Bug#685456: Freeze exception for kde-gtk-config
Le dimanche, 26 août 2012 13.02:04, Boris Pek a écrit : we would normally not accept new packages into testing, but that one seems a bit special. If I parse it properly, it was previously available in squeeze, from the src:gtk-qt-engine package, but it has now moved to a dedicated source package? Yes, binary package kde-config-gtk-style in Squeeze was built from source package kcm-gtk. Wrong. It was built from source package gtk-qt-engine indeed. kcm-gtk was introduced in unstable later as the result of the split of gtk-qt-engine by Ubuntu and didn't introduce code changes. This new kde-gtk-config is a rewrite of kcm-gtk for GTK3 and takes over where kcm-gtk was left (no updates, no plan to support GTK3). And package src:kde-gtk-config is not new. It was uploaded to unstable before freeze. But new bug report prevented its automatic migration to testing. Yes. This created a new problem though: as kde-gtk-config replaced kcm-gtk's binaries (on purpose), kcm-gtk also got removed from Wheezy, breaking the upgrade path of gtk-qt-engine from Squeeze. IMHO, one of kcm-gtk or kde-gtk- config has to enter Wheezy to permit an upgrade path for this tool. Anyway, get back to us once the package is no longer RC buggy. But I can't upload package into unstable until this is not allowed by release team. Don't you think this is a closed circle? Given the current situation (and sorry for the time it took), I will review and upload 2.1-1 to fix the remaining RC bug really soon now. OdyX -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201209050820.29186.o...@debian.org
Bug#681414: marked as done (unblock: libpng/1.2.49-2)
Your message dated Wed, 5 Sep 2012 19:42:17 +1000 with message-id 20120905094217.ga3...@master.debian.org and subject line Re: Bug#681414: unblock: libpng/1.2.49-2 has caused the Debian Bug report #681414, regarding unblock: libpng/1.2.49-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 681414: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681414 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: freeze-exception unblock libpng/1.2.49-2 Please unblock libpng (with udeb binary package). Upstream released libpng 1.2.50 to fix CVE-2012-3386 recently. I extracted the relevant change. The debdiff is below. debdiff libpng_1.2.49-1.dsc libpng_1.2.49-2.dsc diff -Nru libpng-1.2.49/debian/changelog libpng-1.2.49/debian/changelog --- libpng-1.2.49/debian/changelog 2012-04-09 12:14:09.0 +1000 +++ libpng-1.2.49/debian/changelog 2012-07-13 12:33:03.0 +1000 @@ -1,3 +1,11 @@ +libpng (1.2.49-2) unstable; urgency=high + + * Change a+w to u+w in Makefile.in to fix CVE-2012-3386 +Add 02-681408-CVE-2012-3386-Makefile.in.patch +Closes: #681408 + + -- Anibal Monsalve Salazar ani...@debian.org Fri, 13 Jul 2012 12:31:39 +1000 + libpng (1.2.49-1) unstable; urgency=high * New upstream version 1.2.49 diff -Nru libpng-1.2.49/debian/patches/02-681408-CVE-2012-3386-Makefile.in.patch libpng-1.2.49/debian/patches/02-681408-CVE-2012-3386-Makefile.in.patch --- libpng-1.2.49/debian/patches/02-681408-CVE-2012-3386-Makefile.in.patch 1970-01-01 10:00:00.0 +1000 +++ libpng-1.2.49/debian/patches/02-681408-CVE-2012-3386-Makefile.in.patch 2012-07-13 12:30:58.0 +1000 @@ -0,0 +1,18 @@ +http://bugs.debian.org/681408 +http://security-tracker.debian.org/tracker/CVE-2012-3386 +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3386 + +Change a+w to u+w in Makefile.in to fix CVE-2012-3386 + +diff -urNp libpng-1.2.49/Makefile.in libpng-1.2.50/Makefile.in +--- a/Makefile.in 2012-03-29 15:47:09.0 +1100 b/Makefile.in 2012-07-10 10:37:13.0 +1000 +@@ -1146,7 +1146,7 @@ distcheck: dist + *.zip*) \ + unzip $(distdir).zip ;;\ + esac +- chmod -R a-w $(distdir); chmod a+w $(distdir) ++ chmod -R a-w $(distdir); chmod u+w $(distdir) + mkdir $(distdir)/_build + mkdir $(distdir)/_inst + chmod a-w $(distdir) diff -Nru libpng-1.2.49/debian/patches/series libpng-1.2.49/debian/patches/series --- libpng-1.2.49/debian/patches/series 2012-04-09 12:07:32.0 +1000 +++ libpng-1.2.49/debian/patches/series 2012-07-13 12:33:17.0 +1000 @@ -1 +1,2 @@ 01-legacy.patch +02-681408-CVE-2012-3386-Makefile.in.patch ---End Message--- ---BeginMessage--- On Wed, Aug 22, 2012 at 09:14:07PM +0200, Cyril Brulebois wrote: Last time I looked into this, it appeared to me we really shouldn't care. Nothing calls make dist, so??? ??? -done@? done---End Message---
Bug#686755: unblock: nautilus-dropbox/1.4.0-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package nautilus-dropbox It's a new upstream version but it introduces no code changes. However I added some supplementary Debian-specific changes which I'd like to see in the stable release as they are meant to simplify my life when user report bugs about the package. And I also added support to forward https_proxy over the pkexec call (which drops environment variables) and this can fix download issues for a small fraction of the users. The package is in non-free so you have nothing to worry about. It will never become a release blocker since it's not part of Debian. unblock nautilus-dropbox/1.4.0-2 Thank you in advance! -- System Information: Debian Release: wheezy/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (150, 'experimental') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 3.4-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120905102840.4761.18932.reportbug@rivendell.localdomain
Re: Comments regarding libcitadel_8.14-1_amd64.changes
On Tue, Sep 04, 2012 at 08:26:33PM +0100, Adam D. Barratt wrote: Apparently someone is me. :-) :) Build-Depends: debhelper (= 7.0.50~), po-debconf, bison, autotools-dev, libdb-dev, libexpat1-dev, libical-dev (=0.43), libldap2-dev, libncurses5-dev, - libpam0g-dev, libsieve2-dev, libssl-dev, libcitadel-dev (= 8.11), - libcurl4-openssl-dev | libcurl3-openssl-dev, zlib1g-dev, libev-dev (= 4.0), libc-ares-dev (= 1.7.2) + libpam0g-dev, libsieve2-dev, libssl-dev, libcitadel-dev (= 8.14), + libcurl4-openssl-dev ( 7.25), zlib1g-dev, libev-dev (= 4.0), libc-ares-dev (= 1.7.2) The libcurl change there doesn't appear to be mentioned in the changelog. Hmm, no idea why, probably an oversight. Do you want a new upload for that? Updating webcit introduces new bugs: #682651 You might want to fix that. :-) Sure. :) Michael -- Michael Meskes Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org) Michael at BorussiaFan dot De, Meskes at (Debian|Postgresql) dot Org Jabber: michael.meskes at gmail dot com VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120905104504.gc17...@feivel.credativ.lan
