Bug#853280: unblock: simple-cdd/0.6.4

2017-01-30 Thread Vagrant Cascadian 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: debian-b...@lists.debian.org, 
simple-cdd-de...@lists.alioth.debian.org

Please unblock package simple-cdd

The source package simple-cdd appears to be blocked due to the
simple-cdd-profiles udeb. This udeb is not used by debian-installer by
default, and the udeb hasn't changed at all since the version
currently in testing.

The new version fixes an issue in boolean handling treating any
specified value, including "false", as if it were True. It also fixes
a compatibility issue with newer versions of debian-cd. And also
supports the BOOT_TIMEOUT variable for generated CD images that use
grub2.

Thanks!

debdiff attached.

live well,
  vagrant

diff -Nru simple-cdd-0.6.3/build-simple-cdd simple-cdd-0.6.4/build-simple-cdd
--- simple-cdd-0.6.3/build-simple-cdd	2016-11-27 17:05:05.0 -0800
+++ simple-cdd-0.6.4/build-simple-cdd	2017-01-16 13:40:32.0 -0800
@@ -111,13 +111,14 @@
 for pathname in self.find_profile_files(p + ".conf"):
 self.env.read_config_file(pathname)
 
-# Set default values for various mirrors
-if not self.env.get("security_mirror") and self.env.get("use_security_mirror"):
-self.env.set("security_mirror", "http://security.debian.org/";)
-if not self.env.get("updates_mirror") and self.env.get("use_updates_mirror"):
-self.env.set("updates_mirror", self.env.get("debian_mirror"))
-if not self.env.get("backports_mirror") and self.env.get("backports"):
-self.env.set("backports_mirror", self.env.get("debian_mirror"))
+# Disable security and updates mirrors for sid, as they do not exist.
+if self.env.get("CODENAME") == "sid":
+if self.env.get("security_mirror"):
+log.info("Disabling security mirror for sid.")
+self.env.set("security_mirror", "")
+if self.env.get("updates_mirror"):
+log.info("Disabling updates mirror for sid.")
+self.env.set("updates_mirror", "")
 
 # Set defaults for debian-cd CONTRIB and NONFREE variables based on configured mirror components.
 for component in self.env.get("mirror_components") + self.env.get("mirror_components_extra"):
@@ -172,9 +173,9 @@
 for p in self.env.get("preseed_files"):
 if verify_preseed_file(p): continue
 if self.args.force_preseed:
-log.warn("preseed file invalid: %s", pathname)
+log.warn("preseed file invalid: %s", p)
 else:
-raise Fail("preseed file invalid: %s", pathname)
+raise Fail("preseed file invalid: %s", p)
 
 
 def paranoid_checks(self):
diff -Nru simple-cdd-0.6.3/debian/changelog simple-cdd-0.6.4/debian/changelog
--- simple-cdd-0.6.3/debian/changelog	2016-11-27 18:40:54.0 -0800
+++ simple-cdd-0.6.4/debian/changelog	2017-01-17 15:10:07.0 -0800
@@ -1,3 +1,20 @@
+simple-cdd (0.6.4) unstable; urgency=medium
+
+  [ Vagrant Cascadian ]
+  * tools/build/debian-cd: Set wget variable, which is used to download
+d-i daily images.
+  * Default to enabling security and updates mirrors, and remove
+use_*_mirror booleans.
+
+  [ Boskovits, Gabriel ]
+  * Add patch to support BOOT_TIMEOUT with grub2.
+
+  [ Enrico Zini ]
+  * Tested reading booleans from .conf files, and fixed parsing their
+values.
+
+ -- Vagrant Cascadian   Tue, 17 Jan 2017 15:10:07 -0800
+
 simple-cdd (0.6.3) unstable; urgency=medium
 
   * Move setting of debian-cd CONTRIB/NONFREE after setting variables from
diff -Nru simple-cdd-0.6.3/simple_cdd/env.py simple-cdd-0.6.4/simple_cdd/env.py
--- simple-cdd-0.6.3/simple_cdd/env.py	2016-11-27 17:05:05.0 -0800
+++ simple-cdd-0.6.4/simple_cdd/env.py	2017-01-16 14:23:24.0 -0800
@@ -158,7 +158,7 @@
 if isinstance(self.default, bool):
 bval = self.default
 else:
-bval = bool(super().default_to_string())
+bval = super().default_to_string() == "true"
 return "true" if bval else ""
 
 def to_python(self):
@@ -305,7 +305,7 @@
 
 def set(self, name, value):
 """
-Set a value by name, converting value to the type of the variable name.
+Set a value by name, converting the python value to the type of the variable name.
 """
 cur = self.env.get(name, None)
 if cur is None:
@@ -313,6 +313,16 @@
 cur.automatically_created = True
 cur.from_python(value)
 
+def set_from_commandline(self, name, value):
+"""
+Set a value by name, converting the user string value to the type of the variable name.
+"""
+cur = self.env.get(name, None)
+if cur is None:
+self.env[name] = cur = TextVar(name, env=self)
+cur.automatically_created = True
+cur.from_commandline(value

Re: Bug#851612: CVE-2017-0381

2017-01-30 Thread Ron 
On Sun, Jan 29, 2017 at 04:39:59PM +0100, Salvatore Bonaccorso wrote:
> On Tue, Jan 17, 2017 at 01:25:27AM -0500, Jean-Marc Valin wrote:
> > Hi,
> > 
> > CVE-2017-0381 states that:
> > "A remote code execution vulnerability in silk/NLSF_stabilize.c in
> > libopus in Mediaserver could enable an attacker using a specially
> > crafted file to cause memory corruption during media file and data
> > processing."
> > 
> > Now I'm not sure who did the analysis of this bug, but the analysis we
> > did concluded that the very worst that could happen was a slightly out
> > of bounds *read* 256 bytes before a constant table. What this means in
> > practice is that the value is read from another table and the decoded
> > data audio will sound bad (which was already going to happen if you're
> > decoding garbage data).
> > 
> > The worst case that could happen is a plain crash. This would happen if
> > the code is compiled with assertions (the code would assert before
> > making the read), or -- if you're really unlucky -- if the table is
> > placed just after some unreadable memory.
> > 
> > So while the bug definitely needed to be fixed -- and was fixed back in
> > July -- we don't consider it to be a severe security issue. If you
> > disagree with our analysis, could you point out what we missed?
> 
> Apologies for the long delay, Jean-Marc. Thanks a lot for your
> analysis.
> 
> Ron, would it be possible that you fix that issue via an upcoming
> point release for jessie? It would not warrant a DSA on it's own.

We could cherry pick that patch back into 1.1 that's in Jessie, but
unless someone does find a more serious hole in the upstream analysis,
the interesting question would be what do we actually want to achieve
with a point release update?

After we decided to tag 1.2-alpha2 as the best candidate for Stretch,
Jean-Marc also applied this to the 1.1 branch, now tagged as 1.1.4,
for people who did want the fix, but didn't want to jump to the 1.2
changes yet - since there was some amount of hysteria growing attached
to it based on the original CVE claims.

Between 1.1 and 1.1.4 there have actually been a number of patches
to fix things of approximately this severity (this code is continually
being fuzzed and subjected to new analysis, and that does shake out
new corner cases with numeric precision and the like from time to time).

So if we're going to update Jessie because this is "severe enough" to
warrant that (but not so serious to do as a DSA), it would seem a bit
silly to not pull in all of the fixes in that category, or to prioritise
them purely on "how much publicity someone else gave them".

The downside of that is the diff between 1.1 and 1.1.4 isn't something
I expect the SRMs will find a delight to review.  And cherry picking
all of them individually will probably be a significant amount of
error prone work, that personally I'd have a lot less faith in not
introducing an accidental regression.  I don't yet know how many of
them are significantly linked to prior patches in the series.

This patch is the only diff between 1.1.3 and 1.1.4, and 1.1.3 spent
a few months in Stretch without incident before this update.

In "normal use", most people are unlikely to hit any of these issues,
but if we want a stable update where we can honestly say "fixes all
known corner cases where corrupt or maliciously crafted input can do
Something Bad", we probably do want to consider pulling in significantly
more of 1.1.4 than just this patch.  And if we want what we pull in to
have been tested, then pulling in 1.1.4 verbatim would be the safest bet
by a fair margin.

If there's a real regression to that, it would be an upstream bug and
there'll be a 1.1.5 to fix it as soon as it's known ...  This is now
a 'serious' bugfix only branch.  New work is all for 1.2.


I've CC'd -release, to see what they'd prefer we do for Jessie.
It might be that the best option here is to just put something later
in -bpo, and if people are paranoid, they can choose to use that?

  Cheers,
  Ron

Re: Bug#746005: Problems in Lilipond and Guile -- #746005

2017-01-30 Thread Anthony Fok 
Control: severity -1 important

On Fri, Dec 30, 2016 at 9:39 AM, Dr. Tobias Quathamer  wrote:
> About a year later, Emilio states that the release team discussed this
> problem and "wouldn't like to release Stretch with guile-1.8 just for
> lilypond's sake":
> 
>
> However, he also wrote in that message that "We can discuss this again later
> in the cycle if necessary, though hopefully lilypond can get in shape and we
> won't need to do that :)"

Dear friends,

I am happy to report that a new Debian version of lilypond (2.18.2-7),
with its own privately bundled guile-1.8, hidden inside

  * /usr/lib/$(DEB_HOST_MULTIARCH)/lilypond/2.18.2 and
  * /usr/share/lilypond/2.18.2/guile/1.8,

has entered unstable, and buildd has built it for all architectures except
powerpcspe (Needs-Build, long queue) and sh4 (BD-Uninstallable):

https://buildd.debian.org/status/package.php?p=lilypond

So, while the migration to guile-2.0 is a definite goal, one that
upstream is still working on it slowly but surely (maybe in 2.20?),
the absence of guile-1.8 in Debian no longer causes lilypond 2.18.2 to
FTBFS, hence I am lowering the severity of this bug from serious to
important.

Hope this is enough to help bring LilyPond back into Debian 9 "stretch".
I will submit an unblock request right away.  Keeping my fingers crossed.  :-)

Cheers,

Anthony

Bug#853273: RM: osmose-emulator/1.0-2 [armel armhf] -- ROM; ANAIS

2017-01-30 Thread Carlos Donizete Froes 
Package: ftp.debian.org
Severity: normal

Hello,

Please remove osmose-emulator version 1.0-2 from unstable. Missing build on 
armel.

Thanks

Carlos Donizete Froes [a.k.a coringao]

Bug#852624: jessie-pu: package libmateweather/1.8.0-2+deb8u2

2017-01-30 Thread ZenWalker 

libmateweather has now been uploaded to jessie-pu

 Regards,
 Pablo

Bug#853245: marked as done (RM: virglrenderer/0.5.0-2)

2017-01-30 Thread Debian Bug Tracking System 
Your message dated Tue, 31 Jan 2017 00:28:40 +0100
with message-id <9cb5bd40-0937-39ef-eca6-3f96433fa...@debian.org>
and subject line Re: Bug#853245: RM: virglrenderer/0.5.0-2
has caused the Debian Bug report #853245,
regarding RM: virglrenderer/0.5.0-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
853245: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853245
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

Hi

Please remove virglrenderer from testing. virglrenderer has security
bugs and is in meanwhile orpahned, and should not be included in
stretch as stable release. The only reverse dependency previously
using it was qemu, but qemu reverted the support for "enable virtio
gpu (virglrenderer) and opengl support" with the 1:2.8+dfsg-2 upload
to unstable.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
On 30/01/17 20:42, Salvatore Bonaccorso wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: rm
> 
> Hi
> 
> Please remove virglrenderer from testing. virglrenderer has security
> bugs and is in meanwhile orpahned, and should not be included in
> stretch as stable release. The only reverse dependency previously
> using it was qemu, but qemu reverted the support for "enable virtio
> gpu (virglrenderer) and opengl support" with the 1:2.8+dfsg-2 upload
> to unstable.

Hinted for removal.

Emilio--- End Message ---

Bug#853001: Unblock tigervnc/1.7.0+dfsg-3

2017-01-30 Thread Ola Lundqvist 
Hi again

I have now uploaded a new version of the package. That version do have
real good changes in debian/rules. They were crucial for getting
libvnc.so to work. So with that I think the rest of the debian/rules
changes are fine too.

The new upload has the following changelog:

 tigervnc (1.7.0+dfsg-4) unstable; urgency=medium
 .
   * Make sure libtool do not complain about missing symbol.
 Closes: #851842.


