NEW changes in stable-new
Processing changes file: xvba-video_0.8.0-9+deb8u1_amd64.changes ACCEPT Processing changes file: xvba-video_0.8.0-9+deb8u1_i386.changes ACCEPT
Bug#813237: transition: ruby2.3 / followup with -rm transition?
On 21/03/16 19:20, Christian Hofstaedtler wrote: Hello, I think we're done with the ruby2.3 transition now (apart from libguestfs/mips). It'd be good if we could do the followup ruby2.2-rm transition soonish. What does -release think about that? Sure. I have added a tracker and scheduled the required binNMUs. Cheers, Emilio
Bug#818710: wheezy-pu: package amd64-microcode/1.20160316.1
On Mon, Mar 21, 2016, at 19:29, Adam D. Barratt wrote > Flagged for acceptance. Thank you! -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique de Moraes Holschuh
Bug#815520: Bug#815561: jessie-pu: package xvba-video_0.8.0-9+deb8u1
On 2016-03-21 21:53, Adam D. Barratt wrote: > On a related note, xvba-video has non-free build-dependencies, so will > need binary uploads for both amd64 and i386. Oops, I remember there was something ... uploaded 2 binaries, too. Andreas PS: fglrx-driver is still in my ToDo queue ... I wanted to do one more upgrade test, but that involves snapshot.d.o packages ...
NEW changes in oldstable-new
Processing changes file: amd64-microcode_1.20160316.1_multi.changes ACCEPT
NEW changes in stable-new
Processing changes file: cairo_1.14.0-2.1+deb8u1_amd64.changes ACCEPT Processing changes file: dolibarr_3.5.5+dfsg1-1+deb8u1_amd64.changes ACCEPT Processing changes file: pgplot5_5.2.2-19+deb8u1_source.changes ACCEPT Processing changes file: sus_7.20160312~deb8u1_amd64.changes ACCEPT
Bug#818710: wheezy-pu: package amd64-microcode/1.20160316.1
Control: tags -1 + pending On Sun, 2016-03-20 at 12:38 -0300, Henrique de Moraes Holschuh wrote: > On Sun, 20 Mar 2016, Adam D. Barratt wrote: > > On Sun, 2016-03-20 at 12:20 -0300, Henrique de Moraes Holschuh wrote: > > > I have uploaded it through the ftp queue about one hour ago, but I have > > > still not received any email back either from the upload queue daemon, or > > > from dak (and the packages disappeared from the ftp upload queue). > > > > > > I will try to reupload. > > > > dinstall's running, hence the lack of response from dak combined with > > the "disappearing" packages (although I'm not sure why you've not had a > > response from the queued). > > > > I can confirm that the packages have reached the "unchecked" queue so > > should get processed by dak once dinstall finishes; there's no need to > > re-upload. > > Thanks! > > I did try to re-upload before I got your reply, and promptly got an email > from the upload queue daemon about an existing previous upload. Flagged for acceptance. Regards, Adam
Processed: Re: Bug#818710: wheezy-pu: package amd64-microcode/1.20160316.1
Processing control commands: > tags -1 + pending Bug #818710 [release.debian.org] wheezy-pu: package amd64-microcode/1.20160316.1 Added tag(s) pending. -- 818710: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818710 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#818672: jessie-pu: package pgplot5/5.2.2-19+deb8u1
Processing control commands: > tags -1 + pending Bug #818672 [release.debian.org] jessie-pu: package pgplot5/5.2.2-19+deb8u1 Added tag(s) pending. -- 818672: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818672 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#818801: jessie-pu: package cairo/1.14.0-2.1+deb8u1
Processing control commands: > tags -1 + pending Bug #818801 [release.debian.org] jessie-pu: package cairo/1.14.0-2.1+deb8u1 Added tag(s) pending. -- 818801: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818801 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#818679: jessie-pu: package sus/7.20160312~deb8u1
Processing control commands: > tags -1 + pending Bug #818679 [release.debian.org] jessie-pu: package sus/7.20160312~deb8u1 Added tag(s) pending. -- 818679: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818679 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#818679: jessie-pu: package sus/7.20160312~deb8u1
Control: tags -1 + pending On Sun, 2016-03-20 at 16:07 +, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Sat, 2016-03-19 at 17:17 +0100, Andreas Beckmann wrote: > > sus is a downloader package and one of the external tarballs being > > downloaded has changed, again. > > Yay downloader packages. :-( > > > This is a rebuild of the package from sid for jessie. > > Please go ahead. Uploaded and flagged for acceptance. Regards, Adam
