Re: First autoremovals happen in about 8 days
Hi Bill, Bill Allombert wrote (07 Oct 2013 22:04:21 GMT) : I am concerned that in the event a package is removed from testing, the people most interested with restoring the package will miss the removal, since the package will stay installed on their systems. I believe there are good chances that this kind of people realize that there's a problem at some point, if they're particularly interested in this package: either they're directly affected by the RC bugs affecting this package (it was removed for a reason, uh), or they'll miss some new feature implemented in a newer upstream version and will wonder why it's not in testing yet, or they'll suffer from some other bug and will have a look at the PTS. In all of this cases, $PACKAGE is not in testing anymore is likely to be a stronger help is needed signal for them than the mere presence of RC bugs. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/857gdop4tb@boum.org
Bug#725748: pu: package netcfg/1.108
Control: tags -1 + confirmed On 2013-10-08 0:21, Cyril Brulebois wrote: (first off, sorry for being so late. I would understand punting that until 7.3, etc.) due to check's being broken (#712140) and netcfg's trying to use its pkgconfig file in its master branch, netcfg's #717449 is still unfixed in unstable. The fix I suggested was tested live by Michael, though, and Philipp happily pushed it to git. That's why it doesn't look too insane to me to try and get that into stable now, to lower user surprise when it comes to autoconfigured network after installation. If we could get the upload in ASAP (today would be nice :-) then I'm willing to defer to your judgement on d-i stuff. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/15d0a5393afba31544e10c6982a7d...@mail.adsl.funky-badger.org
Processed: Re: Bug#725748: pu: package netcfg/1.108
Processing control commands: tags -1 + confirmed Bug #725748 [release.debian.org] pu: package netcfg/1.108 Added tag(s) confirmed. -- 725748: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725748 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b725748.138122967726239.transcr...@bugs.debian.org
Processed: Re: Bug#725751: pu: package iso-scan/1.43
Processing control commands: tags -1 + confirmed Bug #725751 [release.debian.org] pu: package iso-scan/1.43 Added tag(s) confirmed. -- 725751: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725751 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b725751.138122976527306.transcr...@bugs.debian.org
Bug#725751: pu: package iso-scan/1.43
Control: tags -1 + confirmed On 2013-10-08 0:41, Cyril Brulebois wrote: here's another tiny update I'd like to see in stable. Due to a simple error in the state machine, asking the installer to perform a full search (“2nd pass”) to find an ISO image harder would lead back to the 1st pass. This issue was user-reported, user-patched, and fixed in unstable almost a month ago. I think this request can be put in the “nice to have even though not critical” bucket, so definitely OK to delay until 7.3 (yet small enough to be considered for 7.2 though). Again, if we can get it sorted quickly then I'm okay with deferring to the d-i RM. :) Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4ccbfadfb2df4d82543be1e079edd...@mail.adsl.funky-badger.org
Bug#725790: pu: ejabberd/2.1.10-4+deb7u1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Tags: wheezy Usertags: pu Please let ejabberd/2.1.10-4+deb7u1 enter Wheezy. The proposed version is built upon 2.1.10-5 [1] which was prepared for the first Wheezy point release but missed it by a narrow margin. Additionally two more bugs were fixed: * Disabled SSLv2 and weak cyphers in TLS driver [2]. * Fixed rendering of angle brackets in logs produced for multi-user chat (MUC) rooms when a plain-text format is enabled for them (resulting in nicknames disappearing from these logs and similar issues) [3]. I have verified both of these bugfixes work as intended. Please see the attached debdiff. It's a bit large but please notice that half of it is the unborn 2.1.10-5. 1. http://bugs.debian.org/706209 2. http://bugs.debian.org/724992 3. http://bugs.debian.org/724994 diff -u ejabberd-2.1.10/debian/NEWS ejabberd-2.1.10/debian/NEWS --- ejabberd-2.1.10/debian/NEWS +++ ejabberd-2.1.10/debian/NEWS @@ -1,3 +1,16 @@ +ejabberd (2.1.10-4+deb7u1) unstable; urgency=low + + This release adds support for the SCRAM-SHA-1 authentication mecnahism. + If the fully-qualified hostname of the server differs from the name + of the XMPP domain it serves, in order for this mechanism to work + with compliant clients, a modification should be made to the ejabberd's + configuration file. + + Please consult the section Using SCRAM-SHA-1 authentication mechanism + in the README.Debian file for detailed information. + + -- Konstantin Khomoutov flatw...