Bug#862502: marked as done (unblock: webkit2gtk/2.14.7-1)
Your message dated Sun, 14 May 2017 06:55:10 + with message-id and subject line unblock webkit2gtk has caused the Debian Bug report #862502, regarding unblock: webkit2gtk/2.14.7-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862502: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862502 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package webkit2gtk Apparently Google introduced a new sign-in page. This breaks users of webkit2gtk in a rather bad way as it is no longer possible to log in. The most important affected packages are probably epiphany-browser and gnome-online-accounts. The upstream bug report is at https://bugs.webkit.org/show_bug.cgi?id=171770 We already have two downstream bug reports: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862156 and users reporting this on the user mailing list: https://lists.debian.org/debian-user/2017/05/msg00404.html This was fixed in the new upstream release 2.14.7-1 and it's important we git this fix into stretch. Full debdiff is attached. Regards, Michael unblock webkit2gtk/2.14.7-1 -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru webkit2gtk-2.14.6/debian/changelog webkit2gtk-2.14.7/debian/changelog --- webkit2gtk-2.14.6/debian/changelog 2017-04-07 12:56:45.0 +0200 +++ webkit2gtk-2.14.7/debian/changelog 2017-05-09 15:48:39.0 +0200 @@ -1,3 +1,11 @@ +webkit2gtk (2.14.7-1) unstable; urgency=medium + + * New upstream release. + * debian/copyright: ++ Update copyright years and remove nonexistent files. + + -- Alberto Garcia Tue, 09 May 2017 16:48:39 +0300 + webkit2gtk (2.14.6-1) unstable; urgency=high * New upstream release. diff -Nru webkit2gtk-2.14.6/debian/copyright webkit2gtk-2.14.7/debian/copyright --- webkit2gtk-2.14.6/debian/copyright 2017-04-07 12:56:45.0 +0200 +++ webkit2gtk-2.14.7/debian/copyright 2017-05-09 15:48:39.0 +0200 @@ -3,7 +3,7 @@ Source: https://webkitgtk.org/releases/ Files: * -Copyright: © 2002-2016 Apple Inc. and others +Copyright: © 2002-2017 Apple Inc. and others License: BSD-2-clause Comment: The default license of WebKit is BSD 2-clause, available in @@ -22,8 +22,6 @@ Source/JavaScriptCore/bytecode/JumpTable.h Source/JavaScriptCore/bytecode/Opcode.cpp Source/JavaScriptCore/bytecode/Opcode.h - Source/JavaScriptCore/bytecode/SamplingTool.cpp - Source/JavaScriptCore/bytecode/SamplingTool.h Source/JavaScriptCore/bytecode/SpeculatedType.cpp Source/JavaScriptCore/bytecode/SpeculatedType.h Source/JavaScriptCore/bytecode/ValueProfile.h @@ -64,16 +62,10 @@ Source/JavaScriptCore/inspector/agents/InspectorRuntimeAgent.h Source/JavaScriptCore/interpreter/Interpreter.cpp Source/JavaScriptCore/interpreter/Interpreter.h - Source/JavaScriptCore/interpreter/JSStack.cpp - Source/JavaScriptCore/interpreter/JSStack.h Source/JavaScriptCore/interpreter/Register.h Source/JavaScriptCore/jit/CompactJITCodeMap.h Source/JavaScriptCore/parser/SourceCode.h Source/JavaScriptCore/parser/SourceProvider.h - Source/JavaScriptCore/profiler/LegacyProfiler.cpp - Source/JavaScriptCore/profiler/LegacyProfiler.h - Source/JavaScriptCore/profiler/ProfileNode.cpp - Source/JavaScriptCore/profiler/ProfileNode.h Source/JavaScriptCore/replay/scripts/CodeGeneratorReplayInputsTemplates.py Source/JavaScriptCore/runtime/CallData.h Source/JavaScriptCore/runtime/ConstructData.h @@ -86,8 +78,6 @@ Source/JavaScriptCore/runtime/JSGlobalObject.cpp Source/JavaScriptCore/runtime/JSLexicalEnvironment.cpp Source/JavaScriptCore/runtime/JSLexicalEnvironment.h - Source/JavaScriptCore/runtime/JSNotAnObject.cpp - Source/JavaScriptCore/runtime/JSNotAnObject.h Source/JavaScriptCore/runtime/JSSegmentedVariableObject.cpp Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h Source/JavaScriptCore/runtime/JSSymbolTableObject.cpp @@ -205,7 +195,6 @@ Source/WebCore/bindings/js/JSCallbackData.h Source/WebCore/bindings/js/JSCommandLineAPIHostCu
Bug#862526: marked as done (unblock: openvpn/2.4.0-5)
Your message dated Sun, 14 May 2017 06:53:40 + with message-id and subject line unblock openvpn has caused the Debian Bug report #862526, regarding unblock: openvpn/2.4.0-5 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862526: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862526 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi Please unblock package openvpn The update fixes security issues, in CVE-2017-7478 which is pre-authentication (and does not affect stable version). Detail are in https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits Changelog: +openvpn (2.4.0-5) unstable; urgency=high + + * Change typo fix in command line help. + * SECURITY UPDATE: pre-authentication denial-of-service vulnerability +(both client and server) from a too-large control packet. +- debian/patches/CVE-2017-7478.patch: Do not assert on too-large + control packet +- CVE-2017-7478 + * SECURITY UPDATE: authenticated remote DoS vulnerability due to +packet ID rollover +- debian/patches/CVE-2017-7479-prereq.patch: merge + packet_id_alloc_outgoing() into packet_id_write() +- debian/patches/CVE-2017-7479.patch: do not assert when packet ID + rollover occurs +- CVE-2017-7479 + * SECURITY UPDATE: auth tokens left in memory after de-auth +- debian/patches/wipe_tokens_on_de-auth.patch: always wipe token + as soon as a TLS session is considered broken. + * Kudos to Steve Beattie for doing all the + backporting work for this upload. + + -- Alberto Gonzalez Iniesta Thu, 11 May 2017 14:15:21 +0200 unblock openvpn/2.4.0-5 Attached is as well the complete debdiff. Regards, Salvatore diff -Nru openvpn-2.4.0/debian/changelog openvpn-2.4.0/debian/changelog --- openvpn-2.4.0/debian/changelog 2017-02-02 14:15:42.0 +0100 +++ openvpn-2.4.0/debian/changelog 2017-05-11 14:15:21.0 +0200 @@ -1,3 +1,26 @@ +openvpn (2.4.0-5) unstable; urgency=high + + * Change typo fix in command line help. + * SECURITY UPDATE: pre-authentication denial-of-service vulnerability +(both client and server) from a too-large control packet. +- debian/patches/CVE-2017-7478.patch: Do not assert on too-large + control packet +- CVE-2017-7478 + * SECURITY UPDATE: authenticated remote DoS vulnerability due to +packet ID rollover +- debian/patches/CVE-2017-7479-prereq.patch: merge + packet_id_alloc_outgoing() into packet_id_write() +- debian/patches/CVE-2017-7479.patch: do not assert when packet ID + rollover occurs +- CVE-2017-7479 + * SECURITY UPDATE: auth tokens left in memory after de-auth +- debian/patches/wipe_tokens_on_de-auth.patch: always wipe token + as soon as a TLS session is considered broken. + * Kudos to Steve Beattie for doing all the + backporting work for this upload. + + -- Alberto Gonzalez Iniesta Thu, 11 May 2017 14:15:21 +0200 + openvpn (2.4.0-4) unstable; urgency=medium * Add NEWS entries on possible 2.4 migration issues. diff -Nru openvpn-2.4.0/debian/patches/CVE-2017-7478.patch openvpn-2.4.0/debian/patches/CVE-2017-7478.patch --- openvpn-2.4.0/debian/patches/CVE-2017-7478.patch 1970-01-01 01:00:00.0 +0100 +++ openvpn-2.4.0/debian/patches/CVE-2017-7478.patch 2017-05-11 14:15:21.0 +0200 @@ -0,0 +1,55 @@ +From be66408610a52f81c9c895a8973958ead55a4e57 Mon Sep 17 00:00:00 2001 +From: Steffan Karger +Date: Tue, 9 May 2017 15:40:25 +0300 +Subject: [PATCH] Don't assert out on receiving too-large control packets + (CVE-2017-xxx) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Commit 3c1b19e0 changed the maximum size of accepted control channel +packets. This was needed for crypto negotiation (which is needed for a +nice transition to a new default cipher), but exposed a DoS +vulnerability. The vulnerability was found during the OpenVPN 2.4 code +audit by Quarkslab (commisioned by OSTIF). + +To fix the issue, we should not ASSERT() on external input (in this case +the received packet size), but instead gracefully error out and drop the +invalid packet. + +Signed-off-by: Steffan Karger +Signed-off-by: Samuli Seppänen + +CVE-2017-7478 + + Security + + - This release fixes a pre-authentication denial-of-service attack on both +clients and servers. By sending a too-large control packet, OpenVPN 2.4.0 or +2.4.1 can be forced to hit an ASSERT() and stop the pr
Bug#862506: marked as done (unblock: gdm3/3.22.3-2)
Your message dated Sun, 14 May 2017 06:55:36 + with message-id and subject line unblock gdm3 has caused the Debian Bug report #862506, regarding unblock: gdm3/3.22.3-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862506: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862506 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package gdm3 It fixes RC bug #857995 [1], where trying to restart gdm3 resulted in a system which was basically DoSed by constant respawns of of the gdm process. You will notice that 3.22.3 is a new upstream stable release compared to what's currently in testing, i.e. 3.22.1. The upstream changes between .1 and .3 are strictly bug fixes though and something we want for stretch anyway. In addition 3.22.3 had been sitting in unstable for almost two months with no new regression reported. It thus seemed preferrable to fix it this way then to re-upload 3.22.1 or make a t-p-u upload. The complete debdiff is attached. I only filtered autotools related noise. Regards, Michael unblock gdm3/3.22.3-2 [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857995 -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) NEWS | 17 common/gdm-address.c | 24 configure.ac | 13 daemon/gdm-display.c | 252 ++ daemon/gdm-local-display-factory.c| 13 daemon/gdm-manager-glue.c | 2 daemon/gdm-manager-glue.h | 10 daemon/gdm-manager.c | 70 +- daemon/gdm-session-worker.c | 79 ++- daemon/gdm-session.c | 40 + daemon/gdm-wayland-session.c | 2 daemon/gdm-x-session.c| 2 daemon/gdm-xdmcp-display-factory.c| 15 debian/changelog | 28 + debian/control| 1 debian/control.in | 1 debian/gdm3.install | 3 debian/gdm3.postinst | 8 debian/patches/09_default_session.patch | 8 debian/patches/16_xserver_path.patch | 2 debian/patches/Hack-D-Bus-messages-from-Debian-8-libgdm-to-work-wit.patch | 11 debian/patches/pam_gdm-allow-setting-pam-module-dir-at-configure-ti.patch | 63 ++ debian/patches/series | 2 debian/patches/stop-greeter-explicitly-when-finishing-display.patch | 31 + debian/rules | 3 libgdm/gdm-client-glue.h | 42 - libgdm/gdm.pc | 2 27 files changed, 506 insertions(+), 238 deletions(-) --- End Message --- --- Begin Message --- Unblocked gdm3.--- End Message ---
Bug#862525: marked as done (unblock: git/1:2.11.0-3)
Your message dated Sun, 14 May 2017 06:49:35 +
with message-id
and subject line unblock git
has caused the Debian Bug report #862525,
regarding unblock: git/1:2.11.0-3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
862525: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862525
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi
Please unblock package git
The update fixes CVE-2017-8386, which does not have a bug in the BTS.
