Re: Bug#676713: audacity: DEB_BUILD_OPTIONS=noopt still compiles some files with -O2
On 12-06-09 at 03:53am, Sami Liedes wrote:
On Sat, Jun 09, 2012 at 03:29:03AM +0300, Sami Liedes wrote:
Package: audacity
Version: 2.0.0-1
Severity: normal
While trying to build a debuggable package with
DEB_BUILD_OPTIONS=noopt nostrip,
I ran into this.
Even with DEB_BUILD_OPTIONS=noopt, most of the modules in the project
are built with -O2, while some are correctly built with -O0 (as the
last -O option takes precedence). Most notably, the core Audacity core
is built with -O2. These modules seem to be compiled with -O2:
* all modules inside src/
AND
* the modules inside lib-src/portmixer/
Turns out the culprit is libportsmf-dev, which installs a pkg-config file
/usr/lib/pkgconfig/portSMF.pc
which includes some compiler flags in its Cflags that no pkg-config
file normally has business of including, hence causing packages using
it to be always compiled with -g -O2 -Wall:
$ grep Cflags /usr/lib/pkgconfig/portSMF.pc
Cflags: -I${includedir}/portSMF -g -O2 -Wall
Good catch!
Sounds like a task for lintian to check for. Please consider filing a
wishlist bugreport against lintian for adding such check.
Maybe you could also raise the issue at debian-devel mailinglist, as
this kind of flaw isn't specific to multimedia and others might have
clever ideas on how to cross-check and weed out most possible of such
flaws.
- Jonas
--
* Jonas Smedegaard - idealist Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: Digital signature
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#675767: marked as done (src:libav: check CVE-2011-4031 (integer underflow in asfrtp_parse_packet))
Your message dated Sat, 9 Jun 2012 12:49:02 +0200 with message-id CAJ0cceYR0=Oco5dcA0H=Z_OoicUNrCUrDwLESA2ZF4NgYs4u=w...@mail.gmail.com and subject line Re: Bug#675767: src:libav: check CVE-2011-4031 (integer underflow in asfrtp_parse_packet) has caused the Debian Bug report #675767, regarding src:libav: check CVE-2011-4031 (integer underflow in asfrtp_parse_packet) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 675767: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675767 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: src:libav Version: 6:0.8.2-2 Severity: important Tags: security Dear multimedia maintainers, Please determine whether libav is affected by CVE-2011-4031: | Integer underflow in the asfrtp_parse_packet function in | libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers | to execute arbitrary code via a crafted ASF packet. Thanks Helmut ---End Message--- ---BeginMessage--- fixed 675767 0.8-1 On Sun, Jun 3, 2012 at 11:11 AM, Helmut Grohne hel...@subdivi.de wrote: Package: src:libav Version: 6:0.8.2-2 Severity: important Tags: security Dear multimedia maintainers, Please determine whether libav is affected by CVE-2011-4031: | Integer underflow in the asfrtp_parse_packet function in | libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers | to execute arbitrary code via a crafted ASF packet. This has been fixed upstream before in the very first 0.8 release. As such, I do not believe that this issue has ever existed in debian. I guess this refers to the following commit in FFmpeg: commit b15e85d8207bf644e5fc8837b4fad2ae3f33d021 Author: Michael Niedermayer michae...@gmx.at Date: Wed Sep 7 14:12:42 2011 +0200 rtpdec_asf: Fix integer underflow that could allow remote code execution Fixes MSVR-11-0088 Fixes CVE-2011-4031 Credit: Jeong Wook Oh of Microsoft and Microsoft Vulnerability Research (MSVR) Signed-off-by: Michael Niedermayer michae...@gmx.at Signed-off-by: Martin Storsjö mar...@martin.st (cherry picked from commit 5ea091fb5a12dc0210b8efdf30b573b87e21652b) Signed-off-by: Reinhard Tartler siret...@tauware.de However, 5ea091fb5a12dc0210b8efdf30b573b87e21652b is already in the 0.8 upstream release. Nevertheless, thanks for caring about security issues in libavcodec! -- regards, Reinhard ---End Message--- ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#675584: /usr/bin/avconv: avconv segfaults when transcoding video with libx264 presets