@users.sourceforge.net Thu, 16 May 2013 13:27:56 + + ejabberd (2.1.8-1) unstable; urgency=low This release drops support for the @recent@ shared roster group diff -u ejabberd-2.1.10/debian/changelog ejabberd-2.1.10/debian/changelog --- ejabberd-2.1.10/debian/changelog +++ ejabberd-2.1.10/debian/changelog @@ -1,3 +1,22 @@ +ejabberd (2.1.10-4+deb7u1) unstable; urgency=low + + [ Konstantin Khomoutov ] + * Add patch fixing parsing of optional parameters in SCRAM SHA-1 headers +(closes: #705613, thanks to Stephen Röttger for both writing the +original patch and backporting it to 2.1.10). + * Explain the fqdn configuration file option which has to be used +in certain setups for the SCRAM-SHA-1 to work with complying clients. +Mention this fact in the NEWS file. (Closes: #706590) + * Add upstream patch fixing incorrect escaping of a single quote character +in SQL queries generated by the ODBC storage backend (closes: #708151, +thanks to Vladislav Chugunov). + * Add upstream patches disabling SSLv2 and weak cyphers in TLS driver +(closes: #724992). + * Add patch (extracted from upstream) which fixes rendering of angle +brackets in plain-text MUC logs (closes: #724994). + + -- Konstantin Khomoutov flatw...@users.sourceforge.net Sun, 29 Sep 2013 21:48:11 +0400 + ejabberd (2.1.10-4) unstable; urgency=low [ Konstantin Khomoutov ] diff -u ejabberd-2.1.10/debian/README.Debian ejabberd-2.1.10/debian/README.Debian --- ejabberd-2.1.10/debian/README.Debian +++ ejabberd-2.1.10/debian/README.Debian @@ -14,6 +14,7 @@ 6. Upgrading from 2.0.x series 6.1 Changes in ejabberdctl program 6.2 Changes in logging +7. Using SCRAM-SHA-1 authentication mechanism 1. Running @@ -361,6 +362,47 @@ to --erlang-log to match the change above. +7. Using SCRAM-SHA-1 authentication mechanism += + +Since version 2.1.9 ejabberd supports the SCRAM-SHA-1 authentication +mechanism (which, among other things, allows to not store passwords of +XMPP accounts in clear text if the internal database backend is used +for storage). This authentication process implemented by this +mechanism includes the client sending a so-called digest URI which +includes the server's identity as perceived by the connecting client. +The SCRAM-SHA-1 RFC document requires this identity to be the +fully-qualified host name of the server. This hostname is typically +obtained by the client by looking up a server-specific DNS record of +type SRV for the XMPP domain the client wants to register in. + +Unfortunately, the current implementation of SCRAM-SHA-1 in ejabberd +is not able to perform the same kind of DNS query as used by the +clients to know its canonical fully-qualified host name. +Consequently, if the actual hostname of the server differs from the +name of the XMPP domain it serves, a special option should be included +in the configuration file to let the server know its hostname as seen +by its clients. This configuration option is called fqdn and it +expects a single argument -- the fully-qualified hostname of the +server, as recorded in the appropriate DNS SRV record for the server. +An example of its usage: + +{fqdn, foo.example.com}. + +It worth repeating that if the server's hostname is not different from +the name of XMPP domain it servers (for instance, the XMPP domain is +example.com and the server's hostname is also
Bug#725791: pu: ejabberd/2.1.5-3+squeeze2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Tags: squeeze Usertags: pu Please let ejabberd/2.1.5-3+squeeze2 enter Squeeze. It fixes just a single security bug [1]: by disabling SSLv2 and weak cyphers in TLS driver (this bug is itself a clone of [2] which has been filed against the version in Sid and is intended to be fixed by [3]). Please see the attached debdiff. 1. http://bugs.debian.org/724993 2. http://bugs.debian.org/722105 3. http://bugs.debian.org/725790 diff -u ejabberd-2.1.5/debian/changelog ejabberd-2.1.5/debian/changelog --- ejabberd-2.1.5/debian/changelog +++ ejabberd-2.1.5/debian/changelog @@ -1,3 +1,9 @@ +ejabberd (2.1.5-3+squeeze2) stable-security; urgency=low + + * Disable SSLv2 and weak/export cyphers in TLS driver (closes: #724993). + + -- Konstantin Khomoutov flatw...