Bug#818801: jessie-pu: package cairo/1.14.0-2.1+deb8u1
Control: tags -1 + pending On Sun, 2016-03-20 at 23:11 +0100, Moritz Mühlenhoff wrote: > On Sun, Mar 20, 2016 at 06:43:48PM +, Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > On Sun, 2016-03-20 at 19:33 +0100, Moritz Muehlenhoff wrote: > > > +cairo (1.14.0-2.1+deb8u1) jessie; urgency=medium > > > + > > > + * Fix CVE-2016-3190 > > > > I'd prefer a slightly more detailed changelog, but please go ahead. > > Thanks, uploaded. Flagged for acceptance. Regards, Adam
Bug#818672: jessie-pu: package pgplot5/5.2.2-19+deb8u1
Control: tags -1 + pending On Mon, 2016-03-21 at 01:23 +0100, Andreas Beckmann wrote: > On 2016-03-20 17:11, Adam D. Barratt wrote: > > +pgplot5 (5.2.2-19+deb8u1) jessie; urgency=medium > > + > > + * Non-maintainer upload. > > + * Use multiarch path to zconf.h (Closes: #784783) > > +(thanks to Edmund Grimley Evans and Vincent McIntyre) > > > > The bug number is typoed (and was in the unstable upload) - it should be > > #784743. With that changed, please go ahead. > > I just took the changelog entry from sid and rewrote it to mention the > actual problem fixed, keeping the other bits. Bug number updated and > uploaded - but I still didn't verify that this references the correct > bug :-) Flagged for acceptance. Regards, Adam
Bug#797906: jessie-pu: package dolibarr/3.5.5+dfsg1-2
Control: tags -1 + pending On Mon, 2016-03-21 at 13:13 +0100, Raphael Hertzog wrote: > Hi, > > On Sun, 20 Mar 2016, Adam D. Barratt wrote: > > > +dolibarr (3.5.5+dfsg1-1+deb8u1) UNRELEASED; urgency=high > > > + > > > + * Fix CVE-2016-1912 (Closes: #812496) > > > + * Fix CVE-2015-8685 (Closes: #812449) > > > + * Fix CVE-2015-3935 (Closes: #787762) > > > + > > > + -- Laurent Destailleur (eldy)Tue, 08 Sep > > > 2015 15:22:52 +0200 > > > > I assume the changelog trailer simply needs updating, as I doubt all of > > the patches were added by September. :-) With that and the changelog > > distribution set to "jessie", please go ahead. > > Done and uploaded the package for Laurent. Flagged for acceptance. Regards, Adam
Processed: Re: Bug#797906: jessie-pu: package dolibarr/3.5.5+dfsg1-2
Processing control commands: > tags -1 + pending Bug #797906 [release.debian.org] jessie-pu: package dolibarr/3.5.5+dfsg1-2 Added tag(s) pending. -- 797906: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797906 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Qt and OpenSSL transition metadata in relation to Mumble package
Julien Cristau: > On Mon, Mar 21, 2016 at 20:20:22 +, Chris Knadle wrote: > >> Julien Cristau: >>> On Sun, Mar 20, 2016 at 01:55:55 +, Chris Knadle wrote: >>> Emilio Pozuelo Monfort: > On 19/03/16 19:23, Chris Knadle wrote: >> Greetings. >> >> Executive summary: >> I'd like to know if there is metadata that can be added to the Qt4 and >> Qt5 >> packages (qt4-x11 and qtbase-opensource-src) which will indicate that >> they >> need to be binNMUed for OpenSSL transitions at nearly the same time that >> Mumble gets binNMUed. [...] >> Is this possible? > > There's no way to express that kind of relationship. Not unless you get > into > complex territory which isn't really worth it in this case. Normally > binNMUs > are scheduled at the same time, so in theory this shouldn't be such a big > issue. And it would only affect unstable users, only for a short amount of > time. Ehhh... okay. The last OpenSSL binNMU had an 11-day difference between Mumble getting rebuilt and qt4-x11 being rebuilt in Sid. That's a short time in release terms, but a long time in terms of users finding Mumble broken and waiting for it to be fixed. Either way I have my answer. Thank you very much. >>> What would it take to fix qt to properly link with libssl? >> >> There's an -openssl-linked ./configure option for building Qt with: >> >>https://doc.qt.io/qt-4.8/ssl.html >> >> However it's thought that the -openssl-linked option isn't viable due to >> licensing concerns that would result: >> >>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804487#147 >> > I don't think dlopen(libssl) vs gcc -lssl makes any difference > licensing-wise, I suspect either they're both ok or they're both not > ok... > > Cheers, > Julien I could try to talk to the maintainers of the Qt packages to see if they know if using -openssl-linked is possible... I've been wanting to talk to them about this for a while anyway. -- Chris -- Chris Knadle chris.kna...@coredump.us
