Processed: tagging 777754
Processing commands for cont...@bugs.debian.org: # Package is in DELAYED, nothing we can do atm tags 54 + moreinfo Bug #54 [release.debian.org] pre-approval: unblock: cqrlog/1.8.2-1.1 Added tag(s) moreinfo. thanks Stopping processing here. Please contact me if you need assistance. -- 54: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=54 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.c.14237665874512.transcr...@bugs.debian.org
Bug#777756: marked as done (unblock: quota/4.01-8)
Your message dated Thu, 12 Feb 2015 18:41:53 +
with message-id 1423766513.18703.3.ca...@adam-barratt.org.uk
and subject line Re: Bug#56: unblock: quota/4.01-8
has caused the Debian Bug report #56,
regarding unblock: quota/4.01-8
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
56: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=56
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package quota
quota is build with libtirpc which has struct definitions differing from
glibc's. Therefore it should be build with libtirpc's header files. 4.01-7
only links to libtirpc1 and thus doesn't work when used on NFS servers.
4.01-8 uses the correct include file and thus works correctly again.
Also changed were some typos in the German translation and the
Standards-Version was updated to the latest, which didn't ask for any
technical changes whatsoever.
Debdiff is attached.
Thanks.
Michael
unblock quota/4.01-8
-- System Information:
Debian Release: 8.0
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'unstable'), (500, 'testing'),
(1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -u quota-4.01/debian/changelog quota-4.01/debian/changelog
--- quota-4.01/debian/changelog
+++ quota-4.01/debian/changelog
@@ -1,3 +1,13 @@
+quota (4.01-8) unstable; urgency=medium
+
+ * Use libtirpc include files to prevent a segfault due to incompatible
+structure definition.
+Thanks to Christian Seiler christ...@iwakd.de (Closes: #777564)
+ * Fixed typos in German translation. (Closes: #754181)
+ * Bumped Standards-Version to 3.9.6, no changes needed.
+
+ -- Michael Meskes mes...@debian.org Tue, 10 Feb 2015 10:48:57 +0100
+
quota (4.01-7) unstable; urgency=medium
* Made quota work on systems without rpcbind installed by lessening the
diff -u quota-4.01/debian/control quota-4.01/debian/control
--- quota-4.01/debian/control
+++ quota-4.01/debian/control
@@ -6,7 +6,7 @@
e2fslibs-dev, po-debconf (= 0.5.0), libldap2-dev, libssl-dev,
quilt (= 0.46-7), libnl-3-dev, libnl-genl-3-dev, libdbus-1-dev,
libtirpc-dev
-Standards-Version: 3.9.5
+Standards-Version: 3.9.6
Homepage: http://sourceforge.net/projects/linuxquota
Package: quota
diff -u quota-4.01/debian/patches/series quota-4.01/debian/patches/series
--- quota-4.01/debian/patches/series
+++ quota-4.01/debian/patches/series
@@ -4,0 +5 @@
+de.diff
diff -u quota-4.01/debian/rules quota-4.01/debian/rules
--- quota-4.01/debian/rules
+++ quota-4.01/debian/rules
@@ -17,7 +17,7 @@
dh_quilt_patch
# Add here commands to configure the package.
( [ `dpkg --print-architecture` = powerpc ] CFLAGSDEF += -D__BYTEORDER_HAS_U64__; \
- export CFLAGS=$(CFLAGS_DEF) CPPFLAGS=$(CPPFLAGS_DEF) LDFLAGS=$(LDFLAGS_DEF) -ltirpc; \
+ export CFLAGS=$(CFLAGS_DEF) -I/usr/include/tirpc CPPFLAGS=$(CPPFLAGS_DEF) LDFLAGS=$(LDFLAGS_DEF) -ltirpc; \
./configure --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --sysconfdir=/etc --enable-ext2direct=yes --enable-rpcsetquota=yes --enable-rootsbin=yes --enable-ldapmail=yes --enable-netlink=yes)
touch configure-stamp
only in patch2:
unchanged:
--- quota-4.01.orig/debian/patches/de.diff
+++ quota-4.01/debian/patches/de.diff
@@ -0,0 +1,172 @@
+--- ./po/de.po 2014-06-19 11:20:32.199289665 +0200
./po/de.po 2015-02-10 10:46:16.544872260 +0100
+@@ -834,7 +834,7 @@
+ Please turn quotas off or use -f to force checking.\n
+ msgstr
+ Quota für %ss ist bei Mountpunkte %s aktiviert, dh. quotacheck könnte die Datei beschädigen.\n
+-Bitte deaktivieren sie Quotas oder verwenden sie -f, um die Prüfung zu erzwingen.\n
++Bitte deaktivieren Sie Quotas oder verwenden Sie -f, um die Prüfung zu erzwingen.\n
+
+ #: quotacheck.c:643
+ #, c-format
+@@ -1018,7 +1018,7 @@
+ Please stop all programs writing to filesystem or use -m flag to force checking.\n
+ msgstr
+ Kann das Dateisystem auf %s nicht als nur-lesbar ummounten. Gezählte Werte könnten falsch sein.\n
+-Bitte beenden sie alle Programme, die auf das Dateisystem schreiben oder verwenden sie -m, um die Prüfung zu erzwingen.\n
++Bitte beenden Sie alle Programme, die auf das Dateisystem schreiben oder verwenden Sie -m, um die Prüfung zu erzwingen.\n
+
+
Bug#777757: marked as done (unblock: wss4j/1.6.15-2)
Your message dated Thu, 12 Feb 2015 18:40:24 +
with message-id 1423766424.18703.2.ca...@adam-barratt.org.uk
and subject line Re: Bug#57: unblock: wss4j/1.6.15-2
has caused the Debian Bug report #57,
regarding unblock: wss4j/1.6.15-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
57: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=57
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package wss4j, the version 1.6.15-2 fixes two security issues
(#41).
