Fixing #654506 and #674386 in Wheezy
Hi, We would like to fix #654506 and #674386 in Wheezy. Unfortunately, we are not able to accept supercollider/1:3.5.2-1 from Unstable since the changes are quite large. Usually, we ask the maintainer to prepare an upload based on testing's source package and targeting testing-proposed-updates. But for this specific case, I'm not sure what would the best step forward as you seem not interested in fixing #674386 (cf. [1]). Since the package has not been part of any previous stable release, one solution could be to remove this package from testing. What do you think? Regards, [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674386#10 -- Mehdi Dogguy مهدي الدڤي ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: Fixing #654506 and #674386 in Wheezy
On 11/07/12 16:01, Felipe Sateler wrote: On Wed, Jul 11, 2012 at 8:20 AM, Mehdi Dogguyme...@dogguy.org wrote: Hi, We would like to fix #654506 and #674386 in Wheezy. Unfortunately, we are not able to accept supercollider/1:3.5.2-1 from Unstable since the changes are quite large. I think you mean 1:3.5.3~repack-1? Yes, sorry. It was a bad copy/paste :/ That is what's currently in unstable, and 1:3.5.2-1 was uploaded before the freeze. Unfortunately, it couldn't migrate because it failed to build on non-x86 archs. We are currently working on fixing that. So, in a way, the changes are not that large ;). We don't seem to have the same definition of large. For this specific case, the changes between the unblocked version and sid's current version look like: $ debdiff supercollider_3.5.2-1.dsc supercollider_3.5.3~repack-1.dsc \ | diffstat | tail -n1 3040 files changed, 5266 insertions(+), 581639 deletions(-) This pretty looks as large. Ignoring the bits that were deleted when repacking, the debian/ directory, etc… this leads us to: 53 files changed, 746 insertions(+), 701 deletions(-) which is nicer indeed but still qualifies as large. Why did you import 3.5.3 instead of working on fixing 3.5.2? (I'm not sure it is relevant now but that might help us to understand the situation better). I had planned to mail d-r after we got the last round of fixes ready. Is there a chance we can convince you to let 3.5.3 migrate to testing? We would prefer targeted fixes based on the version of testing. Kind Regards, -- Mehdi Dogguy مهدي الدڤي ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#646937: CVE-2011-3625: Buffer overflow in SAMI parsing
Package: mplayer2 Version: 2.0-134-g84d8671-8 Severity: grave Tags: security Justification: user security hole Please see: http://www.openwall.com/lists/oss-security/2011/10/14/1 http://labs.mwrinfosecurity.com/files/Advisories/mwri_mplayer-sami-subtitles_2011-08-12.pdf Fix: http://git.mplayer2.org/mplayer2/commit/?id=27b88a09c5319deb62221b8cd0ecc14cd1136e4a Regards, -- Mehdi -- System Information: Debian Release: 6.0.3 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'proposed-updates') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#646937: [Secure-testing-team] Bug#646937: CVE-2011-3625: Buffer overflow in SAMI parsing
On 10/28/2011 07:57 PM, Michael Gilbert wrote: On Fri, Oct 28, 2011 at 9:20 AM, Mehdi Dogguy wrote: Package: mplayer2 Version: 2.0-134-g84d8671-8 Severity: grave Tags: security Justification: user security hole Please see: http://www.openwall.com/lists/oss-security/2011/10/14/1 http://labs.mwrinfosecurity.com/files/Advisories/mwri_mplayer-sami-subtitles_2011-08-12.pdf Fix: http://git.mplayer2.org/mplayer2/commit/?id=27b88a09c5319deb62221b8cd0ecc14cd1136e4a How is this different from #645987? #645987 was reported against mplayer (not mplayer2). I could have cloned the bugreport bug didn't think about that when closing it ; and re-assigning isn't appropriate since the issue is valid for both packages. I cc'ed the security team so that you can update security-tracker's data. Regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: x264 mini-transition
On 10/27/2011 07:08 PM, Reinhard Tartler wrote: Hi dear release team, Now with libx264-118 in the archive, we can start transtion the existing packages to the archive so that the new x264 package can transition to testing. The following source packages need to be rebuilt: gst-plugins-ugly0.10 libav-extra libquicktime mplayer vlc ben says that there is also: libquicktime and libav. http://release.debian.org/transitions/html/x264.html Regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: Upcoming Libav 0.7 transition
Package: release.debian.org Owner: siret...@debian.org Subject: transition: libav 0.7 User: release.debian@packages.debian.org Usertags: transition On 05/01/2011 06:46 PM, Reinhard Tartler wrote: I'd like to ask for permission to start a new Libav (the new FFmpeg) transition in unstable. The current package can be seen in experimental, basically all libraries bumped SONAME, so that the new release is co-installable with the Libav 0.6 series. I'm turning this into a bugreport, so that we don't forget about it. Regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Re: [Fwd: fatal error: audacious/util.h: No such file or directory]
On 15/04/2011 23:30, Bilal Akhtar wrote: Hi Mehdi and others, Thanks for notifying! I'll look into the issue tomorrow and am confident about a resolution this weekend. Thanks again, You're welcome. Are there any news? Regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Re: [Fwd: fatal error: audacious/util.h: No such file or directory]
On 04/12/2011 06:36 PM, Benjamin Drung wrote: Audacious is now under the hood of the Debian Multimedia Maintainers. hum... adding to CC: folks marked as Uploaders for audacious. are there any news here? Weitergeleitete Nachricht Von: Mehdi Dogguyme...@dogguy.org An: audaci...@packages.debian.org Betreff: fatal error: audacious/util.h: No such file or directory Datum: Tue, 12 Apr 2011 10:56:27 +0200 Hi. It seems that audacious 2.4.4-1 misses some files in audacious-dev. Specifically, I don't see audacious/util.h and audacious/output.h, although they are present in the source package. Maybe this was intended, but it's causing some packages to FTBFS (see list below). I didn't try to bring them back in the package to see it's enough to let other packages build... but can you please tell me if those are part of a deprecated API thrown away by upstream (and that's why they are not installed), or simply because they were forgotten at some point? This change introduced this list of FTBFSes: http://bugs.debian.org/620915 http://bugs.debian.org/620917 http://bugs.debian.org/620918 http://bugs.debian.org/620919 Those failures are preventing audacious and libmowgli from migrating to testing. Regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
fatal error: audacious/util.h: No such file or directory
Hi. It seems that audacious 2.4.4-1 misses some files in audacious-dev. Specifically, I don't see audacious/util.h and audacious/output.h, although they are present in the source package. Maybe this was intended, but it's causing some packages to FTBFS (see list below). I didn't try to bring them back in the package to see it's enough to let other packages build... but can you please tell me if those are part of a deprecated API thrown away by upstream (and that's why they are not installed), or simply because they were forgotten at some point? This change introduced this list of FTBFSes: http://bugs.debian.org/620915 http://bugs.debian.org/620917 http://bugs.debian.org/620918 http://bugs.debian.org/620919 Those failures are preventing audacious and libmowgli from migrating to testing. Regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Bug#602860: mixxx: segfault on startup with QT network socket error
On 11/09/2010 02:01 PM, Alessio Treglia wrote: On Mon, Nov 8, 2010 at 11:31 PM, Jonathan E. Magen yonkelt...@gmail.com wrote: Warning: [Main]: Qt: Session management error: Could not open network socket Segmentation fault Although I cannot reproduce this segfault on my Squeeze with ATI graphics driver enabled, I can confirm that the package is seriously broken. I asked the devs about it in #mixxx on irc.freenode.net and they encouraged me to request an upgrade to a more recent version of mixxx. I am reporting this bug as I do not want Squeeze to ship with a broken version of this package. Can we get an upgraded version of mixxx into squeeze? No, I am sorry but deep-freeze is in effect and recent upstream release introduces too many new features. Dear release team, would you remove the package 'mixxx' from Squeeze? Removal hint added. Regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Re: vlc 1.1.3
On 08/27/2010 12:28 AM, Christophe Mutricy wrote: Hello, Mehdi Dogguy wrote: I'll unblock it later… vlc/1.1.3-1 has now built on all archs and is 5 days old. Could you unblock it ? Done. -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Bug#475279: Bug#555233: mediatomb: diff for NMU version 0.12.0~svn2018-4.1
Andres Mejia wrote: On Thursday 04 February 2010 04:36:30 Mehdi wrote: tags 475279 + patch pending tags 555232 + patch pending tags 555233 + patch pending tags 560468 + patch pending thanks Dear maintainer, I've prepared an NMU for mediatomb (versioned as 0.12.0~svn2018-4.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer. I updated mediatomb-get-orig-source to remove the embedded prototype.js and use the one from the Debian package libjs-prototype, which seems to work fine with the Web UI. Thank you. I've applied your patch to the packaging for version 0.12.0~svn2018-5 and uploaded it, save for one change. I've left out the Ok. I'll cancel my NMU then as soon as I see 0.12.0~svn2018-5 appear somewhere. I forgot to remove the mediatomb-common.lintian-override which became useless. Please remove it. change to the meditomb-get-orig-source script, since a new orig tarball is not being uploaded. Also, I prefer to implement a way where mediatomb's build Even if you don't upload a new version, having the change applied to the script doesn't harm and doesn't force to upload a new tarball. system has an option to either use the system libjs-prototype library, or the internal one. Reason being that using the system library has had other problems before (web interface being completely unusable). Yes, I saw that in the bugreports. It appears that libjs-prototype is used by several packages. The maintainer of libjs-prototype (CC'ed) should coordinate with you future uploads and agree on the version you want to have in the distribution (like what's done with C libraries for example). Cheers, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Bug#555233: duplicate
forcemerge 475279 555233 severity 555233 serious thanks 555233 seems to be a duplicate of #475279. The security team considers this as an RC bug. Thus, I'm raising the severity to « serious ». Regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers