Processed: tagging 863714

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 863714 - moreinfo
Bug #863714 [release.debian.org] unblock: libetpan/1.6-3
Removed tag(s) moreinfo.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
863714: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863714
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#863689: marked as done (unblock: cracklib2/2.9.2-5)

[Debian Bug Tracking System]

Your message dated Wed, 31 May 2017 05:36:00 +
with message-id <3c660c3e-e92a-1816-c1b6-2afc9f760...@thykier.net>
and subject line Re: Bug#863689: unblock: cracklib2/2.9.2-5
has caused the Debian Bug report #863689,
regarding unblock: cracklib2/2.9.2-5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863689: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863689
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi KiBi (X-CC'ed),

I would like to unblock cracklib2 as it fixes #854554.  To my knowlegde, it
has no changes that affects its udeb, the diff being:

"""
diff -Nru cracklib2-2.9.2/debian/changelog cracklib2-2.9.2/debian/changelog
--- cracklib2-2.9.2/debian/changelog2017-04-08 11:25:28.0 +
+++ cracklib2-2.9.2/debian/changelog2017-05-27 09:41:18.0 +
@@ -1,3 +1,10 @@
+cracklib2 (2.9.2-5) unstable; urgency=medium
+
+  * Add Breaks: cracklib-runtime (<< 2.9.2-4) to libcrack2 to configure
+cracklib-runtime in the correct order (Closes: #854554)
+
+ -- Jan Dittberner   Sat, 27 May 2017 11:41:18 +0200
+
 cracklib2 (2.9.2-4) unstable; urgency=medium
 
   * Migrate triggers to interest-noawait to avoid trigger-cycles (Closes:
diff -Nru cracklib2-2.9.2/debian/control cracklib2-2.9.2/debian/control
--- cracklib2-2.9.2/debian/control  2017-04-08 11:25:28.0 +
+++ cracklib2-2.9.2/debian/control  2017-05-27 09:06:18.0 +
@@ -28,6 +28,7 @@
 Pre-Depends: ${misc:Pre-Depends}
 Depends: ${misc:Depends}, ${shlibs:Depends}
 Recommends: cracklib-runtime
+Breaks: cracklib-runtime (<< 2.9.2-4)
 Description: pro-active password checker library
  Shared library for cracklib2 which contains a C function which may be
  used in a passwd like program. The idea is simple: try to prevent
"""

unblock cracklib2/2.9.2-5

I would age it so it migrates before this weekend.


Thanks,
~Niels
--- End Message ---
--- Begin Message ---
Cyril Brulebois:
> Niels Thykier  (2017-05-30):
>> Hi KiBi (X-CC'ed),
>>
>> I would like to unblock cracklib2 as it fixes #854554.  To my knowlegde, it
>> has no changes that affects its udeb, the diff being:
>>
>> [...]
>> unblock cracklib2/2.9.2-5
>>
>> I would age it so it migrates before this weekend.
> 
> No objections, thanks.
> 
> 
> KiBi.
> 


Unblocked, thanks.

~Niels--- End Message ---

Bug#863757: unblock: sudo/1.8.19p1-1

[Bdale Garbee]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package sudo to allow a fix for CVE-2017-1000367, #863731,
to be included in stretch.  Source debdiff included below is upstream's 
isolated patch for this issue, de-fuzzed to apply cleanly to our sources.
This is essentially the same change as between 1.8.20-1 and 1.8.20p1-1 now
in unstable.

Bdale

unblock sudo/1.8.19p1-1

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.12+ (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), 
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru sudo-1.8.19p1/debian/changelog sudo-1.8.19p1/debian/changelog
--- sudo-1.8.19p1/debian/changelog  2017-01-13 11:12:49.0 -0700
+++ sudo-1.8.19p1/debian/changelog  2017-05-30 22:35:01.0 -0600
@@ -1,3 +1,9 @@
+sudo (1.8.19p1-2) stretch; urgency=high
+
+  * patch from upstream to fix CVE-2017-1000367, closes: #863731
+
+ -- Bdale Garbee   Tue, 30 May 2017 22:35:01 -0600
+
 sudo (1.8.19p1-1) unstable; urgency=medium
 
   * new upstream version
diff -Nru sudo-1.8.19p1/debian/patches/CVE-2017-1000367.patch 
sudo-1.8.19p1/debian/patches/CVE-2017-1000367.patch
--- sudo-1.8.19p1/debian/patches/CVE-2017-1000367.patch 1969-12-31 
17:00:00.0 -0700
+++ sudo-1.8.19p1/debian/patches/CVE-2017-1000367.patch 2017-05-30 
22:35:01.0 -0600
@@ -0,0 +1,246 @@
+diff --git a/src/ttyname.c b/src/ttyname.c
+index 9b94ba8..ab0f2d3 100644
+--- a/src/ttyname.c
 b/src/ttyname.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2012-2016 Todd C. Miller 
++ * Copyright (c) 2012-2017 Todd C. Miller 
+  *
+  * Permission to use, copy, modify, and distribute this software for any
+  * purpose with or without fee is hereby granted, provided that the above
+@@ -145,20 +145,22 @@ sudo_ttyname_dev(dev_t tdev, char *name, size_t namelen)
+ }
+ #elif defined(HAVE_STRUCT_PSINFO_PR_TTYDEV) || defined(HAVE_PSTAT_GETPROC) || 
defined(__linux__)
+ /*
+- * Devices to search before doing a breadth-first scan.
++ * Device nodes and directories to search before searching all of /dev
+  */
+ static char *search_devs[] = {
+ "/dev/console",
+-"/dev/wscons",
+-"/dev/pts/",
+-"/dev/vt/",
+-"/dev/term/",
+-"/dev/zcons/",
++"/dev/pts/",  /* POSIX pty */
++"/dev/vt/",   /* Solaris virtual console */
++"/dev/term/", /* Solaris serial ports */
++"/dev/zcons/",/* Solaris zone console */
++"/dev/pty/",  /* HP-UX old-style pty */
+ NULL
+ };
+ 
++/*
++ * Device nodes to ignore when searching all of /dev
++ */
+ static char *ignore_devs[] = {
+-"/dev/fd/",
+ "/dev/stdin",
+ "/dev/stdout",
+ "/dev/stderr",
+@@ -166,16 +168,18 @@ static char *ignore_devs[] = {
+ };
+ 
+ /*
+- * Do a breadth-first scan of dir looking for the specified device.
++ * Do a scan of a directory looking for the specified device.
++ * Does not descend into subdirectories.
+  * Returns name on success and NULL on failure, setting errno.
+  */
+ static char *
+-sudo_ttyname_scan(const char *dir, dev_t rdev, bool builtin, char *name, 
size_t namelen)
++sudo_ttyname_scan(const char *dir, dev_t rdev, char *name, size_t namelen)
+ {
+-size_t sdlen, num_subdirs = 0, max_subdirs = 0;
+-char pathbuf[PATH_MAX], **subdirs = NULL;
++size_t sdlen;
++char pathbuf[PATH_MAX];
+ char *ret = NULL;
+ struct dirent *dp;
++struct stat sb;
+ unsigned int i;
+ DIR *d = NULL;
+ debug_decl(sudo_ttyname_scan, SUDO_DEBUG_UTIL)
+@@ -183,6 +187,18 @@ sudo_ttyname_scan(const char *dir, dev_t rdev, bool 
builtin, char *name, size_t
+ if (dir[0] == '\0' || (d = opendir(dir)) == NULL)
+   goto done;
+ 
++if (fstat(dirfd(d), ) == -1) {
++  sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
++  "unable to fstat %s", dir);
++  goto done;
++}
++if ((sb.st_mode & S_IWOTH) != 0) {
++  sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
++  "ignoring world-writable directory %s", dir);
++  errno = ENOENT;
++  goto done;
++}
++
+ sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
+   "scanning for dev %u in %s", (unsigned int)rdev, dir);
+ 
+@@ -220,18 +236,6 @@ sudo_ttyname_scan(const char *dir, dev_t rdev, bool 
builtin, char *name, size_t
+   }
+   if (ignore_devs[i] != NULL)
+   continue;
+-  if (!builtin) {
+-  /* Skip entries in search_devs; we already checked them. */
+-  for (i = 0; search_devs[i] != NULL; i++) {
+-  len = strlen(search_devs[i]);
+-  if (search_devs[i][len - 1] == '/')
+-  len--;
+-  

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: fop_1.1.dfsg2-1+deb8u1_amd64.changes
  ACCEPT
Processing changes file: puppet_3.7.2-4+deb8u1_amd64.changes
  ACCEPT
Processing changes file: rpcbind_0.2.1-6+deb8u2_amd64.changes
  ACCEPT
Processing changes file: rpcbind_0.2.1-6+deb8u2_arm64.changes
  ACCEPT
Processing changes file: rpcbind_0.2.1-6+deb8u2_armel.changes
  ACCEPT
Processing changes file: rpcbind_0.2.1-6+deb8u2_armhf.changes
  ACCEPT
Processing changes file: rpcbind_0.2.1-6+deb8u2_i386.changes
  ACCEPT
Processing changes file: rpcbind_0.2.1-6+deb8u2_mips.changes
  ACCEPT
Processing changes file: rpcbind_0.2.1-6+deb8u2_mipsel.changes
  ACCEPT
Processing changes file: rpcbind_0.2.1-6+deb8u2_powerpc.changes
  ACCEPT
Processing changes file: rpcbind_0.2.1-6+deb8u2_ppc64el.changes
  ACCEPT
Processing changes file: rpcbind_0.2.1-6+deb8u2_s390x.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u4_allonly.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u4_amd64.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u4_arm64.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u4_armel.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u4_armhf.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u4_i386.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u4_mips.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u4_mipsel.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u4_powerpc.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u4_ppc64el.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u4_s390x.changes
  ACCEPT

Bug#863714: unblock: libetpan/1.6-3

[Ricardo Mones]

Hi Jonathan,

On Tue, May 30, 2017 at 08:40:55PM +0100, Jonathan Wiltshire wrote:
> Control: tag -1 moreinfo
> 
> On Tue, May 30, 2017 at 11:53:31AM +0200, Ricardo Mones wrote:
> > Please unblock package libetpan
> > 
> > Fixes bug 862151 (CVE-2017-8825). Diff includes an update to Homepage
> > field which was already in git since past year ;)
> 
> The diff looks fine, but I can't unblock something that isn't in the
> archive.

Indeed, it was a busy day, but has been uploaded some minutes ago.
My apologies for the delay.

best regards,
-- 
  Ricardo Mones 
  ~
  Quantity derives from measurement, figures from quantities, 
  comparisons from figures, and victories from comparisons. 
  Sun Tzu



signature.asc
Description: PGP signature

Bug#863667: unblock: hexchat (pre-approval)

[Mattia Rizzolo]

Control: tag -1 - moreinfo

On Tue, May 30, 2017 at 08:13:10PM +0100, Jonathan Wiltshire wrote:
> Agree. Please go ahead and remove the moreinfo tag when it is ready to
> unblock.

That's good to go now.
Thanks.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Processed: Re: Bug#863667: unblock: hexchat (pre-approval)

[Debian Bug Tracking System]

Processing control commands:

> tag -1 - moreinfo
Bug #863667 [release.debian.org] unblock: hexchat (pre-approval)
Removed tag(s) moreinfo.

-- 
863667: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863667
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#863519: unblock blockdiag/1.5.3+dfsg-2

[Kouhei Maeda]

2017-05-31 5:38 GMT+09:00 Jonathan Wiltshire :
> On Sun, May 28, 2017 at 08:51:27AM +0900, Kouhei Maeda wrote:
>> +export PYBUILD_BEFORE_BUILD=cp -a $(CURDIR)/src/blockdiag.egg-info
>> {build_dir};cp -f $(CURDIR)/debian/circle.* /tmp/
>
> Apologies for not spotting it sooner, but there's a symlink vulnerability
> here (imagine if /tmp/circle.* was a symlink to something important),
> and I'm not sure that you should hardcode /tmp either ($TMPDIR?).
>
> I'm a bit concerned there's more going on here than just the bug fixes.
> What would the minimum required changes to fix #860689 and #847930 look
> like?

Thanks,

This change is temporarily copied for use in unit test.
It is coping with PYBUILD_BEFORE_BUILD, but I should use PYBUILD_BEFORE_TEST.
And, I had deleted the necessary deletion processing of temporary
files with PYBUILD_AFTER_TEST.

I will fix these.

Regards,

--
Kouhei Maeda 
 KeyID 4096R/7E37CE41

Bug#863453: unblock: acmetool/0.0.59-1

[Jonathan Wiltshire]

Hi,

On Tue, May 30, 2017 at 08:45:26AM -0400, Peter Colberg wrote:
> Control: tag -1 - moreinfo
> 
> On Mon, May 29, 2017 at 01:11:47PM +0100, Jonathan Wiltshire wrote:
> > None of these issues seem to have corresponding BTS bugs. If they did,
> > which severity would you choose? (hint: if they're not at least
> > 'serious'...)
> 
> I would assign the following severities:
> 
>   * Validate hostnames in 'acmetool want' [1]
> 
> Severity: normal
> 
> This improves the error handling when the user passes an invalid host 
> name.
> 
> https://github.com/hlandau/acme/issues/204
> 
>   * Allow environment variables to be passed to challenge hooks [2]
> 
> Severity: normal
> 
> https://github.com/hlandau/acme/issues/166 

These would be nice in the long term, but I don't really think they're
critical right now.

>   * Allow acmeapi to obtain new nonces if nonce pool is depleted [3]
> 
> Severity: important
> 
> This fixes a potential failure to acquire certificates.
> 
> https://github.com/hlandau/acme/issues/214

Let's assume that if the Let's Encrypt responder is giving you 503s, it's
game over anyway.

>   * Don't attempt fdb permission tests on non-cgo builds [4]
> 
> Severity: serious
> 
> This fixes an FTBFS on architectures using gcc-go.

Does this actually affect stretch builds, or just architectures outside
those?

> https://github.com/hlandau/acme/issues/219
> 
>   * Add read/write timeouts to redirector server [5]
> 
> Severity: serious
> 
> This fixes a denial-of-service in the HTTP-to-HTTPS redirector.

Is this likely, given there is only really one set of (proabably
well-behaved) clients in the real world? Possibly I've misunderstood the
purpose of this redirector.

>   * Allow hidden files within the state directory [6]
> 
> Severity: important
> 
> This ignores dot files in /var/lib/acme, e.g., .git/.
> 
> https://github.com/hlandau/acme/issues/153

This might be a bit noisy, but it's not a show-stopper is it?

