Re: Porter roll call for Debian Stretch

[Christoph Biedl]

John Paul Adrian Glaubitz wrote...

> On 09/20/2016 11:16 PM, Niels Thykier wrote:
> >- powerpc: No porter (RM blocker)
> 
> I'd be happy to pick up powerpc to keep it for Stretch. I'm already
> maintaining powerpcspe which is very similar to powerpc.

For somewhat personal reasons I'm interested in keeping powerpc in
stretch as well. I certainly cannot take the entire role as a porter,
especially since I don't know what amount of work this implies. But I
am willing to help.

There are two powerpc boxes in my collection, used regulary. One runs
on stable, the other on testing. I haven't done d-i tests but
certainly could do.

Christoph



signature.asc
Description: Digital signature

Bug#838882: Acknowledgement (jessie-pu: package darktable/1.4.2-1+b3)

[David Bremner]

Lintian points out I want a ':' after Closes.

Bug#838882: jessie-pu: package darktable/1.4.2-1+b3

[David Bremner]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

This update would fix CVE-2015-3885 / #786792 in stable.  The CVE has
previously been classified as not severe enough for a DSA.

- -- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (900, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.6.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-BEGIN PGP SIGNATURE-

iQGcBAEBCAAGBQJX6HNlAAoJEPIClx2kp54sPD8L/RpiaGuf3Qn6Wy7RZboY+5Wp
2m1TKjYzdWUTm46yldmiSuMrvsy39rUR//c+KkJGTAqbCXus5V1sXgFiSGRxiiVt
rMWJd2F3JjdBWbU8uFVTFNj7ihSkV2B6g37tlySbUQaBNZY5y3EkTfMKEo6hL/M+
js/wNIRJkK5+fwIAKyo1kPQR6D3VGps4EJt1xOAoxGC62j3v0J0efgGsuSxVCZNQ
RUqkrkIt3YRgUMrZGJlmLeezOfHI9k3E/1mLKbgqkP+tVF2bMgINbQWvBgDDJsPy
y7As5Pi0I741ekBKfhTx9zrUaXpA2+qu8tEsKJDrSLxsEnAeRGEN2OCtBcHUiLwK
TLRH4Ktq+jVgES3y5eCie3EGCIQTHUxIVeZyQJcFyOlF3z5fepXdIiG2VmPnMsCI
nMkqq3wsgr5rIYovfOCALONmOnV+9DcAsmE7E38WlG7u+79pBbrLY8lSdNx0dNzK
5QuFUQ8pC2qapF3BpufFAGikTiYl3VvyBNSGAvKjoA==
=dFI8
-END PGP SIGNATURE-
diff -Nru darktable-1.4.2/debian/changelog darktable-1.4.2/debian/changelog
--- darktable-1.4.2/debian/changelog	2014-05-04 00:43:43.0 -0300
+++ darktable-1.4.2/debian/changelog	2016-09-25 21:51:51.0 -0300
@@ -1,3 +1,10 @@
+darktable (1.4.2-1+deb8u1) stable; urgency=medium
+
+  * Cherry pick upstream commit 0f809ca5048. Fix for CVE-2015-3885
+(Closes #786792)
+
+ -- David Bremner   Sun, 25 Sep 2016 21:49:23 -0300
+
 darktable (1.4.2-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru darktable-1.4.2/debian/patches/0001-LibRaw-address-CVE-2015-3885-fix-integer-overflow-in.patch darktable-1.4.2/debian/patches/0001-LibRaw-address-CVE-2015-3885-fix-integer-overflow-in.patch
--- darktable-1.4.2/debian/patches/0001-LibRaw-address-CVE-2015-3885-fix-integer-overflow-in.patch	1969-12-31 20:00:00.0 -0400
+++ darktable-1.4.2/debian/patches/0001-LibRaw-address-CVE-2015-3885-fix-integer-overflow-in.patch	2016-09-25 21:52:29.0 -0300
@@ -0,0 +1,40 @@
+From b2c17dd163bea76f4817ad726a1e874206969dc1 Mon Sep 17 00:00:00 2001
+From: Roman Lebedev 
+Date: Fri, 22 May 2015 13:18:48 +0300
+Subject: [PATCH] LibRaw: address CVE-2015-3885: fix integer overflow in
+ ljpeg_start()
+
+The fix is not tested.
+Based on ufraw.
+
+(cherry picked from commit 0f809ca5048c71080437da543aefbfde65ebf10a)
+---
+ src/external/LibRaw/internal/dcraw_common.cpp | 8 +---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/external/LibRaw/internal/dcraw_common.cpp b/src/external/LibRaw/internal/dcraw_common.cpp
+index 948ef3f..982ecd7 100644
+--- a/src/external/LibRaw/internal/dcraw_common.cpp
 b/src/external/LibRaw/internal/dcraw_common.cpp
+@@ -630,7 +630,8 @@ void CLASS canon_compressed_load_raw()
+ 
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+-  int c, tag, len;
++  int c, tag;
++  ushort len;
+   uchar data[0x1];
+   const uchar *dp;
+ 
+@@ -641,8 +642,9 @@ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+   do {
+ fread (data, 2, 2, ifp);
+ tag =  data[0] << 8 | data[1];
+-len = (data[2] << 8 | data[3]) - 2;
+-if (tag <= 0xff00) return 0;
++len = (data[2] << 8 | data[3]);
++if (tag <= 0xff00 || len <= 2) return 0;
++len -= 2;
+ fread (data, 1, len, ifp);
+ switch (tag) {
+   case 0xffc3:
diff -Nru darktable-1.4.2/debian/patches/series darktable-1.4.2/debian/patches/series
--- darktable-1.4.2/debian/patches/series	1969-12-31 20:00:00.0 -0400
+++ darktable-1.4.2/debian/patches/series	2016-09-25 21:52:29.0 -0300
@@ -0,0 +1,2 @@
+# exported from git by git-debcherry
+0001-LibRaw-address-CVE-2015-3885-fix-integer-overflow-in.patch

