NEW changes in stable-new
Processing changes file: poppler_0.12.4-1.2+squeeze1_powerpc.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u708l-0005ur...@franck.debian.org
Bug#700563: pu: package fglrx-driver/10-9-3squeeze1
On 2013-02-17 00:50, Adam D. Barratt wrote: [Why the CC to debian-release? That's where mail for release.d.o bugs goes anyway...] I trimmed down the recipients to only the bug, but didn't switch that from Cc: to To: [same in this mail, but now with To: 700563@] Ah. In that case, you just need patience. :) All right, everything is here by now. The buildds only find out about new packages in {t,}pu at dinstall. My acceptance of the upload was after the 19:52 dinstall, so it'll need to wait for the 01:52. I never looked at the timings in detail ... I just wanted to ensure I didn't miss something and that could cause trouble with the point release. :-) Andreas -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5120c173.6020...@debian.org
Bug#700277: pu: package kfreebsd-8/8.1+dfsg-8+squeeze4
Control: tags -1 + pending On Sat, 2013-02-16 at 19:07 -0800, Christoph Egger wrote: Steven Chamberlain ste...@pyro.eu.org writes: Yes please! I was just about to ask if anyone is available to do this. [...] Should be uploaded Flagged for acceptance in to p-u; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1361101522.20472.72.ca...@jacala.jungle.funky-badger.org
Processed: Re: Bug#700277: pu: package kfreebsd-8/8.1+dfsg-8+squeeze4
Processing control commands: tags -1 + pending Bug #700277 [release.debian.org] pu: package kfreebsd-8/8.1+dfsg-8+squeeze4 Added tag(s) pending. -- 700277: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700277 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b700277.136110153311864.transcr...@bugs.debian.org
NEW changes in stable-new
Processing changes file: kfreebsd-8_8.1+dfsg-8+squeeze4_kfreebsd-amd64.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u72wy-0006b2...@franck.debian.org
NEW changes in stable-new
Processing changes file: wireshark_1.2.11-6+squeeze9_amd64.changes ACCEPT Processing changes file: wireshark_1.2.11-6+squeeze9_armel.changes ACCEPT Processing changes file: wireshark_1.2.11-6+squeeze9_i386.changes ACCEPT Processing changes file: wireshark_1.2.11-6+squeeze9_ia64.changes ACCEPT Processing changes file: wireshark_1.2.11-6+squeeze9_kfreebsd-amd64.changes ACCEPT Processing changes file: wireshark_1.2.11-6+squeeze9_kfreebsd-i386.changes ACCEPT Processing changes file: wireshark_1.2.11-6+squeeze9_mips.changes ACCEPT Processing changes file: wireshark_1.2.11-6+squeeze9_mipsel.changes ACCEPT Processing changes file: wireshark_1.2.11-6+squeeze9_powerpc.changes ACCEPT Processing changes file: wireshark_1.2.11-6+squeeze9_s390.changes ACCEPT Processing changes file: wireshark_1.2.11-6+squeeze9_sparc.changes ACCEPT Processing changes file: nginx_0.7.67-3+squeeze3_amd64.changes ACCEPT Processing changes file: nginx_0.7.67-3+squeeze3_armel.changes ACCEPT Processing changes file: nginx_0.7.67-3+squeeze3_i386.changes ACCEPT Processing changes file: nginx_0.7.67-3+squeeze3_ia64.changes ACCEPT Processing changes file: nginx_0.7.67-3+squeeze3_kfreebsd-amd64.changes ACCEPT Processing changes file: nginx_0.7.67-3+squeeze3_kfreebsd-i386.changes ACCEPT Processing changes file: nginx_0.7.67-3+squeeze3_mips.changes ACCEPT Processing changes file: nginx_0.7.67-3+squeeze3_mipsel.changes ACCEPT Processing changes file: nginx_0.7.67-3+squeeze3_powerpc.changes ACCEPT Processing changes file: nginx_0.7.67-3+squeeze3_s390.changes ACCEPT Processing changes file: nginx_0.7.67-3+squeeze3_sparc.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.1_amd64.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.1_armel.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.1_i386.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.1_ia64.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.1_kfreebsd-amd64.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.1_kfreebsd-i386.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.1_mips.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.1_mipsel.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.1_powerpc.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.1_s390.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.1_sparc.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.2_amd64.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.2_armel.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.2_i386.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.2_ia64.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.2_kfreebsd-amd64.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.2_kfreebsd-i386.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.2_mips.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.2_mipsel.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.2_powerpc.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.2_s390.changes ACCEPT Processing changes file: lighttpd_1.4.28-2+squeeze1.2_sparc.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u73ee-kl...@franck.debian.org
Bug#696671: tpu: isc-dhcp/4.2.2.dfsg.1-5+deb70u3
Control: tag -1 confirmed Hi, On Sat, Feb 16, 2013 at 04:20:45PM -0500, Michael Gilbert wrote: On Sat, Feb 16, 2013 at 4:18 PM, Michael Gilbert wrote: I've attached an updated proposed patch, which also fixes #698582 (and consequentially #700363). File attached. Really attached this time ... thanks. Please go ahead. One tiny remark, though: + if [ -e /etc/dhcp/dhclient.conf ] \ + [ `md5sum /etc/dhcp/dhclient.conf | awk '{print $1;}'` = 6e3910d75cd5cde0042ecb6d48492ae9 ]; then + sed -i -e 's/rfc3442-classless-static-routes;/rfc3442-classless-static-routes, ntp-servers;/' /etc/dhcp/dhclient.conf + fi Please don't do things with awk that can be realized with cut, especially in a preinst. But since awk is still pseudo-essential (pre-depends of base-files) in wheezy, it doesn't make a difference. Kind regards Philipp Kern signature.asc Description: Digital signature
Processed: Re: Bug#696671: tpu: isc-dhcp/4.2.2.dfsg.1-5+deb70u3
Processing control commands: tag -1 confirmed Bug #696671 [release.debian.org] tpu: isc-dhcp/4.2.2.dfsg.1-5+deb70u3 Added tag(s) confirmed. -- 696671: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696671 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b696671.136110903732110.transcr...@bugs.debian.org
Re: Allow pyrad 1.2-1+deb7u1 into wheezy
On Sun, Feb 17, 2013 at 08:06:36AM +0100, Salvatore Bonaccorso wrote: I was involved reporting the problem: I noticed now a possible problem about the versioning: Current situation: pyrad | 1.2-1| squeeze| source pyrad | 1.2-1| wheezy | source pyrad | 1.2-1+deb7u1 | wheezy-p-u | source pyrad | 2.0-2| sid| source Assuming there will be also either a DSA or a pu for pyrad, how should that be versioned? Traditionally for Squeeze it was +squeeze1, but: 1.2-1 = 1.2-1+deb7u1 but 1.2-1+squeeze1 is not smaller than 1.2-1 or 1.2-1+deb7u1. Once 1.2-1+deb7u1 reaches wheezy (next 24 hours) we will be able to use 1.2-1+deb6u1 for any hypothetical DSA to slot in between squeeze and wheezy. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 directhex i have six years of solaris sysadmin experience, from 8-10. i am well qualified to say it is made from bonghits layered on top of bonghits signature.asc Description: Digital signature
Re: Bug#700669: Allow pyrad 1.2-1+deb7u1 into wheezy
On Sun, Feb 17, 2013 at 08:36:24AM +0100, Jeremy Lainé wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/17/2013 01:19 AM, Jonathan Wiltshire wrote: It's traditional to seek approval *before* uploading; more so in this case since adding a patch system is a no-no. The change itself is fine, please upload with this only. You will have to bump the version number IIRC. OK, attached is the resulting debdiff. Approved, thanks. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 directhex i have six years of solaris sysadmin experience, from 8-10. i am well qualified to say it is made from bonghits layered on top of bonghits signature.asc Description: Digital signature
Re: 6.0.7 planning
On Fri, 2013-02-15 at 11:32 +, Adam D. Barratt wrote: On Fri, 2013-02-15 at 01:41 +, Ben Hutchings wrote: On Thu, 2013-02-14 at 10:28 -0800, dann frazier wrote: Security update has been uploaded. I'll post the builds somewhere as they become available for anyone interested in testing. Version 2.6.32-48 has also been uploaded. Flagged for acceptance; thanks. All the builds are now in, so we should be ready for lkdi updates when convenient. I gather there's a chance there might need to be further security updates; will that mean we need another update in p-u? Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1361114044.20472.76.ca...@jacala.jungle.funky-badger.org
