Bug#781718: unblock: subversion/1.8.10-6
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package subversion
This uploaded backports fixes for 3 recent CVEs.
$ debdiff subversion_1.8.10-5.dsc subversion_1.8.10-6.dsc
diffstat for subversion_1.8.10-5 subversion_1.8.10-6
debian/patches/CVE-2015-0202| 474
debian/patches/CVE-2015-0248| 105 +++
debian/patches/CVE-2015-0251| 62
subversion-1.8.10/debian/changelog | 11
subversion-1.8.10/debian/patches/series |3
5 files changed, 655 insertions(+)
diff -u subversion-1.8.10/debian/changelog subversion-1.8.10/debian/changelog
--- subversion-1.8.10/debian/changelog
+++ subversion-1.8.10/debian/changelog
@@ -1,3 +1,14 @@
+subversion (1.8.10-6) unstable; urgency=high
+
+ * patches/CVE-2015-0202: Excessive memory use with certain REPORT requests
+against mod_dav_svn with FSFS repositories
+ * patches/CVE-2015-0248: Assertion DoS vulnerability for certain mod_dav_svn
+and svnserve requests with dynamically evaluated revision numbers
+ * patches/CVE-2015-0251: mod_dav_svn allows spoofing svn:author property
+values for new revisions
+
+ -- James McCoy Tue, 31 Mar 2015 22:51:18 -0400
+
subversion (1.8.10-5) unstable; urgency=medium
* patches/CVE-2014-8108: mod_dav_svn DoS vulnerability with invalid virtual
diff -u subversion-1.8.10/debian/patches/series
subversion-1.8.10/debian/patches/series
--- subversion-1.8.10/debian/patches/series
+++ subversion-1.8.10/debian/patches/series
@@ -21,0 +22,3 @@
+CVE-2015-0251
+CVE-2015-0248
+CVE-2015-0202
only in patch2:
unchanged:
--- subversion-1.8.10.orig/debian/patches/CVE-2015-0202
+++ subversion-1.8.10/debian/patches/CVE-2015-0202
@@ -0,0 +1,474 @@
+Index: subversion/libsvn_fs_fs/tree.c
+===
+--- a/subversion/libsvn_fs_fs/tree.c (revision 1655679)
b/subversion/libsvn_fs_fs/tree.c (working copy)
+@@ -127,7 +127,6 @@ typedef struct fs_txn_root_data_t
+ static svn_error_t * get_dag(dag_node_t **dag_node_p,
+ svn_fs_root_t *root,
+ const char *path,
+- svn_boolean_t needs_lock_cache,
+ apr_pool_t *pool);
+
+ static svn_fs_root_t *make_revision_root(svn_fs_t *fs, svn_revnum_t rev,
+@@ -178,34 +177,10 @@ typedef struct cache_entry_t
+ */
+ enum { BUCKET_COUNT = 256 };
+
+-/* Each pool that has received a DAG node, will hold at least on lock on
+- our cache to ensure that the node remains valid despite being allocated
+- in the cache's pool. This is the structure to represent the lock.
+- */
+-typedef struct cache_lock_t
+-{
+- /* pool holding the lock */
+- apr_pool_t *pool;
+-
+- /* cache being locked */
+- fs_fs_dag_cache_t *cache;
+-
+- /* next lock. NULL at EOL */
+- struct cache_lock_t *next;
+-
+- /* previous lock. NULL at list head. Only then this==cache->first_lock */
+- struct cache_lock_t *prev;
+-} cache_lock_t;
+-
+ /* The actual cache structure. All nodes will be allocated in POOL.
+When the number of INSERTIONS (i.e. objects created form that pool)
+exceeds a certain threshold, the pool will be cleared and the cache
+with it.
+-
+- To ensure that nodes returned from this structure remain valid, the
+- cache will get locked for the lifetime of the _receiving_ pools (i.e.
+- those in which we would allocate the node if there was no cache.).
+- The cache will only be cleared FIRST_LOCK is 0.
+ */
+ struct fs_fs_dag_cache_t
+ {
+@@ -221,47 +196,8 @@ struct fs_fs_dag_cache_t
+ /* Property lookups etc. have a very high locality (75% re-hit).
+ Thus, remember the last hit location for optimistic lookup. */
+ apr_size_t last_hit;
+-
+- /* List of receiving pools that are still alive. */
+- cache_lock_t *first_lock;
+ };
+
+-/* Cleanup function to be called when a receiving pool gets cleared.
+- Unlocks the cache once.
+- */
+-static apr_status_t
+-unlock_cache(void *baton_void)
+-{
+- cache_lock_t *lock = baton_void;
+-
+- /* remove lock from chain. Update the head */
+- if (lock->next)
+-lock->next->prev = lock->prev;
+- if (lock->prev)
+-lock->prev->next = lock->next;
+- else
+-lock->cache->first_lock = lock->next;
+-
+- return APR_SUCCESS;
+-}
+-
+-/* Cleanup function to be called when the cache itself gets destroyed.
+- In that case, we must unregister all unlock requests.
+- */
+-static apr_status_t
+-unregister_locks(void *baton_void)
+-{
+- fs_fs_dag_cache_t *cache = baton_void;
+- cache_lock_t *lock;
+-
+- for (lock = cache->first_lock; lock; lock = lock->next)
+-apr_pool_cleanup_kill(lock->pool,
+- lock,
+- unlock_cache);
+-
+- return APR_SUCCESS;
+-}
+-
+ fs_fs_dag_cache_t*
+ svn_fs_fs__create_dag_cache(apr_pool_t *pool)
+ {
+@@ -268,59 +204,15 @@ svn_f
Bug#781708: unblock: bb/1.3rc1-8.2
Hi, Axel Beckert wrote: > I've just uploaded bb/1.3rc1-8.2 to DELAYED/1 to mitigate #761023 (bb: > Visual stops when audio starts under pulseaudio). The package maintainer of bb has acknowledged the NMU. So I've moved it to DELAYED/0 and it has been uploaded to unstable already now and built on most architectures already: https://buildd.debian.org/status/package.php?p=bb > I plan to lower the severity of #761023 to important as soon as the > package upload reaches unstable. Actually, I've thought about this a little bit more. I'll better lower the severity only when the unblock request has been granted. That's closer to the common workflow and won't confuse PTS and friends. Another and maybe even better possibility to properly track the issue with its different severities depending on the package version would be to clone the bug report and to lower one of them to important and close the other one with the 1.3rc1-8.2 version. Does the Release Team has any preference on this? Regards, Axel -- ,''`. | Axel Beckert , http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150401225855.gz5...@sym.noone.org
Bug#781709: unblock: symfony/2.3.21+dfsg-4
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package symfony
It cherry-picks to security fixes from upstrem:
symfony (2.3.21+dfsg-4) unstable; urgency=medium
* Backport security fixes from 2.3.27:
- Esi Code Injection [CVE-2015-2308]
- Unsafe methods in the Request class [CVE-2015-2309]
-- David Prévot Wed, 01 Apr 2015 16:53:00 -0400
unblock symfony/2.3.21+dfsg-4
Thanks in advance.
Regards
David
diff -Nru symfony-2.3.21+dfsg/debian/changelog symfony-2.3.21+dfsg/debian/changelog
--- symfony-2.3.21+dfsg/debian/changelog 2015-01-30 09:22:17.0 -0400
+++ symfony-2.3.21+dfsg/debian/changelog 2015-04-01 16:53:36.0 -0400
@@ -1,3 +1,11 @@
+symfony (2.3.21+dfsg-4) unstable; urgency=medium
+
+ * Backport security fixes from 2.3.27:
+- Esi Code Injection [CVE-2015-2308]
+- Unsafe methods in the Request class [CVE-2015-2309]
+
+ -- David Prévot Wed, 01 Apr 2015 16:53:00 -0400
+
symfony (2.3.21+dfsg-3) unstable; urgency=medium
[ Daniel Beyer ]
diff -Nru symfony-2.3.21+dfsg/debian/patches/0007-isFromTrustedProxy-to-confirm-request-came-from-a-tr.patch symfony-2.3.21+dfsg/debian/patches/0007-isFromTrustedProxy-to-confirm-request-came-from-a-tr.patch
--- symfony-2.3.21+dfsg/debian/patches/0007-isFromTrustedProxy-to-confirm-request-came-from-a-tr.patch 1969-12-31 20:00:00.0 -0400
+++ symfony-2.3.21+dfsg/debian/patches/0007-isFromTrustedProxy-to-confirm-request-came-from-a-tr.patch 2015-04-01 16:44:25.0 -0400
@@ -0,0 +1,140 @@
+From: James Gilliland
+Date: Tue, 17 Feb 2015 11:56:59 -0600
+Subject: isFromTrustedProxy to confirm request came from a trusted proxy.
+
+Origin: upstream, https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84
+---
+ src/Symfony/Component/HttpFoundation/Request.php | 13 +---
+ .../Component/HttpFoundation/Tests/RequestTest.php | 38 ++
+ 2 files changed, 34 insertions(+), 17 deletions(-)
+
+diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php
+index 9fd02cc..00fdbc4 100644
+--- a/src/Symfony/Component/HttpFoundation/Request.php
b/src/Symfony/Component/HttpFoundation/Request.php
+@@ -763,7 +763,7 @@ class Request
+ {
+ $ip = $this->server->get('REMOTE_ADDR');
+
+-if (!self::$trustedProxies) {
++if (!$this->isFromTrustedProxy()) {
+ return array($ip);
+ }
+
+@@ -924,7 +924,7 @@ class Request
+ */
+ public function getPort()
+ {
+-if (self::$trustedProxies) {
++if ($this->isFromTrustedProxy()) {
+ if (self::$trustedHeaders[self::HEADER_CLIENT_PORT] && $port = $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_PORT])) {
+ return $port;
+ }
+@@ -1105,7 +1105,7 @@ class Request
+ */
+ public function isSecure()
+ {
+-if (self::$trustedProxies && self::$trustedHeaders[self::HEADER_CLIENT_PROTO] && $proto = $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_PROTO])) {
++if ($this->isFromTrustedProxy() && self::$trustedHeaders[self::HEADER_CLIENT_PROTO] && $proto = $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_PROTO])) {
+ return in_array(strtolower(current(explode(',', $proto))), array('https', 'on', 'ssl', '1'));
+ }
+
+@@ -1133,7 +1133,7 @@ class Request
+ */
+ public function getHost()
+ {
+-if (self::$trustedProxies && self::$trustedHeaders[self::HEADER_CLIENT_HOST] && $host = $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_HOST])) {
++if ($this->isFromTrustedProxy() && self::$trustedHeaders[self::HEADER_CLIENT_HOST] && $host = $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_HOST])) {
+ $elements = explode(',', $host);
+
+ $host = $elements[count($elements) - 1];
+@@ -1819,4 +1819,9 @@ class Request
+
+ return false;
+ }
++
++private function isFromTrustedProxy()
++{
++return self::$trustedProxies && IpUtils::checkIp($this->server->get('REMOTE_ADDR'), self::$trustedProxies);
++}
+ }
+diff --git a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
+index 6059969..e57f702 100644
+--- a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
+@@ -707,35 +707,37 @@ class RequestTest extends \PHPUnit_Framework_TestCase
+ 'HTTP_X_FORWARDED_PROTO' => 'https',
+ 'HTTP_X_FORWARDED_PORT' => '8443',
+ ));
+-$port = $request->getPort();
+-
+-$this->assertEquals(8443, $port, 'With PROTO and PORT set PORT takes precedence.');
++$this->assertEquals(80, $request->getPort(), 'With PROTO and PORT on untrusted connection server value takes precedence.'
Bug#781708: unblock: bb/1.3rc1-8.2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
I've just uploaded bb/1.3rc1-8.2 to DELAYED/1 to mitigate #761023 (bb:
Visual stops when audio starts under pulseaudio). I plan to lower the
severity of #761023 to important as soon as the package upload reaches
unstable.
After some propositions in the bug report itself and some discussion
on IRC we (mostly gregoa and myself with nthykier not crying out
loudly about it ;-) came to the conclusion that having Music off by
default plus adding a README.Debian mitigates the issue enough to
lower the severity. README.Debian describes which combinations cause
issues including a pointer to https://bugs.debian.org/761023
Since the package updates config.sub and config.guess upon source
package build, the full debdiff is quite large. I'll include the full
debdiff as attachment and the reduced debdiff (only the manual
changes) inline here:
diff -u bb-1.3rc1/main.c bb-1.3rc1/main.c
--- bb-1.3rc1/main.c
+++ bb-1.3rc1/main.c
@@ -155,9 +155,9 @@
bbinit (argc, argv);
#ifdef HAVE_LIBMIKMOD
- aa_puts (context, 0, p++, AA_SPECIAL, "Music?[Y/n]");
+ aa_puts (context, 0, p++, AA_SPECIAL, "Music?[y/N]");
aa_flush (context);
- if (tolower (aa_getkey (context, 1)) != 'n')
+ if (tolower (aa_getkey (context, 1)) == 'y')
{
MikMod_RegisterAllDrivers ();
MikMod_RegisterLoader (&load_s3m);
diff -u bb-1.3rc1/debian/changelog bb-1.3rc1/debian/changelog
--- bb-1.3rc1/debian/changelog
+++ bb-1.3rc1/debian/changelog
@@ -1,3 +1,13 @@
+bb (1.3rc1-8.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Mitigate hanging visuals in combination with PulseAudio.
