Bug#684452: CVE-2012-3447 unblock: nova/2012.1.1-6
Quoting Thomas Goirand (z...@debian.org): > One last thing: in our Git, I have already a debian/po/es.po update. I > didn't upload the package with it, because of the urgency=high. Was this > the correct thing to do (eg: plan for a later upload then unblock), or > should I have include the template update? Please give me the release > team view on this, so I know how to handle such situation later on. My personal stance on this (so, not the release team view): uploading with the spanish translation would have been OK as it is well known that such updates are anyway accepted. That would save another upload and another freeze exception request later on..:-). But I very well understand you want to give priority to the security fix and not "pollute" your request with an unrelated change. signature.asc Description: Digital signature
Bug#684554: unblock: rssh/2.3.3-5
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package rssh. This fixes a security vulnerability in
the command-line parsing by applying upstream's patch and then
adjusting the Debian patches accordingly.
unblock rssh/2.3.3-5
Because the package uses TopGit (I intend to switch to git-dpm) and
generates a quilt series, the straight debdiff is not particularly
useful since it's a diff between various patches. Instead, attached
is the diff between the unpacked source for 2.3.3-4 and 2.3.3-5 with
all patches already applied, excluding the debian/patches directory
from the diff. This seems like a better diff to review. Let me know
if you want a diff in another format, however.
There are a few unfortunate whitespace-only hunks here that are due to
applying the upstream patch verbatim. I considered removing them, but
decided that keeping the official upstream patch applied verbatim was
a better idea since it made for easier comparisons.
There is a stable security upload pending. I've already contacted the
security team about that.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-2-686-pae (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -ru --exclude .pc --exclude patches rssh-2.3.3-4/debian/changelog rssh-2.3.3-5/debian/changelog
--- rssh-2.3.3-4/debian/changelog 2012-03-07 16:08:52.0 -0800
+++ rssh-2.3.3-5/debian/changelog 2012-08-10 22:14:54.0 -0700
@@ -1,3 +1,11 @@
+rssh (2.3.3-5) unstable; urgency=medium
+
+ * Apply upstream patch to close security vulnerability that permitted
+clever manipulation of environment variables on the ssh command line
+to bypass rssh checking. (CVE-2012-3478)
+
+ -- Russ Allbery Fri, 10 Aug 2012 22:14:34 -0700
+
rssh (2.3.3-4) unstable; urgency=low
* Force libexecdir to /usr/lib/rssh. This is not a library package and
diff -ru --exclude .pc --exclude patches rssh-2.3.3-4/main.c.in rssh-2.3.3-5/main.c.in
--- rssh-2.3.3-4/main.c.in 2012-08-09 18:21:02.0 -0700
+++ rssh-2.3.3-5/main.c.in 2012-08-10 22:46:01.0 -0700
@@ -184,7 +184,7 @@
* determine if the command in cmdline is acceptable to run, and store
* name of program to exec in cmd
*/
- if ( !(*cmd = check_command_line(cmdline, opts)) ) return NULL;
+ if ( !(*cmd = get_command(cmdline, opts)) ) return NULL;
/* if we need to do chroot processing, do it */
if ( opts->shell_flags & RSSH_USE_CHROOT ){
@@ -254,7 +254,9 @@
}
/* return vector of pointers to command line arguments */
- return build_arg_vector(cmdline, 0);
+ argvec = build_arg_vector(cmdline, 0);
+ if (check_command_line(argvec, opts)) return argvec;
+ else return NULL;
}
void vers_info( void )
diff -ru --exclude .pc --exclude patches rssh-2.3.3-4/util.c rssh-2.3.3-5/util.c
--- rssh-2.3.3-4/util.c 2012-08-09 18:21:02.0 -0700
+++ rssh-2.3.3-5/util.c 2012-08-10 22:46:01.0 -0700
@@ -110,7 +110,7 @@
/* print error message to user and log attempt */
fprintf(stderr, "\nThis account is restricted by rssh.\n"
"%s\n\nIf you believe this is in error, please contact "
- "your system administrator.\n\n", cmd);
+ "your system administrator.\n\n", cmd);
if ( argc < 3 )
log_msg("user %s attempted to log in with a shell",
username);
@@ -136,31 +136,35 @@
*/
bool opt_exist(char *cl, char opt)
{
- int i = 0;
+ int i = 1;
int len;
- char *token;
- bool optstring = FALSE;
-
len = strlen(cl);
/* process command line character by character */
- while ( i < (len - 2) ){
- if ( cl[i] == ' ' || cl[i] == '\t' ){
- if ( cl[i+1] == '-' ){
-optstring = TRUE;
-i+=2;
- }
- }
- if ( cl[i] == opt && optstring ) return TRUE;
- if ( cl[i] == ' ' || cl[i] == '\t' || cl[i] == '-' )
- optstring = FALSE;
+ if (!(cl[0] == '-')) return FALSE;
+ while ( i < (len) ){
+ if ( cl[i] == opt ) return TRUE;
i++;
}
return FALSE;
}
+bool opt_filter(char **vec, const char opt)
+{
+ while (vec && *vec){
+ if (opt_exist(*vec, opt)){
+ fprintf(stderr, "\nillegal insecure %c option", opt);
+ log_msg("insecure %c option in command line!", opt);
+ return TRUE;
+ }
+ vec++;
+ }
+ return FALSE;
+}
+
+
bool check_command( char *cl, ShellOptions_t *opts, char *cmd, int cmdflag )
{
int cl_len; /* length of command line */
@@ -190,95 +194,98 @@
return FALSE;
}
+
/*
* check_rsync_e() - take the command line passed to rssh and look for a -e
- * option. If one is found, make sure --server is provided
- * and the option contains only the protocol information.
- * Returns 1 if the command line is safe; 0 otherwise.
+ * option. If one is found, make sure --server is provided
+ * and the option c
Bug#684452: CVE-2012-3447 unblock: nova/2012.1.1-6
Hi Adam,
Thanks for your careful review.
On 08/11/2012 04:41 AM, Adam D. Barratt wrote:
> On Fri, 2012-08-10 at 14:25 +0800, Thomas Goirand wrote:
>> Please unblock the nova package. This fixes CVE-2012-3447, which is a
>> file injection vulnerability in the host filesystem, using a specially
>> crafted guest image.
>>
>> The relevant diff is available here:
>> http://anonscm.debian.org/gitweb/?p=openstack/nova.git;a=commitdiff;h=55e78f9cbaa1c4657a97c6b20797a94968030e75
>
> Please don't do that. It needs a context switch, doesn't work when
> reading mail offline and means that the list archive doesn't stand alone
> as a historical, well, archive of what was okayed. There's a reason
> that the freeze policy explicitly asks for debdiffs.
I'm sorry, I wont do it again. I've attached the corresponding diff file
for this unblock request.
>> The patch comes directly from upstream, as per the patch header (I just
>> applied it manually, then did dpkg-source --commit).
>>
>> Note that this also includes a (needed) tweak in the configuration files
>> as per this commit:
>> http://anonscm.debian.org/gitweb/?p=openstack/nova.git;a=commitdiff;h=4cd725c5d164484a3ddb6bf95f37fb715cb51169
>
> Two questions:
>
> 1) Why is there no mention of the above changes in the changelog?
>
> 2) Why does "Add nova-compute.conf files to nova-compute init if exist"
> require
>
> -DAEMON_ARGS="--flagfile=/etc/nova/nova.conf"
> +DAEMON_ARGS="--config-file=/etc/nova/nova.conf"
>
> and a bunch of
>
> +[DEFAULT]
>
> ?
What happened is that CVE-2012-3447 was embargoed. Ghe Rivero asked me
to take care of it, and upload the patch on the 7th of July, since he
was planing on going in holidays at that time. I'm not sure until when
he is away, he didn't send a mail to -private and I didn't ask him until
when he would go away. Ghe could you send a [VAC] message next time, please?
So I did take care of it, and was expecting to see no change in our Git.
So I did add the upstream patch for this CVE, built, then uploaded to SID.
But I was wrong, as Ghe did this commit, and didn't tell about it. He
didn't fill debian/changelog, which is why I didn't notice it either.
I hate pointing fingers at people, but here, I don't think I'm the one
to blame.
Anyway, let me explain what I believe this patch does. Previously, we
had only a single configuration file, called /etc/nova/nova.conf. But we
changed that, and we are now using /etc/nova/nova-compute.conf also,
which has hypervisor specific flags (for example, nova-compute-kvm will
have libvirt_type=kvm when nova-compute-xen will have
connection_type=xenapi).
So the important bit isn't:
-DAEMON_ARGS="--flagfile=/etc/nova/nova.conf"
+DAEMON_ARGS="--config-file=/etc/nova/nova.conf"
but this:
+test -f '/etc/nova/nova-compute.conf' && DAEMON_ARGS=${DAEMON_ARGS}"
--config-file=/etc/nova/nova-compute.conf"
which is necessary so that our new configuration files are used.
