Re: Freeze exception request for twyt
On 02/02/09 07:15, Luk Claes wrote: Ok, unblocked. I guess we should discuss these external API/website dependencies in general and for twitter in particular with volatile and backports teams so we don't have to improvise when the API changes again ... Yes, I hadn't really anticipated the problem before the package update. I look forward to that conversation. Many thanks, Luk. -- Andrew Price -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: CfH: Some issues regarding the lenny release notes
2009/2/2 W. Martin Borgert deba...@debian.org: 0. Credits I added some author and translator names to the file en/release-notes.dbk. If your name or the name of your favourite contributor is not yet in, please just patch the file. If the existing information is inaccurate, patch it. Maybe we can also remove some names, which do not apply to the current state anymore. In my opinions translators should only appear in the relevant translation document, not in all languages. Having, for eg, the bielorussian's translators name in the spanish translation of the Release Notes does not make sense. Maybe it should be best to have something like: # TRANSLATORS: Please introduce here the name of the people # you want to credit both for current and past translations msgid The translation teams for each of their respective languages msgstr And have translation teams introduce in the translation whatever they feel appropiate. I'm not sure how the 'hidden Also, either all credits should have email addresses or none should, doing a mix of some do, some don't looks odd. Just my 2c Regards Javier -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
please unblock gnutls26/2.4.2-5
Hi, Please unblock gnutls26/2.4.2-5 (and probably bump its urgency to be in time). It fixes release critical bug #509593. I've explained in the bug log why I think this should indeed be fixed before the release: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509593#37 but to summarise: the problem is that there are major CA's with a V1 cert in their chain, and the problem is not it being disabled by default but the inability to enable it back for those that need to work with these certificates, thus making it completely impossible to use gnutls-enabled services with such a chain. thanks, Thijs -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Please unblock mysql-dfsg-5.0 5.0.51a-23
Hi, please unblock mysql-dfsg-5.0 5.0.51a-23, which fixes a FTBFS on all archs because of an expires SSL certificate in the testsuite. It also fixes a forgotten password in /var/cache/debconf/passwords.dat. 5.0.51a-22 adds an upstream fix from a newer release, and a problem with passwords which need quoting. mysql-dfsg-5.0 (5.0.51a-23) testing-proposed-updates; urgency=medium . * Reset debconf password variable root_password_again immediately after using it. (closes: #513262) * Disable SSL related tests when running the testsuite until MySQL bug #42366 gets fixed. mysql-dfsg-5.0 (5.0.51a-22) testing-proposed-updates; urgency=low . * New patch 10_mysql_secure_installation.dpatch to fix failure on passwords which need quoting. (closes: #511929) * New patch 62_delete_with_self-join.dpatch from 5.0.54 to fix MyISAM storage engine error (134) doing delete with self-join. (closes: #512651) Thanks, Norbert -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Please give back ruby1.9/1.9.0.2-9 on hppa and alpha
Hi, ruby1.9 still fails to build on hppa and alpha. On hppa, it's caused by a kernel bug, which was partially fixed (at least the kernel doesn't panic() anymore). Since the issue is related to threading, it is possible that retrying could make it build successfully. On alpha, there's a segfault during the build. Manual builds on porter machines do work, though. -- | Lucas Nussbaum | lu...@lucas-nussbaum.net http://www.lucas-nussbaum.net/ | | jabber: lu...@nussbaum.fr GPG: 1024D/023B3F4F | -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: please allow transition of nagios-snmp-plugins 1.1.1-6 to lenny
Jan Wagner wrote: Dear release team, I know we are in deep freeze, but could you please unblock nagios-snmp-plugins 1.1.1-6? It just fixes one RC bug: already unblocked cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Please give back ruby1.9/1.9.0.2-9 on hppa and alpha