The issue was covered with DSA-3848-1 in jessie, so please allow the
fix to go to stretch to avoid a regression.
Details:
https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/
http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01337.html
http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01346.html
Changelog entry:
git (1:2.11.0-3) unstable; urgency=high
* Do not allow git helpers run via git-shell to launch a pager
(CVE-2017-8386).
-- Jonathan Nieder Tue, 09 May 2017 16:23:17 -0700
unblock git/1:2.11.0-3
debdiff attached against the current version in stretch.
Regards,
Salvatore
diff -Nru git-2.11.0/debian/changelog git-2.11.0/debian/changelog
--- git-2.11.0/debian/changelog 2016-12-28 00:17:12.0 +0100
+++ git-2.11.0/debian/changelog 2017-05-10 01:23:17.0 +0200
@@ -1,3 +1,10 @@
+git (1:2.11.0-3) unstable; urgency=high
+
+ * Do not allow git helpers run via git-shell to launch a pager
+(CVE-2017-8386).
+
+ -- Jonathan Nieder Tue, 09 May 2017 16:23:17 -0700
+
git (1:2.11.0-2) unstable; urgency=medium
* gitweb: Depends: libcgi-pm-perl; Build-Depends: libcgi-pm-perl
diff -Nru git-2.11.0/debian/patches/series git-2.11.0/debian/patches/series
--- git-2.11.0/debian/patches/series2016-12-28 00:10:31.0 +0100
+++ git-2.11.0/debian/patches/series2017-05-10 01:22:54.0 +0200
@@ -2,3 +2,4 @@
Normalize-generated-asciidoc-timestamps-with-SOURCE_D.diff
git-gui-Sort-entries-in-optimized-tclIndex.diff
xdiff-Do-not-enable-XDL_FAST_HASH-by-default.diff
+shell-disallow-repo-names-beginning-with-dash.patch
diff -Nru
git-2.11.0/debian/patches/shell-disallow-repo-names-beginning-with-dash.patch
git-2.11.0/debian/patches/shell-disallow-repo-names-beginning-with-dash.patch
---
git-2.11.0/debian/patches/shell-disallow-repo-names-beginning-with-dash.patch
1970-01-01 01:00:00.0 +0100
+++
git-2.11.0/debian/patches/shell-disallow-repo-names-beginning-with-dash.patch
2017-05-10 01:20:52.0 +0200
@@ -0,0 +1,74 @@
+From 3ec804490a265f4c418a321428c12f3f18b7eff5 Mon Sep 17 00:00:00 2001
+From: Jeff King
+Date: Sat, 29 Apr 2017 08:36:44 -0400
+Subject: [PATCH] shell: disallow repo names beginning with dash
+
+When a remote server uses git-shell, the client side will
+connect to it like:
+
+ ssh server "git-upload-pack 'foo.git'"
+
+and we literally exec ("git-upload-pack", "foo.git"). In
+early versions of upload-pack and receive-pack, we took a
+repository argument and nothing else. But over time they
+learned to accept dashed options. If the user passes a
+repository name that starts with a dash, the results are
+confusing at best (we complain of a bogus option instead of
+a non-existent repository) and malicious at worst (the user
+can start an interactive pager via "--help").
+
+We could pass "--" to the sub-process to make sure the
+user's argument is interpreted as a branch name. I.e.:
+
+ git-upload-pack -- -foo.git
+
+But adding "--" automatically would make us inconsistent
+with a normal shell (i.e., when git-shell is not in use),
+where "-foo.git" would still be an error. For that case, the
+client would have to specify the "--", but they can't do so
+reliably, as existing versions of git-shell do not allow
+more than a single argument.
+
+The simplest thing is to simply disallow "-" at the start of
+the repo name argument. This hasn't worked either with or
+without git-shell since version 1.0.0, and nobody has
+complained.
+
+Note that this patch just applies to do_generic_cmd(), which
+runs upload-pack, receive-pack, and upload-archive. There
+are two other types of commands that git-shell runs:
+
+ - do_cvs_cmd(), but this already restricts the argument to
+be the literal string "server"
+
+ - admin-provided commands in the git-shell-commands
+directory. We'll pass along arbitrary arguments there,
+so these commands could have similar problems. But these
+commands might actually understand dashed arguments, so
+we cannot just
Bug#862526: unblock: openvpn/2.4.0-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi Please unblock package openvpn The update fixes security issues, in CVE-2017-7478 which is pre-authentication (and does not affect stable version). Detail are in https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits Changelog: +openvpn (2.4.0-5) unstable; urgency=high + + * Change typo fix in command line help. + * SECURITY UPDATE: pre-authentication denial-of-service vulnerability +(both client and server) from a too-large control packet. +- debian/patches/CVE-2017-7478.patch: Do not assert on too-large + control packet +- CVE-2017-7478 + * SECURITY UPDATE: authenticated remote DoS vulnerability due to +packet ID rollover +- debian/patches/CVE-2017-7479-prereq.patch: merge + packet_id_alloc_outgoing() into packet_id_write() +- debian/patches/CVE-2017-7479.patch: do not assert when packet ID + rollover occurs +- CVE-2017-7479 + * SECURITY UPDATE: auth tokens left in memory after de-auth +- debian/patches/wipe_tokens_on_de-auth.patch: always wipe token + as soon as a TLS session is considered broken. + * Kudos to Steve Beattie for doing all the + backporting work for this upload. + + -- Alberto Gonzalez Iniesta Thu, 11 May 2017 14:15:21 +0200 unblock openvpn/2.4.0-5 Attached is as well the complete debdiff. Regards, Salvatore diff -Nru openvpn-2.4.0/debian/changelog openvpn-2.4.0/debian/changelog --- openvpn-2.4.0/debian/changelog 2017-02-02 14:15:42.0 +0100 +++ openvpn-2.4.0/debian/changelog 2017-05-11 14:15:21.0 +0200 @@ -1,3 +1,26 @@ +openvpn (2.4.0-5) unstable; urgency=high + + * Change typo fix in command line help. + * SECURITY UPDATE: pre-authentication denial-of-service vulnerability +(both client and server) from a too-large control packet. +- debian/patches/CVE-2017-7478.patch: Do not assert on too-large + control packet +- CVE-2017-7478 + * SECURITY UPDATE: authenticated remote DoS vulnerability due to +packet ID rollover +- debian/patches/CVE-2017-7479-prereq.patch: merge + packet_id_alloc_outgoing() into packet_id_write() +- debian/patches/CVE-2017-7479.patch: do not assert when packet ID + rollover occurs +- CVE-2017-7479 + * SECURITY UPDATE: auth tokens left in memory after de-auth +- debian/patches/wipe_tokens_on_de-auth.patch: always wipe token + as soon as a TLS session is considered broken. + * Kudos to Steve Beattie for doing all the + backporting work for this upload. + + -- Alberto Gonzalez Iniesta Thu, 11 May 2017 14:15:21 +0200 + openvpn (2.4.0-4) unstable; urgency=medium * Add NEWS entries on possible 2.4 migration issues. diff -Nru openvpn-2.4.0/debian/patches/CVE-2017-7478.patch openvpn-2.4.0/debian/patches/CVE-2017-7478.patch --- openvpn-2.4.0/debian/patches/CVE-2017-7478.patch 1970-01-01 01:00:00.0 +0100 +++ openvpn-2.4.0/debian/patches/CVE-2017-7478.patch 2017-05-11 14:15:21.0 +0200 @@ -0,0 +1,55 @@ +From be66408610a52f81c9c895a8973958ead55a4e57 Mon Sep 17 00:00:00 2001 +From: Steffan Karger +Date: Tue, 9 May 2017 15:40:25 +0300 +Subject: [PATCH] Don't assert out on receiving too-large control packets + (CVE-2017-xxx) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Commit 3c1b19e0 changed the maximum size of accepted control channel +packets. This was needed for crypto negotiation (which is needed for a +nice transition to a new default cipher), but exposed a DoS +vulnerability. The vulnerability was found during the OpenVPN 2.4 code +audit by Quarkslab (commisioned by OSTIF). + +To fix the issue, we should not ASSERT() on external input (in this case +the received packet size), but instead gracefully error out and drop the +invalid packet. + +Signed-off-by: Steffan Karger +Signed-off-by: Samuli Seppänen + +CVE-2017-7478 + + Security + + - This release fixes a pre-authentication denial-of-service attack on both +clients and servers. By sending a too-large control packet, OpenVPN 2.4.0 or +2.4.1 can be forced to hit an ASSERT() and stop the process. If +``--tls-auth`` or ``--tls-crypt`` is used, only attackers that have the +``--tls-auth`` or ``--tls-crypt`` key can mount an attack. (CVE-2017-xxx) + +--- + Changes.rst | 8 + src/openvpn/ssl.c | 7 ++- + 2 files changed, 14 insertions(+), 1 deletion(-) + +Index: openvpn-2.4.0/src/openvpn/ssl.c +=== +--- openvpn-2.4.0.orig/src/openvpn/ssl.c openvpn-2.4.0/src/openvpn/ssl.c +@@ -3708,7 +3708,12 @@ tls_pre_decrypt(struct tls_multi *multi, + /* Save incoming ciphertext packet to reliable buffer */ + struct buffer *in = reliable_get_buf(ks->rec_reliable); + ASSERT(
Bug#862525: unblock: git/1:2.11.0-3
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi
Please unblock package git
The update fixes CVE-2017-8386, which does not have a bug in the BTS.