@users.sourceforge.net Mon, 30 Sep 2013 17:10:02 +0400 + ejabberd (2.1.5-3+squeeze1) stable-security; urgency=high * Non-maintainer upload by the Security Team. diff -u ejabberd-2.1.5/debian/patches/series ejabberd-2.1.5/debian/patches/series --- ejabberd-2.1.5/debian/patches/series +++ ejabberd-2.1.5/debian/patches/series @@ -10,0 +11,2 @@ +disable-ssl2.patch +disable-insecure-ssl-cyphers.patch only in patch2: unchanged: --- ejabberd-2.1.5.orig/debian/patches/disable-ssl2.patch +++ ejabberd-2.1.5/debian/patches/disable-ssl2.patch @@ -0,0 +1,36 @@ +Description: Disable SSLv2 in the TLS driver + SSL 2.0 is not used anywhere as it has security problems. + Disable it unconditionally both in server and client mode. + This does not disable support for SSL 2.0 compatible client + hello which still will be accepted in the server mode. + . + This patch is a backport of changes introduced by the commit + e06c1c49c14c3f56cf4ddae080514f7802669335 in the upstream Git repository + to the ejabberd code base as of version 2.1.12. +Author: Janusz Dziemidowicz rrapt...@nails.eu.org +Forwarded: not-needed +Last-Update: 2013-09-29 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/src/tls/tls_drv.c b/src/tls/tls_drv.c +@@ -344,6 +344,8 @@ + res = SSL_CTX_check_private_key(ctx); + die_unless(res 0, SSL_CTX_check_private_key failed); + ++ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET); ++ + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); + SSL_CTX_set_default_verify_paths(ctx); + +@@ -370,10 +372,8 @@ +SSL_set_bio(d-ssl, d-bio_read, d-bio_write); + +if (command == SET_CERTIFICATE_FILE_ACCEPT) { +- SSL_set_options(d-ssl, SSL_OP_NO_TICKET); + SSL_set_accept_state(d-ssl); +} else { +- SSL_set_options(d-ssl, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET); + SSL_set_connect_state(d-ssl); +} +break; only in patch2: unchanged: --- ejabberd-2.1.5.orig/debian/patches/disable-insecure-ssl-cyphers.patch +++ ejabberd-2.1.5/debian/patches/disable-insecure-ssl-cyphers.patch @@ -0,0 +1,34 @@ +Description: Disable old and insecure cyphers in TLS driver + Disabled: + * Export ciphers - broken by design, 40 and 56 bit encryption. + * Low encryption ciphers - 56 and 64 bit encryption. + * SSLv2 ciphers - some ciphers using MD5 MAC. + . + This patch is a backport of changes introduced by the commit + d2d51381ec3fea97d0bd968cd7ffed2364b644c6 in the upstream Git repository + to the ejabberd code base as of version 2.1.12. +Author: Janusz Dziemidowicz rrapt...@nails.eu.org +Forwarded: not-needed +Last-Update: 2013-09-29 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/src/tls/tls_drv.c b/src/tls/tls_drv.c +@@ -44,6 +44,8 @@ + #define SSL_OP_NO_TICKET 0 + #endif + ++#define CIPHERS DEFAULT:!EXPORT:!LOW:!SSLv2 ++ + /* + * str_hash is based on the public domain code from + * http://www.burtleburtle.net/bob/hash/doobs.html +@@ -346,6 +348,8 @@ + + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET); + ++ SSL_CTX_set_cipher_list(ctx, CIPHERS); ++ + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); + SSL_CTX_set_default_verify_paths(ctx); +
Processed: merge 706209 725790
Processing commands for cont...@bugs.debian.org: merge 706209 725790 Bug #706209 [release.debian.org] pu: ejabberd/2.1.10-4+deb7u1 Bug #725790 [release.debian.org] pu: ejabberd/2.1.10-4+deb7u1 Added tag(s) confirmed. Merged 706209 725790 End of message, stopping processing here. Please contact me if you need assistance. -- 706209: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706209 725790: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725790 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.138123779514778.transcr...@bugs.debian.org
Bug#706799: marked as done (pu: net-snmp/5.4.3-3+wheezy1)
Your message dated Tue, 8 Oct 2013 22:22:07 +0900 with message-id 2013100807.b6b5d1653f3e39c2b76a1...@debian.or.jp and subject line Re: Bug#706799: pu: net-snmp/5.4.3-3+wheezy1 has caused the Debian Bug report #706799, regarding pu: net-snmp/5.4.3-3+wheezy1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 706799: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706799 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Tags: wheezy User: release.debian@packages.debian.org Usertags: pu I'd like to upload net-snmp package due to fix piuparts failure with upgrade to newer version. Please check attached debdiff (as I mistake, it contains unnecessary .ex file but not remove it, just as is) -- Regards, Hideki Yamane henrich @ debian.or.jp/org http://wiki.debian.org/HidekiYamane diff -Nru net-snmp-5.4.3~dfsg/debian/changelog net-snmp-5.4.3~dfsg/debian/changelog --- net-snmp-5.4.3~dfsg/debian/changelog 2012-11-24 22:06:46.0 +0900 +++ net-snmp-5.4.3~dfsg/debian/changelog 2013-05-05 14:38:52.0 +0900 @@ -1,3 +1,19 @@ +net-snmp (5.4.3~dfsg-3+wheezy1) stable-proposed-updates; urgency=low + + * Rebuild for wheezy. + + -- Hideki Yamane henr...@debian.org Sun, 05 May 2013 14:37:40 +0900 + +net-snmp (5.4.3~dfsg-3) unstable; urgency=low + + * debian/rules +- remove override_dh_installdoc, install each docs and copyright files to + avoid piuparts test failure + * debian/libsnmp*.preinst +- ensure remove symlink + + -- Hideki Yamane henr...