On Mon, Feb 02, 2009 at 07:04:48PM +0100, Lucas Nussbaum wrote: Hi, hey Lucas! ruby1.9 still fails to build on hppa and alpha. On hppa, it's caused by a kernel bug, which was partially fixed (at least the kernel doesn't panic() anymore). Since the issue is related to threading, it is possible that retrying could make it build successfully. fyi, I've retried it numerous times on both buildds with no luck. We're not crashing the buildd anymore - thanks to Helge's fix - but the build hangs indefinitely. I've no objection to it being retried again of course (and I'm not the buildd admin anyway) - I just want to set your expectations. On alpha, there's a segfault during the build. Manual builds on porter machines do work, though. -- dann frazier -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: CfH: Some issues regarding the lenny release notes
W. Martin Borgert wrote: Hi, I like to ask for opinions/help/contribution regarding the lenny release notes: 0. credits 1. too many bug reports open, missing tests, deadlines 2. hyphenation with dblatex 3. size of PDFs with xmlroff on etch 4. compilation time with dblatex on etch 1. Too many bug reports open, missing tests, deadlines That's the reason why I got the last sentence(s) added to the latest release update. Unfortunately I'm busy with other stuff... 3. Size of PDFs with xmlroff on etch When you build the lenny release notes on etch, even with the xmlroff backport from lenny, I got Huge PDFs for some languages. I assume, that we need a backport of libcairo2 to get reasonable sized PDFs or just build on a lenny machine. The PDF for ml is 69× bigger when build on etch, zh_CN still 6.7× bigger! We need to fix this or change the Makefile: -DISABLED_PDF= +DISABLED_PDF=cs ja ml pl ro ru vi zh_CN zh_TW Anybody up for libcairo2 backport to etch? I uploaded a backport yesterday after coordination with the maintainers, please check out if it's ok and we can ask to install it on www-master. 4. Compilation time with dblatex on etch When you build the lenny release notes on etch, even with the dblatex backport from lenny, I experienced that it compiles 6.5× times slower than the same version on lenny. Is it my broken etch setup? Is it the older Python? Another reason to build on lenny, if it were possible... I asked DSA and unfortunately it won't be possible to upgrade www-master before the release. So either things work out with backports or we have to figure out some other solution. Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Freeze exception for yaws 1.77-3
Hi! Please, unblock Yet Another Web Server yaws 1.77-3 which fixes two bugs: 1) yaws package refused to install if hostname wasn't set correctly. 2) yaws package refused to upgrade if it was installed together with some of its companion packages (e.g. yaws-yapp). The complete diff between 1.77-1 (the version currently in testing) and 1.77-3 is attached. -- Sergei Golovan yaws_1.77-1-1.77.3.diff Description: Binary data
Re: Iceape removal
On 2009-01-28, Luk Claes l...@debian.org wrote: Moritz Muehlenhoff wrote: Luk Claes wrote: Do you also take care of documenting this in the Release Notes? I'll do that in the next days. Ok, thanks! I've filed a bug against release-notes. Do the now obsolete binary packages (like iceape-browser) need to be removed by FTP masters? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: [Pkg-clamav-devel] The future of clamav wrt. stable/volatile
This one time, at band camp, Michael Tautschnig said: There is just a slightly archive-specific problem: A package in main must not depend on something outside main (at least so I guess, I couldn't find the docs stating this rightaway). We'd thus need some clamav package in main, and not only in volatile. Which more or less is the situation we have today. A way around this problem might be to integrate volatile slightly more with the main dak archive. Treating volatile (from the point of view of dak) as a kind of proposed-updates queue (that may or may not get rolled into stable point releases) would allow us to have packages in main depend on packages in main/volatile (I think - ICBW). Cheers, -- - | ,''`.Stephen Gran | | : :' :sg...@debian.org | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Re: [Pkg-clamav-devel] The future of clamav wrt. stable/volatile
Stephen Gran wrote: This one time, at band camp, Michael Tautschnig said: There is just a slightly archive-specific problem: A package in main must not depend on something outside main (at least so I guess, I couldn't find the docs stating this rightaway). We'd thus need some clamav package in main, and not only in volatile. Which more or less is the situation we have today. A way around this problem might be to integrate volatile slightly more with the main dak archive. Treating volatile (from the point of view of dak) as a kind of proposed-updates queue (that may or may not get rolled into stable point releases) would allow us to have packages in main depend on packages in main/volatile (I think - ICBW). As what you call main/volatile is not in stable, I don't think that's a solution. The oposite would work though: packages in volatile depending on packages in stable (like with proposed-updates...). Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Iceape removal
