date:20130127

severity 687597 important
thanks

On Sat, Jan 05, 2013 at 09:01:45PM +0100, John Paul Adrian Glaubitz wrote:
Hi,

there has also been an upstream bug report filed [1].

Might be reasonable to check back there from time to time. No patch
yet, unfortunately.

I had a look at this yesterday. The buffer-handling in libslp *looks*
suspect to me (in terms of tracking lengths of text fields etc.), but
I can't see an easy way to reproduce the bug here to verify my
suspicions. I've followed up on the upstream bug to ask about this.

In the meantime, even if the code looks dodgy I *don't* see it as
being particularly likely to be exploitable, more a DoS at worst, and
only on a local-network basis rather than truly remote. I'm dropping
severity from grave accordingly - feel free to re-raise if you think
I'm wrong.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
C++ ate my sanity -- Jon Rabone


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: Re: Bug#687597: openslp-dfsg: touch bug CVE-2012-4428

Processing commands for cont...@bugs.debian.org:

 severity 687597 important
Bug #687597 [openslp-dfsg] openslp-dfsg: CVE-2012-4428
Severity set to 'important' from 'grave'
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
687597: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687597
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#695701: tagging 695701

On Sun, Dec 30, 2012 at 03:50:52PM +0100, Pino Toscano wrote:
tags 695701 + pending
thanks

Hi,

You've marked this pending 4 weeks ago - any progress towards an upload?

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
You raise the blade, you make the change... You re-arrange me 'til I'm sane...


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#698822: [Problem Resolved]

2013-01-27 Thread Stephew Lyons

Confirming the issue now resolved for me with release of
2:1.4.1-2~bpo60+2 (squeeze-backports)

Thanks for your speedy response! 8-)



signature.asc
Description: OpenPGP digital signature

Bug#698527: elmer: executable ElmerGUI.real links with both GPL-licensed and GPL-incompatible libraries

2013-01-27 Thread Francesco Poli

On Sun, 27 Jan 2013 10:35:17 +0100 Anton Gladky wrote:

 Hi,
 
 will we request the package removing from wheezy as well?

As I said [1], I would really try hard and avoid removing the package
from Debian.
The true solution is: help me in persuading Open CASCADE S.A.S. to
re-license Open CASCADE Technology under GPLv2-and-v3-compatible terms.

[1] http://bugs.debian.org/698527#22

Removing packages from Debian corresponds to surrendering (at least
temporarily). I would rather avoid this.

So once again: please get in touch with Open CASCADE S.A.S. and
persuade them to re-license under GPLv2-and-v3-compatible terms (such
as under GNU LGPL v2.1, possibly with additional permissions, if deemed
necessary).

I am convinced that this issue should be solved once and for all.


-- 
 http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt
 New GnuPG key, see the transition document!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE


pgpNr2Bluxzli.pgp
Description: PGP signature

Bug#699066: xgks: Contains code preventing commercial distribution

2013-01-27 Thread Francesco Poli

On Sat, 26 Jan 2013 19:31:33 -0500 Luke Faraone wrote:

[...]
 src/port/misc/config.c:
[...]
and cause the whole of any work that you distribute
or publish, that in whole or in part contains or is a derivative of
this program or any part thereof, to be licensed at no charge to
all third parties on terms identical to those here.
[...]
 
 The text to be licensed at no charge sounds like it forbids commercial
 distribution.

Mmmmh, I am not too convinced.
It says licensed at no charge, not distributed at no charge.

Please compare with clause 2b of the GNU GPL v2:

|   b) You must cause any work that you distribute or publish, that in
|   whole or in part contains or is derived from the Program or any
|   part thereof, to be licensed as a whole at no charge to all third
|   parties under the terms of this License.

It seems to be pretty equivalent...

The license of src/port/misc/config.c looks like a not-too-strong
copyleft (GPL-incompatible) license. I haven't spotted any
DFSG-freeness issues.

As far as the other additional violations (pointed out in message #10
[1]) are concerned, I have nothing to comment...

[1] http://bugs.debian.org/699066#10


N.B.: I am not a maintainer of this package and I know nothing about
it; I am just a debian-legal regular who happened to notice this RC
bug... I hope my comment helps a little.

-- 
 http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt
 New GnuPG key, see the transition document!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE


pgpkkEq64GKsL.pgp
Description: PGP signature

Bug#699090: base-files: nsswitch.conf does not include gshadow entry

2013-01-27 Thread Roger Leigh

Package: base-files
Version: 7.1
Severity: serious
Tags: patch

Hi Santiago,

I've attached a patch for adding support for the gshadow
(group shadow) NSS database to nsswitch.conf.  Without this,
the libc getsg* family of functions will not work, hence
marking serious or else these functions will be broken for
new installations; would also be nice if it was possible to
add for upgrades as well?  Do we have any mechanism for
making NSS updates?

Note that it's using the files service rather than compat
here because compat does not support gshadow, but files
does (can be tested by running getent gshadow as root).


Thanks,
Roger

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.32.33-kvm-i386-2028-dirty (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages base-files depends on:
ii  gawk [awk]  1:4.0.1+dfsg-2
ii  mawk [awk]  1.3.3-17

base-files recommends no packages.

base-files suggests no packages.

-- no debconf information
diff -urN base-files-7.1.original/share/nsswitch.conf base-files-7.1/share/nsswitch.conf
--- base-files-7.1.original/share/nsswitch.conf	2013-01-27 11:59:40.147903916 +
+++ base-files-7.1/share/nsswitch.conf	2013-01-27 12:04:44.534176087 +
@@ -7,6 +7,7 @@
 passwd: compat
 group:  compat
 shadow: compat
+gshadow:	files
 
 hosts:  files dns
 networks:   files

Bug#697974: missing implementation

I've had a quick look into the axis2c codebase, trying to follow
through the calls. I can't see a suitable place where the hostname and
the subject of the X509 certificate can be easily tested. It seems to
me that someone familiar with the axis2c data structures will need to
write new code to make the values accessible and handle the results of
the comparison.

The CVE lacks any defined test mechanism or verification. The lack of
this code would appear to make it possible to implement a classic
man-in-the-middle attack on the communication through axis2c. The bug
itself cannot be reasonably downgraded at this stage, without more
investigation.

The reverse dependencies of axis2c are rampart and eucalyptus.
eucalyptus is not and has not been in Wheezy (it was removed from
unstable and testing, later reintroduced into unstable.)

rampart is allied to axis2c.

I think the only realistic solution to this RC bug in Wheezy is to
remove axis2c and rampart from testing until axis2c can have the
necessary support verified.

-- 


Neil Williams
=
http://www.linux.codehelp.co.uk/



pgpBEKu8AQt19.pgp
Description: PGP signature

Bug#697025: marked as done (gstreamer0.10: please re-upload built against GLib 2.32)

Your message dated Sun, 27 Jan 2013 12:32:55 +
with message-id e1tzrpr-0007jv...@franck.debian.org
and subject line Bug#697025: fixed in gstreamer0.10 0.10.36-1.1
has caused the Debian Bug report #697025,
regarding gstreamer0.10: please re-upload built against GLib 2.32
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
697025: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697025
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Source: gstreamer0.10
Version: 0.10.36-1
Severity: serious
Justification: Bug #694525
Control: block 694525 by -1

src:gstreamer0.10 was last built against GLib 2.30, and contains public
structs (at least GstCollectPads2) which embed a GStaticRecMutex.

On most 32-bit platforms (notably armel, armhf, mips, mipsel, powerpc, s390
and sparc), the size of GStaticRecMutex changed between GLib 2.30 and 2.32;
this resulted in bugs like #683012. Because that was a while ago, upstream
recommend rebuilding everything that's affected against the new GLib and
carrying on with the new ABI.

Because gstreamer0.10 has Multi-Arch: same packages, a binNMU is undesirable,
so it would be better to make a sourceful upload as a pseudo-binNMU.

See #694525 for further discussion.

Regards,
Simon
---End Message---
---BeginMessage---
Source: gstreamer0.10
Source-Version: 0.10.36-1.1

We believe that the bug you reported is fixed in the latest version of
gstreamer0.10, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 697...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Cristau jcris...@debian.org (supplier of updated gstreamer0.10 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 26 Jan 2013 11:24:16 +
Source: gstreamer0.10
Binary: libgstreamer0.10-0 libgstreamer0.10-0-dbg libgstreamer0.10-dev 
gstreamer0.10-doc gstreamer0.10-tools gstreamer-tools gir1.2-gstreamer-0.10
Architecture: source all amd64
Version: 0.10.36-1.1
Distribution: unstable
Urgency: low
Maintainer: Maintainers of GStreamer packages 
pkg-gstreamer-maintain...@lists.alioth.debian.org
Changed-By: Julien Cristau jcris...@debian.org
Description: 
 gir1.2-gstreamer-0.10 - Description: GObject introspection data for the 
GStreamer library
 gstreamer-tools - Tools for use with GStreamer
 gstreamer0.10-doc - GStreamer core documentation and manuals
 gstreamer0.10-tools - Tools for use with GStreamer
 libgstreamer0.10-0 - Core GStreamer libraries and elements
 libgstreamer0.10-0-dbg - Core GStreamer libraries and elements
 libgstreamer0.10-dev - GStreamer core development files
Closes: 660798 697025
Changes: 
 gstreamer0.10 (0.10.36-1.1) unstable; urgency=low
 .
   [ Julien Cristau ]
   * Non-maintainer upload
   * Rebuild against GLib 2.32 (closes: #697025)
   * Bump shlibs and symbols version for GstCollectPads2.
 .
   [ Sebastian Dröge ]
   * debian/changelog:
 + Remove merge conflict marker (Closes: #660798).
 .
   [ Iain Lane ]
   * debian/control:
 + Add Vcs- headers
Checksums-Sha1: 
 dbeb2f8d3cf517dce9c237e4ece9bc30ff781dae 3213 gstreamer0.10_0.10.36-1.1.dsc
 36eb39adf5b06cc0fd45886d45d1a8ef04895283 43891 
gstreamer0.10_0.10.36-1.1.debian.tar.gz
 394f7c2b4c7ce787b27d0b64f189c1d75c7e5ac0 4529830 
gstreamer0.10-doc_0.10.36-1.1_all.deb
 af08b93277be7c235b7e068fcc7f7d1af541717d 1739910 
libgstreamer0.10-0_0.10.36-1.1_amd64.deb
 89a11f1e3ad868038d52b7fed1d257a09190382b 2847436 
libgstreamer0.10-0-dbg_0.10.36-1.1_amd64.deb
 f2643ce77de13ff50a269774601e9b28892a95ed 1789670 
libgstreamer0.10-dev_0.10.36-1.1_amd64.deb
 5f8311e419872f46cb7e89f611e70d4dc4beeb50 687804 
gstreamer0.10-tools_0.10.36-1.1_amd64.deb
 7764b855dee020b060dd79aee61d52073a990cf4 629900 
gstreamer-tools_0.10.36-1.1_amd64.deb
 b54b655accc028d4c10dd4a88e9f347f9328a762 689768 
gir1.2-gstreamer-0.10_0.10.36-1.1_amd64.deb
Checksums-Sha256: 
 0e1723c0e13add4ca3a9f54f1cdef058e95864d311067d50f4329902737d3b74 3213 
gstreamer0.10_0.10.36-1.1.dsc
 117f1416f882791a310a3f1a3280c49c11eb1477735aa91645feb8a4661517f8 43891 
gstreamer0.10_0.10.36-1.1.debian.tar.gz
 a51cf7c1e54ef95a5aff221a5673dc16fcc8cba9fbe25b9e35c632a22da0a94e 4529830

Bug#696530: Worked around in gnome

Control: severity -1 normal

On Wed, Jan  2, 2013 at 21:34:05 +0100, Josselin Mouette wrote:

 For the record, since there is still no way to easily blacklist Debian
 entries, I’ve uploaded a new gnome-menus package which hardcodes
 discarding of anything belonging to menu-xdg.
 
 Of course this doesn’t help users of other desktop environments, but
 hopefully for GNOME the Debian menu won’t ever be a problem anymore.
 
Downgrading, I don't think grave is appropriate.

Cheers,
Julien


signature.asc
Description: Digital signature

Processed: Re: Bug#696530: Worked around in gnome

Processing control commands:

 severity -1 normal
Bug #696530 [menu-xdg] menu-xdg: Populates XDG user directory with system 
entries
Bug #697099 [menu-xdg] menu: Wrong categorisation and duplication of menu items.
Severity set to 'normal' from 'grave'
Severity set to 'normal' from 'grave'

-- 
696530: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696530
697099: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697099
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#694888: ca-certificates-java: early triggered jks-keystore may fail and leave the temporary /etc/java-7-openjdk/jvm-$arch.cfg

On 2013-01-27 11:28, Thijs Kinkhorst wrote:
 I think the maintainer's earlier response in this log indicates that he
 doesn't have time and appreciates if someone else could fix it, so I would
 say, go ahead with your NMU.
 
 I would bump the 'urgency' in the changelog though.

OK, uploaded to DELAYED/2 with urgency=medium. Or should I cancel the delay?


Andreas


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#684604: Fwd: [Bug 1075747] Re: Pydev workspaces become corupted after loading them without Pydev installed

2013-01-27 Thread Niels Thykier

Hi,

I noticed a related bug in the Ubuntu bug tracker.  It might not be
quite the same issue afaict, but it does suggest that workspace can
become corrupted.  This could explain why a eclipse starts with a
clean workspace, but not with the original one.

~Niels

https://bugs.launchpad.net/bugs/1075747

 Original Message 
Subject: [Bug 1075747] Re: Pydev workspaces become corupted after
loading them without Pydev installed
[...]

** Description changed:

- When a workspace synced using Ubuntu One is selected, Eclipse is unable
- to initiate.
+ STEPS FOR REPRODUCING
+ *
+
+ Warning: This procedure will remove all your Eclipse's add-ons.
+
+ 1. Switch to a new and never used workspace by using the provider
+ functionality at the “File/Switch workspace/Other...” menu.
+
+ 2. Install Pydev from http://pydev.org/updates by using the provided
+ functionality at the “Help/Install new software” menu.
+
+ 3. Create a new Pydev project.
+
+ 4. Close Eclipse.
+
+ 5. Delete the folder named “.eclipse” in your personal folder. If you
+ don't see it, you can show it by going to the
+ “Edit/Preferences/Views/Default view” menu in the file explorer, and by
+ marking the “Show the hidden and backup folders” option.
+
+ 6. Restart Eclipse and choose the workspace you created in the
+ beginning.
+
+ EXPECTED BEHAVIOUR
+ **
+
+ The  workspace to initiate.
+
+ REAL BEHAVIOUR
+ *
+
+ Eclipse hangs and the workspace becomes corrupted, and can never be
+ opened again.
+
+ WORKAROUNDS
+ 
+
+  For starting Eclipse at first run preventing your Pydev workspace to
+ become corrupted:
+
+ 1. Start Eclipse by choosing a workspace never used.
+
+ 2. Install Pydev.
+
+ 3. Close Eclipse.
+
+ 4. Delete the workspace you have just created.
+
+  For recovering a broken workspace:
+
+ 1. Close Eclipse.
+
+ 2. Rename the workspace to [workspace-name].back
+
+ 3. Create a folder called [workspace-name]
+
+ 4. Open Eclipse and choose [workspace-name] as workspace.
+
+ 5. Import [workspace-name].back projects into the current workspace by
+ right-clicking on the Project Explorer section and choosing “Import...”.
+ They should be imported as filesystem.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.10
  Package: eclipse-platform 3.8.0~rc4-1ubuntu1
  ProcVersionSignature: Ubuntu 3.5.0-17.28-generic 3.5.5
  Uname: Linux 3.5.0-17-generic i686
  ApportVersion: 2.6.1-0ubuntu6
  Architecture: i386
  Date: Tue Nov  6 22:22:58 2012
  InstallationDate: Installed on 2012-11-03 (3 days ago)
  InstallationMedia: Ubuntu 12.10 Quantal Quetzal - Release i386
(20121017.2)
  MarkForUpload: True
  SourcePackage: eclipse
  UpgradeStatus: No upgrade log present (probably fresh install)

** Description changed:

  STEPS FOR REPRODUCING
- *
+ *

  Warning: This procedure will remove all your Eclipse's add-ons.