++ Set default answer for Music to "no".
++ Add README.Debian explaining the situation.
++ Mitigates: #761023
+
+ -- Axel Beckert Wed, 01 Apr 2015 21:35:03 +0200
+
bb (1.3rc1-8.1) unstable; urgency=low
* Non-maintainer upload.
only in patch2:
unchanged:
--- bb-1.3rc1.orig/debian/README.Debian
+++ bb-1.3rc1/debian/README.Debian
@@ -0,0 +1,14 @@
+BB vs PulseAudio
+
+
+Unfortunately BB does not work under X if PulseAudio is active and
+Music is requested. If you have PulseAudio installed and want to show
+off BB with Music, you can do that by switching to the virtual text
+console and running BB there.
+
+Due to this issue Music in BB is turned of by default in Debian.
+
+This issue is tracked in the Debian Bug Tracking System at
+https://bugs.debian.org/761023
+
+ -- Axel Beckert , Wed, 1 Apr 2015 22:13:34 +0200
So please unblock bb/1.3rc1-8.2 as soon as it hits unstable.
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (990, 'unstable'), (600, 'testing'), (110, 'experimental'), (109,
'buildd-unstable'), (109, 'buildd-experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.19.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -u bb-1.3rc1/main.c bb-1.3rc1/main.c
--- bb-1.3rc1/main.c
+++ bb-1.3rc1/main.c
@@ -155,9 +155,9 @@
bbinit (argc, argv);
#ifdef HAVE_LIBMIKMOD
- aa_puts (context, 0, p++, AA_SPECIAL, "Music?[Y/n]");
+ aa_puts (context, 0, p++, AA_SPECIAL, "Music?[y/N]");
aa_flush (context);
- if (tolower (aa_getkey (context, 1)) != 'n')
+ if (tolower (aa_getkey (context, 1)) == 'y')
{
MikMod_RegisterAllDrivers ();
MikMod_RegisterLoader (&load_s3m);
diff -u bb-1.3rc1/config.sub bb-1.3rc1/config.sub
--- bb-1.3rc1/config.sub
+++ bb-1.3rc1/config.sub
@@ -1,38 +1,31 @@
#! /bin/sh
# Configuration validation subroutine script.
-# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
-# Free Software Foundation, Inc.
-
-timestamp='2010-01-22'
-
-# This file is (in principle) common to ALL GNU software.
-# The presence of a machine in this file suggests that SOME GNU software
-# can handle that machine. It does not imply ALL GNU software can.
-#
-# This file is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
+# Copyright 1992-2014 Free Software Foundation, Inc.
+
+timestamp='2014-09-11'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the imp
Bug#781641: marked as done (unblock: systemd/215-14)
Your message dated Wed, 01 Apr 2015 20:11:41 +0100 with message-id <1427915501.622.4.ca...@adam-barratt.org.uk> and subject line Re: Bug#781641: unblock: systemd/215-14 has caused the Debian Bug report #781641, regarding unblock: systemd/215-14 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 781641: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781641 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock systemd 215-14 hit unstable two days ago with 5 RC bug fixes (i. e. all outstanding one except #780650 which was agreed to be jessie-ignore), plus some other important fixes which got pre-approved. 215-13 with half of the fixes already got uploaded last week. So far there have been no regression reports, and these changes are also getting tested in experimental and Ubuntu, so I'm quite confident in them. All of the fixes except two (marked below) are backports from 219 (in experimental and Ubuntu), so they got much more field testing than just the two days in unstable. I attach the full debdiff between 215-12 and -14, but as usual I also link to the individual commits on anonscm. Note that there are zero changes for udev-udeb (for d-i). Annotated changelog: |systemd (215-14) unstable; urgency=medium | | [ Michael Biebl ] | * Map $x-display-manager LSB facility to display-manager.service instead of |making it a target. Using a target had the downside that multiple display |managers could hook into it at the same time which could lead to several |failed start attempts for the non-default display manager. | * Update insserv-generator and map $x-display-manager to |display-manager.service, following the recent change in sysv-generator. |This avoids creating references to a no longer existing |x-display-manager.target unit. http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=4cfcbb100 http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=6ef318a5a We've had these for a while in experimental/Ubuntu. Pre-acked by Niels in http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/2015-March/006477.html | * Cherry-pick upstream fix to increase the SendBuffer of /dev/log to 8M. http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=6cc87b22c0 Part of/prerequisite for RC bug #762700 below. | [ Martin Pitt ] | * scope: Make attachment of initial PIDs more robust. Fixes crash with |processes that get started by an init.d script with a different (aliased) |name when the cgroup becomes empty. (Closes: #781210) http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=925a2872f7 | * boot-and-services, display-managers autopkgtests: Add missing python3 test |dependency. http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=0df2572dd Trivial autopkgtest-only fix, no runtime impact. | * Don't attempt to mount the same swap partition twice through different |device node aliases. (Closes: #772182, LP: #1399595) http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=fc91558 This is the one non-RC/non-pre-ack'ed change in this upload. Several people asked us to get this into unstable as they ran into it on installation, and I believe the change is reasonable, safe, and avoids confusion (people noticing the failed unit and wondering what's wrong, while there isn't anything wrong). | [ Christian Seiler ] | * Make the journald to syslog forwarding more robust by increasing the |maximum datagram queue length from 10 to 512. (Closes: #762700) http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=5ff84d8673 RC bug. | [ Marco d'Itri ] | * Avoid writing duplicate entries in 70-persistent-net.rules by double |checking if the new udev rule has already been written for the given |interface. This happens if multiple add events are generated before the |write_net_rules script returns and udevd renames the interface. |(Closes: #765577) http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=1b31191d26a RC bug. | | -- Michael Biebl Mon, 30 Mar 2015 13:26:52 +0200 | |systemd (215-13) unstable; urgency=medium | | [ Martin Pitt ] | * Add hwclock-save.service to sync the system clock to the hardware clock on |shutdown, to provide monotonic time for reboots. (Note: this is a hack for |jessie; the next Debian release will enable timesyncd by default). |(Closes: #755722) http://anonscm.debian.org/cgit/pkg-systemd/system
Bug#781481: marked as done (unblock: debian-junior/1.24)
Your message dated Wed, 01 Apr 2015 20:26:42 +0100
with message-id <1427916402.622.11.ca...@adam-barratt.org.uk>
and subject line Re: Bug#781481: unblock: debian-junior/1.24
has caused the Debian Bug report #781481,
regarding unblock: debian-junior/1.24
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
781481: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781481
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package debian-junior
ccording to previous discussion about Blends metapackages[1] I'd like
you to unblock debian-junior 1.24. I simply rerendered the status of
the current debian-junior package (1.23) in testing by blends-dev which
excluded several packages from Recommends (and moved them to suggests as
blends-dev does with packages it can not found in the target release).
See the attached debdiff of mostly auto-generated files.
Thanks for working on the Debian release
Andreas.
[1] https://lists.debian.org/debian-release/2014/11/msg01092.html
unblock debian-junior/1.24
-- System Information:
Debian Release: 7.8
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru debian-junior-1.23/debian/changelog debian-junior-1.24/debian/changelog
--- debian-junior-1.23/debian/changelog 2014-10-24 00:42:54.0 +0200
+++ debian-junior-1.24/debian/changelog 2015-03-29 22:34:35.0 +0200
@@ -1,3 +1,9 @@
+debian-junior (1.24) unstable; urgency=medium
+
+ * Rerender dependencies for Jessie
+
+ -- Andreas Tille Sun, 29 Mar 2015 22:17:12 +0200
+
debian-junior (1.23) unstable; urgency=medium
[Andreas Tille]
diff -Nru debian-junior-1.23/debian/control debian-junior-1.24/debian/control
--- debian-junior-1.23/debian/control 2014-10-24 00:43:07.0 +0200
+++ debian-junior-1.24/debian/control 2015-03-29 22:34:35.0 +0200
@@ -45,14 +45,14 @@
krita,
mtpaint,
mypaint,
- pencil2d,
pinta,
pysiogame,
rgbpaint,
simple-scan,
tuxpaint,
xpaint
-Suggests: tbo
+Suggests: pencil2d,
+ tbo
Description: Debian Jr. Art
Tools for children to produce artwork. The simplest of these is
tuxpaint, which is designed for small children. It features sounds
@@ -172,9 +172,9 @@
neverball,
supertuxkart,
torcs,
- trackballs,
tuxfootball
-Suggests: platinumarts-sandbox
+Suggests: platinumarts-sandbox,
+ trackballs
Description: Debian Jr. 3D Games (hardware acceleration required)
These games all use OpenGL libraries. They will not work without
decent 3D graphics cards providing hardware-accelerated OpenGL.
@@ -422,10 +422,10 @@
childsplay,
gcompris,
gtypist,
+ klavaro,
ktouch,
pysiogame,
tuxtype
-Suggests: klavaro
Description: Debian Jr. typing
This metapackage will install typing tutors and typing games for
various skill levels. This collection of packages was assembled
diff -Nru debian-junior-1.23/debian-junior-tasks.desc debian-junior-1.24/debian-junior-tasks.desc
--- debian-junior-1.23/debian-junior-tasks.desc 2014-10-24 00:43:02.0 +0200
+++ debian-junior-1.24/debian-junior-tasks.desc 2015-03-29 22:34:35.0 +0200
@@ -27,7 +27,6 @@
karbon
krita
pinta
- pencil2d
pysiogame
rgbpaint
simple-scan
@@ -268,7 +267,6 @@
gltron
bouncy
neverball
- trackballs
supertuxkart
extremetuxracer
torcs
@@ -527,6 +525,7 @@
tuxtype
gtypist
ktouch
+ klavaro
gcompris
pysiogame
diff -Nru debian-junior-1.23/dependency_data/debian-junior_1.24.json debian-junior-1.24/dependency_data/debian-junior_1.24.json
--- debian-junior-1.23/dependency_data/debian-junior_1.24.json 1970-01-01 01:00:00.0 +0100
+++ debian-junior-1.24/dependency_data/debian-junior_1.24.json 2015-03-29 22:34:35.0 +0200
@@ -0,0 +1 @@
+{"games-text": {"ignore": [], "suggests": [], "depends": ["bsdgames", "moon-buggy | moon-buggy-esd", "nettoe", "zivot", "animals", "cowsay", "sl"], "recommends": [], "avoid": []}, "art": {"ignore": [], "suggests": [], "depends": ["cheese", "gimp", "tuxpaint", "xpaint", "inkscape", "mypaint", "mtpaint", "gamine", "gcompris", "gpaint", "karbon", "krita", "pinta", "pencil2d", "pysiogame", "rgbpaint", "simple-scan", "tbo"], "recommends": [], "avoid": []}, "games-puzzle": {"ignore": [], "suggests": [], "depends": ["2048-qt", "amoebax", "biniax2", "berusky2", "brainparty", "frozen-bubble", "gtans", "lmem
Bug#781462: marked as done (unblock: debian-med/2.0)
Your message dated Wed, 01 Apr 2015 20:27:48 +0100 with message-id <1427916468.622.12.ca...@adam-barratt.org.uk> and subject line Re: Bug#781462: unblock: debian-med/2.0 has caused the Debian Bug report #781462, regarding unblock: debian-med/2.0 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 781462: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781462 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-med According to previous discussion about Blends metapackages[1] I'd like you to unblock debian-med 2.0. I hereby comment the changelog to add some explanation to the debdiff that contains some larger autogenerated changes: * Fixed syntax of med-cloud and rerender dependencies --> there was a syntax issue in one task which rendered one metapackage unusable (serious) * Versioned Build-Depends: blends-dev (>= 0.6.92.2) to ensure no packages from non-free or unstable will be included by accident --> Make sure package does not build with broken blends-dev where bug #768011 is fixed * Since last metapackage creation (and before freeze) the following packages made it into testing: fastaq, relion-bin + librelion-dev These were adde to the list of Recommends --> As the changelog entry says two relevant packages made their way into testing which results in autogenerated changes (moving the packages from Suggests to Recommends) * After the freeze the package psychopy was removed from testing and thus it is removed from Recommends --> Due to the removal of psychopy from testing the current debian-med packages (1.99) contain an invalid Recommends from this package. This upload moved the package from Recommends to Suggests. (This is exactly the issue discussed in [1]). A complete debdiff is attached. Thanks for working on the Debian release Andreas. [1] https://lists.debian.org/debian-release/2014/11/msg01092.html unblock debian-med/2.0 -- System Information: Debian Release: 7.8 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash --- End Message --- --- Begin Message --- On Sun, 2015-03-29 at 18:22 +0200, Andreas Tille wrote: > Please unblock package debian-med Done. Regards, Adam--- End Message ---
Bug#781477: marked as done (unblock: debian-science/1.4)
Your message dated Wed, 01 Apr 2015 20:25:07 +0100 with message-id <1427916307.622.10.ca...@adam-barratt.org.uk> and subject line Re: Bug#781477: unblock: debian-science/1.4 - provide promissed but missing debdiff has caused the Debian Bug report #781477, regarding unblock: debian-science/1.4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 781477: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781477 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-science According to previous discussion about Blends metapackages[1] I'd like you to unblock debian-science 1.4. I simply rerendered the status of the current debian-science package (1.3) in testing by blends-dev which excluded several packages from Recommends (and moved them to suggests as blends-dev does with packages it can not found in the target release). See the attached debdiff of mostly auto-generated files. Thanks for working on the Debian release Andreas. [1] https://lists.debian.org/debian-release/2014/11/msg01092.html unblock debian-science/1.4 -- System Information: Debian Release: 7.8 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash --- End Message --- --- Begin Message --- On Sun, 2015-03-29 at 22:52 +0200, Andreas Tille wrote: > Hi, > > the bug report was lacking the debdiff which is attached to this mail. Unblocked. Regards, Adam--- End Message ---
Bug#781642: marked as done (unblock: debian-games/1)
Your message dated Wed, 01 Apr 2015 20:17:07 +0100
with message-id <1427915827.622.9.ca...@adam-barratt.org.uk>
and subject line Re: Bug#781642: unblock: debian-games/1
has caused the Debian Bug report #781642,
regarding unblock: debian-games/1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
781642: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781642
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package debian-games
According to previous discussion about Blends metapackages[1] I'd like
you to unblock debian-games 1. It is updated to reflect the package
pool after some packages were removed in the freeze process.