Moritz Muehlenhoff wrote: On 2009-01-28, Luk Claes l...@debian.org wrote: Moritz Muehlenhoff wrote: Luk Claes wrote: Do you also take care of documenting this in the Release Notes? I'll do that in the next days. Ok, thanks! I've filed a bug against release-notes. Do the now obsolete binary packages (like iceape-browser) need to be removed by FTP masters? It's already removed by FTP masters, iceape just needs to migrate to have any effect in testing (which won't happen before all reverse deps are fixed). Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Iceape removal
On Mon, Feb 02, 2009 at 08:03:36PM +0100, Luk Claes wrote: Moritz Muehlenhoff wrote: On 2009-01-28, Luk Claes l...@debian.org wrote: Moritz Muehlenhoff wrote: Luk Claes wrote: Do you also take care of documenting this in the Release Notes? I'll do that in the next days. Ok, thanks! I've filed a bug against release-notes. Do the now obsolete binary packages (like iceape-browser) need to be removed by FTP masters? It's already removed by FTP masters, iceape just needs to migrate to have any effect in testing (which won't happen before all reverse deps are fixed). What do you mean by that? Theorically, there is nothing to do to reverse dependencies. Keeping iceape-dev and iceape-dev-bin ensures they can be built from source, but they shouldn't need rebuilding or any NMU. Mike -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: [Pkg-clamav-devel] The future of clamav wrt. stable/volatile
On Mon, 2 Feb 2009 18:55:32 + Stephen Gran sg...@debian.org wrote: This one time, at band camp, Michael Tautschnig said: There is just a slightly archive-specific problem: A package in main must not depend on something outside main (at least so I guess, I couldn't find the docs stating this rightaway). We'd thus need some clamav package in main, and not only in volatile. Which more or less is the situation we have today. A way around this problem might be to integrate volatile slightly more with the main dak archive. Treating volatile (from the point of view of dak) as a kind of proposed-updates queue (that may or may not get rolled into stable point releases) would allow us to have packages in main depend on packages in main/volatile (I think - ICBW). Couldn't we achieve the same result by just relaxing the policy of what's allowed in proposed-updates for clamav and rdepends with a lot less technical complexity? With the volatile approach you'd also have to exclude stuff not related to clamav from proposed-updates. Scott K -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Please remove josm and josm-plugins from lenny
Hi, i'd like to ask for removal of josm josm-plugins from lenny. The long planned migration to the OpenSteetMap Web-API 0.6 is now scheduled to go live in March. The current josm version in lenny will be incompatible with that release and renders the package unusable. Thanks, Andreas -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: please remove etoken before release
On Mon, Feb 02, 2009 at 08:05:30PM +0100, Andreas Jellinghaus wrote: so please be so kind and remove it? I've asked ftp masters to remove the package and have opened a bug to the package (RC) so that it gets removed by release managers from the release. Regards Javier signature.asc Description: Digital signature
please allow transition of nagios-snmp-plugins 1.1.1-6 to lenny
Dear release team, I know we are in deep freeze, but could you please unblock nagios-snmp-plugins 1.1.1-6? It just fixes one RC bug: nagios-snmp-plugins (1.1.1-6) unstable; urgency=low * instead of suggest depend on nagios-plugins-basic to get command definitions installed into /etc/nagios-plugins/config and registered via ucf, since /usr/share/nagios-plugins/dpkg/functions is used in postinst (Closes: #513872) -- Jan Wagner w...@cyconet.org Sun, 01 Feb 2009 23:49:10 +0100 Many thanks, Jan. -- Never write mail to w...@spamfalle.info, you have been warned! -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT d-- s+: a- C+++ UL P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++ --END GEEK CODE BLOCK-- signature.asc Description: This is a digitally signed message part.
