Bug#756600: xcfa: Insecure use of temporary files, subject to race conditions
Package: xcfa
Version: 4.3.1-1
Severity: important
Tags: security
xcfa contains several insecure uses of temporary files.
For example the file src/get_info.c has code to test that
curl is present, in the function GetInfo_wget which
essentially runs:
wget --user-agent=\Mozilla 22.0\ --directory-prefix=/tmp/
http://google.fr/
..
if [ -e /tmp/index.html ]; then
rm /tmp/index.html
fi
This is probably safe, because wget will not follow symlinks, and will
instead create index.html.1 - but any existing file called /tmp/index.html
will be removed regardless.
More serious issues exist throughout the codebase. For example the
code in dvdread_create_recap_audio, located in src/dvd_read.c contains
this lovely function:
// Suppression du fichier precedant si il existe
g_unlink (/tmp/get_infos_dvd.sh);
g_unlink (/tmp/infos_dvd.txt);
fp = fopen (/tmp/get_infos_dvd.sh, w);
fprintf (fp, #!/bin/sh\n);
fprintf (fp, \n);
fprintf (fp, set -e\n);
fprintf (fp, \n);
..
..
system (chmod +x /tmp/get_infos_dvd.sh);
system (/tmp/get_infos_dvd.sh);
g_unlink (/tmp/get_infos_dvd.sh);
Similarly the code which copies files to the trashbin, located in
src/file_trash.c,
has some nice code which runs:
system (env | grep \KDE_FULL_SESSION\
/tmp/tst_kde_full_session.txt);
if ((fp = fopen (/tmp/tst_kde_full_session.txt, r)) != NULL) {
while (fgets (buf, MAX_CARS_KDE, fp) != NULL) {
if (strcmp (buf, KDE_FULL_SESSION) == 0) {
if (strcmp (buf, true) == 0 || strcmp (buf,
TRUE) == 0) {
BoolRet = TRUE;
break;
}
}
}
fclose (fp);
}
g_unlink (/tmp/tst_kde_full_session.txt);
In short this codebase is rife with race-conditions allowing arbitrary shell
executation,
via /tmp/get_infos_dvd.sh, and file truncation/deletion.
I'd strongly urge the maintainer to audit the codebase for additional issues,
with the
help of upstream.
Steve
--
-- System Information:
Debian Release: 7.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.14-0.bpo.1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF8)
Shell: /bin/sh linked to /bin/dash
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processed: bug 756600 is forwarded to Claude Bulin x...@tuxfamily.org, tagging 756600
Processing commands for cont...@bugs.debian.org: forwarded 756600 Claude Bulin x...@tuxfamily.org Bug #756600 [xcfa] xcfa: Insecure use of temporary files, subject to race conditions Set Bug forwarded-to-address to 'Claude Bulin x...@tuxfamily.org'. tags 756600 + upstream Bug #756600 [xcfa] xcfa: Insecure use of temporary files, subject to race conditions Added tag(s) upstream. thanks Stopping processing here. Please contact me if you need assistance. -- 756600: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756600 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#756600: xcfa: Insecure use of temporary files, subject to race conditions
Hello, On Thu, Jul 31, 2014 at 10:00 AM, Steve Kemp st...@steve.org.uk wrote: Package: xcfa Version: 4.3.1-1 Severity: important Tags: security xcfa contains several insecure uses of temporary files. Thank you Steve for the great work. Claude, can you please have a look at this bug? It sounds pretty serious. http://bugs.debian.org/756600 Thanks in advance for any reply, and cheers! -- Alessio Treglia | www.alessiotreglia.com Debian Developer | ales...@debian.org Ubuntu Core Developer| quadris...@ubuntu.com 0416 0004 A827 6E40 BB98 90FB E8A4 8AE5 311D 765A ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: libde265_0.6-1_amd64.changes REJECTED