I believe that using --flagfile or --config-file does the exact same
thing. --flagfile was the old option, which has been replaced by
--config-file (and --flagfile is now deprecated). It's a good thing to
do that, so that it matches future releases of Openstack nova.
As for the [default] thing, I don't think that changes much anything,
and to be honest, I'm not really sure why Ghe has added this.
Unfortunately, it's impossible for me to ask him right away now.
Also, it seem to me that it's missing a [default] tag in
debian/nova-compute-xen.conf.dist (that one is only stored in
/usr/share/doc/nova-compute-xen, which is why it has a .dist extension
in the debian folder: /etc/nova/nova-compute.conf is maintained using
debconf in the case of nova-compute-xen). So if that has been forgotten
and is 100% necessary, then we will need to upload a fix and ask for
another unblock later on, I believe.
So, to Ghe, could you, in the future:
1/ Document your changes in debian/changelog *at the same time* as you
commit the rest of in our Git?
2/ Try to limit your changes, since we are frozen, or at least talk
about it in our Alioth list, so that I'm not in an uncomfortable
position like now? Was the addition of the [default] thing completely
necessary?
Anyway, I'm deeply concerned about this CVE. A lot more than these small
changes in the configuration files. I believe it is necessary to
unblock, even if I can't comment as much as I should on the above
changes. Holding the package to enter testing can be harmful to some users.
>> Also, Ubuntu folks already fixed the issue in 12.04.
>
> How is that at all relevant to the Debian freeze?
This isn't relevant to the freeze, but to the patch for CVE-2012-3447.
I'm just saying that it has been applied in 12.04 and that no user
complained about its accuracy, which is reassuring of the quality of the
patch. Sorry if I didn't make it clear enough.
One last thing: in our Git, I have already a debian/po/es.po update. I
didn't upload the package with it, because of the urgency=high. Was this
the co
Upcoming d-i beta2, round 1
Hi folks,
I've started looking at:
http://d-i.debian.org/testing-summary.html
plus the corresponding diffs against testing, and I came up with the
following things in my hints file:
unblock alsa-lib/1.0.25-4
unblock-udeb alsa-lib/1.0.25-4
unblock apt-setup/1:0.70
unblock-udeb apt-setup/1:0.70
unblock cdebconf/0.172
unblock-udeb cdebconf/0.172
unblock colo-installer/1.20
unblock-udeb colo-installer/1.20
unblock debian-installer-utils/1.92
unblock-udeb debian-installer-utils/1.92
unblock espeakup/1:0.71-10
unblock-udeb espeakup/1:0.71-10
# .gitignore files but oh well.
unblock grub-installer/1.77
unblock-udeb grub-installer/1.77
unblock gtk+2.0/2.24.10-2
unblock-udeb gtk+2.0/2.24.10-2
unblock hw-detect/1.90
unblock-udeb hw-detect/1.90
unblock live-installer/37
unblock-udeb live-installer/37
unblock partman-lvm/80
unblock-udeb partman-lvm/80
unblock partman-ufs/12
unblock-udeb partman-ufs/12
unblock prep-installer/0.16
unblock-udeb prep-installer/0.16
unblock preseed/1.54
unblock-udeb preseed/1.54
# ${misc:Depends} pulls cdebconf-udeb additionally.
unblock quik-installer/0.0.29
unblock-udeb quik-installer/0.0.29
unblock rootskel-gtk/1.25
unblock-udeb rootskel-gtk/1.25
unblock sibyl-installer/1.23
unblock-udeb sibyl-installer/1.23
unblock ttf-dejavu/2.33-3
unblock-udeb ttf-dejavu/2.33-3
unblock yaboot-installer/1.1.22
unblock-udeb yaboot-installer/1.1.22
To avoid wasting other release team member's time, I'd like to propose
adding such hints myself when it's about packages I didn't upload (with
a notification to both -release/-boot lists when it's about such big
chunks); and only bothering another RT member to get a review on my own
uploads.
If that's fine with everyone, I'll also add some age-days next time. I
wanted to come up with the above proposal before doing so…
Mraw,
KiBi.
signature.asc
Description: Digital signature
Bug#684437: unblock: fpc/2.6.0-6
Philipp Kern wrote:
Uhm, is it really required by policy to delete backup files that weren't
created by the package in the first place?
diff -Nru fpc-2.6.0/debian/fp-compiler.postrm.in
fpc-2.6.0/debian/fp-compiler.postrm.in
--- fpc-2.6.0/debian/fp-compiler.postrm.in 2012-05-06 21:43:32.0
+
+++ fpc-2.6.0/debian/fp-compiler.postrm.in 2012-08-09 22:55:10.0
+
@@ -4,12 +4,14 @@
ACTION=$1
-CFG_FILE="/etc/fpc-${VERSION}.cfg"
+CFG_FILE="/etc/fpc-${VERSION}"
# Debhelper code
#DEBHELPER#
if test "${ACTION}" = "purge"
then
- rm -f ${CFG_FILE}
+ rm -f "${CFG_FILE}".cfg
+ rm -f "${CFG_FILE}".bak
+ rm -f "${CFG_FILE}".*dpkg*
fi
The second part does not make me happy.
The .bak file is created by the package under some circumstances
(certain upgrade scenarios I believe).
I don't understand why abou put in the .*dpkg* line though. ccing
him to ask.
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/50258848.7010...@p10link.net
Bug#684532: marked as done (unblock: libpng/1.2.49-2)
Your message dated Fri, 10 Aug 2012 22:47:12 +0100
with message-id <1344635232.2978.23.ca...@jacala.jungle.funky-badger.org>
and subject line Re: Bug#684532: unblock: libpng/1.2.49-2
has caused the Debian Bug report #684532,
regarding unblock: libpng/1.2.49-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
684532: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684532
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
Please unblock package libpng.
In version 1.2.49-2, we fixed RC bug #681408.
libpng (1.2.49-2) unstable; urgency=high
* Change "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386
Add 02-681408-CVE-2012-3386-Makefile.in.patch
Closes: #681408
-- Anibal Monsalve Salazar Fri, 13 Jul 2012 12:31:39 +1000
Best regards,
Nobuhiro
unblock libpng/1.2.49-2
--
Nobuhiro Iwamatsu
iwamatsu at {nigauri.org / debian.org}
GPG ID: 40AD1FA6
libpng_1.2.49-2.debdiff
Description: Binary data
--- End Message ---
--- Begin Message ---
On Sat, 2012-08-11 at 06:25 +0900, Nobuhiro Iwamatsu wrote:
> Please unblock package libpng.
> In version 1.2.49-2, we fixed RC bug #681408.
>
> libpng (1.2.49-2) unstable; urgency=high
>
> * Change "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386
> Add 02-681408-CVE-2012-3386-Makefile.in.patch
> Closes: #681408
Already requested as #681414...
Regards,
Adam--- End Message ---
Bug#684534: unblock xfonts-a12k12/1-10
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
Please unblock package xfonts-a12k12.
old package is processing using old dh_installxfonts, directorys unnecessary
at the time of uninstallation remains. (Bug #682051)
This problem has been solved with covert to dh 9 in this version.
xfonts-a12k12 (1-10) unstable; urgency=low
* Update debian/control.
Bump up Standards-Version to 3.9.3.
* Update debian/rules.
- Convert to dh 9.
- Rebuild latest dh_installxfonts. (Closes: #682051)
-- Nobuhiro Iwamatsu Mon, 23 Jul 2012 05:16:46 +0900
Best regards,
Nobuhiro
unblock xfonts-a12k12/1-10
--
Nobuhiro Iwamatsu
iwamatsu at {nigauri.org / debian.org}
GPG ID: 40AD1FA6
xfonts-a12k12_1-10.debdiff
Description: Binary data
Bug#684532: unblock: libpng/1.2.49-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
Please unblock package libpng.