Re: Qt and OpenSSL transition metadata in relation to Mumble package
On Mon, Mar 21, 2016 at 20:20:22 +, Chris Knadle wrote: > Julien Cristau: > > On Sun, Mar 20, 2016 at 01:55:55 +, Chris Knadle wrote: > > > >> Emilio Pozuelo Monfort: > >>> On 19/03/16 19:23, Chris Knadle wrote: > Greetings. > > Executive summary: > I'd like to know if there is metadata that can be added to the Qt4 and > Qt5 > packages (qt4-x11 and qtbase-opensource-src) which will indicate that > they > need to be binNMUed for OpenSSL transitions at nearly the same time that > Mumble gets binNMUed. > >> [...] > Is this possible? > >>> > >>> There's no way to express that kind of relationship. Not unless you get > >>> into > >>> complex territory which isn't really worth it in this case. Normally > >>> binNMUs > >>> are scheduled at the same time, so in theory this shouldn't be such a big > >>> issue. And it would only affect unstable users, only for a short amount of > >>> time. > >> > >> Ehhh... okay. The last OpenSSL binNMU had an 11-day difference between > >> Mumble getting rebuilt and qt4-x11 being rebuilt in Sid. That's a short > >> time in release terms, but a long time in terms of users finding Mumble > >> broken and waiting for it to be fixed. > >> > >> Either way I have my answer. Thank you very much. > >> > > What would it take to fix qt to properly link with libssl? > > There's an -openssl-linked ./configure option for building Qt with: > >https://doc.qt.io/qt-4.8/ssl.html > > However it's thought that the -openssl-linked option isn't viable due to > licensing concerns that would result: > >https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804487#147 > I don't think dlopen(libssl) vs gcc -lssl makes any difference licensing-wise, I suspect either they're both ok or they're both not ok... Cheers, Julien
Re: Opinion about linux-grsec in a stable release
On Wed, Mar 2, 2016 at 10:09:47 +0100, Yves-Alexis Perez wrote: > Hi teams, > > [first of all, I'm writing this with my linux-grsec hat, not my Debian > security team member hat, obviously] > > As you may know, src:linux-grsec was accepted in unstable earlier this year. > As a quick summary, this is a source linux package (forked from and > periodically rebased against src:linux) which generates a linux kernel with > the grsecurity hardening patch (the patch is mostly about fighting memory > corruptions bugs, but not only, I won't enter into details here to keep it > short, but more information can be found in the ITP bug #605090). > At this point I think it's not a good fit for stable. Something very much like backports, where you can update the package easily and often, seems like it'd make supporting the package easier. We only update (old)stable every few months, which depending on timing vs upstream releases could become quite awkward. Cheers, Julien
Bug#815561: Bug#815520: jessie-pu: package fglrx-driver/1:15.9-4~deb8u2 xvba-video_0.8.0-9+deb8u1
On Sat, 2016-03-19 at 21:39 +, Adam D. Barratt wrote: > Control: tags -1 + pending > > On Mon, 2016-02-22 at 13:23 +, Adam D. Barratt wrote: > [...] > > On 2016-02-22 1:05, Andreas Beckmann wrote: > > > the last fglrx-driver update in jessie brought a small regression: > > > updates with xvba-va-driver installed fail due to a file overwrite > > > conflict (#813427). > > > xvba-va-driver is currently uninstallable in jessie. > > > xvba-va-driver is no longer needed as a separate package, instead > > > libfglrx-amdxvba1 brings equivalent files. > > > > > > We need to update both packages to fix this issue. > [...] > > > Let's do the discussion with this one bug here and clone it once it > > > reached confirmed state. > > > > Looks okay to me. > > > > Assuming that the install and upgrade paths have been tested (I imagine > > they have :-), please go ahead. > > xvba-video uploaded and flagged for acceptance. Oops, that was actually the fglrx-driver bug that I tagged as pending - I assume the upload for that's still planned? On a related note, xvba-video has non-free build-dependencies, so will need binary uploads for both amd64 and i386. Regards, Adam
Processed: tagging 815520, tagging 815561
Processing commands for cont...@bugs.debian.org: > # Tag right half of cloned pair > tags 815520 - pending Bug #815520 [release.debian.org] jessie-pu: package fglrx-driver/1:15.9-4~deb8u2 Removed tag(s) pending. > tags 815561 + pending Bug #815561 [release.debian.org] xvba-video_0.8.0-9+deb8u1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 815520: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815520 815561: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815561 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Qt and OpenSSL transition metadata in relation to Mumble package
Julien Cristau: > On Sun, Mar 20, 2016 at 01:55:55 +, Chris Knadle wrote: > >> Emilio Pozuelo Monfort: >>> On 19/03/16 19:23, Chris Knadle wrote: Greetings. Executive summary: I'd like to know if there is metadata that can be added to the Qt4 and Qt5 packages (qt4-x11 and qtbase-opensource-src) which will indicate that they need to be binNMUed for OpenSSL transitions at nearly the same time that Mumble gets binNMUed. >> [...] Is this possible? >>> >>> There's no way to express that kind of relationship. Not unless you get into >>> complex territory which isn't really worth it in this case. Normally binNMUs >>> are scheduled at the same time, so in theory this shouldn't be such a big >>> issue. And it would only affect unstable users, only for a short amount of >>> time. >> >> Ehhh... okay. The last OpenSSL binNMU had an 11-day difference between >> Mumble getting rebuilt and qt4-x11 being rebuilt in Sid. That's a short >> time in release terms, but a long time in terms of users finding Mumble >> broken and waiting for it to be fixed. >> >> Either way I have my answer. Thank you very much. >> > What would it take to fix qt to properly link with libssl? There's an -openssl-linked ./configure option for building Qt with: https://doc.qt.io/qt-4.8/ssl.html However it's thought that the -openssl-linked option isn't viable due to licensing concerns that would result: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804487#147 Right now Qt5 (qtbase-opensource-src) uses the -openssl ./configure option but not -openssl-linked, Qt4 (qt4-x11) uses neither. Both Qt4 and Qt5 pull in libssl-dev and libssl during the build, FWIW. -- Chris -- Chris Knadle chris.kna...@coredump.us
Bug#818837: nmu: libdbi-drivers_0.9.0-3
Control: tag -1 moreinfo On Sun, Mar 20, 2016 at 21:35:43 +0100, Ruben Undheim wrote: > There are some memory issues when running the test suite for the package > openbsc. These disappears if libdbi-drivers is first rebuilt with GCC 5. It is > hard to track down exactly what the problem is, but rebuilding it seems to > make > the test suite pass for openbsc.. > We (well, at least I) don't like to schedule binNMUs without knowing why. Cheers, Julien
Processed: Re: Bug#818837: nmu: libdbi-drivers_0.9.0-3
Processing control commands: > tag -1 moreinfo Bug #818837 [release.debian.org] nmu: libdbi-drivers_0.9.0-3 Added tag(s) moreinfo. -- 818837: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818837 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Qt and OpenSSL transition metadata in relation to Mumble package
On Sun, Mar 20, 2016 at 01:55:55 +, Chris Knadle wrote: > Emilio Pozuelo Monfort: > > On 19/03/16 19:23, Chris Knadle wrote: > >> Greetings. > >> > >> Executive summary: > >> I'd like to know if there is metadata that can be added to the Qt4 and Qt5 > >> packages (qt4-x11 and qtbase-opensource-src) which will indicate that they > >> need to be binNMUed for OpenSSL transitions at nearly the same time that > >> Mumble gets binNMUed. > [...] > >> Is this possible? > > > > There's no way to express that kind of relationship. Not unless you get into > > complex territory which isn't really worth it in this case. Normally binNMUs > > are scheduled at the same time, so in theory this shouldn't be such a big > > issue. And it would only affect unstable users, only for a short amount of > > time. > > Ehhh... okay. The last OpenSSL binNMU had an 11-day difference between > Mumble getting rebuilt and qt4-x11 being rebuilt in Sid. That's a short > time in release terms, but a long time in terms of users finding Mumble > broken and waiting for it to be fixed. > > Either way I have my answer. Thank you very much. > What would it take to fix qt to properly link with libssl? Cheers, Julien
Bug#813237: transition: ruby2.3 / followup with -rm transition?
Hello, I think we're done with the ruby2.3 transition now (apart from libguestfs/mips). It'd be good if we could do the followup ruby2.2-rm transition soonish. What does -release think about that? Thanks, -- ,''`. Christian Hofstaedtler: :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Bug#818908: jessie-pu: package dpkg/1.17.27
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi! Here's a proposed dpkg 1.17.27, with cherry picked fixes from master (already in unstable). These include fixes for regressions, memory leaks, portability, interaction with tools such as GNU tar or the system shell, install-info transition, and a sync of the architectures supported (in case some of these end up accepted in the archive). The change for Config-Version should be safe, as at worst it will have no effect, otherwise packages relying on the correct behavior will start to work now, it will also make upgrades easier, for example for systemd, which I'm aware suffered from this problem. The «git log» fix is not yet in master though, but it should also be safe, otherwise the build would simply fail. And I've just realized it's not documented in debian/changelog, it will be in the ChangeLog, but I could add it to debian/changelog too. The changes have passed all unit tests which are part of the build, and all functional test in the dpkg-tests git repo. Attached a diff with translation updates filtered. Thanks, Guillem diff --git a/Makefile.am b/Makefile.am index aa13270..c9f63d3 100644 --- a/Makefile.am +++ b/Makefile.am @@ -172,6 +172,7 @@ dist-hook: exit 1 ; \ fi ; \ done ; \ + XDG_CONFIG_HOME= HOME= \ git log -C --stat 1.15.0.. >$(distdir)/ChangeLog; \ fi diff --git a/check.am b/check.am index 458214d..5e0d3cf 100644 --- a/check.am +++ b/check.am @@ -30,6 +30,7 @@ check-local: $(test_data) $(test_programs) $(test_scripts) $(TEST_ENV_VARS) \ srcdir=$(srcdir) builddir=$(builddir) \ PERL_DL_NONLAZY=1 \ + PERL5LIB=$(abs_top_srcdir)/scripts:$(abs_top_srcdir)/dselect/methods \ PERL5OPT=$(TEST_COVERAGE) \ $(PERL) -MTAP::Harness -e $(TEST_RUNNER) \ $(addprefix $(builddir)/,$(test_programs)) \ diff --git a/cputable b/cputable index b8b2da2..b376aa0 100644 --- a/cputable +++ b/cputable @@ -29,6 +29,7 @@ mips mips mips(eb)? 32 big mipsel mipsel mipsel 32 little mips64 mips64 mips64 64 big mips64el mips64el mips64el 64 little +nios2 nios2 nios2 32 little or1k or1k or1k 32 big powerpc powerpc (powerpc|ppc) 32 big powerpcel powerpcle powerpcle 32 little diff --git a/debian/changelog b/debian/changelog index 8b2a4d0..eca2d78 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,45 @@ +dpkg (1.17.27) jessie; urgency=medium + + [ Guillem Jover ] + * Add more Conflicts for removed packages expecting dpkg to ship +install-info. Namely ada-mode and octave2.1-info. Closes: #783657 +Thanks to Andreas Beckmann. + * Remove trailing space before handling blank line dot-separator in +Dpkg::Control::HashCore. Regression introduced in dpkg 1.17.25. +Reported by Jakub Wilk . Closes: #789580 + * Only use the SHELL environment variable for interactive shells. +Closes: #788819 + * Move tar option --no-recursion before -T in dpkg-deb. With tar > 1.28 the +--no-recursion option is now positional, and needs to be passed before +the -T option, otherwise the tarball will end up with duplicated entries. +Thanks to Richard Purdie . +Closes: #807940 + * Initialize Config-Version also for packages previously in triggers-pending +state, otherwise we end up not passing the previously configured version +to «postinst configure», which might consider this a first install instead +of an upgrade. Closes: #801156 + * Fix memory leak in dpkg infodb format upgrade logic. + * Fix physical file offset comparison in dpkg. Closes: #808912 +Thanks to Yuri Gribov . + * Add kfreebsd-armhf support to ostable and triplettable. Closes: #796283 +Thanks to Steven Chamberlain . + * Add NIOS2 support to cputable. Thanks to Marek Vasut . + * Build system: +- Set PERL5LIB globally for the test suite to the local modules directory, + to avoid using the system modules. Regression introduced in dpkg 1.17.8. + Reported by Jérémy Bobbio . Closes: #801329 +- When sys_siglist is defined in the system, try to use NSIG as we cannot + compute the array size with sizeof(). If NSIG is missing fallback to 32 + items. Prompted by Igor Pashev . + + [ Updated scripts translations ] + * German (Helge Kreutzmann). (Various fixes) + + [ Updated manpages translations ] + * German (Helge Kreutzmann). (Various fixes) + + -- Guillem Jover Sun, 20 Mar 2016 11:40:28 +0100 + dpkg (1.17.26) jessie-security; urgency=high [ Guillem Jover ] diff --git a/debian/control b/debian/control index ade9839..97f06d2 100644 --- a/debian/control +++ b/debian/control @@ -80,11 +80,13 @@ Conflicts: gcc-4.2-doc (<< 4.2.4.nf1-4~), gcj-4.2-doc (<< 4.2.4.nf1-4~), gfortran-4.2-doc (<< 4.2.4.nf1-4~),
Bug#818906: wheezy-pu: package dpkg/1.16.18
Package: release.debian.org Severity: normal Tags: wheezy User: release.debian@packages.debian.org Usertags: pu Hi! Here's a proposed dpkg 1.16.18, with cherry picked fixes from master (already in unstable). These include fixes for regressions, memory leaks, segmentation faults, portability and interaction with tools such as GNU tar or the system shell. The change for Config-Version should be safe, as at worst it will have no effect, otherwise packages relying on the correct behavior will start to work now. The «git log» fix is not yet in master though, but it should also be safe, otherwise the build would simply fail. And I've just realized it's not documented in debian/changelog, it will be in the ChangeLog, but I could add it to debian/changelog too. The changes have passed all unit tests which are part of the build, and all functional test in the dpkg-tests git repo. Attached a diff with translation updates filtered. Thanks, Guillem diff --git a/Makefile.am b/Makefile.am index 406d3dd..cb12880 100644 --- a/Makefile.am +++ b/Makefile.am @@ -140,7 +140,7 @@ update-po: DISTCLEANFILES = ChangeLog ChangeLog: - git log -C --stat 1.15.0.. >$@ + XDG_CONFIG_HOME= HOME= git log -C --stat 1.15.0.. >$@ # If we create the dist tarball from the git repository, make sure # that we're not forgetting some files... diff --git a/debian/changelog b/debian/changelog index 1c5a662..19b76f3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,29 @@ +dpkg (1.16.18) wheezy; urgency=medium + + * Remove trailing space before handling blank line dot-separator in +Dpkg::Control::Hash. Regression introduced in dpkg 1.16.16. +Reported by Jakub Wilk. Closes: #789580 + * Only use the SHELL environment variable for interactive shells. +Closes: #788819 + * Move tar option --no-recursion before -T in dpkg-deb. With tar > 1.28 the +--no-recursion option is now positional, and needs to be passed before +the -T option, otherwise