Hi Thorsten, thanks for the detailed feedback, please see my comments below. On 30.07.2014 16:05, Thorsten Alteholz wrote: ok, so I would suggest to change the header of those application files from This file is part of libde265. to something like This file is part of a sample application to show the usage of libde265: Ok, this has been changed. How should the license information be reworked? Is it sufficient to update the Readme.md to state that the library is LGPLv3 but the sample apps are GPLv3? Yes, that would be ok. The icing on the cake would be if you add this as comment to debian/copyright as well. The Readme.md has been updated and a comment added to debian/copyright. No, that information should be part of the source tarball that everybody can download. I understand. We created a new release that contains all your feedback. @Alessio: could you (or any other uploader) please review my changes and create/upload a new package of libde265? I updated the git repository on alioth with these changes: - Fixed debian/watch to download release tarball, not source tarball. - Updated libde265 to latest upstream version 0.8 - Added libswscale-dev as build dependency so sherlock265 example will be compiled. - Reduced amount of exported symbols and updated .symbols file. - Added comment about only the samples being GPL to debian/copyright. Thanks in advance and best regards, Joachim ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processed: tagging 754732
Processing commands for cont...@bugs.debian.org: tags 754732 + pending Bug #754732 [src:gpac] Outdated copyright Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 754732: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754732 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#756408: Removed package(s) from unstable
We believe that the bug you reported is now fixed; the following package(s) have been removed from unstable: yafaray |0.1.5-3 | source yafaray | 0.1.5-3+b2 | amd64, armel, armhf, hurd-i386, i386, kfreebsd-amd64, kfreebsd-i386, mips, mipsel, powerpc, s390x, sparc --- Reason --- ROM; Dead upstream, unmaintained -- Note that the package(s) have simply been removed from the tag database and may (or may not) still be in the pool; this is not a bug. The package(s) will be physically removed automatically when no suite references them (and in the case of source, when no binary references it). Please also remember that the changes have been done on the master archive and will not propagate to any mirrors until the next dinstall run at the earliest. Packages are usually not removed from testing by hand. Testing tracks unstable and will automatically remove packages which were removed from unstable when removing them from testing causes no dependency problems. The release team can force a removal from testing if it is really needed, please contact them if this should be the case. We try to close bugs which have been reported against this package automatically. But please check all old bugs, if they were closed correctly or should have been re-assigned to another package. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 756...@bugs.debian.org. The full log for this bug can be viewed at https://bugs.debian.org/756408 This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain) ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processing of gpac_0.5.0+svn5324~dfsg1-1_amd64.changes
gpac_0.5.0+svn5324~dfsg1-1_amd64.changes uploaded successfully to localhost along with the files: gpac_0.5.0+svn5324~dfsg1-1_amd64.deb gpac-dbg_0.5.0+svn5324~dfsg1-1_amd64.deb gpac-modules-base_0.5.0+svn5324~dfsg1-1_amd64.deb libgpac3_0.5.0+svn5324~dfsg1-1_amd64.deb libgpac-dbg_0.5.0+svn5324~dfsg1-1_amd64.deb libgpac-dev_0.5.0+svn5324~dfsg1-1_amd64.deb gpac_0.5.0+svn5324~dfsg1-1.dsc gpac_0.5.0+svn5324~dfsg1.orig.tar.bz2 gpac_0.5.0+svn5324~dfsg1-1.debian.tar.gz Greetings, Your Debian queue daemon (running on host franck.debian.org) ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
gpac_0.5.0+svn5324~dfsg1-1_amd64.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 31 Jul 2014 14:13:58 +0100 Source: gpac Binary: gpac gpac-dbg gpac-modules-base libgpac3 libgpac-dbg libgpac-dev Architecture: source amd64 Version: 0.5.0+svn5324~dfsg1-1 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers pkg-multimedia-maintainers@lists.alioth.debian.org Changed-By: Alessio Treglia ales...@debian.org Description: gpac - GPAC Project on Advanced Content - utilities gpac-dbg - GPAC Project on Advanced Content - debugging symbols gpac-modules-base - GPAC Project on Advanced Content - modules libgpac-dbg - GPAC Project on Advanced Content - debugging symbols for libgpac3 libgpac-dev - GPAC Project on Advanced Content - development files libgpac3 - GPAC Project on Advanced Content - shared libraries Closes: 754732 Changes: gpac (0.5.0+svn5324~dfsg1-1) unstable; urgency=medium . * New upstream snapshot. * Refresh patches. * debian/copyright: - Improve copyright and licensing information on src/utils/unicode.c. Thanks to bastien ROUCARIES for pointing this out. (Closes: #754732) - Update debian/* copyright holders's information. - Mention debian/copyright in debian/source/lintian-overrides to avoid lintian's license-problem-non-free-RFC error. Checksums-Sha1: 99d2c658c7ea14893e2bb01d602c4b409748e6e0 2751 gpac_0.5.0+svn5324~dfsg1-1.dsc 15231e16ae8d154f9ec9ee8379289712412af26a 4677040 gpac_0.5.0+svn5324~dfsg1.orig.tar.bz2 3214d3d1f38ac9ca99464f03a623f2552bceaace 32205 gpac_0.5.0+svn5324~dfsg1-1.debian.tar.gz fa2538eb8c20e700d871c481e8d16874075692d7 243072 gpac_0.5.0+svn5324~dfsg1-1_amd64.deb df598d1f698b6f5d4102c06c9678cc97be3b22a2 1282166 gpac-dbg_0.5.0+svn5324~dfsg1-1_amd64.deb 22261d11f702199cc698ce559c4472ca39143c57 233226 gpac-modules-base_0.5.0+svn5324~dfsg1-1_amd64.deb e36c10315dbbf0ad8a4fe911eb5f626541129f4c 1483986 libgpac3_0.5.0+svn5324~dfsg1-1_amd64.deb 79d621667bc2af2bd6eb7f065af604931aaff748 4834360 libgpac-dbg_0.5.0+svn5324~dfsg1-1_amd64.deb a1771404a110ef93ebbf1241eb0b2158f62679cb 1988510 libgpac-dev_0.5.0+svn5324~dfsg1-1_amd64.deb Checksums-Sha256: b4b3da46cbedf61984fd65e4baf880c2ac61d6a9140182df8e1c1bf7b7e87d0e 2751 gpac_0.5.0+svn5324~dfsg1-1.dsc 1f9e01978b2f9dafd94a0796f951a6b5cddcd351593453ad71a344b2c2ca9569 4677040 gpac_0.5.0+svn5324~dfsg1.orig.tar.bz2 d2fc4cfe44e262a312397f7fc909c99a1bf04b86d0fbb150d02bbed1f49777d9 32205 gpac_0.5.0+svn5324~dfsg1-1.debian.tar.gz 68c8aa9ba11c78213a1b24cbab94b34ba802e966cee3e6fc300e578fda1fa39e 243072 gpac_0.5.0+svn5324~dfsg1-1_amd64.deb dd2debefaa97414577b48c10eee42d71f073b940679ee517fea4f2e6f14dbc23 1282166 gpac-dbg_0.5.0+svn5324~dfsg1-1_amd64.deb 34ae7b2a87df6cda7987a8eb91712914719d108937eee7bdea17b4307147a3a2 233226 gpac-modules-base_0.5.0+svn5324~dfsg1-1_amd64.deb fd0f0ba2502a509c27b55ad2ba53a1773295d17cc1a3c70db0dab87da5bc490a 1483986 libgpac3_0.5.0+svn5324~dfsg1-1_amd64.deb d888d5ca3dc786e38753f6e4beb19c73b83fb9b35b26bc14220efc04b86422f0 4834360 libgpac-dbg_0.5.0+svn5324~dfsg1-1_amd64.deb b5632975d19697f442e425ba110292a2fad7271898e4e8aa4cbbbe1285de3ee3 1988510 libgpac-dev_0.5.0+svn5324~dfsg1-1_amd64.deb Files: 1eef6cc655d99be163b92eee8b1efc63 243072 graphics optional gpac_0.5.0+svn5324~dfsg1-1_amd64.deb 42580d81009a3640ca280b29cc1d4614 1282166 debug extra gpac-dbg_0.5.0+svn5324~dfsg1-1_amd64.deb 62948665538b7d85511857332624c561 233226 graphics optional gpac-modules-base_0.5.0+svn5324~dfsg1-1_amd64.deb d95b0b3055aac448124379836ac0a292 1483986 libs optional libgpac3_0.5.0+svn5324~dfsg1-1_amd64.deb 