See the attached debdiff of mostly auto-generated files.
Thanks for working on the Debian release
Andreas.
[1] https://lists.debian.org/debian-release/2014/11/msg01092.html
(include/attach the debdiff against the package in testing)
unblock debian-games/1
-- System Information:
Debian Release: 7.8
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru debian-games-0.11/debian/changelog debian-games-1/debian/changelog
--- debian-games-0.11/debian/changelog 2014-10-24 14:05:58.0 +0200
+++ debian-games-1/debian/changelog 2015-04-01 09:38:48.0 +0200
@@ -1,3 +1,20 @@
+debian-games (1) unstable; urgency=medium
+
+ * Update debian/control and synchronize metapackages with current available
+packages in testing.
+ * c++-dev:
+- Recommend libopenscenegraph-dev.
+- Replace libjpeg8-dev with libjpeg-dev.
+- Drop crystalspace and libcrystalspace-dev because they are
+ RC buggy.
+ * chess:
+- Recommend chessx.
+ * card:
+- Only suggest jpoker because it depends on apache2 which is an undesired
+ dependency.
+
+ -- Markus Koschany Mon, 30 Mar 2015 18:06:50 +0200
+
debian-games (0.11) unstable; urgency=medium
* Declare compliance with Debian Policy 3.9.6.
diff -Nru debian-games-0.11/debian/control debian-games-1/debian/control
--- debian-games-0.11/debian/control 2014-10-24 14:05:58.0 +0200
+++ debian-games-1/debian/control 2015-04-01 09:38:48.0 +0200
@@ -227,6 +227,7 @@
grhino,
gtkatlantic,
gtkboard,
+ hachu,
hexxagon,
jester,
londonlaw,
@@ -265,7 +266,6 @@
xvier,
yics
Suggests: gnome-games,
- hachu,
kdegames,
ricochet
Description: Debian's board games
@@ -287,7 +287,6 @@
libcegui-mk2-dev,
libclanlib-dev,
libclaw-dev,
- libcrystalspace-dev,
libenet-dev,
libflatzebra-dev,
libfreetype6-dev,
@@ -297,13 +296,14 @@
libglfw3-dev,
libglu1-mesa-dev,
libirrlicht-dev,
- libjpeg8-dev,
+ libjpeg-dev,
libltdl-dev,
libode-dev,
libogg-dev,
libogre-1.9-dev,
libois-dev,
libopenal-dev,
+ libopenscenegraph-dev,
libphobos-4.9-dev,
libphysfs-dev,
libpng12-dev,
@@ -368,6 +368,7 @@
Depends: games-tasks (= ${binary:Version})
Recommends: 3dchess,
brutalchess,
+ chessx,
convert-pgn,
dreamchess,
eboard,
@@ -382,6 +383,7 @@
gnuchess,
gnuchess-book,
gnushogi,
+ hachu,
hoichess,
pgn-extract,
pgn2web,
@@ -400,7 +402,6 @@
yics
Suggests: emacs-chess,
gnome-games,
- hachu,
kdegames
Description: Debian's chess games
This metapackage will install chess games and helper tools.
@@ -576,6 +577,7 @@
neverputt,
nexuiz,
numptyphysics,
+ oolite,
open-invaders,
openarena,
openclonk,
@@ -619,7 +621,6 @@
widelands,
xboard,
xmoto
-Suggests: oolite
Description: Debian's finest games
This metapackage will install a selection of outstanding Debian games
representing almost all genres and styles. They were chosen based on multiple
@@ -683,6 +684,7 @@
micropolis,
nettoe,
numptyphysics,
+ oolite,
open-invaders,
openttd,
pacman,
@@ -719,7 +721,6 @@
widelands,
xboard,
xmoto
-Suggests: oolite
Description: Debian's finest games (light version)
This metapackage will install a selection of outstanding Debian games that are
suitable for low-end computers without hardware accelerated video cards. This
@@ -763,11 +764,11 @@
libjava3d-java,
libjinput-java,
libjogl2-java,
+ liblwjgl-java,
libpixels-java,
libsvgsalamander-java,
libupnp-java
Suggests: freecol,
- liblwjgl-java,
netbeans,
triplea
Description: development of games in Java
@@ -950,7 +951,6 @@
tanglet,
tetzle,
texlive-games,
- trackballs,
t
Bug#781163: marked as done (unblock (pre-approved): util-linux/2.25.2-6)
Your message dated Wed, 01 Apr 2015 20:14:43 +0100
with message-id <1427915683.622.7.ca...@adam-barratt.org.uk>
and subject line Re: Bug#781163: unblock (pre-approved): util-linux/2.25.2-5.1
has caused the Debian Bug report #781163,
regarding unblock (pre-approved): util-linux/2.25.2-6
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
781163: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781163
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: important
User: release.debian@packages.debian.org
Usertags: unblock, confirmed, moreinfo
Hello up there,
Recently I've discovered that `unshare -r`, though it used to work in
2014, stopped working for Jessie:
https://bugs.debian.org/780841
The fix was pre-ack'ed by util-linux maintainer (Andreas Henriksson)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780841#10
and pre-approved by RT member Niels Thykier on debian-release@l.d.o:
https://lists.debian.org/debian-release/2015/03/msg00661.html
Niels asked to file an unblock request with full intended debdiff, which
I do here. It is an NMU, because there is no reply from Andreas for
several days. Hope it is ok.
Thanks beforehand,
Kirill
diff --git a/debian/changelog b/debian/changelog
index 7850238..0d80c1b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+util-linux (2.25.2-5.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Cherry-pick `unshare -r` fix from upstream. (Closes: #780841)
+
+ -- Kirill Smelkov Wed, 25 Mar 2015 16:23:34 +0300
+
util-linux (2.25.2-5) unstable; urgency=medium
* Revert "Trigger update of initramfs on upgrades" (Closes: #773354)
diff --git a/debian/patches/series b/debian/patches/series
index 6428b26..577ad52 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -17,3 +17,4 @@ Update-Japanese-translation.patch
Update-Russian-translation.patch
Trivial-unfuzzy.patch
libblkid-care-about-unsafe-chars-in-cache.patch
+unshare-Fix-map-root-user-to-work-on-new-kernels.patch
diff --git
a/debian/patches/unshare-Fix-map-root-user-to-work-on-new-kernels.patch
b/debian/patches/unshare-Fix-map-root-user-to-work-on-new-kernels.patch
new file mode 100644
index 000..9a469c1
--- /dev/null
+++ b/debian/patches/unshare-Fix-map-root-user-to-work-on-new-kernels.patch
@@ -0,0 +1,71 @@
+From: "Eric W. Biederman"
+Date: Wed, 17 Dec 2014 17:06:03 -0600
+Subject: [PATCH] unshare: Fix --map-root-user to work on new kernels
+Origin:
https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit?id=0bf159413bdb9e324864a422b7aecb081e739119
+
+In rare cases droping groups with setgroups(0, NULL) is an operation
+that can grant a user additional privileges. User namespaces were
+allwoing that operation to unprivileged users and that had to be
+fixed.
+
+Update unshare --map-root-user to disable the setgroups operation
+before setting the gid_map.
+
+This is needed as after the security fix gid_map is restricted to
+privileged users unless setgroups has been disabled.
+
+Signed-off-by: "Eric W. Biederman"
+---
+ include/pathnames.h | 1 +
+ sys-utils/unshare.c | 19 +++
+ 2 files changed, 20 insertions(+)
+
+diff --git a/include/pathnames.h b/include/pathnames.h
+index 0d21b98..cbc93b7 100644
+--- a/include/pathnames.h
b/include/pathnames.h
+@@ -93,6 +93,7 @@
+
+ #define _PATH_PROC_UIDMAP "/proc/self/uid_map"
+ #define _PATH_PROC_GIDMAP "/proc/self/gid_map"
++#define _PATH_PROC_SETGROUPS "/proc/self/setgroups"
+
+ #define _PATH_PROC_ATTR_CURRENT "/proc/self/attr/current"
+ #define _PATH_PROC_ATTR_EXEC "/proc/self/attr/exec"
+diff --git a/sys-utils/unshare.c b/sys-utils/unshare.c
+index fccdba2..9fdce93 100644
+--- a/sys-utils/unshare.c
b/sys-utils/unshare.c
+@@ -39,6 +39,24 @@
+ #include "pathnames.h"
+ #include "all-io.h"
+
++static void disable_setgroups(void)
++{
++ const char *file = _PATH_PROC_SETGROUPS;
++ const char *deny = "deny";
++ int fd;
++
++ fd = open(file, O_WRONLY);
++ if (fd < 0) {
++ if (errno == ENOENT)
++ return;
++ err(EXIT_FAILURE, _("cannot open %s"), file);
++ }
++
++ if (write_all(fd, deny, strlen(deny)))
++ err(EXIT_FAILURE, _("write failed %s"), file);
++ close(fd);
++}
++
+ static void map_id(const char *file, uint32_t from, uint32_t to)
+ {
+ char *buf;
+@@ -181,6 +199,7 @@ int main(int argc, char *argv[])
+ }
+
+ if (maproot) {
++ disable_setgroups();
+
Bug#781662: marked as done (unblock: debian-gis/0.0.4)
Your message dated Wed, 01 Apr 2015 20:16:10 +0100
with message-id <1427915770.622.8.ca...@adam-barratt.org.uk>
and subject line Re: Bug#781662: unblock: debian-gis/0.0.4
has caused the Debian Bug report #781662,
regarding unblock: debian-gis/0.0.4
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
781662: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781662
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package debian-gis
According to previous discussion about Blends metapackages[1] I'd like
you to unblock debian-gis 0.0.4. I simply rerendered the status of
the current debian-gis package (0.0.3) in testing by blends-dev which
excluded several packages from Recommends (and moved them to suggests as
blends-dev does with packages it can not found in the target release).
See the attached debdiff of mostly auto-generated files.
Thanks for working on the Debian release
Andreas.
[1] https://lists.debian.org/debian-release/2014/11/msg01092.html
(include/attach the debdiff against the package in testing)
unblock debian-gis/0.0.4
-- System Information:
Debian Release: 7.8
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru debian-gis-0.0.3/debian/changelog debian-gis-0.0.4/debian/changelog
--- debian-gis-0.0.3/debian/changelog 2014-10-27 07:24:04.0 +0100
+++ debian-gis-0.0.4/debian/changelog 2015-04-01 13:26:36.0 +0200
@@ -1,3 +1,9 @@
+debian-gis (0.0.4) unstable; urgency=medium
+
+ * Rerender Debian GIS metapackages to reflect Jessie package pool.
