Please unblock remctl 2.2-3 (security)

[Russ Allbery]

In internal testing, I discovered a long-standing logic bug in remctl (a
client/server system for remote Kerberos-authenticated command execution)
that would cause the server to treat a non-existant ACL file as
authorization success, allowing any authenticated user to execute the
command supposedly protected by that missing ACL file.

In normal operation, all the ACL files referred to in the remctld
configuration obviously exist, but given how easy of a mistake this is to
make, I think this warrants a security update to the version in etch.  The
version in stable is not affected.

I've just now uploaded 2.2-3 packages with the minimal fix (the current
upstream version is 2.6) with urgency high.  Attached is a diff.  Assuming
that it builds properly on all arches, could you unblock?

Thanks!

diff -u remctl-2.2/debian/changelog remctl-2.2/debian/changelog
--- remctl-2.2/debian/changelog
+++ remctl-2.2/debian/changelog
@@ -1,3 +1,17 @@
+remctl (2.2-3) unstable; urgency=high
+
+  * Remove extraneous changes to Automake files.
+
+ -- Russ Allbery <[EMAIL PROTECTED]>  Sat,  3 Feb 2007 23:42:05 -0800
+
+remctl (2.2-2) unstable; urgency=high
+
+  * SECURITY: Apply upstream patch to prevent a non-existent ACL file from
+being considered authorization success instead of failure.
+  * Build-depend on and run quilt to apply the patch.
+
+ -- Russ Allbery <[EMAIL PROTECTED]>  Sat,  3 Feb 2007 23:21:02 -0800
+
 remctl (2.2-1) unstable; urgency=low
 
   * New upstream release.
diff -u remctl-2.2/debian/control remctl-2.2/debian/control
--- remctl-2.2/debian/control
+++ remctl-2.2/debian/control
@@ -2,7 +2,7 @@
 Section: net
 Priority: optional
 Maintainer: Russ Allbery <[EMAIL PROTECTED]>
-Build-Depends: debhelper (>= 4.0.0), libkrb5-dev
+Build-Depends: debhelper (>= 4.0.0), libkrb5-dev, quilt (>= 0.40)
 Standards-Version: 3.7.2
 
 Package: libremctl1
diff -u remctl-2.2/debian/rules remctl-2.2/debian/rules
--- remctl-2.2/debian/rules
+++ remctl-2.2/debian/rules
@@ -3,6 +3,9 @@
 # GNU copyright 1997 to 1999 by Joey Hess.
 # Further updates by Russ Allbery <[EMAIL PROTECTED]>
 
+# Use quilt to manage patches.
+include /usr/share/quilt/quilt.make
+
 # Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
 
@@ -32,13 +35,13 @@
--enable-reduced-depends $(SYSTEM)
 
 build: build-stamp
-build-stamp: config.status
+build-stamp: patch config.status
dh_testdir
$(MAKE)
$(MAKE) check
touch build-stamp
 