Bug#830200: transition: perl

[Andreas Beckmann]

binNMU candidates for experimental:

courier_0.76.2-1
nginx_1.11.3-1~exp2
libatteanx-store-memorytriplestore-perl_0.001~20150811-1
imagemagick_8:6.9.5.9+dfsg-1

but you probably don't want that one:

linux_4.8~rc5-1~exp1


Andreas

Bug#838869: jessie-pu: package libdatetime-timezone-perl/1:1.75-2+2016g

[gregor herrmann]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I've prepared an update for libdatetime-timezone-perl in jessie,
which incorporates the 2016g version of the Olson db.
As usual, as a quilt patch which only touches the data files.

Since the major change in this tzdata release is that Turkey doesn't
switch back from +03 to +02 at the end of October, this might be
material for stable-updates, depending on when the next point release
is planned.

I'm attaching a manually stripped down debdiff.


Cheers,
gregor

-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJX6EQLXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREMUUxMzE2RTkzQTc2MEE4MTA0RDg1RkFC
QjNBNjgwMTg2NDlBQTA2AAoJELs6aAGGSaoGM7kP/3bgXGbBt5wAzZmzCXaGIOzQ
+n49bVKRz50LghBnCsWVkcq96FKlH3Uh3EC0QMCsZgNo716fZ2tu/G2eyWF0D+LU
nFbW/sCwAJK/BUHe8fDWofOwFa8npGj/Dqz9t071OLrnW5L0UjX5p4pTlLOnN0f6
Lh8HUTeg/4pGpMBoO8ULoqGauoq42OU3uKu1hhSyAWliNbW4IvWfRR26RdrwEOfo
QQGQzx+COpoO0vwWjWomwrq8nkXwd8pMctdEhokzlOtVIi9kL2Ckzkg9cJjDgZoQ
O1GUB4fZOn/QqxMqPQCRgnuDniQo++e9TwrsI4Yw55IYmczHOgnqdBu+krm8t/0Y
3rCP4QJQcZgpVJeanAvQckV1H52wbDhOLrigweA6K4/8ExRc2s1jyO74zmNB4ViE
/8jLUN5SFAsW1PcgE7kxE0yMqsDAW5/UIwYJv6HjreAxCKsTa6+BL9qNd3hofipz
mNZ2zHutSDmpdr58pUt5gRfaZC56eNkC3+EzePg8s+DxoCuveBR98LWqrb+/pTlg
umtd5tqszRvInrS1bnrrlMdkidTgRpiYXSveiRxGI4BUUOA3F0AL2GFGdr9bD8U6
X+KlgOs+HUGhu0D6iWVWcILRzXsRxgRtzE4G+lJwozRNIbicZV4m4XzXO7NEEktD
TL+NbE8DcAC2OSjR+lKk
=lDGV
-END PGP SIGNATURE-
diff -Nru libdatetime-timezone-perl-1.75/debian/changelog libdatetime-timezone-perl-1.75/debian/changelog
--- libdatetime-timezone-perl-1.75/debian/changelog	2016-07-07 19:18:40.0 +0200
+++ libdatetime-timezone-perl-1.75/debian/changelog	2016-09-25 14:21:38.0 +0200
@@ -1,3 +1,12 @@
+libdatetime-timezone-perl (1:1.75-2+2016g) UNRELEASED; urgency=medium
+
+  * Update to Olson database version 2016g.
+Add patch debian/patches/olson-2016g, which updates the timezone *.pm
+files, using upstream's tools/parse_olson script.
+This update contains contemporary changes for Europe/Istanbul.
+
+ -- gregor herrmann   Sun, 25 Sep 2016 14:21:38 +0200
+
 libdatetime-timezone-perl (1:1.75-2+2016f) jessie; urgency=medium
 