Best regards

// Ola

On 30 January 2017 at 21:50, Ola Lundqvist  wrote:
> Hi Emilio
>
> I have to ask Joachim who did that change.
>
> All I know is the git comments:
>  Make ./debian/rules debug-debian-rules not lie
>  Cleanup patch dance some more
>  Removed obsolete target reverse-patches-xorg
>
> Best regards
>
> // Ola
>
>
> On 30 January 2017 at 19:11, Emilio Pozuelo Monfort  wrote:
>> On 28/01/17 21:46, Ola Lundqvist wrote:
>>> Package: release.debian.org
>>> Severity: normal
>>> Usertags: unblock
>>>
>>> Hi
>>>
>>> I would like you to unblock the last upload of tigervnc. It solved a
>>> security RC bug.
>>>
>>> tigervnc (1.7.0+dfsg-3) unstable; urgency=high
>>>
>>>   [ Salvatore Bonaccorso ]
>>>   * Fix buffer overflow in ModifiablePixelBuffer::fillRect (CVE-2017-5581)
>>> (Closes: #852213)
>>>
>>>   [ Joachim Falk ]
>>>   * Shut up lintian manpage-has-errors-from-man for vnc.conf.5x.gz
>>> Basically the default value for $sslAutoGenCertCommand is too large
>>> to fit into a 80 column manpage output. Broke that into multiple
>>> lines.
>>>
>>>  -- Ola Lundqvist   Sat, 28 Jan 2017 21:08:53 +0100
>>
>> You have some undocumented changes to debian/rules. Are those important 
>> and/or
>> fixing any issues?
>>
>> Emilio
>
>
>
> --
>  --- Inguza Technology AB --- MSc in Information Technology 
> /  o...@inguza.comFolkebogatan 26\
> |  o...@debian.org   654 68 KARLSTAD|
> |  http://inguza.com/Mobile: +46 (0)70-332 1551 |
> \  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
>  ---



-- 
 --- Inguza Technology AB --- MSc in Information Technology 
/  o...@inguza.comFolkebogatan 26\
|  o...@debian.org   654 68 KARLSTAD|
|  http://inguza.com/Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---

Bug#853264: unblock: wavpack/5.0.0-2

2017-01-30 Thread Sebastian Ramacher 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package wavpack. 5.0.0-2 fixes CVE-2016-10169, CVE-2016-10170,
CVE-2016-10171 and CVE-2016-10172 by simply applying upstream's patch for the
CVEs.

unblock wavpack/5.0.0-2

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (650, 'unstable-debug'), (650, 'buildd-unstable'), (650, 
'unstable'), (601, 'testing'), (600, 'experimental-debug'), (600, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
Sebastian Ramacher
diff --git a/debian/changelog b/debian/changelog
index 18586f6..3cc049a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+wavpack (5.0.0-2) unstable; urgency=medium
+
+  * Team upload.
+  * debian/patches: Apply upstream fix to fix some fuzz failures
+(CVE-2016-10169, CVE-2016-10170, CVE-2016-10171, CVE-2016-10172). (Closes:
+#853076)
+
+ -- Sebastian Ramacher   Mon, 30 Jan 2017 21:04:05 +0100
+
 wavpack (5.0.0-1) unstable; urgency=medium
 
   * Team upload.
diff --git 
a/debian/patches/fixes-for-4-fuzz-failures-posted-to-SourceForge-mail.patch 
b/debian/patches/fixes-for-4-fuzz-failures-posted-to-SourceForge-mail.patch
new file mode 100644
index 000..62346c7
--- /dev/null
+++ b/debian/patches/fixes-for-4-fuzz-failures-posted-to-SourceForge-mail.patch
@@ -0,0 +1,52 @@
+From 4bc05fc490b66ef2d45b1de26abf1455b486b0dc Mon Sep 17 00:00:00 2001
+From: David Bryant 
+Date: Wed, 21 Dec 2016 22:18:36 -0800
+Subject: [PATCH] fixes for 4 fuzz failures posted to SourceForge mailing list
+
+---
+ src/open_utils.c | 6 +-
+ src/read_words.c | 4 
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/open_utils.c b/src/open_utils.c
+index 7519f99..a844046 100644
+--- a/src/open_utils.c
 b/src/open_utils.c
+@@ -560,7 +560,7 @@ static int read_new_config_info (WavpackContext *wpc, 
WavpackMetadata *wpmd)
+ 
+ // if there's any data, the first two bytes are file_format and qmode 
flags
+ 
+-if (bytecnt) {
++if (bytecnt >= 2) {
+ wpc->file_format = *byteptr++;
+ wpc->config.qmode = (wpc->config.qmode & ~0xff) | *byteptr++;
+ bytecnt -= 2;
+@@ -593,6 +593,10 @@ static int read_new_config_info (WavpackContext *wpc, 
WavpackMetadata *wpmd)
+ for (i = 0; i < nchans; ++i)
+ if (bytecnt) {
+ wpc->channel_reordering [i] = *byteptr++;
++
++if (wpc->channel_reordering [i] >= nchans)  
// make sure index is in range
++wpc->channel_reordering [i] = 0;
++
+ bytecnt--;
+ }
+ else
+diff --git a/src/read_words.c b/src/read_words.c
+index 62acac3..a537bfa 100644
+--- a/src/read_words.c
 b/src/read_words.c
+@@ -288,6 +288,10 @@ int32_t FASTCALL get_word (WavpackStream *wps, int chan, 
int32_t *correction)
+ 
+ low &= 0x7fff;
+ high &= 0x7fff;
++
++if (low > high) // make sure high and low make sense
++high = low;
++
+ mid = (high + low + 1) >> 1;
+ 
+ if (!c->error_limit)
+-- 
+2.11.0
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 000..28b0d00
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+fixes-for-4-fuzz-failures-posted-to-SourceForge-mail.patch


signature.asc
Description: PGP signature

Bug#853260: unblock: lcmaps-plugins-voms/1.6.2-2.1

2017-01-30 Thread Sebastian Andrzej Siewior 
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package lcmaps-plugins-voms. The new version it builds
again from source.

unblock lcmaps-plugins-voms/1.6.2-2.1

Sebastian
diff -Nru lcmaps-plugins-voms-1.6.2/debian/changelog lcmaps-plugins-voms-1.6.2/debian/changelog
--- lcmaps-plugins-voms-1.6.2/debian/changelog	2014-01-20 15:48:08.0 +0100
+++ lcmaps-plugins-voms-1.6.2/debian/changelog	2017-01-29 21:51:50.0 +0100
@@ -1,3 +1,10 @@
+lcmaps-plugins-voms (1.6.2-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Get it built with openssl 1.1. (Closes: #828376).
+
+ -- Sebastian Andrzej Siewior   Sun, 29 Jan 2017 21:51:50 +0100
+
 lcmaps-plugins-voms (1.6.2-2) unstable; urgency=low
 
   [ Mischa Salle ]
diff -Nru lcmaps-plugins-voms-1.6.2/debian/patches/openssl11.patch lcmaps-plugins-voms-1.6.2/debian/patches/openssl11.patch
--- lcmaps-plugins-voms-1.6.2/debian/patches/openssl11.patch	1970-01-01 01:00:00.0 +0100
+++ lcmaps-plugins-voms-1.6.2/debian/patches/openssl11.patch	2017-01-29 21:51:12.0 +0100
@@ -0,0 +1,20 @@
+Subject: workaround for openssl 1.1
+
+X509 does not have ->name member anymore. It used to be the content of the
+Subject property. Since it is only for higher debug I don't even try to fetch
+the Subject property.
+---
+ src/voms/lcmaps_voms.c |2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/voms/lcmaps_voms.c
 b/src/voms/lcmaps_voms.c
+@@ -442,7 +442,7 @@ static int plugin_run_or_verify(
+ if ( ( px509_cred = lcmaps_cred_to_x509(cred) ) )
+ {
+ lcmaps_log_debug(1,"%s: found X509 struct inside gss credential\n", logstr);
+-lcmaps_log_debug(5,"%s: just for kicks: X509->name %s\n", logstr,px509_cred->name);
++/* lcmaps_log_debug(5,"%s: just for kicks: X509->name %s\n", logstr,px509_cred->name); */
+ }
+ else
+ {
diff -Nru lcmaps-plugins-voms-1.6.2/debian/patches/series lcmaps-plugins-voms-1.6.2/debian/patches/series
--- lcmaps-plugins-voms-1.6.2/debian/patches/series	2013-11-12 16:23:41.0 +0100
+++ lcmaps-plugins-voms-1.6.2/debian/patches/series	2017-01-29 21:47:44.0 +0100
@@ -1,2 +1,3 @@
 
 
+openssl11.patch

Bug#853001: Unblock tigervnc/1.7.0+dfsg-3

2017-01-30 Thread Ola Lundqvist 
Hi Emilio

I have to ask Joachim who did that change.

All I know is the git comments:
 Make ./debian/rules debug-debian-rules not lie
 Cleanup patch dance some more
 Removed obsolete target reverse-patches-xorg

Best regards

// Ola


On 30 January 2017 at 19:11, Emilio Pozuelo Monfort  wrote:
> On 28/01/17 21:46, Ola Lundqvist wrote:
>> Package: release.debian.org
>> Severity: normal
>> Usertags: unblock
>>
>> Hi
>>
>> I would like you to unblock the last upload of tigervnc. It solved a
>> security RC bug.
>>
>> tigervnc (1.7.0+dfsg-3) unstable; urgency=high
>>
>>   [ Salvatore Bonaccorso ]
>>   * Fix buffer overflow in ModifiablePixelBuffer::fillRect (CVE-2017-5581)
>> (Closes: #852213)
>>
>>   [ Joachim Falk ]
>>   * Shut up lintian manpage-has-errors-from-man for vnc.conf.5x.gz
>> Basically the default value for $sslAutoGenCertCommand is too large
>> to fit into a 80 column manpage output. Broke that into multiple
>> lines.
>>
>>  -- Ola Lundqvist   Sat, 28 Jan 2017 21:08:53 +0100
>
> You have some undocumented changes to debian/rules. Are those important and/or
> fixing any issues?
>
> Emilio



-- 
 --- Inguza Technology AB --- MSc in Information Technology 
/  o...@inguza.comFolkebogatan 26\
|  o...@debian.org   654 68 KARLSTAD|
|  http://inguza.com/Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---

Bug#853254: ftp.debian.org: please create stretch-backports suite

2017-01-30 Thread Julien Cristau 
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: debian-release@lists.debian.org

In preparation of the freeze, it would be nice if the stretch-backports
could be populated, with the same architectures as stretch.  If
possible, the new suite should not accept uploads until the actual
stretch release.

Cheers,
Julien

Bug#853245: RM: virglrenderer/0.5.0-2

2017-01-30 Thread Salvatore Bonaccorso 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

Hi

Please remove virglrenderer from testing. virglrenderer has security
bugs and is in meanwhile orpahned, and should not be included in
stretch as stable release. The only reverse dependency previously
using it was qemu, but qemu reverted the support for "enable virtio
gpu (virglrenderer) and opengl support" with the 1:2.8+dfsg-2 upload
to unstable.

Regards,
Salvatore

Bug#853235: jessie-pu: package groovy/2.2.2+dfsg-3+deb8u1

2017-01-30 Thread Markus Koschany 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

groovy2 is also affected by CVE-2016-6814. The patch is almost
identical to the one used in groovy. Please find attached the debdiff.

Markus
diff -Nru groovy2-2.2.2+dfsg/debian/changelog 
groovy2-2.2.2+dfsg/debian/changelog
--- groovy2-2.2.2+dfsg/debian/changelog 2015-07-25 22:20:07.0 +0200
+++ groovy2-2.2.2+dfsg/debian/changelog 2017-01-30 17:49:16.0 +0100
@@ -1,3 +1,16 @@
+groovy2 (2.2.2+dfsg-3+deb8u2) jessie; urgency=medium
+
+  * Team upload.
+  * Fix CVE-2016-6814: It was found that a flaw in Apache Groovy, a dynamic
+language for the Java Virtual Machine, allows remote code execution
+wherever deserialization occurs in the application. It is possible for an
+attacker to craft a special serialized object that will execute code
+directly when deserialized. All applications which rely on serialization
+and do not isolate the code which deserializes objects are subject to this
+vulnerability.
+
+ -- Markus Koschany   Mon, 30 Jan 2017 17:49:16 +0100
+
 groovy2 (2.2.2+dfsg-3+deb8u1) stable; urgency=high
 
   * Fix remote execution of untrusted code and possible DoS vulnerability.
diff -Nru groovy2-2.2.2+dfsg/debian/patches/CVE-2016-6814.patch 
groovy2-2.2.2+dfsg/debian/patches/CVE-2016-6814.patch
--- groovy2-2.2.2+dfsg/debian/patches/CVE-2016-6814.patch   1970-01-01 
01:00:00.0 +0100
+++ groovy2-2.2.2+dfsg/debian/patches/CVE-2016-6814.patch   2017-01-30 
17:49:16.0 +0100
@@ -0,0 +1,37 @@
+From: Markus Koschany 
+Date: Mon, 30 Jan 2017 17:47:46 +0100
+Subject: CVE-2016-6814
+
+Bug-Debian: https://bugs.debian.org/851408
+Origin: http://seclists.org/oss-sec/2017/q1/92
+---
+ src/main/org/codehaus/groovy/runtime/MethodClosure.java | 9 +
+ 1 file changed, 9 insertions(+)
+
+diff --git a/src/main/org/codehaus/groovy/runtime/MethodClosure.java 
b/src/main/org/codehaus/groovy/runtime/MethodClosure.java
+index 8e4fac8..6fceb3d 100644
+--- a/src/main/org/codehaus/groovy/runtime/MethodClosure.java
 b/src/main/org/codehaus/groovy/runtime/MethodClosure.java
+@@ -19,6 +19,7 @@ import groovy.lang.Closure;
+ import groovy.lang.MetaMethod;
+ 
+ import java.util.List;
++import java.io.IOException;
+ 
+ 
+ /**
+@@ -69,6 +70,14 @@ public class MethodClosure extends Closure {
+ throw new UnsupportedOperationException();
+ }
+ 
++private void readObject(java.io.ObjectInputStream stream) throws
++IOException, ClassNotFoundException {
++if (ALLOW_RESOLVE) {
++stream.defaultReadObject();
++}
++throw new UnsupportedOperationException();
++}
++
+ public Object getProperty(String property) {
+ if ("method".equals(property)) {
+ return getMethod();
diff -Nru groovy2-2.2.2+dfsg/debian/patches/series 
groovy2-2.2.2+dfsg/debian/patches/series
--- groovy2-2.2.2+dfsg/debian/patches/series2015-07-25 22:19:23.0 
+0200
+++ groovy2-2.2.2+dfsg/debian/patches/series2017-01-30 17:49:16.0 
+0100
@@ -2,3 +2,4 @@
 02_fix_start_script.diff
 03_add_maven_poms.diff
 04_CVE-2015-3253.diff
+CVE-2016-6814.patch

Bug#853233: jessie-pu: package groovy/1.8.6-4+deb8u1

2017-01-30 Thread Markus Koschany 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hello,

I would like to upload a security update for Groovy in Jessie.
(Debdiff is attached) This is Debian bug #851408 or CVE-2016-6814. The
security team has marked this CVE as no-dsa but it would be good to
fix CVE-2016-6814 in Jessie too. I will also file a bug report for
Groovy2 which is affected by the same issue shortly.