Re: Iceape removal
Mike Hommey wrote: On Mon, Feb 02, 2009 at 08:03:36PM +0100, Luk Claes wrote: Moritz Muehlenhoff wrote: On 2009-01-28, Luk Claes l...@debian.org wrote: Moritz Muehlenhoff wrote: Luk Claes wrote: Do you also take care of documenting this in the Release Notes? I'll do that in the next days. Ok, thanks! I've filed a bug against release-notes. Do the now obsolete binary packages (like iceape-browser) need to be removed by FTP masters? It's already removed by FTP masters, iceape just needs to migrate to have any effect in testing (which won't happen before all reverse deps are fixed). What do you mean by that? Theorically, there is nothing to do to reverse dependencies. Keeping iceape-dev and iceape-dev-bin ensures they can be built from source, but they shouldn't need rebuilding or any NMU. Ah, ok, the better. That just means that the issues listed in `grep-excuses iceape` need to be solved before it migrates. Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Please remove josm and josm-plugins from lenny
Andreas Putzo wrote: Hi, i'd like to ask for removal of josm josm-plugins from lenny. The long planned migration to the OpenSteetMap Web-API 0.6 is now scheduled to go live in March. The current josm version in lenny will be incompatible with that release and renders the package unusable. Ok, removal hint added. You might want to talk to backports and volatile ftp-masters to see if it would qualify to be included after the release. Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Iceape removal
On Mon, Feb 02, 2009 at 10:34:07PM +0100, Luk Claes wrote: Mike Hommey wrote: On Mon, Feb 02, 2009 at 08:03:36PM +0100, Luk Claes wrote: Moritz Muehlenhoff wrote: On 2009-01-28, Luk Claes l...@debian.org wrote: Moritz Muehlenhoff wrote: Luk Claes wrote: Do you also take care of documenting this in the Release Notes? I'll do that in the next days. Ok, thanks! I've filed a bug against release-notes. Do the now obsolete binary packages (like iceape-browser) need to be removed by FTP masters? It's already removed by FTP masters, iceape just needs to migrate to have any effect in testing (which won't happen before all reverse deps are fixed). What do you mean by that? Theorically, there is nothing to do to reverse dependencies. Keeping iceape-dev and iceape-dev-bin ensures they can be built from source, but they shouldn't need rebuilding or any NMU. Ah, ok, the better. That just means that the issues listed in `grep-excuses iceape` need to be solved before it migrates. Which only contains out-of-dates for alpha, hppa, and ia64, where it appears the packages have been built already and only need signing and upload (and apparently, hppa is already uploaded). Coming out smoothly, it seems. Cheers, Mike -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: squid: please allow transition to lenny
Luigi Gangitano wrote: Hi releasers, I would like to ask for allowance of squid_2.7.STABLE3-4 in lenny. This release fixes a single RC bug (#512512). unblocked cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Please unblock mysql-dfsg-5.0 5.0.51a-23
Norbert Tretkowski wrote: Hi, please unblock mysql-dfsg-5.0 5.0.51a-23, which fixes a FTBFS on all archs because of an expires SSL certificate in the testsuite. It also fixes a forgotten password in /var/cache/debconf/passwords.dat. 5.0.51a-22 adds an upstream fix from a newer release, and a problem with passwords which need quoting. Will be approved after next dinstall as arm binaries were not installed yet. Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Question about fixing #512075
Short status update: Aurelien gave me access to an ARM machine, so I can try to get this fixed. Thomas -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: new upstream gEDA bug fix release
On Mon, Feb 02, 2009 at 04:36:59AM +0100, Cyril Brulebois wrote: Hamish Moffatt ham...@debian.org (02/02/2009): RM asked for a full diff between 1.4.0 and 1.4.3 to be attached. If you can't do it, I will look at it tonight. I've posted the diffs twice now, and the list is eating the posts. Unhappy with .diff.gz attachments? Too big? I'm not sure. There's about 1Mb of diff.gz attachments. If you have doubts about size of attachments, you can either try another compression algo, and/or link to the actual diff somewhere available over http. I guess it's less usable, but at least nothing should be munged. OK, the patches for review are at http://people.debian.org/~hamish geda-gattrib, geda-gnetlist, geda-gschem, geda-utils and libgeda have real fixes (+ autoconf updates, intl updates etc). geda-doc, -examples, -gsymcheck, and -symbols have version number bumps only (+ autoconf etc). Upstream recommends we update those also for consistency. thanks, Hamish -- Hamish Moffatt VK3SB ham...@debian.org ham...@cloud.net.au -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