@debian.org Fri, 26 Apr 2013 23:30:39 +0900 + net-snmp (5.4.3~dfsg-2.7) unstable; urgency=low * Non-maintainer upload. diff -Nru net-snmp-5.4.3~dfsg/debian/control net-snmp-5.4.3~dfsg/debian/control --- net-snmp-5.4.3~dfsg/debian/control 2012-05-28 01:14:32.0 +0900 +++ net-snmp-5.4.3~dfsg/debian/control 2013-04-26 23:32:22.0 +0900 @@ -2,7 +2,7 @@ Section: net Priority: optional Maintainer: Net-SNMP Packaging Team pkg-net-snmp-de...@lists.alioth.debian.org -Uploaders: Jochen Friedrich joc...@scram.de, Thomas Anders tand...@users.sourceforge.net, Noah Meyerhans no...@debian.org +Uploaders: Jochen Friedrich joc...@scram.de, Thomas Anders tand...@users.sourceforge.net, Noah Meyerhans no...@debian.org, Hideki Yamane henr...@debian.org Build-Depends: debhelper (= 7.0.50~), libtool, libwrap0-dev, libssl-dev ( 0.9.8), perl (=5.8), libperl-dev, python-all-dev (= 2.5.4-1~), python-central (=0.5.6), python (=2.3.5-7), python-setuptools (=0.6b3), autoconf, automake1.9, autotools-dev, debianutils (=1.13.1), bash (=2.05), findutils (=4.1.20), procps, libbsd-dev [kfreebsd-any], libkvm-dev [kfreebsd-any], libsensors4-dev [linux-any] Standards-Version: 3.8.4 Vcs-Svn: svn://svn.debian.org/pkg-net-snmp/ diff -Nru net-snmp-5.4.3~dfsg/debian/libsnmp-dev.preinst net-snmp-5.4.3~dfsg/debian/libsnmp-dev.preinst --- net-snmp-5.4.3~dfsg/debian/libsnmp-dev.preinst 1970-01-01 09:00:00.0 +0900 +++ net-snmp-5.4.3~dfsg/debian/libsnmp-dev.preinst 2013-04-27 21:51:52.0 +0900 @@ -0,0 +1,28 @@ +#!/bin/sh + +docdir=/usr/share/doc/libsnmp-dev + +set -e + +case $1 in +install|upgrade) + if [ -h $docdir ]; then + rm -rf $docdir + fi +;; + +abort-upgrade) +;; + +*) +echo preinst called with unknown argument \`$1' 2 +exit 1 +;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff -Nru net-snmp-5.4.3~dfsg/debian/libsnmp-perl.preinst net-snmp-5.4.3~dfsg/debian/libsnmp-perl.preinst --- net-snmp-5.4.3~dfsg/debian/libsnmp-perl.preinst 1970-01-01 09:00:00.0 +0900 +++ net-snmp-5.4.3~dfsg/debian/libsnmp-perl.preinst 2013-04-27 21:52:05.0 +0900 @@ -0,0 +1,28 @@ +#!/bin/sh + +docdir=/usr/share/doc/libsnmp-perl + +set -e + +case $1 in +install|upgrade) + if [ -h $docdir ]; then + rm -rf $docdir + fi +;; + +abort-upgrade) +;; + +*) +echo preinst called with unknown argument \`$1' 2 +exit 1 +;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff -Nru net-snmp-5.4.3~dfsg/debian/libsnmp15-dbg.preinst net-snmp-5.4.3~dfsg/debian/libsnmp15-dbg.preinst --- net-snmp-5.4.3~dfsg/debian/libsnmp15-dbg.preinst 1970-01-01 09:00:00.0 +0900 +++ net-snmp-5.4.3~dfsg/debian/libsnmp15-dbg.preinst 2013-04-27 21:51:16.0 +0900 @@ -0,0 +1,28 @@ +#!/bin/sh + +docdir=/usr/share/doc/libsnmp15-dbg + +set -e +
Bug#706209: unblock: ejabberd 2.1.10-5
On Mon, 19 Aug 2013 21:25:30 +0100 Adam D. Barratt a...@adam-barratt.org.uk wrote: On Wed, 2013-05-22 at 22:15 +0100, Adam D. Barratt wrote: On Sat, 2013-05-11 at 18:26 +0100, Adam D. Barratt wrote: On Fri, 2013-04-26 at 15:46 +0400, Konstantin Khomoutov wrote: It fixes one important bug [1] which prevents certain (correct) XMPP client implementations (namely, the XMPP library used by git-annex) to authenticate against the ejabberd server while using the SCRAM SHA-1 SASL authentication mechanism. Please go ahead with a stable upload, using 2.1.10-4+deb7u1 as the version and wheezy as the distribution. Any news on that? Ping? Sorry for insanely huge delay! I got drowned in paywork/RL and lost track of my outstanding Debian bugs, so I'm getting grip on them back. The mentioned version 2.1.10-4+deb7u1 is 2.1.10-5 currently in unstable and testing, which missed the previous Wheezy point release. Since that time, two more important bugs have been filed, affecting Wheezy so we created another package with the version 2.1.10-4+deb7u1 which is built upon 2.1.10-5 adding fixes for those two bugs. I have errorneously filed a new pu bug for this prospective upload, [1], and then was advised by my uploader to merge it with this one which I have already done. I'll reproduce the excerpt from [1] here for easier access. In addition to the changes introduced in 2.1.10-5, two more bugs have been fixed: * Disabled SSLv2 and weak cyphers in TLS driver [2]. * Fixed rendering of angle brackets in logs produced for multi-user chat (MUC) rooms when a plain-text format is enabled for them (resulting in nicknames disappearing from these logs and similar issues) [3]. I have verified both of these bugfixes work as intended. Please see the attached debdiff. It's a bit large but please notice that half of it is the unborn 2.1.10-5. 