I'm erring on the side of deferring all of these and cherry-picking them if
real-world issues get reported for stable. It's an awful lot of changes for
this late in the process and not really suitable.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Bug#863734: unblock: gnupg2/2.1.18-8

[Daniel Kahn Gillmor]

On Tue 2017-05-30 22:48:20 +0200, Cyril Brulebois wrote:
> Jonathan Wiltshire  (2017-05-30):
>> Control: tag -1 moreinfo
>> 
>> On Tue, May 30, 2017 at 12:41:48PM -0400, Daniel Kahn Gillmor wrote:
>> > Please unblock package gnupg2
>> > 
>> > The gnupg2 source package 2.1.18-8 contains a significant number of
>> > useful fixes from 2.1.18-6, and should be propagated into testing.
>> 
>> Cc-ing the d-i RM for an ack.
>
> TBF I'm not thrilled by the amount of patches and the limited time before
> the release. :(

I'm also not thrilled by the amount of patches, but these are clear
bugfixes from upstream. They've been in unstable for several weeks now,
and i've avoided an unblock specifically because i wanted to hear from
people that they solve their problems and don't introduce new ones.
that seems to be the case.  :/

> ISTR we mainly use gpgv from src:gnupg2, through the gpgv-udeb package.
> Any chance you could pinpoint changesets affecting it, so that I can
> concentrate on those only?

sure thing.  Most of these don't affect gpgv.  The most relevant patches
for gpgv are these two patches from upstream which have an effect on the
use of specific file descriptors (the first catches errors in
mis-configured invocations, and the second ensures that gpgv works
cross-platform on windows):

0032-gpg-common-Make-sure-that-all-fd-given-are-valid.patch
debian/patches/0040-gpgv-w32-Fix-status-fd.patch

however, the following other patches since 2.1.18-6 all touch some
source file that contributes to the build of gpgv, though i think none
of them are relevant for gpgv generally, let alone for d-i's specific
use of gpgv -- the gpgv source is just mixed together with
GnuPG's other functionality:

0044-gpg-Make-export-options-work-with-export-secret-keys.patch
0048-gpg-Fix-attempt-to-double-free-an-UID-structure.patch
0050-gpg-Flush-stdout-before-printing-stats-with-check-si.patch
0059-gpg-Handle-critical-marked-Reason-for-Revocation.patch
0065-gpg-Fix-printing-of-offline-taken-subkey.patch
0072-g10-Minor-fixes.patch
0074-g10-invalidate-the-fd-cache-for-keyring.patch
avoid-spurious-warnings/0078-gpg-Avoid-spurious-warnings-about-trust-packets.patch
skel-file-removal/0077-g10-remove-skeleton-options-files.patch
skip-missing-signing-keys/0076-g10-Skip-signing-keys-where-no-secret-key-is-availab.patch

(for example, gpgv doesn't do export-secret-keys at all, but it does
include g10/main.h, which that 0044-*.patch does have to modify.
similarly, gpgv doesn't read config files at all, but
skel-file-removal/0077*.patch touches g10/openfile.c.)

Let me know if you have any more questions,

--dkg


signature.asc
Description: PGP signature

Bug#863626: marked as done (unblock: dns-root-data/2017041101)

[Debian Bug Tracking System]

Your message dated Tue, 30 May 2017 22:42:22 +0100
with message-id <20170530214222.nmazjiv542owq...@powdarrmonkey.net>
and subject line Re: Bug#863626: unblock: dns-root-data/2017041101
has caused the Debian Bug report #863626,
regarding unblock: dns-root-data/2017041101
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863626: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863626
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package dns-root-data

Dear release team,

the 2017041101 update of dns-root-data package contains:

- fixes to parse_root_data.sh script to unfail the non-dash
  shells - closes RC bug #862252 (use printf instead of echo command)
- update root.hints to 2017041101 version (no other change then version though)
- update root.key and d/rules to strip any timestamp, so the build is
  more or less reproducible (the get_orig_source still depends on
  upstream data at the time of the build, but it should be more
  reliable)
- little fixes to parse_root_data.sh script, as suggested by shellcheck:
  + use read -r instead of read on xml2 output data
  + use [:upper:]/[:lower:] instead of [A-Z]/[a-z] as tr argument
  + use [ a ] || [ b ] syntax instead of [ a -o b ]

unblock dns-root-data/2017041101

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 
'experimental')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.4.0-67-generic (SMP w/24 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 3.0 (native)
Source: dns-root-data
Binary: dns-root-data
Architecture: all
Version: 2017041101
Maintainer: Debian DNS Maintainers 
Uploaders: Ondřej Surý , Robert Edmonds 
Homepage: https://data.iana.org/root-anchors/
Standards-Version: 3.9.6
Vcs-Browser: http://git.debian.org/?p=pkg-dns/dns-root-data.git;a=summary
Vcs-Git: git://git.debian.org/pkg-dns/dns-root-data.git
Build-Depends: debhelper (>= 8.0.0), unbound-anchor, openssl, ldnsutils, xml2
Package-List:
 dns-root-data deb misc optional arch=all
Checksums-Sha1:
 36bfc25763062a4ccc784ced1d821faf8a3f442e 14316 dns-root-data_2017041101.tar.xz
Checksums-Sha256:
 c88bb15f1e16dba1a525928e190999fdc70b16d06e40f2aa9c7b81c4740c30d5 14316 
dns-root-data_2017041101.tar.xz
Files:
 4982844cb0e3b0223fdc93bf9671adc3 14316 dns-root-data_2017041101.tar.xz

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEEMLkz2A/OPZgaLTj7DJm3DvT8uwcFAlksENtfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDMw
QjkzM0Q4MEZDRTNEOTgxQTJEMzhGQjBDOTlCNzBFRjRGQ0JCMDcACgkQDJm3DvT8
uwf1vA/9HNXfzN7Z8tUuDm40HsXrCR6vK1KfGpcsoYkqZtyqEnkCSwCjzBCpuXzd
IO9bVVzQaUkzvxVK8Gq0hJaKri7BUKmgRTg9v8MmcIoqmmyi3TIxU5NFUbTgFwaj
qy47bq/gNVJUrYGQJssSE70fHv1iCwWT3Y3xHNdNJfkjiOqIgqgJwB7RzXcPZjgF
ZqzUWelV6vDUE1OsOCo2a8hLRGZa11qK/mbZ8eBhYOwVzf6S/z/tZ7L2y2oUEC3J
u2et1PweqCmQPNC2Xs9KRya9XdFBuMRt4x3EPHygG0u8sziioVaHeNgfNP66gU2g
FlADNfrgS7KLTwXlfHkJ1JLW5/9Zbce3HFdfNGBwESxWSPLJRhCVcycN3N/71T/h
aycV57+hG+rHGOsCdNa9c79KrriikrokBilA31NDmOH77wk6g88EhYtvG7TRbd3S
sCAYPdk06aIAz2V8nMOXATag5iLRrtdlcJaqvmpfB2NyrXWXOlgb0mTc912ACY6B
seDPD3OAmVG5ubOUkBSMyQj7tabjOKkHu+ioYOs3AEYVyIlFxfvle4GwPb6XLaze
gaf5ECU4UdZb/7ARKcX3PEL/UQXxIH3F7CExliqQZ/kqqXD0nWcS16I/BuW+YkwP
86k6ofr1/oxiHbdkFEQvSAocbv2GN74jO2R1Q6p7ptv7K4Ey8Og=
=pbH7
-END PGP SIGNATURE-
diff -Nru dns-root-data-2017020200/debian/changelog 
dns-root-data-2017041101/debian/changelog
--- dns-root-data-2017020200/debian/changelog   2017-03-22 09:06:08.0 
+0100
+++ dns-root-data-2017041101/debian/changelog   2017-05-29 14:05:37.0 
+0200
@@ -1,3 +1,12 @@
+dns-root-data (2017041101) unstable; urgency=medium
+
+  * Fix parse-root-anchors.sh in non-dash shells (Closes: #862252)
+  * Update to 2017041101 version of root zone
+  * Remove timestamps from root.key to make the build reproducible
+  * Shell syntax cleanup
+
+ -- Ondřej Surý   Mon, 29 May 2017 14:05:37 +0200
+
 dns-root-data (2017020200) unstable; urgency=medium
 
   * Update to 2016102001 version of the root.zone
diff -Nru dns-root-data-2017020200/debian/rules 
dns-root-data-2017041101/debian/rules
--- dns-root-data-2017020200/debian/rules   2017-03-22 

Bug#863689: unblock: cracklib2/2.9.2-5

[Cyril Brulebois]

Niels Thykier  (2017-05-30):
> Hi KiBi (X-CC'ed),
> 
> I would like to unblock cracklib2 as it fixes #854554.  To my knowlegde, it
> has no changes that affects its udeb, the diff being:
> 
> """
> diff -Nru cracklib2-2.9.2/debian/changelog cracklib2-2.9.2/debian/changelog
> --- cracklib2-2.9.2/debian/changelog2017-04-08 11:25:28.0 +
> +++ cracklib2-2.9.2/debian/changelog2017-05-27 09:41:18.0 +
> @@ -1,3 +1,10 @@
> +cracklib2 (2.9.2-5) unstable; urgency=medium
> +
> +  * Add Breaks: cracklib-runtime (<< 2.9.2-4) to libcrack2 to configure
> +cracklib-runtime in the correct order (Closes: #854554)
> +
> + -- Jan Dittberner   Sat, 27 May 2017 11:41:18 +0200
> +
>  cracklib2 (2.9.2-4) unstable; urgency=medium
>  
>* Migrate triggers to interest-noawait to avoid trigger-cycles (Closes:
> diff -Nru cracklib2-2.9.2/debian/control cracklib2-2.9.2/debian/control
> --- cracklib2-2.9.2/debian/control  2017-04-08 11:25:28.0 +
> +++ cracklib2-2.9.2/debian/control  2017-05-27 09:06:18.0 +
> @@ -28,6 +28,7 @@
>  Pre-Depends: ${misc:Pre-Depends}
>  Depends: ${misc:Depends}, ${shlibs:Depends}
>  Recommends: cracklib-runtime
> +Breaks: cracklib-runtime (<< 2.9.2-4)
>  Description: pro-active password checker library
>   Shared library for cracklib2 which contains a C function which may be
>   used in a passwd like program. The idea is simple: try to prevent
> """
> 
> unblock cracklib2/2.9.2-5
> 
> I would age it so it migrates before this weekend.

No objections, thanks.


KiBi.


signature.asc
Description: Digital signature

Bug#863730: marked as done (unblock: gnome-calendar/3.22.4-2)

[Debian Bug Tracking System]

Your message dated Tue, 30 May 2017 22:30:02 +0100
with message-id <20170530213002.gqinvx4yopho2...@powdarrmonkey.net>
and subject line Re: Bug#863730: unblock: gnome-calendar/3.22.4-2
has caused the Debian Bug report #863730,
regarding unblock: gnome-calendar/3.22.4-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863730: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863730
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package gnome-calendar

It's a targetted two-line fix for a crasher bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858924

The patch is from upstream, the package has already been uploaded and
was successfully built everywhere.

Full debdiff is attached.

Regards,
Michael

unblock gnome-calendar/3.22.4-2

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), 
LANGUAGE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru gnome-calendar-3.22.4/debian/changelog 
gnome-calendar-3.22.4/debian/changelog
--- gnome-calendar-3.22.4/debian/changelog  2017-03-29 23:00:23.0 
+0200
+++ gnome-calendar-3.22.4/debian/changelog  2017-05-30 10:15:57.0 
+0200
@@ -1,3 +1,11 @@
+gnome-calendar (3.22.4-2) unstable; urgency=medium
+
+  [ Jason Crain ]
+  * Add debian/patches/0003-set-edit-dialogs-event-to-NULL-after-saving.patch:
+fix crash when creating a new event. (Closes: #858924)
+
+ -- Michael Biebl   Tue, 30 May 2017 10:15:57 +0200
+
 gnome-calendar (3.22.4-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru gnome-calendar-3.22.4/debian/control 
gnome-calendar-3.22.4/debian/control
--- gnome-calendar-3.22.4/debian/control2017-03-29 23:00:23.0 
+0200
+++ gnome-calendar-3.22.4/debian/control2017-05-30 10:15:57.0 
+0200
@@ -6,7 +6,7 @@
 Section: gnome
 Priority: optional
 Maintainer: Debian GNOME Maintainers 

-Uploaders: Andreas Henriksson , Iain Lane 
, Michael Biebl 
+Uploaders: Andreas Henriksson , Michael Biebl 

 Build-Depends: appstream-util,
autoconf-archive,
debhelper (>= 10),
diff -Nru 
gnome-calendar-3.22.4/debian/patches/0003-set-edit-dialogs-event-to-NULL-after-saving.patch
 
gnome-calendar-3.22.4/debian/patches/0003-set-edit-dialogs-event-to-NULL-after-saving.patch
--- 
gnome-calendar-3.22.4/debian/patches/0003-set-edit-dialogs-event-to-NULL-after-saving.patch
 1970-01-01 01:00:00.0 +0100
+++ 
gnome-calendar-3.22.4/debian/patches/0003-set-edit-dialogs-event-to-NULL-after-saving.patch
 2017-05-30 09:50:28.0 +0200
@@ -0,0 +1,39 @@
+From: Yash Singh 
+Date: Fri, 10 Mar 2017 17:58:52 +0530
+Subject: window: set edit dialog's event to NULL after saving
+
+Earlier the app used to crash when a new event was added using the
+'Edit Details' buttion/dialog. This was happening because edit dialog's
+event was set to NULL before the event was being stored in the calendar
+through the 'edit_dialog' and hence the app was crashing.
+
+This patch fixes the above-mentioned issue by saving the event before
+setting the edit dialog's event to NULL.
+
+Origin: upstream, 
https://git.gnome.org/browse/gnome-calendar/commit/?id=6f87ada70dbeae71e3428ee3a63f79b8c918f121
+Bug: https://bugzilla.gnome.org/779733
+Bug-Debian: https://bugs.debian.org/858924
+Last-Update: 2017-05-28
+---
+ src/gcal-window.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/src/gcal-window.c
 b/src/gcal-window.c
+@@ -1102,7 +1102,6 @@
+   event = gcal_edit_dialog_get_event (edit_dialog);
+   view = GCAL_VIEW (window->views[window->active_view]);
+ 
+-  gcal_edit_dialog_set_event (edit_dialog, NULL);
+   gtk_widget_hide (GTK_WIDGET (dialog));
+ 
+   switch (response)
+@@ -1149,6 +1148,8 @@
+   break;
+ 
+ }
++
++  gcal_edit_dialog_set_event (edit_dialog, NULL);
+ }
+ 
+ static void
diff -Nru gnome-calendar-3.22.4/debian/patches/series 
gnome-calendar-3.22.4/debian/patches/series
--- gnome-calendar-3.22.4/debian/patches/series 2016-09-15 00:30:46.0 
+0200
+++ 

Re: Bug#863705: aptitude: symbol lookup error: aptitude: undefined symbol:

[Axel Beckert]

Control: clone -1 -2
Control: reassign -2 libstdc++6 6.3.0-18
Control: retitle -2 libstdc++6: Add versioned Breaks against 
libxapian30/1.4.1-1~bpo8+1
Control: severity -2 serious

Hi,

Sven Joachim wrote:
> >> > aptitude: symbol lookup error: aptitude: undefined symbol:
> >> _ZNK6Xapian8Database14postlist_beginERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
> >> 
> >> This happens because libxapian30 from jessie-backports is not compatible
> >> with libstdc++6 from unstable
[...]
> > Or maybe even better: libstdc++6 should break with this version of
> > libxapian30 from backports.
> 
> That's probably the most realistic way considering the proximity of the
> stretch release.