In version 1.2.49-2, we fixed RC bug #681408.
libpng (1.2.49-2) unstable; urgency=high
* Change "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386
Add 02-681408-CVE-2012-3386-Makefile.in.patch
Closes: #681408
-- Anibal Monsalve Salazar Fri, 13 Jul 2012 12:31:39 +1000
Best regards,
Nobuhiro
unblock libpng/1.2.49-2
--
Nobuhiro Iwamatsu
iwamatsu at {nigauri.org / debian.org}
GPG ID: 40AD1FA6
libpng_1.2.49-2.debdiff
Description: Binary data
Bug#684530: marked as done (unblock: clutter-1.0/1.10.8-2)
Your message dated Fri, 10 Aug 2012 22:10:37 +0100 with message-id <1344633037.2978.22.ca...@jacala.jungle.funky-badger.org> and subject line Re: Bug#684530: unblock: clutter-1.0/1.10.8-2 has caused the Debian Bug report #684530, regarding unblock: clutter-1.0/1.10.8-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 684530: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684530 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package clutter-1.0 There's a fix for a build-dependency and two patches that fix accessibility issues. unblock clutter-1.0/1.10.8-2 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=ca_ES.UTF-8@valencia, LC_CTYPE=ca_ES.UTF-8@valencia (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash --- End Message --- --- Begin Message --- On Fri, 2012-08-10 at 22:36 +0200, Jordi Mallach wrote: > Please unblock package clutter-1.0 > There's a fix for a build-dependency and two patches that fix > accessibility issues. Unblocked; thanks. Regards, Adam--- End Message ---
Bug#684366: marked as done (unblock: vclt-tools/0.1.2-3)
Your message dated Fri, 10 Aug 2012 22:07:22 +0100 with message-id <1344632842.2978.21.ca...@jacala.jungle.funky-badger.org> and subject line Re: Bug#684366: unblock: vclt-tools/0.1.2-3 has caused the Debian Bug report #684366, regarding unblock: vclt-tools/0.1.2-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 684366: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684366 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package vclt-tools It removes Philipp as maintainer. unblock vclt-tools/0.1.2-3 -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash --- End Message --- --- Begin Message --- On Thu, 2012-08-09 at 09:58 +0200, Patrick Matthäi wrote: > Please unblock package vclt-tools > > It removes Philipp as maintainer. Unblocked. Regards, Adam--- End Message ---
Bug#684372: marked as done (Freeze exception for plplot)
Your message dated Fri, 10 Aug 2012 22:05:54 +0100
with message-id <1344632754.2978.20.ca...@jacala.jungle.funky-badger.org>
and subject line Re: Bug#684372: Freeze exception for plplot
has caused the Debian Bug report #684372,
regarding Freeze exception for plplot
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
684372: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684372
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Please consider a release exception for the packages built from the
plplot source (plplot 5.9.9-5). These are currently in unstable. The
only differences from version 5.9.9-4 in testing are 3 bug fixes.
#680841 (serious), #683135 (normal): This FTBFS was a result of
changes in the new version of cmake which affected the ada build. Fixed
by this release.
#683878 (normal): Rebuilding with the latest gfortran closes this bug.
A further FTBFS was identified as part of the testing of the fix to
#680841 which related to cmake and lua. The patch also fixes this.
No other changes are included. A debdiff patch is attached for
reference.
Many thanks
Andrew
diff -Nru plplot-5.9.9/debian/changelog plplot-5.9.9/debian/changelog
--- plplot-5.9.9/debian/changelog 2012-04-04 21:45:15.0 +0100
+++ plplot-5.9.9/debian/changelog 2012-08-08 09:35:31.0 +0100
@@ -1,3 +1,16 @@
+plplot (5.9.9-5) unstable; urgency=low
+
+ * debian/patches/series, debian/patches/fix-cmake-ada-support.diff:
+Add patch from upstream to fix cmake ada support with cmake 2.8.9 and later
+(closes: #680841).
+ * debian/patches/series, debian/patches/fix-lua-includes.diff:
+Add patch to work around problem with lua cmake support. Debian now requires
+multiple include paths which were not found correctly. This prevents a FTBFS
+with recent versions of lua5.1.
+ * Recompile with latest version of gfortran (closes: #683878).
+
+ -- Andrew Ross Wed, 08 Aug 2012 09:34:10 +0100
+
plplot (5.9.9-4) unstable; urgency=low
* debian/rules:
diff -Nru plplot-5.9.9/debian/patches/fix-cmake-ada-support.diff plplot-5.9.9/debian/patches/fix-cmake-ada-support.diff
--- plplot-5.9.9/debian/patches/fix-cmake-ada-support.diff 1970-01-01 01:00:00.0 +0100
+++ plplot-5.9.9/debian/patches/fix-cmake-ada-support.diff 2012-07-19 23:06:14.0 +0100
@@ -0,0 +1,25 @@
+Description: Fix up cmake Ada support for compatibility with cmake 2.8.9
+Author: Andrew Ross
+Last-Update: 2012-07-19
+
+--- plplot-5.9.9.orig/cmake/modules/language_support/cmake/CMakeAdaInformation.cmake 2011-10-13 01:43:01.0 +0100
plplot-5.9.9/cmake/modules/language_support/cmake/CMakeAdaInformation.cmake 2012-07-19 23:03:27.835197249 +0100
+@@ -29,6 +29,18 @@
+ SET(CMAKE_SHARED_LIBRARY_CREATE_Ada_FLAGS ${CMAKE_SHARED_LIBRARY_CREATE_C_FLAGS})
+ ENDIF(NOT CMAKE_SHARED_LIBRARY_CREATE_Ada_FLAGS)
+
++IF(NOT CMAKE_Ada_COMPILE_OPTIONS_PIC)
++ SET(CMAKE_Ada_COMPILE_OPTIONS_PIC ${CMAKE_C_COMPILE_OPTIONS_PIC})
++ENDIF(NOT CMAKE_Ada_COMPILE_OPTIONS_PIC)
++
++IF(NOT CMAKE_Ada_COMPILE_OPTIONS_PIE)
++ SET(CMAKE_Ada_COMPILE_OPTIONS_PIE ${CMAKE_C_COMPILE_OPTIONS_PIE})
++ENDIF(NOT CMAKE_Ada_COMPILE_OPTIONS_PIE)
++
++IF(NOT CMAKE_Ada_COMPILE_OPTIONS_DLL)
++ SET(CMAKE_Ada_COMPILE_OPTIONS_DLL ${CMAKE_C_COMPILE_OPTIONS_DLL})
++ENDIF(NOT CMAKE_Ada_COMPILE_OPTIONS_DLL)
++
+ IF(NOT CMAKE_SHARED_LIBRARY_Ada_FLAGS)
+ SET(CMAKE_SHARED_LIBRARY_Ada_FLAGS ${CMAKE_SHARED_LIBRARY_C_FLAGS})
+ ENDIF(NOT CMAKE_SHARED_LIBRARY_Ada_FLAGS)
diff -Nru plplot-5.9.9/debian/patches/fix-lua-includes.diff plplot-5.9.9/debian/patches/fix-lua-includes.diff
--- plplot-5.9.9/debian/patches/fix-lua-includes.diff 1970-01-01 01:00:00.0 +0100
+++ plplot-5.9.9/debian/patches/fix-lua-includes.diff 2012-07-20 00:12:02.0 +0100
@@ -0,0 +1,21 @@
+Description: Fix for cmake lua support to work around problem that lua needs multiple include directories on Debian
+Author: Andrew Ross
+Last-Update: 2012-07-19
+
+===
+Index: plplot-5.9.9/cmake/modules/lua.cmake
+===
+--- plplot-5.9.9.orig/cmake/modules/lua.cmake 2011-10-13 01:43:01.0 +0100
plplot-5.9.9/cmake/modules/lua.cmake 2012-07-20 00:11:55.295075888 +0100
+@@ -118,3 +118,11 @@
+ set(LUA_DIR ${LIB_DIR}/lua/50/plplot)
+ endif(LUA51_FOUND)
+ endif(ENABLE_lua)
++
++if(ENABLE_lua AND LUA51_FOUND)
++ pkg_check_pkgconfig(lua5.1 includedir libdir linkflags1 cflags1 version1 _LUA)
++ if(linkflag
Bug#684385: marked as done (nmu: qt4-x11_4:4.8.2-2)
Your message dated Fri, 10 Aug 2012 22:02:40 +0100
with message-id <1344632560.2978.19.ca...@jacala.jungle.funky-badger.org>
and subject line Re: Bug#684385: nmu: qt4-x11_4:4.8.2-2
has caused the Debian Bug report #684385,
regarding nmu: qt4-x11_4:4.8.2-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
684385: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684385
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
Hello, there was a bug in GCC 4.7.1-2 that made apps like okular fail.
Rebuilding with -6 seems to solve this bug.
nmu qt4-x11_4:4.8.2-2 . ALL . -m "Rebuild with gcc/4.7.1-6 (Closes: #684177)."
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: mips
i386
Kernel: Linux 3.2.21+edid (SMP w/2 CPU cores)
Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
On Thu, 2012-08-09 at 07:42 -0300, Lisandro Damián Nicanor Pérez Meyer
wrote:
> Hello, there was a bug in GCC 4.7.1-2 that made apps like okular fail.
> Rebuilding with -6 seems to solve this bug.
>
> nmu qt4-x11_4:4.8.2-2 . ALL . -m "Rebuild with gcc/4.7.1-6 (Closes: #684177)."