Bug#700798: unblock: live-tools/3.0.18-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package live-tools The version in wheezy had some issues (see #685752 which this request supercedes and I will now close) with upgradability that, while not typical use cases (live-tools would normally only be installed on a live system and subsequently not upgraded) were nevertheless show-stoppers for the wheezy release. Those issues have have since been resolved. We consider this release to be the only supportable version for the lifetime of wheezy. I have attached a cleaned up diff which lists at the top the specific cleanups performed to make review easier. unblock live-tools/3.0.18-1 -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.7-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash This is a diff 3.0.3-1..3.0.18-1: * without manpage translation changes * with filenames adjusted to account for file renames providing a minimal diff diff -Naurp live-tools.orig/bin/live-persistence live-tools/bin/live-persistence --- live-tools.orig/bin/live-persistence 1970-01-01 01:00:00.0 +0100 +++ live-tools/bin/live-persistence 2013-02-15 10:42:34.619868805 +0100 @@ -0,0 +1,482 @@ +#!/bin/sh + +## live-tools(7) - System Support Scripts +## +## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING. +## This is free software, and you are welcome to redistribute it +## under certain conditions; see COPYING for details. + + +set -e + +# We're gonna mess with stderr's file descriptor below, so we save a +# reference to it in fd 3 if we want to print to stderr +exec 32 + +error () +{ + echo error: ${@} 3 + exit 1 +} + +# Exit if user is unprivileged +if [ $(id -u) -ne 0 ] +then + echo E: need root privileges 3 + + exit 1 +fi + +# Exit if live-boot is not installed +if [ ! -e /lib/live/boot ] +then + echo E: live-boot not installed 3 + + exit 1 +fi + +# import Cmdline_old() +. /lib/live/boot/9990-cmdline-old || error 'Could not source /lib/live/boot/9990-cmdline-old' + +# Set variable names needed by get_custom_mounts() etc., +# and now initialized by live-boot in a file that we certainly +# don't want to source. +persistence_list=persistence.conf +old_persistence_list=live-persistence.conf +custom_overlay_label=persistence +export persistence_list old_persistence_list custom_overlay_label + +# This will import the following functions and variables used below: +# activate_custom_mounts() +# get_custom_mounts() +# open_luks_device() +# probe_for_gpt_name() +# removable_dev() +# removable_usb_dev() +# storage_devices() +# where_is_mounted() +. /lib/live/boot/9990-misc-helpers.sh || error 'Could not source /lib/live/boot/9990-misc-helpers.sh' + +usage () +{ + echo Usage: live-persistence [OPTION]... list [LABEL]... +List (on stdout) all partitions with names among LABEL(s) that are compatible +with live-boot's overlay persistence, and that are adhering to live-boot's +persistence filters (e.g. persistence-media). If no LABEL is given the default +in live-boot is used ('${custom_overlay_label}'). + or: live-persistence [OPTION]... activate VOLUME... +Activates persistence on the given VOLUME(s) (specified via block device). +Successes and failures are written to stdout. There are no checks for whether +the given volumes adhere to live-boot's options. + or: live-persistence [OPTION]... close VOLUME... +Deactivates persistence on the given VOLUME(s) (specified via block device). + +Note: The 'activate' and 'stop' actions only support partition-backed volumes +(e.g. /dev/sda2), not file-backed persistent volumes. + +Kernel command-line options are parsed just like in live-boot and have the same +effect (see live-boot(7) for more information). + +Most options correspond to the persistence-* options of live-boot, and will +override the corresponging options parsed from the kernel command-line. + +General options: + -h, --helpdisplay this help and exit + -l, --log-file=FILE log the execution trace to FILE + +Options affecting the 'list' action: + -e, --encryption=LIST override 'persistence-encryption' + -m, --media=VALUE override 'persistence-media' + -g, --gpt-onlyonly list GPT partitions + +Options affecting the 'activate' action: + -r, --read-only enable 'persistence-read-only' + -w, --read-write disable 'persistence-read-only' + -u, --union=VALUE override 'union' +} + +warning () +{ + echo warning: ${@} 3 +} + +dbus_udisks_get_attribute () +{ + dev=${1} + attribute=${2} + re='^[[:space:]]*variant[[:space:]]\+string[[:space:]]\+\(.*\)$' + + dbus-send --system --print-reply --dest=org.freedesktop.UDisks \ + /org/freedesktop/UDisks/devices/$(basename ${dev}) \ +
Bug#699591: exim4 upload to stable (dovecot stability / and optionally spf quoting)
Hi, Apologies for the delay in getting back to you about this. On Sat, 2013-02-02 at 09:34 +0100, Andreas Metzler wrote: | Dovecot: robustness; better msg on missing mech. [...] This fixes an exim segfault when accessing a malicious dovecot AUTH server. I have already talked with the security team, Moritz agrees that this should be fixed in a point release. Testing already has the fix since 4.80-6. The patch includes TESTED: works against Dovecot 2.1.10, but stable has 1.2.15. Do we know if the patch has been tested against stable? On top of this I would like to discuss whether it is acceptable to fix http://bugs.debian.org/697057 in stable, too. [ I definitily want o get the fix into testing - #697444.] The Debian configuration optionally allows to use spfquery to run SPF-checks on incoming mail. Due to insufficient quoting it is possible to pass on arbitrary arguments to spfquery and therefore bypass SPF checks. The fix is not invasive, but it changes dpkg conffiles. I've been arguing with myself a little over this one. Is it worth a comment preceding the new version of the changes to make it more obvious to anyone looking at the diff during an upgrade why the quoting was added? Presumably anyone performing a non-interactive upgrade won't get the changes, but that doesn't seem so bad in this case. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1361119263.20472.86.ca...@jacala.jungle.funky-badger.org
Bug#700806: unblock: openconnect/3.20-3 (Fixes CVE-2012-6128)
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear Release Team, Please unblock package openconnect, version 3.20-3 already uploaded to unstable. This upload fixes RC bug #700794 (CVE-2012-6128), a stack-based buffer overflow vulnerability. The fix was made upstream and this change is a backport of that patch to version 3.20. The debdiff is included below. Thanks in advance. diffstat for openconnect-3.20 openconnect-3.20 changelog |7 + patches/02_CVE-2012-6128.patch | 281 + patches/series |1 3 files changed, 289 insertions(+) diff -Nru openconnect-3.20/debian/changelog openconnect-3.20/debian/changelog --- openconnect-3.20/debian/changelog 2012-06-06 08:54:48.0 -0400 +++ openconnect-3.20/debian/changelog 2013-02-17 12:25:52.0 -0500 @@ -1,3 +1,10 @@ +openconnect (3.20-3) unstable; urgency=low + + * debian/patches/02_CVE-2012-6128.patch: Backport patch from upstream to fix +buffer overflow (CVE-2012-6128). (Closes: #700794) + + -- Mike Miller mtmil...@ieee.org Sun, 17 Feb 2013 11:56:35 -0500 + openconnect (3.20-2) unstable; urgency=low * Depend on vpnc-scripts for routing and DNS configuration. (Closes: diff -Nru openconnect-3.20/debian/patches/02_CVE-2012-6128.patch openconnect-3.20/debian/patches/02_CVE-2012-6128.patch --- openconnect-3.20/debian/patches/02_CVE-2012-6128.patch 1969-12-31 19:00:00.0 -0500 +++ openconnect-3.20/debian/patches/02_CVE-2012-6128.patch 2013-02-17 12:25:52.0 -0500 @@ -0,0 +1,281 @@ +Origin: upstream, http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/26f752c3dbf69227679fc6bebb4ae071aecec491 +From: Kevin Cernekee cerne...@gmail.com +Subject: http: Fix overflow on HTTP request buffers + +A malicious VPN gateway can send a very long hostname/path (for redirects) +or cookie list (in general), which OpenConnect will attempt to sprintf() +into a fixed length buffer. Each HTTP server response line can add +roughly MAX_BUF_LEN (131072) bytes to the next OpenConnect HTTP request, +but the request buffer (buf) is capped at MAX_BUF_LEN bytes and is +allocated on the stack. + +The result of passing a long Location: header looks like: + +Attempting to connect to server 127.0.0.1:443 +SSL negotiation with localhost +Server certificate verify failed: self signed certificate in certificate chain +Connected to HTTPS on localhost +GET https://localhost/ +Got HTTP response: HTTP/1.0 301 Moved +Ignoring unknown HTTP response line 'aa' +SSL negotiation with localhost +Server certificate verify failed: self signed certificate in certificate chain +Connected to HTTPS on localhost +*** buffer overflow detected ***: /scr/openconnect2/.libs/lt-openconnect terminated +=== Backtrace: = +/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7fd62729b82c] +/lib/x86_64-linux-gnu/libc.so.6(+0x109700)[0x7fd62729a700] +/lib/x86_64-linux-gnu/libc.so.6(+0x108b69)[0x7fd627299b69] +/lib/x86_64-linux-gnu/libc.so.6(_IO_default_xsputn+0xdd)[0x7fd62720d13d] +/lib/x86_64-linux-gnu/libc.so.6(_IO_vfprintf+0x1ae7)[0x7fd6271db4a7] +/lib/x86_64-linux-gnu/libc.so.6(__vsprintf_chk+0x94)[0x7fd627299c04] +/lib/x86_64-linux-gnu/libc.so.6(__sprintf_chk+0x7d)[0x7fd627299b4d] + /scr/openconnect2/.libs/libopenconnect.so.2(openconnect_obtain_cookie+0xc0)[0x7fd62832d210] +/scr/openconnect2/.libs/lt-openconnect[0x40413f] +/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7fd6271b276d] +/scr/openconnect2/.libs/lt-openconnect[0x404579] + +The proposed fix is to use dynamically allocated buffers with overflow +checking. + +--- a/http.c b/http.c +@@ -32,6 +32,7 @@ + #include pwd.h + #include sys/stat.h + #include sys/types.h ++#include stdarg.h + + #include openssl/ssl.h + #include openssl/err.h +@@ -45,6 +46,85 @@ static int proxy_read(struct openconnect + unsigned char *buf, size_t len); + + #define MAX_BUF_LEN 131072 ++#define BUF_CHUNK_SIZE 4096 ++ ++struct oc_text_buf { ++ char *data; ++ int pos; ++ int buf_len; ++ int error; ++}; ++ ++static struct oc_text_buf *buf_alloc(void) ++{ ++ return calloc(1, sizeof(struct oc_text_buf)); ++} ++ ++static void buf_append(struct oc_text_buf *buf, const char *fmt, ...) ++{ ++ va_list ap; ++ ++ if (!buf || buf-error) ++ return; ++ ++ if (!buf-data) { ++ buf-data = malloc(BUF_CHUNK_SIZE); ++ if (!buf-data) { ++ buf-error = -ENOMEM; ++ return; ++ } ++ buf-buf_len = BUF_CHUNK_SIZE; ++ } ++ ++ while (1) { ++ int max_len = buf-buf_len - buf-pos, ret; ++ ++ va_start(ap, fmt); ++ ret = vsnprintf(buf-data + buf-pos, max_len,