Thank you
unblock wss4j/1.6.15-2
dpkg-source: warning: extracting unsigned source package
(/home/ebourg/packaging/wss4j_1.6.15-2.dsc)
diff -Nru wss4j-1.6.15/debian/changelog wss4j-1.6.15/debian/changelog
--- wss4j-1.6.15/debian/changelog 2014-04-07 06:52:38.0 +0200
+++ wss4j-1.6.15/debian/changelog 2015-02-12 09:55:30.0 +0100
@@ -1,3 +1,14 @@
+wss4j (1.6.15-2) unstable; urgency=medium
+
+ * Fixed security issues (Closes: #41):
+ - CVE-2015-0227: WSS4J is still vulnerable to Bleichenbacher's attack
+ (incomplete fix for CVE-2011-2487)
+ - CVE-2015-0226: WSS4J doesn't correctly enforce the
+ requireSignedEncryptedDataElements property
+ * Standards-Version updated to 3.9.6 (no changes)
+
+ -- Emmanuel Bourg ebo...@apache.org Thu, 12 Feb 2015 09:11:29 +0100
+
wss4j (1.6.15-1) unstable; urgency=medium
* New upstream release
diff -Nru wss4j-1.6.15/debian/control wss4j-1.6.15/debian/control
--- wss4j-1.6.15/debian/control 2014-02-26 10:08:52.0 +0100
+++ wss4j-1.6.15/debian/control 2015-02-12 09:12:08.0 +0100
@@ -12,9 +12,9 @@
libxalan2-java,
libxml-security-java
Build-Depends: ant, cdbs (= 0.4.5.3), debhelper (= 9), maven-debian-helper
-Standards-Version: 3.9.5
+Standards-Version: 3.9.6
Vcs-Git: git://anonscm.debian.org/pkg-java/wss4j.git
-Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-java/wss4j.git
+Vcs-Browser: http://anonscm.debian.org/cgit/pkg-java/wss4j.git
Homepage: http://ws.apache.org/wss4j/
Package: libwss4j-java
diff -Nru wss4j-1.6.15/debian/patches/02-CVE-2015-0227.patch
wss4j-1.6.15/debian/patches/02-CVE-2015-0227.patch
--- wss4j-1.6.15/debian/patches/02-CVE-2015-0227.patch 1970-01-01
01:00:00.0 +0100
+++ wss4j-1.6.15/debian/patches/02-CVE-2015-0227.patch 2015-02-12
09:38:54.0 +0100
@@ -0,0 +1,137 @@
+Description: Fix CVE-2015-0227: WSS4J is still vulnerable to Bleichenbacher's
attack (incomplete fix for CVE-2011-2487)
+Origin: backport, http://svn.apache.org/r1619359
+Bug-Debian: http://bugs.debian.org/41
+---
a/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java
b/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java
+@@ -91,7 +91,7 @@
+ );
+
+ if (elem != null request.isRequireSignedEncryptedDataElements()) {
+-WSSecurityUtil.verifySignedElement(elem, elem.getOwnerDocument(),
wsDocInfo.getSecurityHeader());
++WSSecurityUtil.verifySignedElement(elem, wsDocInfo);
+ }
+
+ SecretKey key = null;
+--- a/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
b/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
+@@ -403,7 +403,7 @@
+ Element encryptedDataElement =
+ ReferenceListProcessor.findEncryptedDataElement(doc, docInfo,
dataRefURI);
+ if (encryptedDataElement != null
data.isRequireSignedEncryptedDataElements()) {
+-WSSecurityUtil.verifySignedElement(encryptedDataElement, doc,
docInfo.getSecurityHeader());
++WSSecurityUtil.verifySignedElement(encryptedDataElement, docInfo);
+ }
+ //
+ // Prepare the SecretKey object to decrypt EncryptedData
+---
a/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java
b/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java
+@@ -132,7 +132,7 @@
+ Element encryptedDataElement = findEncryptedDataElement(doc,
wsDocInfo, dataRefURI);
+
+ if (encryptedDataElement != null asymBinding
data.isRequireSignedEncryptedDataElements()) {
+-WSSecurityUtil.verifySignedElement(encryptedDataElement, doc,
wsDocInfo.getSecurityHeader());
++WSSecurityUtil.verifySignedElement(encryptedDataElement,
wsDocInfo);
+ }
+ //
+ // Prepare the SecretKey object to decrypt
Verwen Broekaert J met heerlijk espresso
Van een heerlijk Espresso moment genieten op kantoor? Test tijdens een vrijblijvende degustatie het exclusief design toestel van Belmoca en proef gratis onze 6 verschillende smaken! Interesse in dit aanbod? Vraag hier uw vrijblijvende degustatie op kantoor aan: http://www.kapamedia.eu/belmoca/form.htm?lng=nltg=belmocautm_campaign=belmocautm_source=admrutm_medium=emailyou=debian-release@lists.debian.org Extra gratis gift box met 24 capsules bij ondertekening contract! Actie geldig tem 28 februari 2015 --- Online versie: http://kapateco.fb.kp.kpmail.be/c16/e1065178/hf39a6/l689/index.html Deze e-mail werd verstuurd naar debian-release@lists.debian.org. Profiel aanpassen: http://kapateco.fb.kp.kpmail.be/c16/e1065178/hf39a6/l691/index.html Uitschrijven: http://kapateco.fb.kp.kpmail.be/c16/e1065178/hf39a6/l690/index.html Privacy policy: http://kapateco.fb.kp.kpmail.be/c16/e1065178/hf39a6/l692/index.html Powered by Addemar: http://poweredby.addemar.com/
Bug#778254: release.debian.org: jessie's new kernel breaks openafs-modules-dkms
Package: release.debian.org Severity: normal Bug #778196 was filed against openafs-modules-dkms to note that the latest kernel to hit jessie (which was the unblock request in #776899) causes the DKMS module to fail to build. The new kernel introduced a KPI change for accesses to the d_alias field of struct dentry, which must now be made through the d_u union. I updated openafs in sid to include upstream's patches for new linux support (including the d_u change) when the new kernel hit sid, but that update also included a new translation and several bugfixes of various severity. Additionally, openafs in sid has a newer upstream version than openafs in jessie, due to excessive optimism on my part in the lead up to freeze. (It is also the case that nearly every upstream update for openafs includes support for new linux versions, since the KPI is a moving target, so I am used to having to pull in new upstream versions regularly.) The version in jessie also does not have native systemd support, and it remains unclear whether the systemd sysv compat is causing problems for jessie users that native unit files could resolve (#760063) -- for at least some users, the issue seems to have mysteriously gone away but there is no openafs or systemd change which obviously should have resolved things. The question is, how should we resolve the situation for jessie? It seems like the most likely answer is a minimal patch uploaded to testing-proposed-updates, but I wanted to ask the release team whether there were other options, such as unblocking the openafs currently in sid (even though it is a new upstream version). It is probably worth noting that openafs is a leaf package. -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150212195553.16087.34388.report...@glossolalia.mit.edu