CfH: Some issues regarding the lenny release notes
Hi, I like to ask for opinions/help/contribution regarding the lenny release notes: 0. credits 1. too many bug reports open, missing tests, deadlines 2. hyphenation with dblatex 3. size of PDFs with xmlroff on etch 4. compilation time with dblatex on etch 0. Credits I added some author and translator names to the file en/release-notes.dbk. If your name or the name of your favourite contributor is not yet in, please just patch the file. If the existing information is inaccurate, patch it. Maybe we can also remove some names, which do not apply to the current state anymore. 1. Too many bug reports open, missing tests, deadlines There are a lot of open bug reports against the release notes, with moreinfo and help tags set. It would be cool, if some people would help to close them. We also need to do etch2lenny upgrades and fresh installs using the release notes to find errors and omissions in the document. Which leads to the question of final deadlines: How about setting the deadline for English to Sunday, 2009-02-08 23:59 UTC, for translations to Thursday, 2009-02-12 23:59 UTC? This would leave one day until the planned release. (Note, that some obsolete parts are marked fixme. Don't worry: Everything marked fixme will automatically left out, when unsetting draft in the Makefile. I hope.) 2. Hyphenation with dblatex Jan Hauke pointet out (#513529), that some English words, such as aptitude, should not be hyphenated in (e.g.) German, or at least not like common German words. For all dblatex languages, I added a hyphenation.tex file to the respective directories. If you find bad hyphenation in the release notes, try adding the correct hyphenation to this file. I hope, that this will work. If you have a better (= cleaner) solution to the problem, please let me now. (I don't know anything about hyphenation with xmlroff, btw.) 3. Size of PDFs with xmlroff on etch When you build the lenny release notes on etch, even with the xmlroff backport from lenny, I got Huge PDFs for some languages. I assume, that we need a backport of libcairo2 to get reasonable sized PDFs or just build on a lenny machine. The PDF for ml is 69× bigger when build on etch, zh_CN still 6.7× bigger! We need to fix this or change the Makefile: -DISABLED_PDF= +DISABLED_PDF=cs ja ml pl ro ru vi zh_CN zh_TW Anybody up for libcairo2 backport to etch? 4. Compilation time with dblatex on etch When you build the lenny release notes on etch, even with the dblatex backport from lenny, I experienced that it compiles 6.5× times slower than the same version on lenny. Is it my broken etch setup? Is it the older Python? Another reason to build on lenny, if it were possible... Cheers! -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: unblock hint for apt 0.7.20.1?
Luk Claes wrote: Eugene V. Lyubimkin wrote: Hello release team! Apt 0.7.20.1 had to be propagated to testing yesterday or today, there was an unblock hint already. However, as I just seen, unblock request has outdated version number (0.7.16 somewhy). Can you insert the right version number? 0.7.20.1 contains translation update and a fix for regression bug. Hope it qualifies for an unblock before the the just announced deep freeze. Excuse me for your time otherwise. 0.7.20 is already in testing, unblocked. Ehm... My query was about 0.7.20._1_. -- Eugene V. Lyubimkin aka JackYF, JID: jackyf.devel(maildog)gmail.com Ukrainian C++ Developer, Debian Maintainer, APT contributor signature.asc Description: OpenPGP digital signature
Re: [Pkg-clamav-devel] The future of clamav wrt. stable/volatile
Michael Tautschnig wrote: There is just a slightly archive-specific problem: A package in main must not depend on something outside main (at least so I guess, I couldn't find the docs stating this rightaway). We'd thus need some clamav package in main, and not only in volatile. Which more or less is the situation we have today. Mmmmk, then forget what i've said. It indeed doesn't make much sense anymore. To me, the approach of moving clamav + all its rdepends to volatile really looks like the only option. Yeah, I agree. -acab -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: unblock hint for apt 0.7.20.1?
