Bug#862457: jessie-pu: package gdm3/3.14.1-8~deb8u1

[Adrian Bunk]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

The Uploaders field changed since it is automatically
generated during the build, listing the uploaders from
the 10 most recent uploads in the changelog that are
also GNOME team members.


 changelog |   14 ++
 control   |2 +-
 patches/07_fix_caribou_path.patch |   15 +++
 patches/series|1 +
 4 files changed, 31 insertions(+), 1 deletion(-)

diff -Nru gdm3-3.14.1/debian/changelog gdm3-3.14.1/debian/changelog
--- gdm3-3.14.1/debian/changelog2015-04-04 10:20:26.0 +0300
+++ gdm3-3.14.1/debian/changelog2017-05-13 00:19:02.0 +0300
@@ -1,3 +1,17 @@
+gdm3 (3.14.1-8~deb8u1) jessie; urgency=medium
+
+  * Non-maintainer upload.
+  * Rebuild for jessie.
+
+ -- Adrian Bunk   Sat, 13 May 2017 00:18:41 +0300
+
+gdm3 (3.14.1-8) unstable; urgency=medium
+
+  * d/p/07_fix_caribou_path.patch: Fix the path to the caribou daemon in the
+autostart desktop file (Closes: #784671)
+
+ -- Laurent Bigonville   Tue, 09 Jun 2015 15:04:11 +0200
+
 gdm3 (3.14.1-7) unstable; urgency=medium
 
   * Add Conflicts/Replaces: gdm in libgdm1 as well. Closes: #781535.
diff -Nru gdm3-3.14.1/debian/control gdm3-3.14.1/debian/control
--- gdm3-3.14.1/debian/control  2015-04-04 10:30:27.0 +0300
+++ gdm3-3.14.1/debian/control  2017-05-13 00:24:05.0 +0300
@@ -6,7 +6,7 @@
 Section: gnome
 Priority: optional
 Maintainer: Debian GNOME Maintainers 

-Uploaders: Andreas Henriksson , Josselin Mouette 
, Laurent Bigonville 
+Uploaders: Josselin Mouette , Laurent Bigonville 

 Build-Depends: gnome-pkg-tools (>= 0.16.3),
debhelper (>= 8.1.3),
cdbs (>= 0.4.122~),
diff -Nru gdm3-3.14.1/debian/patches/07_fix_caribou_path.patch 
gdm3-3.14.1/debian/patches/07_fix_caribou_path.patch
--- gdm3-3.14.1/debian/patches/07_fix_caribou_path.patch1970-01-01 
02:00:00.0 +0200
+++ gdm3-3.14.1/debian/patches/07_fix_caribou_path.patch2015-06-09 
15:37:34.0 +0300
@@ -0,0 +1,15 @@
+Description: Fix caribou daemon path in autostart file
+From: Laurent Bigonville 
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784671
+Forwarded: not-needed
+
+--- a/data/autostart/caribou-autostart.desktop.in
 b/data/autostart/caribou-autostart.desktop.in
+@@ -1,6 +1,6 @@
+ [Desktop Entry]
+ Type=Application
+ Name=Caribou
+-Exec=@LIBEXECDIR@/caribou
++Exec=/usr/lib/caribou/caribou
+ AutostartCondition=GSettings org.gnome.desktop.a11y.applications 
screen-keyboard-enabled
+ X-GNOME-AutoRestart=true
diff -Nru gdm3-3.14.1/debian/patches/series gdm3-3.14.1/debian/patches/series
--- gdm3-3.14.1/debian/patches/series   2015-03-11 20:27:40.0 +0200
+++ gdm3-3.14.1/debian/patches/series   2015-06-09 13:59:34.0 +0300
@@ -1,3 +1,4 @@
+07_fix_caribou_path.patch
 08_frequent-users_greeter.patch
 09_default_session.patch
 16_xserver_path.patch

Bug#862456: jessie-pu: package cfitsio/3.370-2+deb8u1

[Aurelien Jarno]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Dear release team,

I would like to fix the cfitsio package in stable wrt bug#800819. The
wrong use of memcpy on overlapping area causes some tests in depending
packages to fail. More importantly this bug is likely to cause issues
on other architectures. The patch, which simply replaces memcpy by
memmove is included upstream for quite some time now, as well as in
stretch.

You will find below the full debdiff of the proposed changes. Thanks for
considering.

Regards,
Aurelien


diff -Nru cfitsio-3.370/debian/changelog cfitsio-3.370/debian/changelog
--- cfitsio-3.370/debian/changelog  2014-09-05 21:10:20.0 +
+++ cfitsio-3.370/debian/changelog  2017-05-12 20:25:50.0 +
@@ -1,3 +1,10 @@
+cfitsio (3.370-2+deb8u1) jessie; urgency=medium
+
+  * Add patches/09-memcpy-overlap.diff to use memmove instead of memcpy
+where memory area might overlap (closes: #800819).
+
+ -- Aurelien Jarno   Fri, 12 May 2017 20:25:21 +
+
 cfitsio (3.370-2) unstable; urgency=medium
 
   * Upload to unstable.
diff -Nru cfitsio-3.370/debian/patches/09-memcpy-overlap.diff 
cfitsio-3.370/debian/patches/09-memcpy-overlap.diff
--- cfitsio-3.370/debian/patches/09-memcpy-overlap.diff 1970-01-01 
00:00:00.0 +
+++ cfitsio-3.370/debian/patches/09-memcpy-overlap.diff 2017-05-12 
20:25:18.0 +
@@ -0,0 +1,44 @@
+--- cfitsio-3.370.orig/getcolb.c
 cfitsio-3.370/getcolb.c
+@@ -1008,7 +1008,7 @@ int fffi1i1(unsigned char *input, /* I -
+ {
+ if (scale == 1. && zero == 0.)  /* no scaling */
+ {  /* this routine is normally not called in this case */
+-   memcpy(output, input, ntodo );
++   memmove(output, input, ntodo );
+ }
+ else /* must scale the data */
+ {
+--- cfitsio-3.370.orig/getcold.c
 cfitsio-3.370/getcold.c
+@@ -1444,7 +1444,7 @@ int fffr8r8(double *input,/* I -
+ {
+ if (scale == 1. && zero == 0.)  /* no scaling */
+ {   
+-memcpy(output, input, ntodo * sizeof(double) );
++memmove(output, input, ntodo * sizeof(double) );
+ }
+ else /* must scale the data */
+ {
+--- cfitsio-3.370.orig/getcole.c
 cfitsio-3.370/getcole.c
+@@ -1349,7 +1349,7 @@ int fffr4r4(float *input, /* I -
+ {
+ if (scale == 1. && zero == 0.)  /* no scaling */
+ {   
+-memcpy(output, input, ntodo * sizeof(float) );
++memmove(output, input, ntodo * sizeof(float) );
+ }
+ else /* must scale the data */
+ {
+--- cfitsio-3.370.orig/getcoli.c
 cfitsio-3.370/getcoli.c
+@@ -1047,7 +1047,7 @@ int fffi2i2(short *input, /* I -
+ {
+ if (scale == 1. && zero == 0.)  /* no scaling */
+ {   
+-memcpy(output, input, ntodo * sizeof(short) );
++memmove(output, input, ntodo * sizeof(short) );
+ }
+ else /* must scale the data */
+ {
diff -Nru cfitsio-3.370/debian/patches/series 
cfitsio-3.370/debian/patches/series
--- cfitsio-3.370/debian/patches/series 2014-09-05 21:09:53.0 +
+++ cfitsio-3.370/debian/patches/series 2017-05-12 20:25:18.0 +
@@ -6,3 +6,4 @@
 06-fpack-funpack-dynamic-link.diff
 07-testprog-static-link.diff
 08-hurd.diff
+09-memcpy-overlap.diff

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#862453: jessie-pu: package fwsnort/1.6.5-2~deb8u1

[Adrian Bunk]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

 changelog |   18 ++
 control   |4 ++--
 gbp.conf  |4 
 patches/fix-dport-bracket-usage.patch |   27 +++
 patches/series|1 +
 5 files changed, 52 insertions(+), 2 deletions(-)

diff -Nru fwsnort-1.6.5/debian/changelog fwsnort-1.6.5/debian/changelog
--- fwsnort-1.6.5/debian/changelog  2014-08-30 20:11:55.0 +0300
+++ fwsnort-1.6.5/debian/changelog  2017-05-12 23:18:55.0 +0300
@@ -1,3 +1,21 @@
+fwsnort (1.6.5-2~deb8u1) jessie; urgency=medium
+
+  * QA upload.
+  * Rebuild for jessie.
+
+ -- Adrian Bunk   Fri, 12 May 2017 23:18:30 +0300
+
+fwsnort (1.6.5-2) unstable; urgency=medium
+
+  * Orphan the package. (See #831274.)
++ Set Maintainer to Debian QA Group.
+  * Add a debian/gbp.conf and "-b debian" to Vcs-Git to reflect the git
+repository layout.
+  * Add patch to also remove square brackets from single port definitions.
+(Closes: #860164)
+
+ -- Axel Beckert   Sat, 06 May 2017 16:17:38 +0200
+
 fwsnort (1.6.5-1) unstable; urgency=low
 
   * Imported Upstream version 1.6.5
diff -Nru fwsnort-1.6.5/debian/control fwsnort-1.6.5/debian/control
--- fwsnort-1.6.5/debian/control2014-08-30 20:11:55.0 +0300
+++ fwsnort-1.6.5/debian/control2017-05-06 13:31:14.0 +0300
@@ -3,9 +3,9 @@
 Priority: optional
 Build-Depends: debhelper (>= 8)
 Build-Depends-Indep: po-debconf
-Maintainer: Franck Joncourt 
+Maintainer: Debian QA Group 
 Standards-Version: 3.9.5
-Vcs-git: git://anonscm.debian.org/collab-maint/fwsnort.git
+Vcs-Git: git://anonscm.debian.org/collab-maint/fwsnort.git -b debian
 Vcs-Browser: 
https://anonscm.debian.org/gitweb/?p=collab-maint/fwsnort.git;a=summary
 Homepage: http://www.cipherdyne.org/fwsnort/
 
diff -Nru fwsnort-1.6.5/debian/gbp.conf fwsnort-1.6.5/debian/gbp.conf
--- fwsnort-1.6.5/debian/gbp.conf   1970-01-01 02:00:00.0 +0200
+++ fwsnort-1.6.5/debian/gbp.conf   2017-05-06 13:18:38.0 +0300
@@ -0,0 +1,4 @@
+# Configuration file for git-buildpackage and friends
+
+[DEFAULT]
+debian-branch = debian
diff -Nru fwsnort-1.6.5/debian/patches/fix-dport-bracket-usage.patch 
fwsnort-1.6.5/debian/patches/fix-dport-bracket-usage.patch
--- fwsnort-1.6.5/debian/patches/fix-dport-bracket-usage.patch  1970-01-01 
02:00:00.0 +0200
+++ fwsnort-1.6.5/debian/patches/fix-dport-bracket-usage.patch  2017-05-06 
14:22:03.0 +0300
@@ -0,0 +1,27 @@
+Description: Also remove square brackets from single port definitions
+Bug-Debian: https://bugs.debian.org/860164
+
+--- a/fwsnort
 b/fwsnort
+@@ -1137,10 +1137,10 @@
+ }
+ 
+ for my $var (qw(sport dport)) {
++$hsh{$var} =~ s/\[//;
++$hsh{$var} =~ s/\]//;
+ next unless $hsh{$var} =~ /,/;
+ if ($ipt_have_multiport_match) {
+-$hsh{$var} =~ s/\[//;
+-$hsh{$var} =~ s/\]//;
+ my $ctr = 1;
+ my @ports = split /\s*,\s*/, $hsh{$var};
+ my $ports_str = '';
+@@ -1162,8 +1162,6 @@
+ "$hsh{$var} until the $ipt_str multiport match is 
supported " .
+ "at line: $line_num.");
+ $hsh{$var} =~ s/,.*//;
+-$hsh{$var} =~ s/\[//;
+-$hsh{$var} =~ s/\]//;
+ }
+ }
+ 
diff -Nru fwsnort-1.6.5/debian/patches/series 
fwsnort-1.6.5/debian/patches/series
--- fwsnort-1.6.5/debian/patches/series 1970-01-01 02:00:00.0 +0200
+++ fwsnort-1.6.5/debian/patches/series 2017-05-06 14:22:03.0 +0300
@@ -0,0 +1 @@
+fix-dport-bracket-usage.patch

Bug#862449: unblock: drbd-utils/8.9.10-2

[Apollon Oikonomopoulos]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear Release Team,

Please unblock package drbd-utils.

The version currently in Stretch has a serious bug (#862248) that 
prevents the service from being disabled/enabled using update-rc.d.  
Furthermore, during the investigation of this issue, I realized that 
upgrades from previous versions might leave stale systemd links around.
The package in unstable fixes both issues.

Furthermore, in order to better align with upstream, the drbd service is 
disabled by default on new installations; upstream recommends using a 
cluster management software to control the DRBD service and has disabled 
the initscript in their own packages.

Full debdiff attached.

Regards,
Apollon

unblock drbd-utils/8.9.10-2
diff -Nru drbd-utils-8.9.10/debian/changelog drbd-utils-8.9.10/debian/changelog
--- drbd-utils-8.9.10/debian/changelog	2016-12-23 17:41:42.0 +0200
+++ drbd-utils-8.9.10/debian/changelog	2017-05-12 15:05:39.0 +0300
@@ -1,3 +1,22 @@
+drbd-utils (8.9.10-2) unstable; urgency=medium
+
+  * Fix the service enable/disable logic (broken since 8.9.8-1, closes:
+#862248):
++ Add Default-Start runlevels to the initscript so that it can be
+  enabled/disabled again (broken since 8.9.8-1, see #862248).
++ Clean up stale systemd state on upgrade from versions that shipped a
+  native systemd unit.
+  * Disable the service by default on new installations, following upstream's
+policy.
++ Document disabling the service in debian/NEWS.
++ Override lintian error about duplicate update-rc.d calls.
+  * Do not restart the drbd service on upgrade; kernel reconfiguration is not
+needed when the tools change.
+  * d/NEWS: use the new source name and drop the epoch, to avoid displaying
+existing notices on every upgrade.
+
+ -- Apollon Oikonomopoulos   Fri, 12 May 2017 15:05:39 +0300
+
 drbd-utils (8.9.10-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru drbd-utils-8.9.10/debian/drbd-utils.lintian-overrides drbd-utils-8.9.10/debian/drbd-utils.lintian-overrides
--- drbd-utils-8.9.10/debian/drbd-utils.lintian-overrides	1970-01-01 02:00:00.0 +0200
+++ drbd-utils-8.9.10/debian/drbd-utils.lintian-overrides	2017-05-12 15:05:39.0 +0300
@@ -0,0 +1 @@
+drbd-utils: duplicate-updaterc.d-calls-in-postinst drbd
diff -Nru drbd-utils-8.9.10/debian/drbd-utils.postinst drbd-utils-8.9.10/debian/drbd-utils.postinst
--- drbd-utils-8.9.10/debian/drbd-utils.postinst	1970-01-01 02:00:00.0 +0200
+++ drbd-utils-8.9.10/debian/drbd-utils.postinst	2017-05-12 15:05:39.0 +0300
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -e
+
+# Cleanup the old systemd unit state, if applicable
+if dpkg --compare-versions "$2" lt-nl "8.9.5-1~"; then
+	if deb-systemd-helper debian-installed drbd.service; then
+		deb-systemd-helper purge drbd.service >/dev/null
+		deb-systemd-helper unmask drbd.service >/dev/null
+	fi
+fi
+
+# Disable the DRBD service by default on new installations
+if [ -z "$2" ]; then
+	update-rc.d drbd defaults >/dev/null || true
+	update-rc.d drbd disable >/dev/null || true
+fi
+
+#DEBHELPER#
diff -Nru drbd-utils-8.9.10/debian/NEWS drbd-utils-8.9.10/debian/NEWS
--- drbd-utils-8.9.10/debian/NEWS	2015-04-30 15:53:09.0 +0300
+++ drbd-utils-8.9.10/debian/NEWS	2017-05-12 15:05:39.0 +0300
@@ -1,4 +1,22 @@
-drbd8 (2:8.4.4-1) unstable; urgency=low
+drbd-utils (8.9.10-2) unstable; urgency=medium
+
+  The drbd service is now disabled by default on new installations. Upstream
+  recommends that a cluster management software be used to control DRBD
+  instead. If your setup relies on the drbd service however, you can still
+  enable it using
+
+systemctl enable drbd.service
+
+  or
+
+update-rc.d drbd enable
+
+  Again, this applies only to new installations of the package, upgrades from
+  older versions will leave the service intact.
+
+ -- Apollon Oikonomopoulos   Fri, 12 May 2017 20:15:24 +0300
+
+drbd-utils (8.4.4-1) unstable; urgency=low
 