Cloning this bug report accordingly against libstdc++6.

Debian Release Team: Feel free to downgrade the severity of the cloned
bug report. For now, I leave it at RC.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Processed: tagging 863730

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 863730 - moreinfo
Bug #863730 [release.debian.org] unblock: gnome-calendar/3.22.4-2
Removed tag(s) moreinfo.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
863730: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863730
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#863712: marked as done (unblock: pd-pdstring/0.10.2-3)

[Debian Bug Tracking System]

Your message dated Tue, 30 May 2017 22:14:01 +0100
with message-id <20170530211401.uiyuuryghqizp...@powdarrmonkey.net>
and subject line Re: Bug#863712: unblock: pd-pdstring/0.10.2-3
has caused the Debian Bug report #863712,
regarding unblock: pd-pdstring/0.10.2-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863712: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863712
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package pd-pdstring

This upload fixes the "online" documentation of the package:
documentation is a set of interactive examples that will automatically be opened
when the user clicks on "Help" within the runtime environment (puredata, aka
"Pd").
The documentation was broken insofar, as it was installed at a place, where Pd
wouldn't look for it, resulting in no documentation for the end-user.

unblock pd-pdstring/0.10.2-3

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru pd-pdstring-0.10.2/debian/changelog 
pd-pdstring-0.10.2/debian/changelog
--- pd-pdstring-0.10.2/debian/changelog 2016-11-10 10:22:16.0 +0100
+++ pd-pdstring-0.10.2/debian/changelog 2017-05-29 22:59:44.0 +0200
@@ -1,3 +1,12 @@
+pd-pdstring (0.10.2-3) unstable; urgency=medium
+
+  * Moved fix-help-files patch to common/m4 (Closes: #863665)
+  * Set well-defined user for repdroducible builds.
+Thanks to Chris Lamb  (Closes: #861756)
+  * Refreshed patches (fuzz offset)
+
+ -- IOhannes m zmölnig (Debian/GNU)   Mon, 29 May 2017 
22:59:44 +0200
+
 pd-pdstring (0.10.2-2) unstable; urgency=medium
 
   * Enabled reproducible build.
diff -Nru pd-pdstring-0.10.2/debian/patches/fix-help-files-install-dir.patch 
pd-pdstring-0.10.2/debian/patches/fix-help-files-install-dir.patch
--- pd-pdstring-0.10.2/debian/patches/fix-help-files-install-dir.patch  
2016-11-10 10:22:16.0 +0100
+++ pd-pdstring-0.10.2/debian/patches/fix-help-files-install-dir.patch  
2017-05-29 22:59:44.0 +0200
@@ -1,25 +1,27 @@
 Description: fix configure to install help-files to extdir
 Author: Roman Haefeli 
 a/configure
-+++ b/configure
-@@ -3550,9 +3550,6 @@
- 
- 
+Last-Update: 2017-05-04
+--- pd-pdstring.orig/common/m4/ax_pd_external.m4
 pd-pdstring/common/m4/ax_pd_external.m4
+@@ -146,9 +146,6 @@
+   [pddir="\${prefix}/pd"])
+  AC_SUBST(pddir)
  
 - pddocdir="${pddir}/doc/5.reference"
--
+- AC_SUBST(pddocdir)
 -
   ##-- pdincludedir
- 
- # Check whether --with-pd-include was given.
-@@ -3582,6 +3579,10 @@
-  pdexternsdir="$pdextdir"
+  AC_ARG_WITH(pd-include,
+   AC_HELP_STRING([--with-pd-include=DIR], [Pd include directory 
(default=NONE)]),
+@@ -171,6 +168,11 @@
   pdexecdir="$pdextdir"
- 
-+ ##-- pddocdir
+  AC_SUBST(pdexternsdir)
+  AC_SUBST(pdexecdir)
++
 + # Nowadays the help files usually are installed besides the class files
 + pddocdir="${pdextdir}"
++ AC_SUBST(pddocdir)
 +
- 
   ## pd-directory/ies
   ##^^
+ 
diff -Nru pd-pdstring-0.10.2/debian/patches/reproducible-build.patch 
pd-pdstring-0.10.2/debian/patches/reproducible-build.patch
--- pd-pdstring-0.10.2/debian/patches/reproducible-build.patch  2016-11-10 
10:22:16.0 +0100
+++ pd-pdstring-0.10.2/debian/patches/reproducible-build.patch  2017-05-29 
22:59:44.0 +0200
@@ -1,19 +1,21 @@
 Description: Make the build reproducible
 Author: Chris Lamb 
-Last-Update: 2016-08-04
-
 pd-pdstring-0.10.2.orig/common/m4/ax_pd_external.m4
-+++ pd-pdstring-0.10.2/common/m4/ax_pd_external.m4
-@@ -242,7 +242,11 @@ AC_DEFUN([AX_PD_EXTERNAL],
+Last-Update: 2017-05-04
+--- pd-pdstring.orig/common/m4/ax_pd_external.m4
 pd-pdstring/common/m4/ax_pd_external.m4
+@@ -244,8 +244,13 @@
  
   ##vv
   ## compiled
 - AC_DEFINE_UNQUOTED(PACKAGE_BUILD_DATE,  "`date`",   [Date this package was 
configured])
+- AC_DEFINE_UNQUOTED(PACKAGE_BUILD_USER,  "$USER",[User who configured 
this package])
 + if test -n "$SOURCE_DATE_EPOCH"; then
-+   

Bug#863713: marked as done (unblock: pd-flite/0.02.3-3)

[Debian Bug Tracking System]

Your message dated Tue, 30 May 2017 22:06:25 +0100
with message-id <20170530210625.dcqrjz3rpuqli...@powdarrmonkey.net>
and subject line Re: Bug#863713: unblock: pd-flite/0.02.3-3
has caused the Debian Bug report #863713,
regarding unblock: pd-flite/0.02.3-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863713: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863713
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package pd-flite

This upload fixes the "online" documentation of the package:
documentation is a set of interactive examples that will automatically be opened
when the user clicks on "Help" within the runtime environment (puredata, aka 
"Pd").
The documentation was broken insofar, as it was installed at a place, where Pd
wouldn't look for it, resulting in no documentation for the end-user.

unblock pd-flite/0.02.3-3

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru pd-flite-0.02.3/debian/changelog pd-flite-0.02.3/debian/changelog
--- pd-flite-0.02.3/debian/changelog2016-11-10 10:36:40.0 +0100
+++ pd-flite-0.02.3/debian/changelog2017-05-29 22:58:45.0 +0200
@@ -1,3 +1,10 @@
+pd-flite (0.02.3-3) unstable; urgency=medium
+
+  * Fixed helppatch-install-dir patch (Closes: #863658)
+  * Refreshed patches (fuzz offset)
+
+ -- IOhannes m zmölnig (Debian/GNU)   Mon, 29 May 2017 
22:58:45 +0200
+
 pd-flite (0.02.3-2) unstable; urgency=medium
 
   * Fixed permissions of externals (Closes: #715909)
diff -Nru pd-flite-0.02.3/debian/patches/fix-help-files-install-dir.patch 
pd-flite-0.02.3/debian/patches/fix-help-files-install-dir.patch
--- pd-flite-0.02.3/debian/patches/fix-help-files-install-dir.patch 
2016-11-10 10:36:40.0 +0100
+++ pd-flite-0.02.3/debian/patches/fix-help-files-install-dir.patch 
2017-05-29 22:58:45.0 +0200
@@ -1,25 +1,27 @@
 Description: fix configure to install help-files to extdir
 Author: Roman Haefeli 
 a/configure
-+++ b/configure
-@@ -4134,9 +4134,6 @@
- 
- 
+Last-Update: 2017-05-29
+--- pd-flite.orig/common/m4/ax_pd_external.m4
 pd-flite/common/m4/ax_pd_external.m4
+@@ -146,9 +146,6 @@
+   [pddir="\${prefix}/pd"])
+  AC_SUBST(pddir)
  
 - pddocdir="${pddir}/doc/5.reference"
--
+- AC_SUBST(pddocdir)
 -
   ##-- pdincludedir
- 
- # Check whether --with-pd-include was given.
-@@ -4166,6 +4163,10 @@
-  pdexternsdir="$pdextdir"
+  AC_ARG_WITH(pd-include,
+   AC_HELP_STRING([--with-pd-include=DIR], [Pd include directory 
(default=NONE)]),
+@@ -171,6 +168,11 @@
   pdexecdir="$pdextdir"
- 
-+ ##-- pddocdir
+  AC_SUBST(pdexternsdir)
+  AC_SUBST(pdexecdir)
++
 + # Nowadays the help files usually are installed besides the class files
 + pddocdir="${pdextdir}"
++ AC_SUBST(pddocdir)
 +
- 
   ## pd-directory/ies
   ##^^
+ 
diff -Nru pd-flite-0.02.3/debian/patches/reproducible-build.patch 
pd-flite-0.02.3/debian/patches/reproducible-build.patch
--- pd-flite-0.02.3/debian/patches/reproducible-build.patch 2016-11-10 
10:36:40.0 +0100
+++ pd-flite-0.02.3/debian/patches/reproducible-build.patch 2017-05-29 
22:58:45.0 +0200
@@ -2,9 +2,9 @@
 Author: Chris Lamb 
 Last-Update: 2016-08-04
 
 pd-pdstring-0.10.2.orig/common/m4/ax_pd_external.m4
-+++ pd-pdstring-0.10.2/common/m4/ax_pd_external.m4
-@@ -242,7 +242,11 @@ AC_DEFUN([AX_PD_EXTERNAL],
+--- pd-flite.orig/common/m4/ax_pd_external.m4
 pd-flite/common/m4/ax_pd_external.m4
+@@ -244,7 +244,11 @@
  
   ##vv
   ## compiled
--- End Message ---
--- Begin Message ---
On Tue, May 30, 2017 at 11:43:10AM +0200, IOhannes m zmoelnig wrote:
> Please unblock package pd-flite
> 
> This upload fixes the "online" documentation of the package:
> documentation is a set of interactive examples that will automatically be 
> opened
> when the user clicks on "Help" within the runtime environment (puredata, aka 
> "Pd").
> The documentation was broken insofar, as it was installed at a place, where Pd
> wouldn't 

Bug#863708: marked as done (unblock: nvidia-settings/375.66-1)

[Debian Bug Tracking System]

Your message dated Tue, 30 May 2017 22:02:11 +0100
with message-id <20170530210211.wbiuc4ieevme5...@powdarrmonkey.net>
and subject line Re: Bug#863708: unblock: nvidia-settings/375.66-1
has caused the Debian Bug report #863708,
regarding unblock: nvidia-settings/375.66-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863708: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863708
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package nvidia-settings

I just uploaded a new upstream release of nvidia-settings to unstable.

Usually NVIDIA only bumps the version of nvidia-settings etc. for new
upstream releases of long-lived driver branches, but this time there are
some actual code changes. Since we are going to have
nvidia-graphics-drivers 375.66-1 in stretch to fix the recent CVE
series, we should not deviate from upstream here and keep the version in
sync.

There are some more upstream changes included that were not documented
in the upstream changelog (only available in the driver).
Most notable a newer version of the nvml.h header (libnvidia-ml1 is
shipped by the driver, but the header is not), this is *not* part of the
libxnvctrl0 API.

I also dropped the pie.patch, since the toolchain has improved w.r.t.
PIE defaults, s.t. this is no longer needed.

nvidia-settings (375.66-1) unstable; urgency=medium

  * New upstream release 375.66.
- Updated the display configuration page in the nvidia-settings
  control panel to accurately reflect HDMI 3D refresh rates.
  * Remove PIE workarounds, this now works out-of-the-box.

 -- Andreas Beckmann   Tue, 30 May 2017 10:42:42 +0200

unblock nvidia-settings/375.66-1


Andreas


nvidia-settings_375.66-1.dsc.diff.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
On Tue, May 30, 2017 at 11:11:03AM +0200, Andreas Beckmann wrote:
> Please unblock package nvidia-settings

Unblocked, thanks.


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51--- End Message ---

Fully Dutch translation of release-notes [Was: Re: Dutch release-notes translation - issues and whats-new ]

[Holger Wansing]

Hi,

Frans Spiesschaert  wrote:
> Please find attached an updated issues.po and whats-new.po for Dutch.

Thanks, just committed:
https://anonscm.debian.org/viewvc/ddp?view=revision=11522

> I tested a local make of the Dutch release notes and it built
> successfully.
> 
> So the only thing that still needs to be done to make the Dutch
> release-notes active, is a small update to the Makefile.
> At the moment the Makefile lists nl with the DISABLED_LANGUAGES, but in
> order to build, it should be moved to the LANGUAGES list.
> Where should I ask for this change?

It builds fine; I have committed that too:
https://anonscm.debian.org/viewvc/ddp?view=revision=11523
So Dutch is now activated.

I have CC'ed debian-doc and debian-release, just to let them know.


> Thanks for the cooperation and see you later, maybe.
> 

Yes, maybe :-) Germany and the Netherlands are not that far away :-)


Regards
Holger

-- 
Holger Wansing 
PGP-Finterprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076

Bug#863734: unblock: gnupg2/2.1.18-8

[Cyril Brulebois]

Jonathan Wiltshire  (2017-05-30):
> Control: tag -1 moreinfo
> 
> On Tue, May 30, 2017 at 12:41:48PM -0400, Daniel Kahn Gillmor wrote:
> > Please unblock package gnupg2
> > 
> > The gnupg2 source package 2.1.18-8 contains a significant number of
> > useful fixes from 2.1.18-6, and should be propagated into testing.
> 
> Cc-ing the d-i RM for an ack.

TBF I'm not thrilled by the amount of patches and the limited time before
the release. :(

ISTR we mainly use gpgv from src:gnupg2, through the gpgv-udeb package.
Any chance you could pinpoint changesets affecting it, so that I can
concentrate on those only?

Thanks already.


KiBi.


signature.asc
Description: Digital signature

Processed: Re: Bug#863519: unblock blockdiag/1.5.3+dfsg-2

[Debian Bug Tracking System]

Processing control commands:

> tag -1 moreinfo
Bug #863519 [release.debian.org] unblock blockdiag/1.5.3+dfsg-2
Ignoring request to alter tags of bug #863519 to the same tags previously set

-- 
863519: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863519
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#863519: unblock blockdiag/1.5.3+dfsg-2

[Jonathan Wiltshire]

Control: tag -1 moreinfo

On Sun, May 28, 2017 at 08:51:27AM +0900, Kouhei Maeda wrote:
> +export PYBUILD_BEFORE_BUILD=cp -a $(CURDIR)/src/blockdiag.egg-info
> {build_dir};cp -f $(CURDIR)/debian/circle.* /tmp/

Apologies for not spotting it sooner, but there's a symlink vulnerability
here (imagine if /tmp/circle.* was a symlink to something important),
and I'm not sure that you should hardcode /tmp either ($TMPDIR?).