Bug#686757: unblock: zgv/5.9-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: k...@debian.org Dear release team, Please unblock package zgv version 5.9-5. Some time ago I asked for a freeze exception [1] and received optimistic reply [2]. Yesterday this package was checked and uploaded to unstable [3]. I believe it can be updated in Wheezy. But there will be no problem if package is not approved in Wheezy. Just it will wait Jessie. Best regards, Boris [1] https://lists.debian.org/debian-release/2012/07/msg00311.html [2] https://lists.debian.org/debian-release/2012/07/msg00952.html [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679594#10 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/527611346842...@web13g.yandex.ru
Re: Comments regarding libcitadel_8.14-1_amd64.changes
On 05.09.2012 11:45, Michael Meskes wrote: On Tue, Sep 04, 2012 at 08:26:33PM +0100, Adam D. Barratt wrote: Build-Depends: debhelper (= 7.0.50~), po-debconf, bison, autotools-dev, libdb-dev, libexpat1-dev, libical-dev (=0.43), libldap2-dev, libncurses5-dev, - libpam0g-dev, libsieve2-dev, libssl-dev, libcitadel-dev (= 8.11), - libcurl4-openssl-dev | libcurl3-openssl-dev, zlib1g-dev, libev-dev (= 4.0), libc-ares-dev (= 1.7.2) + libpam0g-dev, libsieve2-dev, libssl-dev, libcitadel-dev (= 8.14), + libcurl4-openssl-dev ( 7.25), zlib1g-dev, libev-dev (= 4.0), libc-ares-dev (= 1.7.2) The libcurl change there doesn't appear to be mentioned in the changelog. Hmm, no idea why, probably an oversight. Do you want a new upload for that? Not unless something else comes up. I'm guessing the version restriction is for CURLOPT_SSL_OPTIONS or the BEAST stuff? Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/b8d797bfe149d18d05625ec7a1e4b...@mail.adsl.funky-badger.org
Bug#683142: unblock: bdii/5.2.12-1
fre 2012-08-31 klockan 14:01 +0200 skrev Niels Thykier: I believe the RC bug fix on 5.2.5-2 should be reasonable sane and lets take that as a starting point. ~Niels bdii_5.2.5-2+wheezy1 was uploaded to testing-proposed-updates. Mattias smime.p7s Description: S/MIME cryptographic signature
Bug#686763: unblock: moin/1.9.4-8
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package moin; security fix for CVE-2012-4404. debdiff attached. unblock moin/1.9.4-8 -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru moin-1.9.4/debian/changelog moin-1.9.4/debian/changelog --- moin-1.9.4/debian/changelog 2012-08-10 14:31:06.0 +0100 +++ moin-1.9.4/debian/changelog 2012-09-05 01:57:33.0 +0100 @@ -1,3 +1,11 @@ +moin (1.9.4-8) unstable; urgency=high + + * High urgency for a security fix + * Add patch from upstream to fix a virtual group bug in ACL evaluation +(CVE-2012-). + + -- Steve McIntyre 93...@debian.org Wed, 05 Sep 2012 01:57:30 +0100 + moin (1.9.4-7) unstable; urgency=low * subprocess.check_output only appeared in python 2.7. Use diff -Nru moin-1.9.4/debian/patches/CVE-2012-XXX-virtual-group-ACL.patch moin-1.9.4/debian/patches/CVE-2012-XXX-virtual-group-ACL.patch --- moin-1.9.4/debian/patches/CVE-2012-XXX-virtual-group-ACL.patch 1970-01-01 01:00:00.0 +0100 +++ moin-1.9.4/debian/patches/CVE-2012-XXX-virtual-group-ACL.patch 2012-09-05 01:58:10.0 +0100 @@ -0,0 +1,136 @@ + +# HG changeset patch +# User Thomas Waldmann tw AT waldmann-edv DOT de +# Date 1346679035 -7200 +# Node ID 7b9f39289e16b37344480025f191d8b64480c834 +# Parent 0e58d9bcd3bd8ab3a89506d66bc0c8df85c16d2c +security fix: fix virtual group bug in ACL evaluation, add a test for it + +affected moin releases: all 1.9 releases up to and including 1.9.4 + +moin releases 1.9 are NOT affected. + +You can find out the moin version by looking at SystemInfo page or at the +output of SystemInfo macro. + +Issue description: + +We have code that checks whether a group has special members All or Known +or Trusted, but there was a bug that checked whether these are present in +the group NAME (not, as intended, in the group MEMBERS). + +a) If you have group MEMBERS like All or Known or Trusted, they did not +work until now, but will start working with this changeset. + +E.g. SomeGroup: + * JoeDoe + * Trusted + +SomeGroup will now (correctly) include JoeDoe and also all trusted users. + +It (erroneously) contained only JoeDoe and Trusted (as a username, not +as a virtual group) before. + +b) If you have group NAMES containing All or Known or Trusted, they behaved +wrong until now (they erroneously included All/Known/Trusted users even if +you did not list them as members), but will start working correctly with this +changeset. + +E.g. AllFriendsGroup: + * JoeDoe + +AllFriendsGroup will now (correctly) include only JoeDoe. +It (erroneously) contained all users (including JoeDoe) before. + +E.g. MyTrustedFriendsGroup: + * JoeDoe + +MyTrustedFriendsGroup will now (correctly) include only JoeDoe. +It (erroneously) contained all trusted users and JoeDoe before. + +diff -r 0e58d9bcd3bd -r 7b9f39289e16 MoinMoin/security/__init__.py +--- a/MoinMoin/security/__init__.py Fri Aug 03 17:36:02 2012 +0200 b/MoinMoin/security/__init__.py Mon Sep 03 15:30:35 2012 +0200 +@@ -320,11 +320,12 @@ + handler = getattr(self, _special_+entry, None) + allowed = handler(request, name, dowhat, rightsdict) + elif entry in groups: +-if name in groups[entry]: ++this_group = groups[entry] ++if name in this_group: + allowed = rightsdict.get(dowhat) + else: + for special in self.special_users: +-if special in entry: ++if special in this_group: + handler = getattr(self, _special_ + special, None) + allowed = handler(request, name, dowhat, rightsdict) + break # order of self.special_users is important +diff -r 0e58d9bcd3bd -r 7b9f39289e16 MoinMoin/security/_tests/test_security.py +--- a/MoinMoin/security/_tests/test_security.py Fri Aug 03 17:36:02 2012 +0200 b/MoinMoin/security/_tests/test_security.py Mon Sep 03 15:30:35 2012 +0200 +@@ -16,10 +16,11 @@ + acliter = security.ACLStringIterator + AccessControlList = security.AccessControlList + ++from MoinMoin.datastruct import ConfigGroups + from MoinMoin.PageEditor import PageEditor + from MoinMoin.user import User + +-from MoinMoin._tests import become_trusted, create_page, nuke_page ++from MoinMoin._tests import wikiconfig, become_trusted, create_page, nuke_page + + class TestACLStringIterator(object): + +@@ -248,6 +249,50 @@ + assert not acl.may(self.request, user, right) + + ++class TestGroupACL(object): ++ ++class Config(wikiconfig.Config): ++def groups(self, request): ++groups = { ++