  1. Switch to a new and never used workspace by using the provider
  functionality at the “File/Switch workspace/Other...” menu.

  2. Install Pydev from http://pydev.org/updates by using the provided
  functionality at the “Help/Install new software” menu.

  3. Create a new Pydev project.

  4. Close Eclipse.

  5. Delete the folder named “.eclipse” in your personal folder. If you
  don't see it, you can show it by going to the
  “Edit/Preferences/Views/Default view” menu in the file explorer, and by
  marking the “Show the hidden and backup folders” option.

  6. Restart Eclipse and choose the workspace you created in the
  beginning.

  EXPECTED BEHAVIOUR
- **
+ **

  The  workspace to initiate.

  REAL BEHAVIOUR
- *
+ **

  Eclipse hangs and the workspace becomes corrupted, and can never be
  opened again.

  WORKAROUNDS
- 
+ ***

   For starting Eclipse at first run preventing your Pydev workspace to
  become corrupted:

  1. Start Eclipse by choosing a workspace never used.

  2. Install Pydev.

  3. Close Eclipse.

  4. Delete the workspace you have just created.

   For recovering a broken workspace:

  1. Close Eclipse.

  2. Rename the workspace to [workspace-name].back

  3. Create a folder called [workspace-name]

  4. Open Eclipse and choose [workspace-name] as workspace.

  5. Import [workspace-name].back projects into the current workspace by
  right-clicking on the Project Explorer section and choosing “Import...”.
  They should be imported as filesystem.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.10
  Package: eclipse-platform 3.8.0~rc4-1ubuntu1
  ProcVersionSignature: Ubuntu 3.5.0-17.28-generic 3.5.5
  Uname: Linux 3.5.0-17-generic i686
  ApportVersion: 2.6.1-0ubuntu6
  Architecture: i386
  Date: Tue Nov  6 22:22:58 2012
  InstallationDate: Installed on 2012-11-03 (3 days ago)
  InstallationMedia: Ubuntu 12.10 Quantal Quetzal - Release i386
(20121017.2)
  MarkForUpload: True
  SourcePackage: eclipse
  UpgradeStatus:

Bug#692899: zope2.12: [CVE-2012-5485 to 5508] Multiple vectors corrected within 20121106 fix

On Mon, Nov 26, 2012 at 18:53:58 +0900, Arnaud Fontaine wrote:

 Tres Seaver tsea...@palladion.com writes:
 
  * CVE-2012-5505 (zope.traversing: atat.py)
  http://plone.org/products/plone/security/advisories/20121106/21
 
  That fix is  also disputed: hiding the default view  from the '@@'
  name does not actually improve security  at all.  There is a Launchpad
  bug where  it is being  debated (#1079225), but  that bug is  still in
  Private Security mode.  The correct fix is to change the code of the
  multi-adapter to barf if published via a URL.
 
 Any idea when this patch will be released? Thanks.
 
Is there any news on that issue?

Cheers,
Julien


signature.asc
Description: Digital signature

Bug#695701: tagging 695701

2013-01-27 Thread Lisandro Damián Nicanor Pérez Meyer

On Sun 27 Jan 2013 08:30:24 Steve McIntyre escribió:
 On Sun, Dec 30, 2012 at 03:50:52PM +0100, Pino Toscano wrote:
 tags 695701 + pending
 thanks
 
 Hi,
 
 You've marked this pending 4 weeks ago - any progress towards an upload?

It needs some checking because some changes were made that may be unwanted for 
this time of the freeze.

I'll look at it tomorrow.

Kinds regards, Lisandro.

-- 
Any sufficiently advanced technology is indistinguishable from magic
 Arthur C. Clarke

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/


signature.asc
Description: This is a digitally signed message part.

Bug#690799: evnice crashes with a certain PDF file

2013-01-27 Thread Kubo Hiroshi

Hi,

From:  bi...@debian.org
Date: Sun, 27 Jan 2013 04:07:32 +0100

 Can you try the libcairo packages from [1]. With those patches applied I
 can successfully open and print(-preview) your linked pdf.

OK.

I tried your 1.12.2-2+deb7u2 binary packages.
Still, the same crash occured with the linked pdf.

Is this what you expected for me to do?
Did you open the thumbnail view, by selecting the menu [View] - [Side pane]?

Thank you.
---
Kubo Hiroshi h-k...@geisya.or.jp

-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#683013: marked as done (FTBFS on arm*: checking GStreamer 0.10 rtpmp2tpay plugin... no)

Your message dated Sun, 27 Jan 2013 13:58:10 +
with message-id 20130127135810.ga11...@radis.cristau.org
and subject line Re: Bug#683012: FTBFS on arm*: checking GStreamer 0.10
rtpmp2tpay plugin... no
has caused the Debian Bug report #683012,
regarding FTBFS on arm*: checking GStreamer 0.10 rtpmp2tpay plugin... no
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)

--
683012: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683012
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Source: gnome-dvb-daemon
Version: 1:0.2.9-1
Severity: serious
Justification: fails to build from source

gnome-dvb-daemon fails to build from source on arm*, but built in the past:

checking pkg-config is at least version 0.9.0... yes
checking for GST... yes
checking for GNOME_DVB_DAEMON... yes
checking for GLIB... yes
checking for GUDEV... yes
checking GStreamer 0.10 inspection tool... yes
checking GStreamer 0.10 mpegtsparse plugin... yes
checking GStreamer 0.10 dvbbasebin plugin... yes
checking GStreamer 0.10 dvbsrc plugin... yes
configure: error:
Cannot find required GStreamer-0.10 plugin 'rtpmp2tpay'.
It should be part of gst-plugins-good. Please install it.
checking GStreamer 0.10 rtpmp2tpay plugin... no

make: *** [debian/stamp-autotools] Error 1

https://buildd.debian.org/status/fetch.php?pkg=gnome-dvb-daemonarch=armelver=1%3A0.2.9-1stamp=1341701555
https://buildd.debian.org/status/fetch.php?pkg=gnome-dvb-daemonarch=armhfver=1%3A0.2.9-1stamp=1341702123
---End Message---
---BeginMessage---
On Fri, Jul 27, 2012 at 22:51:25 +0200, Luca Falavigna wrote:

Source: gnome-dvb-daemon
Version: 1:0.2.9-1
Severity: serious
Justification: fails to build from source

gnome-dvb-daemon fails to build from source on arm*, but built in the past:

Fixed by rebuilding gstreamer0.10 against new glib, due to the ABI
breakage in #674156.

Cheers,
Julien

signature.asc
Description: Digital signature
---End Message---

Bug#683012: marked as done (FTBFS on arm*: checking GStreamer 0.10 rtpmp2tpay plugin... no)

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

gnome-dvb-daemon fails to build from source on arm*, but built in the past:

make: *** [debian/stamp-autotools] Error 1

Source: gnome-dvb-daemon
Version: 1:0.2.9-1
Severity: serious
Justification: fails to build from source

gnome-dvb-daemon fails to build from source on arm*, but built in the past:

Fixed by rebuilding gstreamer0.10 against new glib, due to the ABI
breakage in #674156.

Cheers,
Julien

signature.asc
Description: Digital signature
---End Message---

Bug#699090: base-files: nsswitch.conf does not include gshadow entry

2013-01-27 Thread Roger Leigh

On Sun, Jan 27, 2013 at 12:18:30PM +, Roger Leigh wrote:
 Hi Santiago,
 
 I've attached a patch for adding support for the gshadow
 (group shadow) NSS database to nsswitch.conf.  Without this,
 the libc getsg* family of functions will not work, hence
 marking serious or else these functions will be broken for
 new installations; would also be nice if it was possible to
 add for upgrades as well?  Do we have any mechanism for
 making NSS updates?
 
 Note that it's using the files service rather than compat
 here because compat does not support gshadow, but files
 does (can be tested by running getent gshadow as root).

Updated patch attached.  This will upgrade nsswitch.conf in-place
on upgrade to add support for gshadow for existing installations,
while new installs will get the new nsswitch.conf by default.
Note that it's only run for upgrades from base-files  7.2, so
will only be run once.

The sed script will insert the new entry after the shadow entry
if present, to make it identical to the default nsswitch.conf,
otherwise it will be inserted after the group entry which it
matches.

On #debian-devel, we discussed the security implications of
enabling this by default, but the consensus was that since this
is only readable by root, it's not an issue (restricting the
upgrade to only group:(compat|files) was considered, but thought
to not be worthwhile over enabling it for all cases).


Thanks,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linuxhttp://people.debian.org/~rleigh/
 `. `'   schroot and sbuild  http://alioth.debian.org/projects/buildd-tools
   `-GPG Public Key  F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800
diff -urN base-files-7.1.original/debian/changelog base-files-7.2/debian/changelog
--- base-files-7.1.original/debian/changelog	2013-01-27 11:59:40.147903916 +
+++ base-files-7.2/debian/changelog	2013-01-27 13:55:10.111292346 +
@@ -1,3 +1,13 @@
+base-files (7.2) unstable; urgency=low
+
+  * Add an entry for the gshadow database to the nsswitch.conf;
+also add this entry to existing nsswitch.conf files on upgrade.
+This is needed for the glibc getsg* family of functions which
+operate on the group shadow database to function correctly.
+Closes: #699090.
+
+ -- Roger Leigh rle...@debian.org  Sun, 27 Jan 2013 13:51:41 +
+
 base-files (7.1) unstable; urgency=low
 
   * Added Multi-Arch: foreign. This is needed even if base-files is
diff -urN base-files-7.1.original/debian/postinst.in base-files-7.2/debian/postinst.in
--- base-files-7.1.original/debian/postinst.in	2013-01-27 11:59:40.147903916 +
+++ base-files-7.2/debian/postinst.in	2013-01-27 14:01:37.541714235 +
@@ -122,3 +122,17 @@
   install_from_default /usr/share/base-files/staff-group-for-usr-local \
 /etc/staff-group-for-usr-local
 fi
+
+# Add gshadow to nsswitch.conf on upgrade
+if dpkg --compare-versions $2 lt-nl 7.2; then
+  if ! grep -q '^[[:space:]]*gshadow:[[:space:]]' /etc/nsswitch.conf; then
+match=group
+if grep -q '^[[:space:]]*shadow[[:space:]]*:' /etc/nsswitch.conf; then
+  match=shadow
+fi
+sed -i -e 1,/^[[:space:]]*$match[[:space:]]*:.*\$/ {/^[[:space:]]*$match[[:space:]]*:.*\$/a\
+gshadow:	files
+} /etc/nsswitch.conf
+echo Updating /etc/nsswitch.conf to add the gshadow database.
+  fi
+fi
diff -urN base-files-7.1.original/share/nsswitch.conf base-files-7.2/share/nsswitch.conf
--- base-files-7.1.original/share/nsswitch.conf	2013-01-27 11:59:40.147903916 +
+++ base-files-7.2/share/nsswitch.conf	2013-01-27 12:04:44.534176087 +
@@ -7,6 +7,7 @@
 passwd: compat
 group:  compat
 shadow: compat
+gshadow:	files
 
 hosts:  files dns
 networks:   files

Bug#699090: base-files: nsswitch.conf does not include gshadow entry

2013-01-27 Thread Santiago Vila


El 27/01/13 13:18, Roger Leigh escribió:

Package: base-files
Version: 7.1
Severity: serious
Tags: patch

Hi Santiago,

I've attached a patch for adding support for the gshadow
(group shadow) NSS database to nsswitch.conf.  Without this,
the libc getsg* family of functions will not work, hence
marking serious or else these functions will be broken for
new installations;


Hmm, I'm very confused by the severity you have given to this report 
this late in the wheezy freeze, and also by the fact that you provide a 
patch but not a complete explanation why it is so much important (or at 
least an explanation which I can understand). Let me ask you a few 
questions to better understand the issue:


* Is this a new problem, or it is an old problem that nobody noticed 
until now?


* How many users are affected by this? Does this affect the average user?

* How is it possible that we didn't notice until now?

* What package, exactly, does break by *not* having the proposed line?

(I use NIS and NFS in a computer lab, and it works, so it is hard for me 
to believe that this is RC for wheezy).


* What is glibc default value for such line if missing from 
nsswitch.conf? Should this not be *also* a bug in glibc for not having 
sane defaults?


[ Update: A simple search tells me you have also filed #699089 against 
libc-bin for this reason ].


I hope you find all these questions reasonable enough.


would also be nice if it was possible to
add for upgrades as well?  Do we have any mechanism for
making NSS updates?


No, we don't have a mechanism for upgrades, but if we had to do that, 
the right package for doing it would be libc-bin:


http://bugs.debian.org/649265


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: severity of 699090 is important

Processing commands for cont...@bugs.debian.org:

 severity 699090 important
Bug #699090 [base-files] base-files: nsswitch.conf does not include gshadow 
entry
Severity set to 'important' from 'serious'
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
699090: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699090
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#677407: re-test with libglib2.0-0 from sid?

I've tried reproducing this again in a VM with gnome-core installed and
again after installing gnome-dbg - without problems.

There are updates in sid relating to libglib2.0-0 from this change:
http://packages.qa.debian.org/g/glib2.0/news/20130108T234753Z.html

   * Drop the various Breaks from libglib2.0-0. Those are causing APT
to fail on a dist-upgrade from squeeze to wheezy. (Closes: #676485)

Please can #677407 be re-tested using libglib2.0-0 
(= 2.33.12+really2.32.4-5) from unstable?

-- 


Neil Williams
=
http://www.linux.codehelp.co.uk/



pgpAEsjNfjTLA.pgp
Description: PGP signature

Processed: gosa: diff for NMU version 2.7.4-4.1

Processing commands for cont...@bugs.debian.org:

 tags 698635 + patch
Bug #698635 [gosa] gosa: package configuration calls a2enmod even if apache is 
not installed
Added tag(s) patch.
 tags 698635 + pending
Bug #698635 [gosa] gosa: package configuration calls a2enmod even if apache is 
not installed
Added tag(s) pending.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
698635: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698635
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: Re: Bug#698466: apt-cacher-ng: fails to install: apt-cacher-ng.postinst: curl: not found

Processing commands for cont...@bugs.debian.org:

 # marking this as not affecting sid version
 fixed 698466 0.7.11-1
Bug #698466 [apt-cacher-ng] apt-cacher-ng: fails to install: 
apt-cacher-ng.postinst: curl: not found
Marked as fixed in versions apt-cacher-ng/0.7.11-1.