31c644a6719b551a1c7c76b1c47236c2 4834360 debug extra libgpac-dbg_0.5.0+svn5324~dfsg1-1_amd64.deb db00f417a0139229b50a2cac6d71736a 1988510 libdevel optional libgpac-dev_0.5.0+svn5324~dfsg1-1_amd64.deb a91fc77890f307e04f78fd042f1a 2751 graphics optional gpac_0.5.0+svn5324~dfsg1-1.dsc 828bde94660792841a695c2d737d4188 4677040 graphics optional gpac_0.5.0+svn5324~dfsg1.orig.tar.bz2 7f66f0042882091a8047a34272be3c15 32205 graphics optional gpac_0.5.0+svn5324~dfsg1-1.debian.tar.gz -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJT2k5vAAoJEOikiuUxHXZaBooP/AoPLt159Ca0mXB3KAifw/3L vHIdeUnK4d6i4RV6YZL2K4g7DrfkeDV2XX5HbKGyp7pgMohsARbuip1DrVTZBG5b O8B4GZeClBdGssCXAogf9xJE8NfDVfOwf5dDa6lBqyQzWTzOYgBAucFrST21pXTt Wrj7d2iQRh7dH+Z/lyRagMHPWeRCWWxYcuMIqEVJmFF8+oBl94syn5RPeL6BetzQ fOrs61CnqQX5KkvyBo+xD6ebzPE2KRLrvAPbuFQQyPsu4Un0ItCQwauQvwHpdGCb X8yxzXdmQczd9OnlgHtz5+MT64sD3gGakOsCu03+Ot1BLMnVBg9a1O1hen36Y6JU 89Q2GkE4Z3QazJhx4bkcH3xfNTular49HbUMqyZrHdH/Yibz+0e1ILnmEf/SqO4m 9GqPHX5o2M06NxWEBQ5hQxOLawqjNWg8Q+F4/mFI10L8jBamOHCq1NV1ZeWBTT6n BMBts6Q+/E0Pir5z7koBODov8fclZH4YfwdfJPRUorMwB0TjEAJ0KeTmuqF6iW6R ibfQuD9tWIklGHAZqUrRA+ekRaa1E1WK0HrdC+oQx3C+iyIsOeFnykKopfGq4Zez HOwbc6nYd0MJZqP4prq/15xygf45q+Wv+rWEh2JzKXzynH2AkJoMGFLfy4TfFUkH E5l85fX40Pu4ttrUEFg1 =ubs6 -END PGP SIGNATURE- Thank you for your
Bug#754732: marked as done (Outdated copyright)
Your message dated Thu, 31 Jul 2014 15:34:56 + with message-id e1xcsnc-0007ft...@franck.debian.org and subject line Bug#754732: fixed in gpac 0.5.0+svn5324~dfsg1-1 has caused the Debian Bug report #754732, regarding Outdated copyright to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 754732: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754732 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- package: src:gpac version: 0.5.0+svn5294~dfsg1-1 severirty: important You are right to override lintian warning for src/utils/unicode.c Nevertheless copyright file should mention the rfc copyright as derivated from the rfc. It is free but you should mention it. Bastien ---End Message--- ---BeginMessage--- Source: gpac Source-Version: 0.5.0+svn5324~dfsg1-1 We believe that the bug you reported is fixed in the latest version of gpac, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 754...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alessio Treglia ales...@debian.org (supplier of updated gpac package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 31 Jul 2014 14:13:58 +0100 Source: gpac Binary: gpac gpac-dbg gpac-modules-base libgpac3 libgpac-dbg libgpac-dev Architecture: source amd64 Version: 0.5.0+svn5324~dfsg1-1 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers pkg-multimedia-maintainers@lists.alioth.debian.org Changed-By: Alessio Treglia ales...@debian.org Description: gpac - GPAC Project on Advanced Content - utilities gpac-dbg - GPAC Project on Advanced Content - debugging symbols gpac-modules-base - GPAC Project on Advanced Content - modules libgpac-dbg - GPAC Project on Advanced Content - debugging symbols for libgpac3 libgpac-dev - GPAC Project on Advanced Content - development files libgpac3 - GPAC Project on Advanced Content - shared libraries Closes: 754732 Changes: gpac (0.5.0+svn5324~dfsg1-1) unstable; urgency=medium . * New upstream snapshot. * Refresh patches. * debian/copyright: - Improve copyright and licensing information on src/utils/unicode.c. Thanks to bastien ROUCARIES for pointing this out. (Closes: #754732) - Update debian/* copyright holders's information. - Mention debian/copyright in debian/source/lintian-overrides to avoid lintian's license-problem-non-free-RFC error. Checksums-Sha1: 99d2c658c7ea14893e2bb01d602c4b409748e6e0 2751 gpac_0.5.0+svn5324~dfsg1-1.dsc 