Regards,

Markus
diff -Nru groovy-1.8.6/debian/changelog groovy-1.8.6/debian/changelog
--- groovy-1.8.6/debian/changelog   2015-07-25 23:30:00.0 +0200
+++ groovy-1.8.6/debian/changelog   2017-01-30 17:20:04.0 +0100
@@ -1,3 +1,17 @@
+groovy (1.8.6-4+deb8u2) jessie; urgency=medium
+
+  * Team upload.
+  * Fix CVE-2016-6814:
+It was found that a flaw in Apache Groovy, a dynamic language for the Java
+Virtual Machine, allows remote code execution wherever deserialization
+occurs in the application. It is possible for an attacker to craft a
+special serialized object that will execute code directly when
+deserialized. All applications which rely on serialization and do not
+isolate the code which deserializes objects are subject to this
+vulnerability.
+
+ -- Markus Koschany   Mon, 30 Jan 2017 17:20:04 +0100
+
 groovy (1.8.6-4+deb8u1) stable; urgency=high
 
   * Fix remote execution of untrusted code and possible DoS vulnerability.
diff -Nru groovy-1.8.6/debian/patches/CVE-2016-6814.patch 
groovy-1.8.6/debian/patches/CVE-2016-6814.patch
--- groovy-1.8.6/debian/patches/CVE-2016-6814.patch 1970-01-01 
01:00:00.0 +0100
+++ groovy-1.8.6/debian/patches/CVE-2016-6814.patch 2017-01-30 
17:20:04.0 +0100
@@ -0,0 +1,37 @@
+From: Markus Koschany 
+Date: Mon, 30 Jan 2017 17:15:11 +0100
+Subject: CVE-2016-6814
+
+Bug-Debian: https://bugs.debian.org/851408
+Origin: http://seclists.org/oss-sec/2017/q1/92
+---
+ src/main/org/codehaus/groovy/runtime/MethodClosure.java | 9 +
+ 1 file changed, 9 insertions(+)
+
+diff --git a/src/main/org/codehaus/groovy/runtime/MethodClosure.java 
b/src/main/org/codehaus/groovy/runtime/MethodClosure.java
+index d4f996e..4dfb360 100644
+--- a/src/main/org/codehaus/groovy/runtime/MethodClosure.java
 b/src/main/org/codehaus/groovy/runtime/MethodClosure.java
+@@ -19,6 +19,7 @@ import groovy.lang.Closure;
+ import groovy.lang.MetaMethod;
+ 
+ import java.util.List;
++import java.io.IOException;
+ 
+ 
+ /**
+@@ -61,6 +62,14 @@ public class MethodClosure extends Closure {
+ throw new UnsupportedOperationException();
+ }
+ 
++private void readObject(java.io.ObjectInputStream stream) throws
++IOException, ClassNotFoundException {
++if (ALLOW_RESOLVE) {
++stream.defaultReadObject();
++}
++throw new UnsupportedOperationException();
++}
++
+ public String getMethod() {
+ return method;
+ }
diff -Nru groovy-1.8.6/debian/patches/series groovy-1.8.6/debian/patches/series
--- groovy-1.8.6/debian/patches/series  2015-07-25 23:26:18.0 +0200
+++ groovy-1.8.6/debian/patches/series  2017-01-30 17:20:04.0 +0100
@@ -3,3 +3,4 @@
 0003-disable-bnd.diff.patch
 0004-java8-compatibility.patch
 0005-CVE-2015-3253.patch
+CVE-2016-6814.patch

Bug#853230: marked as done (unblock: check-mk/1.2.8p16-1)

2017-01-30 Thread Debian Bug Tracking System 
Your message dated Mon, 30 Jan 2017 19:14:55 +0100
with message-id <45e6d908-bd87-f799-499f-f26a3aea9...@debian.org>
and subject line Re: Bug#853230: unblock: check-mk/1.2.8p16-1
has caused the Debian Bug report #853230,
regarding unblock: check-mk/1.2.8p16-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
853230: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853230
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package check-mk

The most recent upload fixes #846848 which is the only open RC bug.
Thanks!

unblock check-mk/1.2.8p16-1

-- 
Matt Taggart
tagg...@debian.org
--- End Message ---
--- Begin Message ---
On 30/01/17 19:00, Matt Taggart wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package check-mk
> 
> The most recent upload fixes #846848 which is the only open RC bug.
> Thanks!
> 
> unblock check-mk/1.2.8p16-1

E: package check-mk not in testing

Sorry but you missed the deadline.

Cheers,
Emilio--- End Message ---

Bug#853001: Unblock tigervnc/1.7.0+dfsg-3

2017-01-30 Thread Emilio Pozuelo Monfort 
On 28/01/17 21:46, Ola Lundqvist wrote:
> Package: release.debian.org
> Severity: normal
> Usertags: unblock
> 
> Hi
> 
> I would like you to unblock the last upload of tigervnc. It solved a
> security RC bug.
> 
> tigervnc (1.7.0+dfsg-3) unstable; urgency=high
> 
>   [ Salvatore Bonaccorso ]
>   * Fix buffer overflow in ModifiablePixelBuffer::fillRect (CVE-2017-5581)
> (Closes: #852213)
> 
>   [ Joachim Falk ]
>   * Shut up lintian manpage-has-errors-from-man for vnc.conf.5x.gz
> Basically the default value for $sslAutoGenCertCommand is too large
> to fit into a 80 column manpage output. Broke that into multiple
> lines.
> 
>  -- Ola Lundqvist   Sat, 28 Jan 2017 21:08:53 +0100

You have some undocumented changes to debian/rules. Are those important and/or
fixing any issues?

Emilio

Bug#853230: unblock: check-mk/1.2.8p16-1

2017-01-30 Thread Matt Taggart 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package check-mk

The most recent upload fixes #846848 which is the only open RC bug.
Thanks!

unblock check-mk/1.2.8p16-1

-- 
Matt Taggart
tagg...@debian.org

Bug#853071: marked as done (unblock: symfony/2.8.7+dfsg-1.2)

2017-01-30 Thread Debian Bug Tracking System 
Your message dated Mon, 30 Jan 2017 18:05:53 +
with message-id 
and subject line unblock symfony
has caused the Debian Bug report #853071,
regarding unblock: symfony/2.8.7+dfsg-1.2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
853071: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853071
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package symfony

This fixes the RC bug #832858 (caused by PHP 7.0/7.1 changes), as well
as fixing the FTBFS when building in 2017 (and future years). Both are
backports of upstream patches. Debdiff attached.

unblock symfony/2.8.7+dfsg-1.1

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-
debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
diff -Nru symfony-2.8.7+dfsg/debian/changelog symfony-2.8.7+dfsg/debian/changelog
--- symfony-2.8.7+dfsg/debian/changelog	2016-06-08 01:52:05.0 +0100
+++ symfony-2.8.7+dfsg/debian/changelog	2017-01-29 13:54:28.0 +
@@ -1,3 +1,12 @@
+symfony (2.8.7+dfsg-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix PHP 7.0/7.1 related failures (Closes: #832858)
+  * Do not depend on a fixed date in layout tests (fixes FTBFS in 2017 and
+beyond)
+
+ -- James Clarke   Sun, 29 Jan 2017 13:54:28 +
+
 symfony (2.8.7+dfsg-1) unstable; urgency=medium
 
   [ Fabien Potencier ]
diff -Nru symfony-2.8.7+dfsg/debian/patches/do-not-depend-on-a-fixed-date-in-layout- symfony-2.8.7+dfsg/debian/patches/do-not-depend-on-a-fixed-date-in-layout-
--- symfony-2.8.7+dfsg/debian/patches/do-not-depend-on-a-fixed-date-in-layout-	1970-01-01 01:00:00.0 +0100
+++ symfony-2.8.7+dfsg/debian/patches/do-not-depend-on-a-fixed-date-in-layout-	2017-01-29 13:54:28.0 +
@@ -0,0 +1,163 @@
+From: Christian Flothmann 
+Date: Sun, 1 Jan 2017 13:18:05 +0100
+X-Dgit-Generated: 2.8.7+dfsg-1.1 804ee09c5a98f4ff4ed1132b68bf4c4afa17facc
+Subject: Do not depend on a fixed date in layout tests
+
+By default, the `DateType` as well as the `DateTimeType` set the choices
+being available for the year to a range starting five years in the past.
+After some time, this will make tests fail when the year of the fixed
+date being used as the initial data is before the first year being part
+of the choices.
+
+Origin: backport, https://github.com/symfony/symfony/commit/97b7fabf519b48333b772924b141f84efdb44c1e
+
+---
+
+--- symfony-2.8.7+dfsg.orig/src/Symfony/Component/Form/Tests/AbstractBootstrap3LayoutTest.php
 symfony-2.8.7+dfsg/src/Symfony/Component/Form/Tests/AbstractBootstrap3LayoutTest.php
+@@ -1346,7 +1346,7 @@ abstract class AbstractBootstrap3LayoutT
+ 
+ public function testDateTime()
+ {
+-$form = $this->factory->createNamed('name', 'Symfony\Component\Form\Extension\Core\Type\DateTimeType', '2011-02-03 04:05:06', array(
++$form = $this->factory->createNamed('name', 'Symfony\Component\Form\Extension\Core\Type\DateTimeType', date('Y').'-02-03 04:05:06', array(
+ 'input' => 'string',
+ 'with_seconds' => false,
+ ));
+@@ -1365,7 +1365,7 @@ abstract class AbstractBootstrap3LayoutT
+ /following-sibling::select
+ [@id="name_date_year"]
+ [@class="form-control"]
+-[./option[@value="2011"][@selected="selected"]]
++[./option[@value="'.date('Y').'"][@selected="selected"]]
+ /following-sibling::select
+ [@id="name_time_hour"]
+ [@class="form-control"]
+@@ -1420,7 +1420,7 @@ abstract class AbstractBootstrap3LayoutT
+ 
+ public function testDateTimeWithHourAndMinute()
+ {
+-$data = array('year' => '2011', 'month' => '2', 'day' => '3', 'hour' => '4', 'minute' => '5');
++$data = array('year' => date('Y'), 'month' => '2', 'day' => '3', 'hour' => '4', 'minute' => '5');
+ 
+ $form = $this->factory->createNamed('name', 'Symfony\Component\Form\Extension\Core\Type\DateTimeType', $data, array(
+ 'input' => 'array',
+@@ -1442,7 +1442,7 @@ abstract class AbstractBootstrap3LayoutT
+ /following-sibling::select
+ [@id="name_date_year"]
+ [@class="form-control"]
+-[./option[@value="2011"][@selected="selected"]]
++[./option[@value="'.date('Y').'"][@selected="sel

Bug#853118: unblock: sane-frontends/1.0.14-12

2017-01-30 Thread Emilio Pozuelo Monfort 
On 29/01/17 22:14, Jörg Frings-Fürst wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package sane-frontends
> 
> It solved a FTBFS bug.
> 
> sane-frontends (1.0.14-12) unstable; urgency=medium
> 
>   * New debian/patches/0001-fix_missing_sane-config.patch:
> - Add autoconf statements which were previously part of
>   sane-config to detect the presence of sane-backends.
>   * debian/compat:
> - Change compat level to 10.
>   * debian/control:
> - Bump required version of debhelper to >= 10.

I have unblocked this, this once. Note that bumping debhelper compat is not an
acceptable change during the freeze and we will reject those.