I'm a bit concerned there's more going on here than just the bug fixes.
What would the minimum required changes to fix #860689 and #847930 look
like?

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Re: [pkg-gnupg-maint] Last chance for d-i changes in stretch

[Didier 'OdyX' Raboud]

Le mardi, 30 mai 2017, 12.56:29 h CEST Daniel Kahn Gillmor a écrit :
> I've just filed unblock request #863734, which will hopefully achieve
> this result.

Ah great. Will keep an eye and upload as soon that's granted :-)

-- 
OdyX

Bug#863734: unblock: gnupg2/2.1.18-8

[Jonathan Wiltshire]

Control: tag -1 moreinfo

On Tue, May 30, 2017 at 12:41:48PM -0400, Daniel Kahn Gillmor wrote:
> Please unblock package gnupg2
> 
> The gnupg2 source package 2.1.18-8 contains a significant number of
> useful fixes from 2.1.18-6, and should be propagated into testing.

Cc-ing the d-i RM for an ack.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Processed: Re: Bug#863734: unblock: gnupg2/2.1.18-8

[Debian Bug Tracking System]

Processing control commands:

> tag -1 moreinfo
Bug #863734 [release.debian.org] unblock: gnupg2/2.1.18-8
Added tag(s) moreinfo.

-- 
863734: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863734
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#863735: marked as done (unblock: freeradius/3.0.12+dfsg-5)

[Debian Bug Tracking System]

Your message dated Tue, 30 May 2017 21:13:11 +0100
with message-id <20170530201311.ruo6j6hp7ldfn...@powdarrmonkey.net>
and subject line Re: Bug#863735: unblock: freeradius/3.0.12+dfsg-5
has caused the Debian Bug report #863735,
regarding unblock: freeradius/3.0.12+dfsg-5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863735: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863735
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package freeradius

The new upload addresses a security issue: CVE-2017-9148, #863673

% debdiff freeradius_3.0.12+dfsg-4.dsc freeradius_3.0.12+dfsg-5.dsc 
dpkg-source: warning: extracting unsigned source package 
(/home/michael/d/out/freeradius/freeradius_3.0.12+dfsg-4.dsc)
diff -Nru freeradius-3.0.12+dfsg/debian/changelog 
freeradius-3.0.12+dfsg/debian/changelog
--- freeradius-3.0.12+dfsg/debian/changelog 2016-11-17 22:29:04.0 
+0100
+++ freeradius-3.0.12+dfsg/debian/changelog 2017-05-30 17:18:34.0 
+0200
@@ -1,3 +1,9 @@
+freeradius (3.0.12+dfsg-5) unstable; urgency=high
+
+  * disable session cache to address CVE-2017-9148 (closes: #863673)
+
+ -- Michael Stapelberg   Tue, 30 May 2017 17:18:34 +0200
+
 freeradius (3.0.12+dfsg-4) unstable; urgency=medium
 
   * fix openssl-1.1.diff: initialize ctx_out
diff -Nru 
freeradius-3.0.12+dfsg/debian/patches/disable-session-cache-CVE-2017-9148.patch 
freeradius-3.0.12+dfsg/debian/patches/disable-session-cache-CVE-2017-9148.patch
--- 
freeradius-3.0.12+dfsg/debian/patches/disable-session-cache-CVE-2017-9148.patch 
1970-01-01 01:00:00.0 +0100
+++ 
freeradius-3.0.12+dfsg/debian/patches/disable-session-cache-CVE-2017-9148.patch 
2017-05-30 17:18:34.0 +0200
@@ -0,0 +1,49 @@
+Description: disable session caching in the server (as opposed to in the
+ config, which would be way harder to get right) to address
+ https://security-tracker.debian.org/tracker/CVE-2017-9148
+Author: Michael Stapelberg 
+Forwarded: not-needed
+Last-Update: 2017-05-30
+
+---
+
+Index: freeradius/src/main/tls.c
+===
+--- freeradius.orig/src/main/tls.c
 freeradius/src/main/tls.c
+@@ -579,7 +579,7 @@ tls_session_t *tls_new_session(TALLOC_CT
+*
+*  FIXME: Also do it every N sessions?
+*/
+-  if (conf->session_cache_enable &&
++  if (/*conf->session_cache_enable*/0 &&
+   ((conf->session_last_flushed + ((int)conf->session_timeout * 1800)) 
<= request->timestamp)){
+   RDEBUG2("Flushing SSL sessions (of #%ld)", 
SSL_CTX_sess_number(conf->ctx));
+ 
+@@ -674,7 +674,7 @@ tls_session_t *tls_new_session(TALLOC_CT
+   state->mtu = vp->vp_integer;
+   }
+ 
+-  if (conf->session_cache_enable) state->allow_session_resumption = true; 
/* otherwise it's false */
++  if (/*conf->session_cache_enable*/0) state->allow_session_resumption = 
true; /* otherwise it's false */
+ 
+   return state;
+ }
+@@ -2848,7 +2848,7 @@ post_ca:
+   /*
+*  Callbacks, etc. for session resumption.
+*/
+-  if (conf->session_cache_enable) {
++  if (/*conf->session_cache_enable*/0) {
+   /*
+*  Cache sessions on disk if requested.
+*/
+@@ -2916,7 +2916,7 @@ post_ca:
+   /*
+*  Setup session caching
+*/
+-  if (conf->session_cache_enable) {
++  if (/*conf->session_cache_enable*/0) {
+   /*
+*  Create a unique context Id per EAP-TLS configuration.
+*/
diff -Nru freeradius-3.0.12+dfsg/debian/patches/series 
freeradius-3.0.12+dfsg/debian/patches/series
--- freeradius-3.0.12+dfsg/debian/patches/series2016-11-17 
22:29:04.0 +0100
+++ freeradius-3.0.12+dfsg/debian/patches/series2017-05-30 
17:18:34.0 +0200
@@ -1,3 +1,4 @@
+disable-session-cache-CVE-2017-9148.patch
 debian-local/0001-Rename-radius-to-freeradius.patch
 0002-gitignore.diff.patch
 0006-jradius.diff.patch

unblock freeradius/3.0.12+dfsg-5

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'unstable')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386, armel, mipsel, arm64

Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 

Bug#863730: unblock: gnome-calendar/3.22.4-2

[Michael Biebl]

Am 30.05.2017 um 22:03 schrieb Jonathan Wiltshire:
> Control: tag -1 moreinfo
> 
> Hi,
> 
> On Tue, May 30, 2017 at 04:53:41PM +0200, Michael Biebl wrote:
>> Please unblock package gnome-calendar
>>
>> It's a targetted two-line fix for a crasher bug:
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858924
>>
>> The patch is from upstream, the package has already been uploaded and
>> was successfully built everywhere.
> 
> Unfortunately it's stuck behind a new upstream from March. Is this worth
> trying to revert or do through t-p-u, or better abandoned?

Hm,...
Given the tiny diff between 3.22.3 and 3.22.4 and the fact that 3.22.4
has been in unstable for 2 months without new bug reports, maybe
unblocking 3.22.4-1 would be the best option.

Other then that, I'd be willing to prepare a tpu upload.

Regards,
Michael


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
diff --git a/NEWS b/NEWS
index 801c6ec..8e490ac 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,6 @@
+Major changes in 3.22.4:
+* Fix outstanding performance issue in Year view
+
 Major changes in 3.22.3:
 * Only decrease search counter when something is removed (Georges Basile Stavracas Neto)
 * Focus entry after calendar selection in quick popover (Mohammed Sadiq)
diff --git a/configure.ac b/configure.ac
index 9741b40..7f304f8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,6 +1,6 @@
 dnl -*- mode: m4 -*-
 AC_PREREQ([2.69])
-AC_INIT([gnome-calendar],[3.22.3],[http://bugzilla.gnome.org/enter_bug.cgi?product=gnome-calendar],[gnome-calendar],[https://wiki.gnome.org/Apps/Calendar])
+AC_INIT([gnome-calendar],[3.22.4],[http://bugzilla.gnome.org/enter_bug.cgi?product=gnome-calendar],[gnome-calendar],[https://wiki.gnome.org/Apps/Calendar])
 
 AX_IS_RELEASE([minor-version])
 
diff --git a/data/appdata/org.gnome.Calendar.appdata.xml.in b/data/appdata/org.gnome.Calendar.appdata.xml.in
index e69de4b..3f9851f 100644
--- a/data/appdata/org.gnome.Calendar.appdata.xml.in
+++ b/data/appdata/org.gnome.Calendar.appdata.xml.in
@@ -42,6 +42,16 @@
   GNOME
 
   
+
+  
+
+  This is the fifth stable release for GNOME Calendar 3.22, and fixes
+  an outstanding performance issue in Year view.
+
+Thanks to all the contributors that worked on GNOME Calendar!
+  
+
+
 
   
 
diff --git a/src/gcal-window.c b/src/gcal-window.c
index f4a4945..85c799f 100644
--- a/src/gcal-window.c
+++ b/src/gcal-window.c
@@ -702,7 +702,7 @@ set_new_event_mode (GcalWindow *window,
   /* for now we relaunch the new-event widget */
   if (!enabled && gtk_widget_is_visible (window->quick_add_popover))
 {
-  gtk_widget_set_visible (window->quick_add_popover, FALSE);
+  gtk_popover_popdown (GTK_POPOVER (window->quick_add_popover));
 }
 }
 
@@ -750,7 +750,7 @@ show_new_event_widget (GcalView   *view,
   rect.height = 1;
 
   gtk_popover_set_pointing_to (GTK_POPOVER (window->quick_add_popover), );
-  gtk_widget_show (window->quick_add_popover);
+  gtk_popover_popup (GTK_POPOVER (window->quick_add_popover));
 }
 
 static void
diff --git a/src/gcal-year-view.c b/src/gcal-year-view.c
index e1c5d4c..79612be 100644
--- a/src/gcal-year-view.c
+++ b/src/gcal-year-view.c
@@ -108,6 +108,13 @@ struct _GcalYearView
 
   /* date property */
   icaltimetype *date;
+
+  /*
+   * Array with the events at every month. Events
+   * that span multiple months are added multiple
+   * times to the array.
+   */
+  GPtrArray*events[12];
 };
 
 enum {
@@ -650,6 +657,45 @@ calculate_day_month_for_coord (GcalYearView *year_view,
   *out_day = day;
   return TRUE;
 }
+static guint
+count_events_at_day (GcalYearView *self,
+ icaltimetype *today)
+{
+  g_autoptr (GDateTime) today_start, today_end;
+  GPtrArray *events;
+  guint i, n_events;
+
+  events = self->events[today->month - 1];
+  n_events = 0;
+  today_start = icaltime_to_datetime (today);
+  today_end = g_date_time_add_days (today_start, 1);
+
+  for (i = 0; i < events->len; i++)
+{
+  g_autoptr (GDateTime) event_start, event_end;
+  GcalEvent *event;
+
+  event = g_ptr_array_index (events, i);
+
+  event_start = g_date_time_ref (gcal_event_get_date_start (event));
+
+  if (gcal_event_get_all_day (event))
+  event_end = g_date_time_add_days (gcal_event_get_date_end (event), -1);
+  else
+  event_end = g_date_time_ref (gcal_event_get_date_end (event));
+
+
+  if (datetime_compare_date (event_start, today_end) >= 0 ||
+  datetime_compare_date (event_end, today_start) < 0)
+{
+  continue;
+}
+
+  n_events++;
+}
+
+  return n_events;
+}
 
 static void
 draw_month_grid (GcalYearView *year_view,
@@ -671,8 +717,7 @@ draw_month_grid (GcalYearView *year_view,
   gint days_delay, days, shown_rows, sunday_idx;
   gchar *str, *nr_day, *nr_week;
   gboolean selected_day;
-  GList *events;
-  icaltimetype start_date, 

Processed: Re: Bug#863730: unblock: gnome-calendar/3.22.4-2

[Debian Bug Tracking System]

Processing control commands:

> tag -1 moreinfo
Bug #863730 [release.debian.org] unblock: gnome-calendar/3.22.4-2
Added tag(s) moreinfo.

-- 
863730: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863730
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#863730: unblock: gnome-calendar/3.22.4-2

[Jonathan Wiltshire]

Control: tag -1 moreinfo

Hi,

On Tue, May 30, 2017 at 04:53:41PM +0200, Michael Biebl wrote:
> Please unblock package gnome-calendar
> 
> It's a targetted two-line fix for a crasher bug:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858924
> 
> The patch is from upstream, the package has already been uploaded and
> was successfully built everywhere.

Unfortunately it's stuck behind a new upstream from March. Is this worth
trying to revert or do through t-p-u, or better abandoned?