1. http://bugs.debian.org/725790 2. http://bugs.debian.org/724992 3. http://bugs.debian.org/724994 diff -u ejabberd-2.1.10/debian/NEWS ejabberd-2.1.10/debian/NEWS --- ejabberd-2.1.10/debian/NEWS +++ ejabberd-2.1.10/debian/NEWS @@ -1,3 +1,16 @@ +ejabberd (2.1.10-4+deb7u1) unstable; urgency=low + + This release adds support for the SCRAM-SHA-1 authentication mecnahism. + If the fully-qualified hostname of the server differs from the name + of the XMPP domain it serves, in order for this mechanism to work + with compliant clients, a modification should be made to the ejabberd's + configuration file. + + Please consult the section Using SCRAM-SHA-1 authentication mechanism + in the README.Debian file for detailed information. + + -- Konstantin Khomoutov flatw...@users.sourceforge.net Thu, 16 May 2013 13:27:56 + + ejabberd (2.1.8-1) unstable; urgency=low This release drops support for the @recent@ shared roster group diff -u ejabberd-2.1.10/debian/changelog ejabberd-2.1.10/debian/changelog --- ejabberd-2.1.10/debian/changelog +++ ejabberd-2.1.10/debian/changelog @@ -1,3 +1,22 @@ +ejabberd (2.1.10-4+deb7u1) unstable; urgency=low + + [ Konstantin Khomoutov ] + * Add patch fixing parsing of optional parameters in SCRAM SHA-1 headers +(closes: #705613, thanks to Stephen Röttger for both writing the +original patch and backporting it to 2.1.10). + * Explain the fqdn configuration file option which has to be used +in certain setups for the SCRAM-SHA-1 to work with complying clients. +Mention this fact in the NEWS file. (Closes: #706590) + * Add upstream patch fixing incorrect escaping of a single quote character +in SQL queries generated by the ODBC storage backend (closes: #708151, +thanks to Vladislav Chugunov). + * Add upstream patches disabling SSLv2 and weak cyphers in TLS driver +(closes: #724992). + * Add patch (extracted from upstream) which fixes rendering of angle +brackets in plain-text MUC logs (closes: #724994). + + -- Konstantin Khomoutov flatw...@users.sourceforge.net Sun, 29 Sep 2013 21:48:11 +0400 + ejabberd (2.1.10-4) unstable; urgency=low [ Konstantin Khomoutov ] diff -u ejabberd-2.1.10/debian/README.Debian ejabberd-2.1.10/debian/README.Debian --- ejabberd-2.1.10/debian/README.Debian +++ ejabberd-2.1.10/debian/README.Debian @@ -14,6 +14,7 @@ 6. Upgrading from 2.0.x series 6.1 Changes in ejabberdctl program 6.2 Changes in logging +7. Using SCRAM-SHA-1 authentication mechanism 1. Running @@ -361,6 +362,47 @@ to --erlang-log to match the change above. +7. Using SCRAM-SHA-1 authentication mechanism += + +Since version 2.1.9 ejabberd supports the SCRAM-SHA-1 authentication +mechanism (which, among other things, allows to not store passwords of +XMPP accounts in clear text if the internal database backend is used +for storage). This authentication process implemented by this +mechanism includes the client sending a so-called digest URI which +includes the server's identity as perceived by the connecting client. +The
Re: First autoremovals happen in about 8 days
On Mon, 7 Oct 2013, Bill Allombert wrote: I am concerned that in the event a package is removed from testing, the people most interested with restoring the package will miss the removal, since the package will stay installed on their systems. Would this be addressed by building some mechanism (making tombstone packages comes to mind, but there are many options) for apt to prompt to remove packages that were removed in the archive? I find myself having to do some package-origin queries with aptitude and some cross-checking with the PTS _anyway_ when upgrading a nontrivially-complicated system (including one that ever ran testing) between releases, so this seems like it's likely to be worth building regardless. -- Geoffrey Thomas http://ldpreload.com geo...@ldpreload.com -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/alpine.deb.2.00.1310080940110.16...@dr-wily.mit.edu
Processed: Re: Bug#725751: pu: package iso-scan/1.43
Processing control commands: tags -1 + pending Bug #725751 [release.debian.org] pu: package iso-scan/1.43 Added tag(s) pending. -- 725751: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725751 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b725751.138125735317353.transcr...@bugs.debian.org
Bug#725751: pu: package iso-scan/1.43
Control: tags -1 + pending On Tue, 2013-10-08 at 11:55 +0100, Adam D. Barratt wrote: On 2013-10-08 0:41, Cyril Brulebois wrote: here's another tiny update I'd like to see in stable. Due to a simple error in the state machine, asking the installer to perform a full search (“2nd pass”) to find an ISO image harder would lead back to the 1st pass. This issue was user-reported, user-patched, and fixed in unstable almost a month ago. I think this request can be put in the “nice to have even though not critical” bucket, so definitely OK to delay until 7.3 (yet small enough to be considered for 7.2 though). Again, if we can get it sorted quickly then I'm okay with deferring to the d-i RM. :) Flagged for acceptance. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1381257346.17493.12.ca...@jacala.jungle.funky-badger.org