Bug#700807: tpu: package unbound/1.4.17-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: tpu i'd like to upload unbound 1.4.17-3 with an updated D.ROOT-SERVERS.NET hint to testing/testing-proposed-updates to fix #697351. unstable has a newer upstream release (1.4.19-1) so the update will need to go via tpu. debdiff is attached. -- Robert Edmonds edmo...@debian.org diff -Nru unbound-1.4.17/debian/changelog unbound-1.4.17/debian/changelog --- unbound-1.4.17/debian/changelog 2012-05-28 14:36:18.0 -0400 +++ unbound-1.4.17/debian/changelog 2013-02-17 12:35:34.0 -0500 @@ -1,3 +1,9 @@ +unbound (1.4.17-3) testing; urgency=low + + * Update IPv4 address hint for D.ROOT-SERVERS.NET. + + -- Robert S. Edmonds edmo...@debian.org Sun, 17 Feb 2013 12:34:39 -0500 + unbound (1.4.17-2) unstable; urgency=low * Build-depend on libldns-dev (= 1.6.13~) for ECDSA support. diff -Nru unbound-1.4.17/debian/patches/debian-changes unbound-1.4.17/debian/patches/debian-changes --- unbound-1.4.17/debian/patches/debian-changes2012-05-28 14:41:58.0 -0400 +++ unbound-1.4.17/debian/patches/debian-changes2013-02-17 12:54:32.0 -0500 @@ -5,9 +5,9 @@ information below has been extracted from the changelog. Adjust it or drop it. . - unbound (1.4.17-2) unstable; urgency=low + unbound (1.4.17-3) testing; urgency=low . - * Build-depend on libldns-dev (= 1.6.13~) for ECDSA support. + * Update IPv4 address hint for D.ROOT-SERVERS.NET. Author: Robert S. Edmonds edmo...@debian.org --- @@ -54,6 +54,17 @@ AC_C_INLINE ACX_CHECK_FORMAT_ATTRIBUTE +--- unbound-1.4.17.orig/iterator/iter_hints.c unbound-1.4.17/iterator/iter_hints.c +@@ -129,7 +129,7 @@ compile_time_root_prime(int do_ip4, int + if(!ah(dp, A.ROOT-SERVERS.NET., 198.41.0.4))return 0; + if(!ah(dp, B.ROOT-SERVERS.NET., 192.228.79.201)) return 0; + if(!ah(dp, C.ROOT-SERVERS.NET., 192.33.4.12)) return 0; +- if(!ah(dp, D.ROOT-SERVERS.NET., 128.8.10.90)) return 0; ++ if(!ah(dp, D.ROOT-SERVERS.NET., 199.7.91.13)) return 0; + if(!ah(dp, E.ROOT-SERVERS.NET., 192.203.230.10)) return 0; + if(!ah(dp, F.ROOT-SERVERS.NET., 192.5.5.241)) return 0; + if(!ah(dp, G.ROOT-SERVERS.NET., 192.112.36.4)) return 0; --- unbound-1.4.17.orig/daemon/unbound.c +++ unbound-1.4.17/daemon/unbound.c @@ -266,8 +266,6 @@ checkrlimits(struct config_file* cfg) signature.asc Description: Digital signature
NEW changes in stable-new
Processing changes file: kfreebsd-8_8.1+dfsg-8+squeeze4_kfreebsd-i386.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u78ns-0003ja...@franck.debian.org
Bug#700672: pu: package libzorpll/3.3.0.12-4+squeeze1
Control: tags -1 + pending On Sat, 2013-02-16 at 11:22 +, Adam D. Barratt wrote: On Sat, 2013-02-16 at 12:19 +0100, Andreas Beckmann wrote: On 2013-02-16 11:10, Adam D. Barratt wrote: On Sat, 2013-02-16 at 00:02 +0100, Andreas Beckmann wrote: An unversioned Breaks/Replaces should fix this, libzorp2-dev is not used as a virtual package. The patch looks okay; thanks. Has it been tested? Yes, I can confirm that there is now a clean upgrade path from lenny. And libzorpll* still installs in squeeze and upgrades from lenny without issues. Thanks for the confirmation. Please go ahead. Flagged for acceptance. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1361126747.20472.91.ca...@jacala.jungle.funky-badger.org
Processed: Re: Bug#700672: pu: package libzorpll/3.3.0.12-4+squeeze1
Processing control commands: tags -1 + pending Bug #700672 [release.debian.org] pu: package libzorpll/3.3.0.12-4+squeeze1 Added tag(s) pending. -- 700672: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700672 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b700672.136112675727752.transcr...@bugs.debian.org
Bug#700523: pu: package nautilus/2.30.1-2squeeze2
Control: tags -1 + pending On Fri, 2013-02-15 at 18:14 +, Adam D. Barratt wrote: On Wed, 2013-02-13 at 22:12 +0100, Andreas Beckmann wrote: * libnautilus-extension1: Add Breaks: samba-common ( 2:3.5) to fix an upgrade path from lenny involving nautilus-share where lenny's apt would fail with Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.. (Closes: #698775) Please go ahead. Flagged for acceptance in to p-u. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1361126797.20472.92.ca...@jacala.jungle.funky-badger.org
Processed: Re: Bug#700523: pu: package nautilus/2.30.1-2squeeze2
Processing control commands: tags -1 + pending Bug #700523 [release.debian.org] pu: package nautilus/2.30.1-2squeeze2 Added tag(s) pending. -- 700523: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700523 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b700523.136112680928188.transcr...@bugs.debian.org
NEW changes in stable-new
Processing changes file: libzorpll_3.3.0.12-4+squeeze1_amd64.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u79gt-00031a...@franck.debian.org
Processed: Re: Bug#700806: unblock: openconnect/3.20-3 (Fixes CVE-2012-6128)
Processing control commands: tags -1 moreinfo Bug #700806 [release.debian.org] unblock: openconnect/3.20-3 (Fixes CVE-2012-6128) Added tag(s) moreinfo. -- 700806: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700806 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b700806.13611276262761.transcr...@bugs.debian.org
Bug#700806: unblock: openconnect/3.20-3 (Fixes CVE-2012-6128)
Control: tags -1 moreinfo On 2013-02-17 19:12, Mike Miller wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear Release Team, Hi, Please unblock package openconnect, version 3.20-3 already uploaded to unstable. This upload fixes RC bug #700794 (CVE-2012-6128), a stack-based buffer overflow vulnerability. The fix was made upstream and this change is a backport of that patch to version 3.20. The debdiff is included below. Thanks in advance. [...] ++ ++static void buf_append(struct oc_text_buf *buf, const char *fmt, ...) ++{ [...] ++buf-data = realloc(buf-data, new_buf_len); As mentioned in #700805, this line introduces a memory leak if realloc fails for any reason. [...] I believe this bug also affects the version uploaded to proposed-updates (i.e. 2.25-0.1+squeeze2). ~Niels -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/512128c0.6070...@thykier.net
Bug#700724: pu: package ttf-ipafont/00203-16+squeeze1
Control: tags -1 + pending On Sat, 2013-02-16 at 17:09 +, Adam D. Barratt wrote: On Sat, 2013-02-16 at 18:01 +0100, Andreas Beckmann wrote: This leads to the following errors if ttf-ipafont is installed, removed and installed again: 0m16.5s ERROR: FAIL: After purging files have disappeared: I'm not sure how common doing so really is... In any case, the patch looks sane enough, so please go ahead. Flagged for acceptance. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1361128839.20472.93.ca...@jacala.jungle.funky-badger.org
Processed: Re: Bug#700724: pu: package ttf-ipafont/00203-16+squeeze1
Processing control commands: tags -1 + pending Bug #700724 [release.debian.org] pu: package ttf-ipafont/00203-16+squeeze1 Added tag(s) pending. -- 700724: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700724 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b700724.136112884912787.transcr...@bugs.debian.org
Bug#700675: Bug#696369: Bug#700675: pu: package fusionforge/5.0.2-5+squeeze1
Andreas Beckmann, 2013-02-16 12:03:01 +0100 : [...] The fusionforge packages are not really in a good shape for automated testing (e.g. #678025, #662897) ... and I never used fusionforge myself, so I don't know how to properly test it manually. Therefore I'm a bit reluctant to NMU fusionforge without having a positive comment on the patch by the maintainer. Thank you for looking into this; I must confess I'm slacking in my duty as a maintainer of the fusionforge packages these days. The patch looks good to me, and I'd appreciate the NMU, please. Could the new version suffix +squeeze1 break something? I don't think so; there's a bit of code that handles Debian version numbers, but it takes care to delegate version comparison to dpkg, so we should be safe. But after having run piuparts install and upgrade tests on the patched packages (that takes some time for fusionforge ...) I can now confirm that * there are no previously unseen installation or upgrade errors * the file conflict is solved by unpacking gforge-common before gforge-web-apache2 Thanks again! Roland. -- Roland Mas La tradition orale, c'est comme un vieux fromage [...] -- Le Blaire -- Signatures à collectionner, série n°2, partie 1/3. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87liamd9ph@polymir.internal.placard.fr.eu.org
NEW changes in stable-new
Processing changes file: ttf-ipafont_00203-16+squeeze1_amd64.changes ACCEPT Processing changes file: nautilus_2.30.1-2squeeze2_amd64.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u79y3-0007gn...@franck.debian.org
Processed: Re: Bug#700675: Bug#696369: Bug#700675: pu: package fusionforge/5.0.2-5+squeeze1
Processing control commands: tags 700675 + confirmed squeeze Bug #700675 [release.debian.org] pu: package fusionforge/5.0.2-5+squeeze1 Added tag(s) confirmed. -- 696369: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696369 700675: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700675 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b696369.136113031822836.transcr...@bugs.debian.org
Bug#700675: Bug#696369: Bug#700675: pu: package fusionforge/5.0.2-5+squeeze1
Control: tags 700675 + confirmed squeeze On Sun, 2013-02-17 at 20:25 +0100, Roland Mas wrote: Andreas Beckmann, 2013-02-16 12:03:01 +0100 : The fusionforge packages are not really in a good shape for automated testing (e.g. #678025, #662897) ... and I never used fusionforge myself, so I don't know how to properly test it manually. Therefore I'm a bit reluctant to NMU fusionforge without having a positive comment on the patch by the maintainer. Thank you for looking into this; I must confess I'm slacking in my duty as a maintainer of the fusionforge packages these days. The patch looks good to me, and I'd appreciate the NMU, please. Thanks for the comments. Andreas, if you'd still like to get this in to 6.0.7 then please go ahead, but bear in mind the somewhat tight time constraints. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1361130308.20472.97.ca...@jacala.jungle.funky-badger.org
Processed: Re: Bug#700675: Bug#696369: Bug#700675: pu: package fusionforge/5.0.2-5+squeeze1
Processing control commands: tags 700675 + confirmed squeeze Bug #700675 [release.debian.org] pu: package fusionforge/5.0.2-5+squeeze1 Ignoring request to alter tags of bug #700675 to the same tags previously set -- 700675: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700675 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b700675.136113031722827.transcr...@bugs.debian.org
Re: 6.0.7 planning
