Bug#745563: debsig-verify: only handles data.tar.gz member, not xz, bz2 or lzma

[Guillem Jover]

Hi!

On Tue, 2014-04-22 at 21:00:06 +0100, Vivek Das Mohapatra wrote:
> Package: debsig-verify
> Version: 0.8
> Severity: normal
> Tags: patch
> 
> debsig-verify only handles a main data archive member of data.tar.gz,
> packages can contain bz2, xz or lzma compressed members instead.

I'm preparing a QA upload, which will be fixing this report, as part
of trying to get 
greener.

> Attached is the patch I used to get it to work for me.

Thanks for the patch! I've amended the patch to also support data.tar,
control.tar and control.tar.xz.

Thanks,
Guillem


-- 
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140510053444.ga26...@gaara.hadrons.org

Bug#748539: spelling fix

[Guillem Jover]

Hi!

On Sun, 2014-05-18 at 12:28:16 +0430, Tomas Pospisek wrote:
> Package: debsig-verify
> Version: 0.8
> Severity: minor
> Tags: patch
> 
> Attached is a patch to change/fix the spelling of "aswell" to "as well".

Applied locally, will be included in the next release.

Thanks,
Guillem


-- 
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140606090118.ga8...@gaara.hadrons.org

Bug#755124: Package size exploded

[Guillem Jover]

Control: tag -1 patch

Hi!

On Fri, 2014-07-18 at 01:07:49 +0200, Michael Biebl wrote:
> Package: graphviz
> Version: 2.38.0-3
> Severity: important
>
> The old 2.26 graphviz package weighed around 900K, the update to 2.38
> want's to pull and additional 62M (yeah, Megabyte). That means a 70x
> size increase.
>
> That doesn't look normal. Especially since the changelog doesn't list
> anything relevant which would warrant that increase in size.
> Graphviz is recommended by a lot of packages, which means it will be
> installed for a lot of people.
> Therefore please consider trimming down the size again.

Yeah, I also saw that on upgrade, and thought it was ridiculous, after
having checked the source code I find it even more ridiculous. The
code is embedding a massive vector table of doubles (20 MiB .o) into
three different programs (so the additional 60 MiB), instead of either
computing the table at run-time, using a single binary data file to
store the table, or placing it inside a shared library or plugin, and
of course using a way more adequate data type for the involved data.

I'm attaching a patch for the latter which is a workaround, that at
least reduces the size in one order of magnitude, so from 60 MiB to
6 MiB. Which is an improvement, but the underlaying issue should be
fixed in a better way, really

Also the new release adds extremely generic program names, like
cluster or unflatten. :/

Thanks,
Guillem
Description: Use a signed char instead of a double for lab_struct
 The massive data structure was using a double for each struct member,
 which makes the resulting object extremely large. By switching it to a
 signed char we reduce the size from around 20 MiB to 2.5 MiB, so an order
 of magnitude. The new data type should be fine as the number literals do
 not exceed the type range.
 .
 In any case this gets embedded into at least three binaries, one of which
 contais an extremely generic filename(!). Which is still rather ridiculous
 as this should most possibly be computable at run-time, or stored in a
 shared data file, or in a single shared library or plugin.
Author: Guillem Jover 
Origin: vendor
Bug-Debian:
Forwarded: no
Last-Update: 2014-07-18

---

--- graphviz-2.38.0.orig/lib/edgepaint/lab.h
+++ graphviz-2.38.0/lib/edgepaint/lab.h
@@ -21,7 +21,7 @@ struct xyz_struct {
 typedef struct xyz_struct color_xyz;
 
 struct lab_struct {
-  double l, a, b;/* l: 0 to 100, a,b: -128 tp 128 */
+  signed char l, a, b;/* l: 0 to 100, a,b: -128 tp 128 */
 };
 typedef struct lab_struct color_lab;
 

Bug#755935: openslp-dfsg: Add multi-arch support

[Guillem Jover]

Source: openslp-dfsg
Source-Version: 1.2.1-9
Severity: wishlist

Hi!

Due to the openal dependency on roaraudio, which depends on libslp1,
this package needs to be multi-archified to be let the others be
co-installable.

I'm in the process of preparing fixed packages, just filing a bug
report to let other people know.

Thanks,
Guillem


-- 
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140724170923.ga16...@gaara.hadrons.org

Bug#687597: openslp-dfsg: touch bug CVE-2012-4428

[Guillem Jover]

Control: severity -1 important

Hi!

On Sun, 2013-01-27 at 11:21:32 +, Steve McIntyre wrote:
> severity 687597 important
> thanks

(Didn't seem to take effect, I assume missing control@b.d.o Bcc.)