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Bug#863726: marked as done (unblock: strongswan/5.5.1-4)

[Debian Bug Tracking System]

Your message dated Tue, 30 May 2017 20:59:05 +0100
with message-id <20170530195905.iw67mypov363v...@powdarrmonkey.net>
and subject line Re: Bug#863726: unblock: strongswan/5.5.1-4
has caused the Debian Bug report #863726,
regarding unblock: strongswan/5.5.1-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863726: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863726
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package strongswan

This upload fix two security vulnerabilities in strongSwan, debdiff is
attached (sorry, patches are in dos format…)

unblock strongswan/5.5.1-4

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (450, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), 
LANGUAGE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru strongswan-5.5.1/debian/changelog strongswan-5.5.1/debian/changelog
--- strongswan-5.5.1/debian/changelog   2017-01-16 12:58:26.0 +0100
+++ strongswan-5.5.1/debian/changelog   2017-05-29 21:52:41.0 +0200
@@ -1,3 +1,17 @@
+strongswan (5.5.1-4) unstable; urgency=high
+
+  * Urgency=high for the security fix.
+  * debian/patches:
+- CVE-2017-9022_insufficient_input_validation_gmp_plugin added, fix
+insufficient input validation in gmp plugin which could lead to denial of
+service (CVE-2017-9022).
+- CVE-2017-9023_incorrect_handling_of_choice_types_in_asn1_parser added,
+fix incorrect handling of CHOICE types in ASN.1 parser and x509 plugin
+whch could lead to an infinite loop and a denial of service
+(CVE-2017-9023).
+
+ -- Yves-Alexis Perez   Mon, 29 May 2017 21:52:41 +0200
+
 strongswan (5.5.1-3) unstable; urgency=medium
 
   [ Christian Ehrhardt ]
diff -Nru 
strongswan-5.5.1/debian/patches/CVE-2017-9022_insufficient_input_validation_gmp_plugin.patch
 
strongswan-5.5.1/debian/patches/CVE-2017-9022_insufficient_input_validation_gmp_plugin.patch
--- 
strongswan-5.5.1/debian/patches/CVE-2017-9022_insufficient_input_validation_gmp_plugin.patch
1970-01-01 01:00:00.0 +0100
+++ 
strongswan-5.5.1/debian/patches/CVE-2017-9022_insufficient_input_validation_gmp_plugin.patch
2017-05-29 19:21:19.0 +0200
@@ -0,0 +1,42 @@
+From 1bf67b900fb4955a0b09f3c1cbe1ce7177adbe2f Mon Sep 17 00:00:00 2001
+From: Tobias Brunner 
+Date: Wed, 29 Mar 2017 11:26:24 +0200
+Subject: [PATCH] gmp: Make sure the modulus is odd and the exponent not zero
+
+Unlike mpz_powm() its secure replacement mpz_powm_sec() has the additional
+requirement that the exponent must be > 0 and the modulus has to be odd.
+Otherwise, it will crash with a floating-point exception.
+
+Fixes: CVE-2017-9022
+---
+ src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 7 ++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c 
b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+index 2b2c7f249590..32a72ac9600b 100644
+--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
 b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+@@ -475,7 +475,7 @@ gmp_rsa_public_key_t *gmp_rsa_public_key_load(key_type_t 
type, va_list args)
+   }
+   break;
+   }
+-  if (!e.ptr || !n.ptr)
++  if (!e.len || !n.len || (n.ptr[n.len-1] & 0x01) == 0)
+   {
+   return NULL;
+   }
+@@ -506,5 +506,10 @@ gmp_rsa_public_key_t *gmp_rsa_public_key_load(key_type_t 
type, va_list args)
+ 
+   this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE;
+ 
++  if (!mpz_sgn(this->e))
++  {
++  destroy(this);
++  return NULL;
++  }
+   return >public;
+ }
+-- 
+1.9.1
+
+
\ No newline at end of file
diff -Nru 
strongswan-5.5.1/debian/patches/CVE-2017-9023_incorrect_handling_of_choice_types_in_asn1_parser.patch
 
strongswan-5.5.1/debian/patches/CVE-2017-9023_incorrect_handling_of_choice_types_in_asn1_parser.patch
--- 
strongswan-5.5.1/debian/patches/CVE-2017-9023_incorrect_handling_of_choice_types_in_asn1_parser.patch
   1970-01-01 01:00:00.0 +0100
+++ 

Bug#863725: unblock: autodep8/0.9

[Jonathan Wiltshire]

Control: tag -1 moreinfo

Hi,

On Tue, May 30, 2017 at 11:01:40AM -0300, Antonio Terceiro wrote:
> This release adds support for Go packages, but otherwise contains no
> changes to the existing functionality. I know this is not exactly the
> kind of thing we want during the freeze, but autodep8 is part of the CI
> infrastructure, and it will be really useful to have this version in
> stretch (as well as in jessie-backports).

I'm quite reluctant this late in the process (a couple of weeks ago I
wouldn't have minded so much). Is this not a good candidate for
stretch-backports when it opens?

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Processed: Re: Bug#863725: unblock: autodep8/0.9

[Debian Bug Tracking System]

Processing control commands:

> tag -1 moreinfo
Bug #863725 [release.debian.org] unblock: autodep8/0.9
Added tag(s) moreinfo.

-- 
863725: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863725
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#863715: marked as done (unblock: boinc 7.6.33+dfsg-12)

[Debian Bug Tracking System]

Your message dated Tue, 30 May 2017 20:51:38 +0100
with message-id <20170530195138.6qmm25tinjmzd...@powdarrmonkey.net>
and subject line Re: Bug#863715: unblock: boinc 7.6.33+dfsg-12
has caused the Debian Bug report #863715,
regarding unblock: boinc 7.6.33+dfsg-12
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863715: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863715
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock


Hi Release Team

Please unblock package boinc

unblock boinc/7.6.33+dfsg-12

We refactored a little bit with the upstream version a patch already in Stretch,
and I removed the fglrx package, uninstallable because fglrx is now dead

debdiff here:

diff -Nru boinc-7.6.33+dfsg/debian/changelog boinc-7.6.33+dfsg/debian/changelog
--- boinc-7.6.33+dfsg/debian/changelog  2017-04-04 08:08:14.0 +0200
+++ boinc-7.6.33+dfsg/debian/changelog  2017-05-30 11:40:51.0 +0200
@@ -1,3 +1,22 @@
+boinc (7.6.33+dfsg-12) unstable; urgency=medium
+
+  [ Steffen Moeller ]
+  * Added dependency on  lsb-base (>= 3.0-6) of boinc-client for the init
+script. Thanks to Lintian and the Package Tracker for spotting that.
+
+  [ Gianfranco Costamagna ]
+  * Update the previous boinc-issue-1177.patch with the upstream merged patch.
+  * Remove boinc-client-fglrx: dead, depends on removed fglrx libraries.
+(Closes: #863699)
+
+ -- Gianfranco Costamagna   Tue, 30 May 2017 
11:39:31 +0200
+
+boinc (7.6.33+dfsg-11exp1) experimental; urgency=medium
+
+  * Upload to experimental again, with the boinc-server-* packages.
+
+ -- Gianfranco Costamagna   Tue, 04 Apr 2017 
08:10:03 +0200
+
 boinc (7.6.33+dfsg-11) unstable; urgency=medium
 
   * Upload to unstable
diff -Nru boinc-7.6.33+dfsg/debian/control boinc-7.6.33+dfsg/debian/control
--- boinc-7.6.33+dfsg/debian/control2017-04-04 08:09:03.0 +0200
+++ boinc-7.6.33+dfsg/debian/control2017-05-30 11:41:46.0 +0200
@@ -103,37 +103,16 @@
  non-free section to the regular boinc package. This also meant this
  binary package to be redistributed in the contrib section of Debian.
 
-Package: boinc-client-fglrx
-Architecture: amd64 i386
-Section: contrib/net
-Priority: extra
-Breaks: boinc-nvidia-cuda
-Replaces: boinc-nvidia-cuda
-Depends: ${misc:Depends}, boinc-client
-Recommends: libfglrx | fglrx-updates | fglrx
-Description: metapackage for AMD/ATI fglrx-savvy BOINC client and manager
- The Berkeley Open Infrastructure for Network Computing (BOINC) is a
- software platform for distributed computing: several initiatives of
- various scientific disciplines all compete for the idle time of
- desktop computers. The developers' web site at the University of
- Berkeley serves as a common portal to the otherwise independently run
- projects.
- .
- Regular users (righteously) often find it an unbearable nuisance to
- care for the configuration of BOINC for the fglrx-savvy AMD/ATI
- graphics cards.  This package adds a series of dependencies from the
- non-free section to the regular boinc package. This also meant this
- binary package to be redistributed in the contrib section of Debian.
-
 Package: boinc-client
 Architecture: any
 Depends: adduser,
  ca-certificates,
+ lsb-base (>= 3.0-6),
  libboinc7 (= ${binary:Version}),
  ${misc:Depends},
  ${python:Depends},
  ${shlibs:Depends}
-Suggests: boinc-client-opencl, boinc-client-fglrx, boinc-client-nvidia-cuda, 
boinc-manager, x11-xserver-utils
+Suggests: boinc-client-opencl, boinc-client-nvidia-cuda, boinc-manager, 
x11-xserver-utils
 Description: core client for the BOINC distributed computing infrastructure
  The Berkeley Open Infrastructure for Network Computing (BOINC) is a
  software platform for distributed computing: several initiatives of
diff -Nru boinc-7.6.33+dfsg/debian/control.in 
boinc-7.6.33+dfsg/debian/control.in
--- boinc-7.6.33+dfsg/debian/control.in 2017-03-14 12:22:46.0 +0100
+++ boinc-7.6.33+dfsg/debian/control.in 2017-05-30 11:38:56.0 +0200
@@ -103,37 +103,16 @@
 @ non-free section to the regular boinc package. This also meant this
 @ binary package to be redistributed in the contrib section of Debian.
 @
-@Package: boinc-client-fglrx
-@Architecture: amd64 i386
-@Section: contrib/net
-@Priority: extra
-@Breaks: boinc-nvidia-cuda
-@Replaces: boinc-nvidia-cuda
-@Depends: ${misc:Depends}, boinc-client
-@Recommends: libfglrx | fglrx-updates | fglrx

Bug#863714: unblock: libetpan/1.6-3

[Jonathan Wiltshire]

Control: tag -1 moreinfo

On Tue, May 30, 2017 at 11:53:31AM +0200, Ricardo Mones wrote:
> Please unblock package libetpan
> 
> Fixes bug 862151 (CVE-2017-8825). Diff includes an update to Homepage
> field which was already in git since past year ;)

The diff looks fine, but I can't unblock something that isn't in the
archive.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Processed: Re: Bug#863714: unblock: libetpan/1.6-3

[Debian Bug Tracking System]

Processing control commands:

> tag -1 moreinfo
Bug #863714 [release.debian.org] unblock: libetpan/1.6-3
Added tag(s) moreinfo.

-- 
863714: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863714
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#863709: marked as done (unblock: seqan2/2.3.1+dfsg-3.1)

[Debian Bug Tracking System]

Your message dated Tue, 30 May 2017 20:31:28 +0100
with message-id <20170530193128.er6ff4ahx5mrk...@powdarrmonkey.net>
and subject line Re: Bug#863709: unblock: seqan2/2.3.1+dfsg-3.1
has caused the Debian Bug report #863709,
regarding unblock: seqan2/2.3.1+dfsg-3.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863709: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863709
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-CC: Andreas Tille 

Dear Release Team,

Please consider unblocking seqan2 2.3.1+dfsg-3.1:
  
  seqan2 (2.3.1+dfsg-3.1) unstable; urgency=medium
  
* Non-maintainer upload.
* Fix broken /usr/bin/splazers symlink on 32-bit architectures.
  (Closes: #863669)


The full debdiff is attached.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-


debdiff
Description: Binary data
--- End Message ---
--- Begin Message ---
On Tue, May 30, 2017 at 10:23:03AM +0100, Chris Lamb wrote:
> Please consider unblocking seqan2 2.3.1+dfsg-3.1:
>   
>   seqan2 (2.3.1+dfsg-3.1) unstable; urgency=medium
>   
> * Non-maintainer upload.
> * Fix broken /usr/bin/splazers symlink on 32-bit architectures.
>   (Closes: #863669)

Unblocked and aged. Thanks.


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51--- End Message ---

Bug#863549: marked as done (unblock: nvidia-graphics-drivers/375.66-1)

[Debian Bug Tracking System]

Your message dated Tue, 30 May 2017 20:28:03 +0100
with message-id <20170530192803.utokrnjan4pco...@powdarrmonkey.net>
and subject line Re: Bug#863549: unblock: nvidia-graphics-drivers/375.66-1
has caused the Debian Bug report #863549,
regarding unblock: nvidia-graphics-drivers/375.66-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863549: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863549
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear Release Team,

Please unblock package nvidia-graphics-drivers

nvidia-graphics-drivers in stretch (non-free) is affected by the
following "high" priority CVEs:

CVE-2017-0350 CVE-2017-0351 CVE-2017-0352 [1]

Tracked by Debian bug #863515 [2] and fixed by upstream version 375.66.
375.66-1 has just been uploaded to unstable.

Please consider unblocking the new version 375.66-1 to allow it to
migrate to testing, if possible in 5 days to allow plenty time before
the deadline of June the 9th.

Given this is a non-free package that includes upstream proprietary
binary blobs, the attached debdiff only covers the changes in the
debian/ directory.

The changes with the previous versions are:

- Update changelog to mention upstream changes
- Update changelog to sync with updates to stable and oldstable
- Drop kernel modules patches merged upstream
- Adjust symbols files for library changes in 375.66
- Adjust list of supported hardware IDs (nv-readme.ids)
- Adjust source package metadata to mark the kernel modules as tested
up to Linux 4.10

Kind regards,
Luca Boccassi

[1] https://security-tracker.debian.org/tracker/CVE-2017-0350
https://security-tracker.debian.org/tracker/CVE-2017-0351
https://security-tracker.debian.org/tracker/CVE-2017-0352
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863515diff -Nru --exclude '*.run' nvidia-graphics-drivers-375.39/debian/changelog nvidia-graphics-drivers-375.66/debian/changelog
--- nvidia-graphics-drivers-375.39/debian/changelog	2017-02-23 15:36:38.0 +
+++ nvidia-graphics-drivers-375.66/debian/changelog	2017-05-28 12:03:11.0 +0100
@@ -1,3 +1,58 @@
+nvidia-graphics-drivers (375.66-1) unstable; urgency=medium
+
+  * New upstream long lived branch release 375.66 (2017-05-04).
+* Fixed CVE-2017-0350, CVE-2017-0351, CVE-2017-0352.  (Closes: #863515)
+- Added support for the following GPUs: GeForce GTX 1080 Ti, Quadro P3000,
+  Quadro M520, TITAN Xp
+- Fixed a bug that could cause EGL applications to crash when calling
+  eglInitialize() multiple times on X11-backed displays.
+- Fixed a regression that could cause rendering corruption on a monitor
+  connected via DisplayPort upon a modeset event (for example, changing
+  resolutions or power cycling the monitor).
+- Updated the display configuration page in the nvidia-settings control
+  panel to accurately reflect HDMI 3D refresh rates.
+- Fixed a bug that could cause OpenGL applications to crash when VT
+  switching between multiple X servers.
+- Fixed a bug that caused the system to become unresponsive after resuming
+  from power management suspend/hibernate. Additional symptoms of this bug
+  included display flickering and "Xid 56" errors in the kernel log.
+- Fixed a bug that caused backlight brightness to not be controllable on
+  some notebooks with DisplayPort internal panels.
+- Fixed a bug that left HDMI and DisplayPort audio muted after a
+  framebuffer console mode was restored. For some displays, this caused the
+  display to remain blank.
+- Fixed a bug that caused audio over DisplayPort to stop working when the
+  monitor was unplugged and plugged back in or awoken from DPMS
+  power-saving mode.
+- Restored support for the following GPU: GRID K520
+- Fixed a regression that caused corruption in certain applications, such
+  as window border shadows in Unity, after resuming from suspend.
+- Installation of the nvidia-drm kernel module is now optional. The new
+  '--no-drm' option can be used to prevent nvidia-installer from building
+  and installing nvidia-drm, on systems where this kernel module fails to
+  build and/or load.
+- Fixed a bug that could cause some applications to crash when running with
+  PRIME Sync.
+- Fixed a bug that prevented PRIME Sync from working on notebooks with
+  GeForce GTX 4xx and 5xx series GPUs.
+- Fixed a bug that caused OpenGL apps to have 

Bug#863706: marked as done (unblock: coyim/0.3.7-3)

[Debian Bug Tracking System]

Your message dated Tue, 30 May 2017 20:24:15 +0100
with message-id <20170530192415.a23vvs5v2sbws...@powdarrmonkey.net>
and subject line Re: Bug#863706: unblock: coyim/0.3.7-3
has caused the Debian Bug report #863706,
regarding unblock: coyim/0.3.7-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863706: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863706
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

please unblock coyim. The version currently in unstable fixes an
FTBFS due to failing tests which also tried network connections at
build time. See #863414 [1].