Bug#686755: unblock: nautilus-dropbox/1.4.0-2
On Wed, 05 Sep 2012, Raphaël Hertzog wrote: Please unblock package nautilus-dropbox I forgot the debdiff. It's attached. Cheers, -- Raphaël Hertzog ◈ Debian Developer Get the Debian Administrator's Handbook: → http://debian-handbook.info/get/ diff -Nru nautilus-dropbox-0.7.1/configure nautilus-dropbox-1.4.0/configure --- nautilus-dropbox-0.7.1/configure2011-11-11 22:14:00.0 +0100 +++ nautilus-dropbox-1.4.0/configure2012-04-26 05:37:09.0 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.64 for nautilus-dropbox 0.7.1. +# Generated by GNU Autoconf 2.64 for nautilus-dropbox 1.4.0. # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, # 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software @@ -695,8 +695,8 @@ # Identity of this package. PACKAGE_NAME='nautilus-dropbox' PACKAGE_TARNAME='nautilus-dropbox' -PACKAGE_VERSION='0.7.1' -PACKAGE_STRING='nautilus-dropbox 0.7.1' +PACKAGE_VERSION='1.4.0' +PACKAGE_STRING='nautilus-dropbox 1.4.0' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1426,7 +1426,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat _ACEOF -\`configure' configures nautilus-dropbox 0.7.1 to adapt to many kinds of systems. +\`configure' configures nautilus-dropbox 1.4.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1497,7 +1497,7 @@ if test -n $ac_init_help; then case $ac_init_help in - short | recursive ) echo Configuration of nautilus-dropbox 0.7.1:;; + short | recursive ) echo Configuration of nautilus-dropbox 1.4.0:;; esac cat \_ACEOF @@ -1606,7 +1606,7 @@ test -n $ac_init_help exit $ac_status if $ac_init_version; then cat \_ACEOF -nautilus-dropbox configure 0.7.1 +nautilus-dropbox configure 1.4.0 generated by GNU Autoconf 2.64 Copyright (C) 2009 Free Software Foundation, Inc. @@ -1884,7 +1884,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by nautilus-dropbox $as_me 0.7.1, which was +It was created by nautilus-dropbox $as_me 1.4.0, which was generated by GNU Autoconf 2.64. Invocation command line was $ $0 $@ @@ -2693,7 +2693,7 @@ # Define the identity of the package. PACKAGE=nautilus-dropbox - VERSION=0.7.1 + VERSION=1.4.0 cat confdefs.h _ACEOF @@ -11466,7 +11466,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log= -This file was extended by nautilus-dropbox $as_me 0.7.1, which was +This file was extended by nautilus-dropbox $as_me 1.4.0, which was generated by GNU Autoconf 2.64. Invocation command line was CONFIG_FILES= $CONFIG_FILES @@ -11530,7 +11530,7 @@ _ACEOF cat $CONFIG_STATUS _ACEOF || ac_write_fail=1 ac_cs_version=\\ -nautilus-dropbox config.status 0.7.1 +nautilus-dropbox config.status 1.4.0 configured by $0, generated by GNU Autoconf 2.64, with options \\`$as_echo $ac_configure_args | sed 's/^ //; s/[\\\`\$]//g'`\\ diff -Nru nautilus-dropbox-0.7.1/configure.in nautilus-dropbox-1.4.0/configure.in --- nautilus-dropbox-0.7.1/configure.in 2011-11-11 22:13:56.0 +0100 +++ nautilus-dropbox-1.4.0/configure.in 2012-04-26 05:12:50.0 +0200 @@ -1,6 +1,6 @@ # Initialization -AC_INIT([nautilus-dropbox],0.7.1) +AC_INIT([nautilus-dropbox],1.4.0) AM_INIT_AUTOMAKE(AC_PACKAGE_NAME, AC_PACKAGE_VERSION) diff -Nru nautilus-dropbox-0.7.1/debian/changelog nautilus-dropbox-1.4.0/debian/changelog --- nautilus-dropbox-0.7.1/debian/changelog 2011-12-28 12:38:52.0 +0100 +++ nautilus-dropbox-1.4.0/debian/changelog 2012-08-12 15:43:16.0 +0200 @@ -1,3 +1,23 @@ +nautilus-dropbox (1.4.0-2) unstable; urgency=low + + * Update add-http-proxy-option.patch and use-pkexec-to-get-root- +rights.patch to support and handle --https-proxy option too. Dropbox +now redirects the download URL to an https URL so it might be needed +to get the download working in some situations. + * Add display-error-string-when-download-failed.patch to provide more +information when the download failed. It makes it easier to respond +to user support requests. + + -- Raphaël Hertzog hert...@debian.org Sun, 12 Aug 2012 15:40:00 +0200 + +nautilus-dropbox (1.4.0-1) unstable; urgency=low + + * New upstream release (without any change... just to increase +the version number above the version that was in Ubuntu LTS). + * Update Standards-Version to 3.9.3 (no change needed). + + -- Raphaël Hertzog hert...@debian.org Mon, 09 Jul 2012 09:49:31 +0200 + nautilus-dropbox (0.7.1-2) unstable; urgency=low * Update watch file to cope with changes on the dropbox website. diff -Nru nautilus-dropbox-0.7.1/debian/control nautilus-dropbox-1.4.0/debian/control ---
Bug#682583: pu: package nss-pam-ldapd/0.7.15+squeeze2
Hi Stable Release Team On Mon, Jul 23, 2012 at 11:50:15PM +0200, Arthur de Jong wrote: I would like to upload a new release of nss-pam-ldapd for squeeze that fixes a few bugs. The fixes below (apart from the first one) should all be very straightforward. I'm really interested seeing these updates (and in particular the one affecting us) going into a next stable point release. Is there a chance to get them for the next one? Regards, Salvatore signature.asc Description: Digital signature
Bug#686768: unblock: mysql-5.5/5.5.24+dfsg-8
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package mysql-5.5 Slovak debconf translation and corrections to debian/copyright. unblock mysql-5.5/5.5.24+dfsg-8 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 3.2.0-1-686-pae (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120905132800.12066.1878.reportbug@beaumont.periapt
Bug#686768: Acknowledgement (unblock: mysql-5.5/5.5.24+dfsg-8)