15231e16ae8d154f9ec9ee8379289712412af26a 4677040 gpac_0.5.0+svn5324~dfsg1.orig.tar.bz2 3214d3d1f38ac9ca99464f03a623f2552bceaace 32205 gpac_0.5.0+svn5324~dfsg1-1.debian.tar.gz fa2538eb8c20e700d871c481e8d16874075692d7 243072 gpac_0.5.0+svn5324~dfsg1-1_amd64.deb df598d1f698b6f5d4102c06c9678cc97be3b22a2 1282166 gpac-dbg_0.5.0+svn5324~dfsg1-1_amd64.deb 22261d11f702199cc698ce559c4472ca39143c57 233226 gpac-modules-base_0.5.0+svn5324~dfsg1-1_amd64.deb e36c10315dbbf0ad8a4fe911eb5f626541129f4c 1483986 libgpac3_0.5.0+svn5324~dfsg1-1_amd64.deb 79d621667bc2af2bd6eb7f065af604931aaff748 4834360 libgpac-dbg_0.5.0+svn5324~dfsg1-1_amd64.deb a1771404a110ef93ebbf1241eb0b2158f62679cb 1988510 libgpac-dev_0.5.0+svn5324~dfsg1-1_amd64.deb Checksums-Sha256: b4b3da46cbedf61984fd65e4baf880c2ac61d6a9140182df8e1c1bf7b7e87d0e 2751 gpac_0.5.0+svn5324~dfsg1-1.dsc 1f9e01978b2f9dafd94a0796f951a6b5cddcd351593453ad71a344b2c2ca9569 4677040 gpac_0.5.0+svn5324~dfsg1.orig.tar.bz2 d2fc4cfe44e262a312397f7fc909c99a1bf04b86d0fbb150d02bbed1f49777d9 32205 gpac_0.5.0+svn5324~dfsg1-1.debian.tar.gz 68c8aa9ba11c78213a1b24cbab94b34ba802e966cee3e6fc300e578fda1fa39e 243072 gpac_0.5.0+svn5324~dfsg1-1_amd64.deb dd2debefaa97414577b48c10eee42d71f073b940679ee517fea4f2e6f14dbc23 1282166 gpac-dbg_0.5.0+svn5324~dfsg1-1_amd64.deb 34ae7b2a87df6cda7987a8eb91712914719d108937eee7bdea17b4307147a3a2 233226 gpac-modules-base_0.5.0+svn5324~dfsg1-1_amd64.deb fd0f0ba2502a509c27b55ad2ba53a1773295d17cc1a3c70db0dab87da5bc490a 1483986 libgpac3_0.5.0+svn5324~dfsg1-1_amd64.deb d888d5ca3dc786e38753f6e4beb19c73b83fb9b35b26bc14220efc04b86422f0 4834360
Processing of gmerlin_1.2.0~dfsg+1-3_amd64.changes
gmerlin_1.2.0~dfsg+1-3_amd64.changes uploaded successfully to localhost along with the files: gmerlin-data_1.2.0~dfsg+1-3_all.deb gmerlin_1.2.0~dfsg+1-3_amd64.deb gmerlin-plugins-base_1.2.0~dfsg+1-3_amd64.deb gmerlin-dbg_1.2.0~dfsg+1-3_amd64.deb libgmerlin0_1.2.0~dfsg+1-3_amd64.deb libgmerlin-common_1.2.0~dfsg+1-3_amd64.deb libgmerlin-dev_1.2.0~dfsg+1-3_amd64.deb gmerlin_1.2.0~dfsg+1-3.dsc gmerlin_1.2.0~dfsg+1-3.debian.tar.xz Greetings, Your Debian queue daemon (running on host franck.debian.org) ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
gmerlin_1.2.0~dfsg+1-3_amd64.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 31 Jul 2014 17:45:51 +0200 Source: gmerlin Binary: gmerlin gmerlin-plugins-base gmerlin-data gmerlin-dbg libgmerlin0 libgmerlin-common libgmerlin-dev Architecture: source all amd64 Version: 1.2.0~dfsg+1-3 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers pkg-multimedia-maintainers@lists.alioth.debian.org Changed-By: IOhannes m zmölnig (Debian/GNU) umlae...@debian.org Description: gmerlin- multiformat media player gmerlin-data - multiformat media player - data files gmerlin-dbg - debugging symbols for gmerlin gmerlin-plugins-base - gmerlin plugins from the base set libgmerlin-common - core library for gmerlin - common runtime files libgmerlin-dev - core library for gmerlin - development files libgmerlin0 - core library for gmerlin - runtime files Closes: 748164 Changes: gmerlin (1.2.0~dfsg+1-3) unstable; urgency=medium . * Fixed function definition (Closes: #748164) Checksums-Sha1: 82d6907d69ffa366dd63f68a36b0e111d40ffb3a 2852 gmerlin_1.2.0~dfsg+1-3.dsc 8f1c936dd093205918c14f1e9f4d7d1e273a2810 30124 gmerlin_1.2.0~dfsg+1-3.debian.tar.xz 4aa98d19bff0a720ae5c4a9e70a70b27a53637e1 211284 gmerlin-data_1.2.0~dfsg+1-3_all.deb 43800a9722caef4b360437baa6852c0254c6a897 188604 gmerlin_1.2.0~dfsg+1-3_amd64.deb ce2bb2d3e2909ba0d3902079691bc5cffc22003c 250118 gmerlin-plugins-base_1.2.0~dfsg+1-3_amd64.deb f5acc5241cc7977f75c62965b8b9e41a46b8c2d9 2608650 gmerlin-dbg_1.2.0~dfsg+1-3_amd64.deb 