Processed: wait for release team input
Processing commands for cont...@bugs.debian.org: block 778196 by 778254 Bug #778196 [openafs-modules-dkms] Fails to built with current Jessie's kernel 778196 was not blocked by any bugs. 778196 was not blocking any bugs. Added blocking bug(s) of 778196: 778254 thanks Stopping processing here. Please contact me if you need assistance. -- 778196: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778196 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.c.14237718553829.transcr...@bugs.debian.org
Bug#776839: unblock: libgit2/0.21.3-1.1
On 11 February 2015 at 23:24, Russell Sim russell@gmail.com wrote: On 9 February 2015 at 09:36, Mehdi Dogguy me...@dogguy.org wrote: I'm afraid we cannot accept 0.21.3-1.1 in Jessie because the changes are quite large. Can you please prepare an upload targetting jessie based on 0.21.1-2.1? Thanks for looking at this. I have created a patch that backport the relevant changes to the 0.21.1-2.1 I have reduced the patch removing any Win32 parts. -- Cheers, Russell Sim diff -Nru libgit2-0.21.1/debian/changelog libgit2-0.21.1/debian/changelog --- libgit2-0.21.1/debian/changelog 2015-01-09 09:51:34.0 +1100 +++ libgit2-0.21.1/debian/changelog 2015-02-12 20:06:00.0 +1100 @@ -1,3 +1,10 @@ +libgit2 (0.21.1-3) jessie; urgency=medium + + * Backported fix for case insensitive filesystems (CVE-2014-9390). +(Closes: #774048) + + -- Russell Sim russell@gmail.com Tue, 10 Feb 2015 20:29:05 +1100 + libgit2 (0.21.1-2.1) jessie; urgency=medium * Non-maintainer upload. diff -Nru libgit2-0.21.1/debian/patches/CVE-2014-9390.patch libgit2-0.21.1/debian/patches/CVE-2014-9390.patch --- libgit2-0.21.1/debian/patches/CVE-2014-9390.patch 1970-01-01 10:00:00.0 +1000 +++ libgit2-0.21.1/debian/patches/CVE-2014-9390.patch 2015-02-12 20:06:00.0 +1100 @@ -0,0 +1,1479 @@ +commit a86d224d78a3ac0f8a1901b0e9e2aee1e15d6f73 +Author: Edward Thomson ethom...@microsoft.com +Date: Thu Dec 18 12:41:59 2014 -0600 + +index tests: test capitalization before mkdir + +commit 86b9eb3bf5dba342d0a5d805e6fe35c3e9c861cc +Author: Carlos Martín Nieto c...@dwim.me +Date: Thu Dec 18 02:11:06 2014 +0100 + +Plug leaks + +commit 07164371d10109ba564835947a62fcedf288dce9 +Author: Carlos Martín Nieto c...@dwim.me +Date: Thu Dec 18 02:07:36 2014 +0100 + +Create miscapitialised dirs for case-sensitive filesystems + +We need these directories to exist so cl_git_mkfile() can create the +files we ask it to. + +commit 5d5d6136aaeea22903ed5d30a858f8d106876771 +Author: Edward Thomson ethom...@microsoft.com +Date: Tue Dec 16 18:53:55 2014 -0600 + +Introduce core.protectHFS and core.protectNTFS + +Validate HFS ignored char .git paths when `core.protectHFS` is +specified. Validate NTFS invalid .git paths when `core.protectNTFS` +is specified. + +commit 2698e209d895856df9900899948269e2e490abd3 +Author: Vicent Marti tan...@gmail.com +Date: Tue Dec 16 13:03:02 2014 +0100 + +path: Use UTF8 iteration for HFS chars + +commit d7026dc574b79723008bba72989f74a801f4dfb5 +Author: Edward Thomson ethom...@microsoft.com +Date: Wed Dec 10 19:12:16 2014 -0500 + +checkout: disallow bad paths on HFS + +HFS filesystems ignore some characters like U+200C. When these +characters are included in a path, they will be ignored for the +purposes of comparison with other paths. Thus, if you have a .git +folder, a folder of .gitU+200C will also match. Protect our +.git folder by ensuring that .gitU+200C and friends do not match it. + +commit 37221f8cb02554297710f703047711a61e1169bb +Author: Edward Thomson ethom...@microsoft.com +Date: Tue Nov 25 18:13:00 2014 -0500 + +checkout: disallow bad paths on win32 + +Disallow: + 1. paths with trailing dot + 2. paths with trailing space + 3. paths with trailing colon + 4. paths that are 8.3 short names of .git folders (GIT~1) + 5. paths that are reserved path names (COM1, LPT1, etc). + 6. paths with reserved DOS characters (colons, asterisks, etc) + +These paths would (without \\?\ syntax) be elided to other paths - for +example, .git. would be written as .git. As a result, writing these +paths literally (using \\?\ syntax) makes them hard to operate with from +the shell, Windows Explorer or other tools. Disallow these. + +commit cb6a309d8667310d3323f5b601a2f2fa893c37d0 +Author: Vicent Marti tan...@gmail.com +Date: Tue Nov 25 00:58:03 2014 +0100 + +index: Check for valid paths before creating an index entry + +commit 928a41d189f068010a32c6dea4bf921baa81d21c +Author: Vicent Marti tan...@gmail.com +Date: Tue Nov 25 00:14:52 2014 +0100 + +tree: Check for `.git` with case insensitivy + +commit f45baf7a94a75cfb1855c9a750f38bbcfa22b199 +Author: Edward Thomson ethom...@microsoft.com +Date: Mon Dec 1 13:09:58 2014 -0500 + +win32: use NT-prefixed \\?\ paths + +When turning UTF-8 paths into UCS-2 paths for Windows, always use +the \\?\-prefixed paths. Because this bypasses the system's +path canonicalization, handle the canonicalization functions ourselves. + +We must: + 1. always use a backslash as a directory separator + 2. only use a single backslash between directories + 3. not rely on the system to translate . and .. in paths + 4. remove trailing backslashes, except at the drive root (C:\) + +commit 2e37e214e3d85da2a68476c7ae54051d525b05eb +Author: Edward Thomson ethom...@microsoft.com
Bug#777757: unblock: wss4j/1.6.15-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package wss4j, the version 1.6.15-2 fixes two security issues
(#41).
Thank you
unblock wss4j/1.6.15-2
dpkg-source: warning: extracting unsigned source package
(/home/ebourg/packaging/wss4j_1.6.15-2.dsc)
diff -Nru wss4j-1.6.15/debian/changelog wss4j-1.6.15/debian/changelog
--- wss4j-1.6.15/debian/changelog 2014-04-07 06:52:38.0 +0200
+++ wss4j-1.6.15/debian/changelog 2015-02-12 09:55:30.0 +0100
@@ -1,3 +1,14 @@
+wss4j (1.6.15-2) unstable; urgency=medium
+
+ * Fixed security issues (Closes: #41):
+ - CVE-2015-0227: WSS4J is still vulnerable to Bleichenbacher's attack
+ (incomplete fix for CVE-2011-2487)
+ - CVE-2015-0226: WSS4J doesn't correctly enforce the
+ requireSignedEncryptedDataElements property
+ * Standards-Version updated to 3.9.6 (no changes)
+
+ -- Emmanuel Bourg ebo...@apache.org Thu, 12 Feb 2015 09:11:29 +0100
+
wss4j (1.6.15-1) unstable; urgency=medium
* New upstream release
diff -Nru wss4j-1.6.15/debian/control wss4j-1.6.15/debian/control
--- wss4j-1.6.15/debian/control 2014-02-26 10:08:52.0 +0100
+++ wss4j-1.6.15/debian/control 2015-02-12 09:12:08.0 +0100
@@ -12,9 +12,9 @@
libxalan2-java,
libxml-security-java
Build-Depends: ant, cdbs (= 0.4.5.3), debhelper (= 9), maven-debian-helper
-Standards-Version: 3.9.5
+Standards-Version: 3.9.6
Vcs-Git: git://anonscm.debian.org/pkg-java/wss4j.git
-Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-java/wss4j.git
+Vcs-Browser: http://anonscm.debian.org/cgit/pkg-java/wss4j.git
Homepage: http://ws.apache.org/wss4j/
Package: libwss4j-java
diff -Nru wss4j-1.6.15/debian/patches/02-CVE-2015-0227.patch
wss4j-1.6.15/debian/patches/02-CVE-2015-0227.patch
--- wss4j-1.6.15/debian/patches/02-CVE-2015-0227.patch 1970-01-01
01:00:00.0 +0100
+++ wss4j-1.6.15/debian/patches/02-CVE-2015-0227.patch 2015-02-12
09:38:54.0 +0100
@@ -0,0 +1,137 @@
+Description: Fix CVE-2015-0227: WSS4J is still vulnerable to Bleichenbacher's
attack (incomplete fix for CVE-2011-2487)
+Origin: backport, http://svn.apache.org/r1619359
+Bug-Debian: http://bugs.debian.org/41
+---
a/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java
b/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java
+@@ -91,7 +91,7 @@
+ );
+
+ if (elem != null request.isRequireSignedEncryptedDataElements()) {
+-WSSecurityUtil.verifySignedElement(elem, elem.getOwnerDocument(),
wsDocInfo.getSecurityHeader());
++WSSecurityUtil.verifySignedElement(elem, wsDocInfo);
+ }
+
+ SecretKey key = null;
+--- a/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
b/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
+@@ -403,7 +403,7 @@
+ Element encryptedDataElement =
+ ReferenceListProcessor.findEncryptedDataElement(doc, docInfo,
dataRefURI);
+ if (encryptedDataElement != null
data.isRequireSignedEncryptedDataElements()) {
+-WSSecurityUtil.verifySignedElement(encryptedDataElement, doc,
docInfo.getSecurityHeader());
++WSSecurityUtil.verifySignedElement(encryptedDataElement, docInfo);
+ }
+ //
+ // Prepare the SecretKey object to decrypt EncryptedData
+---
a/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java
b/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java
+@@ -132,7 +132,7 @@
+ Element encryptedDataElement = findEncryptedDataElement(doc,
wsDocInfo, dataRefURI);
+
+ if (encryptedDataElement != null asymBinding
data.isRequireSignedEncryptedDataElements()) {
+-WSSecurityUtil.verifySignedElement(encryptedDataElement, doc,
wsDocInfo.getSecurityHeader());
++WSSecurityUtil.verifySignedElement(encryptedDataElement,
wsDocInfo);
+ }
+ //
+ // Prepare the SecretKey object to decrypt EncryptedData
+--- a/src/main/java/org/apache/ws/security/util/WSSecurityUtil.java
b/src/main/java/org/apache/ws/security/util/WSSecurityUtil.java
+@@ -24,6 +24,7 @@
+ import org.apache.ws.security.SOAPConstants;
+ import org.apache.ws.security.WSConstants;
+ import org.apache.ws.security.WSDataRef;
++import org.apache.ws.security.WSDocInfo;
+ import org.apache.ws.security.WSEncryptionPart;
+ import org.apache.ws.security.WSSecurityEngineResult;
+ import org.apache.ws.security.WSSecurityException;
+@@ -50,10 +51,8 @@
+ import java.security.SecureRandom;
+ import java.util.ArrayList;
+ import java.util.Collections;
+-import java.util.HashSet;
+ import java.util.Iterator;
+ import java.util.List;
+-import java.util.Set;
+
+ /**
+ * WS-Security Utility methods. p/
+@@ -1350,56 +1349,39 @@
+ }
+ }
+
+-
Re: concerns about the state of buildds for jessie
Hi, On Mittwoch, 11. Februar 2015, Peter Palfrader wrote: The Debian buildd network uses a fork of the buildd and sbuild packages instead of the packages we ship in the archive. are the bugs about these issues? These packages, maintained by the builddadm team are shipped via buildd.debian.org. Currently, they don't install cleanly and out of the box on jessie systems. are the bugs about these issues? Possible avenues include updating the forks and working on making the forks no longer necessary. are these forks maintained in VCSs? cheers, Holger signature.asc Description: This is a digitally signed message part.