Forgot the diff. Sorry. Attahced. diff -Nru mysql-5.5-5.5.24+dfsg/debian/changelog mysql-5.5-5.5.24+dfsg/debian/changelog --- mysql-5.5-5.5.24+dfsg/debian/changelog 2012-08-11 21:02:35.0 +0100 +++ mysql-5.5-5.5.24+dfsg/debian/changelog 2012-09-04 06:56:28.0 +0100 @@ -1,3 +1,17 @@ +mysql-5.5 (5.5.24+dfsg-8) unstable; urgency=low + + * Updated debian/copyright after analysis from development version +of license-reconcile (Closes: #682311) +- 'Comments' field to corrected to 'Comment' +- Missing paragraphs for '*', 'debian/*' and for the mysqlreport + and innotop scripts +- Removed duplicate entries from Files listings +- Added clause for files licensed under BSD (4-clause) +- Clarified 'BSD (3 clause) GPL-2' as being 'BSD (3 clause) or GPL-2' + * Updated Slovak debconf translation (Closes: #684644) + + -- Nicholas Bamber nicho...@periapt.co.uk Tue, 04 Sep 2012 06:56:24 +0100 + mysql-5.5 (5.5.24+dfsg-7) unstable; urgency=low * Updated Turkish debconf translation (Closes: #683733) diff -Nru mysql-5.5-5.5.24+dfsg/debian/copyright mysql-5.5-5.5.24+dfsg/debian/copyright --- mysql-5.5-5.5.24+dfsg/debian/copyright 2012-07-17 15:17:33.0 +0100 +++ mysql-5.5-5.5.24+dfsg/debian/copyright 2012-09-03 07:31:02.0 +0100 @@ -2,14 +2,16 @@ Upstream-Name: MySQL 5.5 Upstream-Contact: http://bugs.mysql.com/ Source: http://dev.mysql.com/downloads/mysql/5.5.html -Comments: +Comment: The file Docs/mysql.info is removed from the upstream source because it is incompatible with the Debian Free Software Guidelines. See debian/README.source for how this repacking was done. . Originally produced by a modified version of licensecheck2dep5 from CDBS by Clint Byrum cl...@ubuntu.com. Hand modified to reduce - redundancy in the output and add appropriate license text. + redundancy in the output and add appropriate license text. The file + has been rechecked against the source using the development version + of license-reconcile, see #686485. . Also, MySQL carries the FOSS License Exception specified in README . @@ -124,6 +126,37 @@ The above text is subject to this copyright notice: © 2010, Oracle and/or its affiliates. +Files: * +Copyright: 2000, 2012, Oracle and/or its affiliates. All rights reserved. +License: GPL-2 + +Files: debian/* +Copyright: + 1997-1998, Scott Hanson shan...@debian.org + 1997, Christian Schwarz schw...@debian.org + 1999-2007, 2009, Christian Hammers c...@debian.org + 2000-2001, Christopher C. Chimelis ch...@debian.org + 2001, Matthew Wilcox wi...@debian.org + 2005-2007, sean finney sean...@debian.org + 2006, Adam Conrad adcon...@0c3.net + 2007-2011, Norbert Tretkowski norb...@tretkowski.de + 2007-2008, Monty Taylor mord...@inaugust.com + 2008, Devin Carraway de...@debian.org + 2008, Steffen Joeris wh...@debian.org + 2010, Xavier Oswald xosw...@debian.org + 2011, Clint Byrum cl...@ubuntu.com + 2011, Ondřej Surý ond...@debian.org + 2012, Nicholas Bamber nicho...@periapt.co.uk +License: GPL-2+ + +Files: debian/additions/mysqlreport* +Copyright: 2006-2008, Daniel Nichter pub...@codenode.com +License: GPL-2+ + +Files: debian/additions/innotop/* +Copyright: 2006, Baron Schwartz baron at xaprb dot com +License: Artistic or GPL-2 + Files: cmd-line-utils/libedit/config.h dbug/example1.c dbug/example2.c @@ -177,7 +210,6 @@ libmysqld/* libservices/* mysql-test/include/have_perfschema.inc - mysql-test/include/have_perfschema.inc mysql-test/lib/mtr_cases.pm mysql-test/lib/mtr_gcov.pl mysql-test/lib/mtr_gprof.pl @@ -189,7 +221,6 @@ mysql-test/lib/mtr_results.pm mysql-test/lib/mtr_stress.pl mysql-test/lib/mtr_unique.pm - mysql-test/lib/My/ConfigFactory.pm mysql-test/lib/My/Config.pm mysql-test/lib/My/CoreDump.pm mysql-test/lib/My/File/* @@ -198,7 +229,6 @@ mysql-test/lib/My/Options.pm mysql-test/lib/My/Platform.pm mysql-test/lib/My/SafeProcess/Base.pm - mysql-test/lib/My/SafeProcess.pm mysql-test/lib/My/SafeProcess/safe_kill_win.cc mysql-test/lib/My/SafeProcess/safe_process.cc mysql-test/lib/My/SafeProcess/safe_process.pl @@ -219,14 +249,12 @@ mysql-test/lib/v1/mtr_timer.pl mysql-test/lib/v1/mtr_unique.pl mysql-test/lib/v1/My/* - mysql-test/lib/v1/My/* mysql-test/lib/v1/mysql-test-run.pl mysql-test/mysql-stress-test.pl mysql-test/mysql-test-run.pl mysql-test/std_data/* mysql-test/suite/perfschema/include/* mysql-test/suite/perfschema_stress/include/* - mysql-test/suite/perfschema_stress/include/* mysys/* packaging/WiX/ca/* plugin/audit_null/* @@ -269,6 +297,10 @@ Copyright: 1989-1990,1992-1993 The Regents of the University of California. License: BSD (3 clause) +Files: cmd-line-utils/libedit/chartype.* cmd-line-utils/libedit/eln.c +Copyright: 2009, The NetBSD Foundation, Inc. +License: BSD (4 clause) + Files: cmd-line-utils/libedit/filecomplete.c cmd-line-utils/libedit/filecomplete.h cmd-line-utils/libedit/np/fgetln.c @@ -308,18 +340,35
Bug#684591: unblock: chromium-browser/21.0.1180.75~r150248-1
On Sat, Aug 11, 2012 at 04:34:42PM +0200, Giuseppe Iuculano wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package chromium-browser debian/ diff can be found here: http://anonscm.debian.org/gitweb/?p=pkg-chromium/pkg-chromium.git;a=commitdiff;hp=fd04758ced65bfd26779d331ed56d6c84a86c5c5 unblock chromium-browser/21.0.1180.75~r150248-1 An additional remark to this unblock request: In Wheezy Chromium will be supported by rebuilding/backporting the current upstream release in stable-security. This is also what upstream does with it's separate Google Chrome build. Backporting fixes isn't feasible (482 CVE IDs in 2011) and it ensures that there's always an uptodate browser in stable. As such, reviewing the changes between sid and testing is probably a waste of time. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120905155754.gc18...@inutil.org
Bug#686780: unblock: libmojolicious-perl/2.98+dfsg-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package libmojolicious-perl This new version contains a small patch that fixes a nasty bug (#686750) This patch was taken from upstream (and slightly adapted for Wheezy's mojolicious version). Other changes are minor versioned dependency cleanup on debian/control. See enclosed debdiff. All the best unblock libmojolicious-perl/2.98+dfsg-2 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash diff -Nru libmojolicious-perl-2.98+dfsg/debian/changelog libmojolicious-perl-2.98+dfsg/debian/changelog --- libmojolicious-perl-2.98+dfsg/debian/changelog 2012-06-02 19:26:18.0 +0200 +++ libmojolicious-perl-2.98+dfsg/debian/changelog 2012-09-05 17:49:47.0 +0200 @@ -1,3 +1,14 @@ +libmojolicious-perl (2.98+dfsg-2) unstable; urgency=low + + [ gregor herrmann ] + * debian/control: update {versioned,alternative} (build) dependencies. + + [ Dominique Dumont ] + * patch to avoid clobbering $_ (Closes: #686750) + * control: added dod to uploaders + + -- Dominique Dumont d...