0105fe58867a7283d624b58018f96faa0fe9fc12 408288 libgmerlin0_1.2.0~dfsg+1-3_amd64.deb 286264a67667f2f24a7e29ce3e415d2270443c2e 23466 libgmerlin-common_1.2.0~dfsg+1-3_amd64.deb 32e5451b7450a6842a4ec743ee95fb47248e1372 78728 libgmerlin-dev_1.2.0~dfsg+1-3_amd64.deb Checksums-Sha256: 54407249bcf0df8f9488d4bc36b6975e6db19f24d62f9f9bd394cc32d4dd9d21 2852 gmerlin_1.2.0~dfsg+1-3.dsc 039fa038b69afe6e38dbda8b630932603a4f537401301698ce3862ab458395c6 30124 gmerlin_1.2.0~dfsg+1-3.debian.tar.xz 0a3f98b794b6a1de074911d546958581f678afa2997b9cb6bd51af9db9a1 211284 gmerlin-data_1.2.0~dfsg+1-3_all.deb e8fbb486927d023e66d9602e89585923762a4bcb72ec28e7cedd5e4a59b2ca84 188604 gmerlin_1.2.0~dfsg+1-3_amd64.deb 8fb3b140bd2412463226ce105ed99bf650a97f7aa5d8d7f68d806e18f5774e68 250118 gmerlin-plugins-base_1.2.0~dfsg+1-3_amd64.deb 9245080abe03b5e34b74f46db9a483be3ecb7fc76e113d3d2a85f8fd7985a292 2608650 gmerlin-dbg_1.2.0~dfsg+1-3_amd64.deb 8ed5bb4c4991f006059911bd3f04f6208ce5da672e47f2d8d681b6694d9920cd 408288 libgmerlin0_1.2.0~dfsg+1-3_amd64.deb bd48fe495988dbe168a938008cf1f23b74288c06119e45d2eb0d1ff2e4e3a26c 23466 libgmerlin-common_1.2.0~dfsg+1-3_amd64.deb db4fc5d8cd92148a2f83d6103718365f9bfd365dcc7ab0073ced4ad51a8f9fd3 78728 libgmerlin-dev_1.2.0~dfsg+1-3_amd64.deb Files: 5f0534f0a49f989f827e251a33bea178 211284 sound optional gmerlin-data_1.2.0~dfsg+1-3_all.deb 70c2afb828fef9efefbcd293285db1bb 188604 sound optional gmerlin_1.2.0~dfsg+1-3_amd64.deb 235bb61b7c3d214dfbc3b8884a59b12e 250118 sound optional gmerlin-plugins-base_1.2.0~dfsg+1-3_amd64.deb 1648c0ea9d1f448de533df4c602b2477 2608650 debug extra gmerlin-dbg_1.2.0~dfsg+1-3_amd64.deb 4469044642e3a8b067ff1df8cc0e7879 408288 libs optional libgmerlin0_1.2.0~dfsg+1-3_amd64.deb 3437fac91376828871b88ba5254ccf7c 23466 libs optional libgmerlin-common_1.2.0~dfsg+1-3_amd64.deb a5e7f86a4c3df966e8857f2eb6cd8a38 78728 libdevel optional libgmerlin-dev_1.2.0~dfsg+1-3_amd64.deb ac28a09f6896c1adad71445bb8758b39 2852 sound optional gmerlin_1.2.0~dfsg+1-3.dsc aa059da9cc0ef11ad2a6834fe411bcb8 30124 sound optional gmerlin_1.2.0~dfsg+1-3.debian.tar.xz -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJT2mhNAAoJELZQGcR/ejb491QP/jX4B8VgxX83k1RdAFhTwJmq AklpDxFIEdnTfbtv1RWxsPJNcR1SjMgdzyJKppfLhjBAMoCZUA4BQLOXnY8aya5B 6b74oJEUmWComyJh5bIM92rE+N7XRlRIUNfYx4KrVh6J8tFzuPIz3r68gfN7hDX9 WvSuSUGG3EbrM7ANSaw+iXVzy/0SlDCXAWyGSYP3cDfB5h9x4mqLpYoiosQWo8Z3 cKEoXdrZgx5nbCsKRJNVXo8zQlSNvZoK4VPj7ADTzzpDkESJj7BQsjn/dvpdS2zp ooEdyEIypQXN1YkRf+AILk2xiF0J3LNfBFNTxTxVGoQ1a5BQmhbxt/h2ebQ5NPbh EYkTrWH+JamOkINHfP0prdUurVP/X4053Z9q4aeKqIJuabFtAJIUJdFN7EJ0JiWA TiJUnRoOLc1wDYIV2aSCrKIcOA+rTIA4Nwz9WSJxtDshXiBzFHOTPUPvOnm1mvoE MWfV1kaMlvHxaG4d8TCMBhn4R18N0swAGiofnaKeKi3+hNUgccYRam5ItgAZuQWw GtDCcnbhBWfntbPiV040MXEAZU/ioAqoN4HXPvNmTXSGOX7lKy0rYXcXWGovlI4H iNrBo0ElBon9ukfLHEEGRZCZ/p25S2RIbYU+hLpMAdEr1awVsglcDwb96pYUviIH H0DeyJ/18+uv57KNvh+B =Z1ZQ -END PGP SIGNATURE- Thank you for your contribution to Debian. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#748164: marked as done (Function declaration without parameter type list shadows risk of stack underflow)
Your message dated Thu, 31 Jul 2014 16:19:18 + with message-id e1xct4y-0005ke...