   * Update to Olson database version 2016f.
diff -Nru libdatetime-timezone-perl-1.75/debian/patches/olson-2016g libdatetime-timezone-perl-1.75/debian/patches/olson-2016g
--- libdatetime-timezone-perl-1.75/debian/patches/olson-2016g	1970-01-01 01:00:00.0 +0100
+++ libdatetime-timezone-perl-1.75/debian/patches/olson-2016g	2016-09-25 14:21:38.0 +0200
@@ -0,0 +1,23710 @@
+Description: update to olson db 2016g
+Origin: vendor
+Author: gregor herrmann 
+Last-Update: 2016-09-25
+
+--- a/lib/DateTime/TimeZone/Africa/Abidjan.pm
 b/lib/DateTime/TimeZone/Africa/Abidjan.pm
+@@ -3,7 +3,7 @@
+ # DateTime::TimeZone module distribution in the tools/ directory
+ 
+ #
+-# Generated from debian/tzdata/africa.  Olson data version 2016f
++# Generated from debian/tzdata/africa.  Olson data version 2016g
+ #
+ # Do not edit this file directly.
+ #
+@@ -39,7 +39,7 @@
+ ],
+ ];
+ 
+-sub olson_version { '2016f' }
++sub olson_version { '2016g' }
+ 
+ sub has_dst_changes { 0 }
+ 
+--- a/lib/DateTime/TimeZone/Europe/Istanbul.pm
 b/lib/DateTime/TimeZone/Europe/Istanbul.pm
+@@ -3,7 +3,7 @@
+ # DateTime::TimeZone module distribution in the tools/ directory
+ 
+ #
+-# Generated from debian/tzdata/europe.  Olson data version 2016f
++# Generated from debian/tzdata/europe.  Olson data version 2016g
+ #
+ # Do not edit this file directly.
+ #
+@@ -530,7 +530,7 @@
+ 62427466800, #local_end 1979-04-01 03:00:00 (Sun)
+ 14400,
+ 1,
+-'TRST',
++'+04',
+ ],
+ [
+ 62427452400, #utc_start 1979-03-31 23:00:00 (Sat)
+@@ -539,7 +539,7 @@
+ 6276800, #local_end 1979-10-15 00:00:00 (Mon)
+ 14400,
+ 1,
+-'TRST',
++'+04',
+ ],
+ [
+ 6262400, #utc_start 1979-10-14 20:00:00 (Sun)
+@@ -548,7 +548,7 @@
+ 62459521200, #local_end 1980-04-06 03:00:00 (Sun)
+ 10800,
+ 0,
+-'TRT',
++'+03',
+ ],
+ [
+ 62459510400, #utc_start 1980-04-06 00:00:00 (Sun)
+@@ -557,7 +557,7 @@
+ 62475926400, #local_end 1980-10-13 00:00:00 (Mon)
+ 14400,
+ 1,
+-'TRST',
++'+04',
+ ],
+ [
+ 62475912000, #utc_start 1980-10-12 20:00:00 (Sun)
+@@ -566,7 +566,7 @@
+ 62490366000, #local_end 1981-03-29 03:00:00 (Sun)
+ 10800,
+ 0,
+-'TRT',
++'+03',
+ ],
+ [
+ 62490355200, #utc_start 1981-03-29 00:00:00 (Sun)
+@@ -575,7 +575,7 @@
+ 62507376000, #local_end 1981-10-12 00:00:00 (Mon)
+ 14400,
+ 1,
+-'TRST',
++'+04',
+ ],
+ [
+ 62507361600, #utc_start 1981-10-11 20:00:00 (Sun)
+@@ -584,7 +584,7 @@
+ 62521815600, #local_end 1982-03-28 03:00:00 (Sun)
+ 10800,
+ 0,
+-'TRT',
++'+03',
+ ],
+ [
+ 62521804800, #utc_start 1982-03-28 00:00:00 (Sun)
+@@ -593,7 +593,7 @@

Processed: libcoro-perl: FTBFS with Perl 5.24: panic: corrupt saved stack index -144185424

[Debian Bug Tracking System]

Processing control commands:

> block 830200 with -1
Bug #830200 [release.debian.org] transition: perl
830200 was blocked by: 825629 825524 825231 834800 838394 834795 825609 825014 
825762 834798 834799 834797 836636 825012 837719 834249 834796
830200 was not blocking any bugs.
Added blocking bug(s) of 830200: 838851

-- 
830200: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830200
838851: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838851
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: block 830200 with 825629

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> # we missed this earlier for some reason
> block 830200 with 825629
Bug #830200 [release.debian.org] transition: perl
830200 was blocked by: 837719 825231 834795 834799 825014 834798 834796 834249 
825524 825012 836636 825609 834800 834797 825762 838394
830200 was not blocking any bugs.
Added blocking bug(s) of 830200: 825629
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
830200: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830200
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: tagging 838514

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 838514 + pending
Bug #838514 [release.debian.org] britney: patch to speed up loop performance
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
838514: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838514
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

ITM: Britney2 branch britney-patch-bundle-2016-09 into master

[Niels Thykier]

Hi,

I intend to merge the branch [britney-patch-bundle-2016-09] consisting
of 22 patches into master no later than Monday the 3th of October.  It
has been tested with [no regressions].
 * CC: People known to run Britney
 * BCC: contributors + the debian bug

New "features":
 * Policies can now define their own hints (Ubuntu has already merged
   this)

Bugs fixed/Merges:
 * #838514 (patch to speed up loop performance)
 * GH#12 (Handle missing arches in p-u gracefully)
 * GH#13 (Use better exception handling)

Other notes:
 * It cherry-picks 4 commits from Ubuntu
 * A SourcePackage class is introduced to replace the "list" objects
   for source package data.
 * Britney now parses InRelease files to determine whether an
   architecture is available for a given suite (instead of abusing
   "NEW_ARCHES" config for this).  Though no "by-hash" support yet.

The shortlog:

  Colin Watson (3):
  Clarify excuse HTML/text for the mindays == 0 case
  Rename fucked_arches to outofsync_arches
  Make removal of obsolete source packages configurable

  Mathieu Trudel-Lapierre (1):
  Update whitespace; make the output easier to read

  Niels Thykier (18):
  Minor hint creation refactoring
  Change argument order for HintCollection.add_hint
  hint-tester: Use hint-parser for parsing excuse hints
  HintParser: Support adding new hints to the parser
  hints: Move Hint creation out of add_hints
  Extract an AgeDayHint class from Hint
  Support policies registering their own hints
  Let the age policy register its own hints
  Add an ignore-rc-bugs hint
  britney.py: Make hinted removal excuses valid
  AgePolicy: Create the (new) date file automatically
  britney -> util: Extract a "create_provides_map"
  britney: Make read_binaries read all binaries for a suite
  britney: Skip architectures not listed in InRelease files
  britney: Remove out a tuple lookup in get_dependency_solvers
  inst-tester: Fix typo in a variable name
  Create a SourcePackage class
  Prefer s.x to s[X] for SourcePackage objects

  Robert Bruce Park (1):
  Python loop performance enhancements.


Thanks,
~Niels

[britney-patch-bundle-2016-09]:
https://anonscm.debian.org/cgit/users/nthykier/britney.git/log/?h=britney-patch-bundle-2016-09
  Head is: 10ccd0e337fb734a9793b39da3a3b11857918962

[no regressions]: https://travis-ci.org/Debian/britney2/builds/162543509






signature.asc
Description: OpenPGP digital signature

Bug#838692: nmu: nlopt_2.4.2+dfsg-1~bpo70+1

[Emilio Pozuelo Monfort]

On 25/09/16 11:30, Emilio Pozuelo Monfort wrote:
> On 23/09/16 19:14, Andreas Beckmann wrote:
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian@packages.debian.org
>> Usertags: binnmu
>>
>> nmu nlopt_2.4.2+dfsg-1~bpo70+1 . amd64 . wheezy-backports . -m "Rebuild in a 
>> clean wheezy environment."
>>
>> it's currently uninstallable in wheezy-backports:
>>
>>libnlopt0 : Depends: libc6 (>= 2.14) but 2.13-38+deb7u11 is to be 
>> installed
> 
> @backports team: can you take a look at this?

Now cc'ing -backports@.

Emilio

Bug#815036: transition: msgpack-c

[Emilio Pozuelo Monfort]

On 25/09/16 13:59, James McCoy wrote:
> On Sun, Sep 25, 2016 at 11:23:43AM +0200, Emilio Pozuelo Monfort wrote:
>> On 24/09/16 22:52, James McCoy wrote:
>>> On Sat, Sep 03, 2016 at 02:10:08PM -0400, James McCoy wrote:
 On Wed, Aug 31, 2016 at 05:01:33PM +0200, Emilio Pozuelo Monfort wrote:
> Upload msgpack-c to unstable, then you bump the remaining bugs to RC.

 Done.  The tmate maintainer is going to move the compatible version from
 experimental to unstable today.
>>>
>>> It looks like everything's transitioned.
>>
>> Should src:msgpack be removed from the archive now? libmsgpack3 has no rdeps.
> 
> Yes, it should.