+
+ -- Andreas Tille Wed, 01 Apr 2015 11:59:03 +0200
+
debian-gis (0.0.3) unstable; urgency=low
[ Andreas Tille ]
diff -Nru debian-gis-0.0.3/debian/control debian-gis-0.0.4/debian/control
--- debian-gis-0.0.3/debian/control 2014-10-27 07:24:04.0 +0100
+++ debian-gis-0.0.4/debian/control 2015-04-01 13:26:36.0 +0200
@@ -123,7 +123,6 @@
gpsbabel,
gpsd,
gpsd-clients,
- gpsdrive,
gpsman,
gpstrans,
gpx2shp,
@@ -137,6 +136,7 @@
qmapshack
Suggests: gpscorrelate,
gpscorrelate-gui,
+ gpsdrive,
navit-graphics-gtk-drawing-area | navit-graphics-qt-qpainter,
qlandkartegt-garmin
Description: GPS related programs
@@ -151,7 +151,6 @@
gir1.2-osmgpsmap-1.0,
gosmore,
gpsprune,
- gpxviewer,
imposm,
jmapviewer,
josm,
@@ -168,7 +167,6 @@
osmctools,
osmjs,
osmosis,
- osmosis-plugin-borderextract,
osmpbf-bin,
python-imposm-parser,
qlandkartegt,
@@ -183,6 +181,7 @@
gebabbel,
gpscorrelate,
gpscorrelate-gui,
+ gpxviewer,
josm-plugins,
libmemphis-0.2-dev,
libmemphis-doc,
@@ -192,6 +191,7 @@
openstreetmap-carto,
openstreetmap-map-icons-classic | openstreetmap-map-icons-scalable | openstreetmap-map-icons-square,
osmembrane,
+ osmosis-plugin-borderextract,
osrm,
osrm-tools,
qmapcontrol,
@@ -207,7 +207,6 @@
Architecture: all
Depends: gis-tasks (= ${binary:Version})
Recommends: dans-gdal-scripts,
- doris,
gdal-bin,
libepr-api2-dev,
libgdal-dev,
@@ -221,11 +220,11 @@
python-pycoast,
python-pykdtree,
python-pyorbital,
- python-pyresample,
- snaphu
+ python-pyresample
Suggests: adore-doris,
best,
bestgui,
+ doris,
eolisa,
getorb,
giant,
@@ -247,6 +246,7 @@
pyaps,
python-bufr,
roipac,
+ snaphu,
varres
Description: Remote sensing and earth observation
Debian packages which are dealing with Remote Sensing (for instance
@@ -290,14 +290,14 @@
tilecache,
tilelite,
tilestache,
- tinyows,
twms
Suggests: mapcache-cgi,
musmap,
pycsw-cgi,
python-pycsw,
pywps,
- tilemill
+ tilemill,
+ tinyows
Description: Present geographic information via web map server
Debian packages which are dealing with geographical information
to be presented for the web on so called map tile servers. These
@@ -328,7 +328,6 @@
libgeo-point-perl,
libgeographic-dev,
libgeos-c1,
- libgeotiff-epsg,
libjts-java,
liblas-bin,
libshp-dev,
@@ -364,6 +363,7 @@
libgdal1-1.10.1-grass,
libgdal1-1.11.1-grass,
libgeo-proj4-perl,
+ libgeotiff-epsg,
libkml-java,
libspatialite3,
mapnik-viewer,
diff -Nru debian-gis-0.0.3/debian-gis-tasks.desc debian-gis-0.0.4/debian-gis-tasks.desc
--- debian-gis-0.0.3/debian-gis-tasks.desc 2014-10-27 07:24:04.0 +0100
+++ debian-gis-0.0.4/debian-gis-tasks.desc 2015-04-01 13:26:36.0 +0200
Bug#780465: marked as done (unblock: glibc/2.19-17)
Your message dated Wed, 01 Apr 2015 20:13:00 +0100
with message-id <1427915580.622.5.ca...@adam-barratt.org.uk>
and subject line Re: Bug#780465: jessie-pu: package glibc/2.19-17
has caused the Debian Bug report #780465,
regarding unblock: glibc/2.19-17
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
780465: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780465
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
Dear Release Team,
I believe that glibc version 2.19-17 should migrate to testing despite
the freeze as it contains bug fixes important for Jessie:
- It fixes a segmentation fault in ldconfig when the aux cache is
corrupted, causing postinst scripts to fail (RC bug #779442).
- It adds a versioned depency to libc-bin on locales, so that
apt/aptitude can't decide to configure locales before libc-bin, as it
causes some locales to fail to be generated (bug #779442).
You will find the debdiff below. Please note that the following patches
touches hurd specific files, which are not even compiled on other
architectures:
- hurd-i386/cvs-libpthread-dlopen.diff
- hurd-i386/cvs-libpthread-libc-lockP.diff
- hurd-i386/cvs-libpthread-libc-lockP2.diff
Thanks,
Aurelien
diff -Nru glibc-2.19/debian/changelog glibc-2.19/debian/changelog
--- glibc-2.19/debian/changelog 2015-02-08 15:54:41.0 +0100
+++ glibc-2.19/debian/changelog 2015-03-14 10:17:57.0 +0100
@@ -1,3 +1,34 @@
+glibc (2.19-17) unstable; urgency=medium
+
+ [ Adam Conrad ]
+ * debian/rules.d/debhelper.mk: Unconditionally create tmp.substvars.
+Closes: #780431.
+
+ -- Aurelien Jarno Sat, 14 Mar 2015 10:17:56 +0100
+
+glibc (2.19-16) unstable; urgency=medium
+
+ [ Samuel Thibault ]
+ * patches/hurd-i386/cvs-libpthread-dlopen.diff: New patch to allow
+libpthread.so to be dynamically loaded from a dlopened library.
+ * patches/hurd-i386/cvs-libpthread-libc-lockP{,2}.diff: New patch to
+dynamically call pthread functions from libc.
+
+ [ Aurelien Jarno ]
+ * We have a transition mechanism for the locales, as the Debian archive
+used to expose arch:all packages on all architectures even when the
+corresponding arch:any package is not available yet. This has been
+fixed long time ago, the transition mechanism has not been used
+correctly for a lot of time and has been broken by the split out of
+libc-bin. The breakage has been partially fixed by the "Breaks: locales
+(<< 2.19)" added to libc6. It's now time to add the missing "Depends:
+libc-bin (>> 2.19)" to locales and remove the transition mechanism.
+Closes: #583088, #779442
+ * patches/any/cvs-ldconfig-aux-cache.diff: new patch from upstream to
+ignore corrupted aux-cache instead of segfaulting. Closes: #759530.
+
+ -- Aurelien Jarno Thu, 12 Mar 2015 22:00:40 +0100
+
glibc (2.19-15) unstable; urgency=medium
[ Aurelien Jarno ]
diff -Nru glibc-2.19/debian/control glibc-2.19/debian/control
--- glibc-2.19/debian/control 2015-01-20 00:53:06.0 +0100
+++ glibc-2.19/debian/control 2015-03-08 22:29:32.0 +0100
@@ -83,7 +83,7 @@
Architecture: all
Section: localization
Priority: standard
-Depends: ${locale:Depends}, ${misc:Depends}, debconf | debconf-2.0
+Depends: libc-bin (>> 2.19), ${misc:Depends}, debconf | debconf-2.0
Conflicts: base-config, belocs-locales-bin, belocs-locales-data
Replaces: base-config, lliurex-belocs-locales-data, manpages-fr-extra (<<
20141022)
Build-Profiles:
diff -Nru glibc-2.19/debian/control.in/main glibc-2.19/debian/control.in/main
--- glibc-2.19/debian/control.in/main 2014-12-11 12:56:06.0 +0100
+++ glibc-2.19/debian/control.in/main 2015-03-08 22:29:32.0 +0100
@@ -83,7 +83,7 @@
Architecture: all
Section: localization
Priority: standard
-Depends: ${locale:Depends}, ${misc:Depends}, debconf | debconf-2.0
+Depends: libc-bin (>> 2.19), ${misc:Depends}, debconf | debconf-2.0
Conflicts: base-config, belocs-locales-bin, belocs-locales-data
Replaces: base-config, lliurex-belocs-locales-data, manpages-fr-extra (<<
20141022)
Build-Profiles:
diff -Nru glibc-2.19/debian/locales-depver glibc-2.19/debian/locales-depver
--- glibc-2.19/debian/locales-depver2014-02-16 04:14:12.0 +0100
+++ glibc-2.19/debian/locales-depver1970-01-01 01:00:00.0 +0100
@@ -1,30 +0,0 @@
-# When glibc is uploaded into unstable, the locales package is immediately
-# available because it is arch:all. But libc binary packages are
Re: Hints for d-i jessie RC3, part 1
On Wed, 2015-04-01 at 20:02 +0200, Cyril Brulebois wrote: > here's a first round of unblock/unblock-udeb hints for the upcoming d-i > jessie RC3. Don't hesitate to ask questions if anything looks fishy. > Please note that some are just unblock (installation-guide) or just > unblock-udeb (systemd) and that doesn't count as fishy (despite `date`). All added. I'll poke at the "-udeb only" packages. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1427915006.622.3.ca...@adam-barratt.org.uk
Bug#781644: marked as done (unblock: fcgiwrap/1.1.0-4)
Your message dated Wed, 01 Apr 2015 19:44:50 +0100 with message-id <1427913890.622.1.ca...@adam-barratt.org.uk> and subject line Re: Bug#781644: unblock: fcgiwrap/1.1.0-4 has caused the Debian Bug report #781644, regarding unblock: fcgiwrap/1.1.0-4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 781644: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781644 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package fcgiwrap The following minimal one-liner change fixes a very recently filed RC bug. unblock fcgiwrap/1.1.0-4 Patch follows: diff -Nru fcgiwrap-1.1.0/debian/changelog fcgiwrap-1.1.0/debian/changelog --- fcgiwrap-1.1.0/debian/changelog 2014-05-10 02:19:58.0 +0200 +++ fcgiwrap-1.1.0/debian/changelog 2015-04-01 09:57:05.0 +0200 @@ -1,3 +1,11 @@ +fcgiwrap (1.1.0-4) unstable; urgency=medium + + * Ensure the socket unit is started upon installation by making +fcgiwrap.service Require fcgiwrap.socket (closes: #781524). Thanks, +Michael Biebl! + + -- Jordi Mallach Wed, 01 Apr 2015 09:56:53 +0200 + fcgiwrap (1.1.0-3) unstable; urgency=medium * Ensure fcgiwrap.socket is enabled via dh-systemd (closes: #742439). diff -Nru fcgiwrap-1.1.0/debian/patches/series fcgiwrap-1.1.0/debian/patches/series --- fcgiwrap-1.1.0/debian/patches/series2014-01-02 11:37:31.0 +0100 +++ fcgiwrap-1.1.0/debian/patches/series2015-04-01 09:37:45.0 +0200 @@ -1,3 +1,4 @@ GIT-Add-p-path-option-to-restrict-scripts.patch fix_systemd.patch fix_mandir.patch +systemd_socket_requires.patch diff -Nru fcgiwrap-1.1.0/debian/patches/systemd_socket_requires.patch fcgiwrap-1.1.0/debian/patches/systemd_socket_requires.patch --- fcgiwrap-1.1.0/debian/patches/systemd_socket_requires.patch 1970-01-01 01:00:00.0 +0100 +++ fcgiwrap-1.1.0/debian/patches/systemd_socket_requires.patch 2015-04-01 09:46:09.0 +0200 @@ -0,0 +1,18 @@ +Author: Jordi Mallach +Description: Require fcgiwrap.socket in fcgiwrap.service. + To ensure the socket is created on installation, make + fcgiwrap.service Require fcgiwrap.socket. +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781524 + +Index: fcgiwrap-1.1.0/systemd/fcgiwrap.service +=== +--- fcgiwrap-1.1.0.orig/systemd/fcgiwrap.service fcgiwrap-1.1.0/systemd/fcgiwrap.service +@@ -1,6 +1,7 @@ + [Unit] + Description=Simple CGI Server + After=nss-user-lookup.target ++Requires=fcgiwrap.socket + + [Service] + ExecStart=/usr/sbin/fcgiwrap -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- On Wed, 2015-04-01 at 10:03 +0200, Jordi Mallach wrote: > Please unblock package fcgiwrap > > The following minimal one-liner change fixes a very recently filed RC bug. Unblocked, thanks. Regards, Adam--- End Message ---
Bug#781579: marked as done (unblock (pre-approval): postgis/2.1.4+dfsg-3)
Your message dated Wed, 01 Apr 2015 19:41:09 +0100
with message-id <1427913669.1708.47.ca...@adam-barratt.org.uk>
and subject line Re: Bug#781579: unblock (pre-approval): postgis/2.1.4+dfsg-3
has caused the Debian Bug report #781579,
regarding unblock (pre-approval): postgis/2.1.4+dfsg-3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
781579: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781579
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-CC: pkg-grass-de...@lists.alioth.debian.org
Dear Release Team,
I would like to upload postgis-2.1.4+dfsg-3 for jessie via unstable.