Bug#725748: pu: package netcfg/1.108
Control: tags -1 + pending On Tue, 2013-10-08 at 11:54 +0100, Adam D. Barratt wrote: On 2013-10-08 0:21, Cyril Brulebois wrote: (first off, sorry for being so late. I would understand punting that until 7.3, etc.) due to check's being broken (#712140) and netcfg's trying to use its pkgconfig file in its master branch, netcfg's #717449 is still unfixed in unstable. The fix I suggested was tested live by Michael, though, and Philipp happily pushed it to git. That's why it doesn't look too insane to me to try and get that into stable now, to lower user surprise when it comes to autoconfigured network after installation. If we could get the upload in ASAP (today would be nice :-) then I'm willing to defer to your judgement on d-i stuff. Flagged for acceptance. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1381257318.17493.11.ca...@jacala.jungle.funky-badger.org
Processed: Re: Bug#725748: pu: package netcfg/1.108
Processing control commands: tags -1 + pending Bug #725748 [release.debian.org] pu: package netcfg/1.108 Added tag(s) pending. -- 725748: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725748 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b725748.138125733017247.transcr...@bugs.debian.org
Bug#725311: pu: Getting Debian Edu 7.1+edu0 into the Upcoming stable point release (7.2)
Control: tags -1 + pending On Mon, 2013-10-07 at 21:24 +0200, Holger Levsen wrote: [21:11] h01ger | adsb: what do you think about uploading debian-edu 1.713 (=jessie + edu0 release version) with chmsee and debian-edu-config-gosa-netgroup recommends removed? (i mostly ask because someone forget to keep a tag for 1.702 (sigh!!) and i'd like to upload something which is based on a sane $vcs version) [...] [21:13] h01ger | (and people who need this functionality can just install -edu-config-gosa-netgroups manually) [21:13] h01ger | so i'll do this instead then. great! :-) That happened and, with a short stopover in NEW, debian-edu 1.713+deb7u1 is now in proposed-updates. As per your comments on IRC, slbackup has not been uploaded at this point, to allow some more time for testing, review and so on. [21:15] adsb that leaves -config in the to consider for 7.3 pile [21:18] h01ger | yes To makes things easier to track (at least from the Release side), I'm going to flag this bug as pending now, and use it to track those changes which made it in to 7.2. Please open a (or some) new bug in order to track updates for 7.3; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1381259172.17493.18.ca...@jacala.jungle.funky-badger.org
Processed: Re: Bug#725311: pu: Getting Debian Edu 7.1+edu0 into the Upcoming stable point release (7.2)
Processing control commands: tags -1 + pending Bug #725311 [release.debian.org] pu: Getting Debian Edu 7.1+edu0 into the Upcoming stable point release (7.2) Added tag(s) pending. -- 725311: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725311 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b725311.138125918230443.transcr...@bugs.debian.org
NEW changes in stable-new
Processing changes file: netcfg_1.108+deb7u1_amd64.changes ACCEPT Processing changes file: iso-scan_1.43+deb7u1_amd64.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1vtcje-0005gz...@franck.debian.org
Bug#725311: pu: Getting Debian Edu 7.1+edu0 into the Upcoming stable point release (7.2)
severity 662914 serious thanks Hi Adam, On Dienstag, 8. Oktober 2013, Adam D. Barratt wrote: That happened and, with a short stopover in NEW, debian-edu 1.713+deb7u1 is now in proposed-updates. yay, thanks! As per your comments on IRC, slbackup has not been uploaded at this point, to allow some more time for testing, review and so on. yup. To be a bit more verbose than I was on IRC: a.) I think we do need to deal with #662914 in wheezy. It has been fixed in 0.0.12-4 which is sid+jessie. #662914 causes slbackup-php not to run backups via cron, so IMO this bug is also serious, not important. (Shall b.) And our fix for #662914 needs to be made more reobust as suggested in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662914#27 To makes things easier to track (at least from the Release side), I'm going to flag this bug as pending now, and use it to track those changes which made it in to 7.2. Please open a (or some) new bug in order to track updates for 7.3; thanks. cool, that was my plan also :) figlet thanks echo for _all_ your (plural) work on 7.2\! cheers, Holger signature.asc Description: This is a digitally signed message part.