Re: concerns about the state of buildds for jessie
On 2015-02-12 13:02, Holger Levsen wrote: Possible avenues include updating the forks and working on making the forks no longer necessary. are these forks maintained in VCSs? http://anonscm.debian.org/cgit/buildd-tools/sbuild.git/log/?h=buildd-0.64 Historically forks have been needed because fixes in stable are hard. If stuff breaks in testing or unstable you usually need to fix it quicker than with a point release. A point could be made that the changes should be pushed to stable instead. As far as I know there's also still no builddadm-maintainable puppet tree. (Partly my fault I acknowledge, because I hoped to be able to do rabbitmq, but failed working against a black box I don't understand.) If we could ship the relevant helper scripts through Puppet (and unify configuration) we could also make most of the fork moot and just cherry-pick new versions from testing. Kind regards Philipp Kern -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/50e1ae2a77c3a7450871ca08b280e...@hub.kern.lc
NEW changes in stable-new
Processing changes file: frogr_0.7-2+deb7u1_kfreebsd-amd64.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1ym1pl-0002pi...@franck.debian.org
Bug#777754: pre-approval: unblock: cqrlog/1.8.2-1.1
Package: release.debian.org
Severity: normal
Tags: patch
User: release.debian@packages.debian.org
Usertags: unblock
Dear release team!
I recently tried to install cqrlog on Debian unstable. Unfortunately,
this failed since the dependencies and the recommends of the cqrlog
package have an unlucky ordering which means apt cannot manually
resolve the dependencies.
The origin of this issue is the fact that cqrlog can work with both
MySQL and MariaDB as its database backend. Unfortunately, the current
control file sets mysql-client as a dependency for cqrlog while
having mariadb-server and mysql-server in the Recommends field,
in this particular order. This means that apt will try to install
both mariadb-server and mysql-client at the same time which fails
since mariadb-server and mysql-client have transitive conflicts [1].
The attached debdiff fixes the issue by reordering the recommends
and additionally adding mariadb-client as an alternative dependency
to allow the use of cqrlog with MariaDB as an alternative backend
which is currently not possible at all [2].
Furthermore, this patch adds xplanet to Recommends where it is
currently missing as cqrlog contains a menu shortcut to run
xplanet with the package manager not making sure it's actually
installed [3].
Please consider unblocking cqrlog_1.8.2-1.1 which is currently
in DELAYED/5 [4].
Adrian
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=20
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=23
[3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=24
[4] https://ftp-master.debian.org/deferred.html
unblock cqrlog/1.8.2-1.1
-- System Information:
Debian Release: 8.0
APT prefers testing
APT policy: (500, 'testing'), (99, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru cqrlog-1.8.2/debian/changelog cqrlog-1.8.2/debian/changelog
--- cqrlog-1.8.2/debian/changelog 2014-10-04 17:14:15.0 +0200
+++ cqrlog-1.8.2/debian/changelog 2015-02-12 02:13:37.0 +0100
@@ -1,3 +1,17 @@
+cqrlog (1.8.2-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Switch the order of Recommends mariadb-server and mysql-server in
+debian/control to fix the problem that cqrlog cannot be installed
+when mysql-server is not installed (Closes: #20).
+ * Add mariadb-client as an alternative dependency for cqrlog in debian/control
+to fix the installation when using cqrlog with MariaDB (Closes: #23).
+ * Add xplanet to Recommends in debian/control as cqrlog contains a menu
+shortcut for it in its main window which is otherwise useless
+(Closes: #24).
+
+ -- John Paul Adrian Glaubitz glaub...@physik.fu-berlin.de Thu, 12 Feb 2015 02:11:34 +0100
+
cqrlog (1.8.2-1) unstable; urgency=medium
* New upstream release.
diff -Nru cqrlog-1.8.2/debian/control cqrlog-1.8.2/debian/control
--- cqrlog-1.8.2/debian/control 2014-07-27 22:01:40.0 +0200
+++ cqrlog-1.8.2/debian/control 2015-02-11 23:27:21.0 +0100
@@ -9,8 +9,8 @@
Package: cqrlog
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, libssl-dev, mysql-client, libhamlib2 (= 1.2.10), libhamlib-utils (= 1.2.10)
-Recommends: mariadb-server | mysql-server
+Depends: ${shlibs:Depends}, ${misc:Depends}, libssl-dev, mysql-client | mariadb-client, libhamlib2 (= 1.2.10), libhamlib-utils (= 1.2.10)
+Recommends: mysql-server | mariadb-server, xplanet
Description: Advanced logging program for hamradio operators
CQRLOG is an advanced ham radio logger based on MySQL embedded database.
Provides radio control based on hamlib libraries (currently support of 140+
Bug#777756: unblock: quota/4.01-8
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package quota
quota is build with libtirpc which has struct definitions differing from
glibc's. Therefore it should be build with libtirpc's header files. 4.01-7
only links to libtirpc1 and thus doesn't work when used on NFS servers.
4.01-8 uses the correct include file and thus works correctly again.
Also changed were some typos in the German translation and the
Standards-Version was updated to the latest, which didn't ask for any
technical changes whatsoever.
Debdiff is attached.
Thanks.
Michael
unblock quota/4.01-8
-- System Information:
Debian Release: 8.0
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'unstable'), (500, 'testing'),
(1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -u quota-4.01/debian/changelog quota-4.01/debian/changelog
--- quota-4.01/debian/changelog
+++ quota-4.01/debian/changelog
@@ -1,3 +1,13 @@
+quota (4.01-8) unstable; urgency=medium
+
+ * Use libtirpc include files to prevent a segfault due to incompatible
+structure definition.
+Thanks to Christian Seiler christ...@iwakd.de (Closes: #777564)
+ * Fixed typos in German translation. (Closes: #754181)
+ * Bumped Standards-Version to 3.9.6, no changes needed.