severity 675584 minor tags 675584 moreinfo stop On Sat, Jun 2, 2012 at 12:25 PM, Rogério Brito rbr...@ime.usp.br wrote: Package: libav-tools Version: 6:0.8.2-2 Severity: important File: /usr/bin/avconv Hi. I have just tried to transcode some lecture videos for watching on my ipod and I can't get them working because avconv segfaults when I use this: ,[ avconv -y -i in.mp4 -c:v libx264 -pre libx264-ipod320 -s 320x240 -b:v 768k -c:a copy out.mp4 ] Instead of using the old, deprecated method with these profiles file, a better solution would be to use the codec private options. See the output of avconv -help: [...] libx264 AVOptions: -presetstring E.V.. Set the encoding preset (cf. x264 --fullhelp) -tune string E.V.. Tune the encoding params (cf. x264 --fullhelp) -profile string E.V.. Set profile restrictions (cf. x264 --fullhelp) [...] If I remove the '-pre libx264-ipod320' part from the command line, then avconv converts the video, but not with the parameters necessary for a low powered device (i.e., Baseline Profile H.264). I don't have here symbols for libav (which means that gdb doesn't generate any useful traceback), but upon using strace on avconv, this is what I get: The debug symbols are in the package libav-dbg. Without a proper stacktrace, it remains hard to reproduce and eventually fix the problem. Sorry. -- regards, Reinhard ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processed: Re: Bug#675584: /usr/bin/avconv: avconv segfaults when transcoding video with libx264 presets
Processing commands for cont...@bugs.debian.org: severity 675584 minor Bug #675584 [libav-tools] /usr/bin/avconv: avconv segfaults when transcoding video with libx264 presets Severity set to 'minor' from 'important' tags 675584 moreinfo Bug #675584 [libav-tools] /usr/bin/avconv: avconv segfaults when transcoding video with libx264 presets Added tag(s) moreinfo. stop Stopping processing here. Please contact me if you need assistance. -- 675584: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675584 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#674139: marked as done (ffmpeg-doc: installation incompatible with libav-doc)
Your message dated Sat, 09 Jun 2012 12:33:09 + with message-id e1sdkqr-00069o...@franck.debian.org and subject line Bug#674139: fixed in libav 6:0.8.3-1 has caused the Debian Bug report #674139, regarding ffmpeg-doc: installation incompatible with libav-doc to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 674139: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674139 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: ffmpeg-doc Version: 6:0.8.2-1 Severity: normal Preparing to replace ffmpeg-doc 6:0.8.2-1 (using .../ffmpeg-doc_7%3a0.10.3-dmo1_all.deb) ... Unpacking replacement ffmpeg-doc ... dpkg: error processing /var/cache/apt/archives/ffmpeg-doc_7%3a0.10.3-dmo1_all.deb (--unpack): trying to overwrite '/usr/share/doc-base/ffmpeg-doc', which is also in package libav-doc 6:0.8.2-1 -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'testing-proposed-updates') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ffmpeg-doc depends on: ii libav-doc 6:0.8.2-1 ffmpeg-doc recommends no packages. ffmpeg-doc suggests no packages. -- no debconf information ---End Message--- ---BeginMessage--- Source: libav Source-Version: 6:0.8.3-1 We believe that the bug you reported is fixed in the latest version of libav, which is due to be installed in the Debian FTP archive: ffmpeg-dbg_0.8.3-1_amd64.deb to main/liba/libav/ffmpeg-dbg_0.8.3-1_amd64.deb ffmpeg-doc_0.8.3-1_all.deb to main/liba/libav/ffmpeg-doc_0.8.3-1_all.deb ffmpeg_0.8.3-1_amd64.deb to main/liba/libav/ffmpeg_0.8.3-1_amd64.deb libav-dbg_0.8.3-1_amd64.deb to main/liba/libav/libav-dbg_0.8.3-1_amd64.deb libav-doc_0.8.3-1_all.deb to main/liba/libav/libav-doc_0.8.3-1_all.deb libav-extra-dbg_0.8.3-1_amd64.deb to main/liba/libav/libav-extra-dbg_0.8.3-1_amd64.deb libav-regular-dbg_0.8.3-1_amd64.deb to main/liba/libav/libav-regular-dbg_0.8.3-1_amd64.deb libav-tools_0.8.3-1_amd64.deb to main/liba/libav/libav-tools_0.8.3-1_amd64.deb libav_0.8.3-1.debian.tar.gz to main/liba/libav/libav_0.8.3-1.debian.tar.gz libav_0.8.3-1.dsc to main/liba/libav/libav_0.8.3-1.dsc libav_0.8.3.orig.tar.gz to main/liba/libav/libav_0.8.3.orig.tar.gz libavcodec-dev_0.8.3-1_amd64.deb to main/liba/libav/libavcodec-dev_0.8.3-1_amd64.deb libavcodec-extra-53_0.8.3-1_amd64.deb to main/liba/libav/libavcodec-extra-53_0.8.3-1_amd64.deb libavcodec53_0.8.3-1_amd64.deb to main/liba/libav/libavcodec53_0.8.3-1_amd64.deb libavdevice-dev_0.8.3-1_amd64.deb to main/liba/libav/libavdevice-dev_0.8.3-1_amd64.deb libavdevice-extra-53_0.8.3-1_all.deb to main/liba/libav/libavdevice-extra-53_0.8.3-1_all.deb libavdevice53_0.8.3-1_amd64.deb to main/liba/libav/libavdevice53_0.8.3-1_amd64.deb libavfilter-dev_0.8.3-1_amd64.deb to main/liba/libav/libavfilter-dev_0.8.3-1_amd64.deb libavfilter-extra-2_0.8.3-1_all.deb to main/liba/libav/libavfilter-extra-2_0.8.3-1_all.deb libavfilter2_0.8.3-1_amd64.deb to main/liba/libav/libavfilter2_0.8.3-1_amd64.deb libavformat-dev_0.8.3-1_amd64.deb to main/liba/libav/libavformat-dev_0.8.3-1_amd64.deb libavformat-extra-53_0.8.3-1_all.deb to main/liba/libav/libavformat-extra-53_0.8.3-1_all.deb libavformat53_0.8.3-1_amd64.deb to main/liba/libav/libavformat53_0.8.3-1_amd64.deb libavutil-dev_0.8.3-1_amd64.deb to main/liba/libav/libavutil-dev_0.8.3-1_amd64.deb libavutil-extra-51_0.8.3-1_all.deb to main/liba/libav/libavutil-extra-51_0.8.3-1_all.deb libavutil51_0.8.3-1_amd64.deb to main/liba/libav/libavutil51_0.8.3-1_amd64.deb libpostproc-dev_0.8.3-1_amd64.deb to main/liba/libav/libpostproc-dev_0.8.3-1_amd64.deb libpostproc-extra-52_0.8.3-1_all.deb to main/liba/libav/libpostproc-extra-52_0.8.3-1_all.deb libpostproc52_0.8.3-1_amd64.deb to main/liba/libav/libpostproc52_0.8.3-1_amd64.deb libswscale-dev_0.8.3-1_amd64.deb to main/liba/libav/libswscale-dev_0.8.3-1_amd64.deb libswscale-extra-2_0.8.3-1_all.deb to main/liba/libav/libswscale-extra-2_0.8.3-1_all.deb libswscale2_0.8.3-1_amd64.deb to main/liba/libav/libswscale2_0.8.3-1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 674...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reinhard Tartler siret...@tauware.de
Processing of python-pyo_0.6.1-1_amd64.changes
python-pyo_0.6.1-1_amd64.changes uploaded successfully to localhost along with the files: python-pyo_0.6.1-1.dsc python-pyo_0.6.1.orig.tar.bz2 python-pyo_0.6.1-1.debian.tar.gz python-pyo_0.6.1-1_amd64.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processing of python-pyo_0.6.1-1_amd64.changes
/python-pyo_0.6.1-1_amd64.changes is already present on target host: python-pyo_0.6.1-1_amd64.deb Either you already uploaded it, or someone else came first. Job python-pyo_0.6.1-1_amd64.changes removed. Greetings, Your Debian queue daemon (running on host franck.debian.org) ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
python-pyo_0.6.1-1_amd64.changes is NEW
(new) python-pyo_0.6.1-1.debian.tar.gz optional python (new) python-pyo_0.6.1-1.dsc optional python (new) python-pyo_0.6.1-1_amd64.deb optional python Python module written in C to help digital signal processing script creation pyo is a Python module containing classes for a wide variety of audio signal processing types. With pyo, user will be able to include signal processing chains directly in Python scripts or projects, and to manipulate them in real time through the interpreter. Tools in pyo module offer primitives, like mathematical operations on audio signal, basic signal processing (filters, delays, synthesis generators, etc.), but also complex algorithms to create sound granulation and others creative audio manipulations. . pyo supports OSC protocol (Open Sound Control), to ease communications between softwares, and MIDI protocol, for generating sound events and controlling process parameters. . pyo allows creation of sophisticated signal processing chains with all the benefits of a mature, and wildly used, general programming language. (new) python-pyo_0.6.1.orig.tar.bz2 optional python Changes: python-pyo (0.6.1-1) unstable; urgency=low . * Initial release. (Closes: #676712) Override entries for your package: Announcing to debian-devel-chan...@lists.debian.org Closing bugs: 676712 Your package contains new components which requires manual editing of the override file. It is ok otherwise, so please be patient. New packages are usually added to the override file about once a week. You may have gotten the distribution wrong. You'll get warnings above if files already exist in other distributions. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processing of python-pyo_0.6.1-1_amd64.changes