   DRBD 8.4 includes a number of important changes from the 8.3 series, both
   in operation and in configuration files. An overview of these changes is
diff -Nru drbd-utils-8.9.10/debian/patches/initscript-add-start-runlevels.patch drbd-utils-8.9.10/debian/patches/initscript-add-start-runlevels.patch
--- drbd-utils-8.9.10/debian/patches/initscript-add-start-runlevels.patch	1970-01-01 02:00:00.0 +0200
+++ drbd-utils-8.9.10/debian/patches/initscript-add-start-runlevels.patch	2017-05-12 14:46:52.0 +0300
@@ -0,0 +1,18 @@
+Author: Apollon Oikonomopoulos 
+Description: Add Default-Start runlevels to the initscript
+ The initscripts lacks Default-Start runlevels, causing update-rc.d to
+ shortcircuit any attempt to enable/disable the service.
+Last-Update: 2017-05-12
+Forwarded: no
+Bug-Debian: https://bugs.debian.org/862248
+--- a/scripts/drbd
 b/scripts/drbd
+@@ -13,7 +13,7 @@
+ # Required-Stop:

Bug#862439: unblock: eterm/0.9.6-5

[Adrian Bunk]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Except for some whitespace change in command.c, the only
difference after applying patches is the one-line #728813
fix in fix-esetroot-on-pseudocolor.patch

This one-line bugfix is the part I would like to see in stretch.

If unblocking this is not acceptable, I can make a t-p-u
(or unstable) upload containing only the #728813 fix on
top of 0.9.6-4.


 changelog|9 +++
 patches/command.c.patch  |   44 ---
 patches/fix-esetroot-on-pseudocolor.patch|   14 ++
 patches/manpage-is-dated-2008-08-17  |   11 
 patches/manpage-is-dated-2008-08-17.patch|   11 
 patches/run-shell-correctly.patch|   16 ++
 patches/series   |   11 ++--
 patches/typos-in-eterm-1-in  |   31 -
 patches/typos-in-eterm-1-in.patch|   32 +
 patches/typos-in-eterm-reference-html|   13 -
 patches/typos-in-eterm-reference-html.patch  |   13 +
 patches/we-will-do-fine-without-the-build-date   |   13 -
 patches/we-will-do-fine-without-the-build-date.patch |   13 +
 13 files changed, 114 insertions(+), 117 deletions(-)

diff -Nru eterm-0.9.6/debian/changelog eterm-0.9.6/debian/changelog
--- eterm-0.9.6/debian/changelog2016-03-05 18:22:37.0 +0200
+++ eterm-0.9.6/debian/changelog2017-01-29 20:02:04.0 +0200
@@ -1,3 +1,12 @@
+eterm (0.9.6-5) unstable; urgency=medium
+
+  * QA upload.
+  * Rename all patches to have .patch ending.
+  * Fix Esetroot on PseudoColor visual. Closes: #728813.
+Thanks to Kevin Ryde for the patch.
+
+ -- Santiago Vila   Sun, 29 Jan 2017 19:02:04 +0100
+
 eterm (0.9.6-4) unstable; urgency=medium
 
   * QA upload.
diff -Nru eterm-0.9.6/debian/patches/command.c.patch 
eterm-0.9.6/debian/patches/command.c.patch
--- eterm-0.9.6/debian/patches/command.c.patch  2016-03-05 18:12:49.0 
+0200
+++ eterm-0.9.6/debian/patches/command.c.patch  1970-01-01 02:00:00.0 
+0200
@@ -1,44 +0,0 @@
-Description: Workaround for making Eterm run shell.
-Forwarded: not-needed
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770369
-Author: Arnaud Ceyrolle 
-Index: eterm-0.9.6/src/command.c
-===
 eterm-0.9.6.orig/src/command.c
-+++ eterm-0.9.6/src/command.c
-@@ -1561,7 +1561,7 @@ get_tty(void)
-  * child processes remain alive upon deletion of the window.
-  */
- {
--unsigned short i;
-+unsigned long i;
- unsigned long max_fds;
- 
- /* get number of available file descriptors */
-@@ -2354,7 +2354,7 @@ run_command(char **argv)
- privileges(REVERT);
- }
- 
--/* Permanently revoke all privileges for the child process.  
-+/* Permanently revoke all privileges for the child process.
-Root shells for everyone are tres uncool ;^) -- mej */
- #ifdef _HPUX_SOURCE
- setresuid(my_ruid, my_ruid, my_euid);
-@@ -3671,7 +3671,7 @@ main_loop(void)
- D_SCREEN(("Adding %d lines (%d chars); str == %8p, cmdbuf_ptr == 
%8p, cmdbuf_endp == %8p\n",
-   nlines, cmdbuf_ptr - str, str, cmdbuf_ptr, 
cmdbuf_endp));
- #if FIXME_BLOCK
--/* 
-+/*
-  * iconv() is not my friend. :-( I've tried various things
-  * to make this work (including UCS2, SJIS, EUCJ, and
-  * WCHAR_T), but nothing has worked.  I'm obviously
-@@ -3800,7 +3800,7 @@ v_doPending(void)
- 
- /* Write data to the pty as typed by the user, pasted with the mouse,
-  * or generated by us in response to a query ESC sequence.
-- * Code stolen from xterm 
-+ * Code stolen from xterm
-  */
- void
- v_writeBig(int f, char *d, int len)
diff -Nru eterm-0.9.6/debian/patches/fix-esetroot-on-pseudocolor.patch 
eterm-0.9.6/debian/patches/fix-esetroot-on-pseudocolor.patch
--- eterm-0.9.6/debian/patches/fix-esetroot-on-pseudocolor.patch
1970-01-01 02:00:00.0 +0200
+++ eterm-0.9.6/debian/patches/fix-esetroot-on-pseudocolor.patch
2017-01-29 19:06:00.0 +0200
@@ -0,0 +1,14 @@
+From: Kevin Ryde 
+Subject: Fix Esetroot on PseudoColor visual
+Bug-Debian: https://bugs.debian.org/728813
+
+--- a/utils/Esetroot.c
 b/utils/Esetroot.c
+@@ -180,6 +180,7 @@
+ }
+ imlib_context_set_display(Xdisplay);
+ imlib_context_set_visual(DefaultVisual(Xdisplay, 
DefaultScreen(Xdisplay)));
++imlib_context_set_colormap(DefaultColormap(Xdisplay, 
DefaultScreen(Xdisplay)));
+ im = imlib_load_image_immediately(fname);
+ if (!im) {
+ fprintf(stderr, "%s:  Unable to load image file \"%s\".\n", *argv, 
fname);
diff -Nru eterm-0.9.6/debian/patches/manpage-is-dat

Bug#862438: jessie-pu: package eterm/0.9.6-1+deb8u1

[Adrian Bunk]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

 eterm-0.9.6/debian/changelog |8 
 src/command.c|2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff -u eterm-0.9.6/debian/changelog eterm-0.9.6/debian/changelog
--- eterm-0.9.6/debian/changelog
+++ eterm-0.9.6/debian/changelog
@@ -1,3 +1,11 @@
+eterm (0.9.6-1+deb8u1) jessie; urgency=medium
+
+  * QA upload.
+  * Apply patch from Arnaud Ceyrolle to fix problems when starting
+or stopping the shell caused by an integer overflow. (Closes: #770369)
+
+ -- Adrian Bunk   Fri, 12 May 2017 19:52:47 +0300
+
 eterm (0.9.6-1) unstable; urgency=low
 
   * QA upload.
only in patch2:
unchanged:
--- eterm-0.9.6.orig/src/command.c
+++ eterm-0.9.6/src/command.c
@@ -1561,7 +1561,7 @@
  * child processes remain alive upon deletion of the window.
  */
 {
-unsigned short i;
+unsigned long i;
 unsigned long max_fds;
 
 /* get number of available file descriptors */

Re: [debian-mysql] Fixing the jessie->stretch upgrade path

[Norvald H. Ryeng]

On Fri, 12 May 2017 14:09:02 +0200
Ondřej Surý  wrote:

> On Fri, May 12, 2017, at 13:31, Norvald H. Ryeng wrote:
> > On Fri, 12 May 2017 11:26:13 +0200
> > Ondřej Surý  wrote:
> >   
> > > Dear release team and fellow MySQL/MariaDB maintainers,
> > > 
> > > the situation in stretch in regards to clean upgrade path from
> > > jessie is a little bit unfortunate. It works for most cases when
> > > something depends on default-mysql-server and pulls it as a
> > > dependency. But in situations where mysql-server was the top
> > > dependency, it simply uninstalls mysql-server-5.5 without any
> > > replacement.
> > > 
> > > I understand the reasons why we are here, but the situation where
> > > user needs to do:
> > > apt-get update
> > > # apt-get upgrade
> > > apt-get install default-mysql-server
> > > apt-get dist-upgrade
> > > 
> > > is very inconvenient for the users and I foresee this will cause
> > > a lot of complaints, because it's quite common to run just
> > > "mysql-server" on the server.
> > > 
> > > Therefore I am proposing a one time fix specifically targeted at
> > > stretch. I would like to prepare 'mysql-transitional' package that
> > > will create a couple of dummy/transitional packages structured
> > > like this:
> > > 
> > > mysql-server depends on default-mysql-server
> > > mysql-client depends on default-mysql-client
> > > 
> > > The version would be 5.5.999+mariadb, so it is always higher than
> > > version in jessie, but always lower than version in sid, as I
> > > don't want force epoch on mysql-5.7.  
> > 
> > I agree that this sounds like it will work for stretch, and it's
> > much better than bumping epoch on mysql-5.7.
> > 
> > As you say, it's a one time fix, but I'm a bit concerned about what
> > happens when those packages again are provided by MySQL. Let's think
> > through what will happen in buster. There are three options:  
> 
> And all of them would be easily solved by having the
> mariadb-server-10.X and mariadb-client-10.X Conflicts with
> mysql-server and mysql-client.

And as long as MySQL and MariaDB are not co-installable, they should
conflict. But below you say we must make the packages co-installable
to have both I'm a bit confused. Can you please elaborate?

> > 1) Buster contains only MariaDB. Will these packages also be in
> > buster? If not, what happens on upgrade from stretch to buster?
> > Will we have the same problem again?  
> 
> default-mysql-* will already be installed, it will pull new
> mariadb-*-10.x packages and mysql-server/mysql-client will be removed.
> Nothing must depend on mysql-server/mysql-client already, so those
> will be just dangling packages ready to be removed.
> 
> > 2) Buster contains both MySQL and MariaDB. MariaDB is default. The
> > mysql-server and mysql-client packages are provided by MySQL, but
> > default-mysql-server and default-mysql-client point to MariaDB. How
> > will the upgrade go? Some users have installed mysql-server or
> > mysql-client explicitly, while others have installed a different
> > package that depends on default-mysql-server or
> > default-mysql-client.  
> 
> I don't think this is going to happen, but if it does, we will have to
> make MariaDB and MySQL coinstallable with each other, because the
> packages might depend on specific flavour.

The default is to include MySQL in buster. The release team only made a
decision about stretch, so unless they make a new decision, MySQL will
be in buster. Therefore, we have to handle this case.

That said, I definitely wouldn't mind making the packages
co-installable, no matter what ends up in which version of Debian.

Best regards,

Norvald H. Ryeng

Processed: Re: Bug#862214: Pre-approval request, unblock: vtk6/6.3.0+dfsg1-5

[Debian Bug Tracking System]

Processing control commands:

> tags -1 confirmed moreinfo
Bug #862214 [release.debian.org] Pre-approval request, unblock: 
vtk6/6.3.0+dfsg1-5
Added tag(s) confirmed and moreinfo.

-- 
862214: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862214
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#862214: Pre-approval request, unblock: vtk6/6.3.0+dfsg1-5

[Niels Thykier]

Control: tags -1 confirmed moreinfo

Anton Gladky:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package vtk6
> 
> During the last upload of the version 6.3.0+dfsg1-4 some line endings
> in autopkgtests were accidentally broken and it causes test failures [1].
> 
> This upload is trivial and just replaces broken line endings.
> 
> [1] https://ci.debian.net/packages/v/vtk6/unstable/amd64/
> 
> unblock vtk6/6.3.0+dfsg1-5
> 
> 
> Thanks,
> 
> Anton
> 

Please go ahead and remove the moreinfo tag once the upload has been
accepted into unstable and built on all relevant release architectures.

Thanks,
~Niels

Bug#861442: marked as done (unblock: (pre-approval) courier/0.76.3-5)

[Debian Bug Tracking System]

Your message dated Fri, 12 May 2017 14:31:00 +
with message-id <62e857e5-4232-bc07-d652-c72579c90...@thykier.net>
and subject line Re: Bug#861442: unblock: (pre-approval) courier/0.76.3-5
has caused the Debian Bug report #861442,
regarding unblock: (pre-approval) courier/0.76.3-5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
861442: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861442
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear Release Team,

only after the freeze, I realized that courier-mta is unmaintained and
got orphaned a couple moons ago. As I still use and like that MTA, but
it broke after an upgrade to stretch, I opted to adopt courier and
continue maintenance (#823807).

I realize it's pretty late in the process, but I'd appreciate keeping
courier in stretch. In any case, I plan to continue maintaining the
package for later releases.

I tried to keep the changes minimal, but mainly focused on getting
things to work. Quite a few changes for different important issues
accumulated. Note that I already have this version of courier in use on
stretch (it actually processed this very email).

Please indicate if any of the parts are not appropriate to be fixed for
stretch. I'm happy to prepare a corrected candidate. However, if too
many bugs remain unfixed, I'd rather vote for a removal from stretch,
than shipping something that breaks after an upgrade.

I commented the portions of the diff in the attached debdiff, in
relation to the changelog item added (patch can still apply the diff).
To simplify discussion via email, here's a copy of the proposed changes:

item 1: Fix Debian patch 0012-Define-and-use-PEMFILE-in-mkesmtpdcert.patch:
   do not invoke 'install -b' twice from mkesmtpdcert, eliminating
   unnecessary backup files not cleaned up by purge. Closes: #847348.

item 2: Add patch 0026-Fix-TLS-verification-for-CNAMEs.patch:
   correct TLS verification when DNS answers with CNAMEs.
   Closes: #860762.

item 3: Systemd service files: Correct delimiter of dependencies.
   Closes: #860765. (comma replaced by space)

item 4: Fix init scripts: Add proper PIDFILE declarations to init scripts.
   Replace status_of_proc with a more direct call to pidofproc and
   simplify the courier and courierfilter init scripts. Closes: #860777.

(Note that "simplify" is a bit of an understatement, here. Those init
scripts didn't actually work, before. Same applies to the replacement of
status_of_proc change.)

item 5: Take over the package. Closes #848978.

I know this is quite a bunch. And a late one. Please indicate if an
unblock of courier-0.76.3-5 is still feasible, if you like me to adjust
it or if you prefer to removed courier from stretch, instead. Thank you.