+
+ -- Michael Meskes mes...@debian.org Tue, 10 Feb 2015 10:48:57 +0100
+
quota (4.01-7) unstable; urgency=medium
* Made quota work on systems without rpcbind installed by lessening the
diff -u quota-4.01/debian/control quota-4.01/debian/control
--- quota-4.01/debian/control
+++ quota-4.01/debian/control
@@ -6,7 +6,7 @@
e2fslibs-dev, po-debconf (= 0.5.0), libldap2-dev, libssl-dev,
quilt (= 0.46-7), libnl-3-dev, libnl-genl-3-dev, libdbus-1-dev,
libtirpc-dev
-Standards-Version: 3.9.5
+Standards-Version: 3.9.6
Homepage: http://sourceforge.net/projects/linuxquota
Package: quota
diff -u quota-4.01/debian/patches/series quota-4.01/debian/patches/series
--- quota-4.01/debian/patches/series
+++ quota-4.01/debian/patches/series
@@ -4,0 +5 @@
+de.diff
diff -u quota-4.01/debian/rules quota-4.01/debian/rules
--- quota-4.01/debian/rules
+++ quota-4.01/debian/rules
@@ -17,7 +17,7 @@
dh_quilt_patch
# Add here commands to configure the package.
( [ `dpkg --print-architecture` = powerpc ] CFLAGSDEF += -D__BYTEORDER_HAS_U64__; \
- export CFLAGS=$(CFLAGS_DEF) CPPFLAGS=$(CPPFLAGS_DEF) LDFLAGS=$(LDFLAGS_DEF) -ltirpc; \
+ export CFLAGS=$(CFLAGS_DEF) -I/usr/include/tirpc CPPFLAGS=$(CPPFLAGS_DEF) LDFLAGS=$(LDFLAGS_DEF) -ltirpc; \
./configure --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --sysconfdir=/etc --enable-ext2direct=yes --enable-rpcsetquota=yes --enable-rootsbin=yes --enable-ldapmail=yes --enable-netlink=yes)
touch configure-stamp
only in patch2:
unchanged:
--- quota-4.01.orig/debian/patches/de.diff
+++ quota-4.01/debian/patches/de.diff
@@ -0,0 +1,172 @@
+--- ./po/de.po 2014-06-19 11:20:32.199289665 +0200
./po/de.po 2015-02-10 10:46:16.544872260 +0100
+@@ -834,7 +834,7 @@
+ Please turn quotas off or use -f to force checking.\n
+ msgstr
+ Quota für %ss ist bei Mountpunkte %s aktiviert, dh. quotacheck könnte die Datei beschädigen.\n
+-Bitte deaktivieren sie Quotas oder verwenden sie -f, um die Prüfung zu erzwingen.\n
++Bitte deaktivieren Sie Quotas oder verwenden Sie -f, um die Prüfung zu erzwingen.\n
+
+ #: quotacheck.c:643
+ #, c-format
+@@ -1018,7 +1018,7 @@
+ Please stop all programs writing to filesystem or use -m flag to force checking.\n
+ msgstr
+ Kann das Dateisystem auf %s nicht als nur-lesbar ummounten. Gezählte Werte könnten falsch sein.\n
+-Bitte beenden sie alle Programme, die auf das Dateisystem schreiben oder verwenden sie -m, um die Prüfung zu erzwingen.\n
++Bitte beenden Sie alle Programme, die auf das Dateisystem schreiben oder verwenden Sie -m, um die Prüfung zu erzwingen.\n
+
+ #: quotacheck.c:922
+ msgid Filesystem remounted read-only\n
+@@ -1070,7 +1070,7 @@
+ #: quotacheck.c:1071
+ #, c-format
+ msgid Cannot guess format from filename on %s. Please specify format on commandline.\n
+-msgstr Kann das Format nicht aus dem Dateinamen auf Dateisysetm %s ableiten. Bitte geben sie das Format auf der Kommandozeile an.\n
++msgstr Kann das Format nicht aus dem Dateinamen auf Dateisystem %s ableiten. Bitte geben Sie das Format auf der Kommandozeile an.\n
+
+ #: quotacheck.c:1075
+ #, c-format
+@@ -1084,7 +1084,7 @@
+
+ #: quotacheck.c:1102
+ msgid Your kernel probably supports journaled quota but you are not using it. Consider switching to journaled quota to avoid running quotacheck after an unclean shutdown.\n
+-msgstr Ihr Kernel unterstützt wahrscheinlich Journalquotas, aber sie verwenden
Bug#777649: cgmanager security update for jessie
Quoting Niels Thykier (ni...@thykier.net): Control: tags -1 confirmed moreinfo On 2015-02-12 05:32, Serge Hallyn wrote: Here is a new debdiff. (tested in its original upstream version in v0.36) Maybe it would've been easier to squash the two patches, but this way it's easier to tell whether the patches match what is upstream. [...] Ack, looks better. :) Please add the (missing parts of this) patch to unstable first That is now in sid, and then upload the target fixes into testing with version 0.33-2+deb8u1. Sorry, I'm not sure what you mean. I don't actually have upload rights. Should I ask someone to sponsor such a package, or just post the debdiff here? (It could be the same as the last debdiff I posted, with the version number changed, or I could squash the two patches as I mentioned before) Please remove the moreinfo tag once the above have been done. thanks, -serge -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150213043605.GC11715@ubuntumail
Bug#778281: unblock (pre-approval): freerdp/1.1.0~git20140921.1.440916e+dfsg1-3
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please consider unblocking planned upload of package freerdp.
+ [ Bernhard Miklautz ]
+ * debian/patches:
++ Add patch 0001_fix-cmdline-parser.patch (picked from upstream).
+ Fix and improve command line parser. (Closes: #759361).
- Bernhard Miklautz (upstream freerdp) was so kind to provide a patch for
getting
the reported Segfault behaviour (#759361) resolved for Debian jessie. I
hope for acceptance of this patch.
+ [ Mike Gabriel ]
+ * debian/copyright:
++ Mention new file client/common/test/TestClientCmdLine.c.
+
The patch adds a new test file, that I added to the file lists in
debian/changelog.
light+love,
Mike
unblock freerdp/1.1.0~git20140921.1.440916e+dfsg1-3
-- System Information:
Debian Release: 8.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'testing-updates'), (500,
'testing-proposed-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
diff -Nru freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/changelog freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/changelog
--- freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/changelog 2014-10-07 22:43:05.0 +0200
+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/changelog 2015-02-13 06:02:21.0 +0100
@@ -1,3 +1,16 @@
+freerdp (1.1.0~git20140921.1.440916e+dfsg1-3) unstable; urgency=medium
+
+ [ Bernhard Miklautz ]
+ * debian/patches:
++ Add patch 0001_fix-cmdline-parser.patch (picked from upstream).