@debian.org Wed, 05 Sep 2012 17:45:00 +0200 + libmojolicious-perl (2.98+dfsg-1) unstable; urgency=low * New upstream release. diff -Nru libmojolicious-perl-2.98+dfsg/debian/control libmojolicious-perl-2.98+dfsg/debian/control --- libmojolicious-perl-2.98+dfsg/debian/control 2012-06-02 19:26:18.0 +0200 +++ libmojolicious-perl-2.98+dfsg/debian/control 2012-09-05 17:49:47.0 +0200 @@ -1,14 +1,15 @@ Source: libmojolicious-perl -Section: perl -Priority: optional Maintainer: Debian Perl Group pkg-perl-maintain...@lists.alioth.debian.org Uploaders: Jonathan Yu jaw...@cpan.org, - gregor herrmann gre...@debian.org, - Fabrizio Regalli fab...@fabreg.it, - Krzysztof Krzyżaniak (eloy) e...@debian.org, - Angel Abad an...@debian.org + gregor herrmann gre...@debian.org, + Fabrizio Regalli fab...@fabreg.it, + Krzysztof Krzyżaniak (eloy) e...@debian.org, + Angel Abad an...@debian.org, + Dominique Dumont d...@debian.org +Section: perl +Priority: optional Build-Depends: debhelper (= 8) -Build-Depends-Indep: perl (= 5.10.1) +Build-Depends-Indep: perl Standards-Version: 3.9.3 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libmojolicious-perl.git Vcs-Git: git://git.debian.org/pkg-perl/packages/libmojolicious-perl.git @@ -16,15 +17,17 @@ Package: libmojolicious-perl Architecture: all -Depends: ${misc:Depends}, ${perl:Depends}, - libjs-jquery (= 1.7.1), - perl (= 5.10.1) +Depends: ${misc:Depends}, + ${perl:Depends}, + libjs-jquery (= 1.7.1), + perl Recommends: libio-socket-inet6-perl, - libio-socket-ssl-perl (= 1.43), - libmojo-server-fastcgi-perl +libio-socket-ssl-perl (= 1.43), +libmojo-server-fastcgi-perl Description: simple, yet powerful, Web Application Framework Mojolicious is a Perl Web Application Framework built around the familiar Model-View-Controller philosophy. It supports a simple single file mode via Mojolicious::Lite, RESTful routes, plugins, Perl-ish templates, session management, signed cookies, a testing framework, internationalization, first class Unicode support, and more. + diff -Nru libmojolicious-perl-2.98+dfsg/debian/patches/dont-clobber-dollar-_ libmojolicious-perl-2.98+dfsg/debian/patches/dont-clobber-dollar-_ --- libmojolicious-perl-2.98+dfsg/debian/patches/dont-clobber-dollar-_ 1970-01-01 01:00:00.0 +0100 +++ libmojolicious-perl-2.98+dfsg/debian/patches/dont-clobber-dollar-_ 2012-09-05 17:49:47.0 +0200 @@ -0,0 +1,24 @@ +Description: Dont clobber $_ global variable + replace $_ with a lexical varable. A similar patch has + been applied upstream. + . + This patch should be removed for Mojolicous = 3.38 +Bug: Debian-686750 +Author: dod +Applied-Upstream: yes +--- a/lib/Mojo/Transaction/WebSocket.pm b/lib/Mojo/Transaction/WebSocket.pm +@@ -297,9 +297,10 @@ + + # 512 byte mask + $mask = $mask x 128; +- my $output = ''; +- $output .= $_ ^ $mask while length($_ = substr($input, 0, 512, '')) == 512; +- return $output .= $_ ^ substr($mask, 0, length, ''); ++ my $buffer = my $output = ''; ++ $output .= $buffer ^ $mask ++ while length($buffer = substr($input, 0, 512, '')) == 512; ++ return $output .= $buffer ^ substr($mask, 0, length $buffer, ''); + } + + 1; diff -Nru libmojolicious-perl-2.98+dfsg/debian/patches/series libmojolicious-perl-2.98+dfsg/debian/patches/series --- libmojolicious-perl-2.98+dfsg/debian/patches/series 1970-01-01 01:00:00.0 +0100 +++ libmojolicious-perl-2.98+dfsg/debian/patches/series
Bug#686784: RM: mathop/1.5p6-1.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Please remove mathopd 1.5p6-1.1 We have enough mini httpds in the archive, which are actually maintained: - No maintainer upload since 2008 - No followup to security bug since half a year (This can be dropped from the archive post-release if nothing changes maintainer-wise) Cheers, Moritz -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120905180515.6539.93207.reportbug@pisco.westfalen.local
Bug#686783: RM: sugar-hulahop/0.8.1-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Now that pyjamas is dropped from testing, sugar-hulahop can be dropped as well to address #631051 Cheers, Moritz -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120905180137.5851.29275.reportbug@pisco.westfalen.local
Bug#684591: marked as done (unblock: chromium-browser/21.0.1180.75~r150248-1)
Your message dated Wed, 5 Sep 2012 20:01:19 +0200 with message-id 20120905180119.gb21...@radis.cristau.org and subject line Re: Bug#684591: unblock: chromium-browser/21.0.1180.75~r150248-1 has caused the Debian Bug report #684591, regarding unblock: chromium-browser/21.0.1180.75~r150248-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 684591: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684591 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package chromium-browser debian/ diff can be found here: http://anonscm.debian.org/gitweb/?p=pkg-chromium/pkg-chromium.git;a=commitdiff;hp=fd04758ced65bfd26779d331ed56d6c84a86c5c5 unblock chromium-browser/21.0.1180.75~r150248-1 ---End Message--- ---BeginMessage--- On Sat, Aug 11, 2012 at 16:34:42 +0200, Giuseppe Iuculano wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package chromium-browser debian/ diff can be found here: http://anonscm.debian.org/gitweb/?p=pkg-chromium/pkg-chromium.git;a=commitdiff;hp=fd04758ced65bfd26779d331ed56d6c84a86c5c5 unblock chromium-browser/21.0.1180.75~r150248-1 Unblocked 21.0.1180.89~r154005-1. Cheers, Julien signature.asc Description: Digital signature ---End Message---
Bug#686780: marked as done (unblock: libmojolicious-perl/2.98+dfsg-2)