Kind Regards

Markus Wanner
#
# All of the changed documented in the changelog.
#
diff -Nru courier-0.76.3/debian/changelog courier-0.76.3/debian/changelog
--- courier-0.76.3/debian/changelog 2016-12-21 15:03:32.0 +0100
+++ courier-0.76.3/debian/changelog 2017-03-27 21:01:13.0 +0200
@@ -1,3 +1,19 @@
+courier (0.76.3-5) UNRELEASED; urgency=medium
+
+  * Fix Debian patch 0012-Define-and-use-PEMFILE-in-mkesmtpdcert.patch:
+do not invoke 'install -b' twice from mkesmtpdcert, eliminating
+backup files not cleaned up by purge. Closes: #847348.
+  * Add patch 0026-Fix-TLS-verification-for-CNAMEs.patch: correct TLS
+verification when DNS answers with CNAMEs. Closes: #860762.
+  * Systemd service files: Correct delimiter of dependencies.
+Closes: #860765.
+  * Fix init scripts: Add proper PIDFILE declarations to init scripts.
+Replace status_of_proc with a more direct call to pidofproc and
+simplify the courier and courierfilter init scripts. Closes: #860777.
+  * Take over the package. Closes: #848978.
+
+ -- Markus Wanner   Wed, 19 Apr 2017 21:27:14 +0200
+
 courier (0.76.3-4) unstable; urgency=medium
 
   * Orphan the package.
#
# item 1: Fix Debian patch 0012-Define-and-use-PEMFILE-in-mkesmtpdcert.patch:
#do not invoke 'install -b' twice from mkesmtpdcert, eliminating
#unnecessary backup files not cleaned up by purge. Closes: #847348.
#
diff -Nru 
courier-0.76.3/debian/patches/0012-Define-and-use-PEMFILE-in-mkesmtpdcert.patch 
courier-0.76.3/debian/patches/0012-Define-and-use-PEMFILE-in-mkesmtpdcert.patch
--- 
courier-0.76.3/debian/patches/0012-Define-and-use-PEMFILE-in-mkesmtpdcert.patch 
2016-12-21 15:03:32.0 +0100
+++ 
courier-0.76.3/debian/patche

Re: [debian-mysql] Fixing the jessie->stretch upgrade path

[Norvald H. Ryeng]

On Fri, 12 May 2017 11:26:13 +0200
Ondřej Surý  wrote:

> Dear release team and fellow MySQL/MariaDB maintainers,
> 
> the situation in stretch in regards to clean upgrade path from jessie
> is a little bit unfortunate. It works for most cases when something
> depends on default-mysql-server and pulls it as a dependency. But in
> situations where mysql-server was the top dependency, it simply
> uninstalls mysql-server-5.5 without any replacement.
> 
> I understand the reasons why we are here, but the situation where user
> needs to do:
> apt-get update
> # apt-get upgrade
> apt-get install default-mysql-server
> apt-get dist-upgrade
> 
> is very inconvenient for the users and I foresee this will cause a lot
> of complaints, because it's quite common to run just "mysql-server" on
> the server.
> 
> Therefore I am proposing a one time fix specifically targeted at
> stretch. I would like to prepare 'mysql-transitional' package that
> will create a couple of dummy/transitional packages structured like
> this:
> 
> mysql-server depends on default-mysql-server
> mysql-client depends on default-mysql-client
> 
> The version would be 5.5.999+mariadb, so it is always higher than
> version in jessie, but always lower than version in sid, as I don't
> want force epoch on mysql-5.7.

I agree that this will work for stretch.

You say it's a one time fix, but I'm a bit concerned about what
happens after this fix, when those packages are provided by MySQL. Let's
think through what will happen in buster. There are three options:

1) Buster contains only MariaDB. Will these packages also be in buster?

2) Buster contains both MySQL and MariaDB. MariaDB is default. The
mysql-server and mysql-clienpackages are provided by MySQL

Bug#862414: jessie-pu: package ed/1.10-2.1~deb8u1

[Adrian Bunk]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

The only patch in the package (that was previously not applied)
is the following to fix "ed: ships /usr/share/info/dir.gz on arm64":

--- ed~/Makefile.in 2013-05-05 12:43:38.0 +0200
+++ ed/Makefile.in  2013-05-05 13:44:02.841303992 +0200
@@ -57,7 +57,7 @@
 check : all
@$(VPATH)/testsuite/check.sh $(VPATH)/testsuite $(pkgversion)
 
-install : install-bin install-info install-man
+install : install-bin install-man
 
 install-bin : all
if [ ! -d "$(DESTDIR)$(bindir)" ] ; then $(INSTALL_DIR) 
"$(DESTDIR)$(bindir)" ; fi



 changelog |   15 +++
 rules |3 +++
 2 files changed, 18 insertions(+)

diff -u ed-1.10/debian/changelog ed-1.10/debian/changelog
--- ed-1.10/debian/changelog
+++ ed-1.10/debian/changelog
@@ -1,3 +1,18 @@
+ed (1.10-2.1~deb8u1) jessie; urgency=medium
+
+  * Non-maintainer upload.
+  * Rebuild for jessie.
+
+ -- Adrian Bunk   Fri, 12 May 2017 16:17:58 +0300
+
+ed (1.10-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * debian/rules: add build-arch target to ensure patches
+get applied (Closes: #799702)
+
+ -- Jonathan Wiltshire   Sat, 20 Feb 2016 12:49:56 +
+
 ed (1.10-2) unstable; urgency=medium
 
   * enable DEB_BUILD_MAINT_OPTIONS = hardening=+all
diff -u ed-1.10/debian/rules ed-1.10/debian/rules
--- ed-1.10/debian/rules
+++ ed-1.10/debian/rules
@@ -22,6 +22,9 @@
 build: patch-stamp
dh build
 
+build-arch: patch-stamp
+   dh build
+
 clean: unpatch
dh clean
dh_clean Makefile config.status *.o ed red

Re: [debian-mysql] Fixing the jessie->stretch upgrade path

[Otto Kekäläinen]

Hello!

2017-05-12 12:26 GMT+03:00 Ondřej Surý :
> Therefore I am proposing a one time fix specifically targeted at
> stretch. I would like to prepare 'mysql-transitional' package that will
> create a couple of dummy/transitional packages structured like this:
>
> mysql-server depends on default-mysql-server
> mysql-client depends on default-mysql-client
>
> The version would be 5.5.999+mariadb, so it is always higher than
> version in jessie, but always lower than version in sid, as I don't want
> force epoch on mysql-5.7.


We did a lot of work last summer to have the default-mysql-* packages
etc but I can clearly see now the scenario where they fail to produce
a smooth upgrade experience. For users where the host is a DB server
only host, there is no package depending on default-mysql-server. And
stand-alone DB hosts are certainly no corner cases, so the suggestion
by Ondrej seems to be the right thing to do at this point.

Thanks Ondrej for working so responsibly on this! I've hade a very
busy period in March-May and it still continues.

- Otto

Bug#862243: unblock: linux/4.9.25-1

[Niels Thykier]

Salvatore Bonaccorso:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Hi
> 
> Please unblock package linux
> 

Ok with me, CC'ing KiBi for a d-i ack.

> The update includes stable releases 4.9.19 up to 4.9.25 with many
> improvements, bugfixes, security issues fixed. On top of the stable
> release the following additional changes were made:
> 
>>   [ Ben Hutchings ]
>>   * w1: Really enable W1_MASTER_GPIO as module (Closes: #858975)
>>   * debian/rules.real: Undefine $LANGUAGE, which can break debug symbols for
>> vDSOs (Closes: #859807)
>>   * Bump ABI to 3
>>   * [s390x] Set NR_CPUS=256 (Closes: #858731)
>>   * [x86] usbip: Increase USBIP_VHCI_NR_HCS to 8 and USBIP_VHCI_HC_PORTS to 
>> 31
>> (Closes: #859641)
>>   * [powerpc/powerpc64,ppc64*] target: Enable SCSI_IBMVSCSIS as module
>>   * cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores
>> (Closes: #859978)
>>   * udeb: Include all AHCI drivers in sata-modules (Closes: #860335)
>>   * [powerpc/powerpc64,ppc64] Set NR_CPUS=2048, matching ppc64el
>>   * [powerpc*/*64*] Enable CPUMASK_OFFSTACK to reduce stack usage
>>   * [mips*el/loongson-3] Set NR_CPUS=16 to allow for Loongson 3B2000
>>   * [mips*/octeon] Set NR_CPUS=64 to allow for Cavium CN7890
>>   * [arm64] Set NR_CPUS=256 to allow for multi-SoC systems (Closes: #861209)
>>   * [powerpc/powerpc-smp,powerpcspe] Explicitly set NR_CPUS=4
>>   * Move debug symbols back to the main archive, to avoid problems with the
>> current handling in dak
>>   * linux-image: Disable signing until it's supported in dak
>>   * [rt] Update to 4.9.20-rt16:
>> - rtmutex: Make lock_killable work
>> - rtmutex: Provide rt_mutex_lock_state()
>> - rtmutex: Provide locked slowpath
>> - rwsem/rt: Lift single reader restriction
>>   * PCI: Enable PCIE_PTM (except on armel/marvell)
>>   * 6lowpan: Enable Generic Header Compression modules
>>   * net/sched: Enable NET_ACT_SKBMOD as module
>>   * ethernet: Enable NFP_NETVF as module
>>   * net/phy: Enable MICROSEMI_PHY as module
>>   * input/tablet: Enable TABLET_USB_PEGASUS as module
>>   * [x86] input/touchscreen: Enable TOUCHSCREEN_SURFACE3_SPI as module
>>   * serial/8250: Enable SERIAL_8250_MOXA as module
>>   * [x86] gpio: Enable GPIO_AMDPT as module
>>   * [x86] thermal: Enable INT3406_THERMAL as module
>>   * watchdog: Enable WATCHDOG_SYSFS
>>   * integrity: Enable IMA, IMA_DEFAULT_HASH_SHA256, IMA_APPRAISE,
>> IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY, IMA_BLACKLIST_KEYRING
>> (except on armel/marvell) (Closes: #788290)
>>   * media: Enable VIDEO_TW5864, VIDEO_TW686X as modules
>>   * [x86] amdgpu,sound/soc: Enable DRM_AMD_ACP; enable SND_SOC_AMD_ACP as 
>> module
>>   * hda: Set SND_HDA_PREALLOC_SIZE=2048 as recommended for PulseAudio
>>   * HID: Enable HID_SENSOR_CUSTOM_SENSOR as module
>>   * leds,USB: Enable USB_LEDS_TRIGGER_USBPORT as module
>>   * usbip: Enable USBIP_VUDC as module
>>   * USB/misc: Enable UCSI as module
>>   * leds: Enable LEDS_TRIGGER_DISK, LEDS_TRIGGER_MTD, LEDS_TRIGGER_PANIC
>>   * IB: Enable INFINIBAND_HFI1, INFINIBAND_I40IW, INFINIBAND_QEDR, RDMA_RXE
>> as modules
>>   * [amd64] EDAC: Enable EDAC_SKX as module
>>   * [x86] comedi: Enable COMEDI_ADV_PCI1720, COMEDI_ADV_PCI1760 as modules
>>   * [x86] platform: Enable INTEL_HID_EVENT as module
>>   * [x86] hwtracing: Enable INTEL_TH, INTEL_TH_PCI, INTEL_TH_GTH, 
>> INTEL_TH_MSU,
>> INTEL_TH_PTI as modules
>>   * [rt] tracing: Enable HWLAT_TRACER
>>   * [x86] crypto: Enable CRYPTO_DEV_QAT_C3XXX, CRYPTO_DEV_QAT_C62X,
>> CRYPTO_DEV_QAT_C3XXXVF, CRYPTO_DEV_QAT_C62XVF as modules
>>   * crypto: Enable CRYPTO_DEV_CHELSIO as module
>>   * [arm64] Enable ARMV8_DEPRECATED, SWP_EMULATION, CP15_BARRIER_EMULATION,
>> SETEND_EMULATION (Closes: #861384)
>>   * udeb: Add tifm_7xx1 to mmc-modules (Closes: #861195)
>>   * leds: Enable LEDS_GPIO as module for all configurations with GPIOs
>> (Closes: #860569)
>>   * selinux: Set SECURITY_SELINUX_CHECKREQPROT_VALUE=0, per default.
>> This may break some old applications if SELinux is enabled, and can be
>> reverted using the kernel parameter: checkreqprot=1
>>   * udeb: Move mfd-core to kernel-image, as both input-modules and
>> mmc-modules need it
>>   * crypto: Change CRYPTO_SHA256 from module to built-in, as required by IMA
>> .
>>   [ Salvatore Bonaccorso ]
>>   * ping: implement proper locking (CVE-2017-2671)
>>   * macsec: avoid heap overflow in skb_to_sgvec (CVE-2017-7477)
>>   * macsec: dynamically allocate space for sglist
>>   * nfsd: check for oversized NFSv2/v3 arguments (CVE-2017-7645)
>>   * nfsd4: minor NFSv2/v3 write decoding cleanup
>>   * nfsd: stricter decoding of write-like NFSv2/v3 ops (CVE-2017-7895)
>> .
>>   [ Aurelien Jarno ]
>>   * [mips*/octeon] Drop obsolete patch adding support for the UBNT E200
>> board.
>>   * [mips*el/loongson-3] Disable PAGE_EXTENSION and PAGE_POI

Bug#862410: unblock: mysql-transitional/5.5.9999+default

[Ondřej Surý]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package mysql-transitional

Dear release team,

as agreed upon in <7f872a85-0d08-6bd1-f731-52e26a769...@thykier.net>
the MySQL packaging team needs to upload src:mysql-transitional
directly into stretch to fix the smooth upgrade issues.

This goes hand in hand with mariadb-10.1_10.1.23-7 update, but I'll
update the existing unblock bug separately.

unblock mysql-transitional/5.5.+default

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 
'experimental')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.4.0-67-generic (SMP w/24 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#862407: marked as done (unblock: epiphany-browser/3.22.7-1)

[Debian Bug Tracking System]

Your message dated Fri, 12 May 2017 12:35:00 +
with message-id 
and subject line Re: Bug#862407: unblock: epiphany-browser/3.22.7-1
has caused the Debian Bug report #862407,
regarding unblock: epiphany-browser/3.22.7-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862407: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862407
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package epiphany-browser

3.22.7 is the latest bugfix release in the stable 3.22 series and is
highly recommended by the Epiphany developers for distros that ship
epiphany 3.22. (It is included in Ubuntu 16.10, Fedora 25, etc.).
According to the NEWS file, this version fixes a crash, memory
corruption issues, and critical warnings.

The Debian Developer who uploaded this version supports my filing an
unblock request for it.

https://git.gnome.org/browse/epiphany/log/?h=gnome-3-22

unblock epiphany-browser/3.22.7-1

Thanks,
Jeremy Bicha


epiphany-browser_3.22.7-1.debdiff
Description: Binary data
--- End Message ---
--- Begin Message ---
Jeremy Bicha:
> Package: release.debian.org
> User: release.debian@packages.debian.org
> Usertags: unblock
> Severity: normal
> 
> Please unblock package epiphany-browser
> 
> 3.22.7 is the latest bugfix release in the stable 3.22 series and is
> highly recommended by the Epiphany developers for distros that ship
> epiphany 3.22. (It is included in Ubuntu 16.10, Fedora 25, etc.).
> According to the NEWS file, this version fixes a crash, memory
> corruption issues, and critical warnings.
> 
> The Debian Developer who uploaded this version supports my filing an
> unblock request for it.
> 
> https://git.gnome.org/browse/epiphany/log/?h=gnome-3-22
> 
> unblock epiphany-browser/3.22.7-1
> 
> Thanks,
> Jeremy Bicha
> 

Unblocked, thanks.