Scheduled, but only for {kfreebsd-,}{amd64,i386}. gcc-4.7 isn't the
default on most architectures, so the bug won't be manifesting
elsewhere. hurd-i386 buildd admins CCed, as I wasn't sure if all of
their chroots had been upgraded so haven't scheduled a binNMU there.
Please note that binNMUs don't get closure mails generated by dak, so
you'll need to manually close the bug.
Regards,
Adam--- End Message ---
Bug#684358: marked as done (unblock: fontconfig/2.9.0-7)
Your message dated Fri, 10 Aug 2012 21:56:48 +0100 with message-id <1344632208.2978.15.ca...@jacala.jungle.funky-badger.org> and subject line Re: Bug#684358: unblock: fontconfig/2.9.0-7 has caused the Debian Bug report #684358, regarding unblock: fontconfig/2.9.0-7 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 684358: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684358 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package fontconfig Keith Packard apparently forgot to ask for unblock so I'm doing it on his behalf. This upload mostly upudates 3 debconf translations. Keith added another fix: * Don't clean ancient cache files on new install. Closes: #636173. The fixed issue is not RC but, from a quick read of the bug log, it should maybe be as the issue or more or less removing files belonging to other packages when the package is removed. The relevant change is: diff -Nru fontconfig-2.9.0-testing/debian/fontconfig.postinst fontconfig-2.9.0/debian/fontconfig.postinst --- fontconfig-2.9.0-testing/debian/fontconfig.postinst 2012-04-16 23:25:20.0 +0200 +++ fontconfig-2.9.0/debian/fontconfig.postinst 2012-07-25 17:10:52.0 +0200 @@ -12,7 +12,7 @@ #DEBHELPER# if [ "$1" = configure ]; then - if dpkg --compare-versions "$2" lt 2.4.0-1; then + if dpkg --compare-versions "$2" lt-nl 2.4.0-1; then printf "Cleaning up old fontconfig caches... " for dir in /usr/share/fonts /var/lib/defoma/fontconfig.d /usr/X11R6/lib/X11/fonts /usr/local/share/fonts ; do unblock fontconfig/2.9.0-7 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 3.2.0-3-686-pae (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash --- End Message --- --- Begin Message --- On Thu, 2012-08-09 at 08:36 +0200, Christian Perrier wrote: > This upload mostly upudates 3 debconf translations. > > Keith added another fix: > * Don't clean ancient cache files on new install. Closes: #636173. > > The fixed issue is not RC but, from a quick read of the bug log, it > should maybe be as the issue or more or less removing files belonging > to other packages when the package is removed. Unblocked; thanks. Regards, Adam--- End Message ---
Bug#684449: marked as done (unblock: ufw/0.31.1-2)
Your message dated Fri, 10 Aug 2012 21:43:47 +0100 with message-id <1344631427.2978.14.ca...@jacala.jungle.funky-badger.org> and subject line Re: Bug#684449: unblock: ufw/0.31.1-2 has caused the Debian Bug report #684449, regarding unblock: ufw/0.31.1-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 684449: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684449 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package ufw Fixes RC bug #672439 unblock ufw/0.31.1-2 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-27-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=locale: Cannot set LC_CTYPE to default locale: No such file or directory locale: Cannot set LC_MESSAGES to default locale: No such file or directory locale: Cannot set LC_ALL to default locale: No such file or directory ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash diff -Nru ufw-0.31.1/debian/changelog ufw-0.31.1/debian/changelog --- ufw-0.31.1/debian/changelog 2012-04-04 12:12:29.0 -0500 +++ ufw-0.31.1/debian/changelog 2012-07-20 15:06:17.0 -0500 @@ -1,3 +1,15 @@ +ufw (0.31.1-2) unstable; urgency=low + + * Simplify unload of firewall and play nicely with other firewall tools by +using ufw-init instead of iptables directly. 'ufw-init stop' by design +leaves a few empty chains around, but they won't get in the way of +anything and are gone after the next reboot. Using upstream's ufw-init has +the important benefit of always cleaning what it needs. (Closes: 672439). +- debian/prerm: call '/lib/ufw/ufw-init stop' on removal +- debian/postrm: don't flush the chains on purge + + -- Jamie Strandboge Fri, 20 Jul 2012 15:05:39 -0500 + ufw (0.31.1-1) unstable; urgency=low * New upstream release (Closes: 663677, Closes: 625681) diff -Nru ufw-0.31.1/debian/postrm ufw-0.31.1/debian/postrm --- ufw-0.31.1/debian/postrm 2012-03-17 09:30:25.0 -0500 +++ ufw-0.31.1/debian/postrm 2012-07-20 15:05:23.0 -0500 @@ -23,21 +23,6 @@ done rm -f $RULES_PATH/ufw.rules $RULES_PATH/ufw.rules.dpkg-old rm -f $USER_PATH/user.rules $USER_PATH/user6.rules - -# go back to default accept, if ufw was enabled -if [ -f "$UFW_CONF" ] && grep -qi "^ENABLED=yes" "$UFW_CONF"; then -for exe in iptables ip6tables -do -if which $exe > /dev/null 2>&1; then -$exe -P INPUT ACCEPT 2>/dev/null || true -$exe -P OUTPUT ACCEPT 2>/dev/null || true -$exe -P FORWARD ACCEPT 2>/dev/null || true -$exe -F 2>/dev/null || true -$exe -X 2>/dev/null || true -fi -done -fi - rm -f "$UFW_CONF" ;; diff -Nru ufw-0.31.1/debian/prerm ufw-0.31.1/debian/prerm --- ufw-0.31.1/debian/prerm 1969-12-31 18:00:00.0 -0600 +++ ufw-0.31.1/debian/prerm 2012-07-20 15:05:23.0 -0500 @@ -0,0 +1,12 @@ +#!/bin/sh -e + +case "$1" in +remove) +# Unload ufw (will only happen if enabled) +if [ -x /lib/ufw/ufw-init ]; then +/lib/ufw/ufw-init stop || true +fi +;; +esac + +#DEBHELPER# --- End Message --- --- Begin Message --- On Fri, 2012-08-10 at 01:05 -0500, Jamie Strandboge wrote: > Please unblock package ufw > > Fixes RC bug #672439 Unblocked; thanks. Regards, Adam--- End Message ---
Bug#684452: CVE-2012-3447 unblock: nova/2012.1.1-6
On Fri, 2012-08-10 at 14:25 +0800, Thomas Goirand wrote: > Please unblock the nova package. This fixes CVE-2012-3447, which is a > file injection vulnerability in the host filesystem, using a specially > crafted guest image. > > The relevant diff is available here: > http://anonscm.debian.org/gitweb/?p=openstack/nova.git;a=commitdiff;h=55e78f9cbaa1c4657a97c6b20797a94968030e75 Please don't do that. It needs a context switch, doesn't work when reading mail offline and means that the list archive doesn't stand alone as a historical, well, archive of what was okayed. There's a reason that the freeze policy explicitly asks for debdiffs. > The patch comes directly from upstream, as per the patch header (I just > applied it manually, then did dpkg-source --commit). > > Note that this also includes a (needed) tweak in the configuration files > as per this commit: > http://anonscm.debian.org/gitweb/?p=openstack/nova.git;a=commitdiff;h=4cd725c5d164484a3ddb6bf95f37fb715cb51169 Two questions: 1) Why is there no mention of the above changes in the changelog? 2) Why does "Add nova-compute.conf files to nova-compute init if exist" require -DAEMON_ARGS="--flagfile=/etc/nova/nova.conf" +DAEMON_ARGS="--config-file=/etc/nova/nova.conf" and a bunch of +[DEFAULT] ? > Also, Ubuntu folks already fixed the issue in 12.04. How is that at all relevant to the Debian freeze? Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1344631308.2978.13.ca...@jacala.jungle.funky-badger.org
Bug#684185: unblock: wmii/3.9.2+debian-4
Hello, On Wed, 8 Aug 2012 01:05:11 +0200 Cyril Brulebois wrote: > > Please review it an tell me if it fits to be uploaded to unstable > > with a freeze exception for wheezy/testing. > Please get your package uploaded, and let us (this bug report) know > when it's accepted. It's been uploaded: http://packages.qa.debian.org/w/wmii/news/20120809T133224Z.html -- WBR, Andrew signature.asc Description: PGP signature
Bug#684530: unblock: clutter-1.0/1.10.8-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package clutter-1.0 There's a fix for a build-dependency and two patches that fix accessibility issues. unblock clutter-1.0/1.10.8-2 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=ca_ES.UTF-8@valencia, LC_CTYPE=ca_ES.UTF-8@valencia (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120810203657.21379.86811.report...@aigua.oskuro.net