Eugene V. Lyubimkin jackyf.de...@gmail.com (02/02/2009): Apt 0.7.20.1 had to be propagated to testing yesterday or today, there was an unblock hint already. However, as I just seen, unblock request has outdated version number (0.7.16 somewhy). Can you ^^ insert the right version number? 0.7.20.1 contains translation update and a fix for regression bug. Hope it qualifies for an unblock before the the just announced deep freeze. Excuse me for your time otherwise. 0.7.20 is already in testing, unblocked. ^^ Ehm... My query was about 0.7.20._1_. = not such a big diff. Look at “grep-excuses apt”'s output. Mraw, KiBi. signature.asc Description: Digital signature
please remove etoken before release
Hi guys, debian still includes a software called etoken. that software is buggy, does not work properly (or at all?) and trying to use it can damage your hardware. so please be so kind and remove it? I'm the author of it, and I replaced it with some new open source project about 7 years ago, and even that one got replaced many years ago with another open source project: openct. part of debian for ages and working well. For reference: in debian the source is called etoken, the binary is called libetoken, and the upstream web page is http://etoken.sourceforge.net/ Thanks, Andreas -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Security fixes in moodle-1.8.2.dfsg-3 (please unblock)
(Please CC me on your replies, thanks!)
Hello,
Moodle 1.8.8 was recently released and it fixes a number of security issues
which are present in the current lenny moodle package.
Attached is a debdiff of the -2 (in lenny) against -3. It fixes all of these
vulnerabilities:
* Delete unused (but vulnerable) Spellchecker plugin to htmlarea
(MSA-09-0005, CVE-2008-5153)
* Hide images of deleted users (MSA-09-0001)
* Fix user pix disclosure (MSA-09-0002)
* Fix XSS vulnerabilities in HTML blocks (MSA-09-0004)
* Fix XSS vulnerabilities in logs (MSA-09-0007)
* Fix CSRF vulnerability in forum code (MSA-09-0008)
After talking to the testing security team, I have uploaded this package to
unstable with the hope that it will be unblocked for lenny.
Cheers,
Francois
diff -u moodle-1.8.2.dfsg/debian/rules moodle-1.8.2.dfsg/debian/rules
--- moodle-1.8.2.dfsg/debian/rules
+++ moodle-1.8.2.dfsg/debian/rules
@@ -59,6 +59,7 @@
rm -f debian/moodle/usr/share/moodle/admin/delete.php
rm -f debian/moodle/usr/share/moodle/mod/wiki/ewiki/fragments/mkhuge
rm -f debian/moodle/usr/share/moodle/search/.cvsignore
+ rm -rf debian/moodle/usr/share/moodle/lib/editor/htmlarea/plugins/SpellChecker
rm -rf debian/moodle/usr/share/moodle/lib/smarty
rm -rf debian/moodle/usr/share/moodle/lib/yui
diff -u moodle-1.8.2.dfsg/debian/changelog moodle-1.8.2.dfsg/debian/changelog
--- moodle-1.8.2.dfsg/debian/changelog
+++ moodle-1.8.2.dfsg/debian/changelog