Then please file an RM bug against ftp.debian.org

Thanks,
Emilio

Bug#830200: transition: perl

[Emilio Pozuelo Monfort]

On 23/09/16 12:48, Emilio Pozuelo Monfort wrote:
> On 23/09/16 11:40, Dominic Hargreaves wrote:
>> On Fri, Sep 23, 2016 at 09:23:24AM +0200, Julien Cristau wrote:
>>> On Fri, Sep 23, 2016 at 00:34:15 +0200, Emilio Pozuelo Monfort wrote:
>>>
 Control: tags -1 confirmed

 Hi Dom!

 On 19/09/16 17:52, Dominic Hargreaves wrote:
> On Wed, Sep 14, 2016 at 11:13:04AM +0100, Dominic Hargreaves wrote:
>> On Thu, Jul 07, 2016 at 12:55:34PM +0200, Niko Tyni wrote:
>>> We'd like to have Perl 5.24 in stretch.
>
>> I'd like to propose that we upload perl 5.24 to unstable next week.
>> There are a few things left to deal with and I've just updated the 
>> blocker
>> list. I think they can all be either fixed in a week or removed,
>> with the possible exception of graphicsmagick which was a new FTBFS
>> which has popped up only on ppc64el.
>>
>> #825524: liblexical-underscore-perl - there is a patch available
>> #834249: openbabel - there is a patch available
>> #825012: libalgorithm-permute-perl - no rdeps, to remove
>> #825231: libdevel-beginlift-perl - no rdeps, to remove
>> #837719: graphicsmagick - new issue, may need to wait or push for hacky 
>> fix?
>> #825762: libtext-sprintfn-perl - fixed upstream
>> #834800: libkavorka-perl - one rdep libmoops-perl, both can be removed
>
> These are nearly all sorted now - just openbabel to hit sid (in
> DELAYED at the moment) and the other three blockers to be removed
> from testing when the time comes. Thanks as ever to those who worked on
> these issues.
>
> Release team, are we in a position to upload in the next day or two
> or do we need to wait for a better time?

 I wanted to get openmpi done, and that's happened today. So, let's start 
 this!

>>> It actually only almost happened.  So maybe hold this for a bit.
>>
>> Okay. Ready to upload when you say the word!
> 
> Britney crashed last night, but it just run and the openmpi issues are solved.
> Go ahead!

I have scheduled all the binNMUs. Unfortunately I didn't notice linux is a part
of this transition. Let's hope we can get all the perl side ready soon and that
linux gets fixed (it's got an RC bug atm) so stuff doesn't get blocked.

Regards,
Emilio

Processed: Re: Bug#836917: transition: openmpi

[Debian Bug Tracking System]

Processing control commands:

> tags -1 pending
Bug #836917 [release.debian.org] transition: openmpi
Added tag(s) pending.

-- 
836917: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836917
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#815036: transition: msgpack-c

[James McCoy]

On Sun, Sep 25, 2016 at 11:23:43AM +0200, Emilio Pozuelo Monfort wrote:
> On 24/09/16 22:52, James McCoy wrote:
> > On Sat, Sep 03, 2016 at 02:10:08PM -0400, James McCoy wrote:
> >> On Wed, Aug 31, 2016 at 05:01:33PM +0200, Emilio Pozuelo Monfort wrote:
> >>> Upload msgpack-c to unstable, then you bump the remaining bugs to RC.
> >>
> >> Done.  The tmate maintainer is going to move the compatible version from
> >> experimental to unstable today.
> > 
> > It looks like everything's transitioned.
> 
> Should src:msgpack be removed from the archive now? libmsgpack3 has no rdeps.

Yes, it should.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#836917: transition: openmpi

[Emilio Pozuelo Monfort]

Control: tags -1 pending

On 07/09/16 10:25, Bas Couwenberg wrote:
> The upload of openmpi (2.0.1-3) to unstable has triggered another
> transition.

This needed a big hammer to get it into testing. The fact that the different
libopenmpi versions conflict with each other doesn't really help.

This is just pending the boost1.58 removal from testing.

Cheers,
Emilio

Bug#836917: transition: openmpi

[Emilio Pozuelo Monfort]

On 25/09/16 12:15, Andreas Beckmann wrote:
> One binNMU is needed for experimental, too:
> 
> nmu hdf5_1.10.0-patch1+docs-1~exp4 . ANY . experimental . -m "Rebuild against 
> libopenmpi2."

Scheduled.

Emilio

Bug#836917: transition: openmpi

[Andreas Beckmann]

One binNMU is needed for experimental, too:

nmu hdf5_1.10.0-patch1+docs-1~exp4 . ANY . experimental . -m "Rebuild against 
libopenmpi2."