The issue was covered with DSA-3848-1 in jessie, so please allow the
fix to go to stretch to avoid a regression.
Details:
https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/
http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01337.html
http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01346.html
Changelog entry:
git (1:2.11.0-3) unstable; urgency=high
* Do not allow git helpers run via git-shell to launch a pager
(CVE-2017-8386).
-- Jonathan Nieder Tue, 09 May 2017 16:23:17 -0700
unblock git/1:2.11.0-3
debdiff attached against the current version in stretch.
Regards,
Salvatore
diff -Nru git-2.11.0/debian/changelog git-2.11.0/debian/changelog
--- git-2.11.0/debian/changelog 2016-12-28 00:17:12.0 +0100
+++ git-2.11.0/debian/changelog 2017-05-10 01:23:17.0 +0200
@@ -1,3 +1,10 @@
+git (1:2.11.0-3) unstable; urgency=high
+
+ * Do not allow git helpers run via git-shell to launch a pager
+(CVE-2017-8386).
+
+ -- Jonathan Nieder Tue, 09 May 2017 16:23:17 -0700
+
git (1:2.11.0-2) unstable; urgency=medium
* gitweb: Depends: libcgi-pm-perl; Build-Depends: libcgi-pm-perl
diff -Nru git-2.11.0/debian/patches/series git-2.11.0/debian/patches/series
--- git-2.11.0/debian/patches/series2016-12-28 00:10:31.0 +0100
+++ git-2.11.0/debian/patches/series2017-05-10 01:22:54.0 +0200
@@ -2,3 +2,4 @@
Normalize-generated-asciidoc-timestamps-with-SOURCE_D.diff
git-gui-Sort-entries-in-optimized-tclIndex.diff
xdiff-Do-not-enable-XDL_FAST_HASH-by-default.diff
+shell-disallow-repo-names-beginning-with-dash.patch
diff -Nru
git-2.11.0/debian/patches/shell-disallow-repo-names-beginning-with-dash.patch
git-2.11.0/debian/patches/shell-disallow-repo-names-beginning-with-dash.patch
---
git-2.11.0/debian/patches/shell-disallow-repo-names-beginning-with-dash.patch
1970-01-01 01:00:00.0 +0100
+++
git-2.11.0/debian/patches/shell-disallow-repo-names-beginning-with-dash.patch
2017-05-10 01:20:52.0 +0200
@@ -0,0 +1,74 @@
+From 3ec804490a265f4c418a321428c12f3f18b7eff5 Mon Sep 17 00:00:00 2001
+From: Jeff King
+Date: Sat, 29 Apr 2017 08:36:44 -0400
+Subject: [PATCH] shell: disallow repo names beginning with dash
+
+When a remote server uses git-shell, the client side will
+connect to it like:
+
+ ssh server "git-upload-pack 'foo.git'"
+
+and we literally exec ("git-upload-pack", "foo.git"). In
+early versions of upload-pack and receive-pack, we took a
+repository argument and nothing else. But over time they
+learned to accept dashed options. If the user passes a
+repository name that starts with a dash, the results are
+confusing at best (we complain of a bogus option instead of
+a non-existent repository) and malicious at worst (the user
+can start an interactive pager via "--help").
+
+We could pass "--" to the sub-process to make sure the
+user's argument is interpreted as a branch name. I.e.:
+
+ git-upload-pack -- -foo.git
+
+But adding "--" automatically would make us inconsistent
+with a normal shell (i.e., when git-shell is not in use),
+where "-foo.git" would still be an error. For that case, the
+client would have to specify the "--", but they can't do so
+reliably, as existing versions of git-shell do not allow
+more than a single argument.
+
+The simplest thing is to simply disallow "-" at the start of
+the repo name argument. This hasn't worked either with or
+without git-shell since version 1.0.0, and nobody has
+complained.
+
+Note that this patch just applies to do_generic_cmd(), which
+runs upload-pack, receive-pack, and upload-archive. There
+are two other types of commands that git-shell runs:
+
+ - do_cvs_cmd(), but this already restricts the argument to
+be the literal string "server"
+
+ - admin-provided commands in the git-shell-commands
+directory. We'll pass along arbitrary arguments there,
+so these commands could have similar problems. But these
+commands might actually understand dashed arguments, so
+we cannot just block them here. It's up to the writer of
+the commands to make sure they are safe. With great
+power comes great responsibility.
+
+Reported-by: Timo Schmid
+Signed-off-by: Jeff King
+Signed-off-by: Junio C Hamano
+---
+ shell.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/shell.c b/shell.c
+index ace62e4b65..c3bf8ec38a 100644
+--- a/shell.c
b/shell.c
+@@ -13,7 +13,7 @@ static int do_generic_cmd(const char *me, char *arg)
+ const char *my_argv[4];
+
+ setup_path();
+- if (!arg || !(arg = sq_dequote(arg)))
++ if (!arg || !(arg = sq_dequote(arg)) || *arg == '-')
+ die("bad argument");
+ if (!starts_with(me, "git-"))
+ die("bad command");
+--
+2.13.0.rc2.
Bug#862523: jessie-pu: package jesred/1.2pl1-19+deb8
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
i've been asked to retrofit the fix for #801907 to the version
in jessie. that bug is fixed in testing. the bug causes jesred to not
interoperate properly with squid versions 3.4 and newer.
changes are as per the attached debdiff: patch 05-squid3 (which makes
jesred work with squid 3 in the first place) was updated, and a small
followup was made to patch 07-ipv6 which was necessary as it
didn't apply properly on top of the updated 05-squid3 patch.
regards
az
diff -Nru jesred-1.2pl1/debian/changelog jesred-1.2pl1/debian/changelog
--- jesred-1.2pl1/debian/changelog 2013-09-29 13:37:11.0 +1000
+++ jesred-1.2pl1/debian/changelog 2017-05-14 13:20:06.0 +1000
@@ -1,3 +1,10 @@
+jesred (1.2pl1-19+deb8) stable; urgency=high
+
+ * fix of #801907 for jessie: squid 3.4 and newer uses an incompatible
+format for interacting with redirectors like jesred.
+
+ -- Alexander Zangerl Sun, 14 May 2017 13:11:36 +1000
+
jesred (1.2pl1-19) unstable; urgency=low
* added support for ipv6 (closes: #714819)
diff -Nru jesred-1.2pl1/debian/patches/05-squid3 jesred-1.2pl1/debian/patches/05-squid3
--- jesred-1.2pl1/debian/patches/05-squid3 2015-10-23 22:50:25.0 +1000
+++ jesred-1.2pl1/debian/patches/05-squid3 2017-05-14 13:26:30.0 +1000
@@ -13,7 +13,7 @@
#ifdef LINUX
#include
#else
-@@ -61,89 +62,77 @@ static int match_accel(char *, char *, i
+@@ -61,89 +62,85 @@ static int match_accel(char *, char *, i
int
parse_buff(char *buff, char **url, char **src_addr, char **ident,
@@ -97,17 +97,20 @@
+ struct in_addr address;
+ char *token;
+ char *next_token = buff;
-+
++ char *errorptr;
+
+ /* az [2015-10-23 Fri 21:20]
-+ goodbye squid2, hello squid3.5
-+
-+ no more url groups; a numeric channel id, a url, space and extra stuff or a newline.
-+ apparently extras was configurable with url_rewrite_extras, but that has been
-+ removed in one of the newest squid versions (the docs re this are pretty damn confused...)
-+
-+ [channel-ID ] URL [ extras]
-+ and extras are supposed to be (adjustable in 3.5, adjustability removed(??) in 4)
++ goodbye squid2..3.3, hello squid3.5
++
++ no more url groups; a numeric channel id, a url, space
++ and extra stuff or a newline.
++ apparently extras was configurable with url_rewrite_extras,
++ but that has been removed in one of the newest squid
++ versions (the docs re this are pretty damn confused...)