~Niels--- End Message ---

Bug#862215: marked as done (unblock: reprotest/0.6.2)

[Debian Bug Tracking System]

Your message dated Fri, 12 May 2017 12:22:00 +
with message-id 
and subject line Re: Bug#862215: unblock: reprotest/0.6.2
has caused the Debian Bug report #862215,
regarding unblock: reprotest/0.6.2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862215: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862215
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package reprotest

I made an important cosmetic bugfix, and added some more documentation on usage
and known bugs. We also added signing keys to verify future releases with.

unblock reprotest/0.6.2

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (300, 'unstable'), (200, 'experimental'), (1, 
'experimental-debug')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Ximin Luo:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package reprotest
> 
> I made an important cosmetic bugfix, and added some more documentation on 
> usage
> and known bugs. We also added signing keys to verify future releases with.
> 
> unblock reprotest/0.6.2
> [...]

Unblocked, thanks.

~Niels--- End Message ---

Bug#862187: marked as done (unblock: autopkgtest/4.4)

[Debian Bug Tracking System]

Your message dated Fri, 12 May 2017 12:18:00 +
with message-id <22d4908c-24c5-0686-8b48-c77ec4cb8...@thykier.net>
and subject line Re: Bug#862187: unblock: autopkgtest/4.4
has caused the Debian Bug report #862187,
regarding unblock: autopkgtest/4.4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862187: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862187
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hello release team,

Please consider autopkgtest 4.4 [1] for Jessie. It contains mostly bug fixes
and one small new feature which doesn't affect Debian. IMHO it's low risk as
(1) it's not a package that users usually have installed, it's a developer
CI/QA tool, and (2) it has quite an extensive testsuite (including an
autopkgtest that autopkgtests itself ☺).

I attach the complete debdiff and do some changelog risk annotation here.

| autopkgtest (4.4) unstable; urgency=medium
| 
|   [ Martin Pitt ]
|   * doc/README.package-tests.rst: Document network access (Closes: #851556)

Documentation only, no risk.

|   * qemu: Robustify ssh port locks.
| Stop assuming that /run/lock is user-writable (it is not in non-Debian
| systems). Instead create the lock file in /tmp and use 'x' to avoid
| /tmp file races.

Does affect Debian as it changes existing behaviour, but I've tested that quite
extensively. Note that we don't use the QEMU runner in production on ci.d.n.

|   * tests/autopkgtest: Fix crashes when running on non-apt system

No runtime impact, self-tests only.

|   * Fix candidate version detection for packages containing regexp operators
| '+' and '.' are valid characters in a Debian package name. Escape them
| in the call to apt-cache policy so that we get what we want to know.
| (Closes: #855954)

This is an important fix that I'd like to get into stretch to fix testing
packages with particular names when using apt pinning.

|   [ Iain Lane ]
|   * Fix build_source to work if "Package-List" is the last line in the apt
| output (Closes: #851899)

Corner case, but low risk fix and covered by several tests.

|   * autopkgtest-virt-lxd: Check uptime for reboot waiting. (LP: #1654025)

lxd is not in Debian, thus very little risk. This change has been in Ubuntu's
production CI for several months now.

|   * Add a debug-fail hook and implement it for autopkgtest-virt-ssh.
| At the minute, this is mainly so that the nova script can have its
| failure information (`nova console-log') propagated up to the output, so
| that in the case of kernel panics or other random failures we get useful
| output that the driver of autopkgtest (e.g. autopkgtest-cloud) can look
| at. (LP: #1630578)

Somewhat intrusive, but again this change has been in Ubuntu's production CI
for several months now. We don't (yet) use this Openstack cloud instance
testing mode in Debian's CI.

|   * autopkgtest-build-lxd: Allow overriding the target release by setting
| RELEASE=. This will cause the container to be dist-upgraded to the new
| release. Useful for the very early stages of a release when the LXD
| images on images.linuxcontainers.org don't exist yet.

lxd is not in Debian, thus practically no risk.

|   [ Barry Warsaw ]
|   * Pass Dpkg::Options::=--force-confnew to apt-get install.
| This avoids dpkg from prompting for conffile installation when you always
| want the new conffile in the testbed anyway. (Closes: #852475)

This is another important bug fix which screws up some tests completely.

Thanks,

Pitti

unblock autopkgtest/4.4

[1] https://tracker.debian.org/news/844681
diff --git a/debian/changelog b/debian/changelog
index 03bc2c0..7435939 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,39 @@
+autopkgtest (4.4) unstable; urgency=medium
+
+  [ Martin Pitt ]
+  * doc/README.package-tests.rst: Document network access (Closes: #851556)
+  * qemu: Robustify ssh port locks.
+Stop assuming that /run/lock is user-writable (it is not in non-Debian
+systems). Instead create the lock file in /tmp and use 'x' to avoid
+/tmp file races.
+  * tests/autopkgtest: Fix crashes when running on non-apt system
+  * Fix candidate version detection for packages containing regexp operators
+'+' and '.' are valid characters in a Debian package name. Escape them
+in the call to apt-cache policy so that we get what we want to know.
+(Closes: #855954)
+
+  [ Iain Lane ]
+  * Fix build_source to work if "Package-Lis

Bug#862186: unblock: cryptsetup/2:1.7.3-4

[Niels Thykier]

Guilhem Moulin:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Hi there,
> 
> cryptsetup/2:1.7.3-4 closes RC bug #861074.  Quoting myself from Message
> #15,
> 
> initramfs-tools 0.130 landed into testing on May 1st, and as of
> 2:1.7.3-3 the cryptroot hook doesn't detect resume devices with the
> new logic from initramfs-tools >=0.129:
> 
>   * setting RESUME under in an initramfs-tools configuration file
> other than /etc/initramfs-tools/conf.d/resume isn't supported
>   * setting RESUME=none yields a (harmless) warning
>   * setting RESUME=auto (or leaving the variable undefined) might
> result into an unresumable device: the initrd is then configured
> to resume from the largest swap partition, which might not be
> unlocked in time
> 
> 2:1.7.3-4 also closes #861802 (license mismatch) as well as #847620
> (drop obsolete update-rc.d parameters).  Debdiff attached.
> 
> Thanks for considering its inclusion in Stretch!
> Cheers,
> 

Ack from here, CC'ing KiBi for a d-i ack.

Thanks,
~Niels

Bug#860265: marked as done ((pre-approval) unblock: apt-cacher-ng/2-2)

[Debian Bug Tracking System]

Your message dated Fri, 12 May 2017 12:05:00 +
with message-id 
and subject line Re: Bug#860265: (pre-approval) unblock: apt-cacher-ng/2-2
has caused the Debian Bug report #860265,
regarding (pre-approval) unblock: apt-cacher-ng/2-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860265: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860265
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please approve the upload of new version of apt-cacher-ng. See #860243
for details. Here is a minimum viable patch included below.

This is made under protest because I still consider the "reasons" for
rejecting #860243 specious and unfair. But anyhow, this changeset should
do the job for a (short) while.

unblock apt-cacher-ng/2-2

diff -Nru apt-cacher-ng-2/debian/changelog apt-cacher-ng-2/debian/changelog
--- apt-cacher-ng-2/debian/changelog2016-11-22 21:39:43.0 +0100
+++ apt-cacher-ng-2/debian/changelog2017-04-13 18:11:17.0 +0200
@@ -1,3 +1,17 @@
+apt-cacher-ng (2-2) testing; urgency=high
+
+  * Special version only for Debian Stretch, solving moderate security issues:
++ hardening against HTTP header splitting attack (no user input printed in
+  the HTTP headers anymore; backport from Sid, related to CVE-2017-7443)
++ hardening against unintended or malicious triggering of hidden space
+  allocation, by disabling the fallocate completely. This is ultima ratio,
+  trading code simplicity for fragmentation avoiding efforts; a smarter
+  solution is found in upstream version 3; closes: #856635)
++ handle a corner case of bad TLS handshake with invalid certificate
+  (related to #839751)
+
+ -- Eduard Bloch   Thu, 13 Apr 2017 18:11:17 +0200
+
 apt-cacher-ng (2-1) unstable; urgency=low
 
   * New upstream version
diff -Nru apt-cacher-ng-2/debian/patches/debian-changes 
apt-cacher-ng-2/debian/patches/debian-changes
--- apt-cacher-ng-2/debian/patches/debian-changes   1970-01-01 
01:00:00.0 +0100
+++ apt-cacher-ng-2/debian/patches/debian-changes   2017-04-13 
18:11:17.0 +0200
@@ -0,0 +1,81 @@
+Description: 
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ apt-cacher-ng (2-2) testing; urgency=high
+ .
+   * Special version only for Debian Stretch, solving moderate security issues:
+ + hardening against HTTP header splitting attack (no user input printed in
+   the HTTP headers anymore; backport from Sid, related to CVE-2017-7443)
+ + hardening against unintended or malicious triggering of hidden space
+   allocation, by disabling the fallocate completely. This is ultima ratio,
+   trading code simplicity for fragmentation avoiding efforts; a smarter
+   solution is found in upstream version 3; closes: #856635)
+ + handle a corner case of bad TLS handshake with invalid certificate
+   (related to #839751)
+Author: Eduard Bloch 
+Bug-Debian: https://bugs.debian.org/856635
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: , 
+Bug: 
+Bug-Debian: https://bugs.debian.org/
+Bug-Ubuntu: https://launchpad.net/bugs/
+Forwarded: 
+Reviewed-By: 
+Last-Update: 2017-04-13
+
+--- apt-cacher-ng-2.orig/source/fileio.cc
 apt-cacher-ng-2/source/fileio.cc
+@@ -17,7 +17,7 @@ using namespace std;
+ namespace acng
+ {
+ 
+-#ifdef HAVE_LINUX_FALLOCATE
++#ifdef DISABLED_FOR_NOW
+ 
+ int falloc_helper(int fd, off_t start, off_t len)
+ {
+--- apt-cacher-ng-2.orig/source/job.cc
 apt-cacher-ng-2/source/job.cc
+@@ -712,9 +712,7 @@ report_overload:
+ return ;
+ 
+ report_notallowed:
+-  SetErrorResponse((tSS() << "403 Forbidden file type or location: " << 
sReqPath).c_str(),
+-  nullptr, "403 Forbidden file type or location");
+-//USRDBG( sRawUriPath + " -- ACCESS FORBIDDEN");
++  SetErrorResponse("403 Forbidden file type or location");
+ return ;
+ 
+ report_offlineconf:
+--- apt-cacher-ng-2.orig/source/tcpconnect.cc
 apt-cacher-ng-2/source/tcpconnect.cc
+@@ -585,11 +585,19 @@ bool tcpconnect::SSLinit(mstring &sErr,
+ 

Re: [debian-mysql] Fixing the jessie->stretch upgrade path

[Ondřej Surý]

On Fri, May 12, 2017, at 13:31, Norvald H. Ryeng wrote:
> On Fri, 12 May 2017 11:26:13 +0200
> Ondřej Surý  wrote:
> 
> > Dear release team and fellow MySQL/MariaDB maintainers,
> > 
> > the situation in stretch in regards to clean upgrade path from jessie
> > is a little bit unfortunate. It works for most cases when something
> > depends on default-mysql-server and pulls it as a dependency. But in
> > situations where mysql-server was the top dependency, it simply
> > uninstalls mysql-server-5.5 without any replacement.
> > 
> > I understand the reasons why we are here, but the situation where user
> > needs to do:
> > apt-get update
> > # apt-get upgrade
> > apt-get install default-mysql-server
> > apt-get dist-upgrade
> > 
> > is very inconvenient for the users and I foresee this will cause a lot
> > of complaints, because it's quite common to run just "mysql-server" on
> > the server.
> > 
> > Therefore I am proposing a one time fix specifically targeted at
> > stretch. I would like to prepare 'mysql-transitional' package that
> > will create a couple of dummy/transitional packages structured like
> > this:
> > 
> > mysql-server depends on default-mysql-server
> > mysql-client depends on default-mysql-client
> > 
> > The version would be 5.5.999+mariadb, so it is always higher than
> > version in jessie, but always lower than version in sid, as I don't
> > want force epoch on mysql-5.7.
> 
> I agree that this sounds like it will work for stretch, and it's much
> better than bumping epoch on mysql-5.7.
> 
> As you say, it's a one time fix, but I'm a bit concerned about what
> happens when those packages again are provided by MySQL. Let's think
> through what will happen in buster. There are three options:

And all of them would be easily solved by having the mariadb-server-10.X
and mariadb-client-10.X Conflicts with mysql-server and mysql-client.

> 1) Buster contains only MariaDB. Will these packages also be in buster?
> If not, what happens on upgrade from stretch to buster? Will we have
> the same problem again?

default-mysql-* will already be installed, it will pull new
mariadb-*-10.x packages and mysql-server/mysql-client will be removed.
Nothing must depend on mysql-server/mysql-client already, so those will
be just dangling packages ready to be removed.

> 2) Buster contains both MySQL and MariaDB. MariaDB is default. The
> mysql-server and mysql-client packages are provided by MySQL, but
> default-mysql-server and default-mysql-client point to MariaDB. How
> will the upgrade go? Some users have installed mysql-server or
> mysql-client explicitly, while others have installed a different
> package that depends on default-mysql-server or default-mysql-client.

I don't think this is going to happen, but if it does, we will have to
make MariaDB and MySQL coinstallable with each other, because the
packages might depend on specific flavour.

> 3) Buster contains both MySQL and MariaDB. MySQL is default. The
> mysql-server and mysql-client packages are provided by MySQL, and the
> default-mysql-server and default-mysql-client packages point to MySQL.
> I assume the dist-upgrade will move users back to MySQL, but will there
> be other problems?

Same as 2).

Cheers,
-- 
Ondřej Surý 
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu

Bug#861120: marked as done (pre-approval: security update of apt-cacher/1.7.13)

[Debian Bug Tracking System]

Your message dated Fri, 12 May 2017 12:03:00 +
with message-id 
and subject line Re: Bug#861120: pre-approval: security update of 
apt-cacher/1.7.13
has caused the Debian Bug report #861120,
regarding pre-approval: security update of apt-cacher/1.7.13
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
861120: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861120
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

As the maintainer of apt-cacher I would like to seek pre-approval for an update
to apt-cacher/1.7.13 in testing to fix a security issue.

CVE-2017-7443 identified a HTTP splitting security issue (#858739) in
apt-cacher. This was fixed in unstable with upload of version 1.7.15 on 25th
March with no regressions reported since. Targeted updates have already been
made to wheezy and approved for jessie (with upload pending).

apt-cacher 1.7.13 in testing is still vulnerable. I have packaged 1.7.13+debu9u1
with a targeted backport of the fix. I would like to seek pre-approval of upload
to testing.

The debdiff against 1.7.13 is:

Changes at debian/1.7.13
Modified   apt-cacher
diff --git a/apt-cacher b/apt-cacher
index 7dc1aa2..6100075 100755
--- a/apt-cacher
+++ b/apt-cacher
@@ -2095,8 +2095,8 @@ sub get_request {
$request->protocol($3||'HTTP/1.0');
 
clean_uri($request->uri);
-   if($request->uri =~ m#(?:^|/)\.{2}/#) { # Reject ../ or /../
-   sendrsp(HTTP::Response->new(403, 'Forbidden: Invalid 
URI ' . $request->uri));
+   if($request->uri =~ m#(?:^|/)\.{2}/|%0[ad]#i) { # Reject 
../, /../ or encoded new lines
+   sendrsp(HTTP::Response->new(403, 'Forbidden: Insecure 
URI ' . $request->uri));
return 1; # next REQUEST
}
return $request if $mode && $mode eq 'cgi'; # Not going to 
get anything else
Modified   debian/changelog
diff --git a/debian/changelog b/debian/changelog
index 1319f34..c3adcf6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+apt-cacher (1.7.13+deb9u1) stretch; urgency=medium
+
+  * Backport fix for CVE-2017-7443: Prevent HTTP response splitting with
+encoded newlines in request.  (closes: #858739)
+
+ -- Mark Hindley   Mon, 24 Apr 2017 19:38:26 +0100
+
 apt-cacher (1.7.13) unstable; urgency=medium
 
   * Bump Standards Version to 3.9.8 (no changes).


Thanks,

Mark

-- System Information:
Debian Release: 8.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Mark Hindley:
> Control: tags -moreinfo
> 
> On Tue, May 02, 2017 at 05:31:00AM +, Niels Thykier wrote:
>> Ack, please go ahead and remove the "moreinfo" tag once the upload has
>> been carried it out.
> 
> Thanks. Done.
> 
> Mark
> 

Approved, thanks.

~Niels--- End Message ---

Bug#862407: unblock: epiphany-browser/3.22.7-1

[Jeremy Bicha]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package epiphany-browser

3.22.7 is the latest bugfix release in the stable 3.22 series and is
highly recommended by the Epiphany developers for distros that ship
epiphany 3.22. (It is included in Ubuntu 16.10, Fedora 25, etc.).
According to the NEWS file, this version fixes a crash, memory
corruption issues, and critical warnings.

The Debian Developer who uploaded this version supports my filing an
unblock request for it.

https://git.gnome.org/browse/epiphany/log/?h=gnome-3-22

unblock epiphany-browser/3.22.7-1

Thanks,
Jeremy Bicha


epiphany-browser_3.22.7-1.debdiff
Description: Binary data

Bug#862295: unblock: v4l-utils/1.12.5-1

[Niels Thykier]

Control: tags -1 moreinfo

Gregor Jasny:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package v4l-utils
> 
> Hello,
> 
> please unblock the latest stable version of v4l-utils 1.12. It fixes
> a crash in the Digital Video Broadcasting (DVB) library that occurs
> when a German DVB-T2 transport stream is parsed. Additionally it fixes
> a bug where identical transport streams were not detected as such.
> 
> Thanks,
> Gregor
> 
> [...]
> diff -Nru v4l-utils-1.12.3/lib/include/libdvbv5/desc_t2_delivery.h 
> v4l-utils-1.12.5/lib/include/libdvbv5/desc_t2_delivery.h
> --- v4l-utils-1.12.3/lib/include/libdvbv5/desc_t2_delivery.h  2017-01-22 
> 18:33:34.0 +0100
> +++ v4l-utils-1.12.5/lib/include/libdvbv5/desc_t2_delivery.h  2017-05-10 
> 20:21:39.0 +0200
> @@ -45,10 +45,14 @@
>   *
>   * @param cell_id_extension  cell id extension
>   * @param transposer_frequency   transposer frequency
> + *
> + * NOTE: This struct is deprecated and will never be filled. All
> + * subcell transposer frequencies will be added to
> + * dvb_desc_t2_delivery::centre_frequency array.
>   */
>  struct dvb_desc_t2_delivery_subcell {
>   uint8_t cell_id_extension;
> - uint16_t transposer_frequency;
> + uint16_t transposer_frequency;  // Should be 32 bits, instead
>  } __attribute__((packed));
>  
>  /**
> @@ -65,7 +69,8 @@
>   * @param other_frequency_flag   other frequency flag
>   * @param tfs_flag   tfs flag
>   *
> - * @param centre_frequency   centre frequency vector
> + * @param centre_frequency   centre frequency vector, for all cell and
> + *   subcel ID's
>   * @param frequency_loop_length  size of the 
> dvb_desc_t2_delivery::centre_frequency
>   *   vector
>   *
> @@ -86,13 +91,15 @@
>   uint16_t transmission_mode:3;
>   uint16_t guard_interval:3;
>   uint16_t reserved:2;
> - uint16_t bandwidth:3;
> + uint16_t bandwidth:4;
>   uint16_t SISO_MISO:2;
>   } __attribute__((packed));

Doesn't this change break the ABI?

> [...]
> diff -Nru v4l-utils-1.12.3/lib/libdvbv5/descriptors/desc_t2_delivery.c 
> v4l-utils-1.12.5/lib/libdvbv5/descriptors/desc_t2_delivery.c
> --- v4l-utils-1.12.3/lib/libdvbv5/descriptors/desc_t2_delivery.c  
> 2017-01-22 18:33:34.0 +0100
> +++ v4l-utils-1.12.5/lib/libdvbv5/descriptors/desc_t2_delivery.c  
> 2017-05-10 20:21:39.0 +0200
> [...]
> @@ -40,53 +40,76 @@
> [...]
> + d->frequency_loop_length += n;
> + d->centre_frequency = realloc(d->centre_frequency,
^^

Smells very much like the common "realloc memory leak on error" bug
(Usually cppcheck can spot this kind of bug).  Not sure how long lived
that leak is, but fixing it might be faster than figuring it out.

> +   d->frequency_loop_length * 
> sizeof(*d->centre_frequency));
> + if (!d->centre_frequency) {
> + dvb_logerr("%s: out of memory", __func__);
> + return -3;
> + }
> [...]
> + // Add transposer_frequency at centre_frequency table
> + d->frequency_loop_length++;
> + d->centre_frequency = realloc(d->centre_frequency,


Same, except ...

> +   d->frequency_loop_length 
> * sizeof(*d->centre_frequency));
> + memcpy(&d->centre_frequency[pos], p, 
> sizeof(*d->centre_frequency));
   ^

No check for an error (inconsistent with the previous realloc of same field)

> [...]
> 
> unblock v4l-utils/1.12.5-1
> 
> [...]
> 

Please clarify the possible ABI breakage situation and resolve the above
issues.

Thanks,
~Niels

Processed: Re: Bug#862295: unblock: v4l-utils/1.12.5-1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 moreinfo
Bug #862295 [release.debian.org] unblock: v4l-utils/1.12.5-1
Added tag(s) moreinfo.

-- 
862295: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862295
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Re: [debian-mysql] Fixing the jessie->stretch upgrade path

[Norvald H. Ryeng]

On Fri, 12 May 2017 11:26:13 +0200
Ondřej Surý  wrote:

> Dear release team and fellow MySQL/MariaDB maintainers,
> 
> the situation in stretch in regards to clean upgrade path from jessie
> is a little bit unfortunate. It works for most cases when something
> depends on default-mysql-server and pulls it as a dependency. But in
> situations where mysql-server was the top dependency, it simply
> uninstalls mysql-server-5.5 without any replacement.
> 
> I understand the reasons why we are here, but the situation where user
> needs to do:
> apt-get update
> # apt-get upgrade
> apt-get install default-mysql-server
> apt-get dist-upgrade
> 
> is very inconvenient for the users and I foresee this will cause a lot
> of complaints, because it's quite common to run just "mysql-server" on
> the server.
> 
> Therefore I am proposing a one time fix specifically targeted at
> stretch. I would like to prepare 'mysql-transitional' package that
> will create a couple of dummy/transitional packages structured like
> this:
> 
> mysql-server depends on default-mysql-server
> mysql-client depends on default-mysql-client
> 
> The version would be 5.5.999+mariadb, so it is always higher than
> version in jessie, but always lower than version in sid, as I don't
> want force epoch on mysql-5.7.

I agree that this sounds like it will work for stretch, and it's much
better than bumping epoch on mysql-5.7.

As you say, it's a one time fix, but I'm a bit concerned about what
happens when those packages again are provided by MySQL. Let's think
through what will happen in buster. There are three options:

1) Buster contains only MariaDB. Will these packages also be in buster?
If not, what happens on upgrade from stretch to buster? Will we have
the same problem again?

2) Buster contains both MySQL and MariaDB. MariaDB is default. The
mysql-server and mysql-client packages are provided by MySQL, but
default-mysql-server and default-mysql-client point to MariaDB. How
will the upgrade go? Some users have installed mysql-server or
mysql-client explicitly, while others have installed a different
package that depends on default-mysql-server or default-mysql-client.

3) Buster contains both MySQL and MariaDB. MySQL is default. The
mysql-server and mysql-client packages are provided by MySQL, and the
default-mysql-server and default-mysql-client packages point to MySQL.
I assume the dist-upgrade will move users back to MySQL, but will there
be other problems?

We should think through these scenarios so that we're sure we're not
creating bigger problems for ourselves in the future.

Best regards,

Norvald H. Ryeng

Processed: RM: ears/1.0.1-2.1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 jessie
Bug #862406 [release.debian.org] RM: ears/1.0.1-2.1
Added tag(s) jessie.

-- 
862406: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862406
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#862406: RM: ears/1.0.1-2.1

[Adrian Bunk]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Control: tags -1 jessie

#786338 ears: broken since python-musicbrainz has been removed

I can reproduce that none of the commands works in jessie,
despite the dependency python-musicbrainz2 being installed.

It seems the #628475 "fix" changed the dependency from
python-musicbrainz to python-musicbrainz2 without any
conversion to make it also work with python-musicbrainz2.

Bug#862349: marked as done (unblock: kde4libs/4:4.14.26-2)

[Debian Bug Tracking System]

Your message dated Fri, 12 May 2017 11:44:00 +
with message-id <2d292cb8-c4a4-bb20-6456-74f460db3...@thykier.net>
and subject line Re: Bug#862349: unblock: kde4libs/4:4.14.26-2
has caused the Debian Bug report #862349,
regarding unblock: kde4libs/4:4.14.26-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862349: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862349
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

Since I had to upload kde4libs to address CVE-2017-8422 [2] I checked the 
pending 
upstream fixes and added these changes:
 + Apply "java: set names in permission dialog" (bf0bd72)
   This makes sure the reply from the user is used and sent back.
   Backport of 856a96852f566ed7eb855810e347f95003c25017 and
   bd4be07823e422fa15bf4273e0bb9df35b866e35 in khtml.
 + Apply "cmake: look for hunspell-1.6 as well" (c828f85)
   Fix build against hunspell 1.6
   -> This is needed for kde4 apps that use the FindHunspell provided by
   kde4libs, none in the archive afaik.
 + Apply "Sanitize URLs before passing them to FindProxyForURL" (1804c2f)
   Remove user/password information
   Backport from kio f9d0cb47cf94e209f6171ac0e8d774e68156a6e4
 + Apply "khtml: Delete pointer _before_ returning" (ff6a9a2)
   Fixup to commit 947ffe60 ("backport 02c3192 - Patch some memory leaks"),
   which backported part of the fix in the wrong order, as it was first
   returning and then deleting a pointer.
 + Apply "http slave: send error page after authorization failure" (b6f2022)
   BUG: KDE#373323
   Backport from KF5 kio
   -> This actually fixes #856890: CVE-2017-6410 [1], that was in my todo list,
   but I had forgotten about this when I was preparing the package.
 + Apply "Verify that whoever is calling us is actually who he says he is"
   (264e976)
   Fixes CVE-2017-8422 [2] in kde4libs

The is currently in unstable and it built correctly in all the architectures 
tracked by buildd.debian.org.

I'm attaching the corresponding debdiff.

Please unblock package kde4libs

Happy hacking,

unblock kde4libs/4:4.14.26-2

[1]: https://security-tracker.debian.org/tracker/CVE-2017-6410
[2]: https://security-tracker.debian.org/tracker/CVE-2017-8422
-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'testing'), (500, 'stable'), (50, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
diff -Nru kde4libs-4.14.26/debian/changelog kde4libs-4.14.26/debian/changelog
--- kde4libs-4.14.26/debian/changelog   2016-11-23 21:07:46.0 +0100
+++ kde4libs-4.14.26/debian/changelog   2017-05-10 16:24:00.0 +0200
@@ -1,3 +1,29 @@
+kde4libs (4:4.14.26-2) unstable; urgency=medium
+
+  * Apply "java: set names in permission dialog" (bf0bd72)
+This makes sure the reply from the user is used and sent back.
+Backport of 856a96852f566ed7eb855810e347f95003c25017 and
+bd4be07823e422fa15bf4273e0bb9df35b866e35 in khtml.
+  * Apply "cmake: look for hunspell-1.6 as well" (c828f85)
+Fix build against hunspell 1.6
+  * Apply "Sanitize URLs before passing them to FindProxyForURL" (1804c2f)
+Remove user/password information
+For https: remove path and query
+Backport from kio f9d0cb47cf94e209f6171ac0e8d774e68156a6e4
+  * Apply "khtml: Delete pointer _before_ returning" (ff6a9a2)
+Fixup to commit 947ffe60 ("backport 02c3192 - Patch some memory leaks"),
+which backported part of the fix in the wrong order, as it was first
+returning and then deleting a pointer.
+Noticed by Matthew Rezny .
+  * Apply "http slave: send error page after authorization failure" (b6f2022)
+BUG: KDE#373323
+Backport from KF5 kio
+  * Apply "Verify that whoever is calling us is actually who he says he is"
+(264e976)
+Fixes CVE-2017-8422 in kde4libs
+
+ -- Maximiliano Curia   Wed, 10 May 2017 16:24:00 +0200
+
 kde4libs (4:4.14.26-1) unstable; urgency=medium
 
   [ Automatic packaging ]
diff -Nru kde4libs-4.14.26/debian/patches/add_debian_build_type.diff 
kde4libs-4.14.26/debian/patches/add_debian_build_type.diff
--- kde4libs-4.14.26/debian/patches/add_debian_build_type.diff  2016-11-23 
21:07:46.0 +0100
+++ kde4libs-4.14.26/debian/patches/add_d

Bug#862347: marked as done (unblock: kauth/5.28.0-2)

[Debian Bug Tracking System]

Your message dated Fri, 12 May 2017 11:41:00 +
with message-id 
and subject line Re: Bug#862347: unblock: kauth/5.28.0-2
has caused the Debian Bug report #862347,
regarding unblock: kauth/5.28.0-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862347: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862347
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team

kauth has recently received CVE-2017-8422 [1]. I have already uploaded the 
patched version to unstable and it built fine in all the architectures.

I'm attaching the corresponding debdiff.

Please unblock package kauth

Regards,

[1]: https://security-tracker.debian.org/tracker/CVE-2017-8422

unblock kauth/5.28.0-2

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'testing'), (500, 'stable'), (50, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
diff -Nru kauth-5.28.0/debian/changelog kauth-5.28.0/debian/changelog
--- kauth-5.28.0/debian/changelog   2016-11-18 16:03:28.0 +0100
+++ kauth-5.28.0/debian/changelog   2017-05-10 15:03:15.0 +0200
@@ -1,3 +1,13 @@
+kauth (5.28.0-2) unstable; urgency=medium
+
+  * Drop applied patch: kauth_add_license
+  * Add new upstream patch:
+Verify-that-whoever-is-calling-us-is-actually-who-he-says.patch.
+Fixes CVE-2017-8422 in kauth
+  * Update symbols files.
+
+ -- Maximiliano Curia   Wed, 10 May 2017 15:03:15 +0200
+
 kauth (5.28.0-1) unstable; urgency=medium
 
   [ Automatic packaging ]
diff -Nru kauth-5.28.0/debian/libkf5auth5.symbols 
kauth-5.28.0/debian/libkf5auth5.symbols
--- kauth-5.28.0/debian/libkf5auth5.symbols 2016-11-18 16:03:28.0 
+0100
+++ kauth-5.28.0/debian/libkf5auth5.symbols 2017-05-10 15:03:15.0 
+0200
@@ -1,4 +1,4 @@
-# SymbolsHelper-Confirmed: 5.27.0 alpha amd64 arm64 armel armhf hppa hurd-i386 
i386 m68k mips mips64el mipsel powerpc powerpcspe ppc64 ppc64el s390x sparc64 
x32
+# SymbolsHelper-Confirmed: 5.28.0 amd64
 kauth_backend_plugin.so libkf5auth5 #MINVER#
  qt_plugin_instance@Base 5.0.0
  qt_plugin_query_metadata@Base 5.0.0
@@ -73,6 +73,7 @@
  _ZN5KAuth6Action11setHelperIdERK7QString@Base 4.96.0
  _ZN5KAuth6Action12setArgumentsERK4QMapI7QString8QVariantE@Base 4.96.0
  _ZN5KAuth6Action15setParentWidgetEP7QWidget@Base 4.96.0
+ _ZN5KAuth6Action16staticMetaObjectE@Base 5.28.0
  _ZN5KAuth6Action7executeENS0_13ExecutionModeE@Base 4.96.0
  _ZN5KAuth6Action7setNameERK7QString@Base 4.96.0
  _ZN5KAuth6ActionC1ERK7QString@Base 4.96.0
diff -Nru kauth-5.28.0/debian/patches/kauth_add_license 
kauth-5.28.0/debian/patches/kauth_add_license
--- kauth-5.28.0/debian/patches/kauth_add_license   2016-11-18 
16:03:28.0 +0100
+++ kauth-5.28.0/debian/patches/kauth_add_license   1970-01-01 
01:00:00.0 +0100
@@ -1,52 +0,0 @@
-From: Debian/Kubuntu Qt/KDE Maintainers 
-Date: Sun, 15 May 2016 14:44:11 +0200
-Subject: kauth_add_license
-
-commit 748e9dc14325ca50dbd2789824acf888a85dc049
-Author: Maximiliano Curia 
-Date:   Fri Mar 20 13:59:59 2015 +0100
-
-Add missing license
-
-The cmake files:
-cmake/FindPolkitQt.cmake
-cmake/KF5AuthMacros.cmake
-cmake/FindPolkitQt-1.cmake
-claim:
-Redistribution and use is allowed according to the terms of the BSD 
license.
-For details see the accompanying COPYING-CMAKE-SCRIPTS file.
-
-So we need to distribute the COPYING-CMAKE-SCRIPTS file with this package.

- COPYING-CMAKE-SCRIPTS | 22 ++
- 1 file changed, 22 insertions(+)
- create mode 100644 COPYING-CMAKE-SCRIPTS
-
-diff --git a/COPYING-CMAKE-SCRIPTS b/COPYING-CMAKE-SCRIPTS
-new file mode 100644
-index 000..53b6b71
 /dev/null
-+++ b/COPYING-CMAKE-SCRIPTS
-@@ -0,0 +1,22 @@
-+Redistribution and use in source and binary forms, with or without
-+modification, are permitted provided that the following conditions
-+are met:
-+
-+1. Redistributions of source code must retain the copyright
-+   notice, this list of conditions and the following disclaimer.
-+2. Redistributions in binary form must reproduce the copyright
-+   notice, this list of conditions and the following disclaimer in the
-+   documentation and/o

Bug#862356: marked as done (unblock: partclone/0.2.89-4)

[Debian Bug Tracking System]

Your message dated Fri, 12 May 2017 11:34:00 +
with message-id <12f2bd46-8309-6642-2cad-06755b15d...@thykier.net>
and subject line Re: Bug#862356: unblock: partclone/0.2.89-4
has caused the Debian Bug report #862356,
regarding unblock: partclone/0.2.89-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862356: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862356
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package partclone

According to Nicholas Steeve, partclone.xfs is not experimental and is worth
enabling for Stretch. So he
raised bug #830535, which is well motivated. I agree
with his point of view: missing the support of XFS,
for partclone in Stretch would be a pity.

This support was disabled in the past, at a time when
upstream sources could not be built for Debian due to
stronger consistency required for dependencies. Now the
package, with XFS support re-enabled can be compiled
seamlessly in debian/sid.

-8<--- source debdiff -
$ LC_ALL=C debdiff partclone_0.2.89-3.dsc partclone_0.2.89-4.dsc
diff -Nru partclone-0.2.89/debian/changelog partclone-0.2.89/debian/changelog
--- partclone-0.2.89/debian/changelog   2017-04-06 20:41:56.0 +0200
+++ partclone-0.2.89/debian/changelog   2017-05-11 19:01:09.0 +0200
@@ -1,3 +1,9 @@
+partclone (0.2.89-4) unstable; urgency=medium
+
+  * enabled the support for XFS back. Closes: #830535
+
+ -- Georges Khaznadar   Thu, 11 May 2017 19:01:09 +0200
+
 partclone (0.2.89-3) unstable; urgency=medium

   *  backported some code from the last version. Closes: #857966
(CVE-2017-6596)
diff -Nru partclone-0.2.89/debian/patches/remove-some-fs-support.patch
partclone-0.2.89/debian/patches/remove-some-fs-support.patch
--- partclone-0.2.89/debian/patches/remove-some-fs-support.patch
2016-11-13 12:44:41.0 +0100
+++ partclone-0.2.89/debian/patches/remove-some-fs-support.patch
2017-05-11 19:00:06.0 +0200
@@ -2,12 +2,9 @@
 ===
 --- partclone-0.2.89.orig/configure.ac
 +++ partclone-0.2.89/configure.ac
-@@ -24,17 +24,17 @@ AC_ARG_ENABLE(all,
- )
- AM_CONDITIONAL(ENABLE_ALL, test "$enable_all" = yes)
+@@ -26,15 +26,15 @@ AM_CONDITIONAL(ENABLE_ALL, test "$enable
  if test "$enable_all" = "yes"; then
--enable_xfs="yes"
-+#enable_xfs="yes"
+ enable_xfs="yes"
  enable_extfs="yes"
 -enable_reiserfs="yes"
 +#enable_reiserfs="yes"
---8<-

unblock partclone/0.2.89-4

-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (500, 'stable'), (499, 'testing')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
--- End Message ---
--- Begin Message ---
Georges Khaznadar:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package partclone
> 
> [...]
> 
> unblock partclone/0.2.89-4
> 
> [...]

Unblocked, thanks.

~Niels--- End Message ---

Bug#862345: marked as done (unblock: lokalize/4:16.08.3-3)

[Debian Bug Tracking System]

Your message dated Fri, 12 May 2017 11:38:00 +
with message-id <88dd393f-e271-4bbb-92f4-b0c5fbd4a...@thykier.net>
and subject line Re: Bug#862345: unblock: lokalize/4:16.08.3-3
has caused the Debian Bug report #862345,
regarding unblock: lokalize/4:16.08.3-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862345: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862345
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

I recently uploaded lokalize 4:16.08.3-3 in order to fix #862163, which is 
needed for the hunspell transition. I'm attaching the corresponding debdiff.

Please unblock package lokalize

Happy hacking,

unblock lokalize/4:16.08.3-3

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'testing'), (500, 'stable'), (50, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
diff -Nru lokalize-16.08.3/debian/changelog lokalize-16.08.3/debian/changelog
--- lokalize-16.08.3/debian/changelog   2017-02-10 16:51:19.0 +0100
+++ lokalize-16.08.3/debian/changelog   2017-05-11 11:45:17.0 +0200
@@ -1,3 +1,11 @@
+lokalize (4:16.08.3-3) unstable; urgency=medium
+
+  * Cherry-pick "cmake: look for hunspell-1.6 as well" (94c9b35)
+Thanks to Rene Engelhard for the report, the patch and the friendly ping
+(Closes: 862163)
+
+ -- Maximiliano Curia   Thu, 11 May 2017 11:45:17 +0200
+
 lokalize (4:16.08.3-2) unstable; urgency=medium
 
   * Add kinit runtime dependency.
diff -Nru 
lokalize-16.08.3/debian/patches/cmake-look-for-hunspell-1.6-as-well.patch 
lokalize-16.08.3/debian/patches/cmake-look-for-hunspell-1.6-as-well.patch
--- lokalize-16.08.3/debian/patches/cmake-look-for-hunspell-1.6-as-well.patch   
1970-01-01 01:00:00.0 +0100
+++ lokalize-16.08.3/debian/patches/cmake-look-for-hunspell-1.6-as-well.patch   
2017-05-11 11:45:17.0 +0200
@@ -0,0 +1,21 @@
+From: Pino Toscano 
+Date: Sat, 31 Dec 2016 12:12:07 +0100
+Subject: cmake: look for hunspell-1.6 as well
+
+---
+ cmake/FindHUNSPELL.cmake | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/cmake/FindHUNSPELL.cmake b/cmake/FindHUNSPELL.cmake
+index eca3cc1..1c1e3f5 100644
+--- a/cmake/FindHUNSPELL.cmake
 b/cmake/FindHUNSPELL.cmake
+@@ -14,7 +14,7 @@ ENDIF (HUNSPELL_INCLUDE_DIR AND HUNSPELL_LIBRARIES)
+ 
+ FIND_PATH(HUNSPELL_INCLUDE_DIR hunspell/hunspell.hxx )
+ 
+-FIND_LIBRARY(HUNSPELL_LIBRARIES NAMES hunspell-2.0 hunspell-1.5 hunspell-1.4 
hunspell-1.3 hunspell-1.2)
++FIND_LIBRARY(HUNSPELL_LIBRARIES NAMES hunspell-2.0 hunspell-1.6 hunspell-1.5 
hunspell-1.4 hunspell-1.3 hunspell-1.2)
+ 
+ # handle the QUIETLY and REQUIRED arguments and set HUNSPELL_FOUND to TRUE if 
+ # all listed variables are TRUE
diff -Nru lokalize-16.08.3/debian/patches/series 
lokalize-16.08.3/debian/patches/series
--- lokalize-16.08.3/debian/patches/series  1970-01-01 01:00:00.0 
+0100
+++ lokalize-16.08.3/debian/patches/series  2017-05-11 11:45:17.0 
+0200
@@ -0,0 +1 @@
+cmake-look-for-hunspell-1.6-as-well.patch
--- End Message ---
--- Begin Message ---
Maximiliano Curia:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Dear release team,
> 
> I recently uploaded lokalize 4:16.08.3-3 in order to fix #862163, which is 
> needed for the hunspell transition. I'm attaching the corresponding debdiff.
> 
> Please unblock package lokalize
> 
> Happy hacking,
> 
> unblock lokalize/4:16.08.3-3
> 
> [...]

Unblocked, thanks.

~Niels--- End Message ---

Bug#862346: marked as done (unblock: sbc/1.3-2)

[Debian Bug Tracking System]

Your message dated Fri, 12 May 2017 11:36:00 +
with message-id <1b57e282-eb31-97ff-8520-ddc73f88d...@thykier.net>
and subject line Re: Bug#862346: unblock: sbc/1.3-2
has caused the Debian Bug report #862346,
regarding unblock: sbc/1.3-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862346: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862346
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi,

Please unblock package sbc 1.3-2 as it fixes a RC bug
(Closes: 856487).
This fixes the problem that libsbc crashes on armhf.
This is a problem with ARM's assembler. This fix avoids
the problem by not using the ARM assembler, and using C
implementation.

unblock sbc/1.3-2

diff -Nru sbc-1.3/debian/changelog sbc-1.3/debian/changelog
--- sbc-1.3/debian/changelog2015-06-01 14:18:18.0 +0900
+++ sbc-1.3/debian/changelog2017-05-08 09:59:43.0 +0900
@@ -1,3 +1,14 @@
+sbc (1.3-2) unstable; urgency=medium
+
+  * Disable the ARMv6 asm implementation. (Closes: #856487)
+ This gets miscompiled with recent gcc since gcc does not consider
+ r3 clobbered by the basic asm in a naked function (see #856487).
+ The imost simple short-term fix is to disable the ARMv6 asm
+ implementation on armhf and use the C implementation instead.
+ Thanks to Adrian Bunk  and bug reporters.
+
+ -- Nobuhiro Iwamatsu   Mon, 08 May 2017 09:59:43 +0900
+
 sbc (1.3-1) unstable; urgency=medium
 
   * Upload to unstable.
diff -Nru 
sbc-1.3/debian/patches/0001-Add-config.h-in-sbc-sbc_primitives.h.patch 
sbc-1.3/debian/patches/0001-Add-config.h-in-sbc-sbc_primitives.h.patch
--- sbc-1.3/debian/patches/0001-Add-config.h-in-sbc-sbc_primitives.h.patch  
1970-01-01 09:00:00.0 +0900
+++ sbc-1.3/debian/patches/0001-Add-config.h-in-sbc-sbc_primitives.h.patch  
2017-05-08 09:59:43.0 +0900
@@ -0,0 +1,33 @@
+From e460c51017a7d1e04511ea4d293296a3d422049a Mon Sep 17 00:00:00 2001
+From: Nobuhiro Iwamatsu 
+Date: Mon, 3 Apr 2017 01:42:26 +0900
+Subject: [PATCH] Add config.h in sbc/sbc_primitives.h
+
+When we use "--enable-high-precision" option of configure, this does not work
+effectively. Because SBC_HIGH_PRECISION enabled by this option is not available
+in "sbc/sbc_primitives.h".
+This adds config.h to "sbc/sbc_primitives.h" to use SBC_HIGH_PRECISION.
+
+Signed-off-by: Nobuhiro Iwamatsu 
+---
+ sbc/sbc_primitives.h | 4 
+ 1 file changed, 4 insertions(+)
+
+diff --git a/sbc/sbc_primitives.h b/sbc/sbc_primitives.h
+index e01c957..b060484 100644
+--- a/sbc/sbc_primitives.h
 b/sbc/sbc_primitives.h
+@@ -27,6 +27,10 @@
+ #ifndef __SBC_PRIMITIVES_H
+ #define __SBC_PRIMITIVES_H
+ 
++#ifdef HAVE_CONFIG_H
++#include 
++#endif
++
+ #define SCALE_OUT_BITS 15
+ #define SBC_X_BUFFER_SIZE 328
+ 
+-- 
+2.11.0
+
diff -Nru sbc-1.3/debian/patches/series sbc-1.3/debian/patches/series
--- sbc-1.3/debian/patches/series   1970-01-01 09:00:00.0 +0900
+++ sbc-1.3/debian/patches/series   2017-05-08 09:59:43.0 +0900
@@ -0,0 +1 @@
+0001-Add-config.h-in-sbc-sbc_primitives.h.patch
diff -Nru sbc-1.3/debian/rules sbc-1.3/debian/rules
--- sbc-1.3/debian/rules2015-02-23 08:03:25.0 +0900
+++ sbc-1.3/debian/rules2017-05-08 09:59:43.0 +0900
@@ -2,11 +2,17 @@
 # Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
 
+CONFIGURE_OPTION = --disable-tester --disable-silent-rules
+# for i386 arch
+ifeq ($(DEB_HOST_ARCH),armhf)
+CONFIGURE_OPTION += --enable-high-precision
+endif
+
 %:
dh $@ --with autoreconf
 
 override_dh_auto_configure:
-   dh_auto_configure -- --disable-tester --disable-silent-rules
+   dh_auto_configure -- $(CONFIGURE_OPTION)
 
 override_dh_strip:
dh_strip -a --dbg-package=sbc-db


-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: armhf, armel, sh4, powerpc

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=ja_JP.utf8, LC_CTYPE=ja_JP.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Nobuhiro Iwamatsu:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Hi,
> 
> Please unblock package sbc 1.3-2 as it fixes a RC bug
> (Closes: 856487).
> This fixes the problem that libsbc crashes on armhf.
> This is a problem with

Bug#862379: marked as done (RM: check-all-the-things/2017.01.15.1)

[Debian Bug Tracking System]

Your message dated Fri, 12 May 2017 11:33:00 +
with message-id <56e740d2-d90c-9a9f-5130-6c017d8da...@thykier.net>
and subject line Re: Bug#862379: RM: check-all-the-things/2017.01.15.1
has caused the Debian Bug report #862379,
regarding RM: check-all-the-things/2017.01.15.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862379: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862379
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

Please remove check-all-the-things from stretch.
It isn't suitable for stable at this time.
I've filed bug #862378 to keep it out.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Paul Wise:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: rm
> 
> Please remove check-all-the-things from stretch.
> It isn't suitable for stable at this time.
> I've filed bug #862378 to keep it out.
> 

Removal hint added.

Thanks,
~Niels--- End Message ---

Bug#862364: marked as done (unblock: isoquery/3.2.1-2)

[Debian Bug Tracking System]

Your message dated Fri, 12 May 2017 11:30:00 +
with message-id <99005b08-0226-cf23-21e0-3aba313c4...@thykier.net>
and subject line Re: Bug#862364: unblock: isoquery/3.2.1-2
has caused the Debian Bug report #862364,
regarding unblock: isoquery/3.2.1-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862364: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862364
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package isoquery

The package FTBFS due to the latest translation update in iso-codes. 
This is a trivial fix, but the diff is not easy to view because of some 
null bytes in it. Essentially, the diff contains the newly added 
translation:


s/North American Indian languages/indiennes d’Amérique du Nord, langues/

unblock isoquery/3.2.1-2

Regards,
Tobias
diff -Nru isoquery-3.2.1/debian/changelog isoquery-3.2.1/debian/changelog
--- isoquery-3.2.1/debian/changelog	2016-08-30 22:00:57.0 +0200
+++ isoquery-3.2.1/debian/changelog	2017-05-11 21:00:21.0 +0200
@@ -1,3 +1,10 @@
+isoquery (3.2.1-2) unstable; urgency=medium
+
+  * Fix FTBFS in test suite after iso-codes translation update.
+Thanks to Chris Lamb  (Closes: #862301)
+
+ -- Dr. Tobias Quathamer   Thu, 11 May 2017 21:00:21 +0200
+
 isoquery (3.2.1-1) unstable; urgency=medium
 
   * Imported Upstream version 3.2.1
Binärdateien /tmp/gjwEBiLgac/isoquery-3.2.1/debian/patches/0001-Fix-FTBFS-in-test-suite-after-iso-codes-translation-.patch und /tmp/X14FOcVBCQ/isoquery-3.2.1/debian/patches/0001-Fix-FTBFS-in-test-suite-after-iso-codes-translation-.patch sind verschieden.
diff -Nru isoquery-3.2.1/debian/patches/series isoquery-3.2.1/debian/patches/series
--- isoquery-3.2.1/debian/patches/series	1970-01-01 01:00:00.0 +0100
+++ isoquery-3.2.1/debian/patches/series	2017-05-11 20:46:47.0 +0200
@@ -0,0 +1 @@
+0001-Fix-FTBFS-in-test-suite-after-iso-codes-translation-.patch
diff -Nru isoquery-3.2.1/debian/source/include-binaries isoquery-3.2.1/debian/source/include-binaries
--- isoquery-3.2.1/debian/source/include-binaries	1970-01-01 01:00:00.0 +0100
+++ isoquery-3.2.1/debian/source/include-binaries	2017-05-11 21:00:11.0 +0200
@@ -0,0 +1 @@
+debian/patches/0001-Fix-FTBFS-in-test-suite-after-iso-codes-translation-.patch


signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Dr. Tobias Quathamer:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package isoquery
> 
> The package FTBFS due to the latest translation update in iso-codes.
> This is a trivial fix, but the diff is not easy to view because of some
> null bytes in it. Essentially, the diff contains the newly added
> translation:
> 
> s/North American Indian languages/indiennes d’Amérique du Nord, langues/
> 
> unblock isoquery/3.2.1-2
> 
> Regards,
> Tobias

Unblocked, thanks.

~Niels--- End Message ---

Bug#862392: marked as done (unblock: nexus/4.3.2-svn1921-5)

[Debian Bug Tracking System]

Your message dated Fri, 12 May 2017 11:26:00 +
with message-id <0edf0a87-fcee-400b-26d9-5db9a91b4...@thykier.net>
and subject line Re: Bug#862392: unblock: nexus/4.3.2-svn1921-5
has caused the Debian Bug report #862392,
regarding unblock: nexus/4.3.2-svn1921-5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862392: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862392
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package nexus

The package fixes #861736 in a patch provided by Gilles Filippini
(thanks for this Gilles).

I did another admittedly questionable change.  I moved the package to
Debian Science team (so some d/control information was changed) which is
probably fine even under freeze policy.  I also added a watch file to
make sure a signal is raised that there is also a new upstream version
so the package is definitely better than before (even if I admit that
I would have applied more changes outside freeze policy).

The questionable part is that I intentionally left out a human beeing as
Uploader.  To compensate this I'm CCing Debian Science team as well as
the contributors to this bug report who are known members of Debian
Science team.  I'm hereby explicitly asking you to consider adding your
name as Uploader in Git[1] to make sure we will add a responsible person
as soon as possible.  If it turns out that nobody else would volunteer I
would consider adding myself to follow policy - but I have a really bad
feeling to do so since I feel totally incompetent to maintain this
package and while beeing sure that I could do better than annonymous QA
member it will be far from what I consider "properly".

So thanks for considering to add yourself as Uploader.

Kind regards

   Andreas.


[1] https://anonscm.debian.org/git/debian-science/packages/nexus.git


unblock nexus/4.3.2-svn1921-5

-- System Information:
Debian Release: 8.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru nexus-4.3.2-svn1921/debian/changelog nexus-4.3.2-svn1921/debian/changelog
--- nexus-4.3.2-svn1921/debian/changelog	2016-07-22 23:05:27.0 +0200
+++ nexus-4.3.2-svn1921/debian/changelog	2017-05-11 09:23:17.0 +0200
@@ -1,3 +1,19 @@
+nexus (4.3.2-svn1921-5) unstable; urgency=medium
+
+  * Team upload.
+
+  [ Andreas Tille ]
+  * Take over package into Debian Science team
+  * Fix wrong Priority: extra -> optional
+  * Add watch file
+  * Add Homepage field
+
+  [ Gilles Filippini ]
+  * New patch hdf5-1.10-support.patch to fix incorrect type for HDF5
+handles: should be hid_t instead of int (closes: #861736)
+
+ -- Andreas Tille   Thu, 11 May 2017 09:23:17 +0200
+
 nexus (4.3.2-svn1921-4) unstable; urgency=medium
 
   * QA upload.
diff -Nru nexus-4.3.2-svn1921/debian/control nexus-4.3.2-svn1921/debian/control
--- nexus-4.3.2-svn1921/debian/control	2015-12-13 23:47:48.0 +0100
+++ nexus-4.3.2-svn1921/debian/control	2017-05-11 09:23:17.0 +0200
@@ -1,6 +1,6 @@
 Source: nexus
-Priority: extra
-Maintainer: Debian QA Group 
+Priority: optional
+Maintainer: Debian Science Team 
 Build-Depends: ant,
autoconf,
automake,
@@ -18,6 +18,9 @@
python-numpy
 Standards-Version: 3.9.6
 Section: libs
+Vcs-Browser: https://anonscm.debian.org/cgit/debian-science/packages/nexus.git
+Vcs-Git: https://anonscm.debian.org/git/debian-science/packages/nexus.git
+Homepage: https://github.com/nexusformat/code
 
 Package: libnexus0v5
 Section: libs
diff -Nru nexus-4.3.2-svn1921/debian/patches/hdf5-1.10-support.patch nexus-4.3.2-svn1921/debian/patches/hdf5-1.10-support.patch
--- nexus-4.3.2-svn1921/debian/patches/hdf5-1.10-support.patch	1970-01-01 01:00:00.0 +0100
+++ nexus-4.3.2-svn1921/debian/patches/hdf5-1.10-support.patch	2017-05-11 09:23:17.0 +0200
@@ -0,0 +1,111 @@
+Description: HDF5 1.10.x uses 64 bit handles. They're not int anymore.
+Author: Gilles Filippini 
+Bug-Debian: https://bugs.debian.org/861736
+Index: nexus-4.3.2-svn1921/src/napi5.c
+===
+--- nexus-4.3.2-svn1921.orig/src/napi5.c
 nexus-4.3.2-svn1921/src/napi5.c
+@@ -54,12 +54,12 @@ extern  void *NXpData;
+   hsize_t 

Re: Fixing the jessie->stretch upgrade path

[Niels Thykier]

Ondřej Surý:
> Dear release team and fellow MySQL/MariaDB maintainers,
> 
> the situation in stretch in regards to clean upgrade path from jessie is
> a little bit unfortunate. [...]

I agree that we will be a lot better off with a proper fix for this
problem.  Plus it will probably save us a bunch of bug reports and angry
users / sysadmins.

> 
> Therefore I am proposing a one time fix specifically targeted at
> stretch. I would like to prepare 'mysql-transitional' package that will
> create a couple of dummy/transitional packages structured like this:
> 
> mysql-server depends on default-mysql-server
> mysql-client depends on default-mysql-client
> 
> The version would be 5.5.999+mariadb, [...]

Ack - at a quick glance it sounds fine (I got some minor bikeshedding
about the version, but I suppose it is reasonably unlikely that there
will be over 900 mysql-5.5 releases before it stops being supported).

> 
> This upload would have to go directly into stretch, so an approval of
> release team is required.
> 
> Cheers,
> 

Please file an unblock request for it to the request does not disappear.
 Feel free to consider it pre-approved (just reference this mail in the
unblock request).

Thanks,
~Niels

Re: Bug#861591: Bug#862071: password-store: FTBFS when built in a path with >= 74 characters

[Niels Thykier]

Control: tags -1 stretch-ignore

intrigeri:
> Dominic Hargreaves:
>> Please could you rule on whether the above class of bugs should be RC
>> for stretch? It doesn't seem productive at this late stage.
> 
> Indeed: I'll be happy to fix that in Buster or in a Stretch
> point-release (also because I've noticed it breaks autopkgtests for
> some packages of "mine"), but IMO this shouldn't block the Stretch
> release, so a stretch-ignore tag would seem suitable to me.
> 
> Cheers,
> 

Definitely RC, happy to see a fix in stretch, but I agree it is deferrable.

Thanks,
~Niels

Bug#862399: marked as done (unblock: konsole/4:16.12.0-4)

[Debian Bug Tracking System]

Your message dated Fri, 12 May 2017 11:12:00 +
with message-id <4584fd85-f20f-68c5-feb1-9d7c2e113...@thykier.net>
and subject line Re: Bug#862399: unblock: konsole/4:16.12.0-4
has caused the Debian Bug report #862399,
regarding unblock: konsole/4:16.12.0-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862399: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862399
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

A couple of weeks back I cherry picked some upstream fixes for konsole, the 
package was uploaded to experimental first and then to unstable as a way get 
more testers, recently I've updated konsole further, improving one of the 
patches and updating the manpage, the full list of changes against the version 
in stretch follows:

 + upstream_render_text_at_primary_fonts_baseline.patch (Closes: 858584)
   This fixes the font rendering when a glyph is being replaced (for example
   using the powerline glyphs), otherwise the glyph might be shown out of
   place, and moved around on redraw.

 + Add-nofork-as-compatibility-alias-for-separate.patch
   Upstream description:

Subject: Add --nofork as compatibility alias for --separate

In previous incarnations of kuniqueapplication it used to inject a common
command option --nofork which is meant to bypass single-instance behavior.
Given that konsole can and is being invoked from scripts they may well want
to ensure that the fork they created is the actual instance of konsole.
i.e. to monitor return values and life time

Presently, since the options are divergent between konsole4 and konsole5,
scripts are either incompatible with older konsoles or with newer konsoles.
To make life easier for everyone add a compat alias --nofork, which
behaves exactly like separate.

(this unbreaks steam, which is a notable recent offender of falling into
 this particular trap)

REVIEW: 129647
CHANGELOG: Added compatibility command option `--nofork` for 
single-instance behavior

  + Add patch: Update-release-date-scripting-and-command-line-help.patch.
Cherry-Picked from "Update release/date, scripting and command line
help" (792eda5).
Update manpage. KDE#373905

 + Fix-build.patch

 syntax error in the preprocessor causing an incomplete build.

 + TerminalDisplay-Abort-painting-invalid-rect.patch

 Reflect in Kate Konsole part see https://git.reviewboard.kde.org/r/129903/

 + Screen-Fix-potential-crash-when-ExtendedCharTable-tries-t.patch

 + Handle-surrogate-utf16-characters.patch

   Upstream description:

Subject: Handle surrogate utf16 characters

For our own sanity we (falsely) assume that all surrogate characters are
double width, otherwise we have to go back and reflow the line.

This makes it work better with emojis in vim at least.

 + Fix-word-boundaries-with-combining-characters.patch

   Upstream description:

Subject: Fix word boundaries with combining characters

Without this it doesn't correctly detect word boundaries e. g. in
arabic.
  Inverts the logic.

 + Don-t-include-newlines-in-selection-if-trimming-is-on.patch

   Fix triple click behaviour.

 + Limit-ourselves-to-3-combining-characters.patch

   Upstream description:

Subject: Limit ourselves to 3 combining characters

This seems to be the limit in all the test files I've been trying.
Without this we get an issue with too many combining characters where
Konsole will eventually just hang.

 + Allow-ANSI-string-terminator-to-work.patch

   Upstream description:
Treat "\e]0;\e\\" (set window title) the same way
it interprets "\e]0;\007".

It seems that Konsole does not recognize the standard string terminator
sequence "\e\\" (ESC \). Everything works fine if I use "\007" (BEL).



  + Add patch: Correct-ANSI-string-terminator.patch.
Cherry-picked from "Correct ANSI string terminator" (7a41b73)
Fixes Allow-ANSI-string-terminator-to-work.patch, \e is 033 which is 27
decimal.

 + Fix-opening-of-new-tabs-with-multiple-processes.patch

   Upstream description:
Subject: Fix opening of new tabs with multiple processes

Make sure we re-use the process if the user wants a new tab.

   Fixes KDE#373440

  + Add patch: Add-check-for-valid-container-possible-crash-fix.patch.
Cherry-picked from "Add check for valid container (possible crash fix)"

Bug#862401: marked as done (unblock: kwidgetsaddons/5.28.0-3)

[Debian Bug Tracking System]

Your message dated Fri, 12 May 2017 11:14:00 +
with message-id <7d884934-d164-c7e5-d167-1a7c01753...@thykier.net>
and subject line Re: Bug#862401: unblock: kwidgetsaddons/5.28.0-3
has caused the Debian Bug report #862401,
regarding unblock: kwidgetsaddons/5.28.0-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862401: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862401
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

I've recently uploaded kwidgetsaddons in order to fix #860515, as apparently 
the 5.28 version failed to update update the French translation. It seems that 
there are some other pending issues in the qt translations that made the 
problem difficult to diagnose.

The debdiff is 258k, so I'm publishing it in:
 https://freak.gnuservers.com.ar/~maxy/debian/kwidgetsaddons_5.28.0-3_unblock/

The change per se is importing the po files from the 5.29 version.

The package is currently in sid and has already built in all the release 
architectures.

Happy hacking,

Please unblock package kwidgetsaddons

unblock kwidgetsaddons/5.28.0-3

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'testing'), (500, 'stable'), (50, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Maximiliano Curia:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Dear release team,
> 
> I've recently uploaded kwidgetsaddons in order to fix #860515, as apparently 
> the 5.28 version failed to update update the French translation. It seems 
> that 
> there are some other pending issues in the qt translations that made the 
> problem difficult to diagnose.
> 
> The debdiff is 258k, so I'm publishing it in:
>  https://freak.gnuservers.com.ar/~maxy/debian/kwidgetsaddons_5.28.0-3_unblock/
> 
> The change per se is importing the po files from the 5.29 version.
> 
> The package is currently in sid and has already built in all the release 
> architectures.
> 
> Happy hacking,
> 
> Please unblock package kwidgetsaddons
> 
> unblock kwidgetsaddons/5.28.0-3
> 
> [...]

Unblocked, thanks.

~Niels--- End Message ---

Bug#862401: unblock: kwidgetsaddons/5.28.0-3

[Maximiliano Curia]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

I've recently uploaded kwidgetsaddons in order to fix #860515, as apparently 
the 5.28 version failed to update update the French translation. It seems that 
there are some other pending issues in the qt translations that made the 
problem difficult to diagnose.