Bug#684493: marked as done (unblock: python-ethtool/0.7-1.1)
Your message dated Fri, 10 Aug 2012 21:21:36 +0100 with message-id <1344630096.2978.8.ca...@jacala.jungle.funky-badger.org> and subject line Re: Bug#684493: unblock: python-ethtool/0.7-1.1 has caused the Debian Bug report #684493, regarding unblock: python-ethtool/0.7-1.1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 684493: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684493 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package python-ethtool It fixes RC bug #683174: FTBFS: Requires internet connectivity unblock python-ethtool/0.7-1.1 diff -Nru python-ethtool-0.7/debian/changelog python-ethtool-0.7/debian/changelog --- python-ethtool-0.7/debian/changelog 2012-06-15 21:05:41.0 +0200 +++ python-ethtool-0.7/debian/changelog 2012-08-07 15:26:56.0 +0200 @@ -1,3 +1,11 @@ +python-ethtool (0.7-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Add docbook-xsl to Build-Depends so the build system doesn't try to +download manpages/docbook.xsl from the internet. (Closes: #683174) + + -- Felix Geyer Tue, 07 Aug 2012 15:25:14 +0200 + python-ethtool (0.7-1) unstable; urgency=low * Packaging for Debian main (Closes: #549323). diff -Nru python-ethtool-0.7/debian/control python-ethtool-0.7/debian/control --- python-ethtool-0.7/debian/control 2012-06-15 21:05:41.0 +0200 +++ python-ethtool-0.7/debian/control 2012-08-07 15:25:08.0 +0200 @@ -3,7 +3,7 @@ Priority: extra Maintainer: Miroslav Suchý Uploaders: Bernd Zeimetz -Build-Depends: debhelper (>= 7.0.50~), python-all-dev (>= 2.6.6-3~), libnl-dev, asciidoc, pkg-config, libxml2-utils, docbook-xml, xsltproc +Build-Depends: debhelper (>= 7.0.50~), python-all-dev (>= 2.6.6-3~), libnl-dev, asciidoc, pkg-config, libxml2-utils, docbook-xml, docbook-xsl, xsltproc Standards-Version: 3.9.3 Homepage: http://fedorapeople.org/gitweb?p=dsommers/public_git/python-ethtool.git;a=summary Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/spacewalk/python-ethtool.git --- End Message --- --- Begin Message --- On Fri, 2012-08-10 at 15:26 +0200, Felix Geyer wrote: > Please unblock package python-ethtool > > It fixes RC bug #683174: FTBFS: Requires internet connectivity Unblocked; thanks. Regards, Adam--- End Message ---
Bug#684495: marked as done (unblock: lustre/1.8.5+dfsg-3.1)
Your message dated Fri, 10 Aug 2012 21:20:21 +0100 with message-id <1344630021.2978.7.ca...@jacala.jungle.funky-badger.org> and subject line Re: Bug#684495: unblock: lustre/1.8.5+dfsg-3.1 has caused the Debian Bug report #684495, regarding unblock: lustre/1.8.5+dfsg-3.1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 684495: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684495 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: freeze-exception lustre has been recently adjusted to build with more recent automake versions than automake1.7, scheduled for removal from the archive (#648591). The other remaining rdep was isdnutils (unblocked in #684320), automake1.7 can hopefully go away soon. I'm attaching a debdiff of the changes introduced. Thanks for considering a freeze exception for lustre. lustre.diff Description: Binary data --- End Message --- --- Begin Message --- On Fri, 2012-08-10 at 15:31 +0200, Luca Falavigna wrote: > lustre has been recently adjusted to build with more recent automake > versions than automake1.7, scheduled for removal from the archive > (#648591). The other remaining rdep was isdnutils (unblocked in > #684320), automake1.7 can hopefully go away soon. > I'm attaching a debdiff of the changes introduced. > > Thanks for considering a freeze exception for lustre. Unblocked. Regards, Adam--- End Message ---
Bug#684507: marked as done (unblock: rygel/0.14.3-1)
Your message dated Fri, 10 Aug 2012 21:19:02 +0100 with message-id <1344629942.2978.6.ca...@jacala.jungle.funky-badger.org> and subject line Re: Bug#684507: unblock: rygel/0.14.3-1 has caused the Debian Bug report #684507, regarding unblock: rygel/0.14.3-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 684507: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684507 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package rygel It contains an important fix (workaround for gstreamer bug apparently) to avoid initial indexing of media taking really long time. This fix was recommended by upstreams Jens Georg (thanks) to include in Debian. (The new upstream release also contains another fix which we are already shipping as a patch, plus two translations Hopefully you agree that the changes are uncontroversal. Diff could be smaller if I continued patching, but I prefer shipping a proper release. I went ahead and uploaded it when I noticed that my Pre-approval request somehow had not reached the debian-release list.) Fwiw, please don't waste too much time reviewing the pre-generated C changes shipped in the upstream tarball since we rebuild everything with our own valac during package build anyway... unblock rygel/0.14.3-1 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (300, 'unstable'), (100, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash --- End Message --- --- Begin Message --- On Fri, 2012-08-10 at 16:37 +0200, Andreas Henriksson wrote: > Please unblock package rygel > > It contains an important fix (workaround for gstreamer bug apparently) > to avoid initial indexing of media taking really long time. > This fix was recommended by upstreams Jens Georg (thanks) to include > in Debian. fwiw, I debated grumbling about the package relationships change: + * rygel suggests -playbin, and -playbin enhances rygel I didn't because neither of them make any real difference. Although that's also arguably a reason not to accept them during a freeze. *shrug* > (The new upstream release also contains another fix which we are > already shipping as a patch, plus two translations Hopefully > you agree that the changes are uncontroversal. Diff could be smaller > if I continued patching, but I prefer shipping a proper release. > I went ahead and uploaded it when I noticed that my Pre-approval > request somehow had not reached the debian-release list.) Did it by any chance contain a copy of the full debdiff, particularly the changelog? ChangeLog |15267 +- Unblocked. Regards, Adam--- End Message ---
Bug#684518: marked as done (unblock: ruby-actionpack-3.2/3.2.6-4)
Your message dated Fri, 10 Aug 2012 21:11:23 +0100
with message-id <1344629483.2978.3.ca...@jacala.jungle.funky-badger.org>
and subject line Re: Bug#684518: unblock: ruby-actionpack-3.2/3.2.6-4
has caused the Debian Bug report #684518,
regarding unblock: ruby-actionpack-3.2/3.2.6-4
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
684518: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684518
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package ruby-actionpack-3.2
This new versio includes fixes for two security problems (CVE-2012-3463,
CVE-2012-3465), closing 1 RC bug (#684454).
Follows a debdiff between the version in testing and this new version,
which was just uploaded to untable.
unblock ruby-actionpack-3.2/3.2.6-4
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.utf8, LC_CTYPE=pt_BR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--
Antonio Terceiro
diff -Nru ruby-actionpack-3.2-3.2.6/debian/changelog ruby-actionpack-3.2-3.2.6/debian/changelog
--- ruby-actionpack-3.2-3.2.6/debian/changelog 2012-08-04 09:29:24.0 -0300
+++ ruby-actionpack-3.2-3.2.6/debian/changelog 2012-08-10 13:33:44.0 -0300
@@ -1,3 +1,16 @@
+ruby-actionpack-3.2 (3.2.6-4) unstable; urgency=high
+
+ * Add patches for security problems (Closes: #684454):
++ CVE-2012-3463 - Ruby on Rails Potential XSS Vulnerability in select_tag
+ prompt
++ CVE-2012-3465 - XSS Vulnerability in strip_tags
++ Both patches were edited from their original versions in two ways:
+ - the leading a/ and b/ from the filenames were stripped
+ - changes over test files were removed, since the Debian package
+contains no test files.