The patch, kindly provided by Chris Lamb, is very small and disables
the problematic tests, which shouldn't really run at build time anyway.
Please see attached debdiff for the exact changes.

unblock coyim/0.3.7-3

Thanks
Sascha

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863414
diff -Nru coyim-0.3.7/debian/changelog coyim-0.3.7/debian/changelog
--- coyim-0.3.7/debian/changelog2016-11-04 00:17:08.0 +0100
+++ coyim-0.3.7/debian/changelog2017-05-29 10:31:46.0 +0200
@@ -1,3 +1,14 @@
+coyim (0.3.7-3) unstable; urgency=medium
+
+  [ Chris Lamb ]
+  * Skip tests that require internet access to avoid FTBFS. Whilst this was
+proximately caused by missing Build-Depends on "ca-certificates", the
+testsuite would remain brittle due to it requiring an internet connection
+and a valid remote SSL certificate at www.olabini.se:443.
+(Closes: #863414)
+
+ -- Sascha Steinbiss   Mon, 29 May 2017 10:31:46 +0200
+
 coyim (0.3.7-2) unstable; urgency=medium
 
   * Remove unused Build-deps on golint, ruby and git.
diff -Nru coyim-0.3.7/debian/rules coyim-0.3.7/debian/rules
--- coyim-0.3.7/debian/rules2016-10-28 07:40:28.0 +0200
+++ coyim-0.3.7/debian/rules2017-05-29 10:17:08.0 +0200
@@ -12,7 +12,8 @@
 
 override_dh_auto_test:
find ./config/importer -type d -name '*test_data' | xargs cp -rv -t 
/tmp ./config/importer/xmpp_client_test_conf.json
-   dh_auto_test --
+   # Skip tests requiring internet access
+   DH_GOLANG_EXCLUDES="github.com/twstrike/coyim/xmpp" dh_auto_test --
 
 override_dh_auto_build:
dh_auto_build --
--- End Message ---
--- Begin Message ---
On Tue, May 30, 2017 at 10:39:32AM +0200, Sascha Steinbiss wrote:
> please unblock coyim. The version currently in unstable fixes an
> FTBFS due to failing tests which also tried network connections at
> build time. See #863414 [1].

Already unblocked by Niels, and should migrate tomorrow.

Thanks,


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51--- End Message ---

Bug#863634: marked as done (unblock: systemd/232-24)

[Debian Bug Tracking System]

Your message dated Tue, 30 May 2017 20:06:35 +0100
with message-id <55a0afc9d51690d36d2ff1900f66a...@debian.org>
and subject line Re: Bug#863634: unblock: systemd/232-24
has caused the Debian Bug report #863634,
regarding unblock: systemd/232-24
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863634: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863634
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi,

I'd like to make another upload of systemd if possible.
It fixes a remote DoS in resolved (#863277). We don't enable resolved
by default in Debian, so this bug is not super critical.
But since an (upstream) fix exists, I would prefer to have this fix in
stretch. The attached debdiff also has two smaller fixes which have
piled up in the stretch branch in the mean time.

Please let me know if I can proceed with the upload.
If you want me to postpone that for 9.1, I'm fine as well. Uploading it
now would have the benefit though of at least some testing in unstable.

The changes don't touch d-i, but I've CCed debian-boot@ anyway for an
ack.

Full debdiff attached.

Regards,
Michael


-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff --git a/debian/changelog b/debian/changelog
index 2c670e7..68276b7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+systemd (232-24) unstable; urgency=medium
+
+  [ Felipe Sateler ]
+  * Specify nobody user and group.
+Otherwise nss-systemd will translate to group 'nobody', which doesn't
+exist on debian systems.
+
+  [ Michael Biebl ]
+  * Add Depends: procps to systemd.
+It's required by /usr/lib/systemd/user/systemd-exit.service which calls
+/bin/kill to stop the systemd --user instance. (Closes: #862292)
+  * resolved: fix null pointer p->question dereferencing.
+This fixes a bug which allowed a remote DoS (daemon crash) via a crafted
+DNS response with an empty question section.
+Fixes: CVE-2017-9217 (Closes: #863277)
+
+ -- Michael Biebl   Mon, 29 May 2017 16:25:43 +0200
+
 systemd (232-23) unstable; urgency=medium
 
   [ Michael Biebl ]
diff --git a/debian/control b/debian/control
index b48a50a..c4e7db1 100644
--- a/debian/control
+++ b/debian/control
@@ -74,6 +74,7 @@ Depends: ${shlibs:Depends},
  util-linux (>= 2.27.1),
  mount (>= 2.26),
  adduser,
+ procps,
 Breaks: lvm2 (<< 2.02.104-1),
 apparmor (<< 2.9.2-1),
 systemd-shim (<< 10-3~),
diff --git 
a/debian/patches/resolved-bugfix-of-null-pointer-p-question-dereferencing-.patch
 
b/debian/patches/resolved-bugfix-of-null-pointer-p-question-dereferencing-.patch
new file mode 100644
index 000..0d134c1
--- /dev/null
+++ 
b/debian/patches/resolved-bugfix-of-null-pointer-p-question-dereferencing-.patch
@@ -0,0 +1,24 @@
+From: Evgeny Vereshchagin 
+Date: Wed, 24 May 2017 08:56:48 +0300
+Subject: resolved: bugfix of null pointer p->question dereferencing (#6020)
+
+See https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396
+(cherry picked from commit a924f43f30f9c4acaf70618dd2a055f8b0f166be)
+---
+ src/resolve/resolved-dns-packet.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/resolve/resolved-dns-packet.c 
b/src/resolve/resolved-dns-packet.c
+index 337a8c4..07a761e 100644
+--- a/src/resolve/resolved-dns-packet.c
 b/src/resolve/resolved-dns-packet.c
+@@ -2264,6 +2264,9 @@ int dns_packet_is_reply_for(DnsPacket *p, const 
DnsResourceKey *key) {
+ if (r < 0)
+ return r;
+ 
++if (!p->question)
++return 0;
++
+ if (p->question->n_keys != 1)
+ return 0;
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 44daef3..adc86a7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -62,6 +62,7 @@ Adjust-pkgconfig-files-to-point-at-rootlibdir-4584.patch
 journal-fix-up-syslog-facility-when-forwarding-native-mes.patch
 machinectl-make-sure-that-inability-to-get-OS-version-isn.patch
 nspawn-support-ephemeral-boots-from-images.patch
+resolved-bugfix-of-null-pointer-p-question-dereferencing-.patch
 debian/Use-Debian-specific-config-files.patch
 

Bug#863702: unblock: compiz/0.9.13.0+16.10.20160818.2-5.1 (pre-approval)

[Jonathan Wiltshire]

Control: tag -1 confirmed moreinfo

On Tue, May 30, 2017 at 09:48:28AM +0200, Andreas Beckmann wrote:
> I want to upload a NMU of compiz to unstable fixing an upgrade issue
> from squeeze (there was no compiz in wheezy or jessie) by adding missing
> Breaks+Replaces, proposed patch attached.

Please go ahead and remove the moreinfo tag when it's ready to unblock.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Processed: Re: Bug#863702: unblock: compiz/0.9.13.0+16.10.20160818.2-5.1 (pre-approval)

[Debian Bug Tracking System]

Processing control commands:

> tag -1 confirmed moreinfo
Bug #863702 [release.debian.org] unblock: compiz/0.9.13.0+16.10.20160818.2-5.1 
(pre-approval)
Added tag(s) confirmed and moreinfo.

-- 
863702: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863702
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#863667: unblock: hexchat (pre-approval)

[Jonathan Wiltshire]

Control: tag -1 confirmed moreinfo

On Mon, May 29, 2017 at 10:49:46PM +0200, Mattia Rizzolo wrote:
> All considered probably such barely maintained plugin shouldn't be
> instaled by default indeed, therefore I'm asking for permission to
> upload the following debdiff and having it in stretch.

Agree. Please go ahead and remove the moreinfo tag when it is ready to
unblock.

Thanks,


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Processed: Re: Bug#863667: unblock: hexchat (pre-approval)

[Debian Bug Tracking System]

Processing control commands:

> tag -1 confirmed moreinfo
Bug #863667 [release.debian.org] unblock: hexchat (pre-approval)
Added tag(s) confirmed and moreinfo.

-- 
863667: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863667
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#863732: marked as done (unblock: runit/2.1.2-9.1)

[Debian Bug Tracking System]

Your message dated Tue, 30 May 2017 19:07:54 +
with message-id 
and subject line unblock runit
has caused the Debian Bug report #863732,
regarding unblock: runit/2.1.2-9.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863732: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863732
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Control: affects -1 runit

Please unblock package runit

I've just uploaded 2.1.2-9.1 as an NMU, removing the runit-init
package to resolve #861536 as discussed on that bug report.  Please
unblock this upload so that we can keep the runit binary package in
stretch.

unblock runit/2.1.2-9.1

-- System Information:
Debian Release: 9.0
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 
'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 
'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru runit-2.1.2/debian/changelog runit-2.1.2/debian/changelog
--- runit-2.1.2/debian/changelog2016-10-09 06:21:59.0 -0400
+++ runit-2.1.2/debian/changelog2017-05-30 11:46:28.0 -0400
@@ -1,3 +1,10 @@
+runit (2.1.2-9.1) unstable; urgency=medium
+
+  * non-maintainer upload
+  * drop runit-init package (Closes: #861536)
+
+ -- Daniel Kahn Gillmor   Tue, 30 May 2017 11:46:28 
-0400
+
 runit (2.1.2-9) unstable; urgency=medium
 
   * Make runit-init depends getty-run, otherwise user can end up with
diff -Nru runit-2.1.2/debian/control runit-2.1.2/debian/control
--- runit-2.1.2/debian/control  2016-10-09 02:47:44.0 -0400
+++ runit-2.1.2/debian/control  2017-05-28 15:07:36.0 -0400
@@ -26,8 +26,8 @@
  and a log facility with automatic log file rotation and disk space limits.
  .
  runit service supervision can run under sysv init or replace the init
- system completely.  Complete init replacement provided by 'runit-init'
- package.
+ system completely.  Complete init replacement needs to be done by hand
+ (see https://bugs.debian.org/861536)
 
 Package: runit-systemd
 Architecture: all
@@ -71,19 +71,3 @@
  .
  This package provides scripts to supervise getty processes, allowing
  local login.
-
-Package: runit-init
-Architecture: any
-Depends: runit (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends}, 
getty-run
-Replaces: systemd-sysv, sysvinit (<< 2.88dsf-44~), sysvinit-core, upstart
-Conflicts: systemd-sysv, sysvinit (<< 2.88dsf-44~), sysvinit-core, upstart
-Priority: extra
-Description: system-wide service supervision (as init system)
- runit is a collection of tools to provide system-wide service supervision
- and to manage services.  Contrary to sysv init, it not only cares about
- starting and stopping services, but also supervises the service daemons
- while they are running.  Amongst other things, it provides a reliable
- interface to send signals to service daemons without the need for pid-files,
- and a log facility with automatic log file rotation and disk space limits.
- .
- This package provides /sbin/init, that boots your system and starts runit.
diff -Nru runit-2.1.2/debian/rules runit-2.1.2/debian/rules
--- runit-2.1.2/debian/rules2016-10-09 02:46:35.0 -0400
+++ runit-2.1.2/debian/rules2017-05-28 15:08:57.0 -0400
@@ -11,8 +11,6 @@
 
 override_dh_installman-arch:
dh_installman
-   mv debian/runit-init/usr/share/man/man8/runit-init.8 \
-   debian/runit-init/usr/share/man/man8/init.8
 
 override_dh_runit: runscripts/getty
dh_runit
@@ -32,7 +30,7 @@
dh_clean
 override_dh_installchangelogs:
dh_installchangelogs
-   dh_installchangelogs -p runit -p runit-init \
+   dh_installchangelogs -p runit \
runit-$(DEB_VERSION_UPSTREAM)/package/CHANGES
 
 .PHONY: runscripts/getty
diff -Nru runit-2.1.2/debian/runit-init.install 
runit-2.1.2/debian/runit-init.install
--- runit-2.1.2/debian/runit-init.install   2016-10-09 02:58:07.0 
-0400
+++ runit-2.1.2/debian/runit-init.install   1969-12-31 19:00:00.0 
-0500
@@ -1,6 +0,0 @@
-#!/usr/bin/dh-exec
-runit-2.1.2/src/runit-init => /sbin/init
-runit-2.1.2/src/runit  /sbin
-debian/contrib/shutdown /sbin
-debian/contrib/reboot   /sbin

Re: [pkg-gnupg-maint] Last chance for d-i changes in stretch

[Daniel Kahn Gillmor]

On Mon 2017-05-29 08:16:11 +0200, Didier 'OdyX' Raboud wrote:
> If I upload win32-loader now, it will embed gpgv-win32 2.1.18-8, no matter 
> which gnupg2 version will be part of stretch. There are three alternatives, 
> in 
> decreasing order of preference:
> * get gnupg2 in testing, upload win32-loader to unstable, migrate it

I've just filed unblock request #863734, which will hopefully achieve
this result.