Andreas

Bug#838780: jessie-pu: package irssi/0.8.17-1+deb8u1

[Rhonda D'Vine]

  Hi,

* Adam D. Barratt  [2016-09-24 21:24:18 CEST]:
> On Sat, 2016-09-24 at 21:18 +0200, Rhonda D'Vine wrote:
> >  The patch that upstream provides is this:
> > https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
> > 
> >  I uploaded it to unstable already and would like to push it to stable,
> > too.
> 
> That looks okay, but please could we have a source debdiff for the
> proposed upload, as built and hopefully tested on jessie.

 I commited it locally to my git, the attached diff is
"git diff HEAD^.." which was the commit from the security update.

 Thanks,
Rhonda
-- 
Fühlst du dich mutlos, fass endlich Mut, los  |
Fühlst du dich hilflos, geh raus und hilf, los| Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los   | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los|
diff --git a/debian/changelog b/debian/changelog
index 364754f..79b5c38 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+irssi (0.8.17-1+deb8u2) jessie; urgency=high
+
+  * New patch 23fix-buf.pl to fix an information exposure issue involved with
+using buf.pl and /upgrade (closes: #838762)
+
+ -- Rhonda D'Vine   Sat, 24 Sep 2016 16:10:19 +0200
+
 irssi (0.8.17-1+deb8u1) jessie-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff --git a/debian/patches/23fix-buf.pl b/debian/patches/23fix-buf.pl
new file mode 100644
index 000..27963fd
--- /dev/null
+++ b/debian/patches/23fix-buf.pl
@@ -0,0 +1,103 @@
+Author: Rhonda D'Vine 	vim:ft=diff:
+Description: Fix information exposure during /upgrade, BTS #838762
+
+--- a/scripts/buf.pl
 b/scripts/buf.pl
+@@ -5,7 +5,7 @@ use Irssi qw(command signal_add signal_a
+  settings_get_str settings_get_bool channels windows
+ 	 settings_add_str settings_add_bool get_irssi_dir
+ 	 window_find_refnum signal_stop);
+-$VERSION = '2.13';
++$VERSION = '2.20';
+ %IRSSI = (
+ authors	=> 'Juerd',
+ contact	=> 'ju...@juerd.nl',
+@@ -13,10 +13,8 @@ $VERSION = '2.13';
+ description	=> 'Saves the buffer for /upgrade, so that no information is lost',
+ license	=> 'Public Domain',
+ url		=> 'http://juerd.nl/irssi/',
+-changed	=> 'Mon May 13 19:41 CET 2002',
+-changes	=> 'Severe formatting bug removed * oops, I ' .
+-   'exposed Irssi to ircII foolishness * sorry ' .
+-		   '** removed logging stuff (this is a fix)',
++changed	=> 'Thu Sep 22 01:37 CEST 2016',
++changes	=> 'Fixed file permissions (leaked everything via filesystem)',
+ note1	=> 'This script HAS TO BE in your scripts/autorun!',
+ note2	=> 'Perl support must be static or in startup',
+ );
+@@ -39,9 +37,15 @@ use Data::Dumper;
+ 
+ my %suppress;
+ 
++sub _filename { sprintf '%s/scrollbuffer', get_irssi_dir }
++
+ sub upgrade {
+-open BUF, q{>}, sprintf('%s/scrollbuffer', get_irssi_dir) or die $!;
+-print BUF join("\0", map $_->{server}->{address} . $_->{name}, channels), "\n";
++my $fn = _filename;
++my $old_umask = umask 0077;
++open my $fh, q{>}, $fn or die "open $fn: $!";
++umask $old_umask;
++
++print $fh join("\0", map $_->{server}->{address} . $_->{name}, channels), "\n";
+ for my $window (windows) {
+ 	next unless defined $window;
+ 	next if $window->{name} eq 'status';
+@@ -57,36 +61,39 @@ sub upgrade {
+ 		redo if defined $line;
+ 	}
+ 	}
+-	printf BUF "%s:%s\n%s", $window->{refnum}, $lines, $buf;
++	printf $fh "%s:%s\n%s", $window->{refnum}, $lines, $buf;
+ }
+-close BUF;
++close $fh;
+ unlink sprintf("%s/sessionconfig", get_irssi_dir);
+ command 'layout save';
+ command 'save';
+ }
+ 
+ sub restore {
+-open BUF, q{<}, sprintf('%s/scrollbuffer', get_irssi_dir) or die $!;
+-my @suppress = split /\0/, ;
++my $fn = _filename;
++open my $fh, q{<}, $fn or die "open $fn: $!";
++unlink $fn or warn "unlink $fn: $!";
++
++my @suppress = split /\0/, readline $fh;
+ if (settings_get_bool 'upgrade_suppress_join') {
+ 	chomp $suppress[-1];
+ 	@suppress{@suppress} = (2) x @suppress;
+ }
+ active_win->command('^window scroll off');
+-while (my $bla = ){
++while (my $bla = readline $fh){
+ 	chomp $bla;
+ 	my ($refnum, $lines) = split /:/, $bla;
+ 	next unless $lines;
+ 	my $window = window_find_refnum $refnum;
+ 	unless (defined $window){
+-	 for 1..$lines;
++	readline $fh for 1..$lines;
+ 	next;
+ 	}
+ 	my $view = $window->view;
+ 	$view->remove_all_lines();
+ 	$view->redraw();
+ 	my $buf = '';
+-	$buf .=  for 1..$lines;
++	$buf .= readline $fh for 1..$lines;
+ 	my $sep = settings_get_str 'upgrade_separator';
+ 	$sep .= "\n" if $sep ne '';
+ 	$window->gui_printtext_after(undef, MSGLEVEL_CLIENTNOTICE, "$buf\cO$sep");
+@@ -119,3 +126,10 @@ signal_add   'event join'  => 's
+ unless (-f sprintf('%s/scripts/autorun/buf.pl', get_irssi_dir)) {
+ 