+
+ -- Antonio Terceiro Fri, 10 Aug 2012 13:08:08 -0300
+
ruby-actionpack-3.2 (3.2.6-3) unstable; urgency=high
* Add patch by Aaron Patterson for CVE-2012-3424 (Closes: #683370)
diff -Nru ruby-actionpack-3.2-3.2.6/debian/patches/CVE-2012-3463.patch ruby-actionpack-3.2-3.2.6/debian/patches/CVE-2012-3463.patch
--- ruby-actionpack-3.2-3.2.6/debian/patches/CVE-2012-3463.patch 1969-12-31 21:00:00.0 -0300
+++ ruby-actionpack-3.2-3.2.6/debian/patches/CVE-2012-3463.patch 2012-08-10 13:31:17.0 -0300
@@ -0,0 +1,30 @@
+From ec30fba02d2d3a0c90dfc9a38629d2c0d55bf8c1 Mon Sep 17 00:00:00 2001
+From: Santiago Pastorino
+Date: Wed, 8 Aug 2012 15:10:35 -0700
+Subject: [PATCH] escape select_tag :prompt values
+
+---
+ actionpack/lib/action_view/helpers/form_tag_helper.rb | 4 ++--
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git actionpack/lib/action_view/helpers/form_tag_helper.rb actionpack/lib/action_view/helpers/form_tag_helper.rb
+index 066b98d..9e0ec17 100644
+--- actionpack/lib/action_view/helpers/form_tag_helper.rb
actionpack/lib/action_view/helpers/form_tag_helper.rb
+@@ -122,11 +122,11 @@ module ActionView
+ html_name = (options[:multiple] == true && !name.to_s.ends_with?("[]")) ? "#{name}[]" : name
+
+ if options.delete(:include_blank)
+- option_tags = "".html_safe + option_tags
++ option_tags = content_tag(:option, '', :value => '').safe_concat(option_tags)
+ end
+
+ if prompt = options.delete(:prompt)
+- option_tags = "#{prompt}".html_safe + option_tags
++ option_tags = content_tag(:option, prompt, :value => '').safe_concat(option_tags)
+ end
+
+ content_tag :select, option_tags, { "name" => html_name, "id" => sanitize_to_id(name) }.update(options.stringify_keys)
+--
+1.7.11.1
+
diff -Nru ruby-actionpack-3.2-3.2.6/debian/patches/CVE-2012-3465.patch ruby-actionpack-3.2-3.2.6/debian/patches/CVE-2012-3465.patch
--- ruby-actionpack-3.2-3.2.6/debian/patches/CVE-2012-3465.patch 1969-12-31 21:00:00.0 -0300
+++ ruby-actionpack-3.2-3.2.6/debian/patches/CVE-2012-3465.patch 2012-08-10 13:31:39.0 -0300
@@ -0,0 +1,26 @@
+From bb98352d42d654970299450b009223968a53c6f8 Mon Sep 17 00:00:00 2001
+From: Santiago Pastorino
+Date: Wed, 8 Aug 2012 14:33:39 -0700
+Subject: [PATCH] Do not mark strip_tags result as html_safe
+
+Thanks to Marek Labos & Nethemba
+---
+ actionpack/lib/action_view/helpers/sanitize_helper.rb | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git actionpack/lib/action_view/helpers/sanitize_helper.
Bug#684519: marked as done (unblock: mantis/1.2.11-1.1)
Your message dated Fri, 10 Aug 2012 21:09:59 +0100 with message-id <1344629399.2978.2.ca...@jacala.jungle.funky-badger.org> and subject line Re: Bug#684519: unblock: mantis/Accepted 1.2.11-1.1 has caused the Debian Bug report #684519, regarding unblock: mantis/1.2.11-1.1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 684519: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684519 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package mantis This NMU, made unfortunately without ACK from the maintainer, fixes a pending Czech translation of debconf templates. unblock mantis/Accepted 1.2.11-1.1 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 3.2.0-3-686-pae (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash --- End Message --- --- Begin Message --- On Fri, 2012-08-10 at 19:25 +0200, Christian Perrier wrote: > Please unblock package mantis > > This NMU, made unfortunately without ACK from the maintainer, fixes a > pending Czech translation of debconf templates. Unblocked. Regards, Adam--- End Message ---
Re: xz compression and mysql-5.5
On 10/08/12 09:23, Ansgar Burchardt wrote: > On 08/08/2012 10:43 PM, Nicholas Bamber wrote: >> I have not finished testing your patch but I have a few questions. >> >> Firstly it raises a new lintian error requiring a Pre-Depends on dpkg >> (=> 1.15.6~). I know that this is more of an issue for Ubuntu and that >> Ubuntu won't in this case be syncing from wheezy, so I guess we can live >> with the warning. But to be careful I thought I had better run it past >> you. I certainly would want to follow lintian's advice post-wheezy. > > The Pre-Depends should be safe to include, but it was mostly included > for Ubuntu as they support upgrading from a release with an older dpkg. > >> Also you say " please keep in mind to not include additional changes." >> however I also have #683733 to fix which I think I should be in the >> same release. > > Feel free to include additional changes for wheezy as long as you are > confident that the release team will approve them. I included that > sentence to prevent people from including changes not intended for wheezy. > > Ansgar > Well it builds okay so far. I just feel I should test a bit more. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50256a8b.5050...@periapt.co.uk
Bug#684522: marked as done (unblock: ruby-activesupport-3.2/3.2.6-4)
Your message dated Fri, 10 Aug 2012 21:05:13 +0100
with message-id <1344629113.2978.0.ca...@jacala.jungle.funky-badger.org>
and subject line Re: Bug#684522: unblock: ruby-activesupport-3.2/3.2.6-4
has caused the Debian Bug report #684522,
regarding unblock: ruby-activesupport-3.2/3.2.6-4
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
684522: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684522
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package ruby-activesupport-3.2
This version fixes one security problem (CVE-2012-3464), closing one RC
bug (#684517).
The debdiff between the version in testing and this one, which was just
uploaded to unstable, is attached.
unblock ruby-activesupport-3.2/3.2.6-4
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.utf8, LC_CTYPE=pt_BR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--
Antonio Terceiro
diff -Nru ruby-activesupport-3.2-3.2.6/debian/changelog ruby-activesupport-3.2-3.2.6/debian/changelog
--- ruby-activesupport-3.2-3.2.6/debian/changelog 2012-06-24 18:58:16.0 -0300
+++ ruby-activesupport-3.2-3.2.6/debian/changelog 2012-08-10 14:23:44.0 -0300
@@ -1,3 +1,10 @@
+ruby-activesupport-3.2 (3.2.6-4) unstable; urgency=high
+
+ * debian/patches/CVE-2012-3464.patch: fixes potential XSS vulnerability.
+CVE-2012-3464 (Closes: #684517).
+
+ -- Antonio Terceiro Fri, 10 Aug 2012 14:10:41 -0300
+
ruby-activesupport-3.2 (3.2.6-3) unstable; urgency=low
* Bump build dependency on gem2deb to >= 0.3.0~
diff -Nru ruby-activesupport-3.2-3.2.6/debian/patches/CVE-2012-3464.patch ruby-activesupport-3.2-3.2.6/debian/patches/CVE-2012-3464.patch
--- ruby-activesupport-3.2-3.2.6/debian/patches/CVE-2012-3464.patch 1969-12-31 21:00:00.0 -0300
+++ ruby-activesupport-3.2-3.2.6/debian/patches/CVE-2012-3464.patch 2012-08-10 14:10:25.0 -0300
@@ -0,0 +1,32 @@
+Description: [PATCH] html_escape should escape single quotes
+ This patch was adapted by Antonio Terceiro to
+ activesupport 3.2.6, which was the version in testing at the time.
+Author: Santiago Pastorino
+
+---
+
+Origin: upstream
+Bug: https://github.com/rails/rails/issues/7215
+Reviewed-By: Antonio Terceiro
+Last-Update: 2012-08-10
+
+--- ruby-activesupport-3.2-3.2.6.orig/lib/active_support/core_ext/string/output_safety.rb
ruby-activesupport-3.2-3.2.6/lib/active_support/core_ext/string/output_safety.rb
+@@ -3,7 +3,7 @@ require 'active_support/core_ext/kernel/
+
+ class ERB
+ module Util
+-HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"' }
++HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"', "'" => ''' }
+ JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' }
+
+ # Detect whether 1.9 can transcode with XML escaping.
+@@ -22,7 +22,7 @@ class ERB
+ if s.html_safe?
+ s
+ else
+- s.encode(s.encoding, :xml => :attr)[1...-1].html_safe
++ s.gsub(/[&"'><]/, HTML_ESCAPE).html_safe
+ end
+ end
+ else
diff -Nru ruby-activesupport-3.2-3.2.6/debian/patches/series ruby-activesupport-3.2-3.2.6/debian/patches/series
--- ruby-activesupport-3.2-3.2.6/debian/patches/series 1969-12-31 21:00:00.0 -0300
+++ ruby-activesupport-3.2-3.2.6/debian/patches/series 2012-08-10 14:07:22.0 -0300
@@ -0,0 +1 @@
+CVE-2012-3464.patch
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
On Fri, 2012-08-10 at 14:31 -0300, Antonio Terceiro wrote:
> Please unblock package ruby-activesupport-3.2
>
> This version fixes one security problem (CVE-2012-3464), closing one RC
> bug (#684517).
Unblocked; thanks.
