HAVE_SSE4_1 
-DQT_HAVE_SSE4_2 -DQT_HAVE_AVX -DQT_SHARED -I../../mkspecs/linux-g++-64 -I. 
-I../../include/QtCore -I../../include/QtNetwork -I../../include/QtGui 
-I../../include/QtOpenGL -I../../include/QtXml -I../../include/QtSql 
-I../../include/QtDeclarative -I../../include -I../../include/QtHelp 
-I/usr/X11R6/include -I/usr/X11R6/include -I.moc/release-shared 
demoitemanimation.h -o .moc/release-shared/moc_demoitemanimation.cpp

CXXFLAGS missing (-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 
-Wformat -Werror=format-security): 
/tmp/buildd/qtbase-opensource-src-5.0.0~beta1/bin/moc-qt5 -D_LARGEFILE64_SOURCE 
-D_LARGEFILE_SOURCE -DQT_NO_DEBUG -DQT_WIDGETS_LIB -DQT_GUI_LIB -DQT_CORE_LIB 
-I../../../../mkspecs/linux-g++-64 -I. -I../../../../include 
-I../../../../include/QtWidgets -I../../../../include/QtGui 
-I../../../../include/QtCore -I.moc/release-shared norwegianwoodstyle.h -o 
.moc/release-shared/moc_norwegianwoodstyle.cpp
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): 
/tmp/buildd/qtbase-opensource-src-5.0.0~beta1/bin/moc-qt5 -D_LARGEFILE64_SOURCE 
-D_LARGEFILE_SOURCE -DQT_NO_DEBUG -DQT_WIDGETS_LIB -DQT_GUI_LIB -DQT_CORE_LIB 
-I../../../../mkspecs/linux-g++-64 -I. -I../../../../include 
-I../../../../include/QtWidgets -I../../../../include/QtGui 
-I../../../../include/QtCore -I.moc/release-shared norwegianwoodstyle.h -o 
.moc/release-shared/moc_norwegianwoodstyle.cpp
LDFLAGS missing (-fPIE -pie -Wl,-z,relro): 
/tmp/buildd/qtbase-opensource-src-5.0.0~beta1/bin/moc-qt5 -D_LARGEFILE64_SOURCE 
-D_LARGEFILE_SOURCE -DQT_NO_DEBUG -DQT_WIDGETS_LIB -DQT_GUI_LIB -DQT_CORE_LIB 
-I../../../../mkspecs/linux-g++-64 -I. -I../../../../include 
-I../../../../include/QtWidgets -I../../../../include/QtGui 
-I../../../../include/QtCore -I.moc/release-shared norwegianwoodstyle.h -o 
.moc/release-shared/moc_norwegianwoodstyle.cpp


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#689616: blhc: false positive for Qt moc

[Felix Geyer]

On 05.10.2012 18:14, jari wrote:
> On 2012-10-04 23:44, Simon Ruderich wrote: | On Thu, Oct 04, 2012 at 
> 04:24:54PM +0200, Felix
> Geyer wrote: | > blhc seems to think these moc-qt4/moc-qt5 calls link/compile 
> an | >
> executable and issues warnings about missing flags. moc is just | > a C++ 
> preprocessor for Qt
> where all the dpkg-buildflags are | > irrelevant. | | To get the latest 
> `blhc` just clone the
> repository with Git: | | git clone 
> http://ruderich.org/simon/blhc/blhc.git | | And run
> `blhc` from the directory (no need to install it). | | ./bin/blhc 
> path/to/build/file
> 
> Felix,
> 
> In case this is easier, please install following *.deb and report if this 
> version from
> Simon's Git fixes the problem.
> 
> wget 
> http://cante.net/~jaalto/tmp/debian/blhc/blhc_0.03+20121004+gite3d197b-1_all.deb
>  dpkg -i
> blhc*.deb
> 
> Jari

Yep, the fix works fine.

Thanks,
Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#691148: [Pkg-virtualbox-devel] Bug#691148: Bug#691148: Bug#691148: Please package virtualbox 4.2.2

[Felix Geyer]

On 14.11.2012 15:30, Michael Meskes wrote:
> On Wed, Nov 14, 2012 at 10:56:50AM +0100, Felix Geyer wrote:
>> When you want to modify the BIOS you change the code in the files of the
>> first variant so only that is considered the source code of the BIOS.
> 
> Well, you can change the assembler file directly. I wonder what happened if we
> just remove the OpenWatcom source files from the tarball?

Removing the Open Watcom source files would be a GPL violation unless upstream
explicitly adds a license to the generated assembler files.
Anyway I fail to see how removing free source code files could change anything 
in terms
of DFSG-freeness of the whole thing.

> Or if the developers hadn't told us but instead said they created the 
> assembler file by hand?

It's pretty hard to believe that someone could write and maintain 15,000 lines
of assembler code without a single comment.

>> That is a problem because it's impossible to modify the BIOS (e.g. by adding
>> a distro patch) without someone running Open Watcom.
> 
> Why's that? We can change assembler source files, can't we? 

Sure, you can modify those assembler files but they are just a post-processed
compiler output. That means in practice you can't modify it in a meaningful
way.
In fact the files say "Auto Generated source file. Do not edit." ;-)
For example we would be unable to cherry-pick a BIOS fix from trunk.

> I really wonder if we're trying to be more catholic than the pope here. 

I don't think so because where does it end?
With the same argument you could declare every disassembled binary that is built
from high level language code as source code.

Regards,
Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#691148: [Pkg-virtualbox-devel] Bug#691148: Bug#691148: Bug#691148: Please package virtualbox 4.2.2

[Felix Geyer]

On 18.11.2012 18:55, Michael Meskes wrote:
> On Fri, Nov 16, 2012 at 04:28:01PM +0100, Felix Geyer wrote:
>> Removing the Open Watcom source files would be a GPL violation unless 
>> upstream
>> explicitly adds a license to the generated assembler files.
>
> IANAL but wouldn't the general license from the package kick in if there is no
> license mentioned in a source file?

The assembler file explicitly says that it's build from GPL code so the GPL 
rules
for distributing object code applies here. That means you need keep the source
code in the tarball.

>> It's pretty hard to believe that someone could write and maintain 15,000 
>> lines
>> of assembler code without a single comment.
>
> But that's not the point. It's not about whether or not you believe them, it's
> about what the license dictates.

It's not really about licenses. I don't doubt that the VirtualBox BIOS is 
perfectly
fine GPLv2 code.
However the Debian Policy enforces additional restrictions such as everything
in main needs to be buildable from source with software from main.
I think it's a reason to not include software in Debian if we have strong 
doubts whether
upstream ships the real source code and that restricts how we can make 
modifications
to the software.

>> Sure, you can modify those assembler files but they are just a post-processed
>> compiler output. That means in practice you can't modify it in a meaningful
>> way.
>> In fact the files say "Auto Generated source file. Do not edit." ;-)
>
> Ok, for the sake of my argument let's assumed that line was removed. :)
>
>> For example we would be unable to cherry-pick a BIOS fix from trunk.
>
> Good point.
>
>> With the same argument you could declare every disassembled binary that is 
>> built
>> from high level language code as source code.
>
> True. I'm not saying it is, I just wonder whether our restriction makes sense.

The restriction makes sense because it ensures that you have the freedom to 
modify the
code and actually run the modified software.

Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#684638: unblock: qtcreator/2.5.0-2

[Felix Geyer]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package qtcreator

It fixes RC bug #683933: undefined symbol: _ZTVN5Botan11POSIX_TimerE
This caused qtcreator to be unusable on kfreebsd and most likely hurd.

unblock qtcreator/2.5.0-2
diff -Nru qtcreator-2.5.0/debian/changelog qtcreator-2.5.0/debian/changelog
--- qtcreator-2.5.0/debian/changelog	2012-05-19 17:33:54.0 +0200
+++ qtcreator-2.5.0/debian/changelog	2012-08-07 11:33:25.0 +0200
@@ -1,3 +1,12 @@
+qtcreator (2.5.0-2) unstable; urgency=medium
+
+  * Team upload.
+  * Build tm_posix.cpp on kFreeBSD and Hurd to fix a crash because of an
+undefined symbol. (Closes: #683933)
+- Add posix_rt_nonlinux.diff
+
+ -- Felix Geyer   Tue, 07 Aug 2012 11:33:13 +0200
+
 qtcreator (2.5.0-1) unstable; urgency=low
 
   * New upstream release.
diff -Nru qtcreator-2.5.0/debian/patches/posix_rt_nonlinux.diff qtcreator-2.5.0/debian/patches/posix_rt_nonlinux.diff
--- qtcreator-2.5.0/debian/patches/posix_rt_nonlinux.diff	1970-01-01 01:00:00.0 +0100
+++ qtcreator-2.5.0/debian/patches/posix_rt_nonlinux.diff	2012-08-07 11:12:46.0 +0200
@@ -0,0 +1,26 @@
+Description: Build tm_posix.cpp on kFreeBSD and Hurd to fix a crash
+ because of an undefined symbol.
+Author: Felix Geyer 
+Forwarded: not-needed
+Bug-Debian: http://bugs.debian.org/683933
+
+--- qtcreator-2.5.0.orig/src/libs/3rdparty/botan/src/src.pro
 qtcreator-2.5.0/src/libs/3rdparty/botan/src/src.pro
+@@ -282,7 +282,7 @@ unix {
+timer/gettimeofday/tm_unix.h
+ }
+ 
+-linux*-g++*|freebsd*-g++* {
++linux*-g++*|freebsd*-g++*|glibc*-g++*|hurd*-g++* {
+ HEADERS += timer/posix_rt/tm_posix.h
+ }
+ 
+@@ -566,7 +566,7 @@ unix {
+timer/gettimeofday/tm_unix.cpp
+ }
+ 
+-linux*|freebsd* {
++linux*|freebsd*|glibc*|hurd* {
+ SOURCES += timer/posix_rt/tm_posix.cpp
+ 
+ LIBS += -lrt
diff -Nru qtcreator-2.5.0/debian/patches/series qtcreator-2.5.0/debian/patches/series
--- qtcreator-2.5.0/debian/patches/series	2012-05-19 17:26:25.0 +0200
+++ qtcreator-2.5.0/debian/patches/series	2012-08-07 11:07:23.0 +0200
@@ -3,3 +3,4 @@
 Use_bzr_branch_instead_of_bzr_clone.patch
 Fix_revno_detection_in_bzr_log.patch
 rpath_nonlinux.diff
+posix_rt_nonlinux.diff

Bug#684651: screenkey: Missing dependency on python-gtk2 and x11-xserver-utils

[Felix Geyer]

Package: screenkey
Version: 0.2-1
Severity: serious
Justification: Policy 3.5

screenkey needs to depend on python-gtk2 and x11-xserver-utils:

# screenkey
Traceback (most recent call last):
  File "/usr/bin/screenkey", line 19, in 
import pygtk
ImportError: No module named pygtk

# screenkey
Traceback (most recent call last):
  File "/usr/bin/screenkey", line 59, in 
Main()
  File "/usr/bin/screenkey", line 54, in Main
s = Screenkey(logger=logger, nodetach=options.nodetach)
  File "/usr/lib/python2.7/dist-packages/Screenkey/screenkey.py", line 107, in 
__init__
mode=self.options['mode'])
  File "/usr/lib/python2.7/dist-packages/Screenkey/listenkdb.py", line 77, in 
__init__
self.keymap = modmap.get_keymap_table()
  File "/usr/lib/python2.7/dist-packages/Screenkey/modmap.py", line 31, in 
get_keymap_table
keymap_table = cmd_keymap_table()
  File "/usr/lib/python2.7/dist-packages/Screenkey/modmap.py", line 22, in 
cmd_keymap_table
['xmodmap','-pk'], stdout=subprocess.PIPE).communicate()[0]
  File "/usr/lib/python2.7/subprocess.py", line 679, in __init__
errread, errwrite)
  File "/usr/lib/python2.7/subprocess.py", line 1259, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#669565: RFS: gammaray/1.1.0-1 [ITP] -- Tool for examining the internals of Qt application

[Felix Geyer]

On 14.08.2012 22:40, Jakub Adam wrote:
> Hi,
> 
> Gammaray is now team-maintained by Debian KDE Extras Team and its git
> repository relocated to
> 
>   http://anonscm.debian.org/gitweb/?p=pkg-kde/kde-extras/gammaray.git
> 
> Old repo in collab-maint is not available anymore.

Great!

I noticed some issues in the copyright file:

- This one is missing:
  ./core/palettemodel.cpp:  Copyright (C) 2010 Ariya Hidayat 


- tools/ has been moved to core/tools/

- cmake/* is missing.
  Some of those files don't have a license header.
  It would be good to check with upstream under what license they are released.

Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#685076: xbmc: Recommends non-existent python-qt3 package

[Felix Geyer]

Package: xbmc
Version: 2:11.0~git20120510.82388d5-1
Severity: normal

xbmc recommends python-qt3, which has been removed from the archive.

It seems to be only used in ./tools/Linux/FEH.py and ./tools/Linux/FEH-ARM.py
and is optional so removing the Recommends is probably ok.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#669565: RFS: gammaray/1.1.0-1 [ITP] -- Tool for examining the internals of Qt application

[Felix Geyer]

On 20.08.2012 14:04, Jakub Adam wrote:
> Hi Felix,
> 
> On 16.8.2012 11:04, Felix Geyer wrote:
>> I noticed some issues in the copyright file:
>>
>> - This one is missing:
>>./core/palettemodel.cpp:  Copyright (C) 2010 Ariya 
>> Hidayat
>>
>> - tools/ has been moved to core/tools/
>>
>> - cmake/* is missing.
>>Some of those files don't have a license header.
>>It would be good to check with upstream under what license they are 
>> released.
> 
> I fixed what I could figure out myself, for the rest of files in cmake/ I 
> asked
> upstream [1], missing license headers are now added in their git [2] and also
> in our d/copyright.

Great, thanks!

Upstream has released version 1.2.1 in the meantime.
I noticed that you've removed 3rdparty/qt/private in the upstream tarball.
This needs to be documented in README.source and preferably "+repack" added
to the upstream version number.
In this case however it would be much easier to keep them in the tarball and
just remove those files in debian/rules before building.

Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#669565: RFS: gammaray/1.1.0-1 [ITP] -- Tool for examining the internals of Qt application

[Felix Geyer]

On 20.08.2012 22:39, Jakub Adam wrote:
> Hi Felix,
> 
> On 20.8.2012 18:26, Felix Geyer wrote:
>> Upstream has released version 1.2.1 in the meantime.
> 
> I see, imported to our repo.
> 
>> I noticed that you've removed 3rdparty/qt/private in the upstream tarball.
>> This needs to be documented in README.source and preferably "+repack" added
>> to the upstream version number.
>> In this case however it would be much easier to keep them in the tarball and
>> just remove those files in debian/rules before building.
> 
> I chose a similar approach, but I don't delete the files in d/rules but only
> move them away so that dh_clean can restore the sources into original state.

Ok, I've uploaded gammaray now.

Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#685670: Doesn't use build flags

[Felix Geyer]

Source: htop
Version: 1.0.1-1
Severity: important

htop doesn't export any build flags so it's built without optimizations,
debugging symbols and hardening options.

Example:

x86_64-linux-gnu-gcc -DHAVE_CONFIG_H -I.  -DNDEBUG  -pedantic -Wall -Wextra 
-std=c99 -rdynamic -D_XOPEN_SOURCE_EXTENDED -DSYSCONFDIR=\"/usr/etc\"  -MT 
htop-AvailableMetersPanel.o -MD -MP -MF .deps/htop-AvailableMetersPanel.Tpo -c 
-o htop-AvailableMetersPanel.o `test -f 'AvailableMetersPanel.c' || echo 
'./'`AvailableMetersPanel.c


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#655609: mozilla-devscripts misinterprets -a parameter

[Felix Geyer]

Package: mozilla-devscripts
Version: 0.29

"-a" is a common parameter for debhelper scripts that means "act on 
arch-dependent packages".
dh_xul-ext misinterprets "-a" as the short form of its --all parameter.
dh passes "-a" to dh_xul-ext when the dh addon is used and only arch-dependent 
packages
are built.

As a result of this bug xul-ext-lightning depends on icedove instead of 
thunderbird in Ubuntu:
https://launchpadlibrarian.net/89758164/buildlog_ubuntu-precise-amd64.lightning-extension_1.2~b1%2Bbuild1-0ubuntu1_BUILDING.txt.gz




-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#659333: libapt-inst1.4, libapt-pkg4.12: "Multi-Arch: same" but not co-installable with themselves

[Felix Geyer]

Package: apt
Version: 0.8.16~exp12
Severity: normal
User: multiarch-de...@lists.alioth.debian.org
Usertags: multiarch

libapt-inst1.4 and libapt-pkg4.12 are marked as "Multi-Arch: same" but the
translation files (usr/share/locale/*/LC_MESSAGES/libapt-inst1.4.mo and
/usr/share/locale/*/LC_MESSAGES/libapt-pkg4.12.mo) differ on each architecture.