++
++ [channel-ID ] URL [ extras]
++ and extras are supposed to be (adjustable in 3.5,
++ adjustability removed(??) in 4)
+ ip/fqdn username method myip= myport=
+ */
+
@@ -117,15 +120,20 @@
+ mylog(ERROR, "invalid input, no extras in (%s)", buff);
+ return 1;
+ }
-+
-+ char *errorptr;
-+
++
+ /* channel-id? must be numeric */
+ j = (int)strtol(buff, &errorptr, 10);
+ if (!*errorptr) /* conversion successful */
+ {
+ *chanid = j;
+ *url = next_token;
++
++ /* now find end of url/start of ip/fqdn */
++ if (!(token = strsep(&next_token, " ")))
++ {
++ mylog(ERROR, "invalid input, no ip/fqdn in (%s)", buff);
++ return 1;
++ }
+ }
+ else
+ {
@@ -148,7 +156,7 @@
+ return 1;
+ }
+ *ident = token;
-+
++
+ /* find end of method */
+ if (!(token = strsep(&next_token, " ")))
+ {
@@ -169,9 +177,35 @@
/* URL with less than 7 char is invalid */
if(strlen(*url) <= 7) {
mylog(ERROR, "strlen url to short (%d)\n", strlen(*url));
+@@ -159,7 +156,7 @@ parse_buff(char *buff, char **url, char
+it is already loaded, when squid runs - so not much waste of
+memory ;-) */
+ if ( (address.s_addr = inet_addr(*src_addr)) == -1 ) {
+- mylog(ERROR, "client IP address not valid %s\n",
++ mylog(ERROR, "client IP address (%s) not valid\n",
+ *src_addr ? *src_addr : "");
+ if ( token )
+ *token = '/';
+@@ -171,7 +168,7 @@ parse_buff(char *buff, char **url, char
+ /* make sure the IP source address matches that of the ones in our list */
+ if( ip_access_check(address, ip) == IP_DENY ) {
+ #ifdef DEBUG
+- mylog(DEBG, "client IP address %s not matched\n", *src_addr);
++ mylog(DEBG, "client IP address (%s) not matched\n", *src_addr);
+ #endif
+ return 1;
+ }
--- a/main.c
+++ b/main.c
-@@ -75,7 +75,7 @@ int main(int argc, char **argv)
+@@ -23,6 +23,7 @@
+
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -75,7 +76,7 @@ int main(int argc, char **argv)
/*int first_run = 1; */
char buff[BUFSIZE];
char redirect_url[BUFSIZE];
@@ -180,7 +214,7 @@
int finished = 0;
int buff_status = 0;
ip_acl *ip_list = NULL;
-@@ -93,7 +93,7 @@ int main(int argc, char **argv)
+@@ -93,7 +94,7 @@ int main(int argc, char **argv)
/* main program loop, execute
Bug#862214: Pre-approval request, unblock: vtk6/6.3.0+dfsg1-5
Control: tags -1 - moreinfo Uploaded and the package was built successfully on all relevant release platforms. Thanks, Anton 2017-05-12 17:09 GMT+02:00 Niels Thykier : > Control: tags -1 confirmed moreinfo > > Anton Gladky: >> Package: release.debian.org >> Severity: normal >> User: release.debian@packages.debian.org >> Usertags: unblock >> >> Please unblock package vtk6 >> >> During the last upload of the version 6.3.0+dfsg1-4 some line endings >> in autopkgtests were accidentally broken and it causes test failures [1]. >> >> This upload is trivial and just replaces broken line endings. >> >> [1] https://ci.debian.net/packages/v/vtk6/unstable/amd64/ >> >> unblock vtk6/6.3.0+dfsg1-5 >> >> >> Thanks, >> >> Anton >> > > Please go ahead and remove the moreinfo tag once the upload has been > accepted into unstable and built on all relevant release architectures. > > Thanks, > ~Niels > >
Processed: Re: Bug#862214: Pre-approval request, unblock: vtk6/6.3.0+dfsg1-5
Processing control commands: > tags -1 - moreinfo Bug #862214 [release.debian.org] Pre-approval request, unblock: vtk6/6.3.0+dfsg1-5 Removed tag(s) moreinfo. -- 862214: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862214 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#862506: unblock: gdm3/3.22.3-2
Am 13.05.2017 um 20:40 schrieb Michael Biebl:
> The complete debdiff is attached. I only filtered autotools related
> noise.
Oops, one pipe too many. Seems I managed to attach the diffstat, not the
actual debdiff.
Please find it attached now.
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
diff -Nru gdm3-3.22.1/common/gdm-address.c gdm3-3.22.3/common/gdm-address.c
--- gdm3-3.22.1/common/gdm-address.c2016-09-21 21:27:19.0 +0200
+++ gdm3-3.22.3/common/gdm-address.c2017-03-03 21:32:41.0 +0100
@@ -220,14 +220,13 @@
static void
_gdm_address_debug (GdmAddress *address,
-const char *hostname,
const char *host,
const char *port)
{
-g_debug ("Address family:%d (%s) hostname:%s host:%s port:%s local:%d
loopback:%d",
+g_debug ("Address family:%d (%s) host:%s port:%s local:%d loopback:%d",
+
address->ss->ss_family,
address_family_str (address) ? address_family_str (address) :
"(null)",
- hostname ? hostname : "(null)",
host ? host : "(null)",
port ? port : "(null)",
gdm_address_is_local (address),
@@ -237,13 +236,14 @@
void
gdm_address_debug (GdmAddress *address)
{
-char *hostname;
-char *host;
-char *port;
+char *hostname = NULL;
+char *host = NULL;
+char *port = NULL;
-gdm_address_get_hostname (address, &hostname);
gdm_address_get_numeric_info (address, &host, &port);
+_gdm_address_debug (address, host, port);
+
g_free (hostname);
g_free (host);
g_free (port);
@@ -277,7 +277,8 @@
err_msg = gai_strerror (res);
g_warning ("Unable to lookup hostname: %s",
err_msg ? err_msg : "(null)");
-_gdm_address_debug (address, NULL, NULL, NULL);
+_gdm_address_debug (address, NULL, NULL);
+
}
/* try numeric? */
@@ -318,7 +319,7 @@
err_msg = gai_strerror (res);
g_warning ("Unable to lookup numeric info: %s",
err_msg ? err_msg : "(null)");
-_gdm_address_debug (address, NULL, NULL, NULL);
+_gdm_address_debug (address, NULL, NULL);
} else {
ret = TRUE;
}
@@ -404,8 +405,6 @@
address =
gdm_address_new_from_sockaddr ((struct sockaddr *)&ifreq.ifr_addr,
sizeof (struct sockaddr));
-gdm_address_debug (address);
-
*list = g_list_append (*list, address);
}
}
@@ -437,7 +436,8 @@
memset (&hints, 0, sizeof (hints));
hints.ai_family = AF_UNSPEC;
-hints.ai_flags = AI_CANONNAME;
+hints.ai_flags = AI_CANONNAME | AI_NUMERICHOST;
+
g_debug ("GdmAddress: looking up hostname: %s", hostbuf);
result = NULL;
diff -Nru gdm3-3.22.1/configure.ac gdm3-3.22.3/configure.ac
--- gdm3-3.22.1/configure.ac2016-10-12 19:58:41.0 +0200
+++ gdm3-3.22.3/configure.ac2017-03-06 18:09:04.0 +0100
@@ -1,7 +1,7 @@
AC_PREREQ([2.60])
AC_INIT([gdm],
-[3.22.1],
+[3.22.3],
[http://bugzilla.gnome.org/enter_bug.cgi?product=gdm])
AC_CONFIG_SRCDIR([daemon/gdm-manager.c])
@@ -84,6 +84,7 @@
gio-2.0 >= $GLIB_REQUIRED_VERSION
gio-unix-2.0 >= $GLIB_REQUIRED_VERSION
accountsservice >= $ACCOUNTS_SERVICE_REQUIRED_VERSION
+xcb
)
AC_SUBST(DAEMON_CFLAGS)
AC_SUBST(DAEMON_LIBS)
@@ -194,6 +195,16 @@
AC_DEFINE(ENABLE_SPLIT_AUTHENTICATION, 1, [Define if split authentication is
enabled])
fi
+AC_ARG_ENABLE(user-display-server,
+ AS_HELP_STRING([--enable-user-display-server],
+ [Enable running X server as user
@<:@default=yes@:>@]),,
+ enable_user_display_server=yes)
+AM_CONDITIONAL(ENABLE_USER_DISPLAY_SERVER, test x$user_display_server = xyes)
+
+if test x$enable_user_display_server = xyes; then
+ AC_DEFINE(ENABLE_USER_DISPLAY_SERVER, 1, [Define if user display servers are
supported])
+fi
+
AC_ARG_WITH(default-pam-config,
AS_HELP_STRING([--with-default-pam-config: One of redhat,
openembedded, exherbo, lfs, arch, none @<:@default=auto@:>@]))
dnl If not given, try autodetecting from release files (see NetworkManager
source)
diff -Nru gdm3-3.22.1/daemon/gdm-display.c gdm3-3.22.3/daemon/gdm-display.c
--- gdm3-3.22.1/daemon/gdm-display.c2016-09-21 21:27:19.0 +0200
+++ gdm3-3.22.3/daemon/gdm-display.c2017-03-01 21:58:01.0 +0100
@@ -34,8 +34,7 @@
#include
#include
-#include
Bug#862506: unblock: gdm3/3.22.3-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package gdm3 It fixes RC bug #857995 [1], where trying to restart gdm3 resulted in a system which was basically DoSed by constant respawns of of the gdm process. You will notice that 3.22.3 is a new upstream stable release compared to what's currently in testing, i.e. 3.22.1. The upstream changes between .1 and .3 are strictly bug fixes though and something we want for stretch anyway. In addition 3.22.3 had been sitting in unstable for almost two months with no new regression reported. It thus seemed preferrable to fix it this way then to re-upload 3.22.1 or make a t-p-u upload. The complete debdiff is attached. I only filtered autotools related noise. Regards, Michael unblock gdm3/3.22.3-2 [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857995 -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) NEWS | 17 common/gdm-address.c | 24 configure.ac | 13 daemon/gdm-display.c | 252 ++ daemon/gdm-local-display-factory.c| 13 daemon/gdm-manager-glue.c | 2 daemon/gdm-manager-glue.h | 10 daemon/gdm-manager.c | 70 +- daemon/gdm-session-worker.c | 79 ++- daemon/gdm-session.c | 40 + daemon/gdm-wayland-session.c | 2 daemon/gdm-x-session.c| 2 daemon/gdm-xdmcp-display-factory.c| 15 debian/changelog | 28 + debian/control| 1 debian/control.in | 1 debian/gdm3.install | 3 debian/gdm3.postinst | 8 debian/patches/09_default_session.patch | 8 debian/patches/16_xserver_path.patch | 2 debian/patches/Hack-D-Bus-messages-from-Debian-8-libgdm-to-work-wit.patch | 11 debian/patches/pam_gdm-allow-setting-pam-module-dir-at-configure-ti.patch | 63 ++ debian/patches/series | 2 debian/patches/stop-greeter-explicitly-when-finishing-display.patch | 31 + debian/rules | 3 libgdm/gdm-client-glue.h | 42 - libgdm/gdm.pc | 2 27 files changed, 506 insertions(+), 238 deletions(-)
Bug#862503: RM: hbro/1.1.2.2-2
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: rm #783389 hbro segfaults I can reproduce on amd64 that it always segfaults at startup, and the discussion in the bug and upstream indicates that this is some issue related to how GMP is used in hbro. The solution for unstable/stretch was to remove the package.