Bug#838692: nmu: nlopt_2.4.2+dfsg-1~bpo70+1

[Emilio Pozuelo Monfort]

On 23/09/16 19:14, Andreas Beckmann wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: binnmu
> 
> nmu nlopt_2.4.2+dfsg-1~bpo70+1 . amd64 . wheezy-backports . -m "Rebuild in a 
> clean wheezy environment."
> 
> it's currently uninstallable in wheezy-backports:
> 
>libnlopt0 : Depends: libc6 (>= 2.14) but 2.13-38+deb7u11 is to be installed

@backports team: can you take a look at this?

Cheers,
Emilio

Bug#838693: nmu: libteam_1.12-2~bpo70+1

[Emilio Pozuelo Monfort]

On 23/09/16 19:16, Andreas Beckmann wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: binnmu
> 
> nmu libteam_1.12-2~bpo70+1 . amd64 . wheezy-backports . -m "Rebuild in a 
> clean wheezy environment."
> 
> this was not built in wheezy ...
> 
>libteam5 : Depends: libc6 (>= 2.14) but 2.13-38+deb7u11 is to be installed

@backports team: can you take a look at this?

Cheers,
Emilio

Bug#838673: marked as done (nmu: slurm-llnl_16.05.2-1)

[Debian Bug Tracking System]

Your message dated Sun, 25 Sep 2016 11:23:11 +0200
with message-id <05f694d4-bd0a-1a3b-8baf-51f8f1c15...@debian.org>
and subject line Re: Bug#838673: nmu: slurm-llnl_16.05.2-1
has caused the Debian Bug report #838673,
regarding nmu: slurm-llnl_16.05.2-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
838673: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838673
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

nmu slurm-llnl_16.05.2-1 . amd64 . unstable . -m "Rebuild against librrd8."

Maintainer upload was built against librrd4.


Andreas
--- End Message ---
--- Begin Message ---
On 23/09/16 16:20, Andreas Beckmann wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: binnmu
> 
> nmu slurm-llnl_16.05.2-1 . amd64 . unstable . -m "Rebuild against librrd8."
> 
> Maintainer upload was built against librrd4.

Scheduled.

Emilio--- End Message ---

Bug#815036: transition: msgpack-c

[Emilio Pozuelo Monfort]

On 24/09/16 22:52, James McCoy wrote:
> On Sat, Sep 03, 2016 at 02:10:08PM -0400, James McCoy wrote:
>> On Wed, Aug 31, 2016 at 05:01:33PM +0200, Emilio Pozuelo Monfort wrote:
>>> Upload msgpack-c to unstable, then you bump the remaining bugs to RC.
>>
>> Done.  The tmate maintainer is going to move the compatible version from
>> experimental to unstable today.
> 
> It looks like everything's transitioned.

Should src:msgpack be removed from the archive now? libmsgpack3 has no rdeps.

Emilio

Bug#836192: marked as done (transition: libdap)

[Debian Bug Tracking System]

Your message dated Sun, 25 Sep 2016 11:21:18 +0200
with message-id 
and subject line Re: Bug#836192: transition: libdap
has caused the Debian Bug report #836192,
regarding transition: libdap
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
836192: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836192
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Control: block -1 by 836187

Dear Release Team,

As discussed in the protobuf transition bugreport, the upload of
libdap (3.18.0-1) to unstable has triggered another uncoordinated
transition, which is causing the osmium rebuilds to fail.

Before the reverse dependencies can be rebuilt, the build failures on
the release architectures (#836187) need to be fixed first.