This applies a minimally invasive upstream patch to fix a security issue.
Upstream keeps the issue classified, see
http://trac.osgeo.org/postgis/ticket/3094. AFAIUI a possible DoS is
prevented by properly checking JSON input data. Note that the mentioned
backend crash effectively means the database will terminate all pending
connections, roll back transactions, shut down and go through the usual
recovery procedures. Being able to trigger that process just by feeding
invalid GeoJSON data (e.g. via a web service) can certainly be
considered an effective DoS-Attack.
The debdiff is attached.
Kind Regards
Markus Wanner
diff -Nru postgis-2.1.4+dfsg/debian/changelog postgis-2.1.4+dfsg/debian/changelog
--- postgis-2.1.4+dfsg/debian/changelog 2014-10-16 10:37:58.0 +0200
+++ postgis-2.1.4+dfsg/debian/changelog 2015-03-31 08:06:43.0 +0200
@@ -1,3 +1,11 @@
+postgis (2.1.4+dfsg-3) unstable; urgency=high
+
+ * Add patch geojson-fix-3094.patch, back-ported from the 2.1.7 release,
+to fix a crash of the database backend process when given invalid
+GeoJSON data.
+
+ -- Markus Wanner Mon, 30 Mar 2015 19:40:22 +0200
+
postgis (2.1.4+dfsg-2) unstable; urgency=medium
* Add Dutch translation by Frans Spiesschaert. Closes: #765409.
diff -Nru postgis-2.1.4+dfsg/debian/patches/geojson-fix-3094.patch postgis-2.1.4+dfsg/debian/patches/geojson-fix-3094.patch
--- postgis-2.1.4+dfsg/debian/patches/geojson-fix-3094.patch 1970-01-01 01:00:00.0 +0100
+++ postgis-2.1.4+dfsg/debian/patches/geojson-fix-3094.patch 2015-03-31 08:06:43.0 +0200
@@ -0,0 +1,77 @@
+Description: Fix for GeoJSON ingestion
+ Malformed JSON data used to crash the database backend process and
+ especially web services use to pass on such JSON data unexamined.
+Forwarded: not-needed
+Bug: http://trac.osgeo.org/postgis/ticket/3094
+Origin: upstream, http://trac.osgeo.org/postgis/changeset/13400
+Author: Paul Ramsey
+
+--- a/liblwgeom/lwin_geojson.c
b/liblwgeom/lwin_geojson.c
+@@ -59,7 +59,11 @@
+
+ if( NULL != json_object_get_object(poTmp) )
+ {
+- assert( NULL != json_object_get_object(poTmp)->head );
++ if( NULL == json_object_get_object(poTmp)->head )
++ {
++ geojson_lwerror("invalid GeoJSON representation", 2);
++ return NULL;
++ }
+
+ for( it.entry = json_object_get_object(poTmp)->head;
+ ( it.entry ?
+@@ -90,7 +94,12 @@
+ const int nSize = json_object_array_length( poObj );
+ LWDEBUGF(3, "parse_geojson_coord called for array size %d.", nSize );
+
+-
++ if ( nSize < 2 )
++ {
++ geojson_lwerror("Too few ordinates in GeoJSON", 4);
++ return LW_FAILURE;
++ }
++
+ // Read X coordinate
+ poObjCoord = json_object_array_get_idx( poObj, 0 );
+ pt.x = json_object_get_double( poObjCoord );
+@@ -101,7 +110,7 @@
+ pt.y = json_object_get_double( poObjCoord );
+ LWDEBUGF(3, "parse_geojson_coord pt.y = %f.", pt.y );
+
+- if( nSize == 3 ) /* should this be >= 3 ? */
++ if( nSize < 2 ) /* should this be >= 3 ? */
+ {
+ // Read Z coordinate
+ poObjCoord = json_object_array_get_idx( poObj, 2 );
+@@ -109,19 +118,27 @@
+ LWDEBUGF(3, "parse_geojson_coord pt.z = %f.", pt.z );
+ *hasz = LW_TRUE;
+ }
+- else
++ else if ( nSize == 2 )
+ {
+ *hasz = LW_FALSE;
+ /* Initialize Z coordinate, if required */
+ if ( FLAGS_GET_Z(pa->flags) ) pt.z = 0.0;
+ }
+-
+- /* TODO: should we account for nSize > 3 ? */
++ else
++ {
++ /* TODO: should we account for nSize > 3 ? */
++ /* more than 3 coordinates, we're just dropping dimensions here... */
++ }
+
+ /* Initialize M coordinate, if required */
+ if ( FLAGS_GET_M(pa->flags) ) pt.m = 0.0;
+
+ }
++ else
++ {
++ /* If it's not an array, just don't handle it */
++ return LW_FAILURE;
++ }
+
+ return ptarray_append_point(pa, &pt, LW_FALSE);
+ }
diff -Nru postgis-2.1.4+dfsg/debian/patches/serie
Bug#781653: marked as done (unblock: libdbd-firebird-perl/1.18-2)
Your message dated Wed, 01 Apr 2015 19:39:36 +0100
with message-id <1427913576.1708.46.ca...@adam-barratt.org.uk>
and subject line Re: Bug#781653: unblock: libdbd-firebird-perl/1.18-2
has caused the Debian Bug report #781653,
regarding unblock: libdbd-firebird-perl/1.18-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
781653: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781653
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package libdbd-firebird-perl
libdbd-firebird-perl (1.18-2) unstable; urgency=high
* High urgency for security fixes
[ Salvatore Bonaccorso ]
* Update Vcs-Browser URL to cgit web frontend
[ Damyan Ivanov ]
* Add patch from Stefan Roas fixing potential buffer overflow in certain
error conditions (CVE-2015-2788)
(Closes: #780925)
* add patch from upstream Git replacing all sprintf usage with snprintf
-- Damyan Ivanov Wed, 01 Apr 2015 08:43:03 +
I have reviewed the first patch, and authored the second one upstream and am
confident they don't break anything.
Full source diff attached.
unblock libdbd-firebird-perl/1.18-2
TIA,
dam
diff -Nru libdbd-firebird-perl-1.18/debian/changelog libdbd-firebird-perl-1.18/debian/changelog
--- libdbd-firebird-perl-1.18/debian/changelog 2014-04-03 08:26:49.0 +0300
+++ libdbd-firebird-perl-1.18/debian/changelog 2015-04-01 11:46:26.0 +0300
@@ -1,3 +1,18 @@
+libdbd-firebird-perl (1.18-2) unstable; urgency=high
+
+ * High urgency for security fixes
+
+ [ Salvatore Bonaccorso ]
+ * Update Vcs-Browser URL to cgit web frontend
+
+ [ Damyan Ivanov ]
+ * Add patch from Stefan Roas fixing potential buffer overflow in certain
+error conditions (CVE-2015-2788)
+(Closes: #780925)
+ * add patch from upstream Git replacing all sprintf usage with snprintf
+
+ -- Damyan Ivanov Wed, 01 Apr 2015 08:43:03 +
+
libdbd-firebird-perl (1.18-1) unstable; urgency=medium
[ gregor herrmann ]
diff -Nru libdbd-firebird-perl-1.18/debian/control libdbd-firebird-perl-1.18/debian/control
--- libdbd-firebird-perl-1.18/debian/control 2014-03-04 12:36:13.0 +0200
+++ libdbd-firebird-perl-1.18/debian/control 2015-04-01 11:41:53.0 +0300
@@ -12,7 +12,7 @@
libtest-exception-perl (>= 0.31),
perl
Standards-Version: 3.9.5
-Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libdbd-firebird-perl.git
+Vcs-Browser: https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-firebird-perl.git
Vcs-Git: git://anonscm.debian.org/pkg-perl/packages/libdbd-firebird-perl.git
Homepage: https://metacpan.org/release/DBD-Firebird
diff -Nru libdbd-firebird-perl-1.18/debian/patches/dbdimp-780925-buf-overflow.patch libdbd-firebird-perl-1.18/debian/patches/dbdimp-780925-buf-overflow.patch
--- libdbd-firebird-perl-1.18/debian/patches/dbdimp-780925-buf-overflow.patch 1970-01-01 02:00:00.0 +0200
+++ libdbd-firebird-perl-1.18/debian/patches/dbdimp-780925-buf-overflow.patch 2015-04-01 11:41:53.0 +0300
@@ -0,0 +1,72 @@
+Bug-Debian: https://bugs.debian.org/780925
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libdbd-firebird-perl/+bug/1431867
+Acked-By: Damyan Ivanov
+From: Stefan Roas
+Subject: [Dbd-firebird-devel] Buffer Overflow in dbdimp.c
+To: dbd-firebird-de...@lists.alioth.debian.org
+Date: Fri, 13 Mar 2015 17:36:31 +0100
+
+Hi there,
+
+I found a buffer overflow in dbdimp.c. Error messages in dbdimp.c use
+sprintf to a fix-sized buffer that (quite likely in two cases) might be
+too small to hold the final result.
+
+Attached you find a patch that solves the problem by increasing the size
+of the buffer to a value that should be large enough for every
+conceivable input given the conversion specification and additionally
+use snprintf() instead of sprintf(). As snprintf() is already used
+somewhere else in dbdimp.c I figure there are no portability issues
+involved.
+
+I did not check the other uses of sprintf, although it might be
+worthwhile to do so as a quick check found other locations where a
+fix-sized buffer is involved.
+
+Best regards,
+ Stefan
+
+--- a/dbdimp.c
b/dbdimp.c
+@@ -21,6 +21,8 @@
+
+ DBISTATE_DECLARE;
+
++#define ERRBUFSIZE 255
++
+ #define IB_SQLtimeformat(xxh, format, sv) \
+ do { \
+ STRLEN len; \
+@@ -2237,8 +2239,8 @@ sta
Bug#781687: marked as done (unblock: ghc/7.8.3-21)
Your message dated Wed, 01 Apr 2015 19:37:00 +0100
with message-id <1427913420.1708.45.ca...@adam-barratt.org.uk>
and subject line Re: Bug#781687: unblock: ghc/7.8.3-21
has caused the Debian Bug report #781687,
regarding unblock: ghc/7.8.3-21
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
781687: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781687
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Please unblock package ghc
it seems that the 7.8.3-20 upload was not sufficent to fix the upgrade
problem, which came back as http://bugs.debian.org/781649. Andreas
Beckmann suggested a fix (adding Breaks: ghc-doc (<< 7.8.3-20~) to
ghc-haddock), and if I have used piuparts correctly¹, this does indeed
fix the problem.
Debdiff attached. The debian/watch fix happend to be the our packaging
VCS, so I included it, as having a non-working watch files in stable
helps noone.
unblock ghc/7.8.3-21
Thanks,
Joachim
¹ piuparts -d stable -d testing --apt ghc-doc libghc-authenticate-{doc,dev}
-m http://ftp.scc.kit.edu/pub/debian --install-recommends
--testdebs-repo=/tmp/foo --distupgrade-to-testdebs --bindmount /tmp/foo/ -b
/tmp/piuparts-chroot --do-not-verify-signatures
with the newly built .debs in /tmp/foo. First and only error is:
4m3.2s ERROR: FAIL: After purging files have been modified:
/usr/lib/dbus-1.0/dbus-daemon-launch-helper owned by: dbus
4m3.4s ERROR: FAIL: Upgrading between Debian distributions.
4m3.4s ERROR: piuparts run ends.
- -- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAlUcEXMACgkQ9ijrk0dDIGzDAACfSsBMljy9lfpiQxSE57k7mDGa
H9QAn3/QQNf1w4/fvwDeiULW8tCvGS2r
=Zq7i
-END PGP SIGNATURE-
diff -Nru ghc-7.6.3/debian/changelog ghc-7.6.3/debian/changelog
--- ghc-7.6.3/debian/changelog 2014-11-23 11:20:59.0 +0100
+++ ghc-7.6.3/debian/changelog 2015-04-01 16:43:47.0 +0200
@@ -1,6 +1,14 @@
+ghc (7.6.3-21) unstable; urgency=medium
+
+ * Fix watch file.
+ * Let ghc-haddock break on ghc-doc (<< 7.6.3-20~). If I used piuparts
+correctly, this finally closes: #781649.
+
+ -- Joachim Breitner Wed, 01 Apr 2015 13:35:10 +0200
+
ghc (7.6.3-20) unstable; urgency=medium
- * Mark all triggers -noawait. Possibly Closes: #769554
+ * Mark all triggers -noawait. Possibly Closes: #769554
-- Joachim Breitner Sun, 23 Nov 2014 11:20:59 +0100
diff -Nru ghc-7.6.3/debian/control ghc-7.6.3/debian/control
--- ghc-7.6.3/debian/control 2014-11-23 11:20:35.0 +0100
+++ ghc-7.6.3/debian/control 2015-04-01 13:34:21.0 +0200
@@ -110,6 +110,7 @@
Provides: haddock, ${haddock:Provides}
Conflicts: haddock
Depends: ghc (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends}
+Breaks: ghc-doc (<< 7.6.3-20~)
Homepage: http://www.haskell.org/haddock/
Description: Documentation tool for annotated Haskell source code
Haddock is a tool for automatically generating documentation from
diff -Nru ghc-7.6.3/debian/watch ghc-7.6.3/debian/watch
--- ghc-7.6.3/debian/watch 2014-04-13 10:47:07.0 +0200
+++ ghc-7.6.3/debian/watch 2015-04-01 13:33:50.0 +0200
@@ -1,2 +1,2 @@
version=3
-http://haskell.org/ghc/dist/([\d.]+)/ghc-([\d.]+)-src.tar.bz2
+http://downloads.haskell.org/~ghc/(\d[\d.]*)/ghc-(\d[\d.]*)-src.tar.bz2
--- End Message ---
--- Begin Message ---
On Wed, 2015-04-01 at 17:40 +0200, Joachim Breitner wrote:
> Please unblock package ghc
>
> it seems that the 7.8.3-20 upload was not sufficent to fix the upgrade
> problem, which came back as http://bugs.debian.org/781649. Andreas
> Beckmann suggested a fix (adding Breaks: ghc-doc (<< 7.8.3-20~) to
> ghc-haddock), and if I have used piuparts correctly¹, this does indeed
> fix the problem.
[...]
> unblock ghc/7.8.3-21
Unblocked 7.6.3-21, which is what I assume you meant. :-)
Regards,
Adam--- End Message ---
Hints for d-i jessie RC3, part 1
Hi people, here's a first round of unblock/unblock-udeb hints for the upcoming d-i jessie RC3. Don't hesitate to ask questions if anything looks fishy. Please note that some are just unblock (installation-guide) or just unblock-udeb (systemd) and that doesn't count as fishy (despite `date`). # l10n only: unblock apt-setup/1:0.95 unblock-udeb apt-setup/1:0.95 # l10n only: unblock console-setup/1.120 unblock-udeb console-setup/1.120 # l10n only: unblock grub-installer/1.114 unblock-udeb grub-installer/1.114 # UEFI quirks: unblock grub2/2.02~beta2-22 unblock-udeb grub2/2.02~beta2-22 # doc: unblock installation-guide/20150323 # not directly exposed through "regular" d-i, so no objections: unblock-udeb ltsp/5.5.4-4 # stateful IPv6 addressing: unblock netcfg/1.131 unblock-udeb netcfg/1.131 # l10n only: unblock partman-basicfilesystems/111 unblock-udeb partman-basicfilesystems/111 # l10n only: unblock partman-crypto/79 unblock-udeb partman-crypto/79 # l10n only: unblock partman-iscsi/35 unblock-udeb partman-iscsi/35 # l10n only: unblock partman-lvm/106 unblock-udeb partman-lvm/106 # l10n only: unblock partman-zfs/44 unblock-udeb partman-zfs/44 # l10n only: unblock rescue/1.50 unblock-udeb rescue/1.50 # not reviewed thoroughly, but I like what it says on the changebox: unblock-udeb systemd/215-14 # l10n only: unblock tzsetup/1:0.65 unblock-udeb tzsetup/1:0.65 Thanks for your time. Mraw, KiBi. signature.asc Description: Digital signature
Bug#781637: marked as done (unblock: apt-build/0.12.45)
Your message dated Wed, 01 Apr 2015 19:24:50 +0200
with message-id <551c29e2.7080...@thykier.net>
and subject line Re: Bug#781637: unblock: apt-build/0.12.45
has caused the Debian Bug report #781637,
regarding unblock: apt-build/0.12.45
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
781637: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781637
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Dear Release Team,
I just did a QA upload of apt-build/0.12.45.
The upload fixes https://bugs.debian.org/659015 which recently has
been bumped to RC severity.
>From the changelog entry:
* Use per-repo "deb [trusted=yes] ..." instead of global "-o
Apt::Get::AllowUnauthenticated=true". (Closes: #659015)
This required multiple changes:
+ Bump versioned apt dependency to 0.8.16~exp3 for trusted=yes
the option trusted=yes in sources.list files has been introduced with
this apt version, hence apt-build won't work with earlier versions
anymore.
+ Automatically add [trusted=yes] to existing generated file
/etc/apt/sources.list.d/apt-build.list in postinst.
First tests showed that the obvious way to fix it only fixes it for
new installations of apt-build, but with an upgrade, -o
Apt::Get::AllowUnauthenticated=true is no more used, but [trusted=yes]
has not been added. So an additional sed call was needed in postinst.
+ Use "grep -F" instead of "grep" to search for the whole "deb" line
in postinst to avoid the brackets around trusted=yes being parsed as
character class.
Previous postinst used plain grep to check for existing apt-build
sources.list entries. But since the new sources.list entry contains
square brackets, "grep -F" instead of "grep" is required.
* Update Vcs-* URLs to current canonical forms and use collab-maint
repository instead of the apt-build project one's while being under QA
maintenance to allow write access to all DDs.
I left the original Vcs-* headers in there as comments, but since
neither me nor most QA uploads doing DDs have write-permissions to the
apt-build project's Git repository and I didn't want to stop using a
Vcs, I created a copy of the original repo under collab-maint and let
the Vcs-* headers point there -- with the current canonical forms.
Full source debdiff:
diff -Nru apt-build-0.12.44/apt-build apt-build-0.12.45/apt-build
--- apt-build-0.12.44/apt-build 2012-04-11 23:11:12.0 +0200
+++ apt-build-0.12.45/apt-build 2015-04-01 00:28:20.0 +0200
@@ -582,8 +582,7 @@
if(@pkgs && !($conf->build_only))
{
update() if $conf->update;
- system($conf->apt_get . " -t apt-build @apt_args \\
--o Apt::Get::AllowUnauthenticated=true install @pkglist");
+ system($conf->apt_get . " -t apt-build @apt_args install @pkglist");
wait;
}
return 1;
diff -Nru apt-build-0.12.44/debian/changelog apt-build-0.12.45/debian/changelog
--- apt-build-0.12.44/debian/changelog 2012-11-27 18:43:26.0 +0100
+++ apt-build-0.12.45/debian/changelog 2015-04-01 02:56:35.0 +0200
@@ -1,3 +1,20 @@
+apt-build (0.12.45) unstable; urgency=medium
+
+ * QA upload
+ * Use per-repo "deb [trusted=yes] ..." instead of global "-o
+Apt::Get::AllowUnauthenticated=true". (Closes: #659015)
++ Bump versioned apt dependency to 0.8.16~exp3 for trusted=yes
++ Automatically add [trusted=yes] to existing generated file
+ /etc/apt/sources.list.d/apt-build.list in postinst.
++ Use "grep -F" instead of "grep" to search for the whole "deb" line
+ in postinst to avoid the brackets around trusted=yes being parsed as
+ character class.
+ * Update Vcs-* URLs to current canonical forms and use collab-maint
+repository instead of the apt-build project one's while being under QA
+maintenance to allow write access to all DDs.
+
+ -- Axel Beckert Wed, 01 Apr 2015 02:42:19 +0200
+
apt-build (0.12.44) unstable; urgency=low
* QA upload.
diff -Nru apt-build-0.12.44/debian/config apt-build-0.12.45/debian/config
--- apt-build-0.12.44/debian/config 2012-10-15 23:46:03.0 +0200
+++ apt-build-0.12.45/debian/config 2015-04-01 00:28:20.0 +0200
@@ -88,7 +88,7 @@
# run loop to prevent errors if some sources does not exist
for source in "$sourceslist" "$sourcesparts"*.list ; do
if [ -e "$source" ] ; then
- if grep -Eq "^[[:space:]]*deb file:$repository_dir apt-build main"
"$source" ; then
+ if grep -Eq "^[[:space:]]*deb \[trusted=
Processed: Re: Bug#780465: jessie-pu: package glibc/2.19-17
Processing control commands: > tag -1 confirmed Bug #780465 [release.debian.org] unblock: glibc/2.19-17 Added tag(s) confirmed. -- 780465: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780465 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b780465.142790855531467.transcr...@bugs.debian.org
Bug#780465: jessie-pu: package glibc/2.19-17
Control: tag -1 confirmed Niels Thykier (2015-03-14): > Thanks for fixing one of the remaining Jessie blockers. :) I have > unblocked it from the RT side and am CC'ing KiBi for a d-i ack. No objections, thanks. Mraw, KiBi. signature.asc Description: Digital signature
Bug#781163: unblock (pre-approved): util-linux/2.25.2-5.1
Control: tag -1 confirmed Niels Thykier (2015-03-30): > I have unblocked this now and am CC'ing KiBi for a d-i ack. I am also > quoting in full for his convenience. No objections, thanks. Mraw, KiBi. signature.asc Description: Digital signature
Processed: Re: Bug#781163: unblock (pre-approved): util-linux/2.25.2-5.1
Processing control commands: > tag -1 confirmed Bug #781163 [release.debian.org] unblock (pre-approved): util-linux/2.25.2-6 Ignoring request to alter tags of bug #781163 to the same tags previously set -- 781163: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781163 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b781163.142790836430598.transcr...@bugs.debian.org
Bug#781687: unblock: ghc/7.8.3-21
versions messed up? 7.6.3 vs. 7.8.3? On 2015-04-01 17:40, Joachim Breitner wrote: > Beckmann suggested a fix (adding Breaks: ghc-doc (<< 7.8.3-20~) to > ghc-haddock), and if I have used piuparts correctly¹, this does indeed > fix the problem. Command line looks good, especially if you could reproduce the bug without the testdebs-repo > unblock ghc/7.8.3-21 > 4m3.2s ERROR: FAIL: After purging files have been modified: > /usr/lib/dbus-1.0/dbus-daemon-launch-helperowned by: dbus > 4m3.4s ERROR: FAIL: Upgrading between Debian distributions. > 4m3.4s ERROR: piuparts run ends. I think I use '-i /usr/lib/dbus-1.0/dbus-daemon-launch-helper' there ... > +ghc (7.6.3-21) unstable; urgency=medium > + * Let ghc-haddock break on ghc-doc (<< 7.6.3-20~). If I used piuparts > diff -Nru ghc-7.6.3/debian/control ghc-7.6.3/debian/control > +Breaks: ghc-doc (<< 7.6.3-20~) -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/551c1db8.4060...@debian.org
Bug#781687: unblock: ghc/7.8.3-21
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Please unblock package ghc
it seems that the 7.8.3-20 upload was not sufficent to fix the upgrade
problem, which came back as http://bugs.debian.org/781649. Andreas
Beckmann suggested a fix (adding Breaks: ghc-doc (<< 7.8.3-20~) to
ghc-haddock), and if I have used piuparts correctly¹, this does indeed
fix the problem.
Debdiff attached. The debian/watch fix happend to be the our packaging
VCS, so I included it, as having a non-working watch files in stable
helps noone.
unblock ghc/7.8.3-21
Thanks,
Joachim
¹ piuparts -d stable -d testing --apt ghc-doc libghc-authenticate-{doc,dev}
-m http://ftp.scc.kit.edu/pub/debian --install-recommends
--testdebs-repo=/tmp/foo --distupgrade-to-testdebs --bindmount /tmp/foo/ -b
/tmp/piuparts-chroot --do-not-verify-signatures
with the newly built .debs in /tmp/foo. First and only error is:
4m3.2s ERROR: FAIL: After purging files have been modified:
/usr/lib/dbus-1.0/dbus-daemon-launch-helper owned by: dbus
4m3.4s ERROR: FAIL: Upgrading between Debian distributions.
4m3.4s ERROR: piuparts run ends.
- -- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAlUcEXMACgkQ9ijrk0dDIGzDAACfSsBMljy9lfpiQxSE57k7mDGa
H9QAn3/QQNf1w4/fvwDeiULW8tCvGS2r
=Zq7i
-END PGP SIGNATURE-
diff -Nru ghc-7.6.3/debian/changelog ghc-7.6.3/debian/changelog
--- ghc-7.6.3/debian/changelog 2014-11-23 11:20:59.0 +0100
+++ ghc-7.6.3/debian/changelog 2015-04-01 16:43:47.0 +0200
@@ -1,6 +1,14 @@
+ghc (7.6.3-21) unstable; urgency=medium
+
+ * Fix watch file.
+ * Let ghc-haddock break on ghc-doc (<< 7.6.3-20~). If I used piuparts
+correctly, this finally closes: #781649.
+
+ -- Joachim Breitner Wed, 01 Apr 2015 13:35:10 +0200
+
ghc (7.6.3-20) unstable; urgency=medium
- * Mark all triggers -noawait. Possibly Closes: #769554
+ * Mark all triggers -noawait. Possibly Closes: #769554
-- Joachim Breitner Sun, 23 Nov 2014 11:20:59 +0100
diff -Nru ghc-7.6.3/debian/control ghc-7.6.3/debian/control
--- ghc-7.6.3/debian/control 2014-11-23 11:20:35.0 +0100
+++ ghc-7.6.3/debian/control 2015-04-01 13:34:21.0 +0200
@@ -110,6 +110,7 @@
Provides: haddock, ${haddock:Provides}
Conflicts: haddock
Depends: ghc (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends}
+Breaks: ghc-doc (<< 7.6.3-20~)
Homepage: http://www.haskell.org/haddock/
Description: Documentation tool for annotated Haskell source code
Haddock is a tool for automatically generating documentation from
diff -Nru ghc-7.6.3/debian/watch ghc-7.6.3/debian/watch
--- ghc-7.6.3/debian/watch 2014-04-13 10:47:07.0 +0200
+++ ghc-7.6.3/debian/watch 2015-04-01 13:33:50.0 +0200
@@ -1,2 +1,2 @@
version=3
-http://haskell.org/ghc/dist/([\d.]+)/ghc-([\d.]+)-src.tar.bz2
+http://downloads.haskell.org/~ghc/(\d[\d.]*)/ghc-(\d[\d.]*)-src.tar.bz2
Bug#781662: unblock: debian-gis/0.0.4
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package debian-gis
According to previous discussion about Blends metapackages[1] I'd like
you to unblock debian-gis 0.0.4. I simply rerendered the status of
the current debian-gis package (0.0.3) in testing by blends-dev which
excluded several packages from Recommends (and moved them to suggests as
blends-dev does with packages it can not found in the target release).
See the attached debdiff of mostly auto-generated files.
Thanks for working on the Debian release
Andreas.
[1] https://lists.debian.org/debian-release/2014/11/msg01092.html
(include/attach the debdiff against the package in testing)
unblock debian-gis/0.0.4
-- System Information:
Debian Release: 7.8
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru debian-gis-0.0.3/debian/changelog debian-gis-0.0.4/debian/changelog
--- debian-gis-0.0.3/debian/changelog 2014-10-27 07:24:04.0 +0100
+++ debian-gis-0.0.4/debian/changelog 2015-04-01 13:26:36.0 +0200
@@ -1,3 +1,9 @@
+debian-gis (0.0.4) unstable; urgency=medium
+
+ * Rerender Debian GIS metapackages to reflect Jessie package pool.
+
+ -- Andreas Tille Wed, 01 Apr 2015 11:59:03 +0200
+
debian-gis (0.0.3) unstable; urgency=low
[ Andreas Tille ]
diff -Nru debian-gis-0.0.3/debian/control debian-gis-0.0.4/debian/control
--- debian-gis-0.0.3/debian/control 2014-10-27 07:24:04.0 +0100
+++ debian-gis-0.0.4/debian/control 2015-04-01 13:26:36.0 +0200
@@ -123,7 +123,6 @@
gpsbabel,
gpsd,
gpsd-clients,
- gpsdrive,
gpsman,
gpstrans,
gpx2shp,
@@ -137,6 +136,7 @@
qmapshack
Suggests: gpscorrelate,
gpscorrelate-gui,
+ gpsdrive,
navit-graphics-gtk-drawing-area | navit-graphics-qt-qpainter,
qlandkartegt-garmin
Description: GPS related programs
@@ -151,7 +151,6 @@
gir1.2-osmgpsmap-1.0,
gosmore,
gpsprune,
- gpxviewer,
imposm,
jmapviewer,
josm,
@@ -168,7 +167,6 @@
osmctools,
osmjs,
osmosis,
- osmosis-plugin-borderextract,
osmpbf-bin,
python-imposm-parser,
qlandkartegt,
@@ -183,6 +181,7 @@
gebabbel,
gpscorrelate,
gpscorrelate-gui,
+ gpxviewer,
josm-plugins,
libmemphis-0.2-dev,
libmemphis-doc,
@@ -192,6 +191,7 @@
openstreetmap-carto,
openstreetmap-map-icons-classic | openstreetmap-map-icons-scalable | openstreetmap-map-icons-square,
osmembrane,
+ osmosis-plugin-borderextract,
osrm,
osrm-tools,
qmapcontrol,
@@ -207,7 +207,6 @@
Architecture: all
Depends: gis-tasks (= ${binary:Version})
Recommends: dans-gdal-scripts,
- doris,
gdal-bin,
libepr-api2-dev,
libgdal-dev,
@@ -221,11 +220,11 @@
python-pycoast,
python-pykdtree,
python-pyorbital,
- python-pyresample,
- snaphu
+ python-pyresample
Suggests: adore-doris,
best,
bestgui,
+ doris,
eolisa,
getorb,
giant,
@@ -247,6 +246,7 @@
pyaps,
python-bufr,
roipac,
+ snaphu,
varres
Description: Remote sensing and earth observation
Debian packages which are dealing with Remote Sensing (for instance
@@ -290,14 +290,14 @@
tilecache,
tilelite,
tilestache,
- tinyows,
twms
Suggests: mapcache-cgi,
musmap,
pycsw-cgi,
python-pycsw,
pywps,
- tilemill
+ tilemill,
+ tinyows
Description: Present geographic information via web map server
Debian packages which are dealing with geographical information
to be presented for the web on so called map tile servers. These
@@ -328,7 +328,6 @@
libgeo-point-perl,
libgeographic-dev,
libgeos-c1,
- libgeotiff-epsg,
libjts-java,
liblas-bin,
libshp-dev,
@@ -364,6 +363,7 @@
libgdal1-1.10.1-grass,
libgdal1-1.11.1-grass,
libgeo-proj4-perl,
+ libgeotiff-epsg,
libkml-java,
libspatialite3,
mapnik-viewer,
diff -Nru debian-gis-0.0.3/debian-gis-tasks.desc debian-gis-0.0.4/debian-gis-tasks.desc
--- debian-gis-0.0.3/debian-gis-tasks.desc 2014-10-27 07:24:04.0 +0100
+++ debian-gis-0.0.4/debian-gis-tasks.desc 2015-04-01 13:26:36.0 +0200
@@ -104,7 +104,6 @@
gpsbabel
gpx2shp
gpsd
- gpsdrive
gpsman
gpstrans
gpsd-clients
@@ -137,12 +136,10 @@
mkgmapgui
osm2pgsql
osmosis
- osmosis-plugin-borderextract
imposm
osmpbf-bin
python-imposm-parser
gpsprune
- gpxviewer
libgeo-osm-tiles-perl
routino
qlandkartegt
@@ -180,8 +177,6 @@
libossim1
libossim-dev
dans-gdal-scripts
- doris
- snaphu
python-pyresample
python-pykdtree
python-pyorbital
@@ -226,7 +221,6 @@
mapserver-bin
cgi-mapserver
python-mapscript
- tinyows
routino-www
mapcache-tools
libapache2-mod-mapcache
@@ -275,7 +269,6 @@
libjts-java
libgeo-point-perl
geotiff-bin
- libgeotiff-epsg
liblas-bin
rasterlite-bin
osgearth
diff -Nru debian-gis-0.0.3/dependency_data/debian-gis_0.0.4.json debian-gis-0.0.4/dependency_data/debian-gis_0.0.4.json
--- debian-gis
Bug#781653: unblock: libdbd-firebird-perl/1.18-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package libdbd-firebird-perl
libdbd-firebird-perl (1.18-2) unstable; urgency=high
* High urgency for security fixes
[ Salvatore Bonaccorso ]
* Update Vcs-Browser URL to cgit web frontend
[ Damyan Ivanov ]
* Add patch from Stefan Roas fixing potential buffer overflow in certain
error conditions (CVE-2015-2788)
(Closes: #780925)
* add patch from upstream Git replacing all sprintf usage with snprintf
-- Damyan Ivanov Wed, 01 Apr 2015 08:43:03 +
I have reviewed the first patch, and authored the second one upstream and am
confident they don't break anything.
Full source diff attached.
unblock libdbd-firebird-perl/1.18-2
TIA,
dam
diff -Nru libdbd-firebird-perl-1.18/debian/changelog libdbd-firebird-perl-1.18/debian/changelog
--- libdbd-firebird-perl-1.18/debian/changelog 2014-04-03 08:26:49.0 +0300
+++ libdbd-firebird-perl-1.18/debian/changelog 2015-04-01 11:46:26.0 +0300
@@ -1,3 +1,18 @@
+libdbd-firebird-perl (1.18-2) unstable; urgency=high
+
+ * High urgency for security fixes
+
+ [ Salvatore Bonaccorso ]
+ * Update Vcs-Browser URL to cgit web frontend
+
+ [ Damyan Ivanov ]
+ * Add patch from Stefan Roas fixing potential buffer overflow in certain
+error conditions (CVE-2015-2788)
+(Closes: #780925)
+ * add patch from upstream Git replacing all sprintf usage with snprintf
+
+ -- Damyan Ivanov Wed, 01 Apr 2015 08:43:03 +
+
libdbd-firebird-perl (1.18-1) unstable; urgency=medium
[ gregor herrmann ]
diff -Nru libdbd-firebird-perl-1.18/debian/control libdbd-firebird-perl-1.18/debian/control
--- libdbd-firebird-perl-1.18/debian/control 2014-03-04 12:36:13.0 +0200
+++ libdbd-firebird-perl-1.18/debian/control 2015-04-01 11:41:53.0 +0300
@@ -12,7 +12,7 @@
libtest-exception-perl (>= 0.31),
perl
Standards-Version: 3.9.5
-Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libdbd-firebird-perl.git
+Vcs-Browser: https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-firebird-perl.git
Vcs-Git: git://anonscm.debian.org/pkg-perl/packages/libdbd-firebird-perl.git
Homepage: https://metacpan.org/release/DBD-Firebird
diff -Nru libdbd-firebird-perl-1.18/debian/patches/dbdimp-780925-buf-overflow.patch libdbd-firebird-perl-1.18/debian/patches/dbdimp-780925-buf-overflow.patch
--- libdbd-firebird-perl-1.18/debian/patches/dbdimp-780925-buf-overflow.patch 1970-01-01 02:00:00.0 +0200
+++ libdbd-firebird-perl-1.18/debian/patches/dbdimp-780925-buf-overflow.patch 2015-04-01 11:41:53.0 +0300
@@ -0,0 +1,72 @@
+Bug-Debian: https://bugs.debian.org/780925
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libdbd-firebird-perl/+bug/1431867
+Acked-By: Damyan Ivanov
+From: Stefan Roas
+Subject: [Dbd-firebird-devel] Buffer Overflow in dbdimp.c
+To: dbd-firebird-de...@lists.alioth.debian.org
+Date: Fri, 13 Mar 2015 17:36:31 +0100
+
+Hi there,
+
+I found a buffer overflow in dbdimp.c. Error messages in dbdimp.c use
+sprintf to a fix-sized buffer that (quite likely in two cases) might be
+too small to hold the final result.
+
+Attached you find a patch that solves the problem by increasing the size
+of the buffer to a value that should be large enough for every
+conceivable input given the conversion specification and additionally
+use snprintf() instead of sprintf(). As snprintf() is already used
+somewhere else in dbdimp.c I figure there are no portability issues
+involved.
+
+I did not check the other uses of sprintf, although it might be
+worthwhile to do so as a quick check found other locations where a
+fix-sized buffer is involved.
+
+Best regards,
+ Stefan
+
+--- a/dbdimp.c
b/dbdimp.c
+@@ -21,6 +21,8 @@
+
+ DBISTATE_DECLARE;
+
++#define ERRBUFSIZE 255
++
+ #define IB_SQLtimeformat(xxh, format, sv) \
+ do { \
+ STRLEN len; \
+@@ -2237,8 +2239,8 @@ static int ib_fill_isqlda(SV *sth, imp_s
+ /*
+ * User passed an undef to a field that is not nullable.