@@ -1,3 +1,15 @@
+moodle (1.8.2.dfsg-3) unstable; urgency=high
+
+ * Delete unused (but vulnerable) Spellchecker plugin to htmlarea
+(MSA-09-0005, CVE-2008-5153)
+ * Hide images of deleted users (MSA-09-0001)
+ * Fix user pix disclosure (MSA-09-0002)
+ * Fix XSS vulnerabilities in HTML blocks (MSA-09-0004)
+ * Fix XSS vulnerabilities in logs (MSA-09-0007)
+ * Fix CSRF vulnerability in forum code (MSA-09-0008)
+
+ -- Francois Marier franc...@debian.org Mon, 02 Feb 2009 19:09:10 +1300
+
moodle (1.8.2.dfsg-2) unstable; urgency=high
[ Dan Poltawski ]
diff -u moodle-1.8.2.dfsg/debian/patches/00list moodle-1.8.2.dfsg/debian/patches/00list
--- moodle-1.8.2.dfsg/debian/patches/00list
+++ moodle-1.8.2.dfsg/debian/patches/00list
@@ -2,0 +3,5 @@
+msa090001.dpatch
+msa090002.dpatch
+msa090004.dpatch
+msa090007.dpatch
+msa090008.dpatch
only in patch2:
unchanged:
--- moodle-1.8.2.dfsg.orig/debian/patches/msa090004.dpatch
+++ moodle-1.8.2.dfsg/debian/patches/msa090004.dpatch
@@ -0,0 +1,62 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## msa090004.dpatch by Francois Marier franc...@debian.org
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: html block: proper cleanup of html
+
+...@dpatch@
+diff --git a/blocks/html/block_html.php b/blocks/html/block_html.php
+index ff53961..7099a43 100755
+--- a/blocks/html/block_html.php
b/blocks/html/block_html.php
+@@ -12,7 +12,7 @@ class block_html extends block_base {
+ }
+
+ function specialization() {
+-$this-title = isset($this-config-title) ? $this-config-title : get_string('newhtmlblock', 'block_html');
++$this-title = isset($this-config-title) ? format_string($this-config-title) : get_string('newhtmlblock', 'block_html');
+ }
+
+ function instance_allow_multiple() {
+@@ -24,8 +24,13 @@ class block_html extends block_base {
+ return $this-content;
+ }
+
+-$filteropt = new stdClass;
+-$filteropt-noclean = true;
++if (!empty($this-instance-pinned) or $this-instance-pagetype === 'course-view') {
++// fancy html allowed only on course page and in pinned blocks for security reasons
++$filteropt = new stdClass;
++$filteropt-noclean = true;
++} else {
++$filteropt = null;
++}
+
+ $this-content = new stdClass;
+ $this-content-text = isset($this-config-text) ? format_text($this-config-text, FORMAT_HTML, $filteropt) : '';
+diff --git a/blocks/html/config_instance.html b/blocks/html/config_instance.html
+index 8138488..ae2d460 100755
+--- a/blocks/html/config_instance.html
b/blocks/html/config_instance.html
+@@ -1,4 +1,11 @@
+-?php $usehtmleditor = can_use_html_editor(); ?
++?php
++$usehtmleditor = can_use_html_editor();
++
++$text = isset($this-config-text) ? $this-config-text : '';
++if (empty($this-instance-pinned) and $this-instance-pagetype !== 'course-view') {
++$text = clean_text($text, FORMAT_HTML);
++}
++?