On Sun, Feb 17, 2013 at 03:14:04PM +, Adam D. Barratt wrote: On Fri, 2013-02-15 at 11:32 +, Adam D. Barratt wrote: On Fri, 2013-02-15 at 01:41 +, Ben Hutchings wrote: On Thu, 2013-02-14 at 10:28 -0800, dann frazier wrote: Security update has been uploaded. I'll post the builds somewhere as they become available for anyone interested in testing. Version 2.6.32-48 has also been uploaded. Flagged for acceptance; thanks. All the builds are now in, so we should be ready for lkdi updates when convenient. I gather there's a chance there might need to be further security updates; will that mean we need another update in p-u? Possibly; an alternative would be to release a 48squeeze1 via security to sync up w/ the fixes just before the point release. That would let us go ahead and get the lkdi/d-i updates ready and give us some flexibility to react to any follow-on changes that may appear this week as CVE-2013-0871 is discussed. On the other hand, I know Ben has another fix queued for stable, and I saw a mention of a possible s390/KVM regression - so those may justify the extra p-u update. Thoughts? -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130217213323.gg18...@dannf.org
NEW changes in stable-new
Processing changes file: libzorpll_3.3.0.12-4+squeeze1_i386.changes ACCEPT Processing changes file: libzorpll_3.3.0.12-4+squeeze1_ia64.changes ACCEPT Processing changes file: libzorpll_3.3.0.12-4+squeeze1_kfreebsd-amd64.changes ACCEPT Processing changes file: libzorpll_3.3.0.12-4+squeeze1_kfreebsd-i386.changes ACCEPT Processing changes file: libzorpll_3.3.0.12-4+squeeze1_powerpc.changes ACCEPT Processing changes file: libzorpll_3.3.0.12-4+squeeze1_s390.changes ACCEPT Processing changes file: libzorpll_3.3.0.12-4+squeeze1_sparc.changes ACCEPT Processing changes file: nautilus_2.30.1-2squeeze2_kfreebsd-amd64.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u7bqc-0005pv...@franck.debian.org
NEW changes in stable-new
Processing changes file: libzorpll_3.3.0.12-4+squeeze1_armel.changes ACCEPT Processing changes file: nautilus_2.30.1-2squeeze2_i386.changes ACCEPT Processing changes file: nautilus_2.30.1-2squeeze2_ia64.changes ACCEPT Processing changes file: nautilus_2.30.1-2squeeze2_kfreebsd-i386.changes ACCEPT Processing changes file: nautilus_2.30.1-2squeeze2_powerpc.changes ACCEPT Processing changes file: nautilus_2.30.1-2squeeze2_s390.changes ACCEPT Processing changes file: nautilus_2.30.1-2squeeze2_sparc.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u7c4i-vm...@franck.debian.org
openjdk maintenance for wheezy and squeeze
There is a bug report open for openjdk-6 in wheezy (#675495) and squeeze didn't see any security updates for several months. To summarize, no party involved is capable or willing to provide security updates based on backports of single patches to the released openjdk-6 version in a stable release. So what to do about it? - Remove openjdk-6 in wheezy. Probably would require falling back to gcj. Not recommended as a runtime environment, but should work fine for building packages, as ecj is used for byte-code compilation. Falling back to an easier-to-main jvm could be an option too, but I didn't check how well that would work. Not having a fall-back would require removing most of java in Debian. - Updating to openjdk-7 in wheezy would not solve any issues from my point of view, and it would need some porting of packages to 7, and probably removing some packages which are not yet ported. Otoh removing openjdk-7 for wheezy could be an option if only one version should be supported for a stable release. - Release openjdk-6 with wheezy, and provide security support by updating to new OpenJDK and IcedTea versions. Usually this does include some backports and other fixes. The potential for regressions could be higher, however even the single security fixes show regressions, as shown by the last security update on Feb 1. These builds could be provided as security updates, updates to the stable releases, or as backports. As a proof of concept, see [1]. - Release openjdk-7 with wheezy, and do the same as with openjdk-6. The issue here is that 7 sees more changes than 6, and that the current openjdk-7 release doesn't build anymore on mips or mipsel, as communicated to the Debian mips porters, so an update would require removal of the binary mips packages. Fine if somebody wants to fix it, but apparently there is no-one interested in that. So this looks more difficult than the openjdk-6 updates. Removing the openjdk mips binaries would require changes to source packages building arch any packages and build-depending on default-jdk or openjdk. We should find a solution where the resources are available to handle this solution. In the OpenJDK team, I think it's safe to assume that Torsten Werner isn't currently working on openjdk anymore and recently I got an email from Damien Raude-Morvan, that he can't work on OpenJDK-7 in the forseeable future anymore. Apparently one of the security team members who did work on OpenJDK security updates left the team too. I think that moving maintainership to the Debian Java team would just make the maintainership issue less explicit. While not a that important issue, the mips and kfreebsd issue could be improved as well: - The mipsel porter box is again down for several months. Having a porter box to test backports would be appreciated (yes, openjdk-7 in experimental currently fails on mips, not mipsel). - Afaik openjdk-7 for kfreebsd does build on kfreebsd (according to Damien) with the kfreebsd kernel from wheezy. So maybe some commitment could be found to upgrade and maintain the kernels before wheezy is released? Matthias [1] deb http://people.debian.org/~doko/tmp/openjdk-6-squeeze ./ -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/51215401.8010...@ubuntu.com
Bug#691710: Post-RC1 unblock-udeb d-i ACK
Hi everyone, and thanks for your patience. Release managers, here's your d-i ACK for all those requests: mdadm/3.2.5-5 glib2.0/2.33.12+really2.32.4-5 eglibc/2.13-38 cairo/1.12.2-3 openssh/1:6.0p1-4 Mraw, KiBi. signature.asc Description: Digital signature
NEW changes in stable-new
Processing changes file: nautilus_2.30.1-2squeeze2_armel.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u7cxh-00078j...@franck.debian.org
Bug#697831: marked as done (unblock: eglibc/2.13-38)
Your message dated Sun, 17 Feb 2013 22:39:10 + with message-id 1361140750.20472.121.ca...@jacala.jungle.funky-badger.org and subject line Re: Bug#691710: Post-RC1 unblock-udeb d-i ACK has caused the Debian Bug report #697831, regarding unblock: eglibc/2.13-38 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 697831: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697831 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package eglibc, whose changes were discussed on IRC with adsb a while ago, and has now been uploaded. Debdiff attached, but a quick step through the changelog: [ Adam Conrad ] * debian/patches/arm/cvs-ldconfig-cache-abi.diff: Backport upstream patch to re-enable ldconfig cache tagging for armhf binaries again. * debian/patches/arm/unsubmitted-ldconfig-cache-abi.diff: Re-enable and adjust to account for changes in cvs-ldconfig-cache-abi.diff. * debian/debhelper.in/libc.preinst: Remove old ld.so.cache on upgrade. The above changes are needed to make multiarch between armel and armhf work properly. They were previously included in eglibc, then temporarily reverted when an upstream conflict occurred, and now reintroduced with the upstream versions of the patches. Well-tested in both previous Debian revisions and in several Ubuntu releases. * debian/control.in/amd64: Move libc6-amd64 from standard to optional. Just making control match the archive. [ Jonathan Nieder ] * control.in/opt: correct misspelling of Ezra in descriptions of *-i686 variants. Thanks to Thorsten Glaser. Typo fix. * patches/any/local-tst-eintr1-eagain.diff: new patch to work around a race that lets pthread_create hit resource limits when the kernel takes too long to clean up after joined threads. (closes: #673596) Testsuite fix, doesn't affect any runtime code. [ Samuel Thibault ] * patches/any/local-fhs-linux-paths.diff: Patch vardb path on !linux too. * Add patches/hurd-i386/libpthread_hurd_cond_wait.diff: New patch to add support for translators with pthread. * Add patches/hurd-i386/submitted-fork_port_leak.diff: New patch to fix port leak on fork. * libc0.3.symbols.hurd-i386: Add libpthread.so.0.3 symbols. * Add patches/hurd-i386/tg-hurdsig-boot-fix.diff to fix sigstate_is_global_rcv at boot in libpthread-based translators. * patches/hurd-i386/tg-hurdsig-global-dispositions.diff: Update with Thomas' fork deadlock fix. * patches/hurd-i386/unsubmitted-single-hurdselect-timeout.diff: Temporarily fix double select timeout on single fd. * patches/hurd-i386/unsubmitted-setitimer_fix.diff: Fix Hurd implementation of setitimer. And the above are all hurd fixes which don't impact any other arches and IMO should be accepted on the well, it can't make hurd any more broken principle. :P unblock eglibc/2.13-38 -- System Information: Debian Release: wheezy/sid APT prefers raring-updates APT policy: (500, 'raring-updates'), (500, 'raring-security'), (500, 'raring') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.7.0-7-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u eglibc-2.13/debian/changelog eglibc-2.13/debian/changelog --- eglibc-2.13/debian/changelog +++ eglibc-2.13/debian/changelog @@ -1,3 +1,38 @@ +eglibc (2.13-38) unstable; urgency=low + + [ Adam Conrad ] + * debian/patches/arm/cvs-ldconfig-cache-abi.diff: Backport upstream +patch to re-enable ldconfig cache tagging for armhf binaries again. + * debian/patches/arm/unsubmitted-ldconfig-cache-abi.diff: Re-enable +and adjust to account for changes in cvs-ldconfig-cache-abi.diff. + * debian/debhelper.in/libc.preinst: Remove old ld.so.cache on upgrade. + * debian/control.in/amd64: Move libc6-amd64 from standard to optional. + + [ Jonathan Nieder ] + * control.in/opt: correct misspelling of Ezra in descriptions of +*-i686 variants. Thanks to Thorsten Glaser. + * patches/any/local-tst-eintr1-eagain.diff: new patch to work around +a race that lets pthread_create hit resource limits when the kernel +takes too long to clean up after joined threads. (closes: #673596) + + [ Samuel Thibault ] + * patches/any/local-fhs-linux-paths.diff: Patch vardb path on !linux too. + * Add patches/hurd-i386/libpthread_hurd_cond_wait.diff: New patch to add +support for translators with pthread. +