+ */
+-char err[80];
+-sprintf(err, "You have not provided a value for non-nullable parameter #%d.", i);
++char err[ERRBUFSIZE];
++snprintf(err, sizeof(err), "You have not provided a value for non-nullable parameter #%d.", i);
+ do_error(sth, 1, err);
+ retval = FALSE;
+ return retval;
+@@ -2278,8 +2280,8 @@ static int ib_fill_isqlda(SV *sth, imp_s
+ string = SvPV(value, len);
+
+ if (len > ivar->sqllen) {
+-char err[80];
+-sprintf(err, "String truncation (SQL_VARYING): attempted to bind %lu octets to column sized %lu",
++char err[ERRBUFSIZE];
++
Bug#781579: unblock (pre-approval): postgis/2.1.4+dfsg-3
Control: tags -1 - moreinfo uploaded, it hit unstable, so please unblock postgis/2.1.4+dfsg-3 Thanks Markus Wanner signature.asc Description: OpenPGP digital signature
Processed: Re: Bug#781579: unblock (pre-approval): postgis/2.1.4+dfsg-3
Processing control commands: > tags -1 - moreinfo Bug #781579 [release.debian.org] unblock (pre-approval): postgis/2.1.4+dfsg-3 Removed tag(s) moreinfo. -- 781579: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781579 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b781579.14278823095731.transcr...@bugs.debian.org
Bug#781644: unblock: fcgiwrap/1.1.0-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package fcgiwrap The following minimal one-liner change fixes a very recently filed RC bug. unblock fcgiwrap/1.1.0-4 Patch follows: diff -Nru fcgiwrap-1.1.0/debian/changelog fcgiwrap-1.1.0/debian/changelog --- fcgiwrap-1.1.0/debian/changelog 2014-05-10 02:19:58.0 +0200 +++ fcgiwrap-1.1.0/debian/changelog 2015-04-01 09:57:05.0 +0200 @@ -1,3 +1,11 @@ +fcgiwrap (1.1.0-4) unstable; urgency=medium + + * Ensure the socket unit is started upon installation by making +fcgiwrap.service Require fcgiwrap.socket (closes: #781524). Thanks, +Michael Biebl! + + -- Jordi Mallach Wed, 01 Apr 2015 09:56:53 +0200 + fcgiwrap (1.1.0-3) unstable; urgency=medium * Ensure fcgiwrap.socket is enabled via dh-systemd (closes: #742439). diff -Nru fcgiwrap-1.1.0/debian/patches/series fcgiwrap-1.1.0/debian/patches/series --- fcgiwrap-1.1.0/debian/patches/series2014-01-02 11:37:31.0 +0100 +++ fcgiwrap-1.1.0/debian/patches/series2015-04-01 09:37:45.0 +0200 @@ -1,3 +1,4 @@ GIT-Add-p-path-option-to-restrict-scripts.patch fix_systemd.patch fix_mandir.patch +systemd_socket_requires.patch diff -Nru fcgiwrap-1.1.0/debian/patches/systemd_socket_requires.patch fcgiwrap-1.1.0/debian/patches/systemd_socket_requires.patch --- fcgiwrap-1.1.0/debian/patches/systemd_socket_requires.patch 1970-01-01 01:00:00.0 +0100 +++ fcgiwrap-1.1.0/debian/patches/systemd_socket_requires.patch 2015-04-01 09:46:09.0 +0200 @@ -0,0 +1,18 @@ +Author: Jordi Mallach +Description: Require fcgiwrap.socket in fcgiwrap.service. + To ensure the socket is created on installation, make + fcgiwrap.service Require fcgiwrap.socket. +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781524 + +Index: fcgiwrap-1.1.0/systemd/fcgiwrap.service +=== +--- fcgiwrap-1.1.0.orig/systemd/fcgiwrap.service fcgiwrap-1.1.0/systemd/fcgiwrap.service +@@ -1,6 +1,7 @@ + [Unit] + Description=Simple CGI Server + After=nss-user-lookup.target ++Requires=fcgiwrap.socket + + [Service] + ExecStart=/usr/sbin/fcgiwrap -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150401080317.25409.3199.reportbug@penyagolosa
Bug#781642: unblock: debian-games/1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package debian-games
According to previous discussion about Blends metapackages[1] I'd like
you to unblock debian-games 1. It is updated to reflect the package
pool after some packages were removed in the freeze process.
See the attached debdiff of mostly auto-generated files.
Thanks for working on the Debian release
Andreas.
[1] https://lists.debian.org/debian-release/2014/11/msg01092.html
(include/attach the debdiff against the package in testing)
unblock debian-games/1
-- System Information:
Debian Release: 7.8
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru debian-games-0.11/debian/changelog debian-games-1/debian/changelog
--- debian-games-0.11/debian/changelog 2014-10-24 14:05:58.0 +0200
+++ debian-games-1/debian/changelog 2015-04-01 09:38:48.0 +0200
@@ -1,3 +1,20 @@
+debian-games (1) unstable; urgency=medium
+
+ * Update debian/control and synchronize metapackages with current available
+packages in testing.
+ * c++-dev:
+- Recommend libopenscenegraph-dev.
+- Replace libjpeg8-dev with libjpeg-dev.
+- Drop crystalspace and libcrystalspace-dev because they are
+ RC buggy.
+ * chess:
+- Recommend chessx.
+ * card:
+- Only suggest jpoker because it depends on apache2 which is an undesired
+ dependency.
+
+ -- Markus Koschany Mon, 30 Mar 2015 18:06:50 +0200
+
debian-games (0.11) unstable; urgency=medium
* Declare compliance with Debian Policy 3.9.6.
diff -Nru debian-games-0.11/debian/control debian-games-1/debian/control
--- debian-games-0.11/debian/control 2014-10-24 14:05:58.0 +0200
+++ debian-games-1/debian/control 2015-04-01 09:38:48.0 +0200
@@ -227,6 +227,7 @@
grhino,
gtkatlantic,
gtkboard,
+ hachu,
hexxagon,
jester,
londonlaw,
@@ -265,7 +266,6 @@
xvier,
yics
Suggests: gnome-games,
- hachu,
kdegames,
ricochet
Description: Debian's board games
@@ -287,7 +287,6 @@
libcegui-mk2-dev,
libclanlib-dev,
libclaw-dev,
- libcrystalspace-dev,
libenet-dev,
libflatzebra-dev,
libfreetype6-dev,
@@ -297,13 +296,14 @@
libglfw3-dev,
libglu1-mesa-dev,
libirrlicht-dev,
- libjpeg8-dev,
+ libjpeg-dev,
libltdl-dev,
libode-dev,
libogg-dev,
libogre-1.9-dev,
libois-dev,
libopenal-dev,
+ libopenscenegraph-dev,
libphobos-4.9-dev,
libphysfs-dev,
libpng12-dev,
@@ -368,6 +368,7 @@
Depends: games-tasks (= ${binary:Version})
Recommends: 3dchess,
brutalchess,
+ chessx,
convert-pgn,
dreamchess,
eboard,
@@ -382,6 +383,7 @@
gnuchess,
gnuchess-book,
gnushogi,
+ hachu,
hoichess,
pgn-extract,
pgn2web,
@@ -400,7 +402,6 @@
yics
Suggests: emacs-chess,
gnome-games,
- hachu,
kdegames
Description: Debian's chess games
This metapackage will install chess games and helper tools.
@@ -576,6 +577,7 @@
neverputt,
nexuiz,
numptyphysics,
+ oolite,
open-invaders,
openarena,
openclonk,
@@ -619,7 +621,6 @@
widelands,
xboard,
xmoto
-Suggests: oolite
Description: Debian's finest games
This metapackage will install a selection of outstanding Debian games
representing almost all genres and styles. They were chosen based on multiple
@@ -683,6 +684,7 @@
micropolis,
nettoe,
numptyphysics,
+ oolite,
open-invaders,
openttd,
pacman,
@@ -719,7 +721,6 @@
widelands,
xboard,
xmoto
-Suggests: oolite
Description: Debian's finest games (light version)
This metapackage will install a selection of outstanding Debian games that are
suitable for low-end computers without hardware accelerated video cards. This
@@ -763,11 +764,11 @@
libjava3d-java,
libjinput-java,
libjogl2-java,
+ liblwjgl-java,
libpixels-java,
libsvgsalamander-java,
libupnp-java
Suggests: freecol,
- liblwjgl-java,
netbeans,
triplea
Description: development of games in Java
@@ -950,7 +951,6 @@
tanglet,
tetzle,
texlive-games,
- trackballs,
tworld,
vodovod,
xbomb,
@@ -964,7 +964,8 @@
zaz
Suggests: gnome-games,
kdegames,
- scribble
+ scribble,
+ trackballs
Description: Debian's puzzle games
This metapackage will install puzzle and logic games.
@@ -1159,6 +1160,7 @@
lincity,
lincity-ng,
micropolis,
+ oolite,
opencity,
openssn,
openttd,
@@ -1168,11 +1170,9 @@
simutrans,
singularity,
stormbaancoureur
-Suggests: crystalspace,
- lightspeed,
+Suggests: lightspeed,
linthesia,
netrek-client-cow,
- oolite,
openbve
Description: Debian's simulation games
This metapackage will install simulation games.
@@ -1227,6 +1227,7 @@
megaglest,
netpanzer,
ogamesim,
+ oolite,
openclonk,
openttd,
pax-britannica,
@@ -1251,8 +1252,7 @@
xscorch,
zec
Suggests: colobot,
- netrek-client-cow,
- oolite
+ netrek-client-cow
Description:
Bug#781641: unblock: systemd/215-14
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
systemd 215-14 hit unstable two days ago with 5 RC bug fixes (i. e.
all outstanding one except #780650 which was agreed to be
jessie-ignore), plus some other important fixes which got
pre-approved. 215-13 with half of the fixes already got uploaded last
week. So far there have been no regression reports, and these changes
are also getting tested in experimental and Ubuntu, so I'm quite
confident in them. All of the fixes except two (marked below) are
backports from 219 (in experimental and Ubuntu), so they got much
more field testing than just the two days in unstable.
I attach the full debdiff between 215-12 and -14, but as usual I also
link to the individual commits on anonscm.
Note that there are zero changes for udev-udeb (for d-i).
Annotated changelog:
|systemd (215-14) unstable; urgency=medium
|
| [ Michael Biebl ]
| * Map $x-display-manager LSB facility to display-manager.service instead of
|making it a target. Using a target had the downside that multiple display
|managers could hook into it at the same time which could lead to several
|failed start attempts for the non-default display manager.
| * Update insserv-generator and map $x-display-manager to
|display-manager.service, following the recent change in sysv-generator.
|This avoids creating references to a no longer existing
|x-display-manager.target unit.
http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=4cfcbb100
http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=6ef318a5a
We've had these for a while in experimental/Ubuntu. Pre-acked by Niels in
http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/2015-March/006477.html
| * Cherry-pick upstream fix to increase the SendBuffer of /dev/log to 8M.
http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=6cc87b22c0
Part of/prerequisite for RC bug #762700 below.
| [ Martin Pitt ]
| * scope: Make attachment of initial PIDs more robust. Fixes crash with
|processes that get started by an init.d script with a different (aliased)
|name when the cgroup becomes empty. (Closes: #781210)
http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=925a2872f7
| * boot-and-services, display-managers autopkgtests: Add missing python3 test
|dependency.
http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=0df2572dd
Trivial autopkgtest-only fix, no runtime impact.
| * Don't attempt to mount the same swap partition twice through different
|device node aliases. (Closes: #772182, LP: #1399595)
http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=fc91558
This is the one non-RC/non-pre-ack'ed change in this upload. Several
people asked us to get this into unstable as they ran into it on
installation, and I believe the change is reasonable, safe, and avoids
confusion (people noticing the failed unit and wondering what's wrong,
while there isn't anything wrong).
| [ Christian Seiler ]
| * Make the journald to syslog forwarding more robust by increasing the
|maximum datagram queue length from 10 to 512. (Closes: #762700)
http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=5ff84d8673
RC bug.
| [ Marco d'Itri ]
| * Avoid writing duplicate entries in 70-persistent-net.rules by double
|checking if the new udev rule has already been written for the given
|interface. This happens if multiple add events are generated before the
|write_net_rules script returns and udevd renames the interface.
|(Closes: #765577)
http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=1b31191d26a
RC bug.
|
| -- Michael Biebl Mon, 30 Mar 2015 13:26:52 +0200
|
|systemd (215-13) unstable; urgency=medium
|
| [ Martin Pitt ]
| * Add hwclock-save.service to sync the system clock to the hardware clock on
|shutdown, to provide monotonic time for reboots. (Note: this is a hack for
|jessie; the next Debian release will enable timesyncd by default).
|(Closes: #755722)
http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=58da7faf9
RC bug.
This patch has *not* been backported, but is jessie-only. I still kind
of disagree with this approach, but I got "outvoted" by the bug
reporters and the release team agreed too. This at least makes jessie
bug-compatible with sysvinit in earlier releases.
experimental/jessie+1 will run timesyncd by default, and hopefully
also get some fsck fixes for this, to solve this in a better way.
| * Check for correct architecture identifiers for SuperH. (Closes: #779710)
http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=2800ab3
Helps porters (who specifically asked for this to get included), no-op
for all other architectures.
Not exactly pre-approved, but Niels had no objection in
http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/2015-March/006477.html
("Honestl