 --dkg


signature.asc
Description: PGP signature

Bug#863735: unblock: freeradius/3.0.12+dfsg-5

[Michael Stapelberg]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package freeradius

The new upload addresses a security issue: CVE-2017-9148, #863673

% debdiff freeradius_3.0.12+dfsg-4.dsc freeradius_3.0.12+dfsg-5.dsc 
dpkg-source: warning: extracting unsigned source package 
(/home/michael/d/out/freeradius/freeradius_3.0.12+dfsg-4.dsc)
diff -Nru freeradius-3.0.12+dfsg/debian/changelog 
freeradius-3.0.12+dfsg/debian/changelog
--- freeradius-3.0.12+dfsg/debian/changelog 2016-11-17 22:29:04.0 
+0100
+++ freeradius-3.0.12+dfsg/debian/changelog 2017-05-30 17:18:34.0 
+0200
@@ -1,3 +1,9 @@
+freeradius (3.0.12+dfsg-5) unstable; urgency=high
+
+  * disable session cache to address CVE-2017-9148 (closes: #863673)
+
+ -- Michael Stapelberg   Tue, 30 May 2017 17:18:34 +0200
+
 freeradius (3.0.12+dfsg-4) unstable; urgency=medium
 
   * fix openssl-1.1.diff: initialize ctx_out
diff -Nru 
freeradius-3.0.12+dfsg/debian/patches/disable-session-cache-CVE-2017-9148.patch 
freeradius-3.0.12+dfsg/debian/patches/disable-session-cache-CVE-2017-9148.patch
--- 
freeradius-3.0.12+dfsg/debian/patches/disable-session-cache-CVE-2017-9148.patch 
1970-01-01 01:00:00.0 +0100
+++ 
freeradius-3.0.12+dfsg/debian/patches/disable-session-cache-CVE-2017-9148.patch 
2017-05-30 17:18:34.0 +0200
@@ -0,0 +1,49 @@
+Description: disable session caching in the server (as opposed to in the
+ config, which would be way harder to get right) to address
+ https://security-tracker.debian.org/tracker/CVE-2017-9148
+Author: Michael Stapelberg 
+Forwarded: not-needed
+Last-Update: 2017-05-30
+
+---
+
+Index: freeradius/src/main/tls.c
+===
+--- freeradius.orig/src/main/tls.c
 freeradius/src/main/tls.c
+@@ -579,7 +579,7 @@ tls_session_t *tls_new_session(TALLOC_CT
+*
+*  FIXME: Also do it every N sessions?
+*/
+-  if (conf->session_cache_enable &&
++  if (/*conf->session_cache_enable*/0 &&
+   ((conf->session_last_flushed + ((int)conf->session_timeout * 1800)) 
<= request->timestamp)){
+   RDEBUG2("Flushing SSL sessions (of #%ld)", 
SSL_CTX_sess_number(conf->ctx));
+ 
+@@ -674,7 +674,7 @@ tls_session_t *tls_new_session(TALLOC_CT
+   state->mtu = vp->vp_integer;
+   }
+ 
+-  if (conf->session_cache_enable) state->allow_session_resumption = true; 
/* otherwise it's false */
++  if (/*conf->session_cache_enable*/0) state->allow_session_resumption = 
true; /* otherwise it's false */
+ 
+   return state;
+ }
+@@ -2848,7 +2848,7 @@ post_ca:
+   /*
+*  Callbacks, etc. for session resumption.
+*/
+-  if (conf->session_cache_enable) {
++  if (/*conf->session_cache_enable*/0) {
+   /*
+*  Cache sessions on disk if requested.
+*/
+@@ -2916,7 +2916,7 @@ post_ca:
+   /*
+*  Setup session caching
+*/
+-  if (conf->session_cache_enable) {
++  if (/*conf->session_cache_enable*/0) {
+   /*
+*  Create a unique context Id per EAP-TLS configuration.
+*/
diff -Nru freeradius-3.0.12+dfsg/debian/patches/series 
freeradius-3.0.12+dfsg/debian/patches/series
--- freeradius-3.0.12+dfsg/debian/patches/series2016-11-17 
22:29:04.0 +0100
+++ freeradius-3.0.12+dfsg/debian/patches/series2017-05-30 
17:18:34.0 +0200
@@ -1,3 +1,4 @@
+disable-session-cache-CVE-2017-9148.patch
 debian-local/0001-Rename-radius-to-freeradius.patch
 0002-gitignore.diff.patch
 0006-jradius.diff.patch

unblock freeradius/3.0.12+dfsg-5

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'unstable')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386, armel, mipsel, arm64

Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Processed: unblock: gnupg2/2.1.18-8

[Debian Bug Tracking System]

Processing control commands:

> affects -1 src:gnupg2
Bug #863734 [release.debian.org] unblock: gnupg2/2.1.18-8
Added indication that 863734 affects src:gnupg2

-- 
863734: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863734
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: unblock: runit/2.1.2-9.1

[Debian Bug Tracking System]

Processing control commands:

> affects -1 runit
Bug #863732 [release.debian.org] unblock: runit/2.1.2-9.1
Added indication that 863732 affects runit

-- 
863732: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863732
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#863732: unblock: runit/2.1.2-9.1

[Daniel Kahn Gillmor]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Control: affects -1 runit

Please unblock package runit

I've just uploaded 2.1.2-9.1 as an NMU, removing the runit-init
package to resolve #861536 as discussed on that bug report.  Please
unblock this upload so that we can keep the runit binary package in
stretch.

unblock runit/2.1.2-9.1

-- System Information:
Debian Release: 9.0
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 
'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 
'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru runit-2.1.2/debian/changelog runit-2.1.2/debian/changelog
--- runit-2.1.2/debian/changelog2016-10-09 06:21:59.0 -0400
+++ runit-2.1.2/debian/changelog2017-05-30 11:46:28.0 -0400
@@ -1,3 +1,10 @@
+runit (2.1.2-9.1) unstable; urgency=medium
+
+  * non-maintainer upload
+  * drop runit-init package (Closes: #861536)
+
+ -- Daniel Kahn Gillmor   Tue, 30 May 2017 11:46:28 
-0400
+
 runit (2.1.2-9) unstable; urgency=medium
 
   * Make runit-init depends getty-run, otherwise user can end up with
diff -Nru runit-2.1.2/debian/control runit-2.1.2/debian/control
--- runit-2.1.2/debian/control  2016-10-09 02:47:44.0 -0400
+++ runit-2.1.2/debian/control  2017-05-28 15:07:36.0 -0400
@@ -26,8 +26,8 @@
  and a log facility with automatic log file rotation and disk space limits.
  .
  runit service supervision can run under sysv init or replace the init
- system completely.  Complete init replacement provided by 'runit-init'
- package.
+ system completely.  Complete init replacement needs to be done by hand
+ (see https://bugs.debian.org/861536)
 
 Package: runit-systemd
 Architecture: all
@@ -71,19 +71,3 @@
  .
  This package provides scripts to supervise getty processes, allowing
  local login.
-
-Package: runit-init
-Architecture: any
-Depends: runit (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends}, 
getty-run
-Replaces: systemd-sysv, sysvinit (<< 2.88dsf-44~), sysvinit-core, upstart
-Conflicts: systemd-sysv, sysvinit (<< 2.88dsf-44~), sysvinit-core, upstart
-Priority: extra
-Description: system-wide service supervision (as init system)
- runit is a collection of tools to provide system-wide service supervision
- and to manage services.  Contrary to sysv init, it not only cares about
- starting and stopping services, but also supervises the service daemons
- while they are running.  Amongst other things, it provides a reliable
- interface to send signals to service daemons without the need for pid-files,
- and a log facility with automatic log file rotation and disk space limits.
- .
- This package provides /sbin/init, that boots your system and starts runit.
diff -Nru runit-2.1.2/debian/rules runit-2.1.2/debian/rules
--- runit-2.1.2/debian/rules2016-10-09 02:46:35.0 -0400
+++ runit-2.1.2/debian/rules2017-05-28 15:08:57.0 -0400
@@ -11,8 +11,6 @@
 
 override_dh_installman-arch:
dh_installman
-   mv debian/runit-init/usr/share/man/man8/runit-init.8 \
-   debian/runit-init/usr/share/man/man8/init.8
 
 override_dh_runit: runscripts/getty
dh_runit
@@ -32,7 +30,7 @@
dh_clean
 override_dh_installchangelogs:
dh_installchangelogs
-   dh_installchangelogs -p runit -p runit-init \
+   dh_installchangelogs -p runit \
runit-$(DEB_VERSION_UPSTREAM)/package/CHANGES
 
 .PHONY: runscripts/getty
diff -Nru runit-2.1.2/debian/runit-init.install 
runit-2.1.2/debian/runit-init.install
--- runit-2.1.2/debian/runit-init.install   2016-10-09 02:58:07.0 
-0400
+++ runit-2.1.2/debian/runit-init.install   1969-12-31 19:00:00.0 
-0500
@@ -1,6 +0,0 @@
-#!/usr/bin/dh-exec
-runit-2.1.2/src/runit-init => /sbin/init
-runit-2.1.2/src/runit  /sbin
-debian/contrib/shutdown /sbin
-debian/contrib/reboot   /sbin
-debian/contrib/runlevel /sbin
diff -Nru runit-2.1.2/debian/runit-init.links 
runit-2.1.2/debian/runit-init.links
--- runit-2.1.2/debian/runit-init.links 2016-10-09 06:17:37.0 -0400
+++ runit-2.1.2/debian/runit-init.links 1969-12-31 19:00:00.0 -0500
@@ -1 +0,0 @@
-/usr/share/man/man8/shutdown.8.gz /usr/share/man/man8/reboot.8.gz
diff -Nru runit-2.1.2/debian/runit-init.manpages 
runit-2.1.2/debian/runit-init.manpages
--- runit-2.1.2/debian/runit-init.manpages  2016-10-09 06:19:28.0 
-0400
+++ runit-2.1.2/debian/runit-init.manpages  1969-12-31 19:00:00.0 
-0500
@@ -1,4 +0,0 @@
-runit-*/man/runit.8
-runit-*/man/runit-init.8
-debian/contrib/shutdown.8
-debian/contrib/runlevel.8

Bug#862481: jessie-pu: package xfce4-weather-plugin/0.8.3-2

[Yves-Alexis Perez]

On Sat, 2017-05-13 at 13:51 +0200, Yves-Alexis Perez wrote:
> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian@packages.debian.org
> Usertags: pu
> 
> Hi,
> 
> xfce4-weather-plugin uses met.no as source for weather information.
> There was multiple changes in API in recent years, and they disabled
> legacy API in the last few days, meaning weather plugin in Jessie
> doesn't work anymore.

Hi,

I assume you're more focused on stretch these days, but would it be possible
to move forward on this? weather plugin is completely unusable in Jessie right
now.

Regards,
-- 
Yves-Alexis

signature.asc
Description: This is a digitally signed message part

Processed: Re: Bug#861926: jessie-pu: package tcpdf/6.0.093+dfsg-1

[Debian Bug Tracking System]

Processing control commands:

> tag -1 - moreinfo
Bug #861926 [release.debian.org] jessie-pu: package tcpdf/6.0.093+dfsg-1
Removed tag(s) moreinfo.

-- 
861926: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861926
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#861926: jessie-pu: package tcpdf/6.0.093+dfsg-1

[Raphael Hertzog]

Control: tag -1 - moreinfo

Just a ping since Laurent already provided the extra information
in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861926#19

It's about https://security-tracker.debian.org/tracker/CVE-2017-6100
We agreed with the security team to fix it through jessie-pu, cf
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814030#73

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Bug#863730: unblock: gnome-calendar/3.22.4-2

[Michael Biebl]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package gnome-calendar

It's a targetted two-line fix for a crasher bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858924

The patch is from upstream, the package has already been uploaded and
was successfully built everywhere.

Full debdiff is attached.

Regards,
Michael

unblock gnome-calendar/3.22.4-2

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), 
LANGUAGE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru gnome-calendar-3.22.4/debian/changelog 
gnome-calendar-3.22.4/debian/changelog
--- gnome-calendar-3.22.4/debian/changelog  2017-03-29 23:00:23.0 
+0200
+++ gnome-calendar-3.22.4/debian/changelog  2017-05-30 10:15:57.0 
+0200
@@ -1,3 +1,11 @@
+gnome-calendar (3.22.4-2) unstable; urgency=medium
+
+  [ Jason Crain ]
+  * Add debian/patches/0003-set-edit-dialogs-event-to-NULL-after-saving.patch:
+fix crash when creating a new event. (Closes: #858924)
+
+ -- Michael Biebl   Tue, 30 May 2017 10:15:57 +0200
+
 gnome-calendar (3.22.4-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru gnome-calendar-3.22.4/debian/control 
gnome-calendar-3.22.4/debian/control
--- gnome-calendar-3.22.4/debian/control2017-03-29 23:00:23.0 
+0200
+++ gnome-calendar-3.22.4/debian/control2017-05-30 10:15:57.0 
+0200
@@ -6,7 +6,7 @@
 Section: gnome
 Priority: optional
 Maintainer: Debian GNOME Maintainers 

-Uploaders: Andreas Henriksson , Iain Lane 
, Michael Biebl 
+Uploaders: Andreas Henriksson , Michael Biebl 

 Build-Depends: appstream-util,
autoconf-archive,
debhelper (>= 10),
diff -Nru 
gnome-calendar-3.22.4/debian/patches/0003-set-edit-dialogs-event-to-NULL-after-saving.patch
 
gnome-calendar-3.22.4/debian/patches/0003-set-edit-dialogs-event-to-NULL-after-saving.patch
--- 
gnome-calendar-3.22.4/debian/patches/0003-set-edit-dialogs-event-to-NULL-after-saving.patch
 1970-01-01 01:00:00.0 +0100
+++ 
gnome-calendar-3.22.4/debian/patches/0003-set-edit-dialogs-event-to-NULL-after-saving.patch
 2017-05-30 09:50:28.0 +0200
@@ -0,0 +1,39 @@
+From: Yash Singh 
+Date: Fri, 10 Mar 2017 17:58:52 +0530
+Subject: window: set edit dialog's event to NULL after saving
+
+Earlier the app used to crash when a new event was added using the
+'Edit Details' buttion/dialog. This was happening because edit dialog's
+event was set to NULL before the event was being stored in the calendar
+through the 'edit_dialog' and hence the app was crashing.
+
+This patch fixes the above-mentioned issue by saving the event before
+setting the edit dialog's event to NULL.
+
+Origin: upstream, 
https://git.gnome.org/browse/gnome-calendar/commit/?id=6f87ada70dbeae71e3428ee3a63f79b8c918f121
+Bug: https://bugzilla.gnome.org/779733
+Bug-Debian: https://bugs.debian.org/858924
+Last-Update: 2017-05-28
+---
+ src/gcal-window.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/src/gcal-window.c
 b/src/gcal-window.c
+@@ -1102,7 +1102,6 @@
+   event = gcal_edit_dialog_get_event (edit_dialog);
+   view = GCAL_VIEW (window->views[window->active_view]);
+ 
+-  gcal_edit_dialog_set_event (edit_dialog, NULL);
+   gtk_widget_hide (GTK_WIDGET (dialog));
+ 
+   switch (response)
+@@ -1149,6 +1148,8 @@
+   break;
+ 
+ }
++
++  gcal_edit_dialog_set_event (edit_dialog, NULL);
+ }
+ 
+ static void
diff -Nru gnome-calendar-3.22.4/debian/patches/series 
gnome-calendar-3.22.4/debian/patches/series
--- gnome-calendar-3.22.4/debian/patches/series 2016-09-15 00:30:46.0 
+0200
+++ gnome-calendar-3.22.4/debian/patches/series 2017-05-30 09:50:28.0 
+0200
@@ -1,2 +1,3 @@
 0001-Hide-GOA-sources-on-Unity.patch
 0002-Spawn-Ubuntu-s-credentials-panel-instead-of-the-GOA-.patch
+0003-set-edit-dialogs-event-to-NULL-after-saving.patch

Bug#863519: unblock blockdiag/1.5.3+dfsg-2

[Kouhei Maeda]

retitile 863519: unblock blockdiag/1.5.3+dfsg-3

Hi,

2017-05-29 22:02 GMT+09:00 Jonathan Wiltshire :
> On 2017-05-29 05:26, Kouhei Maeda wrote:
>>
>> Hi,
>>
>> 2017-05-28 21:50 GMT+09:00 Jonathan Wiltshire :
>>>
>>> On Sun, May 28, 2017 at 08:51:27AM +0900, Kouhei Maeda wrote:

 +  * Bumps version debian/compat to 9.
 +- Fixes package-uses-deprecated-debhelper-compat-version.
>>>
>>>
>>> This isn't OK, please remove it.
>>
>>
>> This means that reverting debian/compat version, and increments debian
>> version?
>>
>> Regards,
>> --
>> Kouhei Maeda 
>>  KeyID 4096R/7E37CE41
>
>
> Yes please.

