[Pkg-kde-extras] Bug#895568: CVE-2017-11592

2018-04-12 Thread Moritz Muehlenhoff 
Package: exiv2
Version: 0.26-1
Severity: important
Tags: security

This was assigned CVE-2017-11592: https://github.com/Exiv2/exiv2/issues/56

Only experimental is affected, the affected code isn't around for older 
releases.

Cheers,
Moritz

___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] Bug#868578: CVE-2017-11335 CVE-2017-11336 CVE-2017-11337 CVE-2017-11338 CVE-2017-11339 CVE-2017-11340

2017-07-16 Thread Moritz Muehlenhoff 
Package: exiv2
Version: 0.25-3.1
Severity: important
Tags: security

Please see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11340

Cheers,
Moritz

___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] Bug#855339: Spurious openssl build dep

2017-02-16 Thread Moritz Muehlenhoff 
Source: kdesvn
Severity: normal

Hi,
the build dep on libssl-dev seems spurious, kdesvn doesn't seem to use libssl?
Maybe that got obsolete in the 2.0 rewrite?

Cheers,
Moritz

___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] Bug#747778: kradio4: FTBFS: error: QFile: No such file or directory

2014-05-15 Thread Moritz Muehlenhoff 
On Wed, May 14, 2014 at 09:49:52PM +0200, Moritz Mühlenhoff wrote:
 On Sun, May 11, 2014 at 07:20:34PM +0200, David Suárez wrote:
  Source: kradio4
  Version: 4.0.7-2
  Severity: serious
  Tags: jessie sid
  User: debian...@lists.debian.org
  Usertags: qa-ftbfs-20140510 qa-ftbfs
  Justification: FTBFS on amd64
  
  Hi,
  
  During a rebuild of all packages in sid, your package failed to build on
  amd64.
  
  Relevant part (hopefully):
   /usr/bin/c++   -DKDE3_SUPPORT -DKDE4_CMAKE_TOPLEVEL_DIR_LENGTH=21 
   -DKDE_DEPRECATED_WARNINGS -DQT3_SUPPORT -DQT3_SUPPORT_WARNINGS 
   -DQT_NO_CAST_TO_ASCII -DQT_NO_STL -D_BSD_SOURCE -D_REENTRANT 
   -D_XOPEN_SOURCE=500 -g -O2 -fstack-protector --param=ssp-buffer-size=4 
   -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2  -Wnon-virtual-dtor 
   -Wno-long-long -Wundef -Wcast-align -Wchar-subscripts -Wall -W 
   -Wpointer-arith -Wformat-security -fno-exceptions -DQT_NO_EXCEPTIONS 
   -fno-check-new -fno-common -Woverloaded-virtual -fno-threadsafe-statics 
   -fvisibility=hidden -Werror=return-type -fvisibility-inlines-hidden 
   -DNDEBUG -DQT_NO_DEBUG -I/«PKGBUILDDIR»/obj-x86_64-linux-gnu 
   -I/«PKGBUILDDIR» -I/«PKGBUILDDIR»/obj-x86_64-linux-gnu/src 
   -I/«PKGBUILDDIR»/src -I/«PKGBUILDDIR»/interfaces 
   -I/«PKGBUILDDIR»/radiostations -I/usr/include/qt4
   -DKRADIO_VERSION=\4.0.7\ -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -o 
   CMakeFiles/kradio4.dir/src/stationlist.o -c 
   /«PKGBUILDDIR»/src/stationlist.cpp
   In file included from /usr/include/kio/netaccess.h:28:0,
from /«PKGBUILDDIR»/src/stationlist.cpp:28:
   /usr/include/kio/global.h:29:44: fatal error: QFile: No such file or 
   directory
#include QFile  // for QFile::Permissions
   ^
   compilation terminated.
   make[3]: *** [CMakeFiles/kradio4.dir/src/stationlist.o] Error 1
 
 This appears to be a bug in /usr/include/kio/global.h from kdelibs5-dev. 

Filed as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748147

Cheers,
Moritz

___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] Bug#739442: FTBFS with libav10

2014-03-17 Thread Moritz Muehlenhoff 
On Fri, Feb 28, 2014 at 10:47:13PM +0100, an...@khirnov.net wrote:
 
 Hi,
 the attached patch should fix this bug.

The patch only updates strigi to use non-deprecated libav functions, i.e.
is is also compatible with libav9 from current unstable. It would be
nice if you could upload the fix soon so that it's not blocking the
libav10 transition.

Cheers,
Moritz

___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] Bug#741361: Please migrate to xine-lib-1.2

2014-03-11 Thread Moritz Muehlenhoff 
Source: kaffeine
Severity: important

Hi,
xine-lib is scheduled for removal in jessie. Please build-depend on
libxine2-dev instead of libxine-dev (a test compile worked fine for me)

The severity will be bumped to RC status in a few weeks/months.

Cheers,
Moritz

___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] Bug#739442: FTBFS with libav10

2014-02-18 Thread Moritz Muehlenhoff 
Source: strigi
Severity: important

Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.

Migration documentation can be found at
https://wiki.libav.org/Migration/10

Cheers,
Moritz

[ 59%] Building CXX object 
libstreamanalyzer/plugins/endplugins/CMakeFiles/ffmpeg.dir/ffmpegendanalyzer.cpp.o
cd 
/home/jmm/av10/strigi-0.7.8/obj-x86_64-linux-gnu/libstreamanalyzer/plugins/endplugins
  /usr/bin/c++   -DHAVE_CONFIG_H -D_REENTRANT -D__STDC_CONSTANT_MACROS 
-Dffmpeg_EXPORTS -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat 
-Werror=format-security -D_FORTIFY_SOURCE=2  -fvisibility=hidden 
-fvisibility-inlines-hidden -fPIC 
-I/home/jmm/av10/strigi-0.7.8/libstreams/include 
-I/home/jmm/av10/strigi-0.7.8/obj-x86_64-linux-gnu/libstreams/include 
-I/home/jmm/av10/strigi-0.7.8/libstreamanalyzer/include
-I/home/jmm/av10/strigi-0.7.8/libstreamanalyzer/include/strigi 
-I/home/jmm/av10/strigi-0.7.8/obj-x86_64-linux-gnu/libstreamanalyzer/include 
-I/home/jmm/av10/strigi-0.7.8/obj-x86_64-linux-gnu/libstreamanalyzer/include/strigi
 -I/home/jmm/av10/strigi-0.7.8/libstreamanalyzer/lib 
-I/home/jmm/av10/strigi-0.7.8/obj-x86_64-linux-gnu/libstreamanalyzer/lib 
-I/usr/include/libxml2-fPIC -o
CMakeFiles/ffmpeg.dir/ffmpegendanalyzer.cpp.o -c 
/home/jmm/av10/strigi-0.7.8/libstreamanalyzer/plugins/endplugins/ffmpegendanalyzer.cpp
/home/jmm/av10/strigi-0.7.8/libstreamanalyzer/plugins/endplugins/ffmpegendanalyzer.cpp:
 In member function 'virtual signed char
FFMPEGEndAnalyzer::analyze(Strigi::AnalysisResult, Strigi::InputStream*)':
/home/jmm/av10/strigi-0.7.8/libstreamanalyzer/plugins/endplugins/ffmpegendanalyzer.cpp:484:20:
 error: 'const AVStream' has no member named 'r_frame_rate'
 if (stream.r_frame_rate.num  stream.r_frame_rate.den) {
^
/home/jmm/av10/strigi-0.7.8/libstreamanalyzer/plugins/endplugins/ffmpegendanalyzer.cpp:484:47:
 error: 'const AVStream' has no member named 'r_frame_rate'
 if (stream.r_frame_rate.num  stream.r_frame_rate.den) {
   ^
/home/jmm/av10/strigi-0.7.8/libstreamanalyzer/plugins/endplugins/ffmpegendanalyzer.cpp:486:26:
 error: 'const AVStream' has no member named 'r_frame_rate'
   outs  stream.r_frame_rate.num / stream.r_frame_rate.den;
  ^
/home/jmm/av10/strigi-0.7.8/libstreamanalyzer/plugins/endplugins/ffmpegendanalyzer.cpp:486:52:
 error: 'const AVStream' has no member named 'r_frame_rate'
   outs  stream.r_frame_rate.num / stream.r_frame_rate.den;
^
make[3]: *** 
[libstreamanalyzer/plugins/endplugins/CMakeFiles/ffmpeg.dir/ffmpegendanalyzer.cpp.o]
 Error 1
make[3]: Leaving directory `/home/jmm/av10/strigi-0.7.8/obj-x86_64-linux-gnu'
make[2]: *** [libstreamanalyzer/plugins/endplugins/CMakeFiles/ffmpeg.dir/all] 
Error 2
make[2]: Leaving directory `/home/jmm/av10/strigi-0.7.8/obj-x86_64-linux-gnu'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/home/jmm/av10/strigi-0.7.8/obj-x86_64-linux-gnu'
dh_auto_build: make -j1 returned exit code 2
make: *** [build] Error 2
dpkg-buildpackage: error: debian/rules build gave error exit status 2
j

___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] Bug#739312: FTBFS with libav10

2014-02-17 Thread Moritz Muehlenhoff 
Source: k3b
Severity: important

Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.

Migration documentation can be found at
https://wiki.libav.org/Migration/10

Cheers,
Moritz

[ 50%] Building CXX object 
plugins/decoder/ffmpeg/CMakeFiles/k3bffmpegdecoder.dir/k3bffmpegwrapper.o
cd /home/jmm/av10/k3b-2.0.2/obj-x86_64-linux-gnu/plugins/decoder/ffmpeg  
/usr/bin/c++   -DKDE4_CMAKE_TOPLEVEL_DIR_LENGTH=14 -DKDE_DEPRECATED_WARNINGS 
-DMAKE_K3BFFMPEGDECODER_LIB -DNEWFFMPEGAVCODECPATH -DQT3_SUPPORT 
-DQT3_SUPPORT_WARNINGS -DQT_NO_CAST_TO_ASCII -DQT_NO_STL -D_BSD_SOURCE 
-D_REENTRANT -D_XOPEN_SOURCE=500 -g -O2 -fstack-protector 
--param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2  
-Wnon-virtual-dtor -Wno-long-long -Wundef -Wcast-align -Wchar-subscripts -Wall 
-W -Wpointer-arith -Wformat-security -fno-exceptions -DQT_NO_EXCEPTIONS 
-fno-check-new -fno-common -Woverloaded-virtual -fno-threadsafe-statics 
-fvisibility=hidden -Werror=return-type -fvisibility-inlines-hidden -fPIC 
-I/home/jmm/av10/k3b-2.0.2/obj-x86_64-linux-gnu/plugins/decoder/ffmpeg 
-I/home/jmm/av10/k3b-2.0.2/plugins/decoder/ffmpeg 
-I/home/jmm/av10/k3b-2.0.2/obj-x86_64-linux-gnu 
-I/home/jmm/av10/k3b-2.0.2/libk3bdevice -I/home/jmm/av10/k3b-2.0.2/libk3b/core 
-I/home/jmm/av10/k3b-2.0.2/
 libk3b/plugin -I/home/jmm/av10/k3b-2.0.2/libk3b/tools 
-I/home/jmm/av10/k3b-2.0.2/libk3b/tools/qprocess 
-I/home/jmm/av10/k3b-2.0.2/libk3b/tools/qprocess/private 
-I/home/jmm/av10/k3b-2.0.2/libk3b/projects 
-I/home/jmm/av10/k3b-2.0.2/libk3b/projects/audiocd 
-I/home/jmm/av10/k3b-2.0.2/libk3b/projects/datacd 
-I/home/jmm/av10/k3b-2.0.2/libk3b/projects/videocd 
-I/home/jmm/av10/k3b-2.0.2/libk3b/projects/mixedcd 
-I/home/jmm/av10/k3b-2.0.2/libk3b/jobs 
-I/home/jmm/av10/k3b-2.0.2/libk3b/videodvd -I/usr/include/KDE 
-I/usr/include/qt4/phonon -I/usr/include/qt4/QtXmlPatterns 
-I/usr/include/qt4/QtXml -I/usr/include/qt4/QtWebKit 
-I/usr/include/qt4/QtUiTools -I/usr/include/qt4/QtTest -I/usr/include/qt4/QtSvg 
-I/usr/include/qt4/QtSql -I/usr/include/qt4/QtScriptTools 
-I/usr/include/qt4/QtScript -I/usr/include/qt4/QtOpenGL 
-I/usr/include/qt4/QtNetwork -I/usr/include/qt4/QtHelp 
-I/usr/include/qt4/QtDesigner -I/usr/include/qt4/QtDeclarative 
-I/usr/include/qt4/QtDBus -I/usr/include/qt4/Qt3Support -I/usr/inc
 lude/qt4/QtGui -I/usr/include/qt4/QtCore -I/usr/include/qt4/Qt 
-I/usr/share/qt4/mkspecs/default -I/usr/include/qt4-D_GNU_SOURCE 
-D_LARGEFILE64_SOURCE -o CMakeFiles/k3bffmpegdecoder.dir/k3bffmpegwrapper.o -c 
/home/jmm/av10/k3b-2.0.2/plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp
/home/jmm/av10/k3b-2.0.2/plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp:58:23: 
error: 'AVCODEC_MAX_AUDIO_FRAME_SIZE' was not declared in this scope
 char outputBuffer[AVCODEC_MAX_AUDIO_FRAME_SIZE + 15];
   ^
/home/jmm/av10/k3b-2.0.2/plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp: In 
constructor 'K3bFFMpegFile::K3bFFMpegFile(const QString)':
/home/jmm/av10/k3b-2.0.2/plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp:74:57: 
error: 'class K3bFFMpegFile::Private' has no member
named 'outputBuffer'
 int offset = 0x10 - (reinterpret_castintptr_t(d-outputBuffer)  0xf);
 ^
/home/jmm/av10/k3b-2.0.2/plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp:75:34: 
error: 'class K3bFFMpegFile::Private' has no member
named 'outputBuffer'
 d-alignedOutputBuffer = d-outputBuffer[offset];
  ^
/home/jmm/av10/k3b-2.0.2/plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp: In member 
function 'void K3bFFMpegFile::close()':
/home/jmm/av10/k3b-2.0.2/plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp:185:9: 
error: '::av_close_input_file' has not been declared 
::av_close_input_file( d-formatContext );
 ^
/home/jmm/av10/k3b-2.0.2/plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp: In member 
function 'QString K3bFFMpegFile::typeComment() const':
/home/jmm/av10/k3b-2.0.2/plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp:230:10: 
error: 'CODEC_ID_WMAV1' was not declared in this scope
 case CODEC_ID_WMAV1:
  ^
/home/jmm/av10/k3b-2.0.2/plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp:232:10: 
error: 'CODEC_ID_WMAV2' was not declared in this scope
 case CODEC_ID_WMAV2:
  ^
/home/jmm/av10/k3b-2.0.2/plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp:237:10: 
error: 'CODEC_ID_MP3' was not declared in this scope
 case CODEC_ID_MP3:
  ^
/home/jmm/av10/k3b-2.0.2/plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp:240:10: 
error: 'CODEC_ID_AAC' was not declared in this scope
 case CODEC_ID_AAC:
  ^
/home/jmm/av10/k3b-2.0.2/plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp: In member 
function 'int K3bFFMpegFile::fillOutputBuffer()':
/home/jmm/av10/k3b-2.0.2/plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp:339:31: 
error: 'AVCODEC_MAX_AUDIO_FRAME_SIZE' was

[Pkg-kde-extras] Bug#669189: Acknowledgement.

2012-05-31 Thread Moritz Muehlenhoff 
On Fri, Apr 20, 2012 at 11:53:05PM +0200, Raúl Sánchez Siles wrote:
   Hello Simon:
 
   Thanks for your kind and helpful email. Hardening flags was sit on our list 
 of 
 TODO for the package but still pending. Thanks to your email the progress 
 will 
 be smoother and faster.
 
   I'll apply your patch in short to our git tree and tag this as pending once 
 a 
 new upload is planned.

What's the status? It's been six weeks and the Wheezy freeze is coming closer.

Cheers,
Moritz



___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] Bug#656356: Please enabled hardened build flags

2012-01-18 Thread Moritz Muehlenhoff 
Package: exiv2
Version: 0.20-2.1
Severity: important
Tags: patch

Please enabled hardened build flags through dpkg-buildflags.

Patch attached.

Cheers,
Moritz
diff -aur exiv2-0.20.harden/debian/rules exiv2-0.20/debian/rules
--- exiv2-0.20.harden/debian/rules	2011-05-29 19:49:29.0 +0200
+++ exiv2-0.20/debian/rules	2012-01-18 15:57:33.020481301 +0100
@@ -4,7 +4,7 @@
 	dh $@ --parallel
 
 override_dh_auto_configure:
-	dh_auto_configure -- --disable-rpath
+	dh_auto_configure -- --disable-rpath $(shell dpkg-buildflags --export=configure)
 
 override_dh_clean:
 	dh_clean
Nur in exiv2-0.20/debian: rules~.
___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

Re: [Pkg-kde-extras] Bug#587842: Can stop krusader neither by closing its window nor by Ctrl+q

2010-10-06 Thread Moritz Muehlenhoff 
tags 587842 patch
thanks

On Tue, Aug 10, 2010 at 12:06:29PM +0300, Modestas Vainius wrote:
 Hello,
 
 On antradienis 10 Rugpj??tis 2010 11:32:27 Frank Schoolmeesters wrote:
  Hi,
  
  This bug should be fixed upstream in the SVN repository.
  http://websvn.kde.org/trunk/extragear/utils/krusader/
  http://websvn.kde.org/trunk/extragear/utils/krusader/ChangeLog?view=log
  See changelog FIXED: krusader doesn't exit normally
  
  Though there is still a discussion about this fix, because the fix
  causes an other bug.
  
  Thanks and bye,
 
 Thanks. It would be great if you let us know when a proper fix is out.

Hi Modestas,
I've tested that attached patch (as fixed in SVN above) works fine
and solves the problem.

I suppose the confusion about people reporting that the bug is not
fixed arose from the fact that people didn't kill there leftover
krusader instances, which led them to believe that the patch is
wrong.

We could add a killall krusader to postinst to resolve this.

OTOH, Lenny-Squeeze updates are not bitten by this bug and people
can expect sid to be a little bumpy from time to time.

Cheers,
Moritz

___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-kde-extras