> On Sat, Jan 05, 2013 at 09:01:45PM +0100, John Paul Adrian Glaubitz wrote:
> > there has also been an upstream bug report filed [1].
> >
> > Might be reasonable to check back there from time to time. No patch
> > yet, unfortunately.
> 
> I had a look at this yesterday. The buffer-handling in libslp *looks*
> suspect to me (in terms of tracking lengths of text fields etc.), but
> I can't see an easy way to reproduce the bug here to verify my
> suspicions. I've followed up on the upstream bug to ask about this.
> 
> In the meantime, even if the code looks dodgy I *don't* see it as
> being particularly likely to be exploitable, more a DoS at worst, and
> only on a local-network basis rather than truly remote. I'm dropping
> severity from grave accordingly - feel free to re-raise if you think
> I'm wrong.

I was preparing a QA upload, and took a stab at this. Here's the patch
I'm going to include. It seems pretty clear that if the previous to last
character in the string-list is '\\' then the string-list handling
functions will keep going, when they probably should only have done so
on escaped ','.

Although I've only code-stared at the issue, and my later few attempts
to reproduce this have been unsuccessful, but I've to confess I've not
tried very hard. Given this I'm a bit hesitant to close this bug with
the upload, but I guess I'll do so if I don't hear complains, in a
couple of days. :)

If any of you could either test or review this, that would be much
appreciated!

Thanks,
Guillem
Description: Fix out-of-bounds buffer access (CVE-2012-4428)
 Fix handling of string-list in common/slp_common.c by not increasing
 the item pointer past the string-list pointer, and letting '\\' only
 escape the item separator ','.
Author: Guillem Jover 
Origin: vendor
Bug: http://sourceforge.net/p/openslp/bugs/122/
Bug-Debian: https://bugs.debian.org/687597
Last-Update: 2014-07-25

---
 common/slp_compare.c |   33 -
 1 file changed, 12 insertions(+), 21 deletions(-)

--- a/common/slp_compare.c
+++ b/common/slp_compare.c
@@ -272,13 +272,10 @@ int SLPContainsStringList(int listlen,
 /* seek to the end of the next list item */
 while(1)
 {
-if(itemend == listend || *itemend == ',')
-{
-if(*(itemend - 1) != '\\')
-{
-break;
-}
-}
+if(itemend == listend)
+break;
+if(*itemend == ',' && *(itemend - 1) != '\\')
+break;
 
 itemend ++;
 }
@@ -328,13 +325,10 @@ int SLPIntersectStringList(int list1len,
 /* seek to the end of the next list item */
 while(1)
 {
-if(itemend == listend || *itemend == ',')
-{
-if(*(itemend - 1) != '\\')
-{
-break;
-}
-}
+if(itemend == listend)
+break;
+if(*itemend == ',' && *(itemend - 1) != '\\')
+break;
 
 itemend ++;
 }
@@ -417,13 +411,10 @@ int SLPUnionStringList(int list1len,
 /* seek to the end of the next list item */
 while(1)
 {
-if(itemend == listend || *itemend == ',')
-{
-if(*(itemend - 1) != '\\')
-{
-break;
-}
-}
+if(itemend == listend)
+break;
+if(*itemend == ',' && *(itemend - 1) != '\\')
+break;
 
 itemend ++;
 }

Bug#755935: openslp-dfsg: Add multi-arch support

[Guillem Jover]

On Thu, 2014-07-24 at 19:09:23 +0200, Guillem Jover wrote:
> Source: openslp-dfsg
> Source-Version: 1.2.1-9
> Severity: wishlist

> Due to the openal dependency on roaraudio, which depends on libslp1,
> this package needs to be multi-archified to be let the others be
> co-installable.
> 
> I'm in the process of preparing fixed packages, just filing a bug
> report to let other people know.

I uploaded this yesterday, but it seems to be stuck in the newly
switched UploadQueue in coccia (from ravel).

Thanks,
Guillem


-- 
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140729132735.ga27...@gaara.hadrons.org

Bug#749803: openslp-dfsg: Conflicting declarations of function SLPDPredicateTest cause undefined behaviour

[Guillem Jover]

Hi!

On Thu, 2014-05-29 at 22:18:22 +0100, Michael Tautschnig wrote:
> Package: openslp-dfsg
> Version: 1.2.1-9
> Usertags: goto-cc
> 
> During a rebuild of all packages in a clean sid chroot (and 
> cowbuilder+pbuilder)
> the build failed with the following error. Please note that we use our 
> research
> compiler tool-chain (using tools from the cbmc package), which permits 
> extended
> reporting on type inconsistencies at link time.
> 
> [...]
> /bin/bash ../libtool  --tag=CC   --mode=link x86_64-linux-gnu-gcc  -DNDEBUG 
> -D_REENTRANT=1  -DLINUX -Wall -O3   -o testslpd_predicate_test 
> slpd_predicate_test.o ../libslp/libslp.la ../libslpattr/libslpattr.la 
> ../common/libcommonlibslp.la ../common/libcommonslpd.la 
> ../slpd/slpd_predicate.o ../common/libcommonslpd.la -lnsl -lresolv 
> libtool: link: x86_64-linux-gnu-gcc -DNDEBUG -D_REENTRANT=1 -DLINUX -Wall -O3 
> -o .libs/testslpd_predicate_test slpd_predicate_test.o 
> ../slpd/slpd_predicate.o  ../libslp/.libs/libslp.so 
> ../libslpattr/.libs/libslpattr.a ../common/.libs/libcommonlibslp.a 
> ../common/.libs/libcommonslpd.a -lnsl -lresolv
> 
> error: conflicting function declarations "SLPDPredicateTest"
> old definition in module slpd_predicate_test file 
> SLPD_predicate_test/slpd_predicate_test.c line 9
> signed int (void *, void *)
> new definition in module slpd_predicate file slpd_predicate.c line 1455
> signed int (signed int version, signed int attrlistlen, const char *attrlist, 
> signed int predicatelen, const char *predicate)
> Makefile:637: recipe for target 'testslpd_predicate_test' failed
> make[3]: *** [testslpd_predicate_test] Error 64
> make[3]: Leaving directory 
> '/srv/jenkins-slave/workspace/sid-goto-cc-openslp-dfsg/openslp-dfsg-1.2.1/test'
> Makefile:396: recipe for target 'all-recursive' failed
> make[2]: *** [all-recursive] Error 1
> 
> It seems that the following declaration should simply gain a "static" to make
> sure it is only visible within slpd_predicate_test.c, which is the only file
> using the function with such a signature:
> 
> http://sources.debian.net/src/openslp-dfsg/1.2.1-9/test/SLPD_predicate_test/slpd_predicate_test.c?hl=9#L9
> 
> The proper global one indeed has a completely different signature:
> 
> http://sources.debian.net/src/openslp-dfsg/1.2.1-9/slpd/slpd_predicate.h?hl=60#L60
> 
> Having the linker mix them has completely undefined behaviour.

Actually this seems to be worse, there are no two different function
definitions, just a single implementation with two conflicting
declarations. So to fix this correctly the test suite needs to be
changed to use the proper function signatures.

I've not included a fix for this in the upload as I was not entirely
sure if the above was the correct fix, and the test suite is not used
at all anyway.

Thanks,
Guillem


-- 
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140729133243.ga27...@gaara.hadrons.org

Packages using old dpkg tools paths

[Guillem Jover]

Hi!

I was notified by Emmanuel Bourg that there are still packages making
use of the old compat paths for u-a, dpkg-divert and dpkg-statoverride
in /usr/sbin. Those compat symlinks got removed in dpkg 1.17.0:

  ,---
  * Remove update-alternatives, dpkg-divert and dpkg-statoverride
compatibility symlinks under /usr/sbin/.
  `---

I'm planning on starting to file bug reports for the source packages
below (BCCed). I've not checked (yet) how severe the dpkg-statoverride
ones are, but if most of them do not get fixed, I might consider
reintroducing the compat symlink for that one alone if the release-team
(CCed) sees fit to that. :/

I'm not entirely sure why most of those packages are using a construct
like this though:

  ,---
  if [ ! -x /usr/sbin/dpkg-statoverride ] || \
 ! dpkg-statoverride --list $CONF > /dev/null
  then
  […]
  fi
  `---

instead of just using the command directly? Maybe cargo-culted from
somewhere? I also thought there was a lintian warning on absolute path
usage, but either I cannot find it after a quick glance over the
website, the code, git log and BTS, or I misremembered.


Sources list (via codesearch.d.o)


,--- u-a ---
startupmanager_1.9.13-7/bootconfig/usplash.py
wmanager_0.2.1-11/debian/wmanagerrc-update
`---

,--- dpkg-divert ---
amule_2.3.1+git1a369e47-2/debian/amule-utils.preinst
amule_2.3.1+git1a369e47-2/debian/amule.preinst
`---

,--- dpkg-statoverride ---
acidbase_1.4.5-4/debian/postinst
beep_1.3-3/debian/postinst
geki2_2.0.3-8/debian/postinst
geki3_1.0.3-7/debian/postinst
gravitywars_1.102-32/debian/postinst
im_1:151-3/debian/postrm
man-db_2.7.0.2-2/debian/postinst
monsterz_0.7.1-7/debian/postinst
netdiag_1.1-1/debian/diagperm
netselect_0.3.ds1-26/debian/netselect.postinst
openssh_1:6.7p1-2/debian/openssh-client.postinst
openssh_1:6.7p1-2/debian/openssh-server.postinst
pconsole_1.0-11/debian/postinst
phpgacl_3.3.7-7.3/debian/phpgacl.postinst
pure-ftpd_1.0.36-3/debian/pure-ftpd-common.postinst
systemtap_2.6-0.1/debian/systemtap-runtime.postinst
tecnoballz_0.93.1-1/debian/tecnoballz.postinst
terminatorx_3.90-2/debian/postinst
tvtime_1.0.2-12.1/debian/postinst
xvt_2.1-20.1/debian/postinst
`---


dd-list
===

,---
Adrian Yanes 
   amule (U)

Alessio Treglia 
   terminatorx (U)

Axel Beckert 
   pconsole

Barry deFreese 
   gravitywars (U)
   monsterz (U)
   tecnoballz (U)

Colin Watson 
   man-db
   openssh (U)

David Gil 
   phpgacl

Debian aMule Team 
   amule

Debian Games Team 
   geki2
   geki3
   gravitywars
   monsterz
   tecnoballz

Debian Multimedia Maintainers 

   terminatorx

Debian OpenSSH Maintainers 
   openssh

Debian QA Group 
   startupmanager
   tvtime

Gerfried Fuchs 
   beep

Giuseppe Iuculano 
   amule (U)

Gonéri Le Bouder 
   geki2 (U)
   monsterz (U)

Javier Fernandez-Sanguino Pen~a 
   acidbase (U)
   phpgacl (U)

Javier Fernández-Sanguino Peña 
   netselect

Jeremy T. Bouse 
   acidbase

Markus Koschany 
   tecnoballz (U)

Matthew Vernon 
   openssh (U)

Michael Meskes 
   netdiag

Peter Pentchev 
   wmanager

Ritesh Raj Sarraf 
   systemtap

Sam Hocevar (Debian packages) 
   geki2 (U)
   geki3 (U)
   gravitywars (U)
   monsterz (U)
   xvt

Sandro Tosi 
   amule (U)

Stefan Hornburg (Racke) 
   pure-ftpd

Tatsuya Kinoshita 
   im

Timo Juhani Lindfors 
   systemtap (U)
`---

Thanks,
Guillem


-- 
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141103102337.ga16...@gaara.hadrons.org

Bug#953932: Upcoming dropping of compat from libattr1-dev

[Guillem Jover]

Hi!

This is a heads-up that I'm going to be dropping the "temporary" header
that was dropped from libattr1-dev upstream more than 5 years ago, and
where I added it back for backwards compatibility.

Once I've done that upload, I'll increase the severity of these
reports to serious. Most of these packages seem pretty abandoned, or
have other RC bugs anyway.

Thanks,
Guillem

Bug#1029828: gthumb: Unused hardcoded shared library dependencies in Recommends

[Guillem Jover]

Package: gthumb
Version: 3:3.12.2-3
Severity: normal

Hi!

This is a revisit of #780322, but applied to the Recommends. At the time
the hardcoded dependencies got moved from Depends to Recommends, but it
looks like now they are not used anymore, since upstream removed the
picassaweb extension in commit 5760e1da12de36208934dade855aad9fac4e53a0,
upstream version 3.11.3. There does not appear to be any reference to
gphoto in the source code anymore, so I'm assuming these are really
unused now.

Thanks,
Guillem

Bug#518962: aterm: a regression due to this change

[Guillem Jover]

Hi!

On Fri, 2009-03-27 at 11:55:32 +0200, Timo Aaltonen wrote:
>   I don't understand the reason of this bugreport. It says 
> "/usr/bin/aterm is a binary installed by the terminator package and not a 
> generic name.". But I can't see any other binaries than 
> /usr/bin/terminator in that package, and shouldn't /usr/bin/aterm belong 
> in this package anyway??
>
> this is a regression, since the link is gone.

Right, the original bug report and the entirety of the subsequent
provided patch seems bogus. Barry, could you do an upload reverting the
whole diff from this report?

thanks,
guillem



-- 
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#146316: ines: man page update

[Guillem Jover]

tags 146316 patch
thanks


kind regards
guillem


diff -rud ines-1.2/debian/ines.6 ines-1.2-patched/debian/ines.6
--- ines-1.2/debian/ines.6  Sun Jun 23 16:04:26 2002
+++ ines-1.2-patched/debian/ines.6  Sun Jun 23 16:06:18 2002
@@ -16,7 +16,7 @@
 .SH OPTIONS
 You may place as many arguments as you'd like on the command line, as long
 as they all remain before the filename. If you don't give it a filename
-argument, it assumes \"CART.NES\".
+argument, it assumes "CART.NES".
 .TP
 .B \-help
 Prints the argument list and key bindings.
@@ -36,24 +36,44 @@
 The number of CPU cycles per interrupt, defaults to 30475.
 .TP
 .B \-autoa / \-noautoa
-Turns on/off autofire for button A, defaults to \"off\".
+Turns on/off autofire for button A, defaults to "off".
 .TP
 .B \-autob / \-noautob
-Turns on/off autofire for
+Turns on/off autofire for button B, defaults to "off".
 .TP
 .B \-pal / \-ntsc
-Show 240 or 224 lines, defaults to -ntsc
+Show 240 or 224 lines, defaults to
+.BR \-ntsc .
 .TP
-.B \-kbd / \-nokbd
-Use/Don't use FamilyBASIC keyboard, defaults to -nokbd
+.B \-rkbd / \-jkbd / \-nokbd
+Use FBASIC3R, FBASIC2J or don't use FamilyBASIC keyboard, defaults to -nokbd.
 .TP
 .B \-irqs / \-irqs
-Generate/Don't generate IRQs, defaults to -irqs
+Generate/Don't generate IRQs, defaults to
+.BR \-irqs .
+.TP
+.B \-disk / \-nodisk
+Emulate/Don't emulate DiskSystem, defaults to
+.BR \-nodisk .
 .TP
 .B \-palette 
 Sets the color palette, 0 is normal, 1 is adjusted Pasofami, and 2 is original
 Pasofami. Defaults to the normal palette.
 .TP
+.B \-palette 
+Load default palette from file, defaults to "DEFAULT.PAL".
+.TP
+.B \-scale 
+Sets the window scaling, defaults to 1.
+.TP
+.B \-sync 
+Sets the screen uptade frequency, defaults to 0.
+.TP
+.B \-nosync
+Same as
+.B \-sync
+0.
+.TP
 .B \-logsnd 
 Writes the soundtrack to a file.
 .TP
@@ -69,11 +89,15 @@
 really want to, not using SHM is
 .B really
 slow).
-.B Note:
-\-noshm doesn't actually seem to work.
+.B Note: \-noshm
+doesn't actually seem to work.
 .TP
 .B \-saver / \-nosaver
-Save/don't save CPU when inactive, defaults to -savger.
+Save/don't save CPU when inactive, defaults to
+.BR \-saver .
+.TP
+.B \-cheat 
+Activate a GameGenie cheat.
 .SH "KEY BINDINGS"
 .TP
 .B [SPACE]
@@ -94,10 +118,13 @@
 .B [ESC]
 Quit emulator. (also: [F12])
 .TP
+.B [F11]
+Reset NES. Flip DiskSystem floppy. Insert VC System coin.
+.TP
 .B [SHIFT] and [CAPSLOCK]
 Switch between joypads
 .TP
-.B [1]-[5]
+.B [1]-[6]
 Toggle individual sound channels on/off
 .TP
 .B [0]
@@ -111,6 +138,21 @@
 .TP
 .B [F2]
 Turn soundtrack log on/off
+.TP
+.B [F3]
+Toggle FIRE-A autofire on/off
+.TP
+.B [F4]
+Toggle FIRE-B autofire on/off
+.TP
+.B [F5]
+Toggle GameGenie cheats on/off
+.TP
+.B [F6]
+Save emulation state
+.TP
+.B [F7]
+Cycle through palettes
 .SH "SEE ALSO"
 http://www.komkon.org/fms/iNES/ is the web page about this program. It
 has some screenshots of various games, in addition to information on making



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#40133: playmidi: print usage on stdout

[Guillem Jover]

Package: playmidi
Version: 2.4-4
Tags: patch


kind regards,
guillem


diff -Nurd playmidi-2.4/playmidi.c playmidi-2.4-patched/playmidi.c
--- playmidi-2.4/playmidi.c Thu Jul 18 20:58:10 2002
+++ playmidi-2.4-patched/playmidi.c Thu Jul 18 21:08:14 2002
@@ -403,8 +403,8 @@
}
 
 if (error || optind >= argc) {
-   fprintf(stderr, "usage: %s [-options] file1 [file2 ...]\n", argv[0]);
-   fprintf(stderr, "  -v   verbosity (additive)\n"
+   printf("usage: %s [-options] file1 [file2 ...]\n", argv[0]);
+   printf("  -v   verbosity (additive)\n"
"  -i x ignore channels set in bitmask x (hex)\n"
"  -c x play only channels set in bitmask x (hex)\n"
"  -x x exclude channel x from playable bitmask\n"
diff -Nurd playmidi-2.4/toy.c playmidi-2.4-patched/toy.c
--- playmidi-2.4/toy.c  Sun May 11 23:44:01 1997
+++ playmidi-2.4-patched/toy.c  Thu Jul 18 21:07:00 2002
@@ -118,7 +118,7 @@
}
 
 if (error || argc - optind != 2) {
-   fprintf(stderr, "usage: %s [-t semitones]"
+   printf("usage: %s [-t semitones]"
" [-c channel] [-p program] [-wait] "
"inputfile.seq outputfile.seq\n", argv[0]);
exit(1);



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#141702: playmidi: skipped lirycs in playmidi -r

[Guillem Jover]

tags 141702 patch
thanks

Hi,

Now playmidi will only skeep repeated lines on metadata
type 3 (Sequence/Track Name text). To be consistent with
the GUI implementations, the skipping code should be removed,
but due to the limited space on terminals it may be a bad idea.

kind regards,
guillem


diff -Nurd playmidi-2.4/io_ncurses.c playmidi-2.4-patched/io_ncurses.c
--- playmidi-2.4/io_ncurses.c   Thu Jul 18 20:58:10 2002
+++ playmidi-2.4-patched/io_ncurses.c   Thu Jul 18 22:33:16 2002
@@ -161,7 +161,7 @@
 if (cmd < 8 && cmd > 0) {
if (length > COLS)
length = COLS;
-   if (cmd != 1 && strncmp(textbuf, data, length - 1) == 0)
+   if (cmd == 3 && strncmp(textbuf, data, length - 1) == 0)
 return;/* ignore repeat messages, "WinJammer Demo" etc. */
if (verbose) {
printf("%s: ", metatype[cmd - 1]);



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#503702: lockvc: Segfaults.