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#656339: virtualbox-guest-x11: chromium using GPU acceleration is unusable

[Felix Geyer]

Could you please test if this is still a problem with version 4.1.8-dfsg-2?

mesa didn't load the dri module as it wasn't installed into the multiarch
directory.




-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#677242: virtualbox-guest-x11: Keyboard stops working after some time.

[Felix Geyer]

severity 677242 important
tags 677242 unreproducible
thanks

On 13.06.2012 16:43, Cord Beermann wrote:
> Hallo! Du (Felix Geyer) hast geschrieben:
>
>> Are you sure that the problem is only present in 4.1.16-dfsg-2?
>> 4.1.16-dfsg-2 doesn't have any code changes in the guest additions.
> As I couldn't find anything in the Logs i'm not sure. 
>
> What I know is:
>
> I upgraded virtualbox-guest-x11, virtualbox-guest-utils,
> virtualbox-guest-dkms from 4.1.16-dfsg-1 to 4.1.16-dfsg-2 in the
> morning.
>
> I got the problems. 
>
> I rebooted the hostsystem and the client (the latter three times.)
> Problem was reproduceable.
>
> I downgraded to 4.1.16-dfsg-1 and rebooted the client-system, the problem
> didn't show up again for the last 24hours.
>
> Cord

I can't reproduce the bug.
Does version 4.1.18 fix the problem?

Felix




-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#657966: dh-exec: Please disable pkgbinarymangler for tests

[Felix Geyer]

Package: dh-exec
Version: 0.1
Severity: wishlist
Tags: patch

Some tests fail on Ubuntu becauses the buildds have pkgbinarymangler installed
which diverts dpkg-deb.
Please disable it by setting NO_PKG_MANGLE (patch is attached).
diff -Nru dh-exec-0.1/t/Makefile.am dh-exec-0.1ubuntu1/t/Makefile.am
--- dh-exec-0.1/t/Makefile.am	2011-12-21 00:51:17.0 +0100
+++ dh-exec-0.1ubuntu1/t/Makefile.am	2012-01-30 11:59:36.0 +0100
@@ -18,7 +18,8 @@
 			DH_EXEC_LIBDIR="${top_builddir}/src" \
 			DH_EXEC_BINDIR="${top_builddir}/src" \
 			top_builddir="${top_builddir}" \
-			srcdir="${srcdir}"
+			srcdir="${srcdir}" \
+			NO_PKG_MANGLE=1
 
 check: ${TESTS}
 	$(AM_V_GEN) ${TESTS_ENVIRONMENT} prove -e '' -f -o ${PROVE_OPTIONS} $(addprefix ${srcdir}/,${TESTCASES})

Bug#657966: dh-exec: Please disable pkgbinarymangler for tests

[Felix Geyer]

On 30.01.2012 13:43, Gergely Nagy wrote:
> Felix Geyer  writes:
>
>> Package: dh-exec
>> Version: 0.1
>> Severity: wishlist
>> Tags: patch
>>
>> Some tests fail on Ubuntu becauses the buildds have pkgbinarymangler 
>> installed
>> which diverts dpkg-deb.
>> Please disable it by setting NO_PKG_MANGLE (patch is attached).
> Is there any documentation available online on what pkgbinarymangler is,
> and what it does? (If not, I'll check the sources, but docs would be
> easier :)

The package description says:

> pkgbinarymangler consists of a dpkg-deb wrapper that calls the following
> helper applications while building a debian binary package:
>
> pkgstriptranslations removes all *.mo files in /usr/share/locale from
> all package build directories. It is used to strip off gettext translations
> from generated binary packages, because translations are already shipped
> in the language packs.  Its behaviour (which is disabled by default) is
> configured in /etc/pkgbinarymangler/striptranslations.conf.
>
> pkgmaintainermangler adjusts the maintainer field in binary packages to
> match a set of rules (including whitelists, mass renames by component,
> maintainer name, etc) defined in the pkgmaintainermangler configuration
> file at /etc/pkgbinarymangler/maintainermangler.conf.

> If the tests fail with pkgbinarymangler installed, that might result in
> real packages failing with it too, if they use dh-exec, so I'd rather
> find a different solution if possible, instead of setting NO_PKG_MANGLE.

pkgbinarymangler also calls pkgsanitychecks which checks if dpkg-deb is building
the correct source package.

This fails when you build test packages:

> The tests fail because the package names don't match:
> /usr/bin/pkgsanitychecks: inconsistent /CurrentlyBuilding file, Package: 
> value is dh-exec
(should be pkg-test)
> dh_builddeb.pkgbinarymangler: dpkg-deb --build debian/pkg-test .. returned 
> exit code 1
> /usr/bin/pkgsanitychecks: inconsistent /CurrentlyBuilding file, Package: 
> value is dh-exec
(should be pkg-test)
> dh_builddeb.pkgbinarymangler: dpkg-deb --build debian/pkg-test-illiterate .. 
> returned exit code 1

I don't think there is another way to disable it.




-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#659027: Please transition libwebp for multiarch

[Felix Geyer]

Package: libwebp
Version: 0.1.3-2.1
Tags: patch
User: multiarch-de...@lists.alioth.debian.org
Usertags: multiarch

Hi,

Please find attached a patch to libwebp to transition it to use
multiarch library paths as described at
.

Thanks,
Felix
diff -Nru libwebp-0.1.3/debian/compat libwebp-0.1.3/debian/compat
--- libwebp-0.1.3/debian/compat	2011-03-01 02:25:42.0 +0100
+++ libwebp-0.1.3/debian/compat	2012-02-07 14:15:41.0 +0100
@@ -1 +1 @@
-7
+9
diff -Nru libwebp-0.1.3/debian/control libwebp-0.1.3/debian/control
--- libwebp-0.1.3/debian/control	2012-01-29 18:28:32.0 +0100
+++ libwebp-0.1.3/debian/control	2012-02-07 14:17:10.0 +0100
@@ -1,7 +1,7 @@
 Source: libwebp
 Priority: extra
 Maintainer: Jeff Breidenbach 
-Build-Depends: debhelper (>= 7), autotools-dev, libtool, autoconf, 
+Build-Depends: debhelper (>= 9), autotools-dev, libtool, autoconf, 
  automake, libjpeg-dev, libpng12-dev
 Standards-Version: 3.9.2
 Section: libs
@@ -10,6 +10,7 @@
 Package: libwebp-dev
 Section: libdevel
 Architecture: any
+Multi-Arch: same
 Depends: libwebp2 (= ${binary:Version}), ${misc:Depends}
 Description: Lossy compression of digital photographic images.
  Image Compression format, based on the VP8 codec.
@@ -21,6 +22,8 @@
 Package: libwebp2
 Section: libs
 Architecture: any
+Multi-Arch: same
+Pre-Depends: ${misc:Pre-Depends}
 Depends: ${shlibs:Depends}, ${misc:Depends}
 Description: Lossy compression of digital photographic images.
  Image Compression format, based on the VP8 codec.
diff -Nru libwebp-0.1.3/debian/libwebp2.dirs libwebp-0.1.3/debian/libwebp2.dirs
--- libwebp-0.1.3/debian/libwebp2.dirs	2011-03-01 02:25:42.0 +0100
+++ libwebp-0.1.3/debian/libwebp2.dirs	1970-01-01 01:00:00.0 +0100
@@ -1 +0,0 @@
-usr/lib
diff -Nru libwebp-0.1.3/debian/libwebp2.install libwebp-0.1.3/debian/libwebp2.install
--- libwebp-0.1.3/debian/libwebp2.install	2011-03-01 02:25:42.0 +0100
+++ libwebp-0.1.3/debian/libwebp2.install	2012-02-07 14:16:24.0 +0100
@@ -1 +1 @@
-usr/lib/lib*.so.*
+usr/lib/*/lib*.so.*
diff -Nru libwebp-0.1.3/debian/libwebp-dev.dirs libwebp-0.1.3/debian/libwebp-dev.dirs
--- libwebp-0.1.3/debian/libwebp-dev.dirs	2011-03-01 02:25:42.0 +0100
+++ libwebp-0.1.3/debian/libwebp-dev.dirs	1970-01-01 01:00:00.0 +0100
@@ -1,2 +0,0 @@
-usr/lib
-usr/include
diff -Nru libwebp-0.1.3/debian/libwebp-dev.install libwebp-0.1.3/debian/libwebp-dev.install
--- libwebp-0.1.3/debian/libwebp-dev.install	2011-04-14 06:42:32.0 +0200
+++ libwebp-0.1.3/debian/libwebp-dev.install	2012-02-07 14:16:45.0 +0100
@@ -1,4 +1,4 @@
 usr/include/*
-usr/lib/lib*.a
-usr/lib/lib*.so
+usr/lib/*/lib*.a
+usr/lib/*/lib*.so
 
diff -Nru libwebp-0.1.3/debian/webp.dirs libwebp-0.1.3/debian/webp.dirs
--- libwebp-0.1.3/debian/webp.dirs	2011-03-01 21:20:01.0 +0100
+++ libwebp-0.1.3/debian/webp.dirs	1970-01-01 01:00:00.0 +0100
@@ -1 +0,0 @@
-usr/bin

Bug#685670: closed by jac...@debian.org (Eugene V. Lyubimkin) (Bug#685670: fixed in htop 1.0.1-3)

[Felix Geyer]

On 08/27/2012 07:03 PM, Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report which was filed 
> against the
> src:htop package:
> 
> #685670: Doesn't use build flags
> 
> It has been closed by jac...@debian.org (Eugene V. Lyubimkin).

Thanks, though it still ignores CPPFLAGS and LDFLAGS.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#682236: virtualbox: VMs cannot be started - kernel module error suspected - [10402.535241] ioctl32(VirtualBox:30222): Unknown cmd fd(11) cmd(c0305601){t:'V'; sz:48} arg(ffefb0f0) on /dev/vboxdrv

[Felix Geyer]

reassign 565698 virtualbox 4.1.18-dfsg-1
forcemerge 565698 682236
stop

On 20.07.2012 16:30, Thomas Mueller wrote:
> Package: virtualbox
> Version: 4.1.18-dfsg-1
> Severity: important
>
> Dear Maintainer,
>
> I cannot start any VM. The error I get on the GUI:
>
> RTR3Init failed with rc=-1912 (rc=-1912)
>
> The VirtualBox kernel modules do not match this version of VirtualBox. 
> The installation of VirtualBox was apparently not successful. Executing
>
> '/etc/init.d/vboxdrv setup'
>
> may correct this. Make sure that you do not mix the OSE version and the 
> PUEL version of VirtualBox.
>
> (Which is the upstream error message which is wrong btw for the Debian 
> package)
>
> Within dmesg I get the same time:
> [ 3919.887385] vboxdrv: Found 4 processor cores.
> [ 3919.887941] vboxdrv: fAsync=0 offMin=0x4ce offMax=0x4588
> [ 3919.888026] vboxdrv: TSC mode is 'synchronous', kernel timer mode is 
> 'normal'.
> [ 3919.888028] vboxdrv: Successfully loaded version 4.1.18_Debian (interface 
> 0x0019).
> [ 3919.923538] vboxpci: IOMMU not found (not registered)
> [ 5492.917714] ioctl32(VirtualBox:26021): Unknown cmd fd(11) 
> cmd(c0305601){t:'V';sz:48} arg(ffb2d480) on /dev/vboxdrv
> [ 6238.146503] ioctl32(VirtualBox:29106): Unknown cmd fd(11) 
> cmd(c0305601){t:'V';sz:48} arg(ffbf14a0) on /dev/vboxdrv
> [10402.535241] ioctl32(VirtualBox:30222): Unknown cmd fd(11) 
> cmd(c0305601){t:'V';sz:48} arg(ffefb0f0) on /dev/vboxdrv
>
> Each ioctrl32 line is for one try to start a VM.

VirtualBox doesn't support mixing a 64-bit kernel with 32-bit userland.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#675845: Re: Bug#675845: adanaxisgpl: FTBFS:

[Felix Geyer]

On 09.06.2012 18:33, Robert Millan wrote:
> 2012/6/3 Christoph Egger :
>> /usr/include/sys/kern/types.h:189:18: error: two or more data types in 
>> declaration specifiers
> This might be a bug in kfreebsd-kernel-headers, however I can't check
> because it hits a different error:
>
> g++ -DHAVE_CONFIG_H -I. -I..   -DMUSH_DATA_DIR=\"/usr/share/games\"
> -I/usr/include/SDL -D_GNU_SOURCE=1 -D_REENTRANT -I. -I./API -DNDEBUG
> -I./Platform/X11  -g -O2 -c -o GameStringSpec.o `test -f
> 'Game/GameStringSpec.cpp' || echo './'`Game/GameStringSpec.cpp
> In file included from ./Mushcore/MushcoreData.h:178:0,
>  from ./Mushcore/Mushcore.h:120,
>  from ./API/mushMushcore.h:58,
>  from Game/GameStringSpec.h:51,
>  from Game/GameStringSpec.cpp:50:
> ./Mushcore/MushcoreSingleton.h: In instantiation of ‘static void
> MushcoreSingleton::SingletonUncheckedNew() [with
> SingletonType = MushcoreFactory]’:
> ./Mushcore/MushcoreSingleton.h:76:9:   required from ‘static
> SingletonType& MushcoreSingleton::Sgl() [with
> SingletonType = MushcoreFactory]’
> Game/GameStringSpec.cpp:91:22:   required from here
> ./Mushcore/MushcoreSingleton.h:86:5: error: ‘SingletonPtrSet’ was not
> declared in this scope, and no declarations were found by
> argument-dependent lookup at the point of instantiation [-fpermissive]

Are you sure that you have built 1.2.5.dfsg.1-4.1 and not
1.2.5.dfsg.1-4 since the compiler command line should contain
"-fpermissive"?

Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#682648: python-gnupg: FTBFS: test hangs for 60 mins

[Felix Geyer]

On 24.07.2012 22:12, Elena ``of Valhalla'' wrote:
> The package builds on my amd64, but running the tests takes a long 
> time[1] because gnupg (called by python-gnupg) is waiting for random 
> data.
>
> I suspect that the issue is that the typical lack of entropy 
> of virtual machines is the cause of the 60 minutes wait.
>

That test requires a lot of random data (5 MB).
It seems to be only used for testing if signing files work.
Do you have an idea why the data needs to be random
instead of just using a hardcoded pattern to generate
that file?
Relying on random data in unit tests is a bad idea anyway ...

Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#683153: FTBFS: Requires internet connectivity

[Felix Geyer]

Package: ruby-zoom
Version: 0.4.1-3
Severity: normal
Tags: patch, sid, wheezy

This package requires internet connectivity for its test suite
to pass. Package builds should not rely on external network
connectivity, but should be self-contained.

I have attached a patch that disables all tests except package_test.rb
which is the only one that doesn't rely on internet connectivity.

Build log:
> Loaded suite /usr/lib/ruby/vendor_ruby/rake/rake_test_loader
> Started
> E
> ===
> Error: test_search_batch_test(SearchBatchTest)
> RuntimeError: Connect failed (1) z3950.loc.gov:7090
> /tmp/buildd/ruby-zoom-0.4.1/test/search_batch_test.rb:8:in `open'
>   5:   # Terry Reese 9-17-07
>   6:   # Test for batch results
>   7:   def test_search_batch_test
>   =>  8: ZOOM::Connection.open('z3950.loc.gov', 7090) do |conn|
>   9:   conn.database_name = 'Voyager'
>  10:   conn.preferred_record_syntax = 'USMARC'
>  11:   result_set = conn.search('@attr 1=4 "Oregon"')
> /tmp/buildd/ruby-zoom-0.4.1/test/search_batch_test.rb:8:in 
> `test_search_batch_test'
> ===
> [...]

Example of a full log:
https://buildd.debian.org/status/fetch.php?pkg=ruby-zoom&arch=armel&ver=0.4.1-4&stamp=1340496396
diff -Nru ruby-zoom-0.4.1/debian/ruby-tests.rake ruby-zoom-0.4.1/debian/ruby-tests.rake
--- ruby-zoom-0.4.1/debian/ruby-tests.rake	2012-06-24 00:10:36.0 +0200
+++ ruby-zoom-0.4.1/debian/ruby-tests.rake	2012-07-29 10:39:17.0 +0200
@@ -3,7 +3,7 @@
 require 'rbconfig'
 
 Rake::TestTask.new do |t|
-  t.test_files = FileList['test/*_test.rb']
+  t.test_files = FileList['test/package_test.rb']
   t.ruby_opts << '-I src' << '-rzoom' << '-rtest/unit'
   t.verbose = true
 end

Bug#683174: FTBFS: Requires internet connectivity

[Felix Geyer]

Package: python-ethtool
Version: 0.7-1
Severity: normal
Tags: patch, sid, wheezy

This package requires internet connectivity to build its manpage.
Package builds should not rely on external network
connectivity, but should be self-contained.

It tries to fetch manpages/docbook.xsl from http://docbook.sourceforge.net/.
This can be avoided by build-depending on docbook-xsl which ships that file.

Build log:

> a2x -d manpage -f manpage man/pethtool.8.asciidoc
> a2x: ERROR: "xsltproc"  --stringparam callout.graphics 0 --stringparam 
> navig.graphics 0 --stringparam admon.textlabel 1 --stringparam admon.graphics 
> 0  "/etc/asciidoc/docbook-xsl/manpage.xsl" 
> "/tmp/buildd/python-ethtool-0.7/man/pethtool.8.xml" returned non-zero exit 
> status 5
> make[1]: *** [override_dh_auto_build] Error 1
> make[1]: Leaving directory `/tmp/buildd/python-ethtool-0.7'
> make: *** [build] Error 2

> # xsltproc  --stringparam callout.graphics 0 --stringparam navig.graphics 0 
> --stringparam admon.textlabel 1 --stringparam admon.graphics 0  
> "/etc/asciidoc/docbook-xsl/manpage.xsl" 
> "/tmp/buildd/python-ethtool-0.7/man/pethtool.8.xml"
> error : Operation in progress
> warning: failed to load external entity 
> "http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl";
> compilation error: file /etc/asciidoc/docbook-xsl/manpage.xsl line 12 element 
> import
> xsl:import : unable to load 
> http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#683183: chef: Missing dependency on ucf causes chef-server-api to FTBFS

[Felix Geyer]

Package: chef
Version: 10.12.0-1
Severity: serious
Tags: patch, sid, wheezy

chef uses ucf in its postinst script without a fallback or dependency.
As a result chef fails to install in a minimal chroot and causes
chef-server-api to FTBFS.

> Setting up chef (10.12.0-1) ...
> /var/lib/dpkg/info/chef.postinst: line 18: ucf: command not found
> dpkg: error processing chef (--configure):
>  subprocess installed post-installation script returned error exit status 127

Adding ucf to Depends would fix this.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#683190: emboss is built without PostgreSQL support

[Felix Geyer]

Package: emboss
Version: 6.4.0-2
Severity: normal
Tags: patch

emboss is built without PostgreSQL support.
(emboss build-depends on libpq-dev so I'm guessing this is not
by intention.)

> checking for pg_config... /usr/bin/pg_config
> checking for PostgreSQL libraries... no

The configure script doesn't add "-I/usr/include/postgresql" to the gcc
command line because of a typo in m4/postgresql.m4.

> conftest.c:40:68: fatal error: libpq-fe.h: No such file or directory

Attached is a patch that fixes the typo.
--- emboss-6.4.0.orig/m4/postgresql.m4
+++ emboss-6.4.0/m4/postgresql.m4
@@ -98,7 +98,7 @@
 EMBCPPFLAGS=$CPPFLAGS
 	EMBLDFLAGS=$LDFLAGS
 
-CPPFLAGS="$POSTGRESSQL_CPPFLAGS $EMBCPPFLAGS"
+CPPFLAGS="$POSTGRESQL_CPPFLAGS $EMBCPPFLAGS"
 	LDFLAGS="$POSTGRESQL_LDFLAGS $EMBLDFLAGS"
 
 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include 

Bug#650237: Re: Bug#650237: emboss: Fails to link mysqlclient with linker set, for --as-needed

[Felix Geyer]

On 17.06.2012 15:13, Charles Plessy wrote:
> Le Sun, Jun 17, 2012 at 01:49:37PM +0100, Dmitrijs Ledkovs a écrit :
>> Dear Charles,
>>
>> This bug affects debian. See explanation of the problem and ways to
>> resolve it here:
>>
>>   http://wiki.debian.org/ToolChain/DSOLinking
> Dear Dmitrijs,
>
> do you think you could prepare a patch against emboss 6.4.0, available in
> our Git repository ?
>
> That would be very helpful.
>
> Have a nice day,
>

Attached are patches against version 6.4.0 for mysql.m4 and postgresql.m4.

Felix

--- emboss-6.4.0.orig/m4/mysql.m4
+++ emboss-6.4.0/m4/mysql.m4
@@ -100,10 +100,10 @@
 dnl not be installed
 
 EMBCPPFLAGS=$CPPFLAGS
-	EMBLDFLAGS=$LDFLAGS
+	EMBLIBS=$LIBS
 
 CPPFLAGS="$MYSQL_CPPFLAGS $EMBCPPFLAGS"
-	LDFLAGS="$MYSQL_LDFLAGS $EMBLDFLAGS"
+	LIBS="$MYSQL_LDFLAGS $EMBLIBS"
 
 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include 
   #include "mysql.h"]],
@@ -112,7 +112,7 @@
 			   [havemysql=no])
 
 	CPPFLAGS=$EMBCPPFLAGS
-	LDFLAGS=$EMBLDFLAGS
+	LIBS=$EMBLIBS
 
 if test "$havemysql" = yes; then
 AC_DEFINE([HAVE_MYSQL], [1],
--- emboss-6.4.0.orig/m4/postgresql.m4
+++ emboss-6.4.0/m4/postgresql.m4
@@ -96,10 +96,10 @@
 dnl not be installed
 
 EMBCPPFLAGS=$CPPFLAGS
-	EMBLDFLAGS=$LDFLAGS
+	EMBLIBS=$LIBS
 
 CPPFLAGS="$POSTGRESSQL_CPPFLAGS $EMBCPPFLAGS"
-	LDFLAGS="$POSTGRESQL_LDFLAGS $EMBLDFLAGS"
+	LIBS="$POSTGRESQL_LDFLAGS $EMBLIBS"
 
 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include 
   #include "libpq-fe.h"]],
@@ -108,7 +108,7 @@
 			   [havepostgresql=no])
 
 	CPPFLAGS=$EMBCPPFLAGS
-	LDFLAGS=$EMBLDFLAGS
+	LIBS=$EMBLIBS
 
 if test "$havepostgresql" = yes; then
 AC_DEFINE([HAVE_POSTGRESQL], [1],

Bug#683518: python-fixtures: Convert to dh_python2

[Felix Geyer]

Package: python-fixtures
Version: 0.3.6-1.1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu precise ubuntu-patch

python-support and python-central have both been deprecated in Debian now.
I'm forwarding a patch from Ubuntu / Matthias Klose that converts 
python-fixtures
to use dh_python2 instead of python-support.

Thanks for considering the patch.
diff -u python-fixtures-0.3.6/debian/rules python-fixtures-0.3.6/debian/rules
--- python-fixtures-0.3.6/debian/rules
+++ python-fixtures-0.3.6/debian/rules
@@ -1,6 +1,5 @@
 #!/usr/bin/make -f
 
-DEB_PYTHON_SYSTEM=pysupport
 include /usr/share/cdbs/1/rules/debhelper.mk
 include /usr/share/cdbs/1/class/python-distutils.mk
 include /usr/share/cdbs/1/rules/simple-patchsys.mk
diff -u python-fixtures-0.3.6/debian/control python-fixtures-0.3.6/debian/control
--- python-fixtures-0.3.6/debian/control
+++ python-fixtures-0.3.6/debian/control
@@ -4,7 +4,7 @@
 Maintainer: Robert Collins 
 Build-Depends: debhelper (>= 5.0.38), cdbs (>= 0.4.49),
  python-all-dev (>= 2.3.5-11)
-Build-Depends-Indep: python-docutils, python-support (>= 0.5.3),
+Build-Depends-Indep: python-docutils, python (>= 2.6.6-3~),
   python-testtools (>= 0.9.11)
 Standards-Version: 3.8.3
 

Bug#679762: dolfin: FTBFS: Armadillo could not be found. Be sure to set ARMADILLO_DIR. (missing: ARMADILLO_TEST_RUNS)

[Felix Geyer]

On 02.08.2012 10:19, Johannes Ring wrote:
> On Thu, Aug 2, 2012 at 1:30 AM, Kumar Appaiah  wrote:
>> #680931 has been fixed by the latest gcc download, so I don't believe
>> that the workaround upload for Armadillo is necessary.
> Thanks Kumar. The latest gcc-4.7 package (version 4.7.1-6) fixed the
> problem. I guess a binNMU for DOLFIN is needed.
>
> Johannes

Requesting give-backs for the architectures it FTBFS should be enough.

Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#683904: FTBFS: test requires internet connectivity

[Felix Geyer]

Source: libgeo-ip-perl
Version: 1.40-1
Severity: serious
Tags: patch, sid, wheezy
Justification: fails to build from source

This package requires internet connectivity for its test suite
to pass. Package builds should not rely on external network
connectivity, but should be self-contained.

t/2_namelookup.t fails because it tries to look up the IP
of yahoo.com.

I'm adding a patch that removes this specific test.

Build log:

> PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" 
> "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
> t/0_base.t ... ok
> t/1_lookup.t . ok
> t/20_min_capi_version.t .. ok
> # Test 11 got:  (t/2_namelookup.t at line 18 fail #11)
> #Expected: "US"
> #  t/2_namelookup.t line 18 is:   ok($country, $exp_country);
> t/2_namelookup.t . 
> Failed 1/11 subtests 
> t/3_mirror.t . ok
--- libgeo-ip-perl-1.40.orig/t/2_namelookup.t
+++ libgeo-ip-perl-1.40/t/2_namelookup.t
@@ -5,7 +5,7 @@ use Test;
 
 $^W = 1;
 
-BEGIN { plan tests => 11 }
+BEGIN { plan tests => 10 }
 
 use Geo::IP;
 
@@ -29,4 +29,3 @@ __DATA__
 194.244.83.2	IT
 203.15.106.23	AU
 196.31.1.1	ZA
-yahoo.com	US

Bug#683909: FTBFS: test requires internet connectivity

[Felix Geyer]

Source: libical-parser-sax-perl
Version: 1.09-1
Severity: serious
Tags: patch, sid, wheezy
Justification: fails to build from source

This package requires internet connectivity for its test suite
to pass. Package builds should not rely on external network
connectivity, but should be self-contained.

Build.PL has a prompt to enable the http test which is enabled
by default.
Since there is no command line switch for this I'm attaching a patch
that changes the default to disable that test.

Build log:

> cd . && ./Build test  verbose=1
> t/00load.t ... 
> 1..2
> ok 1 - use iCal::Parser::SAX;
> ok 2 - The object isa iCal::Parser::SAX
> ok
> Can't read http://www.rickster.com/xml-sax-ical/test-cal.ics
> # Looks like you planned 19 tests but ran 18.
> # Looks like your test exited with 22 just after 18.
> t/01parse.t .. 
> 1..19
> ok 1 - no-name-or-id
> ok 2 - name-and-id
> ok 3 - event-duration
> ok 4 - no-summary
> ok 5 - all-day-event
> ok 6 - recurrence
> ok 7 - zero-hr-event
> ok 8 - exdate
> ok 9 - multi-day
> ok 10 - rrule
> ok 11 - todo-with-alarm
> ok 12 - recurrence-update
> ok 13 - complex
> ok 14 - multi-year
> ok 15 - multi-cal input
> ok 16 - parse filehandle
> ok 17 - parse string
> ok 18 - parse hash
> Dubious, test returned 22 (wstat 5632, 0x1600)
> Failed 1/19 subtests
--- libical-parser-sax-perl-1.09.orig/Build.PL
+++ libical-parser-sax-perl-1.09/Build.PL
@@ -31,7 +31,7 @@ if($build->y_n
 $build->create_build_script;
 if($build->y_n(q{Would you like to test a remote (http) calendar?
 (Requires LWP::UserAgent and may fail if you don't have access
-to the internet or the remote file has moved) },'y')) {
+to the internet or the remote file has moved) },'n')) {
 open OUT, '>_build/DOHTTP';
 close(OUT);
 }

Bug#683920: FTBFS with ld --as-needed

[Felix Geyer]

Source: makehuman
Version: 1.0.0~alpha6-5
Tags: patch
User: debian-...@lists.debian.org
Usertags: ld-as-needed

makehuman fails to build when ld defaults to --as-needed because it puts 
libraries
before the objects that use them.
See http://wiki.debian.org/ToolChain/DSOLinking#Only_link_with_needed_libraries

This is already fixed upstream:
http://code.google.com/p/makehuman/source/diff?spec=svn3555&old=2071&r=3160&format=unidiff&path=%2Ftrunk%2Fmakehuman%2FMakefile.Linux

Build log:

> linking as makehuman.real .
> src/core.o: In function `RegisterObject3D':
> /build/buildd/makehuman-1.0.0~alpha6/src/core.c:150: undefined reference to 
> `PyType_Ready'
> /build/buildd/makehuman-1.0.0~alpha6/src/core.c:154: undefined reference to 
> `PyModule_AddObject'
> src/core.o: In function `Object3D_init':
> /build/buildd/makehuman-1.0.0~alpha6/src/core.c:236: undefined reference to 
> `PyArg_ParseTuple'
> /build/buildd/makehuman-1.0.0~alpha6/src/core.c:240: undefined reference to 
> `PyList_Size'
> [...]
Description: Fix FTBFS with ld --as-needed.
Origin: backport, http://code.google.com/p/makehuman/source/diff?spec=svn3555&old=2071&r=3160&format=unidiff&path=%2Ftrunk%2Fmakehuman%2FMakefile.Linux

--- makehuman-1.0.0~alpha6.orig/Makefile.Linux
+++ makehuman-1.0.0~alpha6/Makefile.Linux
@@ -32,7 +32,7 @@ EXE = makehuman
 
 $(EXE) : $(OBJS)
 	@echo "linking as $@ ."
-	@g++ $(EXTRALIBS) $(EXTRAFMWKS) $(OBJS) -Wl,--as-needed -o $@
+	@g++ -Wl,--as-needed $(OBJS) $(EXTRALIBS) $(EXTRAFMWKS) -o $@
 
 # -
 # Cleanup unused stuff

Bug#683925: FTBFS with gcc-4.7 on i386

[Felix Geyer]

Source: ocp
Version: 1:0.1.21-1
Severity: serious
Tags: sid, wheezy
Justification: fails to build from source

ocp 1:0.1.21-1 fails to build from source with gcc-4.7 on i386.

The build failure seems similar to http://bugs.debian.org/672991
It has been fixed with this patch:
http://anonscm.debian.org/gitweb/?p=collab-maint/mupen64plus-core.git;a=blob;f=debian/patches/rjump_gcc47.patch;h=640a33cc64b75a9dd0c4443fa34be67c1eae5daf;hb=HEAD

devw/dwmixfa_8087.c has a number of references to __i686.get_pc_thunk

Build log:

> i486-linux-gnu-gcc -Wall -g -fPIC -O2 -fPIC -Wall -I.././ -shared -o 
> devwmixf.so devwmixf.o dwmixfa.o -lm
> /usr/lib/i386-linux-gnu/libc_nonshared.a(elf-init.oS): In function 
> `__libc_csu_init':
> (.text+0x2b): undefined reference to `__init_array_end'
> /usr/bin/ld: /usr/lib/i386-linux-gnu/libc_nonshared.a(elf-init.oS): 
> relocation R_386_GOTOFF against undefined hidden symbol `__init_array_end' 
> can not be used when making a shared object
> /usr/bin/ld: final link failed: Bad value
> collect2: error: ld returned 1 exit status


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#682648: python-gnupg: FTBFS: test hangs for 60 mins

[Felix Geyer]

You're right, reading from /dev/urandom is not the issue.

gpg has a --quick-random switch which makes it read
from /dev/urandom instead of /dev/random.
However I'm not sure how to force python-gnupg to use
that parameter for the tests.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#647407: youtube-dl: FTBFS: /usr/bin/env: python: No such file or directory

[Felix Geyer]

This build failure occurs again in 2012.02.27+gita171dbf-1
and -2.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#647407: youtube-dl: FTBFS: /usr/bin/env: python: No such file or directory

[Felix Geyer]

On 06.08.2012 13:38, Rogério Brito wrote:
> On Aug 06 2012, Felix Geyer wrote:
>> This build failure occurs again in 2012.02.27+gita171dbf-1
>> and -2.
> 
> Can you provide some details more, please? At what step does it fail with
> the message above?


Basically the same as the original report:

>dh_auto_build
> make[1]: Entering directory `/tmp/buildd/youtube-dl-2012.02.27+gita171dbf'
> zip --quiet --junk-paths youtube-dl youtube_dl/*.py
> echo '#!/usr/bin/env python' > youtube-dl
> cat youtube-dl.zip >> youtube-dl
> rm youtube-dl.zip
> /usr/bin/env: python: No such file or directory
> ./youtube-dl.dev --version > LATEST_VERSION
> /usr/bin/env: python: No such file or directory
> make[1]: *** [update-latest] Error 127
> make[1]: Leaving directory `/tmp/buildd/youtube-dl-2012.02.27+gita171dbf'


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#683174: python-ethtool: diff for NMU version 0.7-1.1

[Felix Geyer]

tags 683174 + pending
thanks

Dear maintainer,

I've prepared an NMU for python-ethtool (versioned as 0.7-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards.
diff -Nru python-ethtool-0.7/debian/changelog python-ethtool-0.7/debian/changelog
--- python-ethtool-0.7/debian/changelog	2012-06-15 21:05:41.0 +0200
+++ python-ethtool-0.7/debian/changelog	2012-08-07 15:26:56.0 +0200
@@ -1,3 +1,11 @@
+python-ethtool (0.7-1.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Add docbook-xsl to Build-Depends so the build system doesn't try to
+download manpages/docbook.xsl from the internet. (Closes: #683174)
+
+ -- Felix Geyer   Tue, 07 Aug 2012 15:25:14 +0200
+
 python-ethtool (0.7-1) unstable; urgency=low
 
   * Packaging for Debian main (Closes: #549323). 
diff -Nru python-ethtool-0.7/debian/control python-ethtool-0.7/debian/control
--- python-ethtool-0.7/debian/control	2012-06-15 21:05:41.0 +0200
+++ python-ethtool-0.7/debian/control	2012-08-07 15:25:08.0 +0200
@@ -3,7 +3,7 @@
 Priority: extra
 Maintainer: Miroslav Suchý 
 Uploaders: Bernd Zeimetz 
-Build-Depends: debhelper (>= 7.0.50~), python-all-dev (>= 2.6.6-3~), libnl-dev, asciidoc, pkg-config, libxml2-utils, docbook-xml, xsltproc
+Build-Depends: debhelper (>= 7.0.50~), python-all-dev (>= 2.6.6-3~), libnl-dev, asciidoc, pkg-config, libxml2-utils, docbook-xml, docbook-xsl, xsltproc
 Standards-Version: 3.9.3
 Homepage: http://fedorapeople.org/gitweb?p=dsommers/public_git/python-ethtool.git;a=summary
 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/spacewalk/python-ethtool.git

Bug#684198: ruby-mkrf: FTBFS with ld that defaults to --as-needed: bad link order

[Felix Geyer]

Package: ruby-mkrf
Version: 0.2.3+dfsg-2
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu ubuntu-patch quantal

ruby-mkrf fails to build with a linker that defaults to --as-needed.

This is because of incorrect link ordering: it puts libraries before the
objects that use them rather than after.  See:

  http://wiki.debian.org/ToolChain/DSOLinking#Only_link_with_needed_libraries

The attached patch fixes this.


Build log:

> cd 
> /tmp/buildd/ruby-mkrf-0.2.3+dfsg/test/sample_files/libxml-ruby-0.3.8/ext/xml/;
>  /usr/bin/ruby1.8 extconf.rb; rake
>  extconf failure: need zlib
> [...]
>   1) Failure:
> test_that_libxml_compiles(TestSampleProjects)
> [./test/unit/../abstract_unit.rb:42:in `assert_creates_file'
>  ./test/integration/test_sample_projects.rb:20:in 
> `test_that_libxml_compiles']:
> ./test/integration/../sample_files/libxml-ruby-0.3.8/ext/xml/libxml_so.so 
> wasn't created!.
>  is not true.
Description: Fix link command order so it works with ld --as-needed.
Author: Felix Geyer 

--- ruby-mkrf-0.2.3+dfsg.orig/lib/mkrf/availability.rb
+++ ruby-mkrf-0.2.3+dfsg/lib/mkrf/availability.rb
@@ -279,9 +279,9 @@ module Mkrf
 def link_command
   # This current implementation just splats the library_paths in
   # unconditionally.  Is this problematic?
-  "#{@compiler} -o #{TEMP_EXECUTABLE} #{library_paths_compile_string}" +
-  " #{library_compile_string} #{includes_compile_string}" +
-  " #{TEMP_SOURCE_FILE}"
+  "#{@compiler} -o #{TEMP_EXECUTABLE}" +
+  " #{includes_compile_string} #{TEMP_SOURCE_FILE}" + 
+  " #{library_paths_compile_string} #{library_compile_string}"
 end
 
 # Creates a temporary source file with the string passed

Bug#669565: RFS: gammaray/1.1.0-1 [ITP] -- Tool for examining the internals of Qt application

[Felix Geyer]

Hi,

Here is a quick review of the package:

debian/rules:

> .PHONY: override_dh_strip

Seems a bit inconsistent to only add dh_strip.

> dh $@

Please enable parallel building.

> override_dh_auto_test:
> # Do not perform test suite as it requires X11 running

You can run the tests by build-depending on xvfb and calling
xvfb-run dh_auto_test


debian/patches/debian-multiarch.patch:

This one is not really needed since you can't co-install gammaray for
multiple architectures anyway.


debian/patches/gammaray-probe-versioned-soname.patch:

Why do you set a SONAME for gammaray_probe?
When gammaray changes the ABI custom plugins will break anyway
since you can't install different versions of gammaray.


debian/patches/harfbuzz-search-path.patch:

What does this patch do?
libqt4-private-dev doesn't contain the harfbuzz headers and that won't
change at least until wheezy is released.

Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#684421: FTBFS: tests require internet connectivity

[Felix Geyer]

Source: ruby-net-http-persistent
Version: 2.7-1
Severity: serious
Tags: sid, wheezy
Justification: fails to build from source

This package requires internet connectivity for its test suite
to pass. Package builds should not rely on external network
connectivity, but should be self-contained.

Just removing the three affected methods from test/test_net_http_persistent.rb
seems to work but I'm not sure if that's the right thing to do.


Build log:

# Running tests:

ESE..E...

Finished tests in 0.790200s, 106.3022 tests/s, 354.3407 assertions/s.

  1) Error:
test_connection_for_http_class_with_fakeweb(TestNetHttpPersistent):
SocketError: getaddrinfo: Name or service not known
/usr/lib/ruby/1.8/net/http.rb:560:in `initialize'
/usr/lib/ruby/1.8/net/http.rb:560:in `open'
/usr/lib/ruby/1.8/net/http.rb:560:in `connect'
/usr/lib/ruby/1.8/timeout.rb:53:in `timeout'
/usr/lib/ruby/1.8/timeout.rb:101:in `timeout'
/usr/lib/ruby/1.8/net/http.rb:560:in `connect'
/usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
/usr/lib/ruby/1.8/net/http.rb:548:in `start'

./debian/ruby-net-http-persistent//usr/lib/ruby/vendor_ruby/net/http/persistent.rb:511:in
 `connection_for'
./test/test_net_http_persistent.rb:358:in 
`test_connection_for_http_class_with_fakeweb'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:1058:in `run_test'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:1058:in `run'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:823:in `_run_suite'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:815:in `map'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:815:in `_run_suite'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:802:in `_run_suites'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:802:in `map'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:802:in `_run_suites'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:775:in `_run_anything'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:964:in `run_tests'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:951:in `send'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:951:in `_run'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:950:in `each'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:950:in `_run'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:939:in `run'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:697:in `autorun'
-e:1

  2) Error:
test_connection_for_no_ssl_reuse(TestNetHttpPersistent):
SocketError: getaddrinfo: Name or service not known
/usr/lib/ruby/1.8/net/http.rb:560:in `initialize'
/usr/lib/ruby/1.8/net/http.rb:560:in `open'
/usr/lib/ruby/1.8/net/http.rb:560:in `connect'
/usr/lib/ruby/1.8/timeout.rb:67:in `timeout'
/usr/lib/ruby/1.8/timeout.rb:101:in `timeout'
/usr/lib/ruby/1.8/net/http.rb:560:in `connect'
/usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
/usr/lib/ruby/1.8/net/http.rb:548:in `start'

./debian/ruby-net-http-persistent//usr/lib/ruby/vendor_ruby/net/http/persistent.rb:511:in
 `connection_for'
./test/test_net_http_persistent.rb:391:in `test_connection_for_no_ssl_reuse'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:1058:in `run_test'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:1058:in `run'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:823:in `_run_suite'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:815:in `map'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:815:in `_run_suite'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:802:in `_run_suites'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:802:in `map'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:802:in `_run_suites'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:775:in `_run_anything'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:964:in `run_tests'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:951:in `send'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:951:in `_run'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:950:in `each'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:950:in `_run'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:939:in `run'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:697:in `autorun'
-e:1

  3) Error:
test_connection_for_http_class_with_webmock(TestNetHttpPersistent):
SocketError: getaddrinfo: Name or service not known
/usr/lib/ruby/1.8/net/http.rb:560:in `initialize'
/usr/lib/ruby/1.8/net/http.rb:560:in `open'
/usr/lib/ruby/1.8/net/http.rb:560:in `connect'
/usr/lib/ruby/1.8/timeout.rb:53:in `timeout'
/usr/lib/ruby/1.8/timeout.rb:101:in `timeout'
/usr/lib/ruby/1.8/net/http.rb:560:in `connect'
/usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
/usr/lib/ruby/1.8/net/http.rb:548:in `start'

./debian/ruby-net-http-persistent//usr/lib/ruby/vendor_ruby/net/http/persistent.rb:511:in
 `connection_for'
./test/test_net_http_persistent.rb:368:in 
`test_connection_for_http_class_with_webmock'
/usr/lib/ruby/vendor_ruby/minitest/unit.rb:1058:in `run_test'
/usr/lib/ruby/vendor_ruby/minitest/u

Bug#684493: unblock: python-ethtool/0.7-1.1

[Felix Geyer]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package python-ethtool

It fixes RC bug #683174: FTBFS: Requires internet connectivity

unblock python-ethtool/0.7-1.1
diff -Nru python-ethtool-0.7/debian/changelog python-ethtool-0.7/debian/changelog
--- python-ethtool-0.7/debian/changelog	2012-06-15 21:05:41.0 +0200
+++ python-ethtool-0.7/debian/changelog	2012-08-07 15:26:56.0 +0200
@@ -1,3 +1,11 @@
+python-ethtool (0.7-1.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Add docbook-xsl to Build-Depends so the build system doesn't try to
+download manpages/docbook.xsl from the internet. (Closes: #683174)
+
+ -- Felix Geyer   Tue, 07 Aug 2012 15:25:14 +0200
+
 python-ethtool (0.7-1) unstable; urgency=low
 
   * Packaging for Debian main (Closes: #549323). 
diff -Nru python-ethtool-0.7/debian/control python-ethtool-0.7/debian/control
--- python-ethtool-0.7/debian/control	2012-06-15 21:05:41.0 +0200
+++ python-ethtool-0.7/debian/control	2012-08-07 15:25:08.0 +0200
@@ -3,7 +3,7 @@
 Priority: extra
 Maintainer: Miroslav Suchý 
 Uploaders: Bernd Zeimetz 
-Build-Depends: debhelper (>= 7.0.50~), python-all-dev (>= 2.6.6-3~), libnl-dev, asciidoc, pkg-config, libxml2-utils, docbook-xml, xsltproc
+Build-Depends: debhelper (>= 7.0.50~), python-all-dev (>= 2.6.6-3~), libnl-dev, asciidoc, pkg-config, libxml2-utils, docbook-xml, docbook-xsl, xsltproc
 Standards-Version: 3.9.3
 Homepage: http://fedorapeople.org/gitweb?p=dsommers/public_git/python-ethtool.git;a=summary
 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/spacewalk/python-ethtool.git

Bug#684421: [DRE-maint] Bug#684421: FTBFS: tests require internet connectivity

[Felix Geyer]

Hi,

On 10.08.2012 02:04, Gunnar Wolf wrote:
> Hi Felix,
> 
> Thanks for the report - I also am not sure of the action to take, so I'm 
> asking the rest of
> the team for input here. Looking at the source, I see quite often the mention 
> of:
> 
> c = @http.connection_for @uri
> 
> where @uri is often defined as 'https://example.com/path'. I am surprised the 
> tests failed
> for you only three times — How are you checking for network connectivity? 
> Just running in an
> environment with no networking defined? FWIW, I tested the build killing my 
> default gateway,
> and the tests now succeed (or are skipped).

I recently switched from iptables rules that reject packets from the
pbuilder user to network namespaces.
So pbuilder only has access to a virtual network device where it can
reach my apt-cacher-ng instance.

With the patch you attached the package builds fine for me as well.

> It would be good to build with network access. But it is sometimes 
> impossible. And the
> network is a changing thing outside our control. So, yes, not having network 
> access should
> not make the test fail - and the only way out is to report it as such.

Ideally the package would start a local HTTP(S) server and do
s/example.com/localhost/ in the tests.

Felix



signature.asc
Description: OpenPGP digital signature

Bug#669565: RFS: gammaray/1.1.0-1 [ITP] -- Tool for examining the internals of Qt application

[Felix Geyer]

On 10.08.2012 16:47, Jakub Adam wrote:
>> debian/patches/gammaray-probe-versioned-soname.patch:
>>
>> Why do you set a SONAME for gammaray_probe?
>> When gammaray changes the ABI custom plugins will break anyway
>> since you can't install different versions of gammaray.
> 
> When SONAME is not set, lintian produces these warnings and error:
> 
> W: gammaray: dev-pkg-without-shlib-symlink usr/lib/gammaray_probe.so 
> usr/lib/gammaray_probe.so
> W: gammaray: shlib-without-versioned-soname usr/lib/gammaray_probe.so 
> gammaray_probe.so
> E: gammaray: postinst-must-call-ldconfig usr/lib/gammaray_probe.so
> 
> So the right solution is to override the warnings and add ldconfig call into
> postinst script by hand?

Maybe a better solution would be to set the SONAME to the upstream version 
number.
That way it's explicit that plugins need to be recompiled when the upstream 
version
changes.

>> debian/patches/harfbuzz-search-path.patch:
>>
>> What does this patch do?
>> libqt4-private-dev doesn't contain the harfbuzz headers and that won't
>> change at least until wheezy is released.
> 
> I've already created a request for harfbuzz headers inclusion [1]. Right now,
> that patch has no visible effect, but once the headers are available, it will
> be enough to simply recompile gammaray to enable the additional features that
> now can't be built.

Ok. I'm a bit worried though that depending on more private Qt API will break
GammaRay often.

What do you think about joining the Debian Qt/KDE team and making the package
team-maintained?

Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#702219: ruby-passenger: CVE-2012-6135

[Felix Geyer]

Upstream says this only affects 4.0.0 betas and *not* 3.x:
http://blog.phusion.nl/2013/03/05/phusion-passenger-4-0-beta-1-and-2-arbitrary-file-deletion-vulnerability/

Cheers,
Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#704616: virtualbox-dkms: Fails to build against kernel 3.9-rc5 due to MAX_PRIO being moved

[Felix Geyer]

On 03.04.2013 17:36, Matthijs Kooijman wrote:
> Package: virtualbox-dkms
> Version: 4.1.18-dfsg-2.1
> Severity: normal
> Tags: patch
>
> Hi,
>
> the version in experimental contains patches to build with kernel 3.7
> and 3.8, but changes in the kernel break building on 3.9 again, because
> some defines were moved.

This is already fixed in version 4.2.10 which is currently sitting
in the NEW queue.

Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#701214: warmux: [Solution] immediately stops when start playing game

[Felix Geyer]

Hi,

On 16.04.2013 20:06, Benjamin Mesing wrote:
> Hi,
> 
> if you have no objections, I would raise the severity.
> 
> If desired I could also NMU the package.

Please go ahead.
There's no need for a NMU but a debdiff for me to upload
would be appreciated.

Regards,
Felix


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#694611: unrar-nonfree: Doesn't export build flags

[Felix Geyer]

Source: unrar-nonfree
Version: 1:4.1.4-1

unrar-nonfree doesn't export build flags (CXXFLAGS, CPPFLAGS, LDFLAGS)
and thus misses debugging symbols (-g) and the hardening flags.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org