@franck.debian.org and subject line Bug#748164: fixed in gmerlin 1.2.0~dfsg+1-3 has caused the Debian Bug report #748164, regarding Function declaration without parameter type list shadows risk of stack underflow to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 748164: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748164 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: gmerlin Version: 1.2.0~dfsg+1-1 Severity: wishlist Usertags: goto-cc During an analysis of all packages using our research compiler tool-chain (using tools from the cbmc package) the following error was found: The declaration of bg_transcoder_track_get_general_parameters in transcoder_track.h http://sources.debian.net/src/gmerlin/1.2.0~dfsg+1-1/include/gmerlin/transcoder_track.h?hl=122#L122 shadows the fact that bg_transcoder_track_get_general_parameters actually requires an argument: http://sources.debian.net/src/gmerlin/1.2.0~dfsg+1-1/lib/transcoder_track.c?hl=1437#L1437 Yet none is provided with the call in transcoder_window_preferences: http://sources.debian.net/src/gmerlin/1.2.0~dfsg+1-1/apps/transcoder/transcoder_window.c?hl=1295#L1295 As, however, the argument isn't used code might execute correctly at present. To avoid the risk of undefined behaviour the definition of bg_transcoder_track_get_general_parameters should be fixed. Best, Michael pgp1mzWv7gUeJ.pgp Description: PGP signature ---End Message--- ---BeginMessage--- Source: gmerlin Source-Version: 1.2.0~dfsg+1-3 We believe that the bug you reported is fixed in the latest version of gmerlin, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 748...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. IOhannes m zmölnig (Debian/GNU) umlae...@debian.org (supplier of updated gmerlin package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 31 Jul 2014 17:45:51 +0200 Source: gmerlin Binary: gmerlin gmerlin-plugins-base gmerlin-data gmerlin-dbg libgmerlin0 libgmerlin-common libgmerlin-dev Architecture: source all amd64 Version: 1.2.0~dfsg+1-3 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers pkg-multimedia-maintainers@lists.alioth.debian.org Changed-By: IOhannes m zmölnig (Debian/GNU) umlae...@debian.org Description: gmerlin- multiformat media player gmerlin-data - multiformat media player - data files gmerlin-dbg - debugging symbols for gmerlin gmerlin-plugins-base - gmerlin plugins from the base set libgmerlin-common - core library for gmerlin - common runtime files libgmerlin-dev - core library for gmerlin - development files libgmerlin0 - core library for gmerlin - runtime files Closes: 748164 Changes: gmerlin (1.2.0~dfsg+1-3) unstable; urgency=medium . * Fixed function definition (Closes: #748164) Checksums-Sha1: 82d6907d69ffa366dd63f68a36b0e111d40ffb3a 2852 gmerlin_1.2.0~dfsg+1-3.dsc 8f1c936dd093205918c14f1e9f4d7d1e273a2810 30124 gmerlin_1.2.0~dfsg+1-3.debian.tar.xz 4aa98d19bff0a720ae5c4a9e70a70b27a53637e1 211284 gmerlin-data_1.2.0~dfsg+1-3_all.deb 43800a9722caef4b360437baa6852c0254c6a897 188604 gmerlin_1.2.0~dfsg+1-3_amd64.deb ce2bb2d3e2909ba0d3902079691bc5cffc22003c 250118 gmerlin-plugins-base_1.2.0~dfsg+1-3_amd64.deb f5acc5241cc7977f75c62965b8b9e41a46b8c2d9 2608650 gmerlin-dbg_1.2.0~dfsg+1-3_amd64.deb 0105fe58867a7283d624b58018f96faa0fe9fc12 408288 libgmerlin0_1.2.0~dfsg+1-3_amd64.deb 286264a67667f2f24a7e29ce3e415d2270443c2e 23466 libgmerlin-common_1.2.0~dfsg+1-3_amd64.deb 32e5451b7450a6842a4ec743ee95fb47248e1372 78728 libgmerlin-dev_1.2.0~dfsg+1-3_amd64.deb Checksums-Sha256: 54407249bcf0df8f9488d4bc36b6975e6db19f24d62f9f9bd394cc32d4dd9d21 2852 gmerlin_1.2.0~dfsg+1-3.dsc 039fa038b69afe6e38dbda8b630932603a4f537401301698ce3862ab458395c6 30124 gmerlin_1.2.0~dfsg+1-3.debian.tar.xz 0a3f98b794b6a1de074911d546958581f678afa2997b9cb6bd51af9db9a1 211284 gmerlin-data_1.2.0~dfsg+1-3_all.deb e8fbb486927d023e66d9602e89585923762a4bcb72ec28e7cedd5e4a59b2ca84 188604 gmerlin_1.2.0~dfsg+1-3_amd64.deb
fdk-aac 0.1.3-1 MIGRATED to testing
FYI: The status of the fdk-aac source package in Debian's testing distribution has changed. Previous version: 0.1.2-1 Current version: 0.1.3-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
libav 6:10.2-2 MIGRATED to testing
FYI: The status of the libav source package in Debian's testing distribution has changed. Previous version: 6:10.2-1 Current version: 6:10.2-2 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
yafaray-exporter REMOVED from testing
FYI: The status of the yafaray-exporter source package in Debian's testing distribution has changed. Previous version: 0.1.2+really0.1.2~beta5-3 Current version: (not in testing) Hint: Package not in unstable The script that generates this mail tries to extract removal reasons from comments in the britney hint files. Those comments were not originally meant to be machine readable, so if the reason for removing your package seems to be nonsense, it is probably the reporting script that got confused. Please check the actual hints file before you complain about meaningless removals. -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#756648: mplayer2: add support for ppc64el
Package: mplayer2
Version: 2.0-728-g2c378c7-2
Severity: normal
Tags: patch
User: debian-powe...@lists.debian.org
Usertags: ppc64el
Dear Maintainer,
Currently mplayer2 doesn't built on ppc64el because this architecture/processor
is not known by the configure script, causing the following failure:
Error: unsupported architecture UNKNOWN
The architecture of your CPU (UNKNOWN) is not supported by this
configure script
It seems nobody has ported MPlayer to your OS or CPU type yet.
Check config.log if you do not understand why it failed.
make[1]: *** [override_dh_auto_configure] Error 1
make[1]: Leaving directory `/«PKGBUILDDIR»'
make: *** [build] Error 2
dpkg-buildpackage: error: debian/rules build gave error exit status 2
This patch simply add ppc64le as a ppc64 architecture. It enable the package to
be built from source on ppc64el then.
Thank you
Breno
Index: mplayer2-2.0-728-g2c378c7/configure
===
--- mplayer2-2.0-728-g2c378c7.orig/configure
+++ mplayer2-2.0-728-g2c378c7/configure
@@ -222,7 +222,7 @@ x86() {
ppc() {
case $host_arch in
-ppc|ppc64|powerpc|powerpc64) return 0;;
+ppc|ppc64le|ppc64|powerpc|powerpc64) return 0;;
*) return 1;;
esac
}
@@ -1098,6 +1098,7 @@ if test -z $_target ; then
ia64) host_arch=ia64 ;;
macppc|ppc) host_arch=ppc ;;
ppc64) host_arch=ppc64 ;;
+ ppc64le) host_arch=ppc64 ;;
alpha) host_arch=alpha ;;
sparc) host_arch=sparc ;;
sparc64) host_arch=sparc64 ;;
@@ -1764,12 +1765,12 @@ case $host_arch in
iproc='sh4'
;;
- ppc|ppc64|powerpc|powerpc64)
+ ppc|ppc64|ppc64le|powerpc|powerpc64)
arch='ppc'
def_fast_unaligned='#define HAVE_FAST_UNALIGNED 1'
iproc='ppc'
-if test $host_arch = ppc64 -o $host_arch = powerpc64 ; then
+if test $host_arch = ppc64 -o $host_arch = ppc64le -o $host_arch = powerpc64 ; then
subarch='ppc64'
def_fast_64bit='#define HAVE_FAST_64BIT 1'
fi
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#756648: (no subject)
Patch also sent upstream: http://devel.mplayer2.org/ticket/267 ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
xbmc is marked for autoremoval from testing
xbmc 2:13.1~rc1+dfsg1-1 is marked for autoremoval from testing on 2014-08-31 It is affected by these RC bugs: 755121: xbmc: FTBFS: error: 'CLIENT' has not been declared ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
xbmc-pvr-addons is marked for autoremoval from testing
xbmc-pvr-addons 13.0+git20140512+g91cc731+dfsg1-1 is marked for autoremoval from testing on 2014-08-31 It (build-)depends on packages with these RC bugs: 755121: xbmc: FTBFS: error: 'CLIENT' has not been declared ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
hello
my name is ming yang,i work with Hang Seng Bank Ltd Hong Kong.i want you to be the next of kin of my late client late Gen. Aadel Akgaal, respond ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