Bug#862502: unblock: webkit2gtk/2.14.7-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package webkit2gtk Apparently Google introduced a new sign-in page. This breaks users of webkit2gtk in a rather bad way as it is no longer possible to log in. The most important affected packages are probably epiphany-browser and gnome-online-accounts. The upstream bug report is at https://bugs.webkit.org/show_bug.cgi?id=171770 We already have two downstream bug reports: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862156 and users reporting this on the user mailing list: https://lists.debian.org/debian-user/2017/05/msg00404.html This was fixed in the new upstream release 2.14.7-1 and it's important we git this fix into stretch. Full debdiff is attached. Regards, Michael unblock webkit2gtk/2.14.7-1 -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru webkit2gtk-2.14.6/debian/changelog webkit2gtk-2.14.7/debian/changelog --- webkit2gtk-2.14.6/debian/changelog 2017-04-07 12:56:45.0 +0200 +++ webkit2gtk-2.14.7/debian/changelog 2017-05-09 15:48:39.0 +0200 @@ -1,3 +1,11 @@ +webkit2gtk (2.14.7-1) unstable; urgency=medium + + * New upstream release. + * debian/copyright: ++ Update copyright years and remove nonexistent files. + + -- Alberto Garcia Tue, 09 May 2017 16:48:39 +0300 + webkit2gtk (2.14.6-1) unstable; urgency=high * New upstream release. diff -Nru webkit2gtk-2.14.6/debian/copyright webkit2gtk-2.14.7/debian/copyright --- webkit2gtk-2.14.6/debian/copyright 2017-04-07 12:56:45.0 +0200 +++ webkit2gtk-2.14.7/debian/copyright 2017-05-09 15:48:39.0 +0200 @@ -3,7 +3,7 @@ Source: https://webkitgtk.org/releases/ Files: * -Copyright: © 2002-2016 Apple Inc. and others +Copyright: © 2002-2017 Apple Inc. and others License: BSD-2-clause Comment: The default license of WebKit is BSD 2-clause, available in @@ -22,8 +22,6 @@ Source/JavaScriptCore/bytecode/JumpTable.h Source/JavaScriptCore/bytecode/Opcode.cpp Source/JavaScriptCore/bytecode/Opcode.h - Source/JavaScriptCore/bytecode/SamplingTool.cpp - Source/JavaScriptCore/bytecode/SamplingTool.h Source/JavaScriptCore/bytecode/SpeculatedType.cpp Source/JavaScriptCore/bytecode/SpeculatedType.h Source/JavaScriptCore/bytecode/ValueProfile.h @@ -64,16 +62,10 @@ Source/JavaScriptCore/inspector/agents/InspectorRuntimeAgent.h Source/JavaScriptCore/interpreter/Interpreter.cpp Source/JavaScriptCore/interpreter/Interpreter.h - Source/JavaScriptCore/interpreter/JSStack.cpp - Source/JavaScriptCore/interpreter/JSStack.h Source/JavaScriptCore/interpreter/Register.h Source/JavaScriptCore/jit/CompactJITCodeMap.h Source/JavaScriptCore/parser/SourceCode.h Source/JavaScriptCore/parser/SourceProvider.h - Source/JavaScriptCore/profiler/LegacyProfiler.cpp - Source/JavaScriptCore/profiler/LegacyProfiler.h - Source/JavaScriptCore/profiler/ProfileNode.cpp - Source/JavaScriptCore/profiler/ProfileNode.h Source/JavaScriptCore/replay/scripts/CodeGeneratorReplayInputsTemplates.py Source/JavaScriptCore/runtime/CallData.h Source/JavaScriptCore/runtime/ConstructData.h @@ -86,8 +78,6 @@ Source/JavaScriptCore/runtime/JSGlobalObject.cpp Source/JavaScriptCore/runtime/JSLexicalEnvironment.cpp Source/JavaScriptCore/runtime/JSLexicalEnvironment.h - Source/JavaScriptCore/runtime/JSNotAnObject.cpp - Source/JavaScriptCore/runtime/JSNotAnObject.h Source/JavaScriptCore/runtime/JSSegmentedVariableObject.cpp Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h Source/JavaScriptCore/runtime/JSSymbolTableObject.cpp @@ -205,7 +195,6 @@ Source/WebCore/bindings/js/JSCallbackData.h Source/WebCore/bindings/js/JSCommandLineAPIHostCustom.cpp Source/WebCore/bindings/js/JSCustomSQLStatementErrorCallback.cpp - Source/WebCore/bindings/js/JSDOMFormDataCustom.cpp Source/WebCore/bindings/js/JSDOMWindowShell.cpp Source/WebCore/bindings/js/JSDOMWindowShell.h Source/WebCore/bindings/js/JSDataTransferCustom.cpp @@ -248,16 +237,12 @@ Source/WebCore/css/CSSGridLineNamesValue.h Source/WebCore/css/CSSGridTemplateAreasValue.cpp Source/WebCore/css/CSSGridTemplateAreasValue.h - Source/WebCore/css/CSSOMUtils.cpp - Source/WebCore/css/CSSOMUtils.h Source/WebCore/css/CSSPropertySourceData.cpp Source/WebCore/css/CSSPropertySourceData.h Source/WebCore/css/CSSSupportsRule.cpp Source/WebCore/css/CSSSupportsRule.h
Re: Accepted opensvc 1.8~20170412-2 (source all) into testing-proposed-updates, testing-proposed-updates
Hi, On Sat, 2017-05-13 at 15:00 +, Jean-Michel Kelbert wrote: > Format: 1.8 > Date: Sat, 13 May 2017 00:04:49 +0200 > Source: opensvc > Binary: opensvc > Architecture: source all > Version: 1.8~20170412-2 > Distribution: testing [...] > opensvc (1.8~20170412-2) testing; urgency=medium > . >* Remove unowned files on the system after purge. (Closes: 861653) >* Add French, Portugues, German and Dutch debconf templates translation. > (Closes: 860583, 861427, 861946, 862366) I'm afraid that I'm somewhat confused by what you've done here, and suspect that you may also be. You've uploaded a new revision of a package that has never been in testing - and in fact has only been in unstable for a month - to testing-proposed-updates during a freeze, with no prior agreement from the Release Team, fixing a bug that isn't fixed in unstable yet and using a higher package version than the package currently in unstable. Under the circumstances, I've removed the upload from testing-proposed-updates. I'd suggest that you re-upload it to unstable instead, although you will likely have to use a new Debian revision. Regards, Adam
Bug#862439: marked as done (unblock: eterm/0.9.6-5)
Your message dated Sat, 13 May 2017 17:17:00 +
with message-id <569a119a-2dc1-5e4f-db32-b48486d85...@thykier.net>
and subject line Re: Bug#862439: unblock: eterm/0.9.6-5
has caused the Debian Bug report #862439,
regarding unblock: eterm/0.9.6-5
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
862439: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862439
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Except for some whitespace change in command.c, the only
difference after applying patches is the one-line #728813
fix in fix-esetroot-on-pseudocolor.patch
This one-line bugfix is the part I would like to see in stretch.
If unblocking this is not acceptable, I can make a t-p-u
(or unstable) upload containing only the #728813 fix on
top of 0.9.6-4.
changelog|9 +++
patches/command.c.patch | 44 ---
patches/fix-esetroot-on-pseudocolor.patch| 14 ++
patches/manpage-is-dated-2008-08-17 | 11
patches/manpage-is-dated-2008-08-17.patch| 11
patches/run-shell-correctly.patch| 16 ++
patches/series | 11 ++--
patches/typos-in-eterm-1-in | 31 -
patches/typos-in-eterm-1-in.patch| 32 +
patches/typos-in-eterm-reference-html| 13 -
patches/typos-in-eterm-reference-html.patch | 13 +
patches/we-will-do-fine-without-the-build-date | 13 -
patches/we-will-do-fine-without-the-build-date.patch | 13 +
13 files changed, 114 insertions(+), 117 deletions(-)
diff -Nru eterm-0.9.6/debian/changelog eterm-0.9.6/debian/changelog
--- eterm-0.9.6/debian/changelog2016-03-05 18:22:37.0 +0200
+++ eterm-0.9.6/debian/changelog2017-01-29 20:02:04.0 +0200
@@ -1,3 +1,12 @@
+eterm (0.9.6-5) unstable; urgency=medium
+
+ * QA upload.
+ * Rename all patches to have .patch ending.
+ * Fix Esetroot on PseudoColor visual. Closes: #728813.
+Thanks to Kevin Ryde for the patch.
+
+ -- Santiago Vila Sun, 29 Jan 2017 19:02:04 +0100
+
eterm (0.9.6-4) unstable; urgency=medium
* QA upload.
diff -Nru eterm-0.9.6/debian/patches/command.c.patch
eterm-0.9.6/debian/patches/command.c.patch
--- eterm-0.9.6/debian/patches/command.c.patch 2016-03-05 18:12:49.0
+0200
+++ eterm-0.9.6/debian/patches/command.c.patch 1970-01-01 02:00:00.0
+0200
@@ -1,44 +0,0 @@
-Description: Workaround for making Eterm run shell.