Bug#699466: marked as done (unblock: cairo/1.12.2-3)
Your message dated Sun, 17 Feb 2013 22:39:10 + with message-id 1361140750.20472.121.ca...@jacala.jungle.funky-badger.org and subject line Re: Bug#691710: Post-RC1 unblock-udeb d-i ACK has caused the Debian Bug report #699466, regarding unblock: cairo/1.12.2-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 699466: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699466 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package cairo It fixes several important bugs which could lead to crashes (in evince) or broken print output. We have a large number of duplicates, so it seems worthwile getting those fixes into wheezy. Changelog: cairo (1.12.2-3) unstable; urgency=low cairo (1.12.2-3) unstable; urgency=low * Team upload. [ intrigeri ] * Fix several printing related problems: - Evince crash when printing certain PDF files (Closes: #672336) - Evince producing broken print output (Closes: #679105) Patches cherry-picked from upstream: - 07_cff-subsetting-Ignore-charset-for-non-cid-fonts.patch - 08_cff_convert_._to_locale_specific_decimal_point_befor.patch - 09_cff_use_correct_size_for_buffer.patch - 10_cff_subsetting_widths_can_be_floating_point.patch [ Michael Biebl ] * Fix segmentation fault when rendering SVGs at certain sizes. (Closes: #697482) Patch cherry-picked from upstream: - 11_polygon-reduce_reduce_broken_stopped-edge_continuation.patch -- Michael Biebl bi...@debian.org Thu, 31 Jan 2013 16:22:34 +0100 cairo (1.12.2-2.1) unstable; urgency=low * Non-maintainer upload. * (Closes: #690799) evince crashes with a certain PDF file -- Neil Williams codeh...@debian.org Sat, 26 Jan 2013 23:22:12 + Full debdiff (including the NMU) is attached. Cheers, Michael unblock cairo/1.12.2-3 -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru cairo-1.12.2/debian/changelog cairo-1.12.2/debian/changelog --- cairo-1.12.2/debian/changelog 2012-05-17 13:23:08.0 +0200 +++ cairo-1.12.2/debian/changelog 2013-01-31 16:22:46.0 +0100 @@ -1,3 +1,32 @@ +cairo (1.12.2-3) unstable; urgency=low + + * Team upload. + + [ intrigeri ] + * Fix several printing related problems: +- Evince crash when printing certain PDF files (Closes: #672336) +- Evince producing broken print output (Closes: #679105) +Patches cherry-picked from upstream: +- 07_cff-subsetting-Ignore-charset-for-non-cid-fonts.patch +- 08_cff_convert_._to_locale_specific_decimal_point_befor.patch +- 09_cff_use_correct_size_for_buffer.patch +- 10_cff_subsetting_widths_can_be_floating_point.patch + + [ Michael Biebl ] + * Fix segmentation fault when rendering SVGs at certain sizes. +(Closes: #697482) +Patch cherry-picked from upstream: +- 11_polygon-reduce_reduce_broken_stopped-edge_continuation.patch + + -- Michael Biebl bi...@debian.org Thu, 31 Jan 2013 16:22:34 +0100 + +cairo (1.12.2-2.1) unstable; urgency=low + + * Non-maintainer upload. + * (Closes: #690799) evince crashes with a certain PDF file + + -- Neil Williams codeh...@debian.org Sat, 26 Jan 2013 23:22:12 + + cairo (1.12.2-2) unstable; urgency=low * debian/libcairo2-udeb.install: diff -Nru cairo-1.12.2/debian/patches/07_cff-subsetting-Ignore-charset-for-non-cid-fonts.patch cairo-1.12.2/debian/patches/07_cff-subsetting-Ignore-charset-for-non-cid-fonts.patch --- cairo-1.12.2/debian/patches/07_cff-subsetting-Ignore-charset-for-non-cid-fonts.patch 1970-01-01 01:00:00.0 +0100 +++ cairo-1.12.2/debian/patches/07_cff-subsetting-Ignore-charset-for-non-cid-fonts.patch 2013-01-31 16:22:46.0 +0100 @@ -0,0 +1,37 @@ +From: Adrian Johnson ajohn...@redneon.com +Date: Thu, 7 Jun 2012 19:18:52 +0930 +Subject: cff-subsetting: Ignore charset for non cid fonts + +Fixes crash in https://bugzilla.gnome.org/show_bug.cgi?id=677422 +--- + src/cairo-cff-subset.c | 16 +--- + 1 file changed, 9 insertions(+), 7 deletions(-) + +diff --git a/src/cairo-cff-subset.c b/src/cairo-cff-subset.c +index db6fdf7..6f0cd66 100644 +--- a/src/cairo-cff-subset.c b/src/cairo-cff-subset.c +@@ -1178,14 +1178,16 @@ cairo_cff_font_read_top_dict (cairo_cff_font_t
Re: 6.0.7 planning
On Sun, 2013-02-17 at 13:33 -0800, dann frazier wrote: On Sun, Feb 17, 2013 at 03:14:04PM +, Adam D. Barratt wrote: I gather there's a chance there might need to be further security updates; will that mean we need another update in p-u? Possibly; an alternative would be to release a 48squeeze1 via security to sync up w/ the fixes just before the point release. That would let us go ahead and get the lkdi/d-i updates ready and give us some flexibility to react to any follow-on changes that may appear this week as CVE-2013-0871 is discussed. From the release perspective, I obviously have a bias toward wanting to get a finalised kernel and lkdi / d-i sorted sooner rather than later, both so we can get people to test the former and to reduce the likelihood of last minute issues / upload chasing with the latter. On the other hand, I know Ben has another fix queued for stable, and I saw a mention of a possible s390/KVM regression - so those may justify the extra p-u update. Are these regressions from the current stable kernel? Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1361140954.20472.122.ca...@jacala.jungle.funky-badger.org
Bug#700825: unblock: libmtp/1.1.3-35-g0ece104-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package libmtp 1.1.3-35-g0ece104-5 which introduces support for Google/LG Nexus 4 phones (and a big thanks! to Arno Töll which has effectively tested the device. The patch comes from upstream and it's already been integrated in the latest version presently available in experimental. As usual, you may find the (minimalistic) patch attached. Thanks in advance for any reply, and cheers! unblock libmtp/1.1.3-35-g0ece104-5 -- Alessio Treglia | www.alessiotreglia.com Debian Developer | ales...@debian.org Ubuntu Core Developer| quadris...@ubuntu.com 0416 0004 A827 6E40 BB98 90FB E8A4 8AE5 311D 765A diffstat for libmtp-1.1.3-35-g0ece104 libmtp-1.1.3-35-g0ece104 changelog |7 +++ patches/0001-devicedb_updates.patch | 22 +- 2 files changed, 24 insertions(+), 5 deletions(-) diff -Nru libmtp-1.1.3-35-g0ece104/debian/changelog libmtp-1.1.3-35-g0ece104/debian/changelog --- libmtp-1.1.3-35-g0ece104/debian/changelog 2012-09-30 18:33:20.0 +0200 +++ libmtp-1.1.3-35-g0ece104/debian/changelog 2013-02-17 23:38:42.0 +0100 @@ -1,3 +1,10 @@ +libmtp (1.1.3-35-g0ece104-5) unstable; urgency=low + + * Add support for Google/LG Nexus 4 phones. +Thanks to Arno Töll for testing the device. (Closes: #700822) + + -- Alessio Treglia ales...@debian.org Sun, 17 Feb 2013 22:37:28 + + libmtp (1.1.3-35-g0ece104-4) unstable; urgency=low * Blacklist Canon EOS 3D for now as it leads to a SIGSEGV in diff -Nru libmtp-1.1.3-35-g0ece104/debian/patches/0001-devicedb_updates.patch libmtp-1.1.3-35-g0ece104/debian/patches/0001-devicedb_updates.patch --- libmtp-1.1.3-35-g0ece104/debian/patches/0001-devicedb_updates.patch 2012-08-30 00:30:30.0 +0200 +++ libmtp-1.1.3-35-g0ece104/debian/patches/0001-devicedb_updates.patch 2013-02-17 23:33:30.0 +0100 @@ -7,10 +7,12 @@ - f9b50b4b6e7721c7d77e0f22779276c3a0981ad0 Debian BTS: - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683637 + - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700822 Origin: upstream +Last-Update: 2013-02-17 --- - src/music-players.h | 26 ++ - 1 file changed, 22 insertions(+), 4 deletions(-) + src/music-players.h | 29 - + 1 file changed, 24 insertions(+), 5 deletions(-) --- libmtp.orig/src/music-players.h +++ libmtp/src/music-players.h @@ -63,7 +65,17 @@ // WiFi-only version of Xoom // See: http://bugzilla.gnome.org/show_bug.cgi?id=647506 { Google Inc (for Motorola), 0x18d1, Xoom (MZ604), 0x70a8, -@@ -1702,8 +1716,9 @@ +@@ -1553,7 +1567,8 @@ + 0xd109, DEVICE_FLAGS_ANDROID_BUGS }, + { Google Inc (for LG Electronics), 0x18d1, P990/Optimus, 0xd10a, + DEVICE_FLAGS_ANDROID_BUGS }, +- ++ { Google Inc (for LG Electronics), 0x18d1, Nexus 4, 0x4ee1, ++ DEVICE_FLAGS_ANDROID_BUGS }, + + /* +* Media Keg +@@ -1702,8 +1717,9 @@ */ // Reported by anonymous SourceForge user { Huawei, 0x12d1, Honor U8860, 0x1051, DEVICE_FLAGS_ANDROID_BUGS }, @@ -74,7 +86,7 @@ /* * ZTE -@@ -1718,7 +1733,9 @@ +@@ -1718,7 +1734,9 @@ { HTC, 0x0bb4, Zopo ZP100, 0x0c02, DEVICE_FLAGS_ANDROID_BUGS }, // Reported by Steven Eastland grassm...@users.sourceforge.net @@ -85,7 +97,7 @@ DEVICE_FLAGS_ANDROID_BUGS }, // These identify themselves as cm_tenderloin, fun... // Done by HTC for HP I guess. -@@ -1745,9 +1762,10 @@ +@@ -1745,9 +1763,10 @@ { Vizio, 0x0489, VTAB1008, 0xe040, DEVICE_FLAGS_ANDROID_BUGS }, /*
Re: openjdk maintenance for wheezy and squeeze
On 2013-02-17 23:04, Matthias Klose wrote: There is a bug report open for openjdk-6 in wheezy (#675495) and squeeze didn't see any security updates for several months. To summarize, no party involved is capable or willing to provide security updates based on backports of single patches to the released openjdk-6 version in a stable release. So what to do about it? Hi, Thanks for bringing up this topic. Here is my view on it: - Remove openjdk-6 in wheezy. Probably would require falling back to gcj. Not recommended as a runtime environment, but should work fine for building packages, as ecj is used for byte-code compilation. Falling back to an easier-to-main jvm could be an option too, but I didn't check how well that would work. Not having a fall-back would require removing most of java in Debian. I do not believe this is a functional solution. In my experience, gcj is not capable of running a lot of our Java programs reliably. - Updating to openjdk-7 in wheezy would not solve any issues from my point of view, and it would need some porting of packages to 7, and probably removing some packages which are not yet ported. Otoh removing openjdk-7 for wheezy could be an option if only one version should be supported for a stable release. We tried to accomplish this (replacing openjdk-6 with openjdk-7) a couple of months before the freeze; there was too much then and the freeze has not changed that. If we were to do this, we should have done it before the freeze (and continued in the early freeze). - Release