Regards,
Adam--- End Message ---
Processed: retitle 684519 to unblock: mantis/1.2.11-1.1
Processing commands for cont...@bugs.debian.org: > retitle 684519 unblock: mantis/1.2.11-1.1 Bug #684519 [release.debian.org] unblock: mantis/Accepted 1.2.11-1.1 Changed Bug title to 'unblock: mantis/1.2.11-1.1' from 'unblock: mantis/Accepted 1.2.11-1.1' > thanks Stopping processing here. Please contact me if you need assistance. -- 684519: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684519 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.134462181820475.transcr...@bugs.debian.org
Bug#684522: unblock: ruby-activesupport-3.2/3.2.6-4
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package ruby-activesupport-3.2
This version fixes one security problem (CVE-2012-3464), closing one RC
bug (#684517).
The debdiff between the version in testing and this one, which was just
uploaded to unstable, is attached.
unblock ruby-activesupport-3.2/3.2.6-4
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.utf8, LC_CTYPE=pt_BR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--
Antonio Terceiro
diff -Nru ruby-activesupport-3.2-3.2.6/debian/changelog ruby-activesupport-3.2-3.2.6/debian/changelog
--- ruby-activesupport-3.2-3.2.6/debian/changelog 2012-06-24 18:58:16.0 -0300
+++ ruby-activesupport-3.2-3.2.6/debian/changelog 2012-08-10 14:23:44.0 -0300
@@ -1,3 +1,10 @@
+ruby-activesupport-3.2 (3.2.6-4) unstable; urgency=high
+
+ * debian/patches/CVE-2012-3464.patch: fixes potential XSS vulnerability.
+CVE-2012-3464 (Closes: #684517).
+
+ -- Antonio Terceiro Fri, 10 Aug 2012 14:10:41 -0300
+
ruby-activesupport-3.2 (3.2.6-3) unstable; urgency=low
* Bump build dependency on gem2deb to >= 0.3.0~
diff -Nru ruby-activesupport-3.2-3.2.6/debian/patches/CVE-2012-3464.patch ruby-activesupport-3.2-3.2.6/debian/patches/CVE-2012-3464.patch
--- ruby-activesupport-3.2-3.2.6/debian/patches/CVE-2012-3464.patch 1969-12-31 21:00:00.0 -0300
+++ ruby-activesupport-3.2-3.2.6/debian/patches/CVE-2012-3464.patch 2012-08-10 14:10:25.0 -0300
@@ -0,0 +1,32 @@
+Description: [PATCH] html_escape should escape single quotes
+ This patch was adapted by Antonio Terceiro to
+ activesupport 3.2.6, which was the version in testing at the time.
+Author: Santiago Pastorino
+
+---
+
+Origin: upstream
+Bug: https://github.com/rails/rails/issues/7215
+Reviewed-By: Antonio Terceiro
+Last-Update: 2012-08-10
+
+--- ruby-activesupport-3.2-3.2.6.orig/lib/active_support/core_ext/string/output_safety.rb
ruby-activesupport-3.2-3.2.6/lib/active_support/core_ext/string/output_safety.rb
+@@ -3,7 +3,7 @@ require 'active_support/core_ext/kernel/
+
+ class ERB
+ module Util
+-HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"' }
++HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"', "'" => ''' }
+ JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' }
+
+ # Detect whether 1.9 can transcode with XML escaping.
+@@ -22,7 +22,7 @@ class ERB
+ if s.html_safe?
+ s
+ else
+- s.encode(s.encoding, :xml => :attr)[1...-1].html_safe
++ s.gsub(/[&"'><]/, HTML_ESCAPE).html_safe
+ end
+ end
+ else
diff -Nru ruby-activesupport-3.2-3.2.6/debian/patches/series ruby-activesupport-3.2-3.2.6/debian/patches/series
--- ruby-activesupport-3.2-3.2.6/debian/patches/series 1969-12-31 21:00:00.0 -0300
+++ ruby-activesupport-3.2-3.2.6/debian/patches/series 2012-08-10 14:07:22.0 -0300
@@ -0,0 +1 @@
+CVE-2012-3464.patch
signature.asc
Description: Digital signature
Bug#683243: unblock: keystone/2012.1.1-2
Quoting Thomas Goirand (z...@debian.org): > > Thomas, it seems that you forgot to answer this question from > > Julienwhich, in turn, leaves the unblock request unadressed. Any > > chance that you can do so? > > I didn't forget. That's because we are still waiting for new debconf > translations from you (eg: the template that went away in 2012.1.1-2), > so I didn't think it was needed to bother the release team until this is > fixed. Oh sure, you're right. Forgot about it (the call for translations is indeed running onright now) as I didn't add a note about that in my status file. signature.asc Description: Digital signature
Bug#684519: unblock: mantis/Accepted 1.2.11-1.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package mantis This NMU, made unfortunately without ACK from the maintainer, fixes a pending Czech translation of debconf templates. unblock mantis/Accepted 1.2.11-1.1 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 3.2.0-3-686-pae (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120810172555.19744.62636.report...@mykerinos.kheops.frmug.org
Bug#684518: unblock: ruby-actionpack-3.2/3.2.6-4
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package ruby-actionpack-3.2
This new versio includes fixes for two security problems (CVE-2012-3463,
CVE-2012-3465), closing 1 RC bug (#684454).
Follows a debdiff between the version in testing and this new version,
which was just uploaded to untable.
unblock ruby-actionpack-3.2/3.2.6-4
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.utf8, LC_CTYPE=pt_BR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--
Antonio Terceiro
diff -Nru ruby-actionpack-3.2-3.2.6/debian/changelog ruby-actionpack-3.2-3.2.6/debian/changelog
--- ruby-actionpack-3.2-3.2.6/debian/changelog 2012-08-04 09:29:24.0 -0300
+++ ruby-actionpack-3.2-3.2.6/debian/changelog 2012-08-10 13:33:44.0 -0300
@@ -1,3 +1,16 @@
+ruby-actionpack-3.2 (3.2.6-4) unstable; urgency=high
+
+ * Add patches for security problems (Closes: #684454):
++ CVE-2012-3463 - Ruby on Rails Potential XSS Vulnerability in select_tag
+ prompt
++ CVE-2012-3465 - XSS Vulnerability in strip_tags
++ Both patches were edited from their original versions in two ways:
+ - the leading a/ and b/ from the filenames were stripped
+ - changes over test files were removed, since the Debian package
+contains no test files.
+
+ -- Antonio Terceiro Fri, 10 Aug 2012 13:08:08 -0300
+
ruby-actionpack-3.2 (3.2.6-3) unstable; urgency=high
* Add patch by Aaron Patterson for CVE-2012-3424 (Closes: #683370)
diff -Nru ruby-actionpack-3.2-3.2.6/debian/patches/CVE-2012-3463.patch ruby-actionpack-3.2-3.2.6/debian/patches/CVE-2012-3463.patch
--- ruby-actionpack-3.2-3.2.6/debian/patches/CVE-2012-3463.patch 1969-12-31 21:00:00.0 -0300
+++ ruby-actionpack-3.2-3.2.6/debian/patches/CVE-2012-3463.patch 2012-08-10 13:31:17.0 -0300
@@ -0,0 +1,30 @@
+From ec30fba02d2d3a0c90dfc9a38629d2c0d55bf8c1 Mon Sep 17 00:00:00 2001
+From: Santiago Pastorino
+Date: Wed, 8 Aug 2012 15:10:35 -0700
+Subject: [PATCH] escape select_tag :prompt values
+
+---
+ actionpack/lib/action_view/helpers/form_tag_helper.rb | 4 ++--
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git actionpack/lib/action_view/helpers/form_tag_helper.rb actionpack/lib/action_view/helpers/form_tag_helper.rb
+index 066b98d..9e0ec17 100644
+--- actionpack/lib/action_view/helpers/form_tag_helper.rb
actionpack/lib/action_view/helpers/form_tag_helper.rb
+@@ -122,11 +122,11 @@ module ActionView
+ html_name = (options[:multiple] == true && !name.to_s.ends_with?("[]")) ? "#{name}[]" : name
+
+ if options.delete(:include_blank)
+- option_tags = "".html_safe + option_tags
++ option_tags = content_tag(:option, '', :value => '').safe_concat(option_tags)
+ end
+
+ if prompt = options.delete(:prompt)
+- option_tags = "#{prompt}".html_safe + option_tags
++ option_tags = content_tag(:option, prompt, :value => '').safe_concat(option_tags)
+ end
+
+ content_tag :select, option_tags, { "name" => html_name, "id" => sanitize_to_id(name) }.update(options.stringify_keys)
+--
+1.7.11.1
+
diff -Nru ruby-actionpack-3.2-3.2.6/debian/patches/CVE-2012-3465.patch ruby-actionpack-3.2-3.2.6/debian/patches/CVE-2012-3465.patch
--- ruby-actionpack-3.2-3.2.6/debian/patches/CVE-2012-3465.patch 1969-12-31 21:00:00.0 -0300
+++ ruby-actionpack-3.2-3.2.6/debian/patches/CVE-2012-3465.patch 2012-08-10 13:31:39.0 -0300
@@ -0,0 +1,26 @@
+From bb98352d42d654970299450b009223968a53c6f8 Mon Sep 17 00:00:00 2001
+From: Santiago Pastorino
+Date: Wed, 8 Aug 2012 14:33:39 -0700
+Subject: [PATCH] Do not mark strip_tags result as html_safe
+
+Thanks to Marek Labos & Nethemba
+---
+ actionpack/lib/action_view/helpers/sanitize_helper.rb | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git actionpack/lib/action_view/helpers/sanitize_helper.rb actionpack/lib/action_view/helpers/sanitize_helper.rb
+index 7768c8c..0f6a5ed 100644
+--- actionpack/lib/action_view/helpers/sanitize_helper.rb
actionpack/lib/action_view/helpers/sanitize_helper.rb
+@@ -80,7 +80,7 @@ module ActionView
+ # strip_tags("Welcome to my website!")