Cheers,
Emilio

> - Bump Standards-Version to 3.9.8 (no changes required).
> - Change Vcs-Browser to secure URI.
>   * debian/copyright:
> - Add year 2017 for debian/*.
>   * Refresh debian/patches/25_manpages-typo.patch.
> 
>  -- Jörg Frings-Fürst   Sat, 28 Jan 2017 08:24:35 
> +0100
> 
> The debdiff is attached.
> 
> 
> unblock sane-frontends/1.0.14-12
> 
> -- System Information:
> Debian Release: 9.0
>   APT prefers testing
>   APT policy: (900, 'testing'), (800, 'unstable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 4.9.0-1-amd64 (SMP w/6 CPU cores)
> Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> 
>

Bug#853116: marked as done (unblock: xsane/0.999-5)

2017-01-30 Thread Debian Bug Tracking System 
Your message dated Mon, 30 Jan 2017 18:02:29 +
with message-id 
and subject line unblock xsane
has caused the Debian Bug report #853116,
regarding unblock: xsane/0.999-5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
853116: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853116
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Please unblock package xsane

It solved a FTBFS RC bug.

xsane (0.999-5) unstable; urgency=medium

  * New debian/patches/0010-fix_missing_sane-config.patch (Closes: #852840):
- Add autoconf statements which were previously part of
  sane-config to detect the presence of sane-backends.
Thanks to Andreas Metzler .
  * debian/copyright:
- Add year 2017 for debian/*.

 -- Jörg Frings-Fürst   Sat, 28 Jan 2017 07:15:47 
+0100

The debdiff is attached.

unblock xsane/0.999-5

- -- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/6 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEY+AHX8jUOrs1qzDuCfifPIyh0l0FAliOVycACgkQCfifPIyh
0l3I3RAAiLm3Dtum+tJuHefCRn7h9g4pfUL/Y9uqZEFpv27F+9Rcwt4/NMvH7YZI
SvkMdM2YV6Q6Cvdr5xoIgcQMAg56KCjI48zy+4oUFfkDbqbfkRT4TiBSVXEykCcM
HCscRn1Q/3IRCrPkNZzuFwOMg64iU0clkONHxX+6XWbr9RlzKuxmkBV3pnUsf3Tu
MKuflRJkukUvbYC15tKDUbHaeVD2aNtaR2pt61hRV/J3XtkMLXrzAo9f3knJgdvF
ZR8Lb9+G9KBQRktW6ppUPc3s1/EGEFSx49wNfj+iD8CMzlTX774lKX7MxAAdUu+f
0POptBzu1noI15dRwaiv3ZyUeQXvmhGxVJWZTuQ5murOLmVK8HN+GEv03ZDlzguf
Mh1D1eKlI2Tf6TKYWdxLS/SLBcH/gy9MRbC/CHuliBp3e50iA9KICI5KBTYvDK/7
Bvu9vd2DH38TUOiMZQQo75C+hTb3emyw+L1ECYG1Pl00ef/kyUKyVLfBAngLbbDI
BL8jtZvjTxJic3mmhQP/t2EnqjHmFECkF2b6T98XsStF+bYAIdfn0BBMRRcTPlct
ETtbllb8r9n/HvJ4rQXswjx+tVfLn/696NaffWBrvlEdiAbZdr3kocKh5ABKmKlG
AP6FRZG7wi1a6/RaZr3j4uNsLorZU+mv0/dsg+v/V3SRZ5SUFJg=
=NmFN
-END PGP SIGNATURE-
diff -Nru xsane-0.999/debian/changelog xsane-0.999/debian/changelog
--- xsane-0.999/debian/changelog2016-10-15 05:58:43.0 +0200
+++ xsane-0.999/debian/changelog2017-01-28 07:15:47.0 +0100
@@ -1,3 +1,14 @@
+xsane (0.999-5) unstable; urgency=medium
+
+  * New debian/patches/0010-fix_missing_sane-config.patch (Closes: #852840):
+- Add autoconf statements which were previously part of
+  sane-config to detect the presence of sane-backends.
+Thanks to Andreas Metzler .
+  * debian/copyright:
+- Add year 2017 for debian/*.
+
+ -- Jörg Frings-Fürst   Sat, 28 Jan 2017 07:15:47 
+0100
+
 xsane (0.999-4) unstable; urgency=medium
 
   * debian/control:
diff -Nru xsane-0.999/debian/copyright xsane-0.999/debian/copyright
--- xsane-0.999/debian/copyright2016-10-02 20:49:04.0 +0200
+++ xsane-0.999/debian/copyright2017-01-28 07:07:32.0 +0100
@@ -65,7 +65,7 @@
 Files: debian/*
 Copyright: 1999-2002 Oliver Rauch 
2002-2011 Julien BLACHE 
-   2014-2016 Jörg Frings-Fürst 
+   2014-2017 Jörg Frings-Fürst 
 License: GPL-3+
 
 Files: lib/alloca.c
diff -Nru xsane-0.999/debian/patches/0010-fix_missing_sane-config.patch 
xsane-0.999/debian/patches/0010-fix_missing_sane-config.patch
--- xsane-0.999/debian/patches/0010-fix_missing_sane-config.patch   
1970-01-01 01:00:00.0 +0100
+++ xsane-0.999/debian/patches/0010-fix_missing_sane-config.patch   
2017-01-28 06:54:32.0 +0100
@@ -0,0 +1,26 @@
+Description: Fix FTBFS against libsane-dev >= 1.0.25-3
+ Fix missing sane-config
+Author: Andreas Metzler 
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852840
+Forwarded: https://github.com/nphilipp/xsane/issues/1
+Reviewed-by: Jörg Frings-Fürst 
+Last-Update: 2017-01-28 
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: trunk/configure.in
+===
+--- trunk.orig/configure.in
 trunk/configure.in
+@@ -165,8 +165,10 @@ fi
+ 
+ AC_SUBST(INTLSUB)
+ 
+-AM_PATH_SANE(1.0.0, HAVE_SANE=yes, )
+-
++PKG_CHECK_MODULES([SANE], [sane-backends >= 1.0.0])
++PKG_CHECK_VAR([SANE_PREFIX], [sane-backends >= 1.0.0], [prefix])
++PKG_CHECK_VAR([SANE_LDFLAGS], [sane-backends >= 1.0.0], [ldflags],
++  [HAVE_SANE=yes])
+ if test "${USE_GIMP}" = "yes";

Bug#853118: marked as done (unblock: sane-frontends/1.0.14-12)

2017-01-30 Thread Debian Bug Tracking System 
Your message dated Mon, 30 Jan 2017 18:04:24 +
with message-id 
and subject line unblock sane-frontends
has caused the Debian Bug report #853118,
regarding unblock: sane-frontends/1.0.14-12
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
853118: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853118
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Please unblock package sane-frontends

It solved a FTBFS bug.

sane-frontends (1.0.14-12) unstable; urgency=medium

  * New debian/patches/0001-fix_missing_sane-config.patch:
- Add autoconf statements which were previously part of
  sane-config to detect the presence of sane-backends.
  * debian/compat:
- Change compat level to 10.
  * debian/control:
- Bump required version of debhelper to >= 10.
- Bump Standards-Version to 3.9.8 (no changes required).
- Change Vcs-Browser to secure URI.
  * debian/copyright:
- Add year 2017 for debian/*.
  * Refresh debian/patches/25_manpages-typo.patch.

 -- Jörg Frings-Fürst   Sat, 28 Jan 2017 08:24:35 
+0100

The debdiff is attached.


unblock sane-frontends/1.0.14-12

- -- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/6 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEY+AHX8jUOrs1qzDuCfifPIyh0l0FAliOWy4ACgkQCfifPIyh
0l3VMRAAqNElWz78qSfdOTmrKId+AfDXhzW56LLeehKdf4vO/Q5W9ITm65Icu2wE
3jJ4gb5WXnwxyP0aRs/wmlff56n0P4xOdzoatj3Zl9K0vqV6CwNg7JNPC8LVr4+6
m1aDPY6loutE5HbdB7h5UiaBy5qDHhXk+xQGl3ffjD0NrUe2gGXvXt2luboOoBxU
3ZRGkv6gewKa63hFcH7lGjOSm6L9UEGedhw7m0i3TBFCZqxVOfYvU8EbBIXIZyD8
4pu972pAy3ZlE50Id6Lq1Wv0OkXoRC7kRHirETi7NyCylfZuubvWtQdhWEB0YybH
T3cUlCWia2Cr6KzH5RX+i0wDXw2PveEst4ZhWwCCT9vjs8A+3KezBWBtPrDieqCg
Y2fhu38M9J64E/41mAPPib9OHvkodV1ff0UqW8eriT8lF+QebIyFHGRc4E9G2gfU
quoXB88onx1atdBG29Py/Lkz/kEdx7lJsbjB2grkjV2lEiWise30bLg+K7enBtme
mfMxjVZmLyMSvEcn46U/YjthGY27ftjWAl676GF8wkrW76iH4X4PArZ8tMuB8q4i
cHRDPuY5qWWOdCn5QYiLpw+VOFFHezTeSVucA7keh0RRhzZjk3KIVVecc2is7FMD
SyZI6oIFaVp3d9yjRdwGV0bppvVIK52QOG8Ep3nyWNr23Hirelk=
=QJJP
-END PGP SIGNATURE-
diff -Nru sane-frontends-1.0.14/debian/changelog 
sane-frontends-1.0.14/debian/changelog
--- sane-frontends-1.0.14/debian/changelog  2015-05-09 21:58:27.0 
+0200
+++ sane-frontends-1.0.14/debian/changelog  2017-01-28 08:24:35.0 
+0100
@@ -1,3 +1,20 @@
+sane-frontends (1.0.14-12) unstable; urgency=medium
+
+  * New debian/patches/0001-fix_missing_sane-config.patch:
+- Add autoconf statements which were previously part of
+  sane-config to detect the presence of sane-backends.
+  * debian/compat:
+- Change compat level to 10.
+  * debian/control:
+- Bump required version of debhelper to >= 10.
+- Bump Standards-Version to 3.9.8 (no changes required).
+- Change Vcs-Browser to secure URI.
+  * debian/copyright:
+- Add year 2017 for debian/*.
+  * Refresh debian/patches/25_manpages-typo.patch.
+
+ -- Jörg Frings-Fürst   Sat, 28 Jan 2017 08:24:35 
+0100
+
 sane-frontends (1.0.14-11) unstable; urgency=medium
 
   * New debian/patch/30_gimp_init.patch:
diff -Nru sane-frontends-1.0.14/debian/compat 
sane-frontends-1.0.14/debian/compat
--- sane-frontends-1.0.14/debian/compat 2014-12-02 20:33:12.0 +0100
+++ sane-frontends-1.0.14/debian/compat 2017-01-28 08:08:20.0 +0100
@@ -1 +1 @@
-9
+10
diff -Nru sane-frontends-1.0.14/debian/control 
sane-frontends-1.0.14/debian/control
--- sane-frontends-1.0.14/debian/control2014-12-04 13:33:55.0 
+0100
+++ sane-frontends-1.0.14/debian/control2017-01-28 08:10:56.0 
+0100
@@ -2,16 +2,16 @@
 Section: graphics
 Priority: optional
 Maintainer: Jörg Frings-Fürst 
-Standards-Version: 3.9.6
+Standards-Version: 3.9.8
 Build-Depends:
  autotools-dev,
- debhelper (>= 9),
+ debhelper (>= 10),
  libgimp2.0-dev (>= 2.0.0),
  libgtk2.0-dev,
  libsane-dev (>= 1.0.11-3),
 Homepage: http://www.sane-project.org
 Vcs-Git: git://anonscm.debian.org/collab-maint/sane-frontends.git
-Vcs-Browser: http://anonscm.debian.org/cgit/collab-maint/sane-frontends.git
+Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/sane-frontends.git
 
 Package: sane
 Architec

Bug#853112: marked as done (unblock: qmmp/1.1.6-1.1)

2017-01-30 Thread Debian Bug Tracking System 
Your message dated Mon, 30 Jan 2017 18:01:46 +
with message-id 
and subject line unblock qmmp
has caused the Debian Bug report #853112,
regarding unblock: qmmp/1.1.6-1.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
853112: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853112
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package qmmp so oss4-dev gets closer to leaving the
critical path. Debdiff attachd.

unblock qmmp/1.1.6-1.1

Thanks,
S
diffstat for qmmp-1.1.6 qmmp-1.1.6

 changelog |8 
 control   |2 +-
 rules |2 +-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff -Nru qmmp-1.1.6/debian/changelog qmmp-1.1.6/debian/changelog
--- qmmp-1.1.6/debian/changelog	2017-01-16 19:03:58.0 +
+++ qmmp-1.1.6/debian/changelog	2017-01-29 12:00:10.0 +
@@ -1,3 +1,11 @@
+qmmp (1.1.6-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Drop build-dependency on oss4-dev on Linux kernel (Closes: #852986)
+- d/rules: explicitly disable OSS4 on Linux, for predictability
+
+ -- Simon McVittie   Sun, 29 Jan 2017 12:00:10 +
+
 qmmp (1.1.6-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru qmmp-1.1.6/debian/control qmmp-1.1.6/debian/control
--- qmmp-1.1.6/debian/control	2017-01-16 19:03:58.0 +
+++ qmmp-1.1.6/debian/control	2017-01-29 12:00:10.0 +
@@ -4,7 +4,7 @@
 Maintainer: Matteo Cypriani 
 Build-Depends: debhelper (>= 10), cmake, pkg-config, qtbase5-dev (>= 5.4),
   libqt5x11extras5-dev (>= 5.4), qttools5-dev-tools (>= 5.4),
-  qtchooser, libx11-dev, oss4-dev, libmad0-dev, libvorbis-dev,
+  qtchooser, libx11-dev, oss4-dev [!linux-any], libmad0-dev, libvorbis-dev,
   libogg-dev, libasound2-dev [linux-any], libtag1-dev (>= 1.10),
   libcurl4-gnutls-dev, qtmultimedia5-dev (>= 5.4), libmms-dev,
   libflac-dev, libmpcdec-dev, libjack-jackd2-dev, libsoxr-dev,
diff -Nru qmmp-1.1.6/debian/rules qmmp-1.1.6/debian/rules
--- qmmp-1.1.6/debian/rules	2017-01-16 19:03:58.0 +
+++ qmmp-1.1.6/debian/rules	2017-01-29 12:00:10.0 +
@@ -9,7 +9,7 @@
 DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
 
 ifeq ($(DEB_HOST_ARCH_OS),linux)
-	EXTRA_CMAKE_ARGS = -DUSE_HAL:BOOL=FALSE
+	EXTRA_CMAKE_ARGS = -DUSE_HAL:BOOL=FALSE -DUSE_OSS4:BOOL=FALSE
 else
 	EXTRA_CMAKE_ARGS = -DUSE_ALSA:BOOL=FALSE -DUSE_UDISKS:BOOL=FALSE
 endif
--- End Message ---
--- Begin Message ---
Unblocked.--- End Message ---

Bug#853152: marked as done (unblock: codelite/10.0+dfsg-1)

2017-01-30 Thread Debian Bug Tracking System 
Your message dated Mon, 30 Jan 2017 18:01:10 +
with message-id 
and subject line unblock codelite
has caused the Debian Bug report #853152,
regarding unblock: codelite/10.0+dfsg-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
853152: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853152
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi,

Please unblock package codelite.

I recently uploaded a new version of codelite and was hoping for it to
be included in stretch. It was uploaded "within the time" but
unfortunately (?) I switched from LLVM 3.8 to 3.9 and it built on armel,
so it depends on the newer version of LLVM 3.9 which is not in testing yet.

Would it be possible to unblock codelite so it migrates when LLVM 3.9
does? I understand if you don't want this in stretch and it was pretty
late - it isn't a hugely important update.

Alternatively, could you age LLVM 3.9 so codelite doesn't need an unblock?

Thanks,
James

unblock codelite/10.0+dfsg-1



signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Unblocked.--- End Message ---

Bug#853111: marked as done (unblock: audacious-plugins/3.7.2-2.1)

2017-01-30 Thread Debian Bug Tracking System 
Your message dated Mon, 30 Jan 2017 18:00:58 +
with message-id 
and subject line unblock audacious-plugins
has caused the Debian Bug report #853111,
regarding unblock: audacious-plugins/3.7.2-2.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
853111: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853111
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package audacious-plugins so oss4-dev is closer to leaving
the critical path (#852984). Debdiff attached.

unblock audacious-plugins/3.7.2-2.1

Regards,
S
diffstat for audacious-plugins-3.7.2 audacious-plugins-3.7.2

 changelog |7 +++
 control   |2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff -Nru audacious-plugins-3.7.2/debian/changelog audacious-plugins-3.7.2/debian/changelog
--- audacious-plugins-3.7.2/debian/changelog	2016-04-10 21:29:18.0 +0100
+++ audacious-plugins-3.7.2/debian/changelog	2017-01-29 11:54:36.0 +
@@ -1,3 +1,10 @@
+audacious-plugins (3.7.2-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Drop build-dependency on oss4-dev for Linux kernel (Closes: #852984)
+
+ -- Simon McVittie   Sun, 29 Jan 2017 11:54:36 +
+
 audacious-plugins (3.7.2-2) unstable; urgency=medium
 
   * Team upload.
diff -Nru audacious-plugins-3.7.2/debian/control audacious-plugins-3.7.2/debian/control
--- audacious-plugins-3.7.2/debian/control	2016-04-07 21:43:07.0 +0100
+++ audacious-plugins-3.7.2/debian/control	2017-01-29 11:54:36.0 +
@@ -47,7 +47,7 @@
  libwavpack-dev (>= 4.31),
  libxcomposite-dev,
  libxml2-dev,
- oss4-dev,
+ oss4-dev [!linux-any],
  qtbase5-dev,
  qtmultimedia5-dev,
  libqt5opengl5-dev
--- End Message ---
--- Begin Message ---
Unblocked.--- End Message ---

Re: Bug#853189: tracker.debian.org: Ecnoding issue / Code injection through Maintainer field (and probably others)

2017-01-30 Thread Adrian Bunk 
On Mon, Jan 30, 2017 at 04:48:55PM +0100, Mattia Rizzolo wrote:
> On Mon, Jan 30, 2017 at 03:43:44PM +0100, Dominik George wrote:
> > tracker.debian.org apparently has encoding issues, not of the “schei�
> > encoding” kind, but it even seems to break the HTML completely and even
> > introduces new elements into the DOM in some way…
> > 
> > أحمد المحمودي (Ahmed El-Mahmoudy), e.g., in the Maintainer field of
> > python-whoosh [1] triggers the issue in the “testing migrations” pane
> > (but not in the Maintainer field itself…).
> 
> That's coming from the excuses.yaml coming from
> https://release.debian.org/britney/excuses.yaml (debian-released CCed):
>...

Niels correctly stated in IRC that the tracker is actually using
update_excuses.html

My guess regarding the cause would be that the tracker fails to properly
parse bi-directional text in update_excuses (Arabic is right-to-left).

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#853155: marked as done (unblock: python-astropy/1.3-8)

2017-01-30 Thread Debian Bug Tracking System 
Your message dated Mon, 30 Jan 2017 17:57:30 +
with message-id 
and subject line unblock python-astropy
has caused the Debian Bug report #853155,
regarding unblock: python-astropy/1.3-8
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
853155: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853155
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

please unblock python-astropy in the upcoming (Feb 5) freeze.

It solves #852550 "doctests fail for affiliated package",
severity: important, which is blocking an RC bug for astroplan.
Changelog entries:

python-astropy (1.3-8) unstable; urgency=medium

  * Switch to unstable. Closes: #852550
  * Revert unrelated "Improved detection of ascii fast_reader in non-fast
parsers"

 -- Ole Streicher   Wed, 25 Jan 2017 16:17:26 +0100

python-astropy (1.3-8~exp2) experimental; urgency=medium

  * Fix pytest section, finally re-enabling doctests

 -- Ole Streicher   Thu, 19 Jan 2017 17:27:30 +0100

python-astropy (1.3-8~exp1) experimental; urgency=medium

  * Switch to experimental for some tests
  * Try to fix doctest failures
  * Improved detection of ascii fast_reader in non-fast parsers

 -- Ole Streicher   Thu, 19 Jan 2017 09:57:22 +0100

The debdiff is attached. Requested commands:

unblock python-astropy/1.3-8
diff -Nru python-astropy-1.3/debian/changelog 
python-astropy-1.3/debian/changelog
--- python-astropy-1.3/debian/changelog 2017-01-15 14:35:17.0 +0100
+++ python-astropy-1.3/debian/changelog 2017-01-25 16:17:26.0 +0100
@@ -1,3 +1,25 @@
+python-astropy (1.3-8) unstable; urgency=medium
+
+  * Switch to unstable. Closes: #852550
+  * Revert unrelated "Improved detection of ascii fast_reader in non-fast
+parsers"
+
+ -- Ole Streicher   Wed, 25 Jan 2017 16:17:26 +0100
+
+python-astropy (1.3-8~exp2) experimental; urgency=medium
+
+  * Fix pytest section, finally re-enabling doctests
+
+ -- Ole Streicher   Thu, 19 Jan 2017 17:27:30 +0100
+
+python-astropy (1.3-8~exp1) experimental; urgency=medium
+
+  * Switch to experimental for some tests
+  * Try to fix doctest failures
+  * Improved detection of ascii fast_reader in non-fast parsers
+
+ -- Ole Streicher   Thu, 19 Jan 2017 09:57:22 +0100
+
 python-astropy (1.3-7) unstable; urgency=medium
 
   * Allow stderr in all tests
diff -Nru 
python-astropy-1.3/debian/patches/Allow-pytest-3.x-to-use-plugin-for-doctests-in-.rst-files.patch
 
python-astropy-1.3/debian/patches/Allow-pytest-3.x-to-use-plugin-for-doctests-in-.rst-files.patch
--- 
python-astropy-1.3/debian/patches/Allow-pytest-3.x-to-use-plugin-for-doctests-in-.rst-files.patch
   1970-01-01 01:00:00.0 +0100
+++ 
python-astropy-1.3/debian/patches/Allow-pytest-3.x-to-use-plugin-for-doctests-in-.rst-files.patch
   2017-01-25 16:14:59.0 +0100
@@ -0,0 +1,123 @@
+From: Marten van Kerkwijk 
+Date: Wed, 11 Jan 2017 21:59:16 -0500
+Subject: Allow pytest 3.x to use plugin for doctests in .rst files.
+
+Pull request: https://github.com/astropy/astropy/pull/5688
+---
+ astropy/tests/pytest_plugins.py| 17 -
+ astropy/tests/tests/test_runner.py | 16 +---
+ setup.cfg  |  2 +-
+ 3 files changed, 14 insertions(+), 21 deletions(-)
+
+diff --git a/astropy/tests/pytest_plugins.py b/astropy/tests/pytest_plugins.py
+index 27b683d..64f7b74 100644
+--- a/astropy/tests/pytest_plugins.py
 b/astropy/tests/pytest_plugins.py
+@@ -180,7 +180,8 @@ def pytest_configure(config):
+ 
+ # uses internal doctest module parsing mechanism
+ finder = DocTestFinderPlus()
+-runner = doctest.DebugRunner(verbose=False, optionflags=opts)
++runner = doctest.DebugRunner(verbose=False, optionflags=opts,
++ checker=AstropyOutputChecker())
+ for test in finder.find(module):
+ if test.examples:  # skip empty doctests
+ if config.getvalue("remote_data") != 'any':
+@@ -191,21 +192,11 @@ def pytest_configure(config):
+ yield doctest_plugin.DoctestItem(
+ test.name, self, runner, test)
+ 
+-# This is for py.test prior to 2.4.0
+-def runtest(self):
+-return
+-
+-class DocTestTextfilePlus(doctest_plugin.DoctestTextfile):
++class DocTestTextfilePlus(doctest_plugin.DoctestItem, pytest.Module):
+ def runtest(self):
+ # satisfy `FixtureRequest` cons

Bug#853195: marked as done (unblock: emacs-goodies-el/36.3+nmu1)

2017-01-30 Thread Debian Bug Tracking System 
Your message dated Mon, 30 Jan 2017 17:52:45 +
with message-id 
and subject line unblock emacs-goodies-el
has caused the Debian Bug report #853195,
regarding unblock: emacs-goodies-el/36.3+nmu1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
853195: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853195
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package emacs-goodies-el.

Fixes upgrading bug found by piuparts: #851605.  Several packages are
threatened by AUTORM due to this bug.

debdiff attached.  Thanks.

unblock emacs-goodies-el/36.3+nmu1

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (900, 'testing'), (100, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
Sean Whitton
diff -Nru emacs-goodies-el-36.3/debian/changelog emacs-goodies-el-36.3+nmu1/debian/changelog
--- emacs-goodies-el-36.3/debian/changelog	2016-11-21 13:20:03.0 -0700
+++ emacs-goodies-el-36.3+nmu1/debian/changelog	2017-01-27 22:15:49.0 -0700
@@ -1,3 +1,13 @@
+emacs-goodies-el (36.3+nmu1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * emacs-goodies-el:
+  - Bug fix: "fails to upgrade lenny -> squeeze -> wheezy -> jessie",
+thanks to Andreas Beckmann (Closes: #851605).  Skip byte-compilation
+for minibuffer-complete-cycle.el on emacs22.
+
+ -- Sean Whitton   Fri, 27 Jan 2017 22:15:49 -0700
+
 emacs-goodies-el (36.3) unstable; urgency=high
 
   * emacs-goodies-el:
diff -Nru emacs-goodies-el-36.3/debian/emacs-goodies-el.emacsen-install.in emacs-goodies-el-36.3+nmu1/debian/emacs-goodies-el.emacsen-install.in
--- emacs-goodies-el-36.3/debian/emacs-goodies-el.emacsen-install.in	2016-11-21 13:17:53.0 -0700
+++ emacs-goodies-el-36.3+nmu1/debian/emacs-goodies-el.emacsen-install.in	2017-01-27 19:27:51.0 -0700
@@ -21,6 +21,7 @@
 EXCLUDED_xemacs21="csv-mode.el minibuf-electric.el pp-c-l.el tabbar.el todoo.el rfcview.el upstart-mode.el maplev.el button-lock.el"
 #EXCLUDED_emacs_snapshot="cua.el cfengine.el ibuffer.el ido.el newsticker.el table.el "
 #EXCLUDED_emacs22="cua.el cfengine.el ibuffer.el ido.el newsticker.el table.el "
+EXCLUDED_emacs22="minibuffer-complete-cycle.el"
 EXCLUDED_emacs23="minibuffer-complete-cycle.el"
 
 # Skip byte-compilation here if necessary:


signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Unblocked.--- End Message ---

Bug#853168: marked as done (unblock: opencv/2.4.9.1+dfsg-2.2)

2017-01-30 Thread Debian Bug Tracking System 
Your message dated Mon, 30 Jan 2017 17:53:53 +
with message-id 
and subject line unblock opencv
has caused the Debian Bug report #853168,
regarding unblock: opencv/2.4.9.1+dfsg-2.2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
853168: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853168
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package opencv

The opencv package is a tightly connected set of packages which
underwent the C++ transition. APT refuses to upgrade these packages
as the old ones have too many dependencies amongst each other. 
This especially prevented aptitude and gnome from being upgraded
and caused them to be removed again.

I fixed the issue by just adding breaks against all "old" packages 
(the ones now with v5, but without v5 at the end of the name)
to all "new" packages - This has the effect of pushing down the
scores for the old packages so much that apt will happily upgrade
everything.

See Bug#853124 for further details and logs before/after the
change.

unblock opencv/2.4.9.1+dfsg-2.2

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (900, 'unstable'), (500, 'unstable-debug'), (500, 
'buildd-unstable'), (500, 'testing'), (100, 'experimental'), (1, 
'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

-- 
Debian Developer - deb.li/jak | jak-linux.org - free software dev
  |  Ubuntu Core Developer |
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline').  Thank you.
diff -Nru opencv-2.4.9.1+dfsg/debian/changelog opencv-2.4.9.1+dfsg/debian/changelog
--- opencv-2.4.9.1+dfsg/debian/changelog	2016-10-04 17:07:49.0 +0200
+++ opencv-2.4.9.1+dfsg/debian/changelog	2017-01-30 13:21:19.0 +0100
@@ -1,3 +1,11 @@
+opencv (2.4.9.1+dfsg-2.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add Breaks against all non-v5 packages to all v5 packages, this
+fixes apt dist-upgrade. (Closes: #853124)
+
+ -- Julian Andres Klode   Mon, 30 Jan 2017 13:21:19 +0100
+
 opencv (2.4.9.1+dfsg-2.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru opencv-2.4.9.1+dfsg/debian/control opencv-2.4.9.1+dfsg/debian/control
--- opencv-2.4.9.1+dfsg/debian/control	2016-06-27 07:08:40.0 +0200
+++ opencv-2.4.9.1+dfsg/debian/control	2017-01-30 13:21:07.0 +0100
@@ -292,6 +292,23 @@
 Multi-Arch: same
 Pre-Depends: ${misc:Pre-Depends}
 Depends: ${misc:Depends}, ${shlibs:Depends}
+Breaks: libopencv-calib3d2.4,
+	libopencv-contrib2.4,
+	libopencv-core2.4,
+	libopencv-features2d2.4,
+	libopencv-flann2.4,
+	libopencv-gpu2.4,
+	libopencv-imgproc2.4,
+	libopencv-legacy2.4,
+	libopencv-ml2.4,
+	libopencv-objdetect2.4,
+	libopencv-ocl2.4,
+	libopencv-photo2.4,
+	libopencv-stitching2.4,
+	libopencv-superres2.4,
+	libopencv-ts2.4,
+	libopencv-video2.4,
+	libopencv-videostab2.4
 Conflicts: libopencv-core2.4
 Replaces: libopencv-core2.4
 Description: computer vision core library
@@ -335,6 +352,23 @@
 Pre-Depends: ${misc:Pre-Depends}
 Depends: ${shlibs:Depends}, ${misc:Depends},
 	libopencv-core2.4v5 (= ${binary:Version})
+Breaks: libopencv-calib3d2.4,
+	libopencv-contrib2.4,
+	libopencv-core2.4,
+	libopencv-features2d2.4,
+	libopencv-flann2.4,
+	libopencv-gpu2.4,
+	libopencv-imgproc2.4,
+	libopencv-legacy2.4,
+	libopencv-ml2.4,
+	libopencv-objdetect2.4,
+	libopencv-ocl2.4,
+	libopencv-photo2.4,
+	libopencv-stitching2.4,
+	libopencv-superres2.4,
+	libopencv-ts2.4,
+	libopencv-video2.4,
+	libopencv-videostab2.4
 Conflicts: libopencv-ml2.4
 Replaces: libopencv-ml2.4
 Description: computer vision Machine Learning library
@@ -379,6 +413,23 @@
 Pre-Depends: ${misc:Pre-Depends}
 Depends: ${shlibs:Depends}, ${misc:Depends},
 	libopencv-core2.4v5 (= ${binary:Version})
+Breaks: libopencv-calib3d2.4,
+	libopencv-contrib2.4,
+	libopencv-core2.4,
+	libopencv-features2d2.4,
+	libopencv-flann2.4,
+	libopencv-gpu2.4,
+	libopencv-imgproc2.4,
+	libopencv-legacy2.4,
+	libopencv-ml2.4,
+	libopencv-objdetect2.4,
+	libopencv-ocl2.4,
+	libopencv-photo2.4,
+	libopencv-stitching2.4,
+	libopencv-superres2.4,
+	libopencv-ts2.4,
+	libopencv-video2.4,
+	libopencv-videostab2.4
 Conflicts: libopencv-imgproc2.4
 Replaces: libopen

Re: Bug#853189: tracker.debian.org: Ecnoding issue / Code injection through Maintainer field (and probably others)

2017-01-30 Thread Niels Thykier 
Mattia Rizzolo:
> On Mon, Jan 30, 2017 at 03:43:44PM +0100, Dominik George wrote:
>> tracker.debian.org apparently has encoding issues, not of the “schei�
>> encoding” kind, but it even seems to break the HTML completely and even
>> introduces new elements into the DOM in some way…
>>
>> أحمد المحمودي (Ahmed El-Mahmoudy), e.g., in the Maintainer field of
>> python-whoosh [1] triggers the issue in the “testing migrations” pane
>> (but not in the Maintainer field itself…).
> 
> That's coming from the excuses.yaml coming from
> https://release.debian.org/britney/excuses.yaml (debian-released CCed):
> 
> [...]

Sorry, but I am afraid that is incorrect.

 * excuses.yaml is valid UTF-8 AFAICT
 * tracker.d.o does *not* import excuses.yaml but update_excuses.html
   (as far as I am informed at least)
 * Even update_excuses.html us valid UTF-8 (but it uses "meta
   http-equiv" tag to declare that rather than a HTTP header).

So I am not (yet?) convinced that the problem is on the d-release side.

Thanks,
~Niels

Re: Bug#853189: tracker.debian.org: Ecnoding issue / Code injection through Maintainer field (and probably others)

2017-01-30 Thread Mattia Rizzolo 
On Mon, Jan 30, 2017 at 03:43:44PM +0100, Dominik George wrote:
> tracker.debian.org apparently has encoding issues, not of the “schei�
> encoding” kind, but it even seems to break the HTML completely and even
> introduces new elements into the DOM in some way…
> 
> أحمد المحمودي (Ahmed El-Mahmoudy), e.g., in the Maintainer field of
> python-whoosh [1] triggers the issue in the “testing migrations” pane
> (but not in the Maintainer field itself…).

That's coming from the excuses.yaml coming from
https://release.debian.org/britney/excuses.yaml (debian-released CCed):

- excuses:
  - 'missing build on https://buildd.debian.org/status/logs.php?arch=amd64&pkg=python-whoosh&ver=2.7.0-1.1";
target="_blank">amd64: python-whoosh, python3-whoosh (from https://buildd.debian.org/status/logs.php?arch=amd64&pkg=python-whoosh&ver=2.7.0-1";
target="_blank">2.7.0-1)'
  - 'missing build on https://buildd.debian.org/status/logs.php?arch=i386&pkg=python-whoosh&ver=2.7.0-1.1";
target="_blank">i386: python-whoosh, python3-whoosh (from https://buildd.debian.org/status/logs.php?arch=i386&pkg=python-whoosh&ver=2.7.0-1";
target="_blank">2.7.0-1)'
  - 'missing build on https://buildd.debian.org/status/logs.php?arch=arm64&pkg=python-whoosh&ver=2.7.0-1.1";
target="_blank">arm64: python-whoosh, python3-whoosh (from https://buildd.debian.org/status/logs.php?arch=arm64&pkg=python-whoosh&ver=2.7.0-1";
target="_blank">2.7.0-1)'
  - 'missing build on https://buildd.debian.org/status/logs.php?arch=armel&pkg=python-whoosh&ver=2.7.0-1.1";
target="_blank">armel: python-whoosh, python3-whoosh (from https://buildd.debian.org/status/logs.php?arch=armel&pkg=python-whoosh&ver=2.7.0-1";
target="_blank">2.7.0-1)'
  - 'missing build on https://buildd.debian.org/status/logs.php?arch=armhf&pkg=python-whoosh&ver=2.7.0-1.1";
target="_blank">armhf: python-whoosh, python3-whoosh (from https://buildd.debian.org/status/logs.php?arch=armhf&pkg=python-whoosh&ver=2.7.0-1";
target="_blank">2.7.0-1)'
  - 'missing build on https://buildd.debian.org/status/logs.php?arch=mips&pkg=python-whoosh&ver=2.7.0-1.1";
target="_blank">mips: python-whoosh, python3-whoosh (from https://buildd.debian.org/status/logs.php?arch=mips&pkg=python-whoosh&ver=2.7.0-1";
target="_blank">2.7.0-1)'
  - 'missing build on https://buildd.debian.org/status/logs.php?arch=mips64el&pkg=python-whoosh&ver=2.7.0-1.1";
target="_blank">mips64el: python-whoosh, python3-whoosh (from https://buildd.debian.org/status/logs.php?arch=mips64el&pkg=python-whoosh&ver=2.7.0-1";
target="_blank">2.7.0-1)'
  - 'missing build on https://buildd.debian.org/status/logs.php?arch=mipsel&pkg=python-whoosh&ver=2.7.0-1.1";
target="_blank">mipsel: python-whoosh, python3-whoosh (from https://buildd.debian.org/status/logs.php?arch=mipsel&pkg=python-whoosh&ver=2.7.0-1";
target="_blank">2.7.0-1)'
  - 'missing build on https://buildd.debian.org/status/logs.php?arch=ppc64el&pkg=python-whoosh&ver=2.7.0-1.1";
target="_blank">ppc64el: python-whoosh, python3-whoosh (from https://buildd.debian.org/status/logs.php?arch=ppc64el&pkg=python-whoosh&ver=2.7.0-1";
target="_blank">2.7.0-1)'
  - 'missing build on https://buildd.debian.org/status/logs.php?arch=s390x&pkg=python-whoosh&ver=2.7.0-1.1";
target="_blank">s390x: python-whoosh, python3-whoosh (from https://buildd.debian.org/status/logs.php?arch=s390x&pkg=python-whoosh&ver=2.7.0-1";
target="_blank">2.7.0-1)'
  - Piuparts tested OK - https://piuparts.debian.org/sid/source/p/python-whoosh.html";>https://piuparts.debian.org/sid/source/p/python-whoosh.html
  is-candidate: false
  item-name: python-whoosh
  maintainer: أحمد المحمودي (Ahmed El-Mahmoudy)
  missing-builds:
on-architectures:
- amd64
- arm64
- armel
- armhf
- i386
- mips
- mips64el
- mipsel
- ppc64el
- s390x
on-unimportant-architectures: []
  new-version: 2.7.0-1.1
  old-binaries:
2.7.0-1:
- python-whoosh
- python3-whoosh
  old-version: 2.7.0-1
  policy_info:
age:
  age-requirement: 10
  current-age: 0
piuparts:
  piuparts-test-url: 
https://piuparts.debian.org/sid/source/p/python-whoosh.html
  test-results: pass
rc-bugs:
  shared-bugs:
  - '812768'
  unique-source-bugs: []
  unique-target-bugs: []
  reason: []
  source: python-whoosh

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#853195: unblock: emacs-goodies-el/36.3+nmu1

2017-01-30 Thread Sean Whitton 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package emacs-goodies-el.

Fixes upgrading bug found by piuparts: #851605.  Several packages are
threatened by AUTORM due to this bug.

debdiff attached.  Thanks.

unblock emacs-goodies-el/36.3+nmu1

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (900, 'testing'), (100, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
Sean Whitton
diff -Nru emacs-goodies-el-36.3/debian/changelog emacs-goodies-el-36.3+nmu1/debian/changelog
--- emacs-goodies-el-36.3/debian/changelog	2016-11-21 13:20:03.0 -0700
+++ emacs-goodies-el-36.3+nmu1/debian/changelog	2017-01-27 22:15:49.0 -0700
@@ -1,3 +1,13 @@
+emacs-goodies-el (36.3+nmu1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * emacs-goodies-el:
+  - Bug fix: "fails to upgrade lenny -> squeeze -> wheezy -> jessie",
+thanks to Andreas Beckmann (Closes: #851605).  Skip byte-compilation
+for minibuffer-complete-cycle.el on emacs22.
+
+ -- Sean Whitton   Fri, 27 Jan 2017 22:15:49 -0700
+
 emacs-goodies-el (36.3) unstable; urgency=high
 
   * emacs-goodies-el:
diff -Nru emacs-goodies-el-36.3/debian/emacs-goodies-el.emacsen-install.in emacs-goodies-el-36.3+nmu1/debian/emacs-goodies-el.emacsen-install.in
--- emacs-goodies-el-36.3/debian/emacs-goodies-el.emacsen-install.in	2016-11-21 13:17:53.0 -0700
+++ emacs-goodies-el-36.3+nmu1/debian/emacs-goodies-el.emacsen-install.in	2017-01-27 19:27:51.0 -0700
@@ -21,6 +21,7 @@
 EXCLUDED_xemacs21="csv-mode.el minibuf-electric.el pp-c-l.el tabbar.el todoo.el rfcview.el upstart-mode.el maplev.el button-lock.el"
 #EXCLUDED_emacs_snapshot="cua.el cfengine.el ibuffer.el ido.el newsticker.el table.el "
 #EXCLUDED_emacs22="cua.el cfengine.el ibuffer.el ido.el newsticker.el table.el "
+EXCLUDED_emacs22="minibuffer-complete-cycle.el"
 EXCLUDED_emacs23="minibuffer-complete-cycle.el"
 
 # Skip byte-compilation here if necessary:


signature.asc
Description: PGP signature

Bug#853183: unblock: proftpd-dfsg/1.3.5b-2

2017-01-30 Thread Francesco P. Lovergine 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package proftpd-dfsg

We fixed #820984 and #848124 here. Note that while fixing in the debdiff you
will see a now removed debian/proftpd.conf.5 that was due to a missing cleanup
of the debian subdir. That was incidentally introduced into the git tree on 
alioth and
never noted before :-/ I hope that it is not a problem.

unblock proftpd-dfsg/1.3.5b-2

-- System Information:
Debian Release: 8.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=it_IT.utf8, LC_CTYPE=it_IT.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
Francesco P. Lovergine
diff -Nru proftpd-dfsg-1.3.5b/debian/changelog proftpd-dfsg-1.3.5b/debian/changelog
--- proftpd-dfsg-1.3.5b/debian/changelog	2016-12-11 14:48:30.0 +0100
+++ proftpd-dfsg-1.3.5b/debian/changelog	2017-01-30 13:30:29.0 +0100
@@ -1,3 +1,12 @@
+proftpd-dfsg (1.3.5b-2) unstable; urgency=medium
+
+  * Removed debconf support and added NEWS entry to warn about that.
+(Closes: #820984)
+  * Fixed wrong suggest onto libssl-dev (1.1) in proftpd-dev.
+(Closes: #848124)
+
+ -- Francesco Paolo Lovergine   Mon, 30 Jan 2017 13:30:29 +0100
+
 proftpd-dfsg (1.3.5b-1) unstable; urgency=medium
 
   [ Mahyuddin Susanto ]
diff -Nru proftpd-dfsg-1.3.5b/debian/control proftpd-dfsg-1.3.5b/debian/control
--- proftpd-dfsg-1.3.5b/debian/control	2016-12-11 14:48:30.0 +0100
+++ proftpd-dfsg-1.3.5b/debian/control	2017-01-30 13:30:29.0 +0100
@@ -29,7 +29,6 @@
 Package: proftpd-basic
 Architecture: any
 Depends: adduser,
- debconf (>= 0.5.00),
  debianutils (>= 1.21.0),
  libpam-runtime (>= 0.76-13.1),
  netbase (>= 4.13),
@@ -70,7 +69,7 @@
 Architecture: any
 Depends: libacl1-dev,
  libpcre3-dev,
- libssl-dev,
+ libssl1.0-dev,
  libtool,
  libtool-bin,
  proftpd-basic (=${binary:Version}),
diff -Nru proftpd-dfsg-1.3.5b/debian/control.in proftpd-dfsg-1.3.5b/debian/control.in
--- proftpd-dfsg-1.3.5b/debian/control.in	2016-12-11 14:48:30.0 +0100
+++ proftpd-dfsg-1.3.5b/debian/control.in	2017-01-30 13:30:29.0 +0100
@@ -29,7 +29,6 @@
 Package: proftpd-basic
 Architecture: any
 Depends: adduser,
- debconf (>= 0.5.00),
  debianutils (>= 1.21.0),
  libpam-runtime (>= 0.76-13.1),
  netbase (>= 4.13),
@@ -70,7 +69,7 @@
 Architecture: any
 Depends: libacl1-dev,
  libpcre3-dev,
- libssl-dev,
+ libssl1.0-dev,
  libtool,
  libtool-bin,
  proftpd-basic (=${binary:Version}),
diff -Nru proftpd-dfsg-1.3.5b/debian/NEWS proftpd-dfsg-1.3.5b/debian/NEWS
--- proftpd-dfsg-1.3.5b/debian/NEWS	2016-12-11 14:48:30.0 +0100
+++ proftpd-dfsg-1.3.5b/debian/NEWS	2017-01-30 13:30:29.0 +0100
@@ -1,3 +1,13 @@
+proftpd-dfsg (1.3.5b-2) unstable; urgency=medium
+
+Starting from this version, proftpd works by default in standalone mode at
+its first install. It is still possible to use inetd/xinetd mode, but the
+admin has to manage that manually by update-inetd or configuring xinetd.
+Some information about that are provided in the accompanying doc
+/usr/share/doc/proftpd-basic/README.Debian.
+
+ -- Francesco Paolo Lovergine   Fri, 27 Jan 2017 14:44:31 +0100
+
 proftpd-dfsg (1.3.4~rc2-4) unstable; urgency=low
 
 The mod_ldap 2.9 version introduced in 1.3.4 series changed completely 
diff -Nru proftpd-dfsg-1.3.5b/debian/po/cs.po proftpd-dfsg-1.3.5b/debian/po/cs.po
--- proftpd-dfsg-1.3.5b/debian/po/cs.po	2016-12-11 14:48:30.0 +0100
+++ proftpd-dfsg-1.3.5b/debian/po/cs.po	1970-01-01 01:00:00.0 +0100
@@ -1,111 +0,0 @@
-#
-#Translators, if you are not familiar with the PO format, gettext
-#documentation is worth reading, especially sections dedicated to
-#this format, e.g. by running:
-# info -n '(gettext)PO Files'
-# info -n '(gettext)Header Entry'
-#
-#Some information specific to po-debconf are available at
-#/usr/share/doc/po-debconf/README-trans
-# or http://www.debian.org/intl/l10n/po-debconf/README-trans
-#
-#Developers do not need to manually edit POT or PO files.
-#
-msgid ""
-msgstr ""
-"Project-Id-Version: proftpd-dfsg 1.3.3d-3\n"
-"Report-Msgid-Bugs-To: proftpd-d...@packages.debian.org\n"
-"POT-Creation-Date: 2011-02-10 10:03+0100\n"
-"PO-Revision-Date: 2011-03-03 17:30+0100\n"
-"Last-Translator: Michal Simunek \n"
-"Language-Team: Czech \n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: cs\n"
-
-#. Type: select
-#. Choices
-#: ../proftpd-basic.templates:2001
-msgid "from inetd"
-msgstr "z inetd"
-
-#. Type: select
-#.

Bug#853168: unblock: opencv/2.4.9.1+dfsg-2.2

2017-01-30 Thread Julian Andres Klode 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package opencv

The opencv package is a tightly connected set of packages which
underwent the C++ transition. APT refuses to upgrade these packages
as the old ones have too many dependencies amongst each other. 
This especially prevented aptitude and gnome from being upgraded
and caused them to be removed again.

I fixed the issue by just adding breaks against all "old" packages 
(the ones now with v5, but without v5 at the end of the name)
to all "new" packages - This has the effect of pushing down the
scores for the old packages so much that apt will happily upgrade
everything.

See Bug#853124 for further details and logs before/after the
change.

unblock opencv/2.4.9.1+dfsg-2.2

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (900, 'unstable'), (500, 'unstable-debug'), (500, 
'buildd-unstable'), (500, 'testing'), (100, 'experimental'), (1, 
'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

-- 
Debian Developer - deb.li/jak | jak-linux.org - free software dev
  |  Ubuntu Core Developer |
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline').  Thank you.
diff -Nru opencv-2.4.9.1+dfsg/debian/changelog opencv-2.4.9.1+dfsg/debian/changelog
--- opencv-2.4.9.1+dfsg/debian/changelog	2016-10-04 17:07:49.0 +0200
+++ opencv-2.4.9.1+dfsg/debian/changelog	2017-01-30 13:21:19.0 +0100
@@ -1,3 +1,11 @@
+opencv (2.4.9.1+dfsg-2.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add Breaks against all non-v5 packages to all v5 packages, this
+fixes apt dist-upgrade. (Closes: #853124)
+
+ -- Julian Andres Klode   Mon, 30 Jan 2017 13:21:19 +0100
+
 opencv (2.4.9.1+dfsg-2.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru opencv-2.4.9.1+dfsg/debian/control opencv-2.4.9.1+dfsg/debian/control
--- opencv-2.4.9.1+dfsg/debian/control	2016-06-27 07:08:40.0 +0200
+++ opencv-2.4.9.1+dfsg/debian/control	2017-01-30 13:21:07.0 +0100
@@ -292,6 +292,23 @@
 Multi-Arch: same
 Pre-Depends: ${misc:Pre-Depends}
 Depends: ${misc:Depends}, ${shlibs:Depends}
+Breaks: libopencv-calib3d2.4,
+	libopencv-contrib2.4,
+	libopencv-core2.4,
+	libopencv-features2d2.4,
+	libopencv-flann2.4,
+	libopencv-gpu2.4,
+	libopencv-imgproc2.4,
+	libopencv-legacy2.4,
+	libopencv-ml2.4,
+	libopencv-objdetect2.4,
+	libopencv-ocl2.4,
+	libopencv-photo2.4,
+	libopencv-stitching2.4,
+	libopencv-superres2.4,
+	libopencv-ts2.4,
+	libopencv-video2.4,
+	libopencv-videostab2.4
 Conflicts: libopencv-core2.4
 Replaces: libopencv-core2.4
 Description: computer vision core library
@@ -335,6 +352,23 @@
 Pre-Depends: ${misc:Pre-Depends}
 Depends: ${shlibs:Depends}, ${misc:Depends},
 	libopencv-core2.4v5 (= ${binary:Version})
+Breaks: libopencv-calib3d2.4,
+	libopencv-contrib2.4,
+	libopencv-core2.4,
+	libopencv-features2d2.4,
+	libopencv-flann2.4,
+	libopencv-gpu2.4,
+	libopencv-imgproc2.4,
+	libopencv-legacy2.4,
+	libopencv-ml2.4,
+	libopencv-objdetect2.4,
+	libopencv-ocl2.4,
+	libopencv-photo2.4,
+	libopencv-stitching2.4,
+	libopencv-superres2.4,
+	libopencv-ts2.4,
+	libopencv-video2.4,
+	libopencv-videostab2.4
 Conflicts: libopencv-ml2.4
 Replaces: libopencv-ml2.4
 Description: computer vision Machine Learning library
@@ -379,6 +413,23 @@
 Pre-Depends: ${misc:Pre-Depends}
 Depends: ${shlibs:Depends}, ${misc:Depends},
 	libopencv-core2.4v5 (= ${binary:Version})
+Breaks: libopencv-calib3d2.4,
+	libopencv-contrib2.4,
+	libopencv-core2.4,
+	libopencv-features2d2.4,
+	libopencv-flann2.4,
+	libopencv-gpu2.4,
+	libopencv-imgproc2.4,
+	libopencv-legacy2.4,
+	libopencv-ml2.4,
+	libopencv-objdetect2.4,
+	libopencv-ocl2.4,
+	libopencv-photo2.4,
+	libopencv-stitching2.4,
+	libopencv-superres2.4,
+	libopencv-ts2.4,
+	libopencv-video2.4,
+	libopencv-videostab2.4
 Conflicts: libopencv-imgproc2.4
 Replaces: libopencv-imgproc2.4
 Description: computer vision Image Processing library
@@ -423,6 +474,23 @@
 Pre-Depends: ${misc:Pre-Depends}
 Depends: ${shlibs:Depends}, ${misc:Depends},
 	libopencv-imgproc2.4v5 (= ${binary:Version})
+Breaks: libopencv-calib3d2.4,
+	libopencv-contrib2.4,
+	libopencv-core2.4,
+	libopencv-features2d2.4,
+	libopencv-flann2.4,
+	libopencv-gpu2.4,
+	libopencv-imgproc2.4,
+	libopencv-legacy2.4,
+	libopencv-ml2.4,
+	libopencv-objdetect2.4,
+	libopencv-ocl2.4,
+	libopencv-photo2.4,
+	libopencv-stitching2.4,
+	libopencv-superres2.4,
+	libopencv-ts2.4,
+	libopencv-video2.4,
+	libopencv-videostab2.4
 Conflicts: libopencv-video2.4
 Replaces: libopencv-video2.4
 Description: computer vision Video analysis library
@@ -467,6 +535,23 @@
 Pre-Depends: ${misc:Pre-D

Bug#853162: jessie-pu: package xmobar/0.22-1

2017-01-30 Thread Apollon Oikonomopoulos 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Dear SRMs,

I would like to update xmobar in Jessie to fix #835547. As outlined in 
#835547, xmobar has a weather plugin that uses NOAA's feed. NOAA 
recently changed their feed URLs and xmobar has been updated upstream to 
reflect that change.

The fix for Jessie is a simple one-liner, full debdiff attached.

Regards,
Apollon
diff -Nru xmobar-0.22/debian/changelog xmobar-0.22/debian/changelog
--- xmobar-0.22/debian/changelog2014-10-11 21:03:44.0 +0300
+++ xmobar-0.22/debian/changelog2017-01-30 13:37:51.0 +0200
@@ -1,3 +1,9 @@
+xmobar (0.22-1+deb8u1) jessie; urgency=medium
+
+  * Update weather feed URL (Closes: #835547)
+
+ -- Apollon Oikonomopoulos   Mon, 30 Jan 2017 13:37:51 
+0200
+
 xmobar (0.22-1) unstable; urgency=medium
 
   * New upstream version; see /usr/share/doc/xmobar/news.md.gz.
diff -Nru xmobar-0.22/debian/patches/new-weather-stats-url 
xmobar-0.22/debian/patches/new-weather-stats-url
--- xmobar-0.22/debian/patches/new-weather-stats-url1970-01-01 
02:00:00.0 +0200
+++ xmobar-0.22/debian/patches/new-weather-stats-url2017-01-30 
13:33:40.0 +0200
@@ -0,0 +1,26 @@
+From 02d8b97f960d3b84442c23bafca4f518f193427d Mon Sep 17 00:00:00 2001
+From: jao 
+Date: Fri, 5 Aug 2016 15:15:07 +0200
+Subject: [PATCH] New weather stats URL (fixes #270)
+
+---
+ src/Plugins/Monitors/Weather.hs | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/Plugins/Monitors/Weather.hs b/src/Plugins/Monitors/Weather.hs
+index 3cfbc74..0cbad4f 100644
+--- a/src/Plugins/Monitors/Weather.hs
 b/src/Plugins/Monitors/Weather.hs
+@@ -168,7 +168,8 @@ parseData =
+return [WI st ss y m d h wc wa wm wk v sk tC tF dC dF rh p]
+ 
+ defUrl :: String
+-defUrl = "http://weather.noaa.gov/pub/data/observations/metar/decoded/";
++-- "http://weather.noaa.gov/pub/data/observations/metar/decoded/";
++defUrl = "http://tgftp.nws.noaa.gov/data/observations/metar/decoded/";
+ 
+ stationUrl :: String -> String
+ stationUrl station = defUrl ++ station ++ ".TXT"
+-- 
+2.11.0
+
diff -Nru xmobar-0.22/debian/patches/series xmobar-0.22/debian/patches/series
--- xmobar-0.22/debian/patches/series   2014-10-11 21:03:44.0 +0300
+++ xmobar-0.22/debian/patches/series   2017-01-30 13:37:51.0 +0200
@@ -1,2 +1,3 @@
 0001-Fix-typo-in-src-Parsers.hs-fix-lintian-warning.patch
 build-with-mtl-2.1
+new-weather-stats-url

Bug#853155: unblock: python-astropy/1.3-8

2017-01-30 Thread Ole Streicher 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

please unblock python-astropy in the upcoming (Feb 5) freeze.

It solves #852550 "doctests fail for affiliated package",
severity: important, which is blocking an RC bug for astroplan.
Changelog entries:

python-astropy (1.3-8) unstable; urgency=medium

  * Switch to unstable. Closes: #852550
  * Revert unrelated "Improved detection of ascii fast_reader in non-fast
parsers"

 -- Ole Streicher   Wed, 25 Jan 2017 16:17:26 +0100

python-astropy (1.3-8~exp2) experimental; urgency=medium

  * Fix pytest section, finally re-enabling doctests

 -- Ole Streicher   Thu, 19 Jan 2017 17:27:30 +0100

python-astropy (1.3-8~exp1) experimental; urgency=medium

  * Switch to experimental for some tests
  * Try to fix doctest failures
  * Improved detection of ascii fast_reader in non-fast parsers

 -- Ole Streicher   Thu, 19 Jan 2017 09:57:22 +0100

The debdiff is attached. Requested commands:

unblock python-astropy/1.3-8
diff -Nru python-astropy-1.3/debian/changelog 
python-astropy-1.3/debian/changelog
--- python-astropy-1.3/debian/changelog 2017-01-15 14:35:17.0 +0100
+++ python-astropy-1.3/debian/changelog 2017-01-25 16:17:26.0 +0100
@@ -1,3 +1,25 @@
+python-astropy (1.3-8) unstable; urgency=medium
+
+  * Switch to unstable. Closes: #852550
+  * Revert unrelated "Improved detection of ascii fast_reader in non-fast
+parsers"
+
+ -- Ole Streicher   Wed, 25 Jan 2017 16:17:26 +0100
+
+python-astropy (1.3-8~exp2) experimental; urgency=medium
+
+  * Fix pytest section, finally re-enabling doctests
+
+ -- Ole Streicher   Thu, 19 Jan 2017 17:27:30 +0100
+
+python-astropy (1.3-8~exp1) experimental; urgency=medium
+
+  * Switch to experimental for some tests
+  * Try to fix doctest failures
+  * Improved detection of ascii fast_reader in non-fast parsers
+
+ -- Ole Streicher   Thu, 19 Jan 2017 09:57:22 +0100
+
 python-astropy (1.3-7) unstable; urgency=medium
 
   * Allow stderr in all tests
diff -Nru 
python-astropy-1.3/debian/patches/Allow-pytest-3.x-to-use-plugin-for-doctests-in-.rst-files.patch
 
python-astropy-1.3/debian/patches/Allow-pytest-3.x-to-use-plugin-for-doctests-in-.rst-files.patch
--- 
python-astropy-1.3/debian/patches/Allow-pytest-3.x-to-use-plugin-for-doctests-in-.rst-files.patch
   1970-01-01 01:00:00.0 +0100
+++ 
python-astropy-1.3/debian/patches/Allow-pytest-3.x-to-use-plugin-for-doctests-in-.rst-files.patch
   2017-01-25 16:14:59.0 +0100
@@ -0,0 +1,123 @@
+From: Marten van Kerkwijk 
+Date: Wed, 11 Jan 2017 21:59:16 -0500
+Subject: Allow pytest 3.x to use plugin for doctests in .rst files.
+
+Pull request: https://github.com/astropy/astropy/pull/5688
+---
+ astropy/tests/pytest_plugins.py| 17 -
+ astropy/tests/tests/test_runner.py | 16 +---
+ setup.cfg  |  2 +-
+ 3 files changed, 14 insertions(+), 21 deletions(-)
+
+diff --git a/astropy/tests/pytest_plugins.py b/astropy/tests/pytest_plugins.py
+index 27b683d..64f7b74 100644
+--- a/astropy/tests/pytest_plugins.py
 b/astropy/tests/pytest_plugins.py
+@@ -180,7 +180,8 @@ def pytest_configure(config):
+ 
+ # uses internal doctest module parsing mechanism
+ finder = DocTestFinderPlus()
+-runner = doctest.DebugRunner(verbose=False, optionflags=opts)
++runner = doctest.DebugRunner(verbose=False, optionflags=opts,
++ checker=AstropyOutputChecker())
+ for test in finder.find(module):
+ if test.examples:  # skip empty doctests
+ if config.getvalue("remote_data") != 'any':
+@@ -191,21 +192,11 @@ def pytest_configure(config):
+ yield doctest_plugin.DoctestItem(
+ test.name, self, runner, test)
+ 
+-# This is for py.test prior to 2.4.0
+-def runtest(self):
+-return
+-
+-class DocTestTextfilePlus(doctest_plugin.DoctestTextfile):
++class DocTestTextfilePlus(doctest_plugin.DoctestItem, pytest.Module):
+ def runtest(self):
+ # satisfy `FixtureRequest` constructor...
+ self.funcargs = {}
+-try:
+-self._fixtureinfo = doctest_plugin.FuncFixtureInfo((), [], {})
+-fixture_request = doctest_plugin.FixtureRequest(self)
+-except AttributeError:  # pytest >= 2.8.0
+-python_plugin = config.pluginmanager.getplugin('python')
+-self._fixtureinfo = python_plugin.FuncFixtureInfo((), [], {})
+-fixture_request = python_plugin.FixtureRequest(self)
++fixture_request = doctest_plugin._setup_fixtures(self)
+ 
+ failed, tot = doctest.testfile(
+ str(self.fspath), module_relative=False,
+diff --git a/astropy/tests/tests/test_runner.py 
b/astropy/tests/tests/test_runner.py
+index a147cd9..0

Bug#853152: unblock: codelite/10.0+dfsg-1

2017-01-30 Thread James Cowgill 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi,

Please unblock package codelite.

I recently uploaded a new version of codelite and was hoping for it to
be included in stretch. It was uploaded "within the time" but
unfortunately (?) I switched from LLVM 3.8 to 3.9 and it built on armel,
so it depends on the newer version of LLVM 3.9 which is not in testing yet.

Would it be possible to unblock codelite so it migrates when LLVM 3.9
does? I understand if you don't want this in stretch and it was pretty
late - it isn't a hugely important update.

Alternatively, could you age LLVM 3.9 so codelite doesn't need an unblock?

Thanks,
James

unblock codelite/10.0+dfsg-1



signature.asc
Description: OpenPGP digital signature

Bug#850931: jessie-pu: package mongodb/1:2.4.10-5

2017-01-30 Thread Apollon Oikonomopoulos 
On 16:36 Sat 28 Jan , Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Wed, 2017-01-11 at 12:46 +0200, Apollon Oikonomopoulos wrote:
> >  - CVE-2016-6494[1] is fixed by backporting the patch already applied to 
> >2.6 (once in sid).
> > 
> >  - TEMP-0833087-C5410D[2] is fixed by reimplementing upstream's fix for 
> >2.6[3] using the infrastructure available in MongoDB 2.4.  
> >Unfortunately the mutable BSON infrastructure used in 2.6 is 
> >incomplete and unusable in 2.4. I benchmarked my own version and 
> >found no measurable performance impact.
> 
> Please go ahead.
> 
> fwiw:
> 
> +This fixes TEMP-0833087-C5410D and closes #833087.
> 
> The Security Team have previously requested that TEMP-* identifiers not
> be used in changelogs at least; I'm not sure how far that extends to
> things like patch headers.

Uploaded with the following interdiff:

diff -u 
mongodb-2.4.10/debian/patches/Redact-key-and-nonce-from-auth-attempt-logs.patch 
mongodb-2.4.10/debian/patches/Redact-key-and-nonce-f
--- 
mongodb-2.4.10/debian/patches/Redact-key-and-nonce-from-auth-attempt-logs.patch 
2017-01-11 11:17:09.0 +0200
+++ 
mongodb-2.4.10/debian/patches/Redact-key-and-nonce-from-auth-attempt-logs.patch 
2017-01-11 11:17:56.0 +0200
@@ -1,9 +1,8 @@
 From 1d44ca172befd6ad6d3a6cb410ddf7a0e31b6f81 Mon Sep 17 00:00:00 2001
 From: Apollon Oikonomopoulos 
 Date: Tue, 10 Jan 2017 17:39:57 +0200
+Bug-Debian: #833087
 Subject: [PATCH] Redact key and nonce from auth attempt logs
-
-This fixes TEMP-0833087-C5410D and closes #833087.
 ---
  src/mongo/db/commands/authentication_commands.cpp | 17 -
  1 file changed, 16 insertions(+), 1 deletion(-)

Regards,
Apollon

Bug#851742: [packages] Bug#851742: unblock: libhttp-daemon-ssl-perl/1.04-3.1

2017-01-30 Thread Benoit Mortier 
Le 29/01/2017 à 13:06, Mike Gabriel a écrit :
> Hi Jonathan,

Hello Jonathan,

> On  So 29 Jan 2017 12:01:35 CET, Jonathan Wiltshire wrote:
> 
>> Control: tag -1 moreinfo
>>
>> Hi,
>>
>> On Wed, Jan 18, 2017 at 12:28:03PM +0100, Mike Gabriel wrote:
>>> Please unblock package libhttp-daemon-ssl-perl.
>>
>> I'm not wild about it. What is the impact on Fusion Directory?
> 
> Thanks for even considering an unblock. The impact on FD is that Debian
> 9 will ship an old Argonaut version. I have Cc:ed upstream via our
> maintenance mailing list and leave it to Benoit giving a detailed answer
> to your question.
> 
> In general, Fusion Directory and Argonaut development happens hand in
> hand in the same upstream context. For projects being co-developed in
> such a way, my overall experience is to always ship the versions that
> have been released together. For FD/Argonaut as of now, this is: FD
> 1.0.19 +  Argonaut 1.0.

yes thats the case as argonaut evolved a lots this past year and is
morphing from client / server role to being the tools to be the shell /
cli part of FusionDirectory.

> Expecting an answer given in more technical depth from Benoit (Fusion
> Directoy / Argonaut upstream lead).

the difference are huge between those two versions, here i'am listing
what the 0.9.2 miss regarding the 1.0 version

- Argonaut is now full SSL enabled
- Support of RPM packages for deploying with FAI
- Service management and System management is now fully Systemd compliant
- Ldap2zone support  ipv6, bind views and bind acls
- Extensibility of Argonaut Actions in FusionDirectory
- Lots of FAI Fixes

It mean that if we keep Argonaut 0.9.2 :

- Fai support will be broken
- DNS support is not usable with current FusionDirectory
- Perl cleaning and security enhancement will not be available

We are using own backports so our users can use Argonaut on Jessie and
it has been proved to work without any issues, more than 50 know
installations.

Have a nice day
-- 
Benoit Mortier
CEO
OpenSides "logiciels libres pour entreprises" : http://www.opensides.eu/
Promouvoir et défendre le Logiciel Libre http://www.april.org/
Main developper in FusionDirectory : http://www.fusiondirectory.org/
Official French representative for OPSI : http://opsi.org/



signature.asc
Description: OpenPGP digital signature