Bug#725823: pu: package icedove/3.0.11-1+squeeze15
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: pu Dear release team, for the icedove version 3.0.x (and 3.1.x in squeeze-backport) released with squeeze are some similar bugs opened after the release of squeeze. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626812 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659301 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659994 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660736 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691985 Those bugs are all depened on undefined symbols that all happend after the libc version 2.11.3-x. That relay on the order icedove is reading the symbols from the varous libraries and theese libraries again from other libraries. So in the end a fix is basicly simply, icedove has to be started with the presetted variables LD_LIBRARY_PATH and LD_PRELOAD to be shure the symbols are readed in the correct order and icedove will start and work correctly. The following patch will solve the described issues from the bug reports above. The patched file mozilla.in will become /usr/lib/icedove/icedove (/usr/lib/thunderbird/thunderbird in the original Thunderbird package) while package creating and is the executable start script for icedove. This script calls at the end /usr/lib/icedove/run-mozilla.sh that is shipped by Mozilla. diff --git a/mozilla/build/unix/mozilla.in b/mozilla/build/unix/mozilla.in index 4f54e23..336737c 100644 --- a/mozilla/build/unix/mozilla.in +++ b/mozilla/build/unix/mozilla.in @@ -134,6 +134,8 @@ if [ $debugging = 1 ] then echo $dist_bin/run-mozilla.sh $script_args $dist_bin/$MOZILLA_BIN $@ fi +export LD_LIBRARY_PATH=/usr/lib/icedove +export LD_PRELOAD=/usr/lib/icedove/libxpcom.so $dist_bin/run-mozilla.sh $script_args $dist_bin/$MOZILLA_BIN $@ exitcode=$? Any chances to get this change into the next point release for Squeeze? Regards Carsten -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131008193026.6860.70903.report...@jessie.cruise.homelinux.net
Processed: tagging 725823
Processing commands for cont...@bugs.debian.org: tags 725823 + squeeze Bug #725823 [release.debian.org] pu: package icedove/3.0.11-1+squeeze15 Added tag(s) squeeze. thanks Stopping processing here. Please contact me if you need assistance. -- 725823: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725823 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.13812610919771.transcr...@bugs.debian.org
NEW changes in stable-new
Processing changes file: debian-edu_1.713+deb7u1_i386.changes ACCEPT Processing changes file: debian-edu_1.713+deb7u1_ia64.changes ACCEPT Processing changes file: debian-edu_1.713+deb7u1_kfreebsd-amd64.changes ACCEPT Processing changes file: debian-edu_1.713+deb7u1_kfreebsd-i386.changes ACCEPT Processing changes file: debian-edu_1.713+deb7u1_powerpc.changes ACCEPT Processing changes file: debian-edu_1.713+deb7u1_s390.changes ACCEPT Processing changes file: debian-edu_1.713+deb7u1_s390x.changes ACCEPT Processing changes file: debian-edu_1.713+deb7u1_sparc.changes ACCEPT Processing changes file: netcfg_1.108+deb7u1_i386.changes ACCEPT Processing changes file: netcfg_1.108+deb7u1_ia64.changes ACCEPT Processing changes file: netcfg_1.108+deb7u1_kfreebsd-amd64.changes ACCEPT Processing changes file: netcfg_1.108+deb7u1_kfreebsd-i386.changes ACCEPT Processing changes file: netcfg_1.108+deb7u1_powerpc.changes ACCEPT Processing changes file: netcfg_1.108+deb7u1_s390.changes ACCEPT Processing changes file: netcfg_1.108+deb7u1_s390x.changes ACCEPT Processing changes file: netcfg_1.108+deb7u1_sparc.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1vtf7i-00077v...@franck.debian.org
NEW changes in stable-new
Processing changes file: debian-edu_1.713+deb7u1_mips.changes ACCEPT Processing changes file: debian-edu_1.713+deb7u1_mipsel.changes ACCEPT Processing changes file: netcfg_1.108+deb7u1_mips.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1vtfm0-0001oe...@franck.debian.org
NEW changes in stable-new
Processing changes file: debian-edu_1.713+deb7u1_armel.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1vtfav-0003ty...@franck.debian.org
Bug#709865: marked as done (transition: libosip2)
Your message dated Tue, 08 Oct 2013 23:45:06 +0100 with message-id 1381272306.17493.37.ca...@jacala.jungle.funky-badger.org and subject line Re: Bug#709865: transition: libosip2 has caused the Debian Bug report #709865, regarding transition: libosip2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 709865: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709865 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Dear release team, A belated, after unstable upload, transition request for libosip2 libexosip2. sipwitch FTBFS #707450 siproxd binNMU OK linphone FTBFS #709860 libosip2-7 Reverse Depends: sipwitch siproxd linphone-nogtk liblinphone4 libosip2-dev libexosip2-7 libexosip2-7 Reverse Depends: sipwitch liblinphone4 libexosip2-dev Ben file: title = libosip2; is_affected = .depends ~ libosip2-7|libexosip2-7 | .depends ~ :libosip2-10|libexosip2-10; is_good = .depends ~ :libosip2-10|libexosip2-10; is_bad = .depends ~ libosip2-7|libexosip2-7; -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.8-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ---End Message--- ---BeginMessage--- On Sun, 2013-08-04 at 09:02 +1000, Mark Purcell wrote: On Sat, 1 Jun 2013 16:14:43 Julien Cristau wrote: sipwitch FTBFS #707450 linphone FTBFS #709860 What's the plan for getting these fixed? Julien, These are all now cleared, so the transition should be able to complete. It got stuck behind libav / x264, but as of tonight's britney run: $ dak ls lib{,ex}osip2-7 libosip2-7 | 3.6.0-4 | stable | amd64, armel, armhf, i386, ia64, kfreebsd-amd64, kfreebsd-i386, mips, mipsel, powerpc, s390, s390x, sparc libexosip2-7 | 3.6.0-4 | stable | amd64, armel, armhf, i386, ia64, kfreebsd-amd64, kfreebsd-i386, mips, mipsel, powerpc, s390, s390x, sparc $ Therefore closing this. Regards, Adam---End Message---