-clean:
+clean: unpatch
dh_testdir
dh_testroot
rm -f build-stamp
only in patch2:
unchanged:
--- remctl-2.2.orig/debian/patches/missing-acl
+++ remctl-2.2/debian/patches/missing-acl
@@ -0,0 +1,63 @@
+Index: server/config.c
+===
+--- server/config.c(revision 2963)
 server/config.c(working copy)
+@@ -367,7 +367,7 @@
+ return 1;
+ for (i = 0; acls[i] != NULL; i++) {
+ status = acl_check_file((void *) user, acls[i]);
+-if (status != -1)
++if (status == 0)
+ return 1;
+ }
+ return 0;
+Index: tests/data/simple.conf
+===
+--- tests/data/simple.conf (revision 2963)
 tests/data/simple.conf (working copy)
+@@ -2,5 +2,6 @@
+ test status data/cmd-status ANYUSER
+ test nonexistant data/cmd-nonexistant ANYUSER
+ test noauth data/cmd-hello data/acl-nonexistant
++test noacl data/cmd-hello data/acl-no-such-file
+ test streaming data/cmd-streaming ANYUSER
+ test env data/cmd-env ANYUSER
+Index: tests/client/remctl-t
+===
+--- tests/client/remctl-t  (revision 2963)
 tests/client/remctl-t  (working copy)
+@@ -54,7 +54,7 @@
+ }
+ 
+ # Print the number of tests.
+-echo 7
++echo 8
+ 
+ # Find the client program.
+ if [ -f ../data/test.keytab ] ; then
+@@ -65,7 +65,7 @@
+ fi
+ fi
+ if [ ! -f data/test.keytab ] ; then
+-for n in 1 2 3 4 5 6 7 ; do
++for n in 1 2 3 4 5 6 7 8 ; do
+ echo ok $n \# skip -- no Kerberos configuration
+ done
+ exit 0
+@@ -100,7 +100,7 @@
+ kill -HUP `cat data/pid`
+ fi
+ rm -f data/pid
+-for n in 1 2 3 4 5 6 7 ; do
++for n in 1 2 3 4 5 6 7 8 ; do
+ echo ok $n \# skip -- no Kerberos configuration
+ done
+ exit 0
+@@ -117,6 +117,7 @@
+ runfailure 1 "" test status 1
+ runfailure 2 "" test status 2
+ runfailure 255 "Access denied" test noauth
++runfailure 255 "Access denied" test noacl
+ runfailure 1 "" test nonexistant
+ runfailure 255 "Unknown command" test bad-command
+ 
only in patch2:
unchanged:
--- remctl-2.2.orig/debian/patches/series
+++ remctl-2.2/debian/patches/series
@@ -0,0 +1 @@
+missing-acl -p0

-- 
Russ Allbery ([EMAIL PROTECTED])   


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: egroupware for etch

[Steve Langasek]

On Sun, Jan 28, 2007 at 06:14:48PM +0100, Peter Eisentraut wrote:
> Please approve egroupware 1.2.106-2.dfsg-1 for etch.  This is a 
> maintenance release over what is currently in etch, and it is required 
> to be able to use PHP 5 and/or PostgreSQL 8.1.

On Tue, Jan 30, 2007 at 03:14:21PM +, Neil McGovern wrote:
> FWIW:

> addressbook/inc/import/Import_from_Horde seems new, as does a big move
> to the way the database object (bomydms) is handled, meaning that most
> (all?) of the database calls have been re-written.

> Aka:
>  86 files changed, 2862 insertions(+), 2042 deletions(-)

> I've had a look through the debdiff and can't se anything that stands
> out as a regression, but with a complete change of the database handling
> functions, I'm not sure that there won't be any problems.

Yes, I'm afraid I can't view this as a routine "maintenance release" with
changes of this scope, and don't believe it's appropriate to allow this
update into etch at this point of the freeze.

> Prehaps just the patches for php5.2 could be applied.

I would accept that for consideration via t-p-u, along with the added
debconf translation.

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
[EMAIL PROTECTED]   http://www.debian.org/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

please allow comix 3.6.2-1

[Emfox Zhou]

It's a documentation only release.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Permission to upload gnat-4.1 with 3 new binary packages?

[Ludovic Brenta]

Luk Claes writes:
> Ludovic Brenta wrote:
>> The uploaded gnat-4.1 has been in unstable for 10 days with no new
>> bugs reported.  Please allow it to migrate to testing, if not already
>> unblocked.  Thanks.
>
> Can you in short explain the huge differences below?

The build scripts for gnat-4.1 are the same as for gcc-4.1 and
gcj-4.1; their behaviour depends on the source package name as defined
in the first changelog entry.  We do not upload all three source
packages whenever the upload number changes, because not all changes
are relevant to all three packages.  The latest uploads were:

4.1.1-17  gcc  gcj
4.1.1-18  gcc
4.1.1-19  gcc  gnat
4.1.1-20  gcc  gcj
4.1.1-21  gcc
4.1.1-22   gnat

The rest is details... what you see are really the differences between
-19 and -22, and they include many things unrelated to Ada and which
do not affect the binary packages at all.  For example, we do not
apply the updated Java, Objective-C or Objective-C++ patches when
building gnat-4.1; nor do we apply the new m68k patches, since
gnat-4.1 doesn't support m68k.

svn-updates.dpatch deserves a separate explanation.  You will note
that that file contains the bulk of the changes.  It regularly tracks
the upstream gcc 4.1 branch and contains regression fixes only.  The
latest change to this file was made in -20, and is already in gcc-4.1
and gcj-4.1 in testing.  With this new upload, gnat-4.1 merely catches
up.  No changes in this patch affect the Ada front-end or library.