Your message dated Wed, 05 Sep 2012 19:07:31 +0100 with message-id 1346868451.842.0.ca...@jacala.jungle.funky-badger.org and subject line Re: Bug#686780: unblock: libmojolicious-perl/2.98+dfsg-2 has caused the Debian Bug report #686780, regarding unblock: libmojolicious-perl/2.98+dfsg-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 686780: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686780 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package libmojolicious-perl This new version contains a small patch that fixes a nasty bug (#686750) This patch was taken from upstream (and slightly adapted for Wheezy's mojolicious version). Other changes are minor versioned dependency cleanup on debian/control. See enclosed debdiff. All the best unblock libmojolicious-perl/2.98+dfsg-2 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash diff -Nru libmojolicious-perl-2.98+dfsg/debian/changelog libmojolicious-perl-2.98+dfsg/debian/changelog --- libmojolicious-perl-2.98+dfsg/debian/changelog 2012-06-02 19:26:18.0 +0200 +++ libmojolicious-perl-2.98+dfsg/debian/changelog 2012-09-05 17:49:47.0 +0200 @@ -1,3 +1,14 @@ +libmojolicious-perl (2.98+dfsg-2) unstable; urgency=low + + [ gregor herrmann ] + * debian/control: update {versioned,alternative} (build) dependencies. + + [ Dominique Dumont ] + * patch to avoid clobbering $_ (Closes: #686750) + * control: added dod to uploaders + + -- Dominique Dumont d...@debian.org Wed, 05 Sep 2012 17:45:00 +0200 + libmojolicious-perl (2.98+dfsg-1) unstable; urgency=low * New upstream release. diff -Nru libmojolicious-perl-2.98+dfsg/debian/control libmojolicious-perl-2.98+dfsg/debian/control --- libmojolicious-perl-2.98+dfsg/debian/control 2012-06-02 19:26:18.0 +0200 +++ libmojolicious-perl-2.98+dfsg/debian/control 2012-09-05 17:49:47.0 +0200 @@ -1,14 +1,15 @@ Source: libmojolicious-perl -Section: perl -Priority: optional Maintainer: Debian Perl Group pkg-perl-maintain...@lists.alioth.debian.org Uploaders: Jonathan Yu jaw...@cpan.org, - gregor herrmann gre...@debian.org, - Fabrizio Regalli fab...@fabreg.it, - Krzysztof Krzyżaniak (eloy) e...@debian.org, - Angel Abad an...@debian.org + gregor herrmann gre...@debian.org, + Fabrizio Regalli fab...@fabreg.it, + Krzysztof Krzyżaniak (eloy) e...@debian.org, + Angel Abad an...@debian.org, + Dominique Dumont d...@debian.org +Section: perl +Priority: optional Build-Depends: debhelper (= 8) -Build-Depends-Indep: perl (= 5.10.1) +Build-Depends-Indep: perl Standards-Version: 3.9.3 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libmojolicious-perl.git Vcs-Git: git://git.debian.org/pkg-perl/packages/libmojolicious-perl.git @@ -16,15 +17,17 @@ Package: libmojolicious-perl Architecture: all -Depends: ${misc:Depends}, ${perl:Depends}, - libjs-jquery (= 1.7.1), - perl (= 5.10.1) +Depends: ${misc:Depends}, + ${perl:Depends}, + libjs-jquery (= 1.7.1), + perl Recommends: libio-socket-inet6-perl, - libio-socket-ssl-perl (= 1.43), - libmojo-server-fastcgi-perl +libio-socket-ssl-perl (= 1.43), +libmojo-server-fastcgi-perl Description: simple, yet powerful, Web Application Framework Mojolicious is a Perl Web Application Framework built around the familiar Model-View-Controller philosophy. It supports a simple single file mode via Mojolicious::Lite, RESTful routes, plugins, Perl-ish templates, session management, signed cookies, a testing framework, internationalization, first class Unicode support, and more. + diff -Nru libmojolicious-perl-2.98+dfsg/debian/patches/dont-clobber-dollar-_ libmojolicious-perl-2.98+dfsg/debian/patches/dont-clobber-dollar-_ --- libmojolicious-perl-2.98+dfsg/debian/patches/dont-clobber-dollar-_ 1970-01-01 01:00:00.0 +0100 +++ libmojolicious-perl-2.98+dfsg/debian/patches/dont-clobber-dollar-_ 2012-09-05 17:49:47.0 +0200 @@ -0,0 +1,24 @@ +Description: Dont clobber $_ global variable + replace $_ with a lexical varable. A similar patch has + been applied upstream. + . + This patch
Bug#686768: marked as done (unblock: mysql-5.5/5.5.24+dfsg-8)
Your message dated Wed, 05 Sep 2012 19:09:39 +0100 with message-id 1346868579.842.1.ca...@jacala.jungle.funky-badger.org and subject line Re: Bug#686768: Acknowledgement (unblock: mysql-5.5/5.5.24+dfsg-8) has caused the Debian Bug report #686768, regarding unblock: mysql-5.5/5.5.24+dfsg-8 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 686768: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686768 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package mysql-5.5 Slovak debconf translation and corrections to debian/copyright. unblock mysql-5.5/5.5.24+dfsg-8 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 3.2.0-1-686-pae (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ---End Message--- ---BeginMessage--- On Wed, 2012-09-05 at 15:28 +0100, Nicholas Bamber wrote: Forgot the diff. Sorry. Attahced. Unblocked. Regards, Adam---End Message---
Bug#686755: marked as done (unblock: nautilus-dropbox/1.4.0-2)
Your message dated Wed, 05 Sep 2012 19:49:00 +0100 with message-id 1346870940.842.2.ca...@jacala.jungle.funky-badger.org and subject line Re: Bug#686755: unblock: nautilus-dropbox/1.4.0-2 has caused the Debian Bug report #686755, regarding unblock: nautilus-dropbox/1.4.0-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 686755: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686755 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package nautilus-dropbox It's a new upstream version but it introduces no code changes. However I added some supplementary Debian-specific changes which I'd like to see in the stable release as they are meant to simplify my life when user report bugs about the package. And I also added support to forward https_proxy over the pkexec call (which drops environment variables) and this can fix download issues for a small fraction of the users. The package is in non-free so you have nothing to worry about. It will never become a release blocker since it's not part of Debian. unblock nautilus-dropbox/1.4.0-2 Thank you in advance! -- System Information: Debian Release: wheezy/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (150, 'experimental') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 3.4-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ---End Message--- ---BeginMessage--- On Wed, 2012-09-05 at 12:28 +0200, Raphaël Hertzog wrote: Please unblock package nautilus-dropbox It's a new upstream version but it introduces no code changes. However I added some supplementary Debian-specific changes which I'd like to see in the stable release as they are meant to simplify my life when user report bugs about the package. And I also added support to forward https_proxy over the pkexec call (which drops environment variables) and this can fix download issues for a small fraction of the users. Unblocked. Regards, Adam---End Message---
Bug#686763: marked as done (unblock: moin/1.9.4-8)