the tarball will end up with duplicated entries. +Thanks to Richard Purdie . +Closes: #807940 + * Initialize Config-Version also for packages previously in triggers-pending +state, otherwise we end up not passing the previously configured version +to «postinst configure», which might consider this a first install instead +of an upgrade. Closes: #801156 + * Fix memory leaks in dpkg infodb format upgrade logic. + * Fix physical file offset comparison in dpkg. Closes: #808912 +Thanks to Yuri Gribov . + * Do not accept empty field names in dpkg. Closes: #769111 + * When sys_siglist is defined in the system, try to use NSIG as we cannot +compute the array size with sizeof(). If NSIG is missing fallback to 32 +items. Prompted by Igor Pashev . + + -- Guillem Jover Sun, 20 Mar 2016 10:23:24 +0100 + dpkg (1.16.17) wheezy-security; urgency=high [ Guillem Jover ] diff --git a/dpkg-deb/build.c b/dpkg-deb/build.c index b798b1f..e83ed51 100644 --- a/dpkg-deb/build.c +++ b/dpkg-deb/build.c @@ -545,7 +545,8 @@ do_build(const char *const *argv) m_dup2(p2[1],1); close(p2[0]); close(p2[1]); if (chdir(dir)) ohshite(_("failed to chdir to `%.255s'"), dir); -execlp(TAR, "tar", "-cf", "-", "--format=gnu", "--null", "-T", "-", "--no-recursion", NULL); +execlp(TAR, "tar", "-cf", "-", "--format=gnu", "--null", "--no-recursion", + "-T", "-", NULL); ohshite(_("unable to execute %s (%s)"), "tar -cf", TAR); } close(p1[0]); diff --git a/lib/compat/strsignal.c b/lib/compat/strsignal.c index 92fad03..7ff23e2 100644 --- a/lib/compat/strsignal.c +++ b/lib/compat/strsignal.c @@ -52,7 +52,12 @@ const char *const sys_siglist[] = { "SIGTTIN", /* 21 */ "SIGTTOU", /* 22 */ }; +# define COMPAT_NSIGLIST (int)(sizeof(sys_siglist) / sizeof(sys_siglist[0])) #else +# ifndef NSIG +# define NSIG 32 +# endif +# define COMPAT_NSIGLIST NSIG extern const char *const sys_siglist[]; #endif @@ -61,7 +66,7 @@ strsignal(int s) { static char buf[100]; - if (s > 0 && s < sizeof(sys_siglist) / sizeof(sys_siglist[0])) + if (s > 0 && s < COMPAT_NSIGLIST) return sys_siglist[s]; sprintf(buf, _("Unknown signal %d"), s); diff --git a/lib/dpkg/command.c b/lib/dpkg/command.c index 859f8a1..f9b3302 100644 --- a/lib/dpkg/command.c +++ b/lib/dpkg/command.c @@ -216,14 +216,16 @@ command_shell(const char *cmd, const char *name) const char *shell; const char *mode; - shell = getenv("SHELL"); - if (str_is_unset(shell)) - shell = DEFAULTSHELL; - - if (cmd == NULL) + if (cmd == NULL) { mode = "-i"; - else + shell = getenv("SHELL"); + } else { mode = "-c"; + shell = NULL; + } + + if (str_is_unset(shell)) + shell = DEFAULTSHELL; execlp(shell, shell, mode, cmd, NULL); ohshite(_("unable to execute %s (%s)"), name, cmd); diff --git a/lib/dpkg/parse.c b/lib/dpkg/parse.c index
Bug#797906: jessie-pu: package dolibarr/3.5.5+dfsg1-2
Hi, On Sun, 20 Mar 2016, Adam D. Barratt wrote: > > +dolibarr (3.5.5+dfsg1-1+deb8u1) UNRELEASED; urgency=high > > + > > + * Fix CVE-2016-1912 (Closes: #812496) > > + * Fix CVE-2015-8685 (Closes: #812449) > > + * Fix CVE-2015-3935 (Closes: #787762) > > + > > + -- Laurent Destailleur (eldy)Tue, 08 Sep > > 2015 15:22:52 +0200 > > I assume the changelog trailer simply needs updating, as I doubt all of > the patches were added by September. :-) With that and the changelog > distribution set to "jessie", please go ahead. Done and uploaded the package for Laurent. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/