python-pyo_0.6.1-1_amd64.changes uploaded successfully to localhost along with the files: python-pyo_0.6.1-1.dsc python-pyo_0.6.1.orig.tar.gz python-pyo_0.6.1-1.debian.tar.gz python-pyo_0.6.1-1_amd64.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
gmusicbrowser 1.1.9-2 MIGRATED to testing
FYI: The status of the gmusicbrowser source package in Debian's testing distribution has changed. Previous version: 1.1.9-1 Current version: 1.1.9-2 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See http://release.debian.org/testing-watch/ for more information. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
mixxx 1.10.0~dfsg0-4 MIGRATED to testing
FYI: The status of the mixxx source package in Debian's testing distribution has changed. Previous version: 1.10.0~dfsg0-1 Current version: 1.10.0~dfsg0-4 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See http://release.debian.org/testing-watch/ for more information. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
jackd2 1.9.8~dfsg.4+20120529git007cdc37-1 MIGRATED to testing
FYI: The status of the jackd2 source package in Debian's testing distribution has changed. Previous version: 1.9.8~dfsg.3+20120418gitf82ec715-6 Current version: 1.9.8~dfsg.4+20120529git007cdc37-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See http://release.debian.org/testing-watch/ for more information. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
jack-audio-connection-kit 1:0.121.3+20120418git75e3e20b-2 MIGRATED to testing
FYI: The status of the jack-audio-connection-kit source package in Debian's testing distribution has changed. Previous version: 1:0.121.3+20120418git75e3e20b-1 Current version: 1:0.121.3+20120418git75e3e20b-2 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See http://release.debian.org/testing-watch/ for more information. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
python-pyo_0.6.1-1_amd64.changes REJECTED
Reject Reasons: python-pyo_0.6.1-1_amd64.changes file already known to dak python-pyo_0.6.1-1.debian.tar.gz file already exists in the new queue. python-pyo_0.6.1-1.dsc file already exists in the new queue. python-pyo_0.6.1-1_amd64.deb file already exists in the new queue. === Please feel free to respond to this email if you don't understand why your files were rejected, or if you upload new files which address our concerns. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: Help getting started -- trying to build csound package
OK, I have a version locally committed to git which is working with the new upstream sources. I have * removed all 0xxx patches which have already been applied (some have not, and don't seem to be in the HEAD of upstream's git repo, either; that struck me as weird, but I left in all patches that would still apply). * added a 1xxx patch for a CMake file error, which I also posted to the csound dev list (although I don't know if it will be applied) * updated debian/rules to change the cmake flag -DBUILD_NEW_PARSER to ON, as is now needed to compile. * added a 2xxx patch to the root level CMakeLists.txt which adds -DHAVE_LIBSNDFILE=1016 to the c flags. The scons build has tests for the libsndfile version which are missing altogether in the cmake build. I couldn't figure out how to actually add the tests to the cmake, but since even debian stable has a version higher than the highest one the csound build looks for, I just added it as a debian-specific patch. This fixes debian bug #676145 I had reported earlier. The only thing that may yet need to be done is updating debian/copyright. I don't know what if anything actually needs to be done there. It doesn't look like there are any new files with non-free licenses. So, what's next? Do I get to push my changes back to alioth? How do I do that? Forrest ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