The debdiff is 258k, so I'm publishing it in:
 https://freak.gnuservers.com.ar/~maxy/debian/kwidgetsaddons_5.28.0-3_unblock/

The change per se is importing the po files from the 5.29 version.

The package is currently in sid and has already built in all the release 
architectures.

Happy hacking,

Please unblock package kwidgetsaddons

unblock kwidgetsaddons/5.28.0-3

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'testing'), (500, 'stable'), (50, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Bug#862399: unblock: konsole/4:16.12.0-4

[Maximiliano Curia]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

A couple of weeks back I cherry picked some upstream fixes for konsole, the 
package was uploaded to experimental first and then to unstable as a way get 
more testers, recently I've updated konsole further, improving one of the 
patches and updating the manpage, the full list of changes against the version 
in stretch follows:

 + upstream_render_text_at_primary_fonts_baseline.patch (Closes: 858584)
   This fixes the font rendering when a glyph is being replaced (for example
   using the powerline glyphs), otherwise the glyph might be shown out of
   place, and moved around on redraw.

 + Add-nofork-as-compatibility-alias-for-separate.patch
   Upstream description:

Subject: Add --nofork as compatibility alias for --separate

In previous incarnations of kuniqueapplication it used to inject a common
command option --nofork which is meant to bypass single-instance behavior.
Given that konsole can and is being invoked from scripts they may well want
to ensure that the fork they created is the actual instance of konsole.
i.e. to monitor return values and life time

Presently, since the options are divergent between konsole4 and konsole5,
scripts are either incompatible with older konsoles or with newer konsoles.
To make life easier for everyone add a compat alias --nofork, which
behaves exactly like separate.

(this unbreaks steam, which is a notable recent offender of falling into
 this particular trap)

REVIEW: 129647
CHANGELOG: Added compatibility command option `--nofork` for 
single-instance behavior

  + Add patch: Update-release-date-scripting-and-command-line-help.patch.
Cherry-Picked from "Update release/date, scripting and command line
help" (792eda5).
Update manpage. KDE#373905

 + Fix-build.patch

 syntax error in the preprocessor causing an incomplete build.

 + TerminalDisplay-Abort-painting-invalid-rect.patch

 Reflect in Kate Konsole part see https://git.reviewboard.kde.org/r/129903/

 + Screen-Fix-potential-crash-when-ExtendedCharTable-tries-t.patch

 + Handle-surrogate-utf16-characters.patch

   Upstream description:

Subject: Handle surrogate utf16 characters

For our own sanity we (falsely) assume that all surrogate characters are
double width, otherwise we have to go back and reflow the line.

This makes it work better with emojis in vim at least.

 + Fix-word-boundaries-with-combining-characters.patch

   Upstream description:

Subject: Fix word boundaries with combining characters

Without this it doesn't correctly detect word boundaries e. g. in
arabic.
  Inverts the logic.

 + Don-t-include-newlines-in-selection-if-trimming-is-on.patch

   Fix triple click behaviour.

 + Limit-ourselves-to-3-combining-characters.patch

   Upstream description:

Subject: Limit ourselves to 3 combining characters

This seems to be the limit in all the test files I've been trying.
Without this we get an issue with too many combining characters where
Konsole will eventually just hang.

 + Allow-ANSI-string-terminator-to-work.patch

   Upstream description:
Treat "\e]0;\e\\" (set window title) the same way
it interprets "\e]0;\007".

It seems that Konsole does not recognize the standard string terminator
sequence "\e\\" (ESC \). Everything works fine if I use "\007" (BEL).



  + Add patch: Correct-ANSI-string-terminator.patch.
Cherry-picked from "Correct ANSI string terminator" (7a41b73)
Fixes Allow-ANSI-string-terminator-to-work.patch, \e is 033 which is 27
decimal.

 + Fix-opening-of-new-tabs-with-multiple-processes.patch

   Upstream description:
Subject: Fix opening of new tabs with multiple processes

Make sure we re-use the process if the user wants a new tab.

   Fixes KDE#373440

  + Add patch: Add-check-for-valid-container-possible-crash-fix.patch.
Cherry-picked from "Add check for valid container (possible crash fix)"
(a2b6a81)
Related to KDE#375540

konsole 4:16.12.0-4 is currently in unstable and has built in all the release 
architectures. I'm attaching the full debdiff between the version 4:16.12.0-1 
currently in stretch and the 4:16.12.0-4 version.

Happy hacking,

Please unblock package konsole

unblock konsole/4:16.12.0-4

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'testing'), (500, 'stable'), (50, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
diff -Nru konsole-16.12.0/debian/changelog konsole-16.12.0/debian/c

Bug#862219: unblock: at-spi2-atk/2.22.0-2

[Niels Thykier]

Samuel Thibault:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Hello,
> 
> Upstream of at-spi has released some serious fixes for at-spi2-atk,
> which I have uploaded as at-spi2-atk 2.22.0-2, and attached to this
> mail.
> 
> git-7cdc1f91c9802b0b8ecd2afea38c1717b1921736 fixes a memory corruption
> reported by valgrind, which could make basically any application crash
> when the Orca screen reader is running, when processing events. It does
> so by just using the right glib function for what the buggy code meant
> to do.
> 
> git-8d3cc68f7bc62c7015d986212be0d5d776920ee2 fixes memory references
> after dropping a refcount from the object (thus potentially freed), also
> leading to potential crash of any application when the Orca screen
> reader is running.
> 
> unblock at-spi2-atk/2.22.0-2
> 
> [...]

Ack from here, CC'ing KiBi for a d-i ack.

Thanks,
~Niels

Bug#862220: unblock: at-spi2-core/2.22.0-6

[Niels Thykier]

Samuel Thibault:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Hello,
> 
> Upstream of at-spi has released some serious fixes for at-spi2-core,
> which I have uploaded as at-spi2-core 2.22.0-6, and attached to this
> mail.
> 
> git-329ef2c4ebcb3aec6dcfcac15357fd583a60c969 is reported to help fixing
> https://bugzilla.gnome.org/show_bug.cgi?id=767074
> Orca would sometimes hang or crash when closing an application, thus
> leaving blind users without access to the computer, and have to restart
> Orca blindly.  It seems there are still some cases where the crash
> happens, but only after upgrading at-spi2-atk to version 2.24, which we
> do not have in Debian yet.
> 
> git-eba079f3e72e61e6b55d81727ab50c85d505d296 fixes crashes in Orca too
> when getting the Position property fails.
> 
> These would probably help with the grave orca Bug#862008
> 
> Samuel
> 
> unblock at-spi2-core/2.22.0-6
> 
> [...]

Ack from here, CC'ing KiBi for a d-i ack.

Thanks,
~Niels

Re: [debian-mysql] Fixing the jessie->stretch upgrade path

[Robie Basak]

Hi Ondřej,

Thank you for working on this.

On Fri, May 12, 2017 at 11:26:13AM +0200, Ondřej Surý wrote:
> Therefore I am proposing a one time fix specifically targeted at
> stretch. I would like to prepare 'mysql-transitional' package that will
> create a couple of dummy/transitional packages structured like this:
> 
> mysql-server depends on default-mysql-server
> mysql-client depends on default-mysql-client
> 
> The version would be 5.5.999+mariadb, so it is always higher than
> version in jessie, but always lower than version in sid, as I don't want
> force epoch on mysql-5.7.

FTR, this sounds fine to me from the perspective of continuing to
maintain src:mysql-5.7 in sid.

Robie


signature.asc
Description: PGP signature

Fixing the jessie->stretch upgrade path

[Ondřej Surý]

Dear release team and fellow MySQL/MariaDB maintainers,

the situation in stretch in regards to clean upgrade path from jessie is
a little bit unfortunate. It works for most cases when something depends
on default-mysql-server and pulls it as a dependency. But in situations
where mysql-server was the top dependency, it simply uninstalls
mysql-server-5.5 without any replacement.

I understand the reasons why we are here, but the situation where user
needs to do:
apt-get update
# apt-get upgrade
apt-get install default-mysql-server
apt-get dist-upgrade

is very inconvenient for the users and I foresee this will cause a lot
of complaints, because it's quite common to run just "mysql-server" on
the server.

Therefore I am proposing a one time fix specifically targeted at
stretch. I would like to prepare 'mysql-transitional' package that will
create a couple of dummy/transitional packages structured like this:

mysql-server depends on default-mysql-server
mysql-client depends on default-mysql-client

The version would be 5.5.999+mariadb, so it is always higher than
version in jessie, but always lower than version in sid, as I don't want
force epoch on mysql-5.7.

This upload would have to go directly into stretch, so an approval of
release team is required.

Cheers,
-- 
Ondřej Surý 
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu

Re: Bug#861591: Bug#862071: password-store: FTBFS when built in a path with >= 74 characters

[intrigeri]

Dominic Hargreaves:
> Please could you rule on whether the above class of bugs should be RC
> for stretch? It doesn't seem productive at this late stage.

Indeed: I'll be happy to fix that in Buster or in a Stretch
point-release (also because I've noticed it breaks autopkgtests for
some packages of "mine"), but IMO this shouldn't block the Stretch
release, so a stretch-ignore tag would seem suitable to me.

Cheers,
-- 
intrigeri

Bug#862392: unblock: nexus/4.3.2-svn1921-5

[Andreas Tille]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package nexus

The package fixes #861736 in a patch provided by Gilles Filippini
(thanks for this Gilles).

I did another admittedly questionable change.  I moved the package to
Debian Science team (so some d/control information was changed) which is
probably fine even under freeze policy.  I also added a watch file to
make sure a signal is raised that there is also a new upstream version
so the package is definitely better than before (even if I admit that
I would have applied more changes outside freeze policy).

The questionable part is that I intentionally left out a human beeing as
Uploader.  To compensate this I'm CCing Debian Science team as well as
the contributors to this bug report who are known members of Debian
Science team.  I'm hereby explicitly asking you to consider adding your
name as Uploader in Git[1] to make sure we will add a responsible person
as soon as possible.  If it turns out that nobody else would volunteer I
would consider adding myself to follow policy - but I have a really bad
feeling to do so since I feel totally incompetent to maintain this
package and while beeing sure that I could do better than annonymous QA
member it will be far from what I consider "properly".

So thanks for considering to add yourself as Uploader.

Kind regards

   Andreas.


[1] https://anonscm.debian.org/git/debian-science/packages/nexus.git


unblock nexus/4.3.2-svn1921-5

-- System Information:
Debian Release: 8.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru nexus-4.3.2-svn1921/debian/changelog nexus-4.3.2-svn1921/debian/changelog
--- nexus-4.3.2-svn1921/debian/changelog	2016-07-22 23:05:27.0 +0200
+++ nexus-4.3.2-svn1921/debian/changelog	2017-05-11 09:23:17.0 +0200
@@ -1,3 +1,19 @@
+nexus (4.3.2-svn1921-5) unstable; urgency=medium
+
+  * Team upload.
+
+  [ Andreas Tille ]
+  * Take over package into Debian Science team
+  * Fix wrong Priority: extra -> optional
+  * Add watch file
+  * Add Homepage field
+
+  [ Gilles Filippini ]
+  * New patch hdf5-1.10-support.patch to fix incorrect type for HDF5
+handles: should be hid_t instead of int (closes: #861736)
+
+ -- Andreas Tille   Thu, 11 May 2017 09:23:17 +0200
+
 nexus (4.3.2-svn1921-4) unstable; urgency=medium
 
   * QA upload.
diff -Nru nexus-4.3.2-svn1921/debian/control nexus-4.3.2-svn1921/debian/control
--- nexus-4.3.2-svn1921/debian/control	2015-12-13 23:47:48.0 +0100
+++ nexus-4.3.2-svn1921/debian/control	2017-05-11 09:23:17.0 +0200
@@ -1,6 +1,6 @@
 Source: nexus
-Priority: extra
-Maintainer: Debian QA Group 
+Priority: optional
+Maintainer: Debian Science Team 
 Build-Depends: ant,
autoconf,
automake,
@@ -18,6 +18,9 @@
python-numpy
 Standards-Version: 3.9.6
 Section: libs
+Vcs-Browser: https://anonscm.debian.org/cgit/debian-science/packages/nexus.git
+Vcs-Git: https://anonscm.debian.org/git/debian-science/packages/nexus.git
+Homepage: https://github.com/nexusformat/code
 
 Package: libnexus0v5
 Section: libs
diff -Nru nexus-4.3.2-svn1921/debian/patches/hdf5-1.10-support.patch nexus-4.3.2-svn1921/debian/patches/hdf5-1.10-support.patch
--- nexus-4.3.2-svn1921/debian/patches/hdf5-1.10-support.patch	1970-01-01 01:00:00.0 +0100
+++ nexus-4.3.2-svn1921/debian/patches/hdf5-1.10-support.patch	2017-05-11 09:23:17.0 +0200
@@ -0,0 +1,111 @@
+Description: HDF5 1.10.x uses 64 bit handles. They're not int anymore.
+Author: Gilles Filippini 
+Bug-Debian: https://bugs.debian.org/861736
+Index: nexus-4.3.2-svn1921/src/napi5.c
+===
+--- nexus-4.3.2-svn1921.orig/src/napi5.c
 nexus-4.3.2-svn1921/src/napi5.c
+@@ -54,12 +54,12 @@ extern  void *NXpData;
+   hsize_t iCurrentIDX;
+ } iStack5[NXMAXSTACK];
+ struct iStack5 iAtt5;
+-int iFID;
+-int iCurrentG;
+-int iCurrentD;
+-int iCurrentS;
+-int iCurrentT;
+-int iCurrentA;
++hid_t iFID;
++hid_t iCurrentG;
++hid_t iCurrentD;
++hid_t iCurrentS;
++hid_t iCurrentT;
++hid_t iCurrentA;
+ int iNX;
+ int iNXID;
+ int iStackPtr;
+@@ -434,7 +434,7 @@ NXstatus  NX5open(CONSTCHAR *filename, N
+   NXstatus  NX5makegroup (NXhandle fid, CONSTCHAR *name, CONSTCHAR *nxclass) 
+   {
+ pNexusFile5 pFile;
+-herr_t iRet;
++hid_t iRet;
+ hid_t iVID;
+ hid_t attr1,aid1, aid2;
+ char pBuffer[1024] = "";
+@@ -487,7 +487,7 @@ NXstatus  NX5open(CONSTCHAR *filename, N
+ 
+ pNexusFile5 pFile;
+ hid_t attr1, atype;
+-  

Bug#861580: (pre-approval) unblock: mysql-connector-python/2.1.6

[Salvatore Bonaccorso]

Hi,

On Sun, May 07, 2017 at 07:41:00PM +, Niels Thykier wrote:
> Control: tags -1 confirmed moreinfo
> 
> Sandro Tosi:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: unblock
> > 
> > Hello,
> > BTS 861511 was reported yesterday against mysql-connector-python stating 
> > the new
> > upstream version (2.1.6) fixes CVE-2017-3590.
> > 
> > The upstream versions diff (attached) is quite important, so i would 
> > understand
> > if you decide not to accept a potential upload of this new version aiming 
> > for an
> > unblock to strech, but i would still like you to have a look and decide on 
> > it.
> > 
> > Thanks,
> > Sandro
> > 
> > [...]
> 
> Ack, please go ahead and remove the moreinfo tag once the upload has
> been processed and has been built on all relevant release architectures.
> 
> NOTE: the test suite contains certificates that expire in 2018.  If that
> causes test failures, then that is an RC bug (as it would mean we would
> be unable to compile mysql-connector-python in stretch before its EOL).
> AFAICT, said problem would also exists in the current version (except
> the expiry reads 2017 instead).
>   Please consider replacing the certificates with once that can survive
> stretch + stretch-lts's life-time.

Sandro, any news on the upload?

Regards,
Salvatore