Fixed above.
Please unblock blockdiag/1.5.3+dfsg-3.

Attached is the source debdiff.

Regards,

dpkg-source: warning: extracting unsigned source package
(/home/kohei/devel/debpkg/blockdiag/blockdiag_1.5.3+dfsg-2.dsc)
dpkg-source: warning: extracting unsigned source package
(/home/kohei/devel/debpkg/blockdiag/blockdiag_1.5.3+dfsg-3.dsc)
diff -Nru blockdiag-1.5.3+dfsg/debian/changelog
blockdiag-1.5.3+dfsg/debian/changelog
--- blockdiag-1.5.3+dfsg/debian/changelog   2017-05-26
22:06:40.0 +0900
+++ blockdiag-1.5.3+dfsg/debian/changelog   2017-05-29
20:44:19.0 +0900
@@ -1,3 +1,11 @@
+blockdiag (1.5.3+dfsg-3) unstable; urgency=medium
+
+  * Reverts the change.
+- Bumps version debian/compat to 9.
+  * Fixes package-uses-deprecated-debhelper-compat-version.
+
+ -- Kouhei Maeda   Mon, 29 May 2017 20:44:19 +0900
+
 blockdiag (1.5.3+dfsg-2) unstable; urgency=medium

   * Fixes build kills unrelated python processes. Closes: #847930
diff -Nru blockdiag-1.5.3+dfsg/debian/compat blockdiag-1.5.3+dfsg/debian/compat
--- blockdiag-1.5.3+dfsg/debian/compat  2017-05-26 00:57:08.0 +0900
+++ blockdiag-1.5.3+dfsg/debian/compat  2017-05-29 12:24:55.0 +0900
@@ -1 +1 @@
-9
+7



--
Kouhei Maeda 
 KeyID 4096R/7E37CE41

Bug#863726: unblock: strongswan/5.5.1-4

[Yves-Alexis Perez]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package strongswan

This upload fix two security vulnerabilities in strongSwan, debdiff is
attached (sorry, patches are in dos format…)

unblock strongswan/5.5.1-4

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (450, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), 
LANGUAGE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru strongswan-5.5.1/debian/changelog strongswan-5.5.1/debian/changelog
--- strongswan-5.5.1/debian/changelog   2017-01-16 12:58:26.0 +0100
+++ strongswan-5.5.1/debian/changelog   2017-05-29 21:52:41.0 +0200
@@ -1,3 +1,17 @@
+strongswan (5.5.1-4) unstable; urgency=high
+
+  * Urgency=high for the security fix.
+  * debian/patches:
+- CVE-2017-9022_insufficient_input_validation_gmp_plugin added, fix
+insufficient input validation in gmp plugin which could lead to denial of
+service (CVE-2017-9022).
+- CVE-2017-9023_incorrect_handling_of_choice_types_in_asn1_parser added,
+fix incorrect handling of CHOICE types in ASN.1 parser and x509 plugin
+whch could lead to an infinite loop and a denial of service
+(CVE-2017-9023).
+
+ -- Yves-Alexis Perez   Mon, 29 May 2017 21:52:41 +0200
+
 strongswan (5.5.1-3) unstable; urgency=medium
 
   [ Christian Ehrhardt ]
diff -Nru 
strongswan-5.5.1/debian/patches/CVE-2017-9022_insufficient_input_validation_gmp_plugin.patch
 
strongswan-5.5.1/debian/patches/CVE-2017-9022_insufficient_input_validation_gmp_plugin.patch
--- 
strongswan-5.5.1/debian/patches/CVE-2017-9022_insufficient_input_validation_gmp_plugin.patch
1970-01-01 01:00:00.0 +0100
+++ 
strongswan-5.5.1/debian/patches/CVE-2017-9022_insufficient_input_validation_gmp_plugin.patch
2017-05-29 19:21:19.0 +0200
@@ -0,0 +1,42 @@
+From 1bf67b900fb4955a0b09f3c1cbe1ce7177adbe2f Mon Sep 17 00:00:00 2001
+From: Tobias Brunner 
+Date: Wed, 29 Mar 2017 11:26:24 +0200
+Subject: [PATCH] gmp: Make sure the modulus is odd and the exponent not zero
+
+Unlike mpz_powm() its secure replacement mpz_powm_sec() has the additional
+requirement that the exponent must be > 0 and the modulus has to be odd.
+Otherwise, it will crash with a floating-point exception.
+
+Fixes: CVE-2017-9022
+---
+ src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 7 ++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c 
b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+index 2b2c7f249590..32a72ac9600b 100644
+--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
 b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+@@ -475,7 +475,7 @@ gmp_rsa_public_key_t *gmp_rsa_public_key_load(key_type_t 
type, va_list args)
+   }
+   break;
+   }
+-  if (!e.ptr || !n.ptr)
++  if (!e.len || !n.len || (n.ptr[n.len-1] & 0x01) == 0)
+   {
+   return NULL;
+   }
+@@ -506,5 +506,10 @@ gmp_rsa_public_key_t *gmp_rsa_public_key_load(key_type_t 
type, va_list args)
+ 
+   this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE;
+ 
++  if (!mpz_sgn(this->e))
++  {
++  destroy(this);
++  return NULL;
++  }
+   return >public;
+ }
+-- 
+1.9.1
+
+
\ No newline at end of file
diff -Nru 
strongswan-5.5.1/debian/patches/CVE-2017-9023_incorrect_handling_of_choice_types_in_asn1_parser.patch
 
strongswan-5.5.1/debian/patches/CVE-2017-9023_incorrect_handling_of_choice_types_in_asn1_parser.patch
--- 
strongswan-5.5.1/debian/patches/CVE-2017-9023_incorrect_handling_of_choice_types_in_asn1_parser.patch
   1970-01-01 01:00:00.0 +0100
+++ 
strongswan-5.5.1/debian/patches/CVE-2017-9023_incorrect_handling_of_choice_types_in_asn1_parser.patch
   2017-05-29 19:21:19.0 +0200
@@ -0,0 +1,376 @@
+From e3d4fe2be3bda0d9acc985a6cd67efe249d8326c Mon Sep 17 00:00:00 2001
+From: Andreas Steffen 
+Date: Fri, 5 May 2017 09:01:08 +0200
+Subject: [PATCH] asn1-parser: Fix CHOICE parsing
+
+Also fixes the application in the x509 plugin and the parsing of
+nameConstraints, which doesn't require a loop.
+
+Fixes: CVE-2017-9023
+---
+ src/libstrongswan/asn1/asn1_parser.c   |  70 +++---
+ src/libstrongswan/asn1/asn1_parser.h   |  27 +++
+ src/libstrongswan/plugins/x509/x509_cert.c | 115 +++--
+ 3 files changed, 135 insertions(+), 77 deletions(-)
+
+diff --git a/src/libstrongswan/asn1/asn1_parser.c 
b/src/libstrongswan/asn1/asn1_parser.c
+index e7b7a428d9a2..4d5f799b73a9 100644
+--- 

Bug#863725: unblock: autodep8/0.9

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package autodep8

This release adds support for Go packages, but otherwise contains no
changes to the existing functionality. I know this is not exactly the
kind of thing we want during the freeze, but autodep8 is part of the CI
infrastructure, and it will be really useful to have this version in
stretch (as well as in jessie-backports).

debdiff attached

unblock autodep8/0.9

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru autodep8-0.8/debian/changelog autodep8-0.9/debian/changelog
--- autodep8-0.8/debian/changelog	2016-08-25 20:36:02.0 -0300
+++ autodep8-0.9/debian/changelog	2017-05-26 07:42:20.0 -0300
@@ -1,3 +1,10 @@
+autodep8 (0.9) unstable; urgency=medium
+
+  [ Martín Ferrari ]
+  * Add support for Go package testsuites run by dh_golang_autopkgtest.
+
+ -- Antonio Terceiro   Fri, 26 May 2017 07:42:20 -0300
+
 autodep8 (0.8) unstable; urgency=medium
 
   [ Sean Whitton ]
diff -Nru autodep8-0.8/examples.in autodep8-0.9/examples.in
--- autodep8-0.8/examples.in	2016-08-25 20:36:02.0 -0300
+++ autodep8-0.9/examples.in	2017-05-26 07:42:20.0 -0300
@@ -2,6 +2,7 @@
 #   ---
 dkmskpatch
 elpaflycheck
+go  prometheus
 nodejs  node-tar
 perllibtest-most-perl
 python  python-flaky
diff -Nru autodep8-0.8/examples.md autodep8-0.9/examples.md
--- autodep8-0.8/examples.md	2016-08-25 20:36:02.0 -0300
+++ autodep8-0.9/examples.md	2017-05-26 07:42:20.0 -0300
@@ -11,6 +11,12 @@
 Depends: @, @builddeps@
 Restrictions: rw-build-tree
 
+## go (prometheus)
+
+Test-Command: /usr/bin/dh_golang_autopkgtest
+Depends: @builddeps@, dh-golang
+Restrictions: rw-build-tree, allow-stderr
+
 ## nodejs (node-tar)
 
 Test-Command: cd $ADTTMP && nodejs -e "require('"'"'tar'"'"');"
diff -Nru autodep8-0.8/support/go/detect autodep8-0.9/support/go/detect
--- autodep8-0.8/support/go/detect	1969-12-31 21:00:00.0 -0300
+++ autodep8-0.9/support/go/detect	2017-05-26 07:42:20.0 -0300
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+grep-dctrl --quiet -FBuild-Depends,Build-Depends-Indep,Depends \
+-e '(^|\s|,)golang-(go|any)($|\s|,)' debian/control
diff -Nru autodep8-0.8/support/go/generate autodep8-0.9/support/go/generate
--- autodep8-0.8/support/go/generate	1969-12-31 21:00:00.0 -0300
+++ autodep8-0.9/support/go/generate	2017-05-26 07:42:20.0 -0300
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+# Stderr is required because many go tools output status info to stderr.
+cat <= 2:1.4) || golang-go (>= 2:1.4)'
+  check_run autodep8
+}
+
+test_detect_bdepends_nomatch() {
+  has 'debian/control' 'Build-Depends: golang-goNOPE'
+  run autodep8
+  assertEquals 1 "$exitstatus"
+  assertEquals "" "$(cat stdout stderr)"
+}
+
+test_detect_depends_golang_go() {
+  has 'debian/control' 'Depends: golang-go'
+  check_run autodep8
+}
+
+test_detect_depends_golang_any() {
+  has 'debian/control' 'Depends: golang-any'
+  check_run autodep8
+}
+
+test_detect_bdependsi_golang_go() {
+  has 'debian/control' 'Build-Depends-Indep: golang-go'
+  check_run autodep8
+}
+
+test_detect_bdependsi_golang_any() {
+  has 'debian/control' 'Build-Depends-Indep: golang-any'
+  check_run autodep8
+}
+
+. shunit2


signature.asc
Description: PGP signature

Processed: Re: Bug#863453: unblock: acmetool/0.0.59-1

[Debian Bug Tracking System]

Processing control commands:

> tag -1 - moreinfo
Bug #863453 [release.debian.org] unblock: acmetool/0.0.59-1
Removed tag(s) moreinfo.

-- 
863453: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863453
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#863453: unblock: acmetool/0.0.59-1

[Peter Colberg]

Control: tag -1 - moreinfo

On Mon, May 29, 2017 at 01:11:47PM +0100, Jonathan Wiltshire wrote:
> None of these issues seem to have corresponding BTS bugs. If they did,
> which severity would you choose? (hint: if they're not at least
> 'serious'...)

I would assign the following severities:

  * Validate hostnames in 'acmetool want' [1]

Severity: normal

This improves the error handling when the user passes an invalid host name.

https://github.com/hlandau/acme/issues/204

  * Allow environment variables to be passed to challenge hooks [2]

Severity: normal

https://github.com/hlandau/acme/issues/166 

  * Allow acmeapi to obtain new nonces if nonce pool is depleted [3]

Severity: important

This fixes a potential failure to acquire certificates.

https://github.com/hlandau/acme/issues/214

  * Don't attempt fdb permission tests on non-cgo builds [4]

Severity: serious

This fixes an FTBFS on architectures using gcc-go.

https://github.com/hlandau/acme/issues/219

  * Add read/write timeouts to redirector server [5]

Severity: serious

This fixes a denial-of-service in the HTTP-to-HTTPS redirector.

  * Allow hidden files within the state directory [6]

Severity: important

This ignores dot files in /var/lib/acme, e.g., .git/.

https://github.com/hlandau/acme/issues/153


I strongly believe the users of the acmetool package would be best
served by Debian if all of the above fixes were included in stretch.

Regards,
Peter

[1] 
https://github.com/hlandau/acme/commit/96126c04eb76c1921127731ea3ae562a67459b2d
[2] 
https://github.com/hlandau/acme/commit/c8f5d91e3b1d5fab90fda1298a65f5f283555097
[3] 
https://github.com/hlandau/acme/commit/a087733bf7567b224b8d192e2747f794fc93a27c
[4] 
https://github.com/hlandau/acme/commit/ca02f4791ab63b92907c2dfcf7d1f9a1f62b7b87
[5] 
https://github.com/hlandau/acme/commit/b9637d98466b45de1b7fc848474d1fc10ef60667
[6] 
https://github.com/hlandau/acme/commit/677aa28007341961102375d45857e26fac149e80

Processed: retitle 863714 to unblock: libetpan/1.6-3

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 863714 unblock: libetpan/1.6-3
Bug #863714 [release.debian.org] unblock: libetpan/1.6-2
Changed Bug title to 'unblock: libetpan/1.6-3' from 'unblock: libetpan/1.6-2'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
863714: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863714
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: block 862151 with 863714

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> block 862151 with 863714
Bug #862151 [src:libetpan] libetpan: CVE-2017-8825
862151 was not blocked by any bugs.
862151 was not blocking any bugs.
Added blocking bug(s) of 862151: 863714
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
862151: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862151
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#863715: unblock: boinc 7.6.33+dfsg-12

[Gianfranco Costamagna]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock


Hi Release Team

Please unblock package boinc

unblock boinc/7.6.33+dfsg-12

We refactored a little bit with the upstream version a patch already in Stretch,
and I removed the fglrx package, uninstallable because fglrx is now dead

debdiff here:

diff -Nru boinc-7.6.33+dfsg/debian/changelog boinc-7.6.33+dfsg/debian/changelog
--- boinc-7.6.33+dfsg/debian/changelog  2017-04-04 08:08:14.0 +0200
+++ boinc-7.6.33+dfