[21:10:29] sorry I'm here now [21:10:33] who else is around? [21:11:02] arcean, DocScrutinizer ping ? [21:11:05] DocScrutinizer, freemangordon, arcean, Pali ping [21:11:13] i'm here [21:11:17] pong [21:11:23] pong :) [21:12:31] mag not around as usual :/ [21:12:46] anyway lets first start with a lil other stuff [21:12:59] arcean: I think freemangordon made a mg against your h-d? [21:13:16] yes [21:13:28] merlin1991, arcean, there is still more to come :) [21:13:37] hehe, no problem :) [21:13:55] merlin1991, the bug in clutter is just ine part of the issue [21:14:02] freemangordon: k [21:14:06] *one [21:14:08] till saturday I have to end a task @ work [21:14:23] I'm hungry and on my way out today. only available via DocScrutinizer51 [21:14:35] That is my deadline ? :p [21:14:37] so I will create MRs to CSSU on weekend [21:14:46] arcean: if you mg back against our h-d I suggest you remove the portrait lock commits from the branch [21:14:57] merlin1991, why? [21:15:15] he initially started to refacter a lock that is not even in our master yet [21:15:20] merlin1991, that's what i'm going to do :) [21:15:27] no point to merge back history that introduces something and removes it again [21:15:55] yeah, but why removing PL [21:15:59] freemangordon, portrait lock is not working for Qt apps if you have switched off forced rotation [21:16:28] freemangordon: because before we start having a proper concept for rotation/lock I'd prefer to merge no related code [21:16:40] but I still want all the stuff from your code though [21:17:21] hmm, ok [21:17:29] see backscroll for my comments on mce patching re rotation/orientation fixing [21:17:35] makes sense [21:18:03] in one line: we can't do that [21:18:27] Pali: how far are you with the ham patches? [21:18:42] o/ [21:18:48] I did not tested it yet [21:19:18] can somebody test HAM for upgrading CSSU? [21:19:30] I can, I've got 3 devices :D [21:19:40] ok :-) [21:19:57] problem with HAM is that HAM is slow [21:20:02] yeah [21:20:05] that's true :D [21:20:12] anyway lets get started on the bugs [21:20:17] and SLOW is because only one function is SLOW [21:20:23] ok [21:20:25] Pali, HAM is using apt-worker isn't it? [21:20:30] yes [21:20:53] * Topic for #maemo-ssu is "Maemo Community Seamless Software Update "CSSU" channel, http://wiki.maemo.org/Community_SSU | Known bugs: http://j.mp/communityssu-bugs | Channel logs: http://mg.pov.lt/maemo-ssu-irclog/ | Sources: http://gitorious.org/community-ssu/ | Latest version: 21.2011.38-1Tmaemo1 | STABLE: http://talk.maemo.org/showthread.php?p=1129261 \o/ | bugmeeting 29.02.2012 20:00 UTC" [21:20:53] * Topic set by merlin1991!~merlin@Maemo/community/cssu/merlin1991 on Wed Feb 22 23:41:31 2012 [21:20:59] one function in apt-worker spending a lot of time (get all packages and select some) [21:21:19] first up bug #11875 [21:21:21] Bug https://bugs.maemo.org/11875 Battery drains quicker [21:22:14] I'm not sure what I should think about that one [21:22:25] thumb ;) [21:22:51] need info from powertop [21:23:02] modestr restarts frequently, thus drains battery, FIXED [21:23:27] yeah we probably could say that [21:23:40] " but doing it frequently (about every 5-10 seconds from what I [21:23:40] saw)." [21:23:50] so, yes - crashes [21:23:55] We can say it if FIXED for sure [21:24:01] *it is [21:24:33] okay next up bug #11886 [21:24:34] Bug https://bugs.maemo.org/11886 Modest: CTRL+ENTER doesn't send e-mail [21:24:39] close it as fixed an ask author to reopen it if battery drain continues [21:24:51] that was for the previous one [21:24:56] yeah :) [21:25:36] don't think we can do something about 11886 atm, since we have nobody who played with modeset active atm [21:26:07] well, put it on the queue [21:26:15] yeah [21:26:24] next up bug #11961 [21:26:25] Bug https://bugs.maemo.org/11961 Random email application (modest) crashes with CSSU [21:26:33] FIXED [21:26:34] I belive that is also a fixed --> thumb [21:26:34] :D [21:26:48] -*- merlin1991 wonders how many duplicated bugs of modest crashes a lot we have [21:26:58] at least 10 :D [21:27:41] next bug #11992 [21:27:42] Bug https://bugs.maemo.org/11992 CSSU installation changes "My location" to "Do not show" [21:28:16] I suppose I'll have to check if that one is even valid [21:28:48] but I bet it's simply related to the ham - update procedure [21:29:18] sure, but I cannot understand where on the status menu is availability [21:29:33] aaah, ok :D [21:29:59] may be that is a part of going offline [21:30:06] I think that this may happen when you select device offline mode and then again online. HAM setting device offline mode when updating Maemo OS [21:30:21] or it may happen is similar way [21:30:28] WONTFIX? [21:30:32] I suppose [21:31:26] next? [21:31:50] ahhh a classic [21:31:52] bug #12027 [21:31:53] Bug https://bugs.maemo.org/12027 Screen is momentarily black during zaxisrotation [21:32:04] INVALID [21:32:11] yep [21:32:16] that is by design [21:33:01] i.e. feature :D [21:33:10] I'd say so :) [21:33:14] next up bug #12053 [21:33:15] Bug https://bugs.maemo.org/12053 Modest drains battery [21:33:19] fixed ? :D [21:33:24] lol [21:33:46] duplicate [21:34:11] yea duplicate [21:34:20] next up bug #12085 [21:34:21] Bug https://bugs.maemo.org/12085 Can't edit Applications list in portrait [21:34:25] fixed [21:35:00] yeah, fixed [21:35:09] arcean? [21:35:23] I think so [21:35:27] verified fixed? or sth [21:35:30] yea [21:35:54] next bug #12157 [21:35:55] Bug https://bugs.maemo.org/12157 Camera UI - randomly crashes [21:36:27] needs more info? [21:36:32] this one either is needinfo or fixed [21:36:44] needinfo [21:36:45] since 14.1 there've been a lot of stability fixes for camera-ui [21:37:07] comment: install dumphandler, deliver coredump [21:37:22] :nod: [21:38:13] next up bug #12544 [21:38:14] Bug https://bugs.maemo.org/12544 Stock Rss feed app not updating or downloading favicons and leaving residue after full phone flash [21:38:31] INVALID [21:38:38] well only partly [21:38:43] rss is not part of CSSU [21:38:45] the favicon thing actually is partly [21:38:52] Pali: but it still works on stock [21:38:57] so we broke it somewhere on the way [21:39:07] this is bad [21:39:09] yep, it's true [21:39:14] eeeew [21:39:14] that guy was trying to convince us that CSSU is leaving residues after rootfs+EMMC flash [21:39:15] it also works in stable [21:39:28] freemangordon: yeah he's weird [21:39:31] lol [21:39:36] but I tried myself the favicon part [21:39:40] it works on stock and stable [21:39:42] but not on testing [21:39:50] I tried contacting onion (he provided some rss fixes) but he is not responding... [21:40:00] he is online on #maemo [21:40:18] is that application QT? [21:40:24] no, GTK [21:40:29] no, Hildon/GTK [21:40:48] hmm, what is the difference then? [21:40:53] nfc [21:41:00] but I guess it needs some serious debugging [21:41:12] step by step upgrade S to T and see when favicon breaks [21:41:21] agree [21:41:32] something for me then I guess [21:41:34] k [21:41:39] merlin1991, if you are able to reproduce it, then ... [21:41:50] I'd start with allow-gui-rotation [21:42:14] forced-rotation? [21:42:37] well I could reproduce it on my -testing device without forced rotation [21:42:43] but I'll investigate [21:42:47] ok [21:43:01] now the fun stuff is comind [21:43:02] bug #12550 [21:43:03] Bug https://bugs.maemo.org/12550 pango: CVE-2010-0421: Fix input sanitization [21:43:24] err wut? [21:43:54] create git repo on gitorious CSSU [21:44:13] Pali: when the repo is there can you look into the patch? [21:44:37] we should trust andre klapper(tm) on that [21:45:02] merlin1991, in repos? [21:45:03] huh, that patch is funny :D [21:45:14] yeah since the commit actually is in the nokia hildon repos [21:45:58] maybe we should leave it that way? [21:46:16] freemangordon: what do you mean? [21:46:32] it is in official nokia repo and not in official PR1.3? [21:46:35] do not clone it in CSSU repo [21:46:35] yes [21:46:44] pr1.3 still ships maemo4 of libpango [21:46:52] Pali, the same with clutter [21:47:25] and reason why was not included? [21:47:35] nfc [21:47:35] maybe andre will know it [21:47:42] limited manpower :D [21:47:52] or we can write author of that patch [21:48:06] okay I'll contact andre and if he knows nothing I'll try to contact the author [21:48:19] merlin1991, leave the question on the bugtracker [21:48:38] ah yeah actually true [21:49:12] wtfpango [21:49:20] DocScrutinizer51: hm? [21:49:23] next up bug #12552 [21:49:24] Bug https://bugs.maemo.org/12552 FreeType: CVE-2010-1797: Stack overflows by processing CFF opcodes [21:49:33] whats p [21:50:10] DocScrutinizer51: pango is font rendering [21:50:14] freetype too [21:50:15] for previous bug, see https://bugzilla.redhat.com/show_bug.cgi?id=555831 [21:50:16] Bug 555831: was not found. [21:50:25] tnx [21:51:15] are we going to trust andrew with the patch to 12552, or does somebody want to check it for sanity? [21:51:24] err s/andrew/andre/ [21:52:39] Pali, freemangordon, arcean ^^ ? [21:52:43] don't we have an updated freetype in CSSU? [21:52:54] at least on gitorious [21:53:12] on gitorious but not in the repo [21:53:41] on CSSU gitorious is some other bug fixed [21:53:50] yes segfault with navit [21:54:13] I think that this can be added to CSSU repo [21:54:32] whatabout the patch from andre though? [21:54:37] just add it on top? [21:55:15] could be [21:55:18] Asg MohammadAG which version is that in CSSU, where it came from [21:55:18] I think so, the patch looks ~ok [21:55:26] *Ask [21:55:46] freemangordon: that patch on gitorious came from tmo if I remember correctly [21:55:48] if it is from maemo repos, just add the patch from andre and ship it [21:56:05] original source is the redhat bugzilla [21:56:05] merlin1991, ok, but where the sources came from? [21:56:17] ah you mean the base freetype? [21:56:22] yeah [21:56:32] I'll have to check that, but shouldn't be hard to find out [21:56:39] sure [21:56:42] I have other question, is there on maemo.gitorious.org other patches which is not part of PR1.3? [21:56:48] possibly [21:56:53] most probably [21:56:55] nobody ever went over everything there [21:57:14] merlin1991, put that in queue :) [21:57:14] I thoght that maemo.gitorious.org match SDK/PR1.3 version [21:57:26] not really [21:57:27] Pali, no, it is ahead [21:57:36] okay I'll check with freetype then [21:57:41] ok [21:58:17] next bug #12553 [21:58:18] Bug https://bugs.maemo.org/12553 Ctrl+space doesn't switch input language when editbox is hidden [21:58:39] what's the supposed procedure to migrate those bugfixes from T to S eventually? [21:59:02] DocScrutinizer51: package in T, if deemed stable off to S [21:59:13] nothing shortcuts at least a week of testing [21:59:15] as usual [21:59:22] yup [21:59:57] hmm, andre has done a descent job finding those patches [22:00:04] yes he did [22:00:06] we might need special procedure for security patches [22:00:15] why? [22:00:34] <-- lizardo (lizardo@nat/indt/x-xqxdtlctuuoiklpc) hat das Netzwerk verlassen (Quit: Leaving) [22:00:41] you don't want to delay a fix for a severe vulnerability [22:00:52] adding keyword security is enoght? [22:01:03] well, those are delayed for 2 years already :D [22:01:08] exactly :D [22:01:09] yes, to trigger inspection [22:01:34] DocScrutinizer51: I suggest we simply push out a -testing with just all the cev stuff as soon as we worked through all of them [22:01:50] sure [22:01:50] and can take care of the other packages in the queue for testing later [22:01:58] agree [22:02:06] just thinking what if eventually... [22:02:24] anyway, back to 12554 [22:02:28] err 12553 [22:02:33] for now no Oday known [22:03:24] the xchat roguestring attack might be this class [22:03:39] yeah [22:03:46] merlin1991, looks harmless, see no reason why not put it in CSSU [22:03:47] though afaik gtk still has no fix for that [22:04:07] yup [22:05:32] so about 12553, add hildon to cssu and include the fix? [22:05:41] yep [22:05:48] yes [22:05:55] oaky [22:06:06] bug 12553 [22:06:06] Bug https://bugs.maemo.org/12553 Ctrl+space doesn't switch input language when editbox is hidden [22:06:12] next up bug #12554 [22:06:13] Bug https://bugs.maemo.org/12554 libcurl: CVE-2010-0734: data callback vulnerability [22:07:19] same as previous [22:08:21] arcean, Pali? [22:09:00] sorry but without full source code I do not understand this patch [22:09:34] Pali, seems like some kind of buffer overrun [22:09:47] yes, and it's official patch [22:10:00] it is again CVE [22:10:15] so we can trust upstream [22:10:21] okay [22:10:23] :nod: [22:10:35] next up bug #12555 [22:10:36] Bug https://bugs.maemo.org/12555 microb-engine: CVE-2010-1205: Buffer overflow in embedded libpng [22:11:46] patches are commited into upstream repos [22:11:55] so we can include it [22:12:12] hmm, from the bug report it is not clear to me whether microb is affected as libpng is fixed in maemo [22:12:45] I think microb has its own libpng copy [22:12:55] wow [22:13:01] okay who wants to dig in the microb code? [22:13:15] I tried contacted authors of MicroB code [22:13:24] lemme guess, no answer? [22:13:31] i've done that once, it is a nightmare [22:13:39] digging throug microb [22:13:49] I can try to ask about that bug too [22:14:16] anyway, the bug seems valid, merlin1991, put that on the queue :) [22:14:47] freemangordon: on your queue? :D [22:15:09] on the queue in garage :p [22:15:14] I see [22:15:29] which in the end is my queue because I have to look into garage first :$ [22:15:33] didn't find the time :/ [22:15:57] hmm, can we ask DocScrutinizer to do that? [22:16:20] err what [22:16:20] DocScrutinizer51: feel like digging in code a lil to see if a patch is valid against our microb? [22:16:34] DocScrutinizer, what about opening and maintaining CSSU project on garage [22:16:39] merlin1991 ^^^ [22:16:40] umm, prolly no time [22:16:53] and ofc what freemangordon said :D [22:17:18] <-- peetah (~peetah@cha92-9-82-236-202-86.fbx.proxad.net) hat das Netzwerk verlassen (Remote host closed the connection) [22:17:18] atm I'm like 3h free time for also having lunch [22:17:24] dinner [22:17:34] bummer [22:17:41] okay next up is bug #12556 [22:17:42] Bug https://bugs.maemo.org/12556 libtiff: Various vulnerabilites [22:18:20] what's wrong with applying a patch and see if it fits? [22:18:48] DocScrutinizer51: the codebase in microb quite possibly is a lot different [22:18:55] DocScrutinizer51, most probably we will have to backport those patches [22:19:05] then patch will barf up [22:19:36] huh, there are bugs from year 2006, why Nokia did not backported it? [22:19:43] nfc Pali [22:19:55] DocScrutinizer51, and we will have the bug still in place [22:19:57] so who volunteers to go over all the libtiff patches? [22:20:58] crap, queue it is [22:21:02] dang, patch -p 1 *.patch [22:21:33] merlin1991, really, that won't work. It is not only libtiff, all other patches from andre are the same. That is why i proposed to have a queue with pending issues, so when one fills like having free time to pick a task and to deal with it. [22:21:46] *feels [22:21:56] yeah I'll set up the queue [22:22:03] I'll look into garage this weekend [22:22:15] just was hoping somebody would feel like doing it :D [22:22:37] anyway next bug is #12557 [22:22:39] merlin1991, you're the maintainer :D [22:22:47] freemangordon: I fear so [22:22:50] bug #12557 [22:22:51] Bug https://bugs.maemo.org/12557 openssl: CVE-2010-0742: Cryptographic Message Syntax vulnerability [22:23:19] whos maintainer? [22:23:24] the same as tiff and others [22:23:38] I think this one actually should be applyable [22:23:45] DocScrutinizer51, merlin1991 is THE maintainer [22:23:58] the only one left [22:24:11] actually I think for T he's co-maintainer [22:24:11] ah wait, might not apply [22:24:49] DocScrutinizer51: the last T mag did practically was me putting together a list of packages that have patches and are ready and he just ran compiles [22:25:23] :nod: [22:25:42] oky 12557 goes on the queue [22:25:52] merlin1991, we could not decide right now on those patches [22:25:55] so much for a TSG ;P [22:26:10] freemangordon: yeah but we can filter those out who should go easy [22:26:50] like the one for freetype [22:26:59] or curl :) [22:27:13] ok [22:27:37] hm next one is funky [22:27:39] bug #12558 [22:27:39] Bug https://bugs.maemo.org/12558 kernel/bluetooth: CVE-2010-1084: potential bad memory access with sysfs files [22:27:54] <-- Free-MG (~test@p5DD7DF4D.dip.t-dialin.net) hat das Netzwerk verlassen (Quit: Verlassend) [22:27:55] ah shit [22:28:00] kernel shitstorm incoming [22:28:15] mehehe [22:28:30] fixed in KP50 :p [22:28:44] :D [22:28:54] what we need to include kernel in CSSU? [22:29:00] okay 12558 goes on the queue with the task of creating a proper upgrade system that does NOT kill user kernel [22:29:09] ok [22:29:11] Pali: sane way to flash or not flash the kernel on update [22:29:37] merlin1991: mission impossible [22:29:38] ok, so app which ask "do you want to flash kernel?" [22:30:01] Pali: it has to be something that works with ham, and the command line [22:30:09] ok, no problem [22:30:24] also PK by no means is cssu grade stable [22:30:25] kernel using for flashing some fiasco-* program [22:30:33] not even for T [22:30:43] Doc, we can remove some patches from kernel-power [22:30:57] Pali: actually I think kernel-power works well in extras [22:30:58] and use only bug-fix patches [22:31:11] so I would jsut but bug fixes into the kernel in cssu [22:31:11] well, that sounds good [22:31:14] ooops you were faster [22:31:38] anyway next bug #12559 [22:31:38] Bug https://bugs.maemo.org/12559 xserver-xorg-video-fbdev: Omap video overlay change not notified [22:31:56] <-- BCMM (~ben@unaffiliated/bcmm) hat das Netzwerk verlassen (Quit: Konversation terminated!) [22:32:23] tbh for me that one is a #needinfo [22:32:32] needinfo [22:32:39] why TRUE? [22:33:01] eh? [22:34:09] okay 12559 is needinfo [22:34:12] bug #12560 [22:34:12] Bug https://bugs.maemo.org/12560 alarmd does not correctly replace [COOKIE] in exec strings [22:34:13] agree [22:34:31] it's a clone of bug #10025 [22:34:32] Bug https://bugs.maemo.org/10025 alarmd 1.1.13 does not correctly replace [COOKIE] in exec strings [22:34:35] more info there [22:34:52] hold on [22:34:59] wtf COOKIE? [22:35:21] yeah nfc here too [22:35:51] ah: Once added to the queue, each alarm event is identified by a unique key, also known as a "cookie". The cookies can be used for deleting events, or retrieving information about a specific event. [22:36:17] merlin1991, look at the original bug report [22:36:43] I'm not sure what I see though [22:36:44] seems you should pull alarmd too :) [22:37:22] well that might explain why alarmed app refused to delete events [22:37:23] alarmd source code are on garage [22:37:28] on svn [22:38:51] so pull alarmd and apply? [22:39:13] because I still don't see whet the actual problem is / how the fix works [22:39:29] merlin1991, yeah, will test it more than usual. [22:39:32] here is svn repo: https://garage.maemo.org/plugins/scmsvn/viewcvs.php/?root=dsm [22:39:37] rhere's a fix? [22:39:50] DocScrutinizer51: bug #10025 includes a patch [22:39:51] Bug https://bugs.maemo.org/10025 alarmd 1.1.13 does not correctly replace [COOKIE] in exec strings [22:39:59] mhm [22:40:43] pali the svn only goes up to 1.1.13, but maemo has 1.1.16 [22:40:58] (moving, so afk for a minute) [22:41:18] freemangordon: so you want to look at that? [22:41:19] merlin1991, so include code from repo [22:41:31] ok, I only wrote because I saw this code on garage [22:41:38] do I have a choice? :) [22:41:45] nah :D [22:41:55] you saying will test it more than usual doomed you :D [22:42:24] put it in my queue (right after osso-pdf-viewer translation RE) :p [22:42:38] next one is for the queue again I guess [22:42:39] bug #12564 [22:42:41]