-Forwarded: not-needed
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770369
-Author: Arnaud Ceyrolle
-Index: eterm-0.9.6/src/command.c
-===
eterm-0.9.6.orig/src/command.c
-+++ eterm-0.9.6/src/command.c
-@@ -1561,7 +1561,7 @@ get_tty(void)
- * child processes remain alive upon deletion of the window.
- */
- {
--unsigned short i;
-+unsigned long i;
- unsigned long max_fds;
-
- /* get number of available file descriptors */
-@@ -2354,7 +2354,7 @@ run_command(char **argv)
- privileges(REVERT);
- }
-
--/* Permanently revoke all privileges for the child process.
-+/* Permanently revoke all privileges for the child process.
-Root shells for everyone are tres uncool ;^) -- mej */
- #ifdef _HPUX_SOURCE
- setresuid(my_ruid, my_ruid, my_euid);
-@@ -3671,7 +3671,7 @@ main_loop(void)
- D_SCREEN(("Adding %d lines (%d chars); str == %8p, cmdbuf_ptr ==
%8p, cmdbuf_endp == %8p\n",
- nlines, cmdbuf_ptr - str, str, cmdbuf_ptr,
cmdbuf_endp));
- #if FIXME_BLOCK
--/*
-+/*
- * iconv() is not my friend. :-( I've tried various things
- * to make this work (including UCS2, SJIS, EUCJ, and
- * WCHAR_T), but nothing has worked. I'm obviously
-@@ -3800,7 +3800,7 @@ v_doPending(void)
-
- /* Write data to the pty as typed by the user, pasted with the mouse,
- * or generated by us in response to a query ESC sequence.
-- * Code stolen from xterm
-+ * Code stolen from xterm
- */
- void
- v_writeBig(int f, char *d, int len)
diff -Nru eterm-0.9.6/debian/patches/fix-esetroot-on-pseudocolor.patch
eterm-0.9.6/debian/patches/fix-esetroot-on-pseudocolor.patch
Bug#862480: marked as done (unblock: gui-ufw/17.04.1-1.1)
Your message dated Sat, 13 May 2017 17:14:00 +
with message-id
and subject line Re: Bug#862480: unblock: gui-ufw/17.04.1-1.1
has caused the Debian Bug report #862480,
regarding unblock: gui-ufw/17.04.1-1.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
862480: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862480
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package gui-ufw
changelog |8
control |2 +-
2 files changed, 9 insertions(+), 1 deletion(-)
diff -Nru gui-ufw-17.04.1/debian/changelog gui-ufw-17.04.1/debian/changelog
--- gui-ufw-17.04.1/debian/changelog2016-11-02 22:23:31.0 +0200
+++ gui-ufw-17.04.1/debian/changelog2017-05-13 13:23:39.0 +0300
@@ -1,3 +1,11 @@
+gui-ufw (17.04.1-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add the missing dependency on net-tools, thanks to João Pirralha
+for the bug report. (Closes: #855400)
+
+ -- Adrian Bunk Sat, 13 May 2017 13:23:39 +0300
+
gui-ufw (17.04.1-1) unstable; urgency=medium
* New upstream release, upstream changelog:
diff -Nru gui-ufw-17.04.1/debian/control gui-ufw-17.04.1/debian/control
--- gui-ufw-17.04.1/debian/control 2016-11-02 22:23:31.0 +0200
+++ gui-ufw-17.04.1/debian/control 2017-05-13 13:23:19.0 +0300
@@ -14,7 +14,7 @@
Package: gufw
Architecture: all
Depends: ${python3:Depends}, ${misc:Depends}, ufw (>= 0.34~rc), gir1.2-gtk-3.0,
- policykit-1, gir1.2-webkit2-4.0, python3-gi
+ policykit-1, gir1.2-webkit2-4.0, python3-gi, net-tools
Description: graphical user interface for ufw
gufw is an easy and intuitive way to manage your Linux firewall. It supports
common tasks such as allowing or blocking pre-configured, common p2p, or
--- End Message ---
--- Begin Message ---
Adrian Bunk:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
>
> Please unblock package gui-ufw
>
> changelog |8
> control |2 +-
> 2 files changed, 9 insertions(+), 1 deletion(-)
>
> [...]
>
Unblocked, thanks.
~Niels--- End Message ---
Bug#862489: marked as done (unblock: apt/1.4.3)
Your message dated Sat, 13 May 2017 17:08:00 +
with message-id <6826a7f0-187e-cd88-fe46-2c45e8feb...@thykier.net>
and subject line Re: Bug#862489: unblock: apt/1.4.3
has caused the Debian Bug report #862489,
regarding unblock: apt/1.4.3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
862489: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862489
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package apt
Fixes the maintainer scripts to only stop/restart timers in the apt
package, not all packages (#862001) and updates Czech translation
(#861943).
unblock apt/1.4.3
-- System Information:
Debian Release: 9.0
APT prefers unstable
APT policy: (900, 'unstable'), (500, 'unstable-debug'), (500,
'buildd-unstable'), (500, 'testing'), (100, 'experimental'), (1,
'experimental-debug')
Architecture: amd64
(x86_64)
Foreign Architectures: i386
Kernel: Linux 4.11.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
--
Debian Developer - deb.li/jak | jak-linux.org - free software dev
| Ubuntu Core Developer |
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline'). Thank you.
--- End Message ---
--- Begin Message ---
Julian Andres Klode:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
>
> Please unblock package apt
>
> Fixes the maintainer scripts to only stop/restart timers in the apt
> package, not all packages (#862001) and updates Czech translation
> (#861943).
>
> unblock apt/1.4.3
>
> [...]
Unblocked, thanks.
~Niels--- End Message ---
Bug#862499: unblock: 9wm/1.4.0-1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package 9wm
The changes between 1.3.9 and 1.4.0 are very minimal and they prevent an
annoying bug that causes 9wm's color customization to fail silently.
A debdiff is attached, along with a diff of the code between 1.3.9 and 1.4.0.
unblock 9wm/1.4.0-1
-- System Information:
Debian Release: 9.0
APT prefers testing
APT policy: (500, 'testing'), (50, 'unstable')
Architecture: amd64
(x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff --git a/9wm.c b/9wm.c
index 9ea769e..cabc53c 100644
--- a/9wm.c
+++ b/9wm.c
@@ -16,7 +16,7 @@
#include "fns.h"
char *version[] = {
- "9wm version 1.3.9, Copyright (c) 2016 multiple authors", 0,
+ "9wm version 1.4.0, Copyright (c) 2017 multiple authors", 0,
};
Display *dpy;
@@ -36,6 +36,11 @@ int debug;
int signalled;
int num_screens;
+#ifdef COLOR
+char *activestr;
+char *inactivestr;
+#endif
+
Atom exit_9wm;
Atom restart_9wm;
Atom wm_state;
@@ -78,11 +83,8 @@ usage(void)
}
#ifdef COLOR
-char *activestr = NULL;
-char *inactivestr = NULL;
-
-unsigned long
-getcolor(Colormap cmap, char *str)
+Status
+getcolor(Colormap cmap, unsigned long *pixel, char *str)
{
if (str != NULL) {
XColor color;
@@ -93,7 +95,8 @@ getcolor(Colormap cmap, char *str)
if (stpc != 0)
stac = XAllocColor(dpy, cmap, &color);
if (stac != 0) {
- return color.pixel;
+ *pixel = color.pixel;
+ return 1;
}
}
return 0;
@@ -288,11 +291,13 @@ initscreen(ScreenInfo * s, int i)
if (activestr != NULL || inactivestr != NULL) {
Colormap cmap = DefaultColormap(dpy,s->num);
if (cmap != 0) {
- unsigned long active = getcolor(cmap,activestr);
- if (active != 0)
+ unsigned long active;
+ Status sa = getcolor(cmap, &active, activestr);
+ if (sa != 0)
s->active = active;
- unsigned long inactive = getcolor(cmap,inactivestr);
- if (inactive != 0)
+ unsigned long inactive;
+ Status si = getcolor(cmap, &inactive, inactivestr);
+ if (si != 0)
s->inactive = inactive;
}
}
diff --git a/README.md b/README.md
index afc74dd..8033b03 100644
--- a/README.md
+++ b/README.md
@@ -1,14 +1,14 @@
9wm
-9wm is an X11 window manager inspired by the Plan 9 window manager 8½.
+9wm is an X11 window manager inspired by the Plan 9 window manager 8½, also known as rio.
It provides a very simple and clean user interface.
It is click-to-type.
It uses the X11 font system (which, unfortunately, means no Unicode support).
9wm does not provide virtual desktops, customization, key bindings,
EWMH support, or compositing.
-It does not allocate any colors,
+It does not allocate any colors (if you disable COLOR),
which will be great news if you are stuck in 1993.
It is a great place to start if you are interested in writing a window manager from scratch:
File lists identical (after any substitutions)
Control files: lines which differ (wdiff format)
Installed-Size: [-66-] {+67+}
Version: [-1.3.9-1-] {+1.4.0-1+}
Bug#862498: jessie-pu: package gitolite3/3.6.1-2+deb8u2
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I'd like to close #834153 in stable. The bug has an easy workaround,
but it still admittedly pretty annoying.
There isn't that much to test here, but I've installed the resulting
package on jessie, and did a few basic operations. Of course I
already had openssh-client on the host in question.
diff -u gitolite3-3.6.1/debian/changelog gitolite3-3.6.1/debian/changelog
- --- gitolite3-3.6.1/debian/changelog
+++ gitolite3-3.6.1/debian/changelog
@@ -1,3 +1,10 @@
+gitolite3 (3.6.1-2+deb8u2) stable; urgency=medium
+
+ * Bug fix: "gitolite3 should depend on openssh-client", thanks to Keller
+Fuchs (Closes: #834153).
+
+ -- David Bremner Sat, 13 May 2017 12:38:44 -0300
+
gitolite3 (3.6.1-2+deb8u1) stable; urgency=medium
* Bug fix: "Git-annex-shell not working", thanks to risca (Closes:
diff -u gitolite3-3.6.1/debian/control gitolite3-3.6.1/debian/control
- --- gitolite3-3.6.1/debian/control
+++ gitolite3-3.6.1/debian/control
@@ -13,7 +13,7 @@
Package: gitolite3
Architecture: all
Depends: ${misc:Depends}, git (>= 1:1.7.0.4) | git-core (>= 1:1.6.2), perl (>=
5.6.0-16),
- - ssh-server, debconf (>= 0.5) | debconf-2.0, adduser
+ ssh-server, debconf (>= 0.5) | debconf-2.0, adduser, openssh-client
Suggests: git-daemon-run, gitweb
Description: SSH-based gatekeeper for git repositories (version 3)
Gitolite is an SSH-based gatekeeper providing access control for a server that
- -- System Information:
Debian Release: 9.0
APT prefers testing
APT policy: (900, 'testing')
Architecture: amd64
(x86_64)
Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
-BEGIN PGP SIGNATURE-
iQGzBAEBCAAdFiEE3VS2dnyDRXKVCQCp8gKXHaSnniwFAlkXM28ACgkQ8gKXHaSn
nixJNAv+K3/xnzDa+8u/pJqwRlqpwcmbtytfmABpCiKMLefChRKfPu0wRTj+ljuL
Y/146rZ6JZ/PfOj8jY+lJa8xagh+XdxOsBssrm1LW8l7+5F3ksT1c53pTPgiqimS
NA2KSCeT72fwScCmUfYnc//apWfiuzsg03UbhveN/iU7GXUcU1BUbK7U3sBOjUOA
VvjmgG00NdHtd5d9AbZPrP4x8IUG+0umnQMgXAmAQ5ZvQjOWB6FvHT9oVi4HPwD1
Tz6zCzHjkOVdNgZSm1RPBaTLDa626h/uYihqgo6xtNH3lTPOepKyL5Z8YULCwIKM
Hkmq8jootM6SdheKg0hfGsTdLjRVghssM3sIBRs72X+XMkLIlfBHB9DZD1fiqPHb
YweHcgbm9POUu/v2EzgcoNKaB9zafwcB5wt8dfA09WhFwrG8pL4+wH2oBV7ZIveq
xmph7ASdMnJFbLg6paiWyDWVPDgDhAQ6s3syYA9Jt0QZc4tGXSz141UkQFBZ0I9y
Pv2JJmWs
=En6i
-END PGP SIGNATURE-
Bug#862492: unblock: binutils/2.28-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please consider unblocking binutils/2.28-5. - low priority security updates - one fix for mips* targets - all other updates are for non-release architectures
Bug#862489: unblock: apt/1.4.3
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package apt
Fixes the maintainer scripts to only stop/restart timers in the apt
package, not all packages (#862001) and updates Czech translation
(#861943).
unblock apt/1.4.3
-- System Information:
Debian Release: 9.0
APT prefers unstable
APT policy: (900, 'unstable'), (500, 'unstable-debug'), (500,
'buildd-unstable'), (500, 'testing'), (100, 'experimental'), (1,
'experimental-debug')
Architecture: amd64
(x86_64)
Foreign Architectures: i386
Kernel: Linux 4.11.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
--
Debian Developer - deb.li/jak | jak-linux.org - free software dev
| Ubuntu Core Developer |
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline'). Thank you.
Bug#862486: RM: gnuvd/1.0.12-1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: rm #767076 gnuvd not able to search for words Quoting the #851896 removal from unstable: This package queries a Dutch online dictionary. However, the server changes its output frequently, the package no longer works. Upstream has stopped updating the package since 2012.
Bug#862481: jessie-pu: package xfce4-weather-plugin/0.8.3-2
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi, xfce4-weather-plugin uses met.no as source for weather information. There was multiple changes in API in recent years, and they disabled legacy API in the last few days, meaning weather plugin in Jessie doesn't work anymore. I've prepared an update pulling only the API changes from upstream, which results in the attached debdiff and the following diffstat: changelog | 17 + patches/0001-Make-plugin-ready-for-met.no-locationforecast-1.2-AP.patch | 160 ++ patches/0002-Switch-to-met.no-locationforecastLTS-1.2-API-bug-109.patch | 26 + patches/0003-Update-NEWS-and-README.patch | 56 +++ patches/0004-Update-URL-for-sunrise-API-to-point-to-version-1.1-b.patch | 58 +++ patches/0005-Update-http-api.yr.no-URLs-to-https-api.met.no.patch | 66 patches/0006-Bump-LocationforecastLTS-version-to-1.3.patch | 48 +++ patches/0007-Change-more-URLs-from-http-yr.no-to-https-met.no.patch | 67 patches/git_support-locationforecast-1.2.patch | 151 - patches/git_use-locationforecast-1.2.patch | 21 - patches/series |9 11 files changed, 505 insertions(+), 174 deletions(-) Would it be ok for a stable upload? Regards, -- Yves-Alexis -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (450, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Differences in xfce4-weather-plugin between 0.8.3-2 and 0.8.3-3 diff -Nru xfce4-weather-plugin-0.8.3/debian/changelog xfce4-weather-plugin-0.8.3/debian/changelog --- xfce4-weather-plugin-0.8.3/debian/changelog 2014-10-05 15:22:22.0 +0200 +++ xfce4-weather-plugin-0.8.3/debian/changelog 2017-05-12 10:24:12.0 +0200 @@ -1,3 +1,20 @@ +xfce4-weather-plugin (0.8.3-3) UNRELEASED; urgency=medium + + * debian/patches: +- 0001-Make-plugin-ready-for-met.no-locationforecast-1.2-AP, +0002-Switch-to-met.no-locationforecastLTS-1.2-API-bug-109, +0003-Update-NEWS-and-README, +0004-Update-URL-for-sunrise-API-to-point-to-version-1.1-b, +0005-Update-http-api.yr.no-URLs-to-https-api.met.no, +0006-Bump-LocationforecastLTS-version-to-1.3, +0007-Change-more-URLs-from-http-yr.no-to-https-met.no added, backported +from ustream to support met.no new APIs +- git_use-locationforecast-1.2 and +debian/patches/git_use-locationforecast-1.2 dropped, included in backports +above. + + -- Yves-Alexis Perez Fri, 12 May 2017 10:24:12 +0200 + xfce4-weather-plugin (0.8.3-2) unstable; urgency=low [ Yves-Alexis Perez ] diff -Nru xfce4-weather-plugin-0.8.3/debian/patches/0001-Make-plugin-ready-for-met.no-locationforecast-1.2-AP.patch xfce4-weather-plugin-0.8.3/debian/patches/0001-Make-plugin-ready-for-met.no-locationforecast-1.2-AP.patch --- xfce4-weather-plugin-0.8.3/debian/patches/0001-Make-plugin-ready-for-met.no-locationforecast-1.2-AP.patch 1970-01-01 01:00:00.0 +0100 +++ xfce4-weather-plugin-0.8.3/debian/patches/0001-Make-plugin-ready-for-met.no-locationforecast-1.2-AP.patch 2017-05-12 10:21:45.0 +0200 @@ -0,0 +1,160 @@ +From 235a1c82ba1b03f4c399daa2f6edc6ee58b83b95 Mon Sep 17 00:00:00 2001 +From: Harald Judt +Date: Wed, 28 May 2014 20:08:02 +0200 +Subject: [PATCH 1/7] Make plugin ready for met.no locationforecast-1.2 API + (bug #10916). + +http://api.yr.no/weatherapi/locationforecastlts/1.1/documentation#version_1_2___2014_05_20 + +The updated API version uses CamelCase symbol names instead of UPPERCASE +ones and has added some new names (like 'Drizzle'), which unfortunately +have not been documented (yet?). + +What's more, the typo 'celcius' has been replaced by the fixed 'celsius', +but luckily the plugin will not be affected by that change. + +What's a bit more unfortunate is that the existing icon themes do not +cover the new symbol names, so one would have to create quite a lot of +new icons. Also, new translations would have to be added for the symbols, +and maybe existing ones would have to be altered. To prevent this, we're +simply going to map the new symbols to existing ones as good as possible. +This should be good enough for the time being. +--- + panel-plugin/weather-parsers.c | 3 +- + panel-plugin/weather-translate.c | 70 +++- + panel-plugin/weather-translate.h | 2 ++ + 3 files changed, 73 insertions(+), 2 deletions(-) + +diff --git a/panel-plugin/weather-parsers.c b/
Bug#862480: unblock: gui-ufw/17.04.1-1.1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package gui-ufw
changelog |8
control |2 +-
2 files changed, 9 insertions(+), 1 deletion(-)
diff -Nru gui-ufw-17.04.1/debian/changelog gui-ufw-17.04.1/debian/changelog
--- gui-ufw-17.04.1/debian/changelog2016-11-02 22:23:31.0 +0200
+++ gui-ufw-17.04.1/debian/changelog2017-05-13 13:23:39.0 +0300
@@ -1,3 +1,11 @@
+gui-ufw (17.04.1-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add the missing dependency on net-tools, thanks to João Pirralha
+for the bug report. (Closes: #855400)
+
+ -- Adrian Bunk Sat, 13 May 2017 13:23:39 +0300
+
gui-ufw (17.04.1-1) unstable; urgency=medium
* New upstream release, upstream changelog:
diff -Nru gui-ufw-17.04.1/debian/control gui-ufw-17.04.1/debian/control
--- gui-ufw-17.04.1/debian/control 2016-11-02 22:23:31.0 +0200
+++ gui-ufw-17.04.1/debian/control 2017-05-13 13:23:19.0 +0300
@@ -14,7 +14,7 @@
Package: gufw
Architecture: all
Depends: ${python3:Depends}, ${misc:Depends}, ufw (>= 0.34~rc), gir1.2-gtk-3.0,
- policykit-1, gir1.2-webkit2-4.0, python3-gi
+ policykit-1, gir1.2-webkit2-4.0, python3-gi, net-tools
Description: graphical user interface for ufw
gufw is an easy and intuitive way to manage your Linux firewall. It supports
common tasks such as allowing or blocking pre-configured, common p2p, or
Processed: unblock: mariadb-10.1/10.1.23-8
Processing control commands:
> retitle -1 unblock: mariadb-10.1/10.1.23-8
Bug #861803 {Done: Niels Thykier } [release.debian.org]
unblock: mariadb-10.1/10.1.23-2
Changed Bug title to 'unblock: mariadb-10.1/10.1.23-8' from 'unblock:
mariadb-10.1/10.1.23-2'.