End of message, stopping processing here.

Please contact me if you need assistance.
-- 
698466: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698466
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#697221: motion: diff for NMU version 3.2.12-3.3

2013-01-27 Thread Evgeni Golov

Hi Julien,

On Tue, Jan 08, 2013 at 10:37:45PM +0100, Julien Cristau wrote:

 2) this thing should just use AC_CHECK_LIBS already.

how about the atteched one? The debdiff is against -3.2 in testing.
It's pretty aggressive and kills --with-mysql-* settings (thinking of those, I 
should remove them alltogether then).
Does it look good enough for you?

Regards
Evgeni

diff -Nru motion-3.2.12/debian/changelog motion-3.2.12/debian/changelog
--- motion-3.2.12/debian/changelog  2012-06-06 12:25:16.0 +0200
+++ motion-3.2.12/debian/changelog  2013-01-26 20:51:08.0 +0100
@@ -1,3 +1,23 @@
+motion (3.2.12-3.4) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Revert changes done in -3.3.
+  * Find MySQL using AC_CHECK_HEADER/AC_CHECK_LIB.
+Closes: #697221
+
+ -- Evgeni Golov evg...@debian.org  Sat, 26 Jan 2013 15:48:31 +0100
+
+motion (3.2.12-3.3) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Properly find MySQL in /usr/lib/$(DEB_HOST_MULTIARCH).
++ Build-Depend on dpkg-dev = 1.16
++ Get DEB_HOST_MULTIARCH from dpkg-architecture.
++ Pass --with-mysql-dir=/usr/lib/$(DEB_HOST_MULTIARCH) to configure.
+Closes: #697221
+
+ -- Evgeni Golov evg...@debian.org  Thu, 03 Jan 2013 12:00:38 +0100
+
 motion (3.2.12-3.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru motion-3.2.12/debian/patches/proper-mysql-configure.patch 
motion-3.2.12/debian/patches/proper-mysql-configure.patch
--- motion-3.2.12/debian/patches/proper-mysql-configure.patch   1970-01-01 
01:00:00.0 +0100
+++ motion-3.2.12/debian/patches/proper-mysql-configure.patch   2013-01-26 
20:46:48.0 +0100
@@ -0,0 +1,126 @@
+From: Evgeni Golov evg...@debian.org
+Subject: Use AC_CHECK_HEADER/AC_CHECK_LIB to find MySQL libraries
+Bug-Debian: http://bugs.debian.org/697221
+Last-Update: 2013-01-26
+
+Index: motion-3.2.12/configure.in
+===
+--- motion-3.2.12.orig/configure.in2013-01-26 16:11:57.0 +0100
 motion-3.2.12/configure.in 2013-01-26 16:40:50.235894896 +0100
+@@ -502,108 +502,14 @@
+   AC_MSG_RESULT(skipped)
+ else
+   AC_MSG_RESULT(testing)
+-  # *** Search mysql headers ***
+-
+-  if test ${MYSQL_HEADERS} = yes; then
+-  AC_MSG_CHECKING(autodect mysql headers)
+-  # Autodetect
+-  for w in /usr/include /usr/local/include /usr/mysql 
/usr/local/mysql /usr/local/mysql/include /opt /opt/mysql; do
+-  # check for plain setups
+-  if test -f $w/mysql.h; then
+-  MYSQL_INCDIR=$w
+-  break
+-  fi
+-  # check for /usr/include/packagename type setups
+-  if test -f $w/mysql/mysql.h; then
+-  MYSQL_INCDIR=$w/mysql
+-  break
+-  fi
+-  # check for /usr/packagename/include type setups
+-  if test -f $w/mysql/include/mysql.h; then
+-  MYSQL_INCDIR=$w/mysql/include
+-  break
+-  fi
+-  done
+-  elif test ${MYSQL_HEADERS} = no; then
+-  AC_MSG_CHECKING(for mysql headers)  
+-  AC_MSG_RESULT(skipped)
+-  else
+-  AC_MSG_CHECKING(for mysql headers in $MYSQL_HEADERS)
+-  # Manual detection for withval
+-  if test -f $MYSQL_HEADERS/mysql.h; then
+-  MYSQL_INCDIR=$MYSQL_HEADERS
+-  fi
+-  fi
+-
+-  if test -z $MYSQL_INCDIR ; then
+-  MYSQL_HEADERS=no
+-  AC_MSG_RESULT(not found)
+-  echo Invalid MySQL directory - unable to find mysql.h.
+-  else
+-  AC_MSG_RESULT(yes)
+-  MYSQL_HEADERS=yes
+-  fi
+-
+-
+-  if test ${MYSQL_HEADERS} = yes; then
+-
+-  # *** Search mysql libs *
+-  if test ${MYSQL_LIBS} = yes; then
+-  AC_MSG_CHECKING(autodect mysql libs)
+-  # Autodetect
+-  for w in /usr/lib64 /usr/lib /usr/local/lib /usr/mysql 
/usr/local/mysql /usr/local/mysql/lib /opt /opt/mysql; do
+-  # check for plain setups
+-  if test -f $w/libmysqlclient.a -o -f 
$w/libmysqlclient.so; then
+-  MYSQL_LIBDIR=$w
+-  break
+-  fi
+-  # check for /usr/lib/packagename type setups
+-  if test -f $w/mysql/libmysqlclient.a -o -f 
$w/mysql/libmysqlclient.so; then
+-  MYSQL_LIBDIR=$w/mysql
+-  break
+-  fi
+-  # check for /usr/packagename/lib type setups
+-  if test -f $w/mysql/lib/libmysqlclient.a -o -f

Bug#694015: geda: copyright file missing after upgrade (policy 12.5)

Followup-For: Bug #694015

Hi,

On Monday, 21. January 2013 10:34:37 Bdale Garbee wrote:
 so no, I don't really agree that it would be better to have no geda-gaf
 than to have 1.6 in wheezy.

On Monday, 21. January 2013 11:22:27 Bdale Garbee wrote:
 أحمد المحمودي aelmahmo...@sabily.org writes:
  Bdale, I've added gregoa's patch  pushed to git. Please upload.

 Done.  debian/1.8.1-2 uploaded, tagged, and pushed.

Well, wanting to keep (and fix) RC-buggy geda 1.6 in wheezy and
uploading a new upstream to unstable (currently stuck in NEW) contradict
each other.

I have prepared a NMU 1:1.6.2-4.3 cherry-picking gregoa's patch.
Once that has passed my piuparts tests I'll upload it to DELAYED/2.
Patch attached.

What can be done to block/cancel/reroute-to-experimental the 1.8.x
packages currently in NEW? This would allow getting this fix via sid
and avoiding the t-p-u road.


Andreas
diff --git a/debian/changelog b/debian/changelog
index ce3fd25..f0ad9a9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+geda-gaf (1:1.6.2-4.3) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Manually replace directory with symlink in geda.postinst.
+Thanks to gregor herrmann gre...@debian.org (Closes: #694015)
+
+ -- Andreas Beckmann a...@debian.org  Sun, 27 Jan 2013 15:17:05 +0100
+
 geda-gaf (1:1.6.2-4.2) unstable; urgency=low
 
   * Non-maintainer upload.
diff --git a/debian/geda.postinst b/debian/geda.postinst
new file mode 100644
index 000..e231653
--- /dev/null
+++ b/debian/geda.postinst
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -e
+
+# Replace documentation directory with symlink
+docdir=/usr/share/doc/geda
+target=geda-doc
+
+if [ -d $docdir ]  [ ! -L $docdir ]; then
+   if rmdir $docdir 2/dev/null; then
+   ln -sf $target $docdir
+   fi
+fi
+
+#DEBHELPER#
+
+exit 0

Bug#698635: gosa: diff for NMU version 2.7.4-4.1

2013-01-27 Thread Jonathan Wiltshire

tags 698635 + patch
tags 698635 + pending
thanks

Dear maintainer,

I've prepared an NMU for gosa (versioned as 2.7.4-4.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards.

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

directhex i have six years of solaris sysadmin experience, from
8-10. i am well qualified to say it is made from bonghits
layered on top of bonghits
diff -Nru gosa-2.7.4/debian/changelog gosa-2.7.4/debian/changelog
--- gosa-2.7.4/debian/changelog	2012-06-19 08:37:20.0 +0100
+++ gosa-2.7.4/debian/changelog	2013-01-27 12:29:24.0 +
@@ -1,3 +1,11 @@
+gosa (2.7.4-4.1) UNRELEASED; urgency=low
+
+  * Non-maintainer upload.
+  * debian/gosa.postinst: add a guard around a2enmod for when
+gosa is installed without Apache2 (Closes: #698635)
+
+ -- Jonathan Wiltshire j...@debian.org  Sun, 27 Jan 2013 12:28:46 +
+
 gosa (2.7.4-4) unstable; urgency=low
 
   * New smarty3 package fixes problems with template loading. This
diff -Nru gosa-2.7.4/debian/gosa.postinst gosa-2.7.4/debian/gosa.postinst
--- gosa-2.7.4/debian/gosa.postinst	2012-06-18 13:25:38.0 +0100
+++ gosa-2.7.4/debian/gosa.postinst	2013-01-27 12:28:42.0 +
@@ -54,7 +54,9 @@
   fi
   
   # Add support for RequestHeader
-  a2enmod headers
+  if [ -x /usr/sbin/a2enmod ]; then
+a2enmod headers
+  fi
 
   # Finally restart servers
   if [ -x /usr/sbin/invoke-rc.d ]; then


signature.asc
Description: Digital signature

Processed: cloning 634930 ...

Processing commands for cont...@bugs.debian.org:

 clone 634930 -1
Bug #634930 [gpa] gpa: GPA unusable due to General Assuan error
Bug 634930 cloned as bug 699096
 retitle -1 Segmentation fault in _assuan_socket due to missing 
 assuan_sock_init() call
Bug #699096 [gpa] gpa: GPA unusable due to General Assuan error
Changed Bug title to 'Segmentation fault in _assuan_socket due to missing 
assuan_sock_init() call' from 'gpa: GPA unusable due to General Assuan error'
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
634930: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634930
699096: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699096
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: found 699096 in 0.9.0-3, notfound 699096 in 0.9.3-1

Processing commands for cont...@bugs.debian.org:

 found 699096 0.9.0-3
Bug #699096 [gpa] Segmentation fault in _assuan_socket due to missing 
assuan_sock_init() call
Marked as found in versions gpa/0.9.0-3.
 notfound 699096 0.9.3-1
Bug #699096 [gpa] Segmentation fault in _assuan_socket due to missing 
assuan_sock_init() call
No longer marked as found in versions gpa/0.9.3-1.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
699096: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699096
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#679980: See also #694850

Just adding a note to help others scanning the RC bugs to look at
#694850 for the release team discussion around cacti. This link doesn't
show up in UDD queries because that relies on matching the bug title.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694850#25


-- 


Neil Williams
=
http://www.linux.codehelp.co.uk/



pgpTQcxqeLDII.pgp
Description: PGP signature

Processed: tagging 684645

Processing commands for cont...@bugs.debian.org:

 tags 684645 + patch
Bug #684645 [sendmail-bin] liblockfile1: Order of fcntl and dotlock in maillock
Added tag(s) patch.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
684645: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684645
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#677407: re-test with libglib2.0-0 from sid?

On 2013-01-27 15:17, Neil Williams wrote:
 I've tried reproducing this again in a VM with gnome-core installed and
 again after installing gnome-dbg - without problems.

 Please can #677407 be re-tested using libglib2.0-0 
 (= 2.33.12+really2.32.4-5) from unstable?

squeeze/main/pass/gnome-dbg_1:2.30+7.log
wheezy/main/pass/gnome-dbg_1:3.4+7.log
sid/main/pass/gnome-dbg_1:3.4+7.log

squeeze2wheezy/main/affected/gnome-dbg_1:3.4+7.log
squeeze2wheezy2sid/main/affected/gnome-dbg_1:3.4+7.log

squeeze2sid/main/pass/gnome-dbg_1:3.4+7.log
testing2sid/main/pass/gnome-dbg_1:3.4+7.log

looks good :-)

If there is a repository somewhere with all the new .debs built from
source(libglib2.0-0) and a Packages file, I could do tests how this
would look like in a squeeze2wheezy upgrade after glib2 migrated to
testing. (I'm just to lazy to rebuild glib2 locally ...)

Andreas


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: tagging 684645

Processing commands for cont...@bugs.debian.org:

 tags 684645 + patch
Bug #684645 [sendmail-bin] liblockfile1: Order of fcntl and dotlock in maillock
Ignoring request to alter tags of bug #684645 to the same tags previously set
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
684645: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684645
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#691600: libghc-warp-dev: does not parse request headers correctly

On Sun, Nov 04, 2012 at 03:27:13PM +0100, Joachim Breitner wrote:
Am Sonntag, den 04.11.2012, 13:11 +0100 schrieb Julien Cristau:
 On Sat, Oct 27, 2012 at 22:11:42 +0200, Joachim Breitner wrote:
  @release-team: There is a reportedly grave bug with haskell-warp, and a
  fix is available. Unfortunately, the route of updating testing via
  unstable is broken, some uploads aimed for experimental have ended up in
  unstable²
  
 Can't those be reverted?

not easily. Debian does not allow uploading a lower version number, so
the versions of the reverted packages need to be higher than the
accidental uploads, either via an epoch or via 2.0~really1.0 tricks. In
either case, all depending packages need sourceful uploads to adjust
their build dependency version ranges (which currently exclude the
accidentally uploaded version and hence all later ones) to include this
“strange” versions, turning this into a sizable undertaking.

That's a nasty mess there. :-(

Do we have any hope of progress on this RC bug? Otherwise it's
incredibly tempting to push for removal of libghc-warp-dev considering
its tiny popcon and the fact that it has never been in a stable Debian
release...

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
Into the distance, a ribbon of black
Stretched to the point of no turning back


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#684645: Patch

2013-01-27 Thread Tim Marston

Sorry, it would probably be more useful if were to submit the correct
patch!

-- 
Tim Marston
ed.am
--- sendmail-8.14.4/build-tree/sendmail-8.14.4/mail.local/mail.local.c  
2013-01-27 07:23:47.531568453 +
+++ new/sendmail-8.14.4/build-tree/sendmail-8.14.4/mail.local/mail.local.c  
2013-01-27 06:51:30.791562351 +
@@ -1082,26 +1082,6 @@
*/
 
 tryagain:
-#ifdef MAILLOCK
-   p = name;
-#else /* MAILLOCK */
-   p = path;
-#endif /* MAILLOCK */
-   if ((off = lockmbox(p)) != 0)
-   {
-   if (off == EX_TEMPFAIL || e_to_sys(off) == EX_TEMPFAIL)
-   {
-   ExitVal = EX_TEMPFAIL;
-   errcode = 451 4.3.0;
-   }
-   else
-   errcode = 551 5.3.0;
-
-   mailerr(errcode, lockmailbox %s failed; error code %d %s,
-   p, off, errno  0 ? sm_errstring(errno) : );
-   return;
-   }
-
if (lstat(path, sb)  0)
{
int save_errno;
@@ -1252,6 +1232,26 @@
goto err1;
}
 
+#ifdef MAILLOCK
+   p = name;
+#else /* MAILLOCK */
+   p = path;
+#endif /* MAILLOCK */
+   if ((off = lockmbox(p)) != 0)
+   {
+   if (off == EX_TEMPFAIL || e_to_sys(off) == EX_TEMPFAIL)
+   {
+   ExitVal = EX_TEMPFAIL;
+   errcode = 451 4.3.0;
+   }
+   else
+   errcode = 551 5.3.0;
+
+   mailerr(errcode, lockmailbox %s failed; error code %d %s,
+   p, off, errno  0 ? sm_errstring(errno) : );
+   goto err1;
+   }
+
/* Get the starting offset of the new message */
curoff = lseek(mbfd, (off_t) 0, SEEK_END);
(void) sm_snprintf(biffmsg, sizeof(biffmsg), %s@%lld\n,
@@ -1325,10 +1325,10 @@
 #endif /* DEBUG */
if (mbfd = 0)
(void) ftruncate(mbfd, curoff);
-err1:  if (mbfd = 0)
+err1:  unlockmbox();
+   if (mbfd = 0)
(void) close(mbfd);
 err0:  (void) setreuid(0, 0);
-   unlockmbox();
return;
}
 
@@ -1346,6 +1346,7 @@
else
cursize = sb.st_size;
 
+   unlockmbox();
 
/* Close and check -- NFS doesn't write until the close. */
if (close(mbfd))
@@ -1395,7 +1396,6 @@
 #ifdef DEBUG
fprintf(stderr, reset euid = %d\n, (int) geteuid());
 #endif /* DEBUG */
-   unlockmbox();
if (LMTPMode)
printf(250 2.1.5 %s Ok\r\n, name);
 }

Processed: tagging Bug#697930: nagios3: CVE-2012-6096

Processing commands for cont...@bugs.debian.org:

 # patches available, tested, upload by maintainer coming soon
 tags 697930 patch pending
Bug #697930 [nagios3] nagios3: CVE-2012-6096
Added tag(s) pending and patch.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
697930: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697930
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: tagging 699096, tagging 696826

Processing commands for cont...@bugs.debian.org:

 tags 699096 + patch pending
Bug #699096 [gpa] Segmentation fault in _assuan_socket due to missing 
assuan_sock_init() call
Added tag(s) pending and patch.
 tags 696826 + pending
Bug #696826 [gpa] gpa: obsolete Homepage control field
Added tag(s) pending.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
696826: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696826
699096: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699096
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: Re: Bug#677054: nut-client: prompting due to modified conffiles which were not modified by the user

Processing commands for cont...@bugs.debian.org:

 tags 677054 pending
Bug #677054 [nut-client] nut-client: prompting due to modified conffiles which 
were not modified by the user
Added tag(s) pending.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
677054: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677054
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: tagging 699096, tagging 696826

Processing commands for cont...@bugs.debian.org:

 tags 699096 + fixed-upstream
Bug #699096 [gpa] Segmentation fault in _assuan_socket due to missing 
assuan_sock_init() call
Added tag(s) fixed-upstream.
 tags 696826 + pending
Bug #696826 [gpa] gpa: obsolete Homepage control field
Ignoring request to alter tags of bug #696826 to the same tags previously set
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
696826: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696826
699096: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699096
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#697221: motion: diff for NMU version 3.2.12-3.3

On Sun, Jan 27, 2013 at 15:22:37 +0100, Evgeni Golov wrote:

 ++ TEMP_CFLAGS=$TEMP_CFLAGS -I/usr/include/mysql

This bit is probably not quite right in general.  Not sure what the
correct way to get the header location is.

Cheers,
Julien


signature.asc
Description: Digital signature

Bug#699096: marked as done (Segmentation fault in _assuan_socket due to missing assuan_sock_init() call)

Your message dated Sun, 27 Jan 2013 15:33:16 +
with message-id e1tzueo-0006qd...@franck.debian.org
and subject line Bug#699096: fixed in gpa 0.9.0-4
has caused the Debian Bug report #699096,
regarding Segmentation fault in _assuan_socket due to missing 
assuan_sock_init() call
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
699096: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699096
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: gpa
Version: 0.9.0-1
Severity: normal

When started GPA gives the following sequence of errors:

GnuPG is rebuilding the trust database.
This might take a few seconds.

and

GPA Error
The GPGME library returned an unexpected error.  The error was:
General Assuan error
This is probably a bug in GPA
GPA will now try to recover from this error

I also was unable to generate keys due to the same error messages appearing
every time

FYI - I found the following here:
http://forums.debian.net/viewtopic.php?f=6t=64515

Problem has been solved by installing older version of GPA (GNU Privacy
Assistent) from Ubuntu repository (in Debian).

thanks!



-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.39-2-486
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gpa depends on:
ii  gnupg2  2.0.17-2 GNU privacy guard - a free PGP rep
ii  gpgsm   2.0.17-2 GNU privacy guard - S/MIME version
ii  libc6   2.13-7   Embedded GNU C Library: Shared lib
ii  libglib2.0-02.28.6-1 The GLib library of C routines
ii  libgpg-error0   1.10-0.3 library for common error values an
ii  libgpgme11  1.2.0-1.4GPGME - GnuPG Made Easy
ii  libgtk2.0-0 2.24.4-3 The GTK+ graphical user interface 
ii  zlib1g  1:1.2.3.4.dfsg-3 compression library - runtime

gpa recommends no packages.

gpa suggests no packages.

-- no debconf information


---End Message---
---BeginMessage---
Source: gpa
Source-Version: 0.9.0-4

We believe that the bug you reported is fixed in the latest version of
gpa, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 699...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Leidert (dale) daniel.leid...@wgdd.de (supplier of updated gpa package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Sun, 27 Jan 2013 16:20:46 +0100
Source: gpa
Binary: gpa
Architecture: source amd64
Version: 0.9.0-4
Distribution: unstable
Urgency: low
Maintainer: Debian GnuPG-Maintainers pkg-gnupg-ma...@lists.alioth.debian.org
Changed-By: Daniel Leidert (dale) daniel.leid...@wgdd.de
Description: 
 gpa- GNU Privacy Assistant (GPA)
Closes: 696826 699096
Changes: 
 gpa (0.9.0-4) unstable; urgency=low
 .
   * debian/control (Homepage): Updated (closes: #696826).
   * debian/patches/628305_build_with_libassuan_v2.patch: Updated.
 - src/server.c (gpa_start_server): Call assuan_sock_init (closes: #699096).
Checksums-Sha1: 
 41a18cea33ce55d8d58ac715e3ca76a8ccf93cb2 1439 gpa_0.9.0-4.dsc
 bb71935c60ccf913518cfc19c3be0a02240ba7d8 10993 gpa_0.9.0-4.debian.tar.gz
 9ea222bc03995e0d940f51baaae4439251ea19af 350522 gpa_0.9.0-4_amd64.deb
Checksums-Sha256: 
 bf211c424a0366f41ba2194103f9e9a77acb0f51340aaac94a86733662bf5f3f 1439 
gpa_0.9.0-4.dsc
 b50d54487c68c6285b9ef16f97c600a576f0c697b0329a262cadf05ee859fae7 10993 
gpa_0.9.0-4.debian.tar.gz
 50748d5c2d67bcbf32ea35e51bbf7b3a51a61ca1bf6be8c83236e6e649d784f4 350522 
gpa_0.9.0-4_amd64.deb
Files: 
 2484c26c195601af074b36dfb791b5b4 1439 utils optional gpa_0.9.0-4.dsc
 9c1c990b2e7dd179476b435bb6dd9c42 10993 utils optional gpa_0.9.0-4.debian.tar.gz
 0f9274496e554f47f8dd6ff29276279e 350522 utils optional gpa_0.9.0-4_amd64.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlEFRyAACgkQm0bx+wiPa4zwcACeMjKVyRPMYnaQtWZ4SbnGk276
en4An0pg1x+mKzvyfShg6ZRPVnivsRU8
=j48/
-END PGP

Bug#677407: re-test with libglib2.0-0 from sid?

On Sun, 27 Jan 2013 16:07:53 +0100
Andreas Beckmann a...@debian.org wrote:

 On 2013-01-27 15:17, Neil Williams wrote:
  I've tried reproducing this again in a VM with gnome-core installed and
  again after installing gnome-dbg - without problems.
 
  Please can #677407 be re-tested using libglib2.0-0 
  (= 2.33.12+really2.32.4-5) from unstable?
 
 squeeze/main/pass/gnome-dbg_1:2.30+7.log
 wheezy/main/pass/gnome-dbg_1:3.4+7.log
 sid/main/pass/gnome-dbg_1:3.4+7.log
 
 squeeze2wheezy/main/affected/gnome-dbg_1:3.4+7.log
 squeeze2wheezy2sid/main/affected/gnome-dbg_1:3.4+7.log
 
 squeeze2sid/main/pass/gnome-dbg_1:3.4+7.log
 testing2sid/main/pass/gnome-dbg_1:3.4+7.log
 
 looks good :-)
 
 If there is a repository somewhere with all the new .debs built from
 source(libglib2.0-0) and a Packages file, I could do tests how this
 would look like in a squeeze2wheezy upgrade after glib2 migrated to
 testing. (I'm just to lazy to rebuild glib2 locally ...)

No need to rebuild locally. I used reprepro to create a small repo and
then used a filterlist to update from unstable against the list of
binary packages built by glib2.0

http://linux.codehelp.co.uk/emdebian/dists/piuparts/

This is available, temporarily, as an apt source if you want it:

deb http://linux.codehelp.co.uk/emdebian piuparts main

(amd64  i386 only)

piuparts|main|amd64: libglib2.0-0 2.33.12+really2.32.4-5
piuparts|main|amd64: libglib2.0-0-dbg 2.33.12+really2.32.4-5
piuparts|main|amd64: libglib2.0-0-refdbg 2.33.12+really2.32.4-5
piuparts|main|amd64: libglib2.0-bin 2.33.12+really2.32.4-5
piuparts|main|amd64: libglib2.0-data 2.33.12+really2.32.4-5
piuparts|main|amd64: libglib2.0-dev 2.33.12+really2.32.4-5
piuparts|main|amd64: libglib2.0-doc 2.33.12+really2.32.4-5

 glib2.0 | 2.33.12+really2.32.4-5 | sid  | source

That repository will be available for a few weeks or so.

-- 


Neil Williams
=
http://www.linux.codehelp.co.uk/



pgpQalfTnVgjX.pgp
Description: PGP signature

Bug#684645: Patch

2013-01-27 Thread Tim Marston

Hi,

I've attached a patch to do the lockmbox() after open()ing and
lockf()ing the mailbox, and conversely to unlockmbox() before
close()ing it.  Looking at the strace, it now goes...

  open(/var/mail/edam, O_WRONLY|O_APPEND) = 4
  fcntl64(4, F_SETLKW, {type=F_WRLCK, whence=SEEK_CUR, start=0, len=0}) = 0
  link(/var/mail/.lk06598ddebian-dev, /var/mail/edam.lock) = 0
  ...
  unlink(/var/mail/edam.lock)   = 0
  close(4)= 0

Someone with more experience of locking should verify there are no
problems with this.  :o)

-- 
Tim Marston
ed.am
Index: en/upgrading.dbk
===
--- en/upgrading.dbk(revision 9557)
+++ en/upgrading.dbk(working copy)
@@ -1227,6 +1227,37 @@
 may be required, either before or during the upgrade; these are detailed
 below on a per-package basis.
 /para
+section id=issues-sudo
+titleSudo/title
+para
+If you have modified filename/etc/sudoers/filename then you should be aware
+of changes made to how systemitem role=packagesudo/systemitem
+configuration is handled.  The default filename/etc/sudoers/filename now
+includes the following two directives:
+/para
+programlistingDefaults
secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin/programlisting
+programlisting#includedir /etc/sudoers.d/programlisting
+para
+Neither of these entries are added to your filename/etc/sudoers/filename
+automatically during the upgrade.  (Although you will still be able to run
+commandsudo/command commands by specifying their fully-qualified path.)  So
+you might wish to consider migrating your changes to the new
+filename/etc/sudoers.d/filename directory and using the default
+filename/etc/sudoers/filename file.  For example:
+/para
+screen
+# mv /etc/sudoers /etc/sudoers.d/mychanges
+# mv /etc/sudoers.dpkg-new /etc/sudoers
+/screen
+para
+You may also need to edit your filename/etc/sudoers.d/mychanges/filename to
+remove unwanted literalDefaults/literal and literal#includedir/literal
+entries.  You should use commandvisudo/command for this:
+/para
+screen
+# visudo -f /etc/sudoers.d/mychanges
+/screen
+/section
 section id=issues-evolution
 titleEvolution/title
 para

Bug#698527: elmer: executable ElmerGUI.real links with both GPL-licensed and GPL-incompatible libraries

On Sun, Jan 27, 2013 at 12:26:32 +0100, Francesco Poli wrote:

 The true solution is: help me in persuading Open CASCADE S.A.S. to
 re-license Open CASCADE Technology under GPLv2-and-v3-compatible terms.
 
If that happens, it's going to be a while.  Things involving lawyers and
politics aren't particularly fast.

Cheers,
Julien


signature.asc
Description: Digital signature

Bug#694015: geda: copyright file missing after upgrade (policy 12.5)

On Sun, Jan 27, 2013 at 15:37:41 +0100, Andreas Beckmann wrote:

 Followup-For: Bug #694015
 
 Hi,
 
 On Monday, 21. January 2013 10:34:37 Bdale Garbee wrote:
  so no, I don't really agree that it would be better to have no geda-gaf
  than to have 1.6 in wheezy.
 
 On Monday, 21. January 2013 11:22:27 Bdale Garbee wrote:
  أحمد المحمودي aelmahmo...@sabily.org writes:
   Bdale, I've added gregoa's patch  pushed to git. Please upload.
 
  Done.  debian/1.8.1-2 uploaded, tagged, and pushed.
 
 Well, wanting to keep (and fix) RC-buggy geda 1.6 in wheezy and
 uploading a new upstream to unstable (currently stuck in NEW) contradict
 each other.
 
 I have prepared a NMU 1:1.6.2-4.3 cherry-picking gregoa's patch.
 Once that has passed my piuparts tests I'll upload it to DELAYED/2.
 Patch attached.
 
 What can be done to block/cancel/reroute-to-experimental the 1.8.x
 packages currently in NEW? This would allow getting this fix via sid
 and avoiding the t-p-u road.
 
Well they're in NEW so they're pretty much already blocked.  ftpmaster,
could you make a note to not accept geda-gaf from NEW until after
Andreas' NMU is in wheezy, at least?