openjdk-6 with wheezy, and provide security support by updating to new OpenJDK and IcedTea versions. Usually this does include some backports and other fixes. The potential for regressions could be higher, however even the single security fixes show regressions, as shown by the last security update on Feb 1. These builds could be provided as security updates, updates to the stable releases, or as backports. As a proof of concept, see [1]. I am sad to hear that stable releases are having regressions (especially for security fixes), but I do not see a way to release Wheezy without OpenJDK-6 (as default java). - Release openjdk-7 with wheezy, and do the same as with openjdk-6. The issue here is that 7 sees more changes than 6, and that the current openjdk-7 release doesn't build anymore on mips or mipsel, as communicated to the Debian mips porters, so an update would require removal of the binary mips packages. Fine if somebody wants to fix it, but apparently there is no-one interested in that. So this looks more difficult than the openjdk-6 updates. Removing the openjdk mips binaries would require changes to source packages building arch any packages and build-depending on default-jdk or openjdk. openjdk-7/7u3-2.1.3-1 is currently in testing, so we would release openjdk-7 with Wheezy? Admittedly with the security bugs in Java currently, I suspect the u13 might be better for us. That said, I got the feeling that this option would include us replacing the default-jdk with openjdk-7? As mentioned above, I don't see how that can happen with breaking a lot (unless we only change the default plugin). I recognise that OpenJDK-7 would most likely have been better default. However, I do not think it is possible for us to change the default-java at this point of the freeze without great distruption. * Even if we were to change the default to OpenJDK-7, we would still have a lot way to go before we could get rid of OpenJDK-6. * Using GCJ as default java will just cause programs to fail/crash. I believe I mentioned this to you at UDS-R; I do not think GCJ should be a provider of Java for programs anymore (for fixing post Wheezy). To my knowledge it is (at best) a Java5 claiming to support both Java6 and Java7 - and when called on that bluff the program has to terminate (usually for missing methods or classes in the std library). We should find a solution where the resources are available to handle this solution. In the OpenJDK team, I think it's safe to assume that Torsten Werner isn't currently working on openjdk anymore and recently I got an email from Damien Raude-Morvan, that he can't work on OpenJDK-7 in the forseeable future anymore. Apparently one of the security team members who did work on OpenJDK security updates left the team too. I think that moving maintainership to the Debian Java team would just make the maintainership issue less explicit. I agree it would be nice to have more hands on packages like OpenJDK; but I suspect OpenJDK is sufficiently intimidating to scare people away at first (or even second) sight. I know from experience with Eclipse that people offered help, but in practise never submitted any patches (or at best did one or two trival things and then we never heard from them again on Eclipse). I
Re: 6.0.7 planning
On Sun, 2013-02-17 at 13:33 -0800, dann frazier wrote: On Sun, Feb 17, 2013 at 03:14:04PM +, Adam D. Barratt wrote: On Fri, 2013-02-15 at 11:32 +, Adam D. Barratt wrote: On Fri, 2013-02-15 at 01:41 +, Ben Hutchings wrote: On Thu, 2013-02-14 at 10:28 -0800, dann frazier wrote: Security update has been uploaded. I'll post the builds somewhere as they become available for anyone interested in testing. Version 2.6.32-48 has also been uploaded. Flagged for acceptance; thanks. All the builds are now in, so we should be ready for lkdi updates when convenient. I gather there's a chance there might need to be further security updates; will that mean we need another update in p-u? Possibly; an alternative would be to release a 48squeeze1 via security to sync up w/ the fixes just before the point release. That would let us go ahead and get the lkdi/d-i updates ready and give us some flexibility to react to any follow-on changes that may appear this week as CVE-2013-0871 is discussed. On the other hand, I know Ben has another fix queued for stable, and I saw a mention of a possible s390/KVM regression - so those may justify the extra p-u update. Thoughts? I would prefer to give users the option to install just the urgent security fixes and delay upgrading to the point release. Releasing a 48squeeze1 means bundling together all those changes. I don't think it's critical that the installer has the same kernel version as the stable suite. We do need to be careful with ordering of the changelog to allow the installer kernel version to be constructed from the later version by running debian/bin/patch.apply, and/or ask the FTP team nicely to ensure the older version remains in squeeze. Ben. -- Ben Hutchings Experience is what causes a person to make new mistakes instead of old ones. signature.asc Description: This is a digitally signed message part
NEW changes in stable-new
Processing changes file: libzorpll_3.3.0.12-4+squeeze1_mips.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u7dfe-0003zb...@franck.debian.org
Re: 6.0.7 planning
On Sun, Feb 17, 2013 at 11:12:18PM +, Ben Hutchings wrote: On Sun, 2013-02-17 at 13:33 -0800, dann frazier wrote: On Sun, Feb 17, 2013 at 03:14:04PM +, Adam D. Barratt wrote: On Fri, 2013-02-15 at 11:32 +, Adam D. Barratt wrote: On Fri, 2013-02-15 at 01:41 +, Ben Hutchings wrote: On Thu, 2013-02-14 at 10:28 -0800, dann frazier wrote: Security update has been uploaded. I'll post the builds somewhere as they become available for anyone interested in testing. Version 2.6.32-48 has also been uploaded. Flagged for acceptance; thanks. All the builds are now in, so we should be ready for lkdi updates when convenient. I gather there's a chance there might need to be further security updates; will that mean we need another update in p-u? Possibly; an alternative would be to release a 48squeeze1 via security to sync up w/ the fixes just before the point release. That would let us go ahead and get the lkdi/d-i updates ready and give us some flexibility to react to any follow-on changes that may appear this week as CVE-2013-0871 is discussed. On the other hand, I know Ben has another fix queued for stable, and I saw a mention of a possible s390/KVM regression - so those may justify the extra p-u update. Thoughts? I would prefer to give users the option to install just the urgent security fixes and delay upgrading to the point release. Releasing a 48squeeze1 means bundling together all those changes. Agreed; and I think I was unclear. I was taking for granted that we *will* do a 46squeeze2 now w/ the CVE-2013-0871 fix and bypass 46squeeze1. 46squeeze2 would provide the security-only option. The question was whether or not we should try and fix p-u by getting a -49 into -stable now w/ the CVE-2013-0871 fix, or just make sure there's a 48squeeze1 in security for after. Ah - but maybe the point you're making is that a 48squeeze1 in security would make 46squeeze2 harder to find/install - if so, I can understand that point. I don't think it's critical that the installer has the same kernel version as the stable suite. We do need to be careful with ordering of the changelog to allow the installer kernel version to be constructed from the later version by running debian/bin/patch.apply, and/or ask the FTP team nicely to ensure the older version remains in squeeze. Ordering it properly shouldn't be a problem. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130217233634.gh18...@dannf.org
Re: 6.0.7 planning
On Sun, 2013-02-17 at 22:42 +, Adam D. Barratt wrote: On Sun, 2013-02-17 at 13:33 -0800, dann frazier wrote: On Sun, Feb 17, 2013 at 03:14:04PM +, Adam D. Barratt wrote: I gather there's a chance there might need to be further security updates; will that mean we need another update in p-u? Possibly; an alternative would be to release a 48squeeze1 via security to sync up w/ the fixes just before the point release. That would let us go ahead and get the lkdi/d-i updates ready and give us some flexibility to react to any follow-on changes that may appear this week as CVE-2013-0871 is discussed. From the release perspective, I obviously have a bias toward wanting to get a finalised kernel and lkdi / d-i sorted sooner rather than later, both so we can get people to test the former and to reduce the likelihood of last minute issues / upload chasing with the latter. On the other hand, I know Ben has another fix queued for stable, and I saw a mention of a possible s390/KVM regression - so those may justify the extra p-u update. Are these regressions from the current stable kernel? The s390/KVM issue is a possible regression introduced in -48. I don't have confirmation that this affects the Debian build, but it was reported upstream as caused by the fix we cherry-picked for #698382. The fix for the regression is labelled as being for v3.3+, but I don't see any relevant changes between 3.2 and 3.3 so I don't trust that minimum version. But the code it touches looks substantially different in 2.6.32. Who can test this? The other bug for which there is a pending fix (#700544) is not a regression and is easy to work around. Ben. -- Ben Hutchings Sturgeon's Law: Ninety percent of everything is crap. signature.asc Description: This is a digitally signed message part
Re: openjdk maintenance for wheezy and squeeze