+ # # => Welcome to my website!
+ def strip_tags(html)
+-self.class.full_sanitizer.sanitize(html).try(:html_safe)
++self.class.full_sanitizer.sanitize(html)
+ end
+
+ # Strips all link tags from +text+ leaving just the link text.
+--
+1.7.11.1
+
diff -Nru ruby-actionpack-3.2-3.2.6/debian/patches/series ruby-actionpack-3.2-3.2.6/debian/patches/series
--- ruby-actionpack-3.2-3.2.6/debian/patches/series 2012-08-04 09:26:26.0 -0300
+++ ruby-actionpack-3.2-3.2.6/debian/patches/series 2012-08-10 13:29:41.0 -0300
@@ -1 +1
Bug#684507: unblock: rygel/0.14.3-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package rygel It contains an important fix (workaround for gstreamer bug apparently) to avoid initial indexing of media taking really long time. This fix was recommended by upstreams Jens Georg (thanks) to include in Debian. (The new upstream release also contains another fix which we are already shipping as a patch, plus two translations Hopefully you agree that the changes are uncontroversal. Diff could be smaller if I continued patching, but I prefer shipping a proper release. I went ahead and uploaded it when I noticed that my Pre-approval request somehow had not reached the debian-release list.) Fwiw, please don't waste too much time reviewing the pre-generated C changes shipped in the upstream tarball since we rebuild everything with our own valac during package build anyway... unblock rygel/0.14.3-1 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (300, 'unstable'), (100, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120810143744.1530.88382.report...@amd64.fatal.se
Bug#684495: unblock: lustre/1.8.5+dfsg-3.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: freeze-exception lustre has been recently adjusted to build with more recent automake versions than automake1.7, scheduled for removal from the archive (#648591). The other remaining rdep was isdnutils (unblocked in #684320), automake1.7 can hopefully go away soon. I'm attaching a debdiff of the changes introduced. Thanks for considering a freeze exception for lustre. lustre.diff Description: Binary data
Bug#684493: unblock: python-ethtool/0.7-1.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package python-ethtool It fixes RC bug #683174: FTBFS: Requires internet connectivity unblock python-ethtool/0.7-1.1 diff -Nru python-ethtool-0.7/debian/changelog python-ethtool-0.7/debian/changelog --- python-ethtool-0.7/debian/changelog 2012-06-15 21:05:41.0 +0200 +++ python-ethtool-0.7/debian/changelog 2012-08-07 15:26:56.0 +0200 @@ -1,3 +1,11 @@ +python-ethtool (0.7-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Add docbook-xsl to Build-Depends so the build system doesn't try to +download manpages/docbook.xsl from the internet. (Closes: #683174) + + -- Felix Geyer Tue, 07 Aug 2012 15:25:14 +0200 + python-ethtool (0.7-1) unstable; urgency=low * Packaging for Debian main (Closes: #549323). diff -Nru python-ethtool-0.7/debian/control python-ethtool-0.7/debian/control --- python-ethtool-0.7/debian/control 2012-06-15 21:05:41.0 +0200 +++ python-ethtool-0.7/debian/control 2012-08-07 15:25:08.0 +0200 @@ -3,7 +3,7 @@ Priority: extra Maintainer: Miroslav Suchý Uploaders: Bernd Zeimetz -Build-Depends: debhelper (>= 7.0.50~), python-all-dev (>= 2.6.6-3~), libnl-dev, asciidoc, pkg-config, libxml2-utils, docbook-xml, xsltproc +Build-Depends: debhelper (>= 7.0.50~), python-all-dev (>= 2.6.6-3~), libnl-dev, asciidoc, pkg-config, libxml2-utils, docbook-xml, docbook-xsl, xsltproc Standards-Version: 3.9.3 Homepage: http://fedorapeople.org/gitweb?p=dsommers/public_git/python-ethtool.git;a=summary Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/spacewalk/python-ethtool.git
Bug#684437: unblock: fpc/2.6.0-6
On Fri, Aug 10, 2012 at 01:24:09AM +0100, peter green wrote:
> I have just sponsored a fpc upload by Abou Al Montacir to unstable, fixing two
> important bugs (note: one of the bugs was initially filed as normal but
> speaking as a co-maintainer of the package I judge it to be important and have
> upped the severity accordingly).
Uhm, is it really required by policy to delete backup files that weren't
created by the package in the first place?
diff -Nru fpc-2.6.0/debian/fp-compiler.postrm.in
fpc-2.6.0/debian/fp-compiler.postrm.in
--- fpc-2.6.0/debian/fp-compiler.postrm.in 2012-05-06 21:43:32.0
+
+++ fpc-2.6.0/debian/fp-compiler.postrm.in 2012-08-09 22:55:10.0
+
@@ -4,12 +4,14 @@
ACTION=$1
-CFG_FILE="/etc/fpc-${VERSION}.cfg"
+CFG_FILE="/etc/fpc-${VERSION}"
# Debhelper code
#DEBHELPER#
if test "${ACTION}" = "purge"
then
- rm -f ${CFG_FILE}
+ rm -f "${CFG_FILE}".cfg
+ rm -f "${CFG_FILE}".bak
+ rm -f "${CFG_FILE}".*dpkg*
fi
The second part does not make me happy.
Kind regards
Philipp Kern
signature.asc
Description: Digital signature
Bug#684459: unblock: iceweasel/10.0.6esr-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package iceweasel as per https://lists.debian.org/debian-release/2012/07/msg01620.html unblock iceweasel/10.0.6esr-2 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120810074941.1994.43001.report...@jigen.glandium.org
Bug#684460: unblock: iceape/2.7.6-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package iceape, as per https://lists.debian.org/debian-release/2012/07/msg01652.html and https://lists.debian.org/debian-release/2012/07/msg01620.html unblock iceape/2.7.6-1 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120810074907.1792.8149.report...@jigen.glandium.org
Bug#683243: unblock: keystone/2012.1.1-2
On 08/09/2012 02:40 PM, Christian PERRIER wrote: > Quoting Julien Cristau (jcris...@debian.org): >> On Mon, Jul 30, 2012 at 13:19:57 +0800, Thomas Goirand wrote: >> >>> Package: release.debian.org >>> Severity: normal >>> User: release.debian@packages.debian.org >>> Usertags: unblock >>> >>> Dear Release Team, >>> >>> The new Keystone package, currently available in SID, contains >>> reviewed Debconf templates and lots of translations, thanks to >>> the work of Bubulle. >>> >>> Please unblock keystone/2012.1.1-2. >>> >> 2012.1.1-1 to 2012.1.1-3 has a change to >> debian/docs/scripts/keystone.base-deployment.sh that doesn't seem to be >> mentioned in the changelog. Why, and what does it do? >> >> Cheers, >> Julien > > Thomas, it seems that you forgot to answer this question from > Julienwhich, in turn, leaves the unblock request unadressed. Any > chance that you can do so? I didn't forget. That's because we are still waiting for new debconf translations from you (eg: the template that went away in 2012.1.1-2), so I didn't think it was needed to bother the release team until this is fixed. By the way, let me reply this: I uploaded whatever was in the Git, and I wasn't aware of this change. This has been changed by Ghe Rivero, with the following comment in the Git: "Small fixes in keystone.base-deployment.sh" This file, by the way, is from debian/docs (and later packaged in /usr/share/doc/keystone/scripts), so this can be considered a a documentation update with very little consequence. I regret that this hasn't been documented in debian/changelog, but this hasn't done by me. If I understand well, this file is a script to create keystone roles in order to later administer Openstack (eg: creating the necessary auth user for nova and glance). I don't think we should worry too much about it (it's only an example script...). By the way, git blame shows that this file has been written fully by Ghe Rivero, who is currently in holidays. Maybe he will be able to reply what his change is about later on (eg: what it fixes). Thomas -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5024bac6.1020...@debian.org