Cheers,
Julien


signature.asc
Description: Digital signature

Bug#698527: elmer: executable ElmerGUI.real links with both GPL-licensed and GPL-incompatible libraries

2013-01-27 Thread Francesco Poli

On Sun, 27 Jan 2013 15:52:29 + Julien Cristau wrote:

 On Sun, Jan 27, 2013 at 12:26:32 +0100, Francesco Poli wrote:
 
  The true solution is: help me in persuading Open CASCADE S.A.S. to
  re-license Open CASCADE Technology under GPLv2-and-v3-compatible terms.
  
 If that happens, it's going to be a while.  Things involving lawyers and
 politics aren't particularly fast.

That's true, but, as I said previously [1], *if* there were a
significant step forward (such as a decision by Open CASCADE S.A.S.,
with a public promise that next version of Open CASCADE Technology will
be re-licensed under GPLv2-and-v3-compatible terms), *then* we could
maybe obtain a wheezy-ignore tag for this bug (assuming that the
OpenSSL linking issue is easier to solve)...

[1] http://bugs.debian.org/698527#22

-- 
 http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt
 New GnuPG key, see the transition document!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE


pgpOCifFErddY.pgp
Description: PGP signature

Bug#690394: Bug#690877: unblock: love/0.8.0-3

2013-01-27 Thread Jonathan Wiltshire

On Mon, Dec 24, 2012 at 04:08:29PM +0100, Ivo De Decker wrote:
  On 23-12-12 00:37, Ivo De Decker wrote:
   I prepared a TPU upload to fix the copyright file bug (#690394) in 
   wheezy. The
   debdiff is attached.
  
  Looks good.
 Thanks for the review.
 
  However, version 0.8.0-3 is already in unstable, so please
  make the version 0.8.0-2.1 instead.
 
 That's fine with me, but I guess the release team prefers +deb7u1 for wheezy.

Your changelog claims to be an NMU, so the correct version would be
0.8.0-2.1. I'm not all that fussed though.

  Will you upload the package?
 
 That's OK, but as it is a TPU upload, we first need pre-approval from the
 release team.

You can upload this fix to tpu.

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

directhex i have six years of solaris sysadmin experience, from
8-10. i am well qualified to say it is made from bonghits
layered on top of bonghits


signature.asc
Description: Digital signature

Bug#692899: zope2.12: [CVE-2012-5485 to 5508] Multiple vectors corrected within 20121106 fix

2013-01-27 Thread Tres Seaver

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 01/27/2013 08:49 AM, Julien Cristau wrote:
 On Mon, Nov 26, 2012 at 18:53:58 +0900, Arnaud Fontaine wrote:
 
 Tres Seaver tsea...@palladion.com writes:
 
 * CVE-2012-5505 (zope.traversing: atat.py) 
 http://plone.org/products/plone/security/advisories/20121106/21
 
 That fix is  also disputed: hiding the default view  from the
 '@@' name does not actually improve security  at all.  There is a
 Launchpad bug where  it is being  debated (#1079225), but  that
 bug is  still in Private Security mode.  The correct fix is to
 change the code of the multi-adapter to barf if published via a
 URL.
 
 Any idea when this patch will be released? Thanks.
 
 Is there any news on that issue?

I still believe the report is in error:  we cannot hide default (unnamed)
views simply because an application might register one in error.
Any views which wants not to be called via URLs needs to handle that
directly:  registering a multiadapter for (IThing, None) *is* registering
a view.



Tres.
- -- 
===
Tres Seaver  +1 540-429-0999  tsea...@palladion.com
Palladion Software   Excellence by Designhttp://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlEFTwsACgkQ+gerLs4ltQ6FVACgmfgoLVb+YLTfJCqHEX4cvd+K
ywkAn32iTCbw7oCm5EgC7uI60bJiRm1M
=mRXV
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#693666: NMU diff for dahdi-linux/1:2.6.1+dfsg2-0.1

2013-01-27 Thread Ben Hutchings

I've uploaded the attached changes to DELAYED/5, and will follow this
with an upload of dahdi-firmware.

The deleted files are noted in the debdiff as just '[deleted]'.

Ben.

-- 
Ben Hutchings
Experience is what causes a person to make new mistakes instead of old ones.
diff -Nru dahdi-linux-2.6.1+dfsg/debian/changelog dahdi-linux-2.6.1+dfsg2/debian/changelog
--- dahdi-linux-2.6.1+dfsg/debian/changelog	2012-04-23 11:26:35.0 +0100
+++ dahdi-linux-2.6.1+dfsg2/debian/changelog	2013-01-27 16:13:02.0 +
@@ -1,3 +1,11 @@
+dahdi-linux (1:2.6.1+dfsg2-0.1) unstable; urgency=low
+
+  * Non-maintainer upload
+  * Remove non-free FPGA bitfiles and patch drivers to load them
+(Closes: #693666)
+
+ -- Ben Hutchings b...@decadent.org.uk  Sun, 27 Jan 2013 16:13:02 +
+
 dahdi-linux (1:2.6.1+dfsg-1) unstable; urgency=low
 
   * New upstream release candidate:
diff -Nru dahdi-linux-2.6.1+dfsg/debian/patches/pciradio-request_firmware dahdi-linux-2.6.1+dfsg2/debian/patches/pciradio-request_firmware
--- dahdi-linux-2.6.1+dfsg/debian/patches/pciradio-request_firmware	1970-01-01 01:00:00.0 +0100
+++ dahdi-linux-2.6.1+dfsg2/debian/patches/pciradio-request_firmware	2013-01-27 16:07:00.0 +
@@ -0,0 +1,135 @@
+Author: Ben Hutchings b...@decadent.org.uk
+Description: pciradio: Use request_firmware() to load bitfile
+Bug-Debian: http://bugs.debian.org/693666
+
+Non-free bits belong in separate (source  binary) packages.
+This driver must use request_firmware() to load the FPGA bitfile.
+
+---
+--- a/drivers/dahdi/pciradio.c
 b/drivers/dahdi/pciradio.c
+@@ -51,6 +51,7 @@ With driver:	303826  (1.5 %)
+ #include linux/interrupt.h
+ #include linux/moduleparam.h
+ #include linux/sched.h
++#include linux/firmware.h
+ #include asm/io.h
+ #include asm/delay.h 
+ 
+@@ -220,8 +221,6 @@ struct tonedef {
+ 	unsigned char b2;
+ } ;
+ 
+-#include radfw.h
+-
+ static struct tonedef cttable_tx [] = {
+ {0,0,0},
+ {670,0xE,0xB1},
+@@ -1505,9 +1504,18 @@ static void wait_just_a_bit(int foo)
+ 
+ static int pciradio_hardware_init(struct pciradio *rad)
+ {
++const struct firmware *bitfile;
+ unsigned char byte1,byte2;
+ int	x;
+ unsigned long endjif;
++int res;
++
++	res = request_firmware(bitfile, dahdi-fw-pciradio.bin,
++			   rad-dev-dev);
++	if (res)
++		return res;
++
++	res = -EIO;
+ 
+ 	/* Signal Reset */
+ 	outb(0x01, rad-ioaddr + RAD_CNTL);
+@@ -1539,7 +1547,7 @@ unsigned long endjif;
+ 	while (inb(rad-ioaddr + RAD_AUXR)  (XINIT | XDONE)  (jiffies = endjif));
+ 	if (endjif  jiffies) {
+ 		printk(KERN_DEBUG Timeout waiting for INIT and DONE to go low\n);
+-		return -1;
++		goto out;
+ 	}
+ 	if (debug) printk(KERN_DEBUG fwload: Init and done gone to low\n);
+ 	/* De-assert PGM */
+@@ -1550,16 +1558,16 @@ unsigned long endjif;
+ 	while (!(inb(rad-ioaddr + RAD_AUXR)  XINIT)  (jiffies = endjif));
+ 	if (endjif  jiffies) {
+ 		printk(KERN_DEBUG Timeout waiting for INIT to go high\n);
+-		return -1;
++		goto out;
+ 	}
+ 	if (debug) printk(KERN_DEBUG fwload: Init went high (clearing done)\nNow loading...\n);
+ 	/* Assert CS+Write */
+ 	rad-ios = ~XCS;
+ 	outb(rad-ios, rad-ioaddr + RAD_AUXD);
+-	for (x = 0; x  sizeof(radfw); x++)
++	for (x = 0; x  bitfile-size; x++)
+ 	   {
+ 		  /* write the byte */
+-		outb(radfw[x],rad-ioaddr + RAD_REGBASE);
++		outb(bitfile-data[x], rad-ioaddr + RAD_REGBASE);
+ 		  /* if DONE signal, we're done, exit */
+ 		if (inb(rad-ioaddr + RAD_AUXR)  XDONE) break;
+ 		  /* if INIT drops, we're screwed, exit */
+@@ -1580,12 +1588,12 @@ unsigned long endjif;
+ 	if (!(inb(rad-ioaddr + RAD_AUXR)  XINIT))
+ 	   {
+ 		printk(KERN_NOTICE Drove Init low!! CRC Error!!!\n);
+-		return -1;
++		goto out;
+ 	   }
+ 	if (!(inb(rad-ioaddr + RAD_AUXR)  XDONE))
+ 	   {
+ 		printk(KERN_INFO Did not get DONE signal. Short file maybe??\n);
+-		return -1;
++		goto out;
+ 	   }
+ 	wait_just_a_bit(2);
+ 	/* get the thingy started */
+@@ -1646,7 +1654,10 @@ unsigned long endjif;
+ 	/* Wait 1/4 of a sec */
+ 	wait_just_a_bit(HZ/4);
+ 
+-	return 0;
++	res = 0;
++out:
++	release_firmware(bitfile);
++	return res;
+ }
+ 
+ static void pciradio_enable_interrupts(struct pciradio *rad)
+@@ -1765,7 +1776,8 @@ static int __devinit pciradio_init_one(s
+ 			/* Keep track of which device we are */
+ 			pci_set_drvdata(pdev, rad);
+ 
+-			if (pciradio_hardware_init(rad)) {
++			res = pciradio_hardware_init(rad);
++			if (res) {
+ /* Set Reset Low */
+ x=inb(rad-ioaddr + RAD_CNTL);
+ outb((~0x1)x, rad-ioaddr + RAD_CNTL);
+@@ -1780,7 +1792,7 @@ static int __devinit pciradio_init_one(s
+ pci_set_drvdata(pdev, NULL);
+ dahdi_free_device(rad-ddev);
+ kfree(rad);
+-return -EIO;
++return res;
+ 
+ 			}
+ 
+--- a/drivers/dahdi/Kbuild
 b/drivers/dahdi/Kbuild
+@@ -141,11 +141,4 @@ ifeq ($(HPEC_PRESENT),yes)
+ obj-$(DAHDI_BUILD_ALL)$(CONFIG_DAHDI_ECHOCAN_HPEC)	+= dahdi_echocan_hpec.o
+ endif
+ 
+-$(obj)/pciradio.o: $(obj)/radfw.h
+-
+ hostprogs-y := makefw
+-
+-$(obj)/radfw.h:

Bug#690799: evnice crashes with a certain PDF file

2013-01-27 Thread Michael Biebl

On 27.01.2013 14:52, Kubo Hiroshi wrote:
 I tried your 1.12.2-2+deb7u2 binary packages.
 Still, the same crash occured with the linked pdf.
 
 Is this what you expected for me to do?
 Did you open the thumbnail view, by selecting the menu [View] - [Side pane]?

I did try that. And while I can reproduce the crash with 1.12.2-2, I
can't with 1.12.2-2+deb7u2 (resp. 1.12.2-2.1+deb7u1) so this is kinda
odd that you still run into this problem.
Can you update all cairo related packages to 1.12.2-2.1+deb7u1 and
restart evince / your desktop session.



Michael




-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Processed: limit source to gdb, tagging 698074

Processing commands for cont...@bugs.debian.org:

 #gdb (7.4.1+dfsg-0.1) unstable; urgency=low
 #
 #  * Run that script to get the expected dfsg-compliant tarball.
 #(Closes: #698074)
 #
 limit source gdb
Limiting to bugs with field 'source' containing at least one of 'gdb'
Limit currently set to 'source':'gdb'

 tags 698074 + pending
Bug #698074 [src:gdb] gdb: includes non-free documentation (GFDL with 
unmodifiable sections)
Added tag(s) pending.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
698074: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698074
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: severity of 646704 is important

Processing commands for cont...@bugs.debian.org:

 # daniel gave up the package, everyone else thinks it is not rc
 severity 646704 important
Bug #646704 [live-installer] live-installer: installer doesn't write 
/etc/crypttab for crypt+LVM
Severity set to 'important' from 'serious'
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
646704: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646704
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#696837: marked as done (Missing Depends on python-libtorrent, fails to start)

Your message dated Sun, 27 Jan 2013 16:39:06 +
with message-id 20130127163906.ga32...@einval.com
and subject line Re: Bug#696837: Missing Depends on python-libtorrent, fails to 
start
has caused the Debian Bug report #696837,
regarding Missing Depends on python-libtorrent, fails to start
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
696837: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696837
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: deluge-gtk
Version: 1.3.3-2
Severity: grave

After apt-get install deluge-gtk Deluge failed to start with the following
traceback:

Traceback (most recent call last):
  File /usr/lib/python2.7/dist-packages/deluge/ui/gtkui/gtkui.py, line 299, 
in _on_reactor_start
client.start_classic_mode()
  File /usr/lib/python2.7/dist-packages/deluge/ui/client.py, line 559, in 
start_classic_mode
self._daemon_proxy = DaemonClassicProxy(self.__event_handlers)
  File /usr/lib/python2.7/dist-packages/deluge/ui/client.py, line 432, in 
__init__
self.__daemon = deluge.core.daemon.Daemon(classic=True)
  File /usr/lib/python2.7/dist-packages/deluge/core/daemon.py, line 136, in 
__init__
from deluge.core.core import Core
  File /usr/lib/python2.7/dist-packages/deluge/core/core.py, line 36, in 
module
from deluge._libtorrent import lt
  File /usr/lib/python2.7/dist-packages/deluge/_libtorrent.py, line 59, in 
module
import libtorrent as lt
ImportError: No module named libtorrent

deluge-gtk needs a Depends on python-libtorrent. Installing it fixes it.

Cheers,
Moritz

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages deluge-gtk depends on:
ii  deluge-common1.3.3-2
ii  librsvg2-common  2.36.1-1
ii  python   2.7.3-3
ii  python-glade22.24.0-3
pn  python-notifynone
ii  python2.62.6.8-1
ii  python2.72.7.3-5
ii  xdg-utils1.1.0~rc1+git20111210-6
ii  xfce4-notifyd [notification-daemon]  0.2.2-2

Versions of packages deluge-gtk recommends:
ii  python-pygame  1.9.1release+dfsg-7

deluge-gtk suggests no packages.

-- no debconf information
---End Message---
---BeginMessage---
On Fri, Dec 28, 2012 at 08:49:57PM +0600, Andrey Rahmatullin wrote:
On Fri, Dec 28, 2012 at 01:52:29AM +0100, Moritz Muehlenhoff wrote:
   File /usr/lib/python2.7/dist-packages/deluge/_libtorrent.py, line 59, in 
 module
 import libtorrent as lt
 ImportError: No module named libtorrent
 
 deluge-gtk needs a Depends on python-libtorrent. Installing it fixes it.
Note that 
- this is needed only to run the daemon part, by the standalone daemon or
  by the clien in classic mode
- deluged depends on python-libtorrent
- deluge (which has You may want to install this package to use Deluge in
  classic mode in the description) depends on python-libtorrent

But you can install just deluge-gtk and the classic mode will be enabled
by default, displaying a window with the stack trace and a button which
disables the classic mode. If it was disabled by default I would lower the
severity but the current situation sounds wrong unless I'm missing
something. 
The easiest fix is to have deluge-gtk recommend python-libtorrent but the
existence of an almost empty deluge package shows that the current
situation is probably not what was intended by the maintainer.

If deluge-gtk prints a stack trace to a first-time user on first use
because of a missing dependency, let's just install that dependency
already. What's the downside to that?

NMU in delayed/2 now using the attached debdiff (Eddy's patch).

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
We don't need no education.
We don't need no thought control.
diff -Nru deluge-1.3.3/debian/changelog deluge-1.3.3/debian/changelog
--- deluge-1.3.3/debian/changelog   2011-09-25 17:04:26.0 +0100
+++ deluge-1.3.3/debian/changelog   2013-01-27 16:29:27.0 +
@@ -1,3 +1,11 @@
+deluge (1.3.3-2+nmu1) unstable; urgency=low
+
+  * NMU
+  * Add Depends: python-libtorrent. Closes: #696837
+Thanks to Eddy Pronk for the patch.
+
+ -- Steve McIntyre 93...@debian.org  Sun, 27 Jan 2013 16:29:15 +
+
 deluge

Bug#698910: zoneminder: arbitrary command execution vulnerability

2013-01-27 Thread Salvatore Bonaccorso

Some additional information: In most usual cases where zoneminder is
set up, there should be authentication first. So this limits somehow
the vulnerability.

There is also a forum post on this, but still witout reply:

  http://www.zoneminder.com/forums/viewtopic.php?f=29t=20771

Regards,
Salvatore


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#699102: python-greenlet: FTBFS on sparc

2013-01-27 Thread Javi Merino

Package: python-greenlet
Version: 0.3.1-2.2
Severity: serious
Justification: FTBFS

The FTBFS in sparc[0] in wheezy can be fixed by applying the attached
patch

[0] 
https://buildd.debian.org/status/fetch.php?pkg=python-greenletarch=sparcver=0.3.1-2.2stamp=1359234024

Cheers,
Javi
Author: unixtool1192 unixtool1...@gmail.com
Origin: https://github.com/python-greenlet/greenlet/commit/619ab917e3ab47be7642ced21c8cfd8e8182844b
Description: add support for debian sparc and openbsd5-sparc64

--- a/platform/switch_sparc_sun_gcc.h
+++ b/platform/switch_sparc_sun_gcc.h
@@ -19,9 +19,9 @@
 
 #ifdef SLP_EVAL
 
-#include sys/trap.h
 
 #define STACK_MAGIC 0
+#define ST_FLUSH_WINDOWS 3
 
 static int
 slp_switch(void)
--- a/slp_platformselect.h
+++ b/slp_platformselect.h
@@ -12,7 +12,7 @@
 #include platform/switch_ppc_unix.h /* gcc on PowerPC */
 #elif defined(__GNUC__)  defined(__ppc__)  defined(__APPLE__)
 #include platform/switch_ppc_macosx.h /* Apple MacOS X on PowerPC */
-#elif defined(__GNUC__)  defined(sparc)  defined(sun)
+#elif defined(__GNUC__)  defined(sparc)
 #include platform/switch_sparc_sun_gcc.h /* SunOS sparc with gcc */
 #elif defined(__GNUC__)  defined(__s390__)  defined(__linux__)
 #include platform/switch_s390_unix.h	/* Linux/S390 */

Bug#696837: Missing Depends on python-libtorrent, fails to start

2013-01-27 Thread Andrey Rahmatullin

On Sun, Jan 27, 2013 at 04:39:06PM +, Steve McIntyre wrote:
 If deluge-gtk prints a stack trace to a first-time user on first use
 because of a missing dependency, let's just install that dependency
 already. What's the downside to that?
Just 10 Mb of packages that are not needed if you want only a remote GUI.


-- 
WBR, wRAR


signature.asc
Description: Digital signature

Bug#699103: Empathy fails to connect to SIP proxy over TLS

2013-01-27 Thread Daniel Pocock

Package: telepathy-rakia
Version: 0.7.4-1
Severity: Serious


I've marked this serious because (a) there is no detailed error from
Empathy and (b) the SIP proxy is using a cert signed by a root in the
Debian distribution, so it should be trusted and work seamlessly.  Two
other SIP softphones (Lumicall and Jitsi) are working fine in the same
network with this TLS server.

I configured Empathy to use TLS to connect to a SIP account on a proxy
running repro

The repro proxy is on the same subnet, running v1.8.5 from wheezy.  It
has a server cert signed by the CACert.org class 3 root, expiring 2014,
4096 bit

Empathy fails to connect

Running repro in debug mode with console output, I notice this error:

 ssl/TlsConnection.cxx:161 | TLS connected
 ssl/TlsConnection.cxx:175 | TLS handshake want read
 Connection.cxx:372 | Exception on socket 31 code: 32; closing connection

In Empathy, I click the setting to ignore TLS errors, and then the
connection succeeds

Note: the repro proxy has both the server cert and the CAcert.org class
3 intermediate cert in the pem file, so the client should be able to
work the trust chain up to /etc/ssl/certs/cacert.org.pem  (CAcert.org
class 1 root)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#677407: re-test with libglib2.0-0 from sid?

On 2013-01-27 16:41, Neil Williams wrote:
 deb http://linux.codehelp.co.uk/emdebian piuparts main

Thanks!

tested distupgrades from squeeze to wheezy + newer glibc for all 
packages that have/had a Breaks in glib2.0:

xxglib2-emacs23.log:1m30.9s INFO: PASS: Upgrading between Debian distributions.
xxglib2-eog.log:1m53.7s INFO: PASS: Upgrading between Debian distributions.
xxglib2-gdm3.log:2m41.7s INFO: PASS: Upgrading between Debian distributions.
xxglib2-gnome-control-center.log:2m26.2s INFO: PASS: Upgrading between Debian 
distributions.
xxglib2-gnome-dbg.log:3m15.1s INFO: PASS: Upgrading between Debian 
distributions.
xxglib2-gnome-session.log:2m35.6s INFO: PASS: Upgrading between Debian 
distributions.
xxglib2-gvfs.log:1m14.7s INFO: PASS: Upgrading between Debian distributions.
xxglib2-gwaei.log:1m42.4s INFO: PASS: Upgrading between Debian distributions.
xxglib2-libgtk-3-0.log:1m6.6s INFO: PASS: Upgrading between Debian 
distributions.

Looks good. Get glib2.0 unblocked :-)

There are 7759 packages that have some (in-)direct relation to 
libglib2.0-0. If you remind me once the packages are in testing, I can 
reschedule the squeeze2wheezy test for them, just to ensure the
unBreaks:ing didn't break some corner cases.

Andreas


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#692899: zope2.12: [CVE-2012-5485 to 5508] Multiple vectors corrected within 20121106 fix

2013-01-27 Thread David Glick (Plone)


On 1/27/13 6:00 PM, Tres Seaver wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 01/27/2013 08:49 AM, Julien Cristau wrote:

On Mon, Nov 26, 2012 at 18:53:58 +0900, Arnaud Fontaine wrote:


Tres Seaver tsea...@palladion.com writes:


* CVE-2012-5505 (zope.traversing: atat.py)
http://plone.org/products/plone/security/advisories/20121106/21

That fix is  also disputed: hiding the default view  from the
'@@' name does not actually improve security  at all.  There is a
Launchpad bug where  it is being  debated (#1079225), but  that
bug is  still in Private Security mode.  The correct fix is to
change the code of the multi-adapter to barf if published via a
URL.

Any idea when this patch will be released? Thanks.


Is there any news on that issue?

I still believe the report is in error:  we cannot hide default (unnamed)
views simply because an application might register one in error.
Any views which wants not to be called via URLs needs to handle that
directly:  registering a multiadapter for (IThing, None) *is* registering
a view.


Plone includes the configuration of zope.annotation which registers a 
multiadapter of (IAnnotations, Interface) that, as far as I can tell, is 
not intended as a view and can expose information that was meant to be 
private. Our patch therefore monkey-patched the view traverser in 
zope.traversing to prevent it from being published. zope.annotation is 
not configured in Zope 2 out of the box.



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#698527: elmer: executable ElmerGUI.real links with both GPL-licensed and GPL-incompatible libraries

On Sun, Jan 27, 2013 at 17:05:38 +0100, Francesco Poli wrote:

 On Sun, 27 Jan 2013 15:52:29 + Julien Cristau wrote:
 
  On Sun, Jan 27, 2013 at 12:26:32 +0100, Francesco Poli wrote:
  
   The true solution is: help me in persuading Open CASCADE S.A.S. to
   re-license Open CASCADE Technology under GPLv2-and-v3-compatible terms.
   
  If that happens, it's going to be a while.  Things involving lawyers and
  politics aren't particularly fast.
 
 That's true, but, as I said previously [1], *if* there were a
 significant step forward (such as a decision by Open CASCADE S.A.S.,
 with a public promise that next version of Open CASCADE Technology will
 be re-licensed under GPLv2-and-v3-compatible terms), *then* we could
 maybe obtain a wheezy-ignore tag for this bug (assuming that the
 OpenSSL linking issue is easier to solve)...
 
Pretty sure you won't get such a promise before wheezy is out...

Cheers,
Julien


signature.asc
Description: Digital signature

Bug#677407: re-test with libglib2.0-0 from sid?

2013-01-27 Thread Michael Biebl

On 27.01.2013 17:51, Andreas Beckmann wrote:
 On 2013-01-27 16:41, Neil Williams wrote:
 deb http://linux.codehelp.co.uk/emdebian piuparts main
 
 Thanks!
 
 tested distupgrades from squeeze to wheezy + newer glibc for all 
 packages that have/had a Breaks in glib2.0:
 
 xxglib2-emacs23.log:1m30.9s INFO: PASS: Upgrading between Debian 
 distributions.
 xxglib2-eog.log:1m53.7s INFO: PASS: Upgrading between Debian distributions.
 xxglib2-gdm3.log:2m41.7s INFO: PASS: Upgrading between Debian distributions.
 xxglib2-gnome-control-center.log:2m26.2s INFO: PASS: Upgrading between Debian 
 distributions.
 xxglib2-gnome-dbg.log:3m15.1s INFO: PASS: Upgrading between Debian 
 distributions.
 xxglib2-gnome-session.log:2m35.6s INFO: PASS: Upgrading between Debian 
 distributions.
 xxglib2-gvfs.log:1m14.7s INFO: PASS: Upgrading between Debian distributions.
 xxglib2-gwaei.log:1m42.4s INFO: PASS: Upgrading between Debian distributions.
 xxglib2-libgtk-3-0.log:1m6.6s INFO: PASS: Upgrading between Debian 
 distributions.

Thanks for testing! That work you do is really appreciated.

 Looks good. Get glib2.0 unblocked :-)
 

See #697764. The d-i team wanted to have RC1 released before the package
is unblocked (glib2.0 shipping a udeb).

Michael


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#694286: closed by Peter Miller pmil...@opensource.org.au (Bug#694286: fixed in fstrcmp 0.5.D001-1)

On Mon, Nov 26, 2012 at 10:03:16AM +, Debian Bug Tracking System wrote:
This is an automatic notification regarding your Bug report
which was filed against the fstrcmp package:

#694286: fstrcmp: missing Breaks+Replaces: libfstrcmp-dev ( 0.4)

It has been closed by Peter Miller pmil...@opensource.org.au.

Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact Peter Miller 
pmil...@opensource.org.au by
replying to this email.

Hi Peter,

I see you've fixed these bugs in unstable. Are you planning on doing
anything about getting fixed packages into wheezy?

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
...In the UNIX world, people tend to interpret `non-technical user'
 as meaning someone who's only ever written one device driver. -- Daniel Pead


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#698572: setools: FTBFS: symbols file mismatch

Control: severity -1 normal

On Sun, Jan 20, 2013 at 16:13:48 +, Thorsten Glaser wrote:

 Source: setools
 Version: 3.3.7-3
 Severity: serious
 Justification: fails to build from source (but built successfully in the past)
 
m68k bugs are not serious severity.  Please don't do that.

Cheers,
Julien


signature.asc
Description: Digital signature

Bug#699103: Empathy fails to connect to SIP proxy over TLS

Control: severity -1 important

On Sun, Jan 27, 2013 at 17:51:53 +0100, Daniel Pocock wrote:

 Package: telepathy-rakia
 Version: 0.7.4-1
 Severity: Serious
 
 
 I've marked this serious because (a) there is no detailed error from
 Empathy and (b) the SIP proxy is using a cert signed by a root in the
 Debian distribution, so it should be trusted and work seamlessly.  Two
 other SIP softphones (Lumicall and Jitsi) are working fine in the same
 network with this TLS server.
 
Yeah, no.

Cheers,
Julien


signature.asc
Description: Digital signature

Processed: Re: Bug#699103: Empathy fails to connect to SIP proxy over TLS

Processing control commands:

 severity -1 important
Bug #699103 [telepathy-rakia] Empathy fails to connect to SIP proxy over TLS
Severity set to 'important' from 'serious'

-- 
699103: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699103
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#699102: python-greenlet: FTBFS on sparc

On Sun, Jan 27, 2013 at 16:50:53 +, Javi Merino wrote:

 Package: python-greenlet
 Version: 0.3.1-2.2
 Severity: serious
 Justification: FTBFS
 
 The FTBFS in sparc[0] in wheezy can be fixed by applying the attached
 patch
 
 [0] 
 https://buildd.debian.org/status/fetch.php?pkg=python-greenletarch=sparcver=0.3.1-2.2stamp=1359234024
 
It also ftbfs on mipsen, which is more of an issue because while there's
no sparc binary in testing, there are mips{,el} debs for 0.3.1-2.

Cheers,
Julien


signature.asc
Description: Digital signature

Processed: Re: Bug#698572: setools: FTBFS: symbols file mismatch

Processing control commands:

 severity -1 normal
Bug #698572 {Done: Nick Andrik nick.and...@gmail.com} [src:setools] setools: 
FTBFS: symbols file mismatch
Severity set to 'normal' from 'serious'

-- 
698572: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698572
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#696837: marked as done (Missing Depends on python-libtorrent, fails to start)

2013-01-27 Thread Andrew Starr-Bochicchio

On Sun, Jan 27, 2013 at 11:42 AM, Debian Bug Tracking System
ow...@bugs.debian.org wrote:
 NMU in delayed/2 now using the attached debdiff (Eddy's patch).

From the proposed patch:

@@ -41,8 +42,7 @@
 Package: deluged
 Architecture: all
 Depends: ${misc:Depends}, ${python:Depends},
- deluge-common (= ${source:Version}),
- python-libtorrent (= 0.14.9)
+ deluge-common (= ${source:Version})
 Description: bittorrent client written in Python/PyGTK (daemon)
  Deluge is a full-featured, multi-platform, multi-interface BitTorrent client
  using libtorrent-rasterbar in it's backend and featuring multiple



Adding the extra dependency to deluge-gtk doesn't really bother me all
that much one way or the other, but this patch isn't really correct
either. This seems to remove the python-libtorrent dependency for
deluged. That will break the use case of running the daemon
application on a remote server.

-- Andrew Starr-Bochicchio

   Ubuntu Developer https://launchpad.net/~andrewsomething
   Debian Developer http://qa.debian.org/developer.php?login=asb
   PGP/GPG Key ID: D53FDCB1


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#694015: geda: copyright file missing after upgrade (policy 12.5)

On 2013-01-27 15:37, Andreas Beckmann wrote:
 I have prepared a NMU 1:1.6.2-4.3 cherry-picking gregoa's patch.
 Once that has passed my piuparts tests I'll upload it to DELAYED/2.
 Patch attached.

Tests passed. Package uploaded.

Since I probably don't have write permission in
git://git.debian.org/git/pkg-electronics/geda-gaf.git
you can find the changes from the NMUs in
git://github.com/anbe42/tmp-geda-gaf.git branch wheezy
I'll push the signed tag once the package got accepted into sid.

Andreas


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#696837: marked as done (Missing Depends on python-libtorrent, fails to start)

On Sun, Jan 27, 2013 at 12:02:43PM -0500, Andrew Starr-Bochicchio wrote:
On Sun, Jan 27, 2013 at 11:42 AM, Debian Bug Tracking System
ow...@bugs.debian.org wrote:
 NMU in delayed/2 now using the attached debdiff (Eddy's patch).

From the proposed patch:

@@ -41,8 +42,7 @@
 Package: deluged
 Architecture: all
 Depends: ${misc:Depends}, ${python:Depends},
- deluge-common (= ${source:Version}),
- python-libtorrent (= 0.14.9)
+ deluge-common (= ${source:Version})
 Description: bittorrent client written in Python/PyGTK (daemon)
  Deluge is a full-featured, multi-platform, multi-interface BitTorrent client
  using libtorrent-rasterbar in it's backend and featuring multiple



Adding the extra dependency to deluge-gtk doesn't really bother me all
that much one way or the other, but this patch isn't really correct
either. This seems to remove the python-libtorrent dependency for
deluged. That will break the use case of running the daemon
application on a remote server.

Should be fine: deluged depends on deluge-common (same version), which
will now bring in python-libtorrent as a dependency.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
I can't ever sleep on planes ... call it irrational if you like, but I'm
 afraid I'll miss my stop -- Vivek Dasmohapatra


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#697062: crashes on s390x

Control: clone -1 -2 -3
Control: severity -2 normal
Control: severity -3 normal
Control: reassign -2 buildd.debian.org
Control: reassign -3 ftp.debian.org
Control: retitle -2 P-a-s: tightvncserver should be !s390x
Control: retitle -3 RM: tightvncserver [s390x] -- RoM; does not work
Control: block -3 with -2

On Wed, Jan 23, 2013 at 21:58:01 +0100, Ola Lundqvist wrote:

 Hi
 
 I think it should be removed from s390x.
 
Hopefully the above works.

Cheers,
Julien


signature.asc
Description: Digital signature

Processed: Re: Bug#697062: crashes on s390x

Processing control commands:

 clone -1 -2 -3
Bug #697062 [tightvncserver] crashes on s390x
Bug 697062 cloned as bugs 699105-699106
 severity -2 normal
Bug #699105 [tightvncserver] crashes on s390x
Severity set to 'normal' from 'serious'
 severity -3 normal
Bug #699106 [tightvncserver] crashes on s390x
Severity set to 'normal' from 'serious'
 reassign -2 buildd.debian.org
Bug #699105 [tightvncserver] crashes on s390x
Bug reassigned from package 'tightvncserver' to 'buildd.debian.org'.
No longer marked as found in versions tightvnc/1.3.9-6.4.
Ignoring request to alter fixed versions of bug #699105 to the same values 
previously set
 reassign -3 ftp.debian.org
Bug #699106 [tightvncserver] crashes on s390x
Bug reassigned from package 'tightvncserver' to 'ftp.debian.org'.
No longer marked as found in versions tightvnc/1.3.9-6.4.
Ignoring request to alter fixed versions of bug #699106 to the same values 
previously set
 retitle -2 P-a-s: tightvncserver should be !s390x
Bug #699105 [buildd.debian.org] crashes on s390x
Changed Bug title to 'P-a-s: tightvncserver should be !s390x' from 'crashes on 
s390x'
 retitle -3 RM: tightvncserver [s390x] -- RoM; does not work
Bug #699106 [ftp.debian.org] crashes on s390x
Changed Bug title to 'RM: tightvncserver [s390x] -- RoM; does not work' from 
'crashes on s390x'
 block -3 with -2
Bug #699106 [ftp.debian.org] RM: tightvncserver [s390x] -- RoM; does not work
699106 was not blocked by any bugs.
699106 was not blocking any bugs.
Added blocking bug(s) of 699106: 699105

-- 
697062: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697062
699105: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699105
699106: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699106
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#698527: elmer: executable ElmerGUI.real links with both GPL-licensed and GPL-incompatible libraries

2013-01-27 Thread Boris Pek

  That's true, but, as I said previously [1], *if* there were a
  significant step forward (such as a decision by Open CASCADE S.A.S.,
  with a public promise that next version of Open CASCADE Technology will
  be re-licensed under GPLv2-and-v3-compatible terms), *then* we could
  maybe obtain a wheezy-ignore tag for this bug (assuming that the
  OpenSSL linking issue is easier to solve)...

 Pretty sure you won't get such a promise before wheezy is out...

More over, opencascade was recently removed from Wheezy [1]...

[1] http://packages.qa.debian.org/o/opencascade/news/20130127T163914Z.html

Regards,
Boris


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#696837: marked as done (Missing Depends on python-libtorrent, fails to start)

2013-01-27 Thread Andrey Rahmatullin

On Sun, Jan 27, 2013 at 12:02:43PM -0500, Andrew Starr-Bochicchio wrote:
 From the proposed patch:
 
 @@ -41,8 +42,7 @@
  Package: deluged
  Architecture: all
  Depends: ${misc:Depends}, ${python:Depends},
 - deluge-common (= ${source:Version}),
 - python-libtorrent (= 0.14.9)
 + deluge-common (= ${source:Version})
  Description: bittorrent client written in Python/PyGTK (daemon)
   Deluge is a full-featured, multi-platform, multi-interface BitTorrent client
   using libtorrent-rasterbar in it's backend and featuring multiple
 
 Adding the extra dependency to deluge-gtk doesn't really bother me all
 that much one way or the other, but this patch isn't really correct
 either. This seems to remove the python-libtorrent dependency for
 deluged. That will break the use case of running the daemon
 application on a remote server.
It seems that the patch adds the dependency to deluge-common.

-- 
WBR, wRAR


signature.asc
Description: Digital signature

Bug#698527: elmer: executable ElmerGUI.real links with both GPL-licensed and GPL-incompatible libraries

2013-01-27 Thread Anton Gladky

There is an equivalent replacement oce [1]

Anton

[1] http://packages.debian.org/source/wheezy/oce

2013/1/27 Boris Pek tehnic...@yandex.ru:
 More over, opencascade was recently removed from Wheezy [1]...


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#698527: elmer: executable ElmerGUI.real links with both GPL-licensed and GPL-incompatible libraries

On Sun, Jan 27, 2013 at 19:08:29 +0200, Boris Pek wrote:

   That's true, but, as I said previously [1], *if* there were a
   significant step forward (such as a decision by Open CASCADE S.A.S.,
   with a public promise that next version of Open CASCADE Technology will
   be re-licensed under GPLv2-and-v3-compatible terms), *then* we could
   maybe obtain a wheezy-ignore tag for this bug (assuming that the
   OpenSSL linking issue is easier to solve)...
 
  Pretty sure you won't get such a promise before wheezy is out...
 
 More over, opencascade was recently removed from Wheezy [1]...
 
It's replaced by oce, which has the same license.

Cheers,
Julien


signature.asc
Description: Digital signature

Bug#690394: marked as done (love: incomplete copyright file)

Your message dated Sun, 27 Jan 2013 17:32:32 +
with message-id e1tzw5o-xt...@franck.debian.org
and subject line Bug#690394: fixed in love 0.8.0-1+deb7u1
has caused the Debian Bug report #690394,
regarding love: incomplete copyright file
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
690394: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690394
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---

Source: love
Version: 0.8.0-1
Severity: serious
Justification: Policy 12.5

src/libraries/utf8/ contains embedded copy of the UTF8-CPP library, 
which is copyrighted by Nemanja Trifunovic and licensed under the Boost 
Software License. This information is not included in the copyright 
file.


--
Jakub Wilk
---End Message---
---BeginMessage---
Source: love
Source-Version: 0.8.0-1+deb7u1

We believe that the bug you reported is fixed in the latest version of
love, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 690...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ivo De Decker ivo.dedec...@ugent.be (supplier of updated love package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Sat, 22 Dec 2012 23:49:03 +0100
Source: love
Binary: love love-dbg love-doc
Architecture: source all amd64
Version: 0.8.0-1+deb7u1
Distribution: testing-proposed-updates
Urgency: low
Maintainer: Debian Games Team pkg-games-de...@lists.alioth.debian.org
Changed-By: Ivo De Decker ivo.dedec...@ugent.be
Description: 
 love   - 2D game development framework based on Lua and OpenGL
 love-dbg   - 2D game development framework - debugging symbols
 love-doc   - 2D game development framework - documentation
Closes: 690394
Changes: 
 love (0.8.0-1+deb7u1) testing-proposed-updates; urgency=low
 .
   * Non-maintainer upload.
 .
   [ Ivo De Decker ]
   * Upload to testing to backport fixes for wheezy.
   * Add lintian override for embedded copy of Glee library to avoid ftp-master
 autoreject. This is fixed in version 0.8.0-2 (for jessie), but this change
 will not go into wheezy. More info in bug #690492.
 .
   [ Bas Wijnen ]
   * Convert copyright file to machine readable format.
   * Add copyright information for utf8-cpp. Closes: #690394
Checksums-Sha1: 
 b3558c5568ed76eeace1f97f9601b69a4a49014b 2860 love_0.8.0-1+deb7u1.dsc
 eb1557fd8f31bf297db6ed7b6e5faa89987515c4 454658 love_0.8.0.orig-demos.tar.bz2
 680838054d7457388f73dec27098a3518b8f6ee0 650893 love_0.8.0.orig-doc.tar.bz2
 8c6ad95b7b0e3c6530b4778b9523f126ba9c9d90 1027356 love_0.8.0.orig.tar.gz
 f981cc17d22a227b55ac07bded8827e9a145924b 105343 
love_0.8.0-1+deb7u1.debian.tar.bz2
 2f32005b112230a8f43430d2b6c5ed9f26dc8006 912242 love-doc_0.8.0-1+deb7u1_all.deb
 d22596a1025b301417bedb5d84cdc157d6258af4 948402 love_0.8.0-1+deb7u1_amd64.deb
 ee6f1618978f9f8b4affe71ca79ef1edb0314ed1 3012942 
love-dbg_0.8.0-1+deb7u1_amd64.deb
Checksums-Sha256: 
 92b5870674c7ce20d4f7c267b035fed9e68d043cfd88249bf79a894dd49176cd 2860 
love_0.8.0-1+deb7u1.dsc
 0c2524aaf307b6419953f61bade83080acaf0468e0581f9f3652be1143281660 454658 
love_0.8.0.orig-demos.tar.bz2
 2fa608e64e0fcde992ddf82c1a3fc29256b60ae9ccf9cd4618614d4b56a000ae 650893 
love_0.8.0.orig-doc.tar.bz2
 9167ca1cc7893ff1fdcf3b6fc7e2a88be10d899075a513942420fe8f94668ecc 1027356 
love_0.8.0.orig.tar.gz
 0a808617e0f96d232d022d11fcccbfeb99bd57082c9182f73fc6b228ca17833a 105343 
love_0.8.0-1+deb7u1.debian.tar.bz2
 fc4e472ef23613fd8acae54bb525a8830b3644fee83e868928c8f9d6c0a8828c 912242 
love-doc_0.8.0-1+deb7u1_all.deb
 518d38d8abedb89a53ee6e44b19020d482ad3f71525bbaff287db45fed0ac15b 948402 
love_0.8.0-1+deb7u1_amd64.deb
 f1b4aa744e658eccb403ce805e6db41d1e10d67985bee55e5394c9c436f1c7f2 3012942 
love-dbg_0.8.0-1+deb7u1_amd64.deb
Files: 
 b27095de375df731a9cbe1dc8e9c7f98 2860 interpreters optional 
love_0.8.0-1+deb7u1.dsc
 2e037776f8981461e4752923a1bc7dc7 454658 interpreters optional 
love_0.8.0.orig-demos.tar.bz2
 1013f9b5ea16df1ac8b370466b6ffa01 650893 interpreters optional 
love_0.8.0.orig-doc.tar.bz2
 9db9c32585fc7c7da3eba7e438783099 1027356 interpreters optional 
love_0.8.0.orig.tar.gz
 ae28eb651d28268c97d997db5da546e3 105343 interpreters optional

Bug#698577: varnish: prompting due to modified conffiles which were not modified by the user

On Sun, Jan 20, 2013 at 18:12:54 +0100, Andreas Beckmann wrote:

   Setting up varnish (3.0.2-2) ...
   Installing new version of config file /etc/init.d/varnishncsa ...
   Installing new version of config file /etc/init.d/varnish ...
   Installing new version of config file /etc/init.d/varnishlog ...
   Installing new version of config file /etc/varnish/default.vcl ...
   Installing new version of config file /etc/default/varnishncsa ...
   
   Configuration file `/etc/default/varnish'
== Modified (by you or by a script) since installation.
== Package distributor has shipped an updated version.
  What would you like to do about it ?  Your options are:
   Y or I  : install the package maintainer's version
   N or O  : keep your currently-installed version
 D : show the differences between the versions
 Z : start a shell to examine the situation
The default action is to keep your current version.
   *** varnish (Y/I/N/O/D/Z) [default=N] ? dpkg: error processing varnish 
 (--configure):
EOF on stdin at conffile prompt
 
 This was observed on an upgrade from lenny to squeeze to wheezy.
 
So what happens is when upgrading from lenny, the varnish/squeeze
postinst runs:
upgrade_enable_varnishd() {
sed -i '/^START=/s/no/yes/g' /etc/default/varnish
}
which thus modifies the conffile, and the upgrade to wheezy barfs on
that.

This is icky, but I'm not sure we should consider this serious.

Cheers,
Julien


signature.asc
Description: Digital signature

Bug#690394: Bug#690877: unblock: love/0.8.0-3

2013-01-27 Thread Ivo De Decker

Hi again, Jonathan,

On Sun, Jan 27, 2013 at 04:12:48PM +, Jonathan Wiltshire wrote:
   However, version 0.8.0-3 is already in unstable, so please
   make the version 0.8.0-2.1 instead.
  
  That's fine with me, but I guess the release team prefers +deb7u1 for 
  wheezy.
 
 Your changelog claims to be an NMU, so the correct version would be
 0.8.0-2.1. I'm not all that fussed though.

Well, I've had the reverse request for other TPU uploads, so I didn't change
this one. I don't really care what the version numbers should be, but it would
be nice if there was some unambiguous documentation somewhere. There is
#685646 and #542288, so hopefully this will happen soon.

   Will you upload the package?
  
  That's OK, but as it is a TPU upload, we first need pre-approval from the
  release team.
 
 You can upload this fix to tpu.

The package was just uploaded to TPU (thanks to Anton Gladky for the sponsored
upload).

Cheers,

Ivo


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#699066: xgks: Contains code preventing commercial distribution

2013-01-27 Thread Jonathan Wiltshire

On Sat, Jan 26, 2013 at 08:08:51PM -0500, Luke Faraone wrote:
 On Sat, Jan 26, 2013 at 07:31:33PM -0500, Luke Faraone wrote:
  Package: xgks
  Severity: serious
  Justification: Violates the DFSG
 
 
 Additional violations noted below.
 
 xgks-2.7.0/src/port/misc/inetutil.c and
 xgks-2.7.0/src/port/misc/inetutil.h:
 /*
  *  Copyright 1991, University Corporation for Atmospheric Research.
  * Not for Direct Resale. All copies to include this notice.
  */
 /* $Id: inetutil.c,v 1.1 2000/08/07 23:15:03 emmerson Exp $ */
 
 xgks-2.7.0/src/fontdb/hf2gks.c:
 COPYRIGHT, 1990, FORD MOTOR COMPANY
 
 Without any other license.

These are more of a problem. We can't distribute things for which we don't
have a license. Given the state of the freeze, you should be aware that I'll
remove xgks and ferret-vis from Wheezy on Wednesday if you are not able to
resolve this satisfactorily before then.

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

directhex i have six years of solaris sysadmin experience, from
8-10. i am well qualified to say it is made from bonghits
layered on top of bonghits


signature.asc
Description: Digital signature

Bug#655969: [Pkg-lirc-maint] Bug#655969: lirc: prompting due to modified conffiles which where not modified by the user

2013-01-27 Thread Ben Hutchings

On Sat, 2013-01-26 at 18:22 +, Jonathan Wiltshire wrote:
 On Wed, Jan 18, 2012 at 01:34:08AM +0100, Stefan Lippers-Hollmann wrote:
  Thanks for the notice, while I don't exactly share that severity 
  classification (although that is of course covered by the policy text),
  I'll work on this as soon as possible. 
 
 Ping? It's been a year, and with a popcon of over 60,000 a *lot* of people
 are going to start seeing this prompt very soon...

You're looking at the install count for liblircclient0, which many media
players depend on.  The conffiles belong to lirc, which has an install
count of 5609 - not quite as big a problem.

Ben.

-- 
Ben Hutchings
Experience is what causes a person to make new mistakes instead of old ones.


signature.asc
Description: This is a digitally signed message part

Bug#694870: /usr/sbin/gentcos: gentcos uses non-existent option -l of modprobe

2013-01-27 Thread Manuel A. Fernandez Montecelo

Control: block -1 by 699109

Hi,

I submitted a pre-approval unblock request to the Release Team to try
to get things moving on with this bug.

This is the request: http://bugs.debian.org/699109

Cheers.


PS: I am in no way involved with the package, doing this as part of a
bug squashing party.

-- 
Manuel A. Fernandez Montecelo manuel.montez...@gmail.com


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: Re: /usr/sbin/gentcos: gentcos uses non-existent option -l of modprobe

Processing control commands:

 block -1 by 699109
Bug #694870 [initramfs-tools-tcos] /usr/sbin/gentcos: gentcos uses non-existent 
option -l of modprobe
694870 was not blocked by any bugs.
694870 was not blocking any bugs.
Added blocking bug(s) of 694870: 699109

-- 
694870: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694870
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: varnish: diff for NMU version 3.0.2-2.1

Processing commands for cont...@bugs.debian.org:

 tags 698577 + patch
Bug #698577 [varnish] varnish: prompting due to modified conffiles which were 
not modified by the user
Added tag(s) patch.
 tags 698577 + pending
Bug #698577 [varnish] varnish: prompting due to modified conffiles which were 
not modified by the user
Added tag(s) pending.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
698577: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698577
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#698577: varnish: diff for NMU version 3.0.2-2.1

2013-01-27 Thread Jérémy Lal

tags 698577 + patch
tags 698577 + pending
thanks

Dear maintainer,

I've prepared an NMU for varnish (versioned as 3.0.2-2.1).
Please find the patch attached.

Regards,
Jérémy.
diff -Nru varnish-3.0.2/debian/changelog varnish-3.0.2/debian/changelog
--- varnish-3.0.2/debian/changelog	2012-05-01 16:22:42.0 +0200
+++ varnish-3.0.2/debian/changelog	2013-01-27 16:21:22.0 +0100
@@ -1,3 +1,11 @@
+varnish (3.0.2-2.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * ucf validation for /etc/default/varnish modified by postinst script.
+(Closes: #698577)
+
+ -- JÃ©rÃ©my Lal kapo...@melix.org  Sun, 27 Jan 2013 16:21:19 +0100
+
 varnish (3.0.2-2) unstable; urgency=low
 
   [ Knut Arne BjÃ¸rndal ]
diff -Nru varnish-3.0.2/debian/varnish.postinst varnish-3.0.2/debian/varnish.postinst
--- varnish-3.0.2/debian/varnish.postinst	2012-05-01 16:22:42.0 +0200
+++ varnish-3.0.2/debian/varnish.postinst	2013-01-27 18:12:45.0 +0100
@@ -52,7 +52,12 @@
 # varnish version 2.1.3-1 and older started varnishd at boot, we keep
 # this default for upgrading clients
 upgrade_enable_varnishd() {
-sed -i '/^START=/s/no/yes/g' /etc/default/varnish
+tmpFile=$(tempfile)
+sed '/^START=/s/no/yes/g' /etc/default/varnish  ${tmpFile}
+if which ucf /dev/null; then
+ucf --debconf-ok ${tmpFile} /etc/default/varnish
+fi
+rm -f ${tmpFile}
 }
 
 case ${1:-} in

Bug#690394: Bug#690877: Bug#690394: Bug#690877: unblock: love/0.8.0-3

On Sun, Jan 27, 2013 at 16:12:48 +, Jonathan Wiltshire wrote:

 You can upload this fix to tpu.
 
Approved.

Cheers,
Julien


signature.asc
Description: Digital signature

Bug#698577: varnish: diff for NMU version 3.0.2-2.1

On Sun, Jan 27, 2013 at 18:54:12 +0100, Jérémy Lal wrote:

 diff -Nru varnish-3.0.2/debian/varnish.postinst 
 varnish-3.0.2/debian/varnish.postinst
 --- varnish-3.0.2/debian/varnish.postinst 2012-05-01 16:22:42.0 
 +0200
 +++ varnish-3.0.2/debian/varnish.postinst 2013-01-27 18:12:45.0 
 +0100
 @@ -52,7 +52,12 @@
  # varnish version 2.1.3-1 and older started varnishd at boot, we keep
  # this default for upgrading clients
  upgrade_enable_varnishd() {
 -sed -i '/^START=/s/no/yes/g' /etc/default/varnish
 +tmpFile=$(tempfile)
 +sed '/^START=/s/no/yes/g' /etc/default/varnish  ${tmpFile}
 +if which ucf /dev/null; then
 +ucf --debconf-ok ${tmpFile} /etc/default/varnish
 +fi
 +rm -f ${tmpFile}
  }
  
  case ${1:-} in

That's horrible. varnish doesn't use ucf so far, there should be a better way
to go about that.

Cheers,
Julien


signature.asc
Description: Digital signature

Processed: bug 624507 is forwarded to https://bugzilla.gnome.org/show_bug.cgi?id=637095

Processing commands for cont...@bugs.debian.org:

 forwarded 624507 https://bugzilla.gnome.org/show_bug.cgi?id=637095
Bug #624507 [gvfs] Started looping and continuously rewriting metadata file
Bug #635457 [gvfs] gvfsd-metadata: gvfsd-metadata creates a large amount of NFS 
network I/O on NFS-mounted user home directory
Set Bug forwarded-to-address to 
'https://bugzilla.gnome.org/show_bug.cgi?id=637095'.
Set Bug forwarded-to-address to 
'https://bugzilla.gnome.org/show_bug.cgi?id=637095'.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
624507: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624507
635457: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635457
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#692899: zope2.12: [CVE-2012-5485 to 5508] Multiple vectors corrected within 20121106 fix

2013-01-27 Thread Tres Seaver

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 01/27/2013 11:55 AM, David Glick (Plone) wrote:
 On 1/27/13 6:00 PM, Tres Seaver wrote:
 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
 
 On 01/27/2013 08:49 AM, Julien Cristau wrote:
 On Mon, Nov 26, 2012 at 18:53:58 +0900, Arnaud Fontaine wrote:
 
 Tres Seaver tsea...@palladion.com writes:
 
 * CVE-2012-5505 (zope.traversing: atat.py) 
 http://plone.org/products/plone/security/advisories/20121106/21

 
That fix is  also disputed: hiding the default view  from the
 '@@' name does not actually improve security  at all.  There
 is a Launchpad bug where  it is being  debated (#1079225), but
 that bug is  still in Private Security mode.  The correct
 fix is to change the code of the multi-adapter to barf if
 published via a URL.
 Any idea when this patch will be released? Thanks.
 
 Is there any news on that issue?
 I still believe the report is in error:  we cannot hide default
 (unnamed) views simply because an application might register one in
 error. Any views which wants not to be called via URLs needs to
 handle that directly:  registering a multiadapter for (IThing, None)
 *is* registering a view.
 
 
 Plone includes the configuration of zope.annotation which registers a
  multiadapter of (IAnnotations, Interface) that, as far as I can tell,
 is not intended as a view and can expose information that was meant to
 be private. Our patch therefore monkey-patched the view traverser in 
 zope.traversing to prevent it from being published. zope.annotation is
  not configured in Zope 2 out of the box.

If you believe that the '(IAnnotation, None)' registration is not
supposed to be a view, then the correct place to address this is in
'zope.annotation', not the publisher.  E.g.:, the attached patch.

Note that the two-argument registration was added by Jacob Holm in r72995
(2007-03-05).  CC'ing him to ask if he can recall the justification, or
knows what would break if we removed it.  At a guess, the motivator is
zope.app.preference, which wnats the extra argument passed to its
__new__:  this is *not* a reason to reguster a multi-adapter.




Tres.
- -- 
===
Tres Seaver  +1 540-429-0999  tsea...@palladion.com
Palladion Software   Excellence by Designhttp://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlEFbAEACgkQ+gerLs4ltQ6vSgCff1kX2u+mhrvly+m0uBSg5DD+
nBoAoMVdVCnKzrHwPIleuHhHIHpM7Xkw
=e1VT
-END PGP SIGNATURE-
=== modified file 'src/zope/annotation/configure.zcml'
--- src/zope/annotation/configure.zcml	2011-02-15 15:46:28 +
+++ src/zope/annotation/configure.zcml	2013-01-27 18:00:07 +
@@ -8,10 +8,4 @@
   factory=.attribute.AttributeAnnotations
   /
 
-  adapter
-  for=.interfaces.IAttributeAnnotatable *
-  provides=.interfaces.IAnnotations
-  factory=.attribute.AttributeAnnotations
-  /
-
 /configure

=== modified file 'src/zope/annotation/tests/test_configure.py'
--- src/zope/annotation/tests/test_configure.py	2011-02-15 15:46:28 +
+++ src/zope/annotation/tests/test_configure.py	2013-01-27 18:01:03 +
@@ -36,7 +36,7 @@
 zope.configuration.xmlconfig.XMLConfig(
 'configure.zcml', zope.annotation)()
 self.assertEqual(u_count + 2, len(list(gsm.registeredUtilities(
-self.assertEqual(a_count + 2, len(list(gsm.registeredAdapters(
+self.assertEqual(a_count + 1, len(list(gsm.registeredAdapters(
 self.assertEqual(
 s_count, len(list(gsm.registeredSubscriptionAdapters(
 self.assertEqual(h_count, len(list(gsm.registeredHandlers(

Bug#691600: libghc-warp-dev: does not parse request headers correctly

2013-01-27 Thread Joachim Breitner

Hi,

Am Sonntag, den 27.01.2013, 15:09 + schrieb Steve McIntyre:
 Do we have any hope of progress on this RC bug? Otherwise it's
 incredibly tempting to push for removal of libghc-warp-dev considering
 its tiny popcon and the fact that it has never been in a stable Debian
 release...

I’m still have doubts if the severity is appropriate. The proportion of
clients sending such strange header is likely quite small, so this
sounds more like “a bug which has a major effect on the usability of a
package, without rendering it completely unusable to everyone.” i.e.
important.

Or does anyone think that not having warp (and its reverse dependencies)
in is better than a version with incompatibility problems?

Thanks,
Joachim

-- 
Joachim nomeata Breitner
Debian Developer
  nome...@debian.org | ICQ# 74513189 | GPG-Keyid: 4743206C
  JID: nome...@joachim-breitner.de | http://people.debian.org/~nomeata


signature.asc
Description: This is a digitally signed message part

Bug#698577: varnish: diff for NMU version 3.0.2-2.1

2013-01-27 Thread Jérémy Lal

On 27/01/2013 19:03, Julien Cristau wrote:
 On Sun, Jan 27, 2013 at 18:54:12 +0100, Jérémy Lal wrote:
 
 diff -Nru varnish-3.0.2/debian/varnish.postinst 
 varnish-3.0.2/debian/varnish.postinst
 --- varnish-3.0.2/debian/varnish.postinst2012-05-01 16:22:42.0 
 +0200
 +++ varnish-3.0.2/debian/varnish.postinst2013-01-27 18:12:45.0 
 +0100
 @@ -52,7 +52,12 @@
  # varnish version 2.1.3-1 and older started varnishd at boot, we keep
  # this default for upgrading clients
  upgrade_enable_varnishd() {
 -sed -i '/^START=/s/no/yes/g' /etc/default/varnish
 +tmpFile=$(tempfile)
 +sed '/^START=/s/no/yes/g' /etc/default/varnish  ${tmpFile}
 +if which ucf /dev/null; then
 +ucf --debconf-ok ${tmpFile} /etc/default/varnish
 +fi
 +rm -f ${tmpFile}
  }
  
  case ${1:-} in
 
 That's horrible. varnish doesn't use ucf so far, there should be a better way
 to go about that.

Oh i was trying to fix the existing code, not remove it - which would
be a much better solution, along with a simple advice in NEWS.Debian, perhaps.

I'm curious why ucf is horrible, though.

Jérémy.


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: fixed 592204 in 0.5-1, tagging 592204, affects 684964, found 669278 in 4:4.6.0.0-1 ...