Am 18.02.2013 00:08, schrieb Niels Thykier: On 2013-02-17 23:04, Matthias Klose wrote: - Remove openjdk-6 in wheezy. Probably would require falling back to gcj. Not recommended as a runtime environment, but should work fine for building packages, as ecj is used for byte-code compilation. Falling back to an easier-to-main jvm could be an option too, but I didn't check how well that would work. Not having a fall-back would require removing most of java in Debian. I do not believe this is a functional solution. In my experience, gcj is not capable of running a lot of our Java programs reliably. There are CACAO and jamvm. At least for jamvm James Page did do a test rebuild once. - Release openjdk-7 with wheezy, and do the same as with openjdk-6. The issue here is that 7 sees more changes than 6, and that the current openjdk-7 release doesn't build anymore on mips or mipsel, as communicated to the Debian mips porters, so an update would require removal of the binary mips packages. Fine if somebody wants to fix it, but apparently there is no-one interested in that. So this looks more difficult than the openjdk-6 updates. Removing the openjdk mips binaries would require changes to source packages building arch any packages and build-depending on default-jdk or openjdk. openjdk-7/7u3-2.1.3-1 is currently in testing, so we would release openjdk-7 with Wheezy? well, with an IcedTea 2.1.x release and packaging backports from experimental, but I'm not going do that for now before the next batch of OpenJDK security updates scheduled for Feb 19. Admittedly with the security bugs in Java currently, I suspect the u13 might be better for us. That said, I got the feeling that this option would include us replacing the default-jdk with openjdk-7? No. And I would not recommend 7u13 now, because it has two hotspot versions for different architectures. I believe you and I talked about dropping mips from the Java7 list if no one stepped up to assist here (at UDS-R)? I could see that happen in Jessie - actually for Java7, I suppose it could happen in Wheezy as well since OpenJDK-6 will stay (for better and for worse). As I said, dropping mips/mipsel as the only java architecture would require changes to many packages. At last Debconf in the release session I raised the issue about early architecture re-qualification for the next release cycle, so maybe delay that after that, if it doesn't come late in the jessie cycle. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/512169ab.4050...@ubuntu.com
Uploading linux (3.2.39-1)
Now that d-i rc1 is out, it's time to update the kernel in unstable. There are a huge number of pending fixes from 3.2.y (including security issues and the Samsung laptop brick bug), lots of new hardware support (particularly the DRM update), and udeb updates for armhf and for HID drivers. The curent changelog entry is below. I expect to release 3.2.39 on Tuesday, having started the review cycle this evening. This should include fixes for CVE-2013-0216, CVE-2013-0217, CVE-2013-0228 and CVE-2013-0871. Would it be OK to upload a package based on that shortly after? Are there any other urgent fixes? Ben. --- linux (3.2.38-1) UNRELEASED; urgency=low * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.36 - freezer: PF_FREEZER_NOSIG should be cleared along with PF_NOFREEZE (Closes: #697077) - tmpfs: fix shared mempolicy leak - virtio: 9p: correctly pass physical address to userspace for high pages - virtio: force vring descriptors to be allocated from lowmem - USB: EHCI: bugfix: urb-hcpriv should not be NULL - rcu: Fix batch-limit size problem - Bluetooth: ath3k: Add support for VAIO VPCEH [0489:e027] (Closes: #700550) - mvsas: fix undefined bit shift - ALSA: usb-audio: Avoid autopm calls after disconnection; Fix missing autopm for MIDI input (Closes: #664068) - target/file: Fix 32-bit highmem breakage for SGL - iovec mapping - SCSI: fix Null pointer dereference on disk error - proc: pid/status: show all supplementary groups - nfsd4: fix oops on unusual readlike compound - ARM: missing -mmap_sem around find_vma() in swp_emulate.c - sctp: fix memory leak in sctp_datamsg_from_user() when copy from user space fails - ne2000: add the right platform device - irda: sir_dev: Fix copy/paste typo - ipv4: ip_check_defrag must not modify skb before unsharing - telephony: ijx: buffer overflow in ixj_write_cid() - udf: fix memory leak while allocating blocks during write http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.37 - ext4: fix extent tree corruption caused by hole punch - jbd2: fix assertion failure in jbd2_journal_flush() - tmpfs mempolicy: fix /proc/mounts corrupting memory - sparc: huge_ptep_set_* functions need to call set_huge_pte_at() - inet: Fix kmemleak in tcp_v4/6_syn_recv_sock and dccp_v4/6_request_recv_sock - net: sched: integer overflow fix - tcp: implement RFC 5961 3.2 - tcp: implement RFC 5961 4.2 - tcp: refine SYN handling in tcp_validate_incoming - tcp: tcp_replace_ts_recent() should not be called from tcp_validate_incoming() - tcp: RFC 5961 5.2 Blind Data Injection Attack Mitigation - RDMA/nes: Fix for crash when registering zero length MR for CQ - ACPI : do not use Lid and Sleep button for S5 wakeup http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.38 - staging: comedi: comedi_test: fix race when cancelling command - mm: use aligned zone start for pfn_to_bitidx calculation - [s390] s390/time: fix sched_clock() overflow (Closes: #698382) - [i386] xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. (CVE-2013-0190) - KVM: PPC: Emulate dcbf - evm: checking if removexattr is not a NULL - ath9k_htc: Fix memory leak - ath9k: do not link receive buffers during flush - ath9k: fix double-free bug on beacon generate failure - x86/msr: Add capabilities check - can: c_can: fix invalid error codes - can: ti_hecc: fix invalid error codes - can: pch_can: fix invalid error codes - smp: Fix SMP function call empty cpu mask race - xfs: Fix possible use-after-free with AIO - EDAC: Test correct variable in -store function - samsung-laptop: Disable on EFI hardware, to avoid damaging it - NFS: Don't silently fail setattr() requests on mountpoints - intel-iommu: Prevent devices with RMRRs from being placed into SI Domain - ALSA: usb-audio: Fix regression by disconnection-race-fix patch (Closes: #696321) - printk: fix buffer overflow when calling log_prefix function from call_console_drivers [ Ben Hutchings ] * Input: wacom - fix touch support for Bamboo Fun CTH-461 * media/rc: Add iguanair driver from Linux 3.7 (Closes: #696925) * rt2800: add chipset revision RT5390R support (Closes: #696592) * [armhf/mx5] mtd: Enable MTD_BLOCK as module * [armhf/mx5] udeb: Add missing storage drivers (Closes: #697128) - Add ata-modules including libata, pata-modules including pata_imx, sata-modules including ahci_platform - Add sdhci-esdhc-imx to mmc-modules - Add mtd-modules including mtd, mtdblock and m25p80 * [armhf] udeb: Fix network driver selection - [armhf/mx5] Remove nic-modules - [armhf/vexpress] Add usb-modules - Add standard set of USB drivers to nic-usb-modules - Add nic-wireless-modules * be2net: Apply
NEW changes in stable-new
Processing changes file: nautilus_2.30.1-2squeeze2_mips.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u7ebi-0005dv...@franck.debian.org
NEW changes in stable-new
Processing changes file: libzorpll_3.3.0.12-4+squeeze1_mipsel.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u7hh3-0003iu...@franck.debian.org
NEW changes in stable-new
Processing changes file: nautilus_2.30.1-2squeeze2_mipsel.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u7ia5-0002wr...@franck.debian.org
Re: openjdk maintenance for wheezy and squeeze
Hi! Matthias Klose d...@ubuntu.com writes: - Afaik openjdk-7 for kfreebsd does build on kfreebsd (according to Damien) with the kfreebsd kernel from wheezy. So maybe some commitment could be found to upgrade and maintain the kernels before wheezy is released? Actually as far as I could narrow it down it was the squeeze/buildd schroot/sbuild combination that is not able to build openjdk-7 on kfreebsd while it worked fine for me using only schroot/sbuild from wheezy. I tried narrowing down further but went out of ideas and round-trip-time for trying things out was somewhat a show-stopper. If Damien has different/additional results I'm happy to try on that again but I guess it would be somewhat hard to get a change in for wheezy and it *should* work once wheezy is released (I'll try that again as soon as I can -- but then I'm somewhat bussy right now and wheezy RC bugs have priority). Regards Christoph -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/877gm6ryno@mitoraj.siccegge.de
Re: openjdk maintenance for wheezy and squeeze
Thanks a lot for explaining the situation and alternative paths forward. My view as a user: I only want OpenJDK7 (maybe OpenJDK8 when that becomes generally available on September 9, 2013 :-) Oracle has announced that no more new public updates of Java SE 6 will be made available after February 2013: http://www.oracle.com/technetwork/java/eol-135779.html OpenJDK6 therefore should be considered obsolete when Wheezy is released. Is there any collaboration with other distributions and/or the OpenJDK project on this ? Cheers, Andreas --- Matthias Klose: There is a bug report open for openjdk-6 in wheezy (#675495) and squeeze didn't see any security updates for several months. To summarize, no party involved is capable or willing to provide security updates based on backports of single patches to the released openjdk-6 version in a stable release. So what to do about it? - Remove openjdk-6 in wheezy. Probably would require falling back to gcj. Not recommended as a runtime environment, but should work fine for building packages, as ecj is used for byte-code compilation. Falling back to an easier-to-main jvm could be an option too, but I didn't check how well that would work. Not having a fall-back would require removing most of java in Debian. - Updating to openjdk-7 in wheezy would not solve any issues from my point of view, and it would need some porting of packages to 7, and probably removing some packages which are not yet ported. Otoh removing openjdk-7 for wheezy could be an option if only one version should be supported for a stable release. - Release openjdk-6 with wheezy, and provide security support by updating to new OpenJDK and IcedTea versions. Usually this does include some backports and other fixes. The potential for regressions could be higher, however even the single security fixes show regressions, as shown by the last security update on Feb 1. These builds could be provided as security updates, updates to the stable