The files really affecting this new upload are those marked with *
below.  They contain the changes described in the changelog, and which
you (I mean the release managers) approved.

   (void)  |207746 
+---
   debian/patches/libjava-backport3.dpatch | 3739
   debian/patches/libjava-sjlj.dpatch  |   65
   debian/patches/m68k-bitfield-offset.dpatch  |  192
   debian/patches/m68k-noautoinc-setjmp.dpatch |   47
   debian/patches/pr29805.dpatch   |   47
   debian/rules.d/binary-libobjc-cross.mk  |  117
   debian/rules.d/binary-objc-cross.mk |   60
   debian/rules.d/binary-objcxx-cross.mk   |   35
*  gnat-4.1-4.1.1/debian/README.Debian |   75
*  gnat-4.1-4.1.1/debian/changelog |   42
*  gnat-4.1-4.1.1/debian/control   |   40
*  gnat-4.1-4.1.1/debian/control.m4|   62
   gnat-4.1-4.1.1/debian/patches/hurd-changes.dpatch   |   57
   gnat-4.1-4.1.1/debian/patches/m68k-fpcompare.dpatch |   22
*  gnat-4.1-4.1.1/debian/patches/svn-updates.dpatch|174543 +---
   gnat-4.1-4.1.1/debian/rules.conf|4
*  gnat-4.1-4.1.1/debian/rules.d/binary-ada.mk |   48
   gnat-4.1-4.1.1/debian/rules.defs|4
   gnat-4.1-4.1.1/debian/rules.parameters  |8
   gnat-4.1-4.1.1/debian/rules.patch   |7
   gnat-4.1-4.1.1/debian/rules2|   11
   22 files changed, 199708 insertions(+), 187263 deletions(-)

PS.  How did you generate this report?  Why are some files reported
under debian/ and others under gnat-4.1-4.1.1/debian/?  How should I
read the numbers and the + or - signs on the right?

-- 
Ludovic Brenta.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: please unblock ejabberd

[Luk Claes]

Torsten Werner wrote:
> Hi,
> 
> 
> version 1.1.2-5 fixes a security hole described at
> http://ejabberd.jabber.ru/ejabberd-1.1.3 . Users of the ejabberd's
> default configuration in version 1.1.2-4 are not affected by the
> problem. The fix has been backported from upstream version 1.1.3 and
> is very small.

Unblocked.

Cheers

Luk

-- 
Luk Claes - http://people.debian.org/~luk - GPG key 1024D/9B7C328D
Fingerprint:   D5AF 25FB 316B 53BB 08E7   F999 E544 DE07 9B7C 328D



signature.asc
Description: OpenPGP digital signature

Re: Permission to upload gnat-4.1 with 3 new binary packages?

[Luk Claes]

Ludovic Brenta wrote:
> The uploaded gnat-4.1 has been in unstable for 10 days with no new
> bugs reported.  Please allow it to migrate to testing, if not already
> unblocked.  Thanks.

Can you in short explain the huge differences below?

 (void)  |207746 
+---
 debian/patches/libjava-backport3.dpatch | 3739
 debian/patches/libjava-sjlj.dpatch  |   65
 debian/patches/m68k-bitfield-offset.dpatch  |  192
 debian/patches/m68k-noautoinc-setjmp.dpatch |   47
 debian/patches/pr29805.dpatch   |   47
 debian/rules.d/binary-libobjc-cross.mk  |  117
 debian/rules.d/binary-objc-cross.mk |   60
 debian/rules.d/binary-objcxx-cross.mk   |   35
 gnat-4.1-4.1.1/debian/README.Debian |   75
 gnat-4.1-4.1.1/debian/changelog |   42
 gnat-4.1-4.1.1/debian/control   |   40
 gnat-4.1-4.1.1/debian/control.m4|   62
 gnat-4.1-4.1.1/debian/patches/hurd-changes.dpatch   |   57
 gnat-4.1-4.1.1/debian/patches/m68k-fpcompare.dpatch |   22
 gnat-4.1-4.1.1/debian/patches/svn-updates.dpatch|174543 +---
 gnat-4.1-4.1.1/debian/rules.conf|4
 gnat-4.1-4.1.1/debian/rules.d/binary-ada.mk |   48
 gnat-4.1-4.1.1/debian/rules.defs|4
 gnat-4.1-4.1.1/debian/rules.parameters  |8
 gnat-4.1-4.1.1/debian/rules.patch   |7
 gnat-4.1-4.1.1/debian/rules2|   11
 22 files changed, 199708 insertions(+), 187263 deletions(-)

Cheers

Luk

-- 
Luk Claes - http://people.debian.org/~luk - GPG key 1024D/9B7C328D
Fingerprint:   D5AF 25FB 316B 53BB 08E7   F999 E544 DE07 9B7C 328D



signature.asc
Description: OpenPGP digital signature

Re: Please (re)unblock xulrunner 1.8.0.9-1

[Luk Claes]

Mike Hommey wrote:
> Hi,
> 
> I don't know what happened, but there used to be a unblock hint put by
> aba on xulrunner 1.8.0.9, and now it has finally been built on arm, it
> can't migrate to testing because... there is no unblock hint.
> 
> Could you unblock it ?

aba moved it back as discussed earlier on IRC. In the meantime xulrunner
migrated to testing :-)

Cheers

Luk

-- 
Luk Claes - http://people.debian.org/~luk - GPG key 1024D/9B7C328D
Fingerprint:   D5AF 25FB 316B 53BB 08E7   F999 E544 DE07 9B7C 328D



signature.asc
Description: OpenPGP digital signature

Re: Please unblock efingerd 1.6.2.5

[Luk Claes]

Christian Perrier wrote:
> Dear release team,
> 
> I have just uploaded a NMU of efingerd, to fix its pending l10n
> issues (and, if needed, very minor QA issues).
> 
> Could you consider hinting it to enter testing?

Unblocked.

Cheers

Luk

-- 
Luk Claes - http://people.debian.org/~luk - GPG key 1024D/9B7C328D
Fingerprint:   D5AF 25FB 316B 53BB 08E7   F999 E544 DE07 9B7C 328D



signature.asc
Description: OpenPGP digital signature

Re: Unfreeze a couple of packages

[Luk Claes]

Ola Lundqvist wrote:
> Hi
> 
> I would like you to unfreeze a couple of packages:
> 
> Important:
> * kernel-patch-openvz

> Not really important but good:
> * horde3

> * debarchiver

> * vzctl

All unblocked.

Cheers

Luk

-- 
Luk Claes - http://people.debian.org/~luk - GPG key 1024D/9B7C328D
Fingerprint:   D5AF 25FB 316B 53BB 08E7   F999 E544 DE07 9B7C 328D



signature.asc
Description: OpenPGP digital signature

Re: Please Hint gpaint

[Luk Claes]

Goedson Teixeira Paixao wrote:
> Em Sex, 2007-02-02 às 23:20 +0100, Luk Claes escreveu:
>> Please remove the autom4te.cache directory from the patch.
> 
> Done. I've just uploaded gpaint 0.2.4+0.3.0pre5-4 to Sid.

Unblocked.

Cheers

Luk

PS: I don't like language (code) lists to be static as one can easily forget
to activate a translation. This is just a general remark, no need to fix this
for etch :-)

-- 
Luk Claes - http://people.debian.org/~luk - GPG key 1024D/9B7C328D
Fingerprint:   D5AF 25FB 316B 53BB 08E7   F999 E544 DE07 9B7C 328D



signature.asc
Description: OpenPGP digital signature

Re: hint for squashfs 3.2r2?

[Steve Langasek]

On Sat, Feb 03, 2007 at 12:43:29PM +0100, Arnaud Fontaine wrote:

> I have prepared squashfs 3.2r2 package  and I wonder if the new upstream
> release of squashfs  could be hinted for testing.  This release includes
> some importants fixes as mentioned in the CHANGES file:

>   [...]
>   4.  Squashfs  kernel code  has  been  hardened  against accidently  or
>  maliciously corrupted Squashfs filesystems.
>   [...]
>   5. Race condition occurring on S390 in readpage() fixed.
>   6. Odd behaviour of MIPS memcpy in read_data() routine worked-around.
>   7. Missing cache_flush in Squashfs symlink_readpage() added.

That's not something we would decide based just on a description of the
changes; accepting this would depend on how intrusive the upstream diff
actually is.

Thanks,
-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
[EMAIL PROTECTED]   http://www.debian.org/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

please unblock ejabberd

[Torsten Werner]

Hi,


version 1.1.2-5 fixes a security hole described at
http://ejabberd.jabber.ru/ejabberd-1.1.3 . Users of the ejabberd's
default configuration in version 1.1.2-4 are not affected by the
problem. The fix has been backported from upstream version 1.1.3 and
is very small.


Thanks,
Torsten


--
blog: http://twerner.blogspot.com/
homepage: http://www.twerner42.de/


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Permission to upload gnat-4.1 with 3 new binary packages?

[Ludovic Brenta]

The uploaded gnat-4.1 has been in unstable for 10 days with no new
bugs reported.  Please allow it to migrate to testing, if not already
unblocked.  Thanks.

-- 
Ludovic Brenta.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Please (re)unblock xulrunner 1.8.0.9-1

[Mike Hommey]

Hi,

I don't know what happened, but there used to be a unblock hint put by
aba on xulrunner 1.8.0.9, and now it has finally been built on arm, it
can't migrate to testing because... there is no unblock hint.

Could you unblock it ?

Mike

PS: note there WILL be another upload, but it will be easier to review
if you compare it with the version currently in sid ;)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Unfreeze a couple of packages

[Ola Lundqvist]

Hi

I would like you to unfreeze a couple of packages:

Important:
* kernel-patch-openvz
Updated package to suite 2.6.18.dfsg.1-9 version of the linux source.
Updated package to suite 2.6.18.dfsg.1-10 version of the linux source.

Not really important but good:
* horde3
Recommend php-db (closes: #400277)
* debarchiver
Correction of logcheck location issue, closes: #408483.
Correction of French translation for index option, closes: #409301.
* vzctl
Correction of README file.

Regards,

// Ola

-- 
 - Ola Lundqvist ---
/  [EMAIL PROTECTED] Annebergsslingan 37  \
|  [EMAIL PROTECTED] 654 65 KARLSTAD  |
|  +46 (0)54-10 14 30  +46 (0)70-332 1551   |
|  http://opalsys.net/ UIN/icq: 4912500 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Please update ttf-dejavu

[Davide Viti]

Hi All,

On Sat, Feb 03, 2007 at 11:37:23AM +0100, Frans Pop wrote:
> On Saturday 03 February 2007 09:28, Frans Pop wrote:
> > So, no, I don't think dejavu should be hinted yet. I'd like to see a
> > bit more activity from the font people to check how things look _in_
> > the graphical installer first.
> 
> I just noticed that the base size for ar and fa has increased too.
> 
> Hmm. It is even increased for dz and hi, which are from different fonts. 
> Could it be that these size increases are only due to the increased font 
> size in the installer, and not at all to changes in dejavu? In that case 
> it would be good if the screenshots for 13 could be updated using a 
> current installer for better comparison.
> It would also mean that Christian's argument regarding the improvement for 
> bn is invalid.

When taking the latest screenshots I've integrated the gtk-set-font
script currently used in g-i which changes default fontsize for some
languages (bn, ar, fa and other languages); this has nothing to do
with ttf-dejavu itself.
As suggeste by Frans on IRC, I've just created new screenshots for dejavu 2.13
using this new per-language size change, so that comparison makes more sense:

http://d-i.alioth.debian.org/gtk-frontend/screenshots/20070203_dejavu2.13
http://d-i.alioth.debian.org/gtk-frontend/screenshots/20070202_dejavu2.14

> The problem with accents seems to be a more general regression. Compare 
> also for example the accented y and N characters for be. These look fuzzy 
> in 14 when compared to 13. (For the y the accent is centered better 
> though.)
> Same goes for r, e and s for cs.
> 
> IMHO this should be fixed.

I'll get in touch with upstream and hopefully come up with a patch ASAP:
will post some news here in a couple of days and let you know how things 
evolve (will also file BRs to tack things more clearly).

regards,
Davide


signature.asc
Description: Digital signature

Re: Please Hint gpaint

[Goedson Teixeira Paixao]

Em Sex, 2007-02-02 às 23:20 +0100, Luk Claes escreveu:
> Please remove the autom4te.cache directory from the patch.

Done. I've just uploaded gpaint 0.2.4+0.3.0pre5-4 to Sid.

-- 
Goedson Teixeira Paixao  http://mundolivre.wordpress.com/
Debian Project   http://www.debian.org/
Jabber ID: [EMAIL PROTECTED]http://www.jabber.org/



signature.asc
Description: Esta é uma parte de mensagem	assinada digitalmente

Re: [Debian-arabic-packages] Re: Request to include to l10n packages in Etch

[Alan Baghumian]

Hi,

I prefer to have latest aspell-fa and also aspell-hy ;-) in Etch.

Alan

On 02/03/2007 03:34:47 PM, Lior Kaplan wrote:

Frans Pop wrote:
> On Saturday 03 February 2007 10:43, Lior Kaplan wrote:
>> aspell-ar-large - 49 days in unstable, not present in Etch.
>> ttf-freefarsi - 50 days in unstable, not preset in Etch.
>
> What about ttf-farsiweb? Should that be migrated as well?

It would be nice to have the latest version of ttf-farsiweb in Etch,
but
that's still a "nice to have" and not a must. Same for aspell-fa.

--

Lior Kaplan
[EMAIL PROTECTED]

GPG fingerprint:
C644 D0B3 92F4 8FE4 4662  B541 1558 9445 99E8 1DA0

___
Debian-arabic-packages mailing list
[EMAIL PROTECTED]
http://lists.alioth.debian.org/mailman/listinfo/debian-arabic-packages

Re: Bug#409448: lua-posix: FTBFS: unmet build dep lua5.1-policy-dev(inst 6 ! >= wanted 7)

[Enrico Tassi]

On Sat, Feb 03, 2007 at 11:48:10AM +0100, Lucas Nussbaum wrote:
> Package: lua-posix
> Version: 1.0-4
> Severity: serious
> Usertags: grid5000 rebuild
> 
> After installing, the following source dependencies are still
> unsatisfied:
> lua5.1-policy-dev(inst 6 ! >= wanted 7)
> Source-dependencies not satisfied; skipping lua-posix

I know that, and I've already pointed this out here:
http://lists.debian.org/debian-release/2007/01/msg01287.html

I can t-p-u the previous version (the one that was in testing and
compiles against policy version 6) that divvers essentially in 3 lines:
the build dependency and a one line patch for the test file.

I'm waiting news from the RM team.

Cheers.
-- 
Enrico Tassi


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Please unblock efingerd 1.6.2.5

[Christian Perrier]

Dear release team,

I have just uploaded a NMU of efingerd, to fix its pending l10n
issues (and, if needed, very minor QA issues).

Could you consider hinting it to enter testing?

The NMU changelog is:


Source: efingerd
Version: 1.6.2.5
Distribution: unstable
Urgency: low
Maintainer: Christian Perrier <[EMAIL PROTECTED]>
Date: Sat,  3 Feb 2007 16:52:14 +0100
Closes: 339942 343860 39 393348 402304
Changes: 
 efingerd (1.6.2.5) unstable; urgency=low
 .
   * Non-maintainer upload to fix pending l10n issues.
   * Debconf templates translations:
 - Portuguese
 - Spanish. Closes: #402304
 - German. Closes: #393348
 - Swedish. Closes: #343860
   * Lintian/piuparts fixes:
 - Remove the log file on purge. Closes: #339942
   * Remove the abusive debconf note and move its text to README.Debian
 Closes: #39

-- 




signature.asc
Description: Digital signature

Re: Pease unblock post-faq/0.10-17

[Luk Claes]

Roland Rosenfeld wrote:
> Hi release managers!
> 
> Please unblock post-faq/0.10-17, because its only change is the update
> of debconf es.po:
> 
> post-faq (0.10-17) unstable; urgency=low

Unblocked.