Your message dated Wed, 05 Sep 2012 19:53:29 +0100 with message-id 1346871209.842.4.ca...@jacala.jungle.funky-badger.org and subject line Re: Bug#686763: unblock: moin/1.9.4-8 has caused the Debian Bug report #686763, regarding unblock: moin/1.9.4-8 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 686763: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686763 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package moin; security fix for CVE-2012-4404. debdiff attached. unblock moin/1.9.4-8 -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru moin-1.9.4/debian/changelog moin-1.9.4/debian/changelog --- moin-1.9.4/debian/changelog 2012-08-10 14:31:06.0 +0100 +++ moin-1.9.4/debian/changelog 2012-09-05 01:57:33.0 +0100 @@ -1,3 +1,11 @@ +moin (1.9.4-8) unstable; urgency=high + + * High urgency for a security fix + * Add patch from upstream to fix a virtual group bug in ACL evaluation +(CVE-2012-). + + -- Steve McIntyre 93...@debian.org Wed, 05 Sep 2012 01:57:30 +0100 + moin (1.9.4-7) unstable; urgency=low * subprocess.check_output only appeared in python 2.7. Use diff -Nru moin-1.9.4/debian/patches/CVE-2012-XXX-virtual-group-ACL.patch moin-1.9.4/debian/patches/CVE-2012-XXX-virtual-group-ACL.patch --- moin-1.9.4/debian/patches/CVE-2012-XXX-virtual-group-ACL.patch 1970-01-01 01:00:00.0 +0100 +++ moin-1.9.4/debian/patches/CVE-2012-XXX-virtual-group-ACL.patch 2012-09-05 01:58:10.0 +0100 @@ -0,0 +1,136 @@ + +# HG changeset patch +# User Thomas Waldmann tw AT waldmann-edv DOT de +# Date 1346679035 -7200 +# Node ID 7b9f39289e16b37344480025f191d8b64480c834 +# Parent 0e58d9bcd3bd8ab3a89506d66bc0c8df85c16d2c +security fix: fix virtual group bug in ACL evaluation, add a test for it + +affected moin releases: all 1.9 releases up to and including 1.9.4 + +moin releases 1.9 are NOT affected. + +You can find out the moin version by looking at SystemInfo page or at the +output of SystemInfo macro. + +Issue description: + +We have code that checks whether a group has special members All or Known +or Trusted, but there was a bug that checked whether these are present in +the group NAME (not, as intended, in the group MEMBERS). + +a) If you have group MEMBERS like All or Known or Trusted, they did not +work until now, but will start working with this changeset. + +E.g. SomeGroup: + * JoeDoe + * Trusted + +SomeGroup will now (correctly) include JoeDoe and also all trusted users. + +It (erroneously) contained only JoeDoe and Trusted (as a username, not +as a virtual group) before. + +b) If you have group NAMES containing All or Known or Trusted, they behaved +wrong until now (they erroneously included All/Known/Trusted users even if +you did not list them as members), but will start working correctly with this +changeset. + +E.g. AllFriendsGroup: + * JoeDoe + +AllFriendsGroup will now (correctly) include only JoeDoe. +It (erroneously) contained all users (including JoeDoe) before. + +E.g. MyTrustedFriendsGroup: + * JoeDoe + +MyTrustedFriendsGroup will now (correctly) include only JoeDoe. +It (erroneously) contained all trusted users and JoeDoe before. + +diff -r 0e58d9bcd3bd -r 7b9f39289e16 MoinMoin/security/__init__.py +--- a/MoinMoin/security/__init__.py Fri Aug 03 17:36:02 2012 +0200 b/MoinMoin/security/__init__.py Mon Sep 03 15:30:35 2012 +0200 +@@ -320,11 +320,12 @@ + handler = getattr(self, _special_+entry, None) + allowed = handler(request, name, dowhat, rightsdict) + elif entry in groups: +-if name in groups[entry]: ++this_group = groups[entry] ++if name in this_group: + allowed = rightsdict.get(dowhat) + else: + for special in self.special_users: +-if special in entry: ++if special in this_group: + handler = getattr(self, _special_ + special, None) + allowed = handler(request, name, dowhat, rightsdict) + break # order of self.special_users is important +diff -r 0e58d9bcd3bd -r 7b9f39289e16
Bug#686784: marked as done (RM: mathop/1.5p6-1.1)
Your message dated Wed, 05 Sep 2012 20:01:09 +0100 with message-id 1346871669.842.5.ca...@jacala.jungle.funky-badger.org and subject line Re: Bug#686784: RM: mathop/1.5p6-1.1 has caused the Debian Bug report #686784, regarding RM: mathop/1.5p6-1.1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 686784: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686784 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Please remove mathopd 1.5p6-1.1 We have enough mini httpds in the archive, which are actually maintained: - No maintainer upload since 2008 - No followup to security bug since half a year (This can be dropped from the archive post-release if nothing changes maintainer-wise) Cheers, Moritz ---End Message--- ---BeginMessage--- On Wed, 2012-09-05 at 20:05 +0200, Moritz Muehlenhoff wrote: Please remove mathopd 1.5p6-1.1 We have enough mini httpds in the archive, which are actually maintained: - No maintainer upload since 2008 - No followup to security bug since half a year Removal hint added. Regards, Adam---End Message---
Bug#686783: marked as done (RM: sugar-hulahop/0.8.1-1)
Your message dated Wed, 05 Sep 2012 20:03:27 +0100 with message-id 1346871807.842.6.ca...@jacala.jungle.funky-badger.org and subject line Re: Bug#686783: RM: sugar-hulahop/0.8.1-1 has caused the Debian Bug report #686783, regarding RM: sugar-hulahop/0.8.1-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 686783: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686783 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Now that pyjamas is dropped from testing, sugar-hulahop can be dropped as well to address #631051 Cheers, Moritz ---End Message--- ---BeginMessage--- On Wed, 2012-09-05 at 20:01 +0200, Moritz Muehlenhoff wrote: Now that pyjamas is dropped from testing, sugar-hulahop can be dropped as well to address #631051 Removal hint added. Regards, Adam---End Message---
Re: Deleted users still being able to log in via ssh to fusionforge installs - Was: Re: Seeking pre-upload approval (was Re: MW 1.19 for wheezy)
Hi, On Monday 03 September 2012 07:27:59 Olivier Berger wrote: Hi. FWIW, I think that the problem identified by Thorsten on FusionForge probably affects versions pre wheezy, hence my forwarding to the security team. This needs to be investigated, but I'm not really able to dedicate myself to it at the moment. Thanks for the notice. Thorsten, anyone else: can somebody confirm whether this and the other issue affect the version in squeeze? Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201209051446.25502.geiss...@debian.org