+ table cellpadding=9 cellspacing=0
+ tr valign=top
+ td align=right?php print_string('configtitle', 'block_html'); ?:/td
+@@ -6,7 +13,7 @@
+ /tr
+ tr valign=top
+ td align=right?php print_string('configcontent', 'block_html'); ?:/td
+-td?php print_textarea($usehtmleditor, 25, 50, 0, 0, 'text', isset($this-config-text)?$this-config-text:'') ?/td
++td?php print_textarea($usehtmleditor, 25, 50, 0, 0, 'text', $text) ?/td
+ /tr
+ tr
+ td colspan=3 align=center
only in patch2:
unchanged:
---
Re: [Fwd: Please unblock dtc 0.29.16-1]
Luk Claes wrote: Thomas Goirand wrote: The stable release of this package has some bugfixes and needs to be uploaded to Lenny: * New spanish debian template translation thanks to Francisco Javier Cuadrado fcocuadr...@gmail.com (Closes: #510468) * Backported a MySQL insertion security fix from the Git version (issue was when using the add service function once you already have an account). At least this fix doesn't seem to be in 0.29.16-1 currently in unstable. Cheers Luk Correct, I did a mistake with Git when doing the release (pushed the changes to the public repo AFTER I did the release). Version 0.29.17-1 fixes it, and has urgency=high. Sorry that I couldn't make it more early, I was in business trip in Europe for a while and just came back home (in Shanghai). Anyway, please migrate version 0.29.17-1 to Lenny asap. Thomas P.S: Since the deepfreeze occured, is it now too late for translation updates (debconf) of my other packages? I just received some .po for Swedish and Spanish... -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: [Fwd: Please unblock dtc 0.29.16-1]
Thomas Goirand wrote: Luk Claes wrote: Thomas Goirand wrote: The stable release of this package has some bugfixes and needs to be uploaded to Lenny: * New spanish debian template translation thanks to Francisco Javier Cuadrado fcocuadr...@gmail.com (Closes: #510468) * Backported a MySQL insertion security fix from the Git version (issue was when using the add service function once you already have an account). At least this fix doesn't seem to be in 0.29.16-1 currently in unstable. Cheers Luk Correct, I did a mistake with Git when doing the release (pushed the changes to the public repo AFTER I did the release). Version 0.29.17-1 fixes it, and has urgency=high. Sorry that I couldn't make it more early, I was in business trip in Europe for a while and just came back home (in Shanghai). Anyway, please migrate version 0.29.17-1 to Lenny asap. unblocked P.S: Since the deepfreeze occured, is it now too late for translation updates (debconf) of my other packages? I just received some .po for Swedish and Spanish... Yes, I'm afraid so. Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Review of crip 3.7-3+etch1
Ryan Niebur wrote: can you unblock 3.7-6 into testing? unblocked Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: please unblock mnogosearch
Torsten Werner wrote: Hi, version 3.3.7-3 fixes the RC bug http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512569. The patch can be found in the bug report. unblocked Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Rebuild kipi-plugins against libkdcraw4
David wrote: kipi-plugins depends on libkdcraw3, which is missing from sid in most architectures. binNMUs scheduled Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: please unblock gnutls26/2.4.2-5
Thijs Kinkhorst wrote: Hi, Please unblock gnutls26/2.4.2-5 (and probably bump its urgency to be in time). It fixes release critical bug #509593. I've explained in the bug log why I think this should indeed be fixed before the release: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509593#37 but to summarise: the problem is that there are major CA's with a V1 cert in their chain, and the problem is not it being disabled by default but the inability to enable it back for those that need to work with these certificates, thus making it completely impossible to use gnutls-enabled services with such a chain. unblocked Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Freeze exception for yaws 1.77-3
Sergei Golovan wrote: Hi! Please, unblock Yet Another Web Server yaws 1.77-3 which fixes two bugs: 1) yaws package refused to install if hostname wasn't set correctly. 2) yaws package refused to upgrade if it was installed together with some of its companion packages (e.g. yaws-yapp). unblocked cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Security fixes in moodle-1.8.2.dfsg-3 (please unblock)
Francois Marier wrote: (Please CC me on your replies, thanks!) Hello, Moodle 1.8.8 was recently released and it fixes a number of security issues which are present in the current lenny moodle package. Attached is a debdiff of the -2 (in lenny) against -3. It fixes all of these vulnerabilities: * Delete unused (but vulnerable) Spellchecker plugin to htmlarea (MSA-09-0005, CVE-2008-5153) * Hide images of deleted users (MSA-09-0001) * Fix user pix disclosure (MSA-09-0002) * Fix XSS vulnerabilities in HTML blocks (MSA-09-0004) * Fix XSS vulnerabilities in logs (MSA-09-0007) * Fix CSRF vulnerability in forum code (MSA-09-0008) After talking to the testing security team, I have uploaded this package to unstable with the hope that it will be unblocked for lenny. unblocked Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