Cheers

Luk

-- 
Luk Claes - http://people.debian.org/~luk - GPG key 1024D/9B7C328D
Fingerprint:   D5AF 25FB 316B 53BB 08E7   F999 E544 DE07 9B7C 328D



signature.asc
Description: OpenPGP digital signature

Re: Request to include to l10n packages in Etch

[Lior Kaplan]

Frans Pop wrote:
> On Saturday 03 February 2007 10:43, Lior Kaplan wrote:
>> aspell-ar-large - 49 days in unstable, not present in Etch.
>> ttf-freefarsi - 50 days in unstable, not preset in Etch.
> 
> What about ttf-farsiweb? Should that be migrated as well?

It would be nice to have the latest version of ttf-farsiweb in Etch, but
that's still a "nice to have" and not a must. Same for aspell-fa.

-- 

Lior Kaplan
[EMAIL PROTECTED]

GPG fingerprint:
C644 D0B3 92F4 8FE4 4662  B541 1558 9445 99E8 1DA0


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Pease unblock post-faq/0.10-17

[Roland Rosenfeld]

Hi release managers!

Please unblock post-faq/0.10-17, because its only change is the update
of debconf es.po:

post-faq (0.10-17) unstable; urgency=low

  * Update debconf es.po, thanks to Venturi Debian <[EMAIL PROTECTED]>
(Closes: #408740).

 -- Roland Rosenfeld <[EMAIL PROTECTED]>  Sun, 28 Jan 2007 10:31:32 +0100

Tscho

Roland


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

hint for squashfs 3.2r2?

[Arnaud Fontaine]

Hello,

I have prepared squashfs 3.2r2 package  and I wonder if the new upstream
release of squashfs  could be hinted for testing.  This release includes
some importants fixes as mentioned in the CHANGES file:

  [...]
  4.  Squashfs  kernel code  has  been  hardened  against accidently  or
 maliciously corrupted Squashfs filesystems.
  [...]
  5. Race condition occurring on S390 in readpage() fixed.
  6. Odd behaviour of MIPS memcpy in read_data() routine worked-around.
  7. Missing cache_flush in Squashfs symlink_readpage() added.

Regards,
Arnaud Fontaine


pgpSaQq97NpoZ.pgp
Description: PGP signature

Re: Please unblock ssl-cert 1.0.14

[Luk Claes]

Christian Perrier wrote:
> Dear release team,
> 
> I have just uploaded a NMU of ssl-cert, to fix its pending l10n
> issues (and, if needed, very minor QA issues).
> 
> Could you consider hinting it to enter testing?

Unblocked.

Cheers

Luk

-- 
Luk Claes - http://people.debian.org/~luk - GPG key 1024D/9B7C328D
Fingerprint:   D5AF 25FB 316B 53BB 08E7   F999 E544 DE07 9B7C 328D



signature.asc
Description: OpenPGP digital signature

Re: Please unblock squidguard 1.2.0-8.2

[Luk Claes]

Christian Perrier wrote:
> Dear release team,
> 
> I have just uploaded a NMU of squidguard, to fix its pending l10n
> issues (and, if needed, very minor QA issues).
> 
> Could you consider hinting it to enter testing?

Unblocked.

Cheers

Luk

-- 
Luk Claes - http://people.debian.org/~luk - GPG key 1024D/9B7C328D
Fingerprint:   D5AF 25FB 316B 53BB 08E7   F999 E544 DE07 9B7C 328D



signature.asc
Description: OpenPGP digital signature

Re: Please update ttf-dejavu

[Frans Pop]

On Saturday 03 February 2007 09:28, Frans Pop wrote:
> So, no, I don't think dejavu should be hinted yet. I'd like to see a
> bit more activity from the font people to check how things look _in_
> the graphical installer first.

I just noticed that the base size for ar and fa has increased too.