releases, or as backports. As a proof of concept, see [1]. - Release openjdk-7 with wheezy, and do the same as with openjdk-6. The issue here is that 7 sees more changes than 6, and that the current openjdk-7 release doesn't build anymore on mips or mipsel, as communicated to the Debian mips porters, so an update would require removal of the binary mips packages. Fine if somebody wants to fix it, but apparently there is no-one interested in that. So this looks more difficult than the openjdk-6 updates. Removing the openjdk mips binaries would require changes to source packages building arch any packages and build-depending on default-jdk or openjdk. We should find a solution where the resources are available to handle this solution. In the OpenJDK team, I think it's safe to assume that Torsten Werner isn't currently working on openjdk anymore and recently I got an email from Damien Raude-Morvan, that he can't work on OpenJDK-7 in the forseeable future anymore. Apparently one of the security team members who did work on OpenJDK security updates left the team too. I think that moving maintainership to the Debian Java team would just make the maintainership issue less explicit. While not a that important issue, the mips and kfreebsd issue could be improved as well: - The mipsel porter box is again down for several months. Having a porter box to test backports would be appreciated (yes, openjdk-7 in experimental currently fails on mips, not mipsel). - Afaik openjdk-7 for kfreebsd does build on kfreebsd (according to Damien) with the kfreebsd kernel from wheezy. So maybe some commitment could be found to upgrade and maintain the kernels before wheezy is released? Matthias [1] deb http://people.debian.org/~doko/tmp/openjdk-6-squeeze ./ -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5121c991.5020...@ping.de
Processed: Re: Bug#700675: Bug#696369: Bug#700675: pu: package fusionforge/5.0.2-5+squeeze1
Processing control commands: tags 700675 + pending Bug #700675 [release.debian.org] pu: package fusionforge/5.0.2-5+squeeze1 Added tag(s) pending. -- 696369: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696369 700675: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700675 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b696369.136117006515759.transcr...@bugs.debian.org
Bug#700675: Bug#696369: Bug#700675: pu: package fusionforge/5.0.2-5+squeeze1
Control: tags 700675 + pending On Sun, 2013-02-17 at 19:45 +, Adam D. Barratt wrote: On Sun, 2013-02-17 at 20:25 +0100, Roland Mas wrote: Andreas Beckmann, 2013-02-16 12:03:01 +0100 : The fusionforge packages are not really in a good shape for automated testing (e.g. #678025, #662897) ... and I never used fusionforge myself, so I don't know how to properly test it manually. Therefore I'm a bit reluctant to NMU fusionforge without having a positive comment on the patch by the maintainer. Thank you for looking into this; I must confess I'm slacking in my duty as a maintainer of the fusionforge packages these days. The patch looks good to me, and I'd appreciate the NMU, please. Thanks for the comments. Andreas, if you'd still like to get this in to 6.0.7 then please go ahead, but bear in mind the somewhat tight time constraints. Flagged for acceptance. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1361170054.20472.123.ca...@jacala.jungle.funky-badger.org
Processed: Re: Bug#700675: Bug#696369: Bug#700675: pu: package fusionforge/5.0.2-5+squeeze1
Processing control commands: tags 700675 + pending Bug #700675 [release.debian.org] pu: package fusionforge/5.0.2-5+squeeze1 Ignoring request to alter tags of bug #700675 to the same tags previously set -- 700675: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700675 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b700675.136117006515750.transcr...@bugs.debian.org
Bug#700167: marked as done (unblock openssh/1:6.0p1-4)
Your message dated Mon, 18 Feb 2013 07:46:36 +0100 with message-id 5121ce4c.4040...@thykier.net and subject line Re: Bug#700163: pu: package openssh/1:5.5p1-6+squeeze3 has caused the Debian Bug report #700167, regarding unblock openssh/1:6.0p1-4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 700167: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700167 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: pu I'd like to upload to stable to fix #700102. (Actually I've already uploaded this because I forgot I was supposed to ask first - whoops - so it's in a queue somewhere already.) This is a DoS fix, but since a member of the security team (CCed) reported it and requested an upload to stable, I assume they don't think it's worth issuing a DSA. Here's the diff. diff -Nru openssh-5.5p1/debian/changelog openssh-5.5p1/debian/changelog --- openssh-5.5p1/debian/changelog 2012-02-20 15:18:05.0 + +++ openssh-5.5p1/debian/changelog 2013-02-08 21:39:18.0 + @@ -1,3 +1,10 @@ +openssh (1:5.5p1-6+squeeze3) stable; urgency=low + + * CVE-2010-5107: Improve DoS resistance by changing default of MaxStartups +to 10:30:100 (closes: #700102). + + -- Colin Watson cjwat...@debian.org Fri, 08 Feb 2013 21:39:15 + + openssh (1:5.5p1-6+squeeze2) stable; urgency=high * CVE-2012-0814: Don't send the actual forced command in a debug message, diff -Nru openssh-5.5p1/debian/patches/max-startups-default.patch openssh-5.5p1/debian/patches/max-startups-default.patch --- openssh-5.5p1/debian/patches/max-startups-default.patch 1970-01-01 01:00:00.0 +0100 +++ openssh-5.5p1/debian/patches/max-startups-default.patch 2013-02-08 21:36:08.0 + @@ -0,0 +1,57 @@ +Description: Change default of MaxStartups to 10:30:100 + This causes sshd to start doing random early drop at 10 connections up to + 100 connections. This will make it harder to DoS as CPUs have come a long + way since the original value was set back in 2000. +Author: Darren Tucker +Origin: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234 +Origin: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156 +Origin: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89 +Bug-Debian: http://bugs.debian.org/700102 +Forwarded: not-needed +Last-Update: 2013-02-08 + +Index: b/servconf.c +=== +--- a/servconf.c b/servconf.c +@@ -249,11 +249,11 @@ + if (options-gateway_ports == -1) + options-gateway_ports = 0; + if (options-max_startups == -1) +- options-max_startups = 10; ++ options-max_startups = 100; + if (options-max_startups_rate == -1) +- options-max_startups_rate = 100; /* 100% */ ++ options-max_startups_rate = 30;/* 30% */ + if (options-max_startups_begin == -1) +- options-max_startups_begin = options-max_startups; ++ options-max_startups_begin = 10; + if (options-max_authtries == -1) + options-max_authtries = DEFAULT_AUTH_FAIL_MAX; + if (options-max_sessions == -1) +Index: b/sshd_config +=== +--- a/sshd_config b/sshd_config +@@ -102,7 +102,7 @@ + #ClientAliveCountMax 3 + #UseDNS yes + #PidFile /var/run/sshd.pid +-#MaxStartups 10 ++#MaxStartups 10:30:100 + #PermitTunnel no + #ChrootDirectory none + +Index: b/sshd_config.5 +=== +--- a/sshd_config.5 b/sshd_config.5 +@@ -672,7 +672,7 @@ + Additional connections will be dropped until authentication succeeds or the + .Cm LoginGraceTime + expires for a connection. +-The default is 10. ++The default is 10:30:100. + .Pp + Alternatively, random early drop can be enabled by specifying + the three colon separated values diff -Nru openssh-5.5p1/debian/patches/series openssh-5.5p1/debian/patches/series --- openssh-5.5p1/debian/patches/series 2012-02-20 02:22:06.0 + +++ openssh-5.5p1/debian/patches/series 2013-02-08 21:36:03.0 + @@ -29,6 +29,7 @@ # Security fixes forced-command-debug-security.patch +max-startups-default.patch # Versioning package-versioning.patch Thanks, -- Colin Watson [cjwat...@debian.org] ---End
NEW changes in stable-new
Processing changes file: fusionforge_5.0.2-5+squeeze1_amd64.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1u7kjn-sl...@franck.debian.org
Re: openjdk maintenance for wheezy and squeeze
Niels Thykier: - Updating to openjdk-7 in wheezy would not solve any issues from my point of view, and it would need some porting of packages to 7, and probably removing some packages which are not yet ported. Otoh removing openjdk-7 for wheezy could be an option if only one version should be supported for a stable release. We tried to accomplish this (replacing openjdk-6 with openjdk-7) a couple of months before the freeze; there was too much then and the freeze has not changed that. * Even if we were to change the default to OpenJDK-7, we would still have a lot way to go before we could get rid of OpenJDK-6. Can you provide more info on what too much and a lot consists of ? Cheers, Andreas -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5121d6d5.5040...@ping.de
Re: openjdk maintenance for wheezy and squeeze
On 2013-02-18 08:23, Andreas Kuckartz wrote: Niels Thykier: - Updating to openjdk-7 in wheezy would not solve any issues from my point of view, and it would need some porting of packages to 7, and probably removing some packages which are not yet ported. Otoh removing openjdk-7 for wheezy could be an option if only one version should be supported for a stable release. We tried to accomplish this (replacing openjdk-6 with openjdk-7) a couple of months before the freeze; there was too much then and the freeze has not changed that. * Even if we were to change the default to OpenJDK-7, we would still have a lot way to go before we could get rid of OpenJDK-6. Can you provide more info on what too much and a lot consists of ? Cheers, Andreas Certainly (btw, I meant to write s/a lot/a long/). When we tried to replace OpenJDK-6 with OpenJDK-7 as default-java, we mostly focused on problems that would occur by OpenJDK-7 now being the JDK used for building. We mostly ignored all the packages that explicitly (build-)depended on OpenJDK-6. The todo list I used for this purpose is available at [1]. Keep in mind that it hasn't been updated for 6-8 months now (but given the freeze, I doubt there has been a lot of improvement in this area). ~Niels [1] http://titanpad.com/WciYqDGRNd -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5121da25.2020...@thykier.net