Bug#686768: unblock: mysql-5.5/5.5.24+dfsg-8
Hi, Le 05/09/2012 09:28, Nicholas Bamber a écrit : Slovak debconf translation and corrections to debian/copyright. Please, do also include the Danish translation available in #684566: Danish is one of the languages aiming for 100% of translated debconf screen in wheezy. Regards David signature.asc Description: OpenPGP digital signature
Bug#681002: release.debian.org: Freeze exception for libguestfs
* Adam D. Barratt: Assuming the incremental change to the previous diff is purely s/diff/diffutils/ in debian/control, that sounds obviously fine to include; thanks. Something similar, a file within the binary package had to be patched. The source package and debdiff can be found in http://people.debian.org/~bengen/stuff/. I also removed a few patches in debian/patches that were not used and may have been misleading. Again, how should I upload the package? (The libguestfs package in unstable is at 1.18.6-1, so I can't just upload to unstable.) Cheers, -Hilko -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/878vcoyzml@msgid.hilluzination.de
Bug#681002: release.debian.org: Freeze exception for libguestfs
On Wed, 2012-09-05 at 22:37 +0200, Hilko Bengen wrote: * Adam D. Barratt: Assuming the incremental change to the previous diff is purely s/diff/diffutils/ in debian/control, that sounds obviously fine to include; thanks. Something similar, a file within the binary package had to be patched. The source package and debdiff can be found in http://people.debian.org/~bengen/stuff/. For the record, the freeze policy intentionally requests that debdiffs be attached to the bug report. There's no guarantee that what's currently at that people.d.o location will be there at any future point, or match what's currently there; it also doesn't really work for people reading mail offline. I also removed a few patches in debian/patches that were not used and may have been misleading. That makes the debdiff very noisy. :-( But yes, 0009-rebased-patch-queue.patch is not particularly helpful. Again, how should I upload the package? (The libguestfs package in unstable is at 1.18.6-1, so I can't just upload to unstable.) I'm not sure I understand the question. The changelog has +libguestfs (1:1.18.1-1wheezy1) testing; urgency=low so the package won't go to unstable. You just upload to ftp-master as usual. In line with the versioning policy described in the Developers Reference (with a slight modification we aim to have documented there soon), we'd prefer a version of 1:1.18.1-1+deb7u1 though. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1346878786.842.18.ca...@jacala.jungle.funky-badger.org
Bug#686799: Freeze exception for gtk-sharp2
Package: release.debian.org Please consider a freeze exception for gtk-sharp2 version 2.12.10-5 which fixes an issue affecting 64-bit machines. This bugfix is the only change from 2.12.10-4. Details about the issue can be found in bug #686798 (Gtk.IconTheme.SearchPath is not 64-bit safe). A debdiff is attached for reference. cmn diff -Nru gtk-sharp2-2.12.10/debian/changelog gtk-sharp2-2.12.10/debian/changelog --- gtk-sharp2-2.12.10/debian/changelog 2012-09-06 01:49:14.0 +0200 +++ gtk-sharp2-2.12.10/debian/changelog 2012-09-06 01:43:03.0 +0200 @@ -1,3 +1,10 @@ +gtk-sharp2 (2.12.10-5) unstable; urgency=low + + * [b130b4f] debian/patches: add 06_IconTheme_use_glib_marshaller. +This makes IconTheme.get_SearchPath() 64-bit safe. + + -- Carlos Martín Nieto c...@dwim.me Wed, 05 Sep 2012 23:22:15 +0100 + gtk-sharp2 (2.12.10-4) unstable; urgency=low [ Colin Watson ] diff -Nru gtk-sharp2-2.12.10/debian/patches/06_IconTheme_use_glib_marshaller gtk-sharp2-2.12.10/debian/patches/06_IconTheme_use_glib_marshaller --- gtk-sharp2-2.12.10/debian/patches/06_IconTheme_use_glib_marshaller 1970-01-01 01:00:00.0 +0100 +++ gtk-sharp2-2.12.10/debian/patches/06_IconTheme_use_glib_marshaller 2012-09-05 23:50:25.0 +0200 @@ -0,0 +1,62 @@ +Description: IconThem: use the glib marshallers Use GLib.Marshaller + instead of doing it per hand. This makes IconTheme.get_SearchPath() + safe to use in 64-bit machines, as we don't try to make the pointer + fit into a Int32. +Author: Carlos Martín Nieto c...@dwim.me + +Index: gtk-sharp2/gtk/IconTheme.custom +=== +--- gtk-sharp2.orig/gtk/IconTheme.custom 2012-09-02 18:22:23.517201189 +0200 gtk-sharp2/gtk/IconTheme.custom 2012-09-05 23:48:34.244916093 +0200 +@@ -71,9 +71,6 @@ + + public string[] SearchPath { + get { +-string[] retval; +- +-unsafe { + int length; + IntPtr raw_ret; + if (IsWindowsPlatform) +@@ -81,31 +78,22 @@ + else + gtk_icon_theme_get_search_path (Handle, out raw_ret, out length); + +- int size = Marshal.SizeOf (typeof (IntPtr)); +- retval = new string[length]; +- for (int i = 0, j = 0; i length; i++, j += size) { +- IntPtr string_ptr = Marshal.ReadIntPtr (new IntPtr (raw_ret.ToInt32 () + j)); +- retval[i] = GLib.Marshaller.Utf8PtrToString (string_ptr); +- } +- +- g_strfreev (raw_ret); +-} +- +-return retval; ++ return GLib.Marshaller.NullTermPtrToStringArray(raw_ret, true); ++ + } + set { +-int cnt_path = value == null ? 0 : value.Length; +-IntPtr[] native_path = new IntPtr [cnt_path]; +-for (int i = 0; i cnt_path; i++) +- native_path [i] = GLib.Marshaller.StringToPtrGStrdup (value[i]); ++IntPtr[] native_path; ++if (value == null) ++ native_path = new IntPtr [0]; ++else ++ native_path = GLib.Marshaller.StringArrayToNullTermPointer (value); + + if (IsWindowsPlatform) +- gtk_icon_theme_set_search_path_utf8 (Handle, native_path, native_path.Length); ++ gtk_icon_theme_set_search_path_utf8 (Handle, native_path, value.Length); + else +- gtk_icon_theme_set_search_path (Handle, native_path, native_path.Length); ++ gtk_icon_theme_set_search_path (Handle, native_path, value.Length); + +-for (int i = 0; i native_path.Length; i++) +- GLib.Marshaller.Free (native_path[i]); ++GLib.Marshaller.Free(native_path); + } + } + diff -Nru gtk-sharp2-2.12.10/debian/patches/series gtk-sharp2-2.12.10/debian/patches/series --- gtk-sharp2-2.12.10/debian/patches/series 2012-09-06 01:49:14.0 +0200 +++ gtk-sharp2-2.12.10/debian/patches/series 2012-09-02 18:19:24.0 +0200 @@ -2,4 +2,5 @@ 02_pcfiles 04_fix_glib_2.31_threading 05_glib_single_include +06_IconTheme_use_glib_marshaller