+ Fix and improve command line parser. (Closes: #759361).
+
+ [ Mike Gabriel ]
+ * debian/copyright:
++ Mention new file client/common/test/TestClientCmdLine.c.
+
+ -- Mike Gabriel sunwea...@debian.org Fri, 13 Feb 2015 05:30:13 +0100
+
freerdp (1.1.0~git20140921.1.440916e+dfsg1-2) unstable; urgency=medium
* debian/control:
diff -Nru freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/copyright freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/copyright
--- freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/copyright 2014-09-22 21:58:42.0 +0200
+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/copyright 2015-02-13 05:28:29.0 +0100
@@ -836,6 +836,7 @@
channels/sample/client/server_chan_test.cpp
client/X11/generate_argument_docbook.c
client/common/test/TestClientChannels.c
+ client/common/test/TestClientCmdLine.c
client/common/test/TestClientRdpFile.c
libfreerdp/dummy.c
libfreerdp/gdi/test/TestGdiRop3.c
diff -Nru freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/0001_fix-cmdline-parser.patch freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/0001_fix-cmdline-parser.patch
--- freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/0001_fix-cmdline-parser.patch 1970-01-01 01:00:00.0 +0100
+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/0001_fix-cmdline-parser.patch 2015-02-13 05:23:40.0 +0100
@@ -0,0 +1,360 @@
+Description: Command line parser fixes.
+Author: Bernhard Miklautz bernhard.mikla...@shacknet.at
+Abstract:
+ The command line parser had serveral problems when old style syntax
+ was used.
+
+diff --git a/client/common/cmdline.c b/client/common/cmdline.c
+index 3d0cc2d..34064ea 100644
+--- a/client/common/cmdline.c
b/client/common/cmdline.c
+@@ -421,7 +421,7 @@ char** freerdp_command_line_parse_comma_separated_values(char* list, int* count)
+ int index;
+ int nCommas;
+
+- nArgs = nCommas = 0;
++ nCommas = 0;
+
+ for (index = 0; list[index]; index++)
+ nCommas += (list[index] == ',') ? 1 : 0;
+@@ -915,8 +915,13 @@ BOOL freerdp_client_detect_command_line(int argc, char** argv, DWORD* flags)
+ *flags |= COMMAND_LINE_SIGIL_DASH | COMMAND_LINE_SIGIL_DOUBLE_DASH;
+ *flags |= COMMAND_LINE_SIGIL_ENABLE_DISABLE;
+
+- if (windows_cli_count posix_cli_count)
++ if (posix_cli_status = COMMAND_LINE_STATUS_PRINT)
++ return compatibility;
++
++ /* Check, if this may be windows style syntax... */
++ if ((windows_cli_count (windows_cli_count = posix_cli_count)) || (windows_cli_status = COMMAND_LINE_STATUS_PRINT))
+ {
++ windows_cli_count = 1;
+ *flags = COMMAND_LINE_SEPARATOR_COLON;
+ *flags |= COMMAND_LINE_SIGIL_SLASH | COMMAND_LINE_SIGIL_PLUS_MINUS;
+ }
+@@ -1020,8 +1025,7 @@ int freerdp_client_parse_command_line_arguments(int argc, char** argv, rdpSettin
+ freerdp_client_command_line_pre_filter, freerdp_client_command_line_post_filter);
+ }
+
+-
+- arg = CommandLineFindArgumentA(args, v);
++ CommandLineFindArgumentA(args, v);
+
+ arg = args;
+
+diff --git a/client/common/compatibility.c b/client/common/compatibility.c
+index 788b413..c7177c2 100644
+--- a/client/common/compatibility.c
b/client/common/compatibility.c
+@@ -118,18 +118,25 @@ void
Bug#777713: unblock: xorg-server/2:1.16.4-1
Control: tags -1 d-i
On 2015-02-11 20:12, Julien Cristau wrote:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-debbugs-cc: k...@debian.org
Please unblock package xorg-server. New upstream stable release with a
few bugfixes including a CVE and a regression from the last batch of
CVEs. Nothing udeb-relevant in these changes.
unblock xorg-server/2:1.16.4-1
unblock-udeb xorg-server/2:1.16.4-1
Thanks,
Julien
Ack from me, under the assumption that OsBlockSignals() and
OsRelaseSignals() stack[1].
CC'ing KiBi for the d-i ack (out of principle).
Thanks,
~Niels
[1] With 2:1.1.16.4.1, we get:
OsBlockSignals();
while (timers (int) (timers-expires - now) = 0)
DoTimer(timers, now, timers);
OsReleaseSignals();
Plus
DoTimer(OsTimerPtr timer, CARD32 now, volatile OsTimerPtr *prev)
{
CARD32 newTime;
OsBlockSignals();
[...]
OsReleaseSignals();
}
This works only if the signal handling stacks.
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54dda653.6030...@thykier.net
Processed: Re: Bug#777713: unblock: xorg-server/2:1.16.4-1
Processing control commands: tags -1 d-i Bug #13 [release.debian.org] unblock: xorg-server/2:1.16.4-1 Added tag(s) d-i. -- 13: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=13 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b13.14238121959456.transcr...@bugs.debian.org
Re: concerns about the state of buildds for jessie
On 2015-02-12 22:18, Philipp Kern wrote: On 2015-02-12 13:02, Holger Levsen wrote: Possible avenues include updating the forks and working on making the forks no longer necessary. are these forks maintained in VCSs? http://anonscm.debian.org/cgit/buildd-tools/sbuild.git/log/?h=buildd-0.64 Historically forks have been needed because fixes in stable are hard. If stuff breaks in testing or unstable you usually need to fix it quicker than with a point release. A point could be made that the changes should be pushed to stable instead. As far as I know there's also still no builddadm-maintainable puppet tree. (Partly my fault I acknowledge, because I hoped to be able to do rabbitmq, but failed working against a black box I don't understand.) If we could ship the relevant helper scripts through Puppet (and unify configuration) we could also make most of the fork moot and just cherry-pick new versions from testing. Kind regards Philipp Kern For reference, Ansgar (CC'ed) have started to merge the branches (see [1]). I believe his short-term plan was to merge the general stuff into master, have that uploaded to unstable and then do a buildd specific version with the remaining Debian-specific parts. In the long term, we should definitely aim for having exactly one implementation of sbuild. We might need to optimise some of the processes for this to work. I believe DSA are usually happy with pulling from either proposed-updates and backports, so we should be able to find a suitable solution for getting timely fixes available on the Debian machines. Thanks, ~Niels [1] https://anonscm.debian.org/cgit/users/ansgar/sbuild.git/log/ -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54dda8ee.6080...@thykier.net
NEW changes in stable-new
Processing changes file: dbus_1.6.8-1+deb7u6_multi.changes ACCEPT Processing changes file: dbus_1.6.8-1+deb7u6_amd64.changes ACCEPT Processing changes file: dbus_1.6.8-1+deb7u6_armel.changes ACCEPT Processing changes file: dbus_1.6.8-1+deb7u6_armhf.changes ACCEPT Processing changes file: dbus_1.6.8-1+deb7u6_i386.changes ACCEPT Processing changes file: dbus_1.6.8-1+deb7u6_ia64.changes ACCEPT Processing changes file: dbus_1.6.8-1+deb7u6_kfreebsd-amd64.changes ACCEPT Processing changes file: dbus_1.6.8-1+deb7u6_kfreebsd-i386.changes ACCEPT Processing changes file: dbus_1.6.8-1+deb7u6_mips.changes ACCEPT Processing changes file: dbus_1.6.8-1+deb7u6_mipsel.changes ACCEPT Processing changes file: dbus_1.6.8-1+deb7u6_powerpc.changes ACCEPT Processing changes file: dbus_1.6.8-1+deb7u6_s390.changes ACCEPT Processing changes file: dbus_1.6.8-1+deb7u6_s390x.changes ACCEPT Processing changes file: dbus_1.6.8-1+deb7u6_sparc.changes ACCEPT Processing changes file: ruby1.8_1.8.7.358-7.1+deb7u2_amd64.changes ACCEPT Processing changes file: ruby1.8_1.8.7.358-7.1+deb7u2_armel.changes ACCEPT Processing changes file: ruby1.8_1.8.7.358-7.1+deb7u2_armhf.changes ACCEPT Processing changes file: ruby1.8_1.8.7.358-7.1+deb7u2_i386.changes ACCEPT Processing changes file: ruby1.8_1.8.7.358-7.1+deb7u2_ia64.changes ACCEPT Processing changes file: ruby1.8_1.8.7.358-7.1+deb7u2_kfreebsd-amd64.changes ACCEPT Processing changes file: ruby1.8_1.8.7.358-7.1+deb7u2_kfreebsd-i386.changes ACCEPT Processing changes file: ruby1.8_1.8.7.358-7.1+deb7u2_mips.changes ACCEPT Processing changes file: ruby1.8_1.8.7.358-7.1+deb7u2_mipsel.changes ACCEPT Processing changes file: ruby1.8_1.8.7.358-7.1+deb7u2_powerpc.changes ACCEPT Processing changes file: ruby1.8_1.8.7.358-7.1+deb7u2_s390.changes ACCEPT Processing changes file: ruby1.8_1.8.7.358-7.1+deb7u2_s390x.changes ACCEPT Processing changes file: ruby1.8_1.8.7.358-7.1+deb7u2_sparc.changes ACCEPT Processing changes file: xorg-server_1.12.4-6+deb7u6_amd64.changes ACCEPT Processing changes file: xorg-server_1.12.4-6+deb7u6_armel.changes ACCEPT Processing changes file: xorg-server_1.12.4-6+deb7u6_armhf.changes ACCEPT Processing changes file: xorg-server_1.12.4-6+deb7u6_i386.changes ACCEPT Processing changes file: xorg-server_1.12.4-6+deb7u6_ia64.changes ACCEPT Processing changes file: xorg-server_1.12.4-6+deb7u6_kfreebsd-amd64.changes ACCEPT Processing changes file: xorg-server_1.12.4-6+deb7u6_kfreebsd-i386.changes ACCEPT Processing changes file: xorg-server_1.12.4-6+deb7u6_mips.changes ACCEPT Processing changes file: xorg-server_1.12.4-6+deb7u6_mipsel.changes ACCEPT Processing changes file: xorg-server_1.12.4-6+deb7u6_powerpc.changes ACCEPT Processing changes file: xorg-server_1.12.4-6+deb7u6_s390.changes ACCEPT Processing changes file: xorg-server_1.12.4-6+deb7u6_s390x.changes ACCEPT Processing changes file: xorg-server_1.12.4-6+deb7u6_sparc.changes ACCEPT -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1ym9o9-0006fc...@franck.debian.org
Re: concerns about the state of buildds for jessie
Hi, 2015-02-11 20:46 GMT+01:00 Peter Palfrader wea...@debian.org: It seems the buildd team is severely understaffed and needs help. If this rumor turns to be a reality, are there some prerequisites potential volunteers could have a look to in the event they want to apply for the role? Cheers, Luca -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cadk7b0o_ehd36evqf08j1sjocg7e1u8mrnuw4p9f9z0xwet...@mail.gmail.com
Bug#777205: unblock: refpolicy/2:2.20140421-9
On Sun, 8 Feb 2015 22:51:57 +0100 Ivo De Decker iv...@debian.org wrote: tags 777205 wontfix thanks Hi, On Fri, Feb 06, 2015 at 08:45:13PM +1100, Russell Coker wrote: Please unblock package refpolicy The source package refpolicy had been removed from testing. The removal happened in December. Unfortunately, it's too late to allow it back now, so I'll have to deny this request. Cheers, Ivo But this would mean Jessie's SELinux support won't be usable for most normal users, i.e. people must install policies by themselves, without any officially supported policy set available. This could be a significant weakness to users in term of Debian's security infrastructure, would you mind re-consider this request? Regards, Aron -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAMr=8w475Yk0JvrAaX7p1jeU3=wthomi4eb+muozjtfccmq...@mail.gmail.com
Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)
On Wed, Feb 11, 2015 at 5:59 AM, Julien Cristau jcris...@debian.org wrote: On Tue, Feb 3, 2015 at 04:02:51 +0800, Aron Xu wrote: Updated version of debdiff, removing the -O3 change. The changelog still says build with -O3. Updated as attached. Cheers, Aron libxml2_2.9.1+dfsg1-5.debdiff Description: Binary data