Re: First autoremovals happen in about 8 days
On 07/10/13 23:04, Bill Allombert wrote: I am concerned that in the event a package is removed from testing, the people most interested with restoring the package will miss the removal, since the package will stay installed on their systems. This, then, cause stable releases to be missing packages that users are depending on, which reduce the value of the distribution. `aptitude search '?obsolete'` is useful after upgrading a system to a new stable release, a trick I learned from: http://raphaelhertzog.com/2011/02/07/debian-cleanup-tip-2-get-rid-of-obsolete-packages/ Not directly related to this: a side effect of running debsecan is that if I see security issues accumulating for some package, I would likely check the PTS to see why it remains unfixed, or decide to remove or replace the package with something else that's still maintained. So if `aptitude search '?obsolete'` was run periodically, like debsecan, it could email the system admin when new items appear on the obsoletes list. I imagine that'd be a good way to notify of the situation being described here? Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/52549549.1050...@pyro.eu.org
Re: First autoremovals happen in about 8 days
Le Mon, Oct 07, 2013 at 10:51:42PM -0300, Lisandro Damián Nicanor Pérez Meyer a écrit : I really doubt that possibly interested people will subscribe to all the packages they are interested in. Hello everybody, in one way or the other, there will always be some people who miss the information because it is sent in a channel that they are not familiar with. I think that the best solution is to have the information available in a systematic manner, and then let people rely on that source to automate display or messaging in the communication channel that is suitable for the use case that they want to support. This would make it easy for volunteers to write a script that periodically sends emails to this list about upcoming removals, or to add this information to the periodical WNPP email, so that it does not add to the traffic. By the way, I think that the automated removals (and the automated autopkg testing) are a big step forward. Let me take this opportunity to thank to the Release team for this ! Have a nice day, -- Charles Plessy Debian Med packaging team, http://www.debian.org/devel/debian-med Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131008233016.gd26...@falafel.plessy.net
NEW changes in stable-new
Processing changes file: netcfg_1.108+deb7u1_mipsel.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1vtgwy-0003j3...@franck.debian.org
Re: First autoremovals happen in about 8 days
On Tue, 08 Oct 2013, Geoffrey Thomas wrote: Would this be addressed by building some mechanism (making tombstone packages comes to mind, but there are many options) for apt to prompt to remove packages that were removed in the archive? It is already addressed by the user-oriented package management frontends. E.g. aptitude lists them separately. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131008234424.gb...@khazad-dum.debian.net
NEW changes in stable-new
Processing changes file: debian-edu_1.713+deb7u1_armhf.changes ACCEPT Processing changes file: netcfg_1.108+deb7u1_armel.changes ACCEPT Processing changes file: netcfg_1.108+deb7u1_armhf.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1vtgl6-0005r4...@franck.debian.org
2 debian-installer uploads this week?!
Hi folks, you aren't crazy (or maybe you are, given the mailing lists you're reading, but that's another topic), I'm considering 2 uploads this week! d-i → sid = It's been a while since I've been wanting to upload d-i to unstable, but I failed to look into it until now. I thought it would be nice to have “reference post-release” d-i images so that we have some baseline to test regressions against. Since things have been settling down (mostly: linux is available everywhere, and the nasty apt bug is fixed), and since daily builds are almost all green (except for buildds which want to be fixed/replaced by other machines), I'm tempted to perform an upload to sid somewhen between right now and the end of the week. As usual, build dependencies are fetched from sid, udebs from testing; I'm not aware of anything absolutely needed, so current state should be fine; however, if there's something you want to reach testing before the upload, please speak up right now (so that we can work out whether urgenting is indeed warranted). debian-cd@, would it make sense to build images for that release (maybe just a few CD/DVD sets) since we're very early in the release cycle? Or should we skip that bit entirely and concentrate on having only the installer images? The latter isn't too good for the general public, so I guess having a few CD images would be nice. d-i → wheezy There's also a wheezy point release this week-end (7.2), for which I (belatedly, sorry again) pushed iso-scan and netcfg. Those have been built everywhere and accepted into wheezy-proposed-updates, so we should be able to upload debian-installer from the wheezy branch (for an extra commit improving QNAP support, otherwise a binNMU would have been sufficient). Since we're about to release new things into unstable using the usual 8-digit date as release numbers, the wheezy upload will likely be versioned the pu-ish way, i.e.: 20130613+deb7u1. I'm wondering what's going to happen if for some reasons all sid builds aren't ready by the time the point release happens. I assume 20130613+deb7u1 will prop-up to testing, like 20130613 did for 7.1; but if we have 201310xy in sid for a bunch of archs but not all, is a partial prop-up (to compensate missing sid builds) something that can work? Or should we wait until after the point release before uploading 201310xy, so that full prop-up to testing and sid can happen? Mraw, KiBi. signature.asc Description: Digital signature