[Guillem Jover]

Hi,

On Wed, 2008-10-29 at 21:25:50 +0100, Moritz Muehlenhoff wrote:
> Kurt Roeckx wrote:
> > Package: lockvc
> > Version: 4.0.5-6
> > Severity: serious

> > It seems that lockvc sometimes segfaults on me.  It's not doing it all
> > time, but atleast once a week.

If there was a backtrace I might try to fix it, it could even be a
problem in svgalib itself, but that might also depend on the driver
being used.

> > I'm setting it to serious since the console is unlocked at that point,
> > and so I consider it to be not useful at all.
> 
> Given that we have vlock as a proper and proven replacement (and which
> is also portable and not depending on svgalib) we should just remove
> lockvc. CCing Guillem, the former maintainer for his opinion.

It also runs as suid root, and busy loops while "screen saving", so if
Kurt cannot provide a backtrace then I guess removing makes sense.
Still I'd be interested to know if this is really lockvc's fault or
svgalib's, as the latter might affect other programs.

regards,
guillem



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#436184: labrea: mentions hackers instead of crackers in package description

[Guillem Jover]

Package: labrea
Version: 2.5-stable-2
Severity: minor

Hi,

The package description refers to hackers as denizens, I think this is
wrong and missleading and should be replaced with 'crackers'.

regards,
guillem


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#823077: irda-utils: Fix LSB init output

[Guillem Jover]

Source: irda-utils
Source-Version: 0.9.18-14
Severity: wishlist
Tags: patch

Hi!

The attached patch fixes the LSB init script to have more consistent
output.

Thanks,
Guillem
From eb72dbc61abef4650a0441b9673f3b26c241378c Mon Sep 17 00:00:00 2001
From: Guillem Jover 
Date: Sat, 30 Apr 2016 15:46:51 +0200
Subject: [PATCH] irda-utils: Fix LSB init output

---
 debian/irda-utils.init | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/debian/irda-utils.init b/debian/irda-utils.init
index cf0c88a..86da079 100644
--- a/debian/irda-utils.init
+++ b/debian/irda-utils.init
@@ -55,8 +55,7 @@ if [ -f /etc/default/$PACKAGE ]; then
 . /etc/default/$PACKAGE
 fi
 if [ "$ENABLE" = "false" ]; then
-log_action_begin_msg "Skipping $DESC:" "$NAME (not enabled)"
-log_action_end_msg 0
+log_action_msg "Skipping $DESC:" "$NAME (not enabled)"
 exit 0
 fi
 if [ -z "$DEVICE" ]; then
-- 
2.8.1

Bug#823082: sysfsutils: Fix LSB init output

[Guillem Jover]

Source: sysfsutils
Source-Version: 2.1.0+repack-4
Severity: wishlist
Tags: patch

Hi!

The attached patch fixes the LSB init script to have more consistent
output.

Thanks,
Guillem
From 8de8494592a1052b152b8a38f8086ab2ea0e3853 Mon Sep 17 00:00:00 2001
From: Guillem Jover 
Date: Sat, 30 Apr 2016 16:33:03 +0200
Subject: [PATCH] sysfsutils: Fix LSB init output

---
 debian/sysfsutils.init | 10 ++
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/debian/sysfsutils.init b/debian/sysfsutils.init
index b0610ed..b7048ed 100644
--- a/debian/sysfsutils.init
+++ b/debian/sysfsutils.init
@@ -1,4 +1,4 @@
-#! /bin/sh -e
+#! /bin/sh
 
 ### BEGIN INIT INFO
 # Provides:  sysfsconf
@@ -17,6 +17,8 @@
 #
 # (c) 2005 Martin Pitt 
 
+set -e
+
 CONFFILE=/etc/sysfs.conf
 CONFDIR=/etc/sysfs.d
 
@@ -53,7 +55,7 @@ load_conffile() {
 		fi
 	else
 		log_failure_msg "syntax error in $CONFFILE: '$f1' '$f2' '$f3'"
-		log_end_msg 1
+		log_action_end_msg 1
 		exit 1
 	fi
 	done
@@ -62,14 +64,14 @@ load_conffile() {
 
 case "$1" in
 start|restart|force-reload)
-	log_begin_msg "Setting sysfs variables..."
+	log_action_begin_msg "Setting sysfs variables"
 
 	for file in $CONFFILE $CONFDIR/*.conf; do
 	[ -r "$file" ] || continue
 	load_conffile "$file"
 	done
 
-	log_end_msg 0
+	log_action_end_msg 0
 	;;
 stop)
 	;;
-- 
2.8.1

Bug#825002: sgml-base: broken super catalog after removing docutils-common

[Guillem Jover]

Hi!

On Sun, 2016-05-22 at 12:27:32 +0200, Helmut Grohne wrote:
> Package: sgml-base
> Version: 1.26+nmu2
> Severity: serious
> Justification: breaks reverse dependencies like openjade
> Owner: helm...@debian.org
> User: helm...@debian.org
> Usertags: rebootstrap

> Guillem Jover suggested that sgml-base should provide a
> conffile-independent trigger (e.g. "update-catalog") and that packages
> providing catalogs should invoke it explicitly. Implementing this
> implies changing sgml-base, debhelper and reuploading 24 source
> packages shipping catalogs.

Please use update-sgmlcatalog which is less generic than the other
name and is in line with the (supposedly fixed rename request for the
update-catalog command in an old edxperimental upload), see #88008. So
that we don't need to do the transition for the trigger later on too.

Otherwise the change looks good. I proposed using -noawait variants,
but given the current usage of the (implicitly) -wait ones, I'd also
leave this for now as an unrelated change that avoids possible breakage,
as you did here.

Thanks,
Guillem

Bug#833224: perl-byacc: Uses obsolete compressor for .deb data.tar member

[Guillem Jover]

Source: perl-byacc
Source-Version: 2.0-8
Severity: important
User: debian-d...@lists.debian.org
Usertags: dpkg-obsolete-deb-data-tar-compressor

Hi!

This source package builds one or more binary packages using the
deprecated compressor bzip2. The default has been xz for a while now
which should usually compress better than bzip2. If instead you'd like
speed then switch to use gzip.

Using a deprecated compressor when building binary packages will
become an error in the near future. Please update the packages.

See also .

Thanks,
Guillem

Re: DocBook 5 for Debian

[Guillem Jover]

Hi!

On Tue, 2017-08-01 at 23:24:20 -0700, Paul Hardy wrote:
> I am creating a new XSLT file to convert DocBook 5 "refentry" (man page)
> files to texinfo files on a non-Debian system.  I would like to bring
> DocBook 5 into Debian.

In a way, we already have some DocBook 5 support. :)

> Therefore, I propose filing ITPs for packages "docbook5", "docbook5-xsl",
> and "docbook5-xml".  The packages initially would be based on DocBook 5.1,
> unless DocBook 5.2 is finalized in the meantime.

Please take a look at the existing docbook5-xml and docbook-xsl-ns
packages.

Thanks,
Guillem

Bug#944967: multistrap: Script accesses internal dpkg database

[Guillem Jover]

Source: multistrap
Source-Version: 2.2.10
Severity: important
User: debian-d...@lists.debian.org
Usertags: dpkg-db-access-ctrl

Hi!

This package contains the «multistrap» program, which directly accesses
the dpkg internal database, instead of using one of the public
interfaces provided by dpkg.

The check_bin_sh() function should be switched to use something like:

  «dpkg-query --control-path dash postinst»

to get at the pathname within the database, even though what it tries
to do next is not very kosher. :) But perhaps this code can be removed
now though?

The native() function, I'm not sure what's the intention there TBH,
but it could be replaced with a loop over all installed packages and
then --control-path.


This is a problem for several reasons, because even though the layout and
format of the dpkg database is administrator friendly, and it is expected
that those might need to mess with it, in case of emergency, this
“interface” does not extend to other programs besides the dpkg suite of
tools. The admindir can also be configured differently at dpkg build or
run-time. And finally, the contents and its format, might change in
the future.

Thanks,
Guillem

Bug#953938: zfs-fuse: Switch from deprecated to

[Guillem Jover]

Source: zfs-fuse
Source-Version: 0.7.0-20
Severity: important
User: a...@packages.debian.org
Usertags: libattr-drop-attr-xattr-header

Hi!

This package uses the deprecated  header (from libattr)
instead of the one provided now by glibc .

The former header has been removed in upstream libattr, but got
reintroduced in Debian to avoid breakage just before the Debian buster
freeze. But I'd like to be able to remove it in Debian too, so that
the interface can be synced with upstream.

It looks like this is the only header used by this package from libattr,
so you should be able to drop the dependency on libattr entirely, as
glibc should be providing all that is needed now.

Thanks,
Guillem

Bug#905802: changetrack: cron script accesses internal dpkg database

[Guillem Jover]

Source: changetrack
Source-Version: 4.7-5
Severity: important
User: debian-d...@lists.debian.org
Usertags: dpkg-db-access-blocker

Hi!

This package contains a cron script [M], which directly accesses
the dpkg internal database. Instead of using one of the public
interfaces provided by dpkg. The code could be replaced with something
like «dpkg-query --showformat '${Conffiles}\n' --show |
grep -E -v '(^\s*|\.schemas)$' | cut -d\  -f2 | sort | uniq».

  [M] debian/cron.daily

This a problem for multiple reasons. Even though the layout and format
of the dpkg database is administrator friendly, and it's expected that
those might need to mess with it, in case of emergency, this interface
does not extend to other programs besides the dpkg suite of tools. The
admindir can also be configured differently at dpkg build or run-time.
And finally, the contents and its format, will be changing in the near
future.

In addition the .conffiles in the database never get updated even after
conffile take overs by another package.

Thanks,
Guillem

Bug#913693: jailtool: Script accesses internal dpkg database

[Guillem Jover]

Source: jailtool
Source-Version: 1.1-5
Severity: important
User: debian-d...@lists.debian.org
Usertags: dpkg-db-access-blocker

Hi!

This package contains a script («update-jail»), which directly accesses
the dpkg internal database, instead of using one of the public interfaces
provided by dpkg. The code should be switched to use for conffiles:

  «dpkg-query --shoformat='${Conffiles}\n' --show»

and for the files list:

  «dpkg-query --listfiles»

This is a problem for several reasons, because even though the layout and
format of the dpkg database is administrator friendly, and it is expected
that those might need to mess with it, in case of emergency, this
“interface” does not extend to other programs besides the dpkg suite of
tools. The admindir can also be configured differently at dpkg build or
run-time. And finally, the contents and its format, will be changing in
the near future.

Thanks,
Guillem

Bug#982626: autoconf: Ships identical NEWS and NEWS.Debian files

[Guillem Jover]

Package: autoconf
Version: 2.69-14
Severity: normal

Hi!

This package ships identical NEWS and NEWS.Debian file. This means no
upstream NEWS file is shipped, where all new features are described
in a concise way.

Thanks,
Guillem

Bug#985186: glob2: Upstream git with SDL2 support

[Guillem Jover]

Source: glob2
Source-Version: 0.9.4.4-5
Severity: wishlist

Hi!

Upstream git (which seems rather active) includes SDL2 support, which
among others supports Wayland natively. SDL1 is considered deprecated
by upstream and should be switched away from. It would be nice to
package a snapshot of that.

Thanks,
Guillem

Bug#982253: Bug#986997: O: netkit-telnet -- basic telnet client

[Guillem Jover]

Hi!

On Thu, 2021-04-15 at 21:18:03 +0200, Simon Josefsson wrote:
> Chris Hofstaedtler  writes:
> > * Simon Josefsson  [210415 19:06]:
> >> Hi!  Upstream is not maintained either -- at least the download URL in
> >> netkit-telnet's debian/copyright file does not work.  How about dropping
> >> netkit-telnet from Debian?
> >
> > In #982253 I've expressed that I for one would find that to be a
> > good idea. But quite clearly it is work that needs to be a) done and
> > b) well coordinated.
> 
> I'm happy to work on replacing netkit-based tools with inetutils once
> bullseye is out, although Guillem have to agree since he maintains
> inetutils in Debian.  If something needs to be modified in inetutils to
> be more compatible with netkit, I will help to arrange that.

That'd be great, thanks! I think I've mentioned before, but in any
case getting #945861 fixed would be nice, as I took a look but run
out of time trying to figure out what was the problem.

Adding TLS support to both inetutils telnet and telnetd would also be
great, even though inetutils versions support Kerberos, but I think
probably more people might use TLS enabled telnet than Kerberos
enabled telnet. This might make it possible to also get rid of
telnet-ssl and telnetd-ssl.

> Starting
> with telnet+telnetd seems like a good idea.

I've not checked if there are any differences in the options,
otherwise I'd be fine with adding a transitional package, to smooth
the upgrade, and then simply just provide telnet and telnetd (in
addition to telnet-client and telnet-server) virtual packages.

> Btw, the suggestion to symlink telnet to netcat is not a good one:
> telnet is a complex protocol, netcat doesn't support any of it as far as
> I know.

I agree.

Thanks,
Guillem

Bug#953932: Upcoming dropping of compat from libattr1-dev

[Guillem Jover]

Control: severity -1 serious

Hi!

On Wed, 2024-08-28 at 04:15:39 +0200, Guillem Jover wrote:
> This is a heads-up that I'm going to be dropping the "temporary" header
> that was dropped from libattr1-dev upstream more than 5 years ago, and
> where I added it back for backwards compatibility.
> 
> Once I've done that upload, I'll increase the severity of these
> reports to serious. Most of these packages seem pretty abandoned, or
> have other RC bugs anyway.

This has happened now with the attr 1:2.5.2-2 upload. I'm bumping the
severity to serious as mentioned above, because that change will make
these packages fail to build from source (if they were not already
failing to build for other reasons).

Thanks,
Guillem