Hmm. It is even increased for dz and hi, which are from different fonts. 
Could it be that these size increases are only due to the increased font 
size in the installer, and not at all to changes in dejavu? In that case 
it would be good if the screenshots for 13 could be updated using a 
current installer for better comparison.
It would also mean that Christian's argument regarding the improvement for 
bn is invalid.


The problem with accents seems to be a more general regression. Compare 
also for example the accented y and N characters for be. These look fuzzy 
in 14 when compared to 13. (For the y the accent is centered better 
though.)
Same goes for r, e and s for cs.

IMHO this should be fixed.


pgpe7SLbO5BxV.pgp
Description: PGP signature

Please consider unblocking checkstyle 4.1+dfsg-1

[Paul Cager]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Please consider checkstyle 4.1+dfsg-1 for etch. This release fixes RC
bug #383791 (binary-only components included in upstream tarball). The
binary-only jars have been removed, and a small change made to the rules
file to cater for the pkg-java team's use of svn (patch files lose the
CfLf line endings).

It was uploaded to unstable last night, so I understand it will have to
mature in unstable for a while. Is it OK to raise this exemption request
now?

Thanks,
Paul

checkstyle (4.1+dfsg-1) unstable; urgency=high

  * Removed third-party Jars in the orig source tarball (Closes #383791).
  * Added myself to uploaders.
  * Added dos2unix conversion for build.xml (as patches are stored in
svn, and so lose CrLf line terminators). tofrodos added to
Build-Depends-Indep.

 -- Paul Cager <[EMAIL PROTECTED]>  Thu,  1 Feb 2007
23:41:01 +

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFxF5rLSXFtdTZVSURAkOeAJ4jUuDidGf1WjYuc9P7ynq+Hzs1tACgrHhc
v3O8DTX0jBGOBiEf5eZ1u90=
=px/g
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Request to include to l10n packages in Etch

[Frans Pop]

On Saturday 03 February 2007 10:43, Lior Kaplan wrote:
> aspell-ar-large - 49 days in unstable, not present in Etch.
> ttf-freefarsi - 50 days in unstable, not preset in Etch.

What about ttf-farsiweb? Should that be migrated as well?


pgpEf6opX116H.pgp
Description: PGP signature

Request to include to l10n packages in Etch

[Lior Kaplan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

During the last 5 months the Debian Arabic people worked towards
improving the Arabic support in Debian.

Please consider to include in Etch some of the new packages which were
uploaded to Unstable.

aspell-ar-large - 49 days in unstable, not present in Etch.
ttf-freefarsi - 50 days in unstable, not preset in Etch.

Both missed the Etch freeze by only a few days...

Thanks.
- --

Lior Kaplan
[EMAIL PROTECTED]

GPG fingerprint:
C644 D0B3 92F4 8FE4 4662  B541 1558 9445 99E8 1DA0
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFxFk0FViURZnoHaARAkgHAJ9IKUcVE1zRlF8EXoKphEoFMi16MQCbBZpt
1t4hVGI+lNJ1h5uZJmi0qco=
=BrLx
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Please update ttf-dejavu

[Frans Pop]

On Saturday 03 February 2007 06:51, Christian Perrier wrote:
> Either the fix is found and the new version gets hinted for
> testing...or it is not and the current 2.14 seems OK to me as its
> advantages are obvious for other languages. Just compare the
> readability:
>
> http://d-i.alioth.debian.org/gtk-frontend/screenshots/20061222_dejavu2.
>13/bn.png
> http://d-i.alioth.debian.org/gtk-frontend/screenshots/20070202_dejavu2.
>14/bn.png

To be honest, I'm not that happy with this change (of which I was so far 
not aware). rootskel-gtk currently enlarges the font after language 
selection for fonts that rendered too small.
Changes like this one mean that this needs to be reviewed and updated as 
the larger base bn font means that it will most probably now be rendered 
too big in the graphical installer.

So, no, I don't think dejavu should be hinted yet. I'd like to see a bit 
more activity from the font people to check how things look _in_ the 
graphical installer first.


pgp0US8N0NfCb.pgp
Description: PGP signature