The maintainer (Alastair McKinstry) is CC'ed.

Kind Regards,

Bas


Ben file:

title = "libdap";
is_affected = .depends ~ "libdap17v5" | .depends ~ "libdap23";
is_good = .depends ~ "libdap23";
is_bad = .depends ~ "libdap17v5";
--- End Message ---
--- Begin Message ---
On 24/09/16 21:37, Sebastiaan Couwenberg wrote:
> This transition should be done, time to close this bugreport?

Yes.

Emilio--- End Message ---

Bug#836447: marked as done (transition: proj)

[Debian Bug Tracking System]

Your message dated Sun, 25 Sep 2016 11:20:43 +0200
with message-id 
and subject line Re: Bug#836447: transition: proj
has caused the Debian Bug report #836447,
regarding transition: proj
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
836447: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836447
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Control: forwarded -1 https://release.debian.org/transitions/html/auto-proj.html

PROJ.4 4.9.3 has been released and bumps the SOVERSION from 9 to 12,
requiring a transition.

We've had the release candidates in experimental for a little while
already, and the issues identified with those have already been fixed in
unstable. Only gpx2shp needed a patch to support the renamed PI defines
in projects.h from proj 4.9.3.

All reverse dependencies rebuilt successfully with the new proj packages
from experimental (as summarized below), except mapnik (3.0.11+ds-1) in
unstable because it lacks support for Boost 1.61 (#833756), the mapnik
3.0.12 release candidates in experimental do support Boost 1.61.
Mapnik 3.0.11 is scheduled for automatic removal from testing on
2016-09-21, unfortunately I don't expect the 3.0.12 final release before
that time.

Please also schedule binNMUs for the affected packages in experimental
if those have not yet moved to unstable when the transition starts.

 spatialite   (4.4.0~rc1-1~exp1)
 spatialite-tools (4.4.0~rc1-1~exp1),
 grass(7.0.5~rc1-1~exp1)
 mapnik   (3.0.12~rc6+ds-1~exp2)
 python-mapnik(1:0.0~20160810-3a60211-1~exp1),

I will move the new pdal & qgis packages from experimental to unstable
today.


Transition: proj

 libproj9 (4.9.2-3) -> libproj12 (4.9.3-1~exp1)

The status of the most recent rebuilds is as follows.

 gpx2shp (0.71.0-4)  OK
 libgeo-proj4-perl   (1.05-3)OK
 libgeotiff-dfsg (1.4.2-2)   OK
 ogdi-dfsg   (3.2.0+ds-1)OK
 openorienteering-mapper (0.6.3-2)   OK
 pdl (1:2.016-4) OK
 proj-rdnap  (2008-5)OK
 python-pyproj   (1.9.5.1-2) OK
 shapelib(1.3.0-8)   OK
 sosi2osm(1.0.0-3)   OK
 spatialite  (4.3.0a-5 / 4.4.0~rc1-1~exp1)   OK / OK
 survex  (1.2.27-1)  OK
 zygrib  (7.0.0-4)   OK

 gdal(2.1.1+dfsg-1)  OK
 magics++(2.29.2-1)  OK
 pyspatialite(3.0.1-11)  OK
 spatialite-gui  (2.0.0~devel2-4)OK
 spatialite-tools(4.3.0-2 / 4.4.0~rc1-1~exp1)OK / OK

 cdo (1.7.2+dfsg.1-1)OK
 dans-gdal-scripts   (0.23-6)OK
 grass   (7.0.4-3 / 7.0.5~rc1-1~exp1)OK / OK
 libosmium   (2.8.0-2)   OK
 mapcache(1.4.1-3)   OK
 mapnik  (3.0.11+ds-1 /
  3.0.12~rc4+ds-1~exp1)  FTBFS / OK
 mapproxy(1.9.0-3)   OK
 mapserver   (7.0.1-3)   OK
 merkaartor  (0.18.3-1)  OK
 metview (4.6.7-1)   OK
 ncl (6.3.0-11)  OK
 otb (5.6.1+dfsg-1)  OK
 pdal(1.3.0-1)   OK
 postgis (2.2.2+dfsg-4)  OK
 qlandkartegt(1.8.1+ds-6)OK
 qmapshack   (1.6.3-1)   OK
 saga(2.3.1+dfsg-1)  OK
 sumo(0.27.1+dfsg1-1)OK
 thuban  (1.2.2-11)  OK
 vtk6(6.3.0+dfsg1-1) OK
 xastir  (2.0.8-2)   OK

 ifrit   (4.1.2-5)   OK
 libgdal-grass   (2.1.1-2)   OK
 osm2pgsql   (0.90.1+ds-1)   OK
 python-mapnik   (1:0.0~20160531-f65767a-1 /