--
861803: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861803
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#862470: (pre-approval) unblock: lxcfs/2.0.7-1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Dear Release Team,
As with LXC, I wonder if you would be OK with accepting the latest LXCFS
stable release into Stretch at this point in time.
The patch is not as huge (7 files changed, 100 insertions(+), 61
deletions(-)) and the reasoning is very much the same: having the best
possible base for Stretch.
Full debdiff attached.
Thanks for all your work!
Evgeni
diff --git a/bindings.c b/bindings.c
index 3516be6..6387012 100644
--- a/bindings.c
+++ b/bindings.c
@@ -72,8 +72,8 @@ struct file_info {
int cached;
};
-/* reserve buffer size, for cpuall in /proc/stat */
-#define BUF_RESERVE_SIZE 256
+/* Reserve buffer size to account for file size changes. */
+#define BUF_RESERVE_SIZE 512
/*
* A table caching which pid is init for a pid namespace.
@@ -863,11 +863,11 @@ bool cgfs_get_value(const char *controller, const char
*cgroup, const char *file
fnam = alloca(len);
ret = snprintf(fnam, len, "%s%s/%s", *cgroup == '/' ? "." : "", cgroup,
file);
if (ret < 0 || (size_t)ret >= len)
- return NULL;
+ return false;
fd = openat(cfd, fnam, O_RDONLY);
if (fd < 0)
- return NULL;
+ return false;
*value = slurp_file(fnam, fd);
return *value != NULL;
@@ -2908,7 +2908,7 @@ int cg_rmdir(const char *path)
if (initpid <= 0)
initpid = fc->pid;
if (!caller_is_in_ancestor(initpid, controller, cgroup, &next)) {
- if (!last || strcmp(next, last) == 0)
+ if (!last || (next && (strcmp(next, last) == 0)))
ret = -EBUSY;
else
ret = -ENOENT;
@@ -3086,7 +3086,8 @@ static int proc_meminfo_read(char *buf, size_t size,
off_t offset,
*memswlimit_str = NULL, *memswusage_str = NULL;
unsigned long memlimit = 0, memusage = 0, memswlimit = 0, memswusage =
0,
cached = 0, hosttotal = 0, active_anon = 0, inactive_anon = 0,
- active_file = 0, inactive_file = 0, unevictable = 0;
+ active_file = 0, inactive_file = 0, unevictable = 0,
+ hostswtotal = 0;
char *line = NULL;
size_t linelen = 0, total_len = 0, rv = 0;
char *cache = d->buf;
@@ -3148,7 +3149,7 @@ static int proc_meminfo_read(char *buf, size_t size,
off_t offset,
memset(lbuf, 0, 100);
if (startswith(line, "MemTotal:")) {
- sscanf(line+14, "%lu", &hosttotal);
+ sscanf(line+sizeof("MemTotal:")-1, "%lu", &hosttotal);
if (hosttotal < memlimit)
memlimit = hosttotal;
snprintf(lbuf, 100, "MemTotal: %8lu kB\n",
memlimit);
@@ -3160,6 +3161,9 @@ static int proc_meminfo_read(char *buf, size_t size,
off_t offset,
snprintf(lbuf, 100, "MemAvailable: %8lu kB\n",
memlimit - memusage);
printme = lbuf;
} else if (startswith(line, "SwapTotal:") && memswlimit > 0) {
+ sscanf(line+sizeof("SwapTotal:")-1, "%lu",
&hostswtotal);
+ if (hostswtotal < memswlimit - memlimit)
+ memswlimit = hostswtotal + memlimit;
snprintf(lbuf, 100, "SwapTotal: %8lu kB\n",
memswlimit - memlimit);
printme = lbuf;
} else if (startswith(line, "SwapFree:") && memswlimit > 0 &&
memswusage > 0) {
@@ -3450,6 +3454,28 @@ err:
return rv;
}
+static long int getreaperctime(pid_t pid)
+{
+ char fnam[100];
+ struct stat sb;
+ int ret;
+ pid_t qpid;
+
+ qpid = lookup_initpid_in_store(pid);
+ if (qpid <= 0)
+ return 0;
+
+ ret = snprintf(fnam, 100, "/proc/%d", qpid);
+ if (ret < 0 || ret >= 100)
+ return 0;
+
+ if (lstat(fnam, &sb) < 0)
+ return 0;
+
+ return sb.st_ctime;
+}
+
+#define CPUALL_MAX_SIZE (BUF_RESERVE_SIZE / 2)
static int proc_stat_read(char *buf, size_t size, off_t offset,
struct fuse_file_info *fi)
{
@@ -3460,10 +3486,9 @@ static int proc_stat_read(char *buf, size_t size, off_t
offset,
char *line = NULL;
size_t linelen = 0, total_len = 0, rv = 0;
int curcpu = -1; /* cpu numbering starts at 0 */
- unsigned long user = 0, nice = 0, system = 0, idle = 0, iowait = 0, irq
= 0, softirq = 0, steal = 0, guest = 0;
+ unsigned long user = 0, nice = 0, system = 0, idle = 0, iowait = 0, irq
= 0, softirq = 0, steal = 0, guest = 0, guest_nice = 0;
unsigned long user_sum = 0, nice_sum = 0, system_sum = 0, idle_sum = 0,
iowait_sum = 0,
- irq_sum = 0, softirq_sum = 0, steal_sum
= 0, guest_sum = 0;
-#defi
Re: [debian-mysql] Fixing the jessie->stretch upgrade path
On Fri, May 12, 2017, at 17:30, Norvald H. Ryeng wrote: > On Fri, 12 May 2017 14:09:02 +0200 > Ondřej Surý wrote: > > > On Fri, May 12, 2017, at 13:31, Norvald H. Ryeng wrote: > > > On Fri, 12 May 2017 11:26:13 +0200 > > > Ondřej Surý wrote: > > > > > > > Dear release team and fellow MySQL/MariaDB maintainers, > > > > > > > > the situation in stretch in regards to clean upgrade path from > > > > jessie is a little bit unfortunate. It works for most cases when > > > > something depends on default-mysql-server and pulls it as a > > > > dependency. But in situations where mysql-server was the top > > > > dependency, it simply uninstalls mysql-server-5.5 without any > > > > replacement. > > > > > > > > I understand the reasons why we are here, but the situation where > > > > user needs to do: > > > > apt-get update > > > > # apt-get upgrade > > > > apt-get install default-mysql-server > > > > apt-get dist-upgrade > > > > > > > > is very inconvenient for the users and I foresee this will cause > > > > a lot of complaints, because it's quite common to run just > > > > "mysql-server" on the server. > > > > > > > > Therefore I am proposing a one time fix specifically targeted at > > > > stretch. I would like to prepare 'mysql-transitional' package that > > > > will create a couple of dummy/transitional packages structured > > > > like this: > > > > > > > > mysql-server depends on default-mysql-server > > > > mysql-client depends on default-mysql-client > > > > > > > > The version would be 5.5.999+mariadb, so it is always higher than > > > > version in jessie, but always lower than version in sid, as I > > > > don't want force epoch on mysql-5.7. > > > > > > I agree that this sounds like it will work for stretch, and it's > > > much better than bumping epoch on mysql-5.7. > > > > > > As you say, it's a one time fix, but I'm a bit concerned about what > > > happens when those packages again are provided by MySQL. Let's think > > > through what will happen in buster. There are three options: > > > > And all of them would be easily solved by having the > > mariadb-server-10.X and mariadb-client-10.X Conflicts with > > mysql-server and mysql-client. > > And as long as MySQL and MariaDB are not co-installable, they should > conflict. But below you say we must make the packages co-installable > to have both I'm a bit confused. Can you please elaborate? The other email in pkg-mysql clearly stated that MariaDB and MySQL servers are diverging and if we provide *both* in stable Debian, packages might need to make a choice. And if there's a package A that depends[*] on mariadb-server and package B that depends[*] on mysql-server you ideally want to be able to install both A and B on the same system. * depends as in verb, not Depends as in d/control statement > > > 1) Buster contains only MariaDB. Will these packages also be in > > > buster? If not, what happens on upgrade from stretch to buster? > > > Will we have the same problem again? > > > > default-mysql-* will already be installed, it will pull new > > mariadb-*-10.x packages and mysql-server/mysql-client will be removed. > > Nothing must depend on mysql-server/mysql-client already, so those > > will be just dangling packages ready to be removed. > > > > > 2) Buster contains both MySQL and MariaDB. MariaDB is default. The > > > mysql-server and mysql-client packages are provided by MySQL, but > > > default-mysql-server and default-mysql-client point to MariaDB. How > > > will the upgrade go? Some users have installed mysql-server or > > > mysql-client explicitly, while others have installed a different > > > package that depends on default-mysql-server or > > > default-mysql-client. > > > > I don't think this is going to happen, but if it does, we will have to > > make MariaDB and MySQL coinstallable with each other, because the > > packages might depend on specific flavour. > > The default is to include MySQL in buster. The release team only made a > decision about stretch, so unless they make a new decision, MySQL will > be in buster. Therefore, we have to handle this case. > > That said, I definitely wouldn't mind making the packages > co-installable, no matter what ends up in which version of Debian. postgresql-* packages might be a good example how to handle this, but it will be a lot of work, and somebody will have to write the handling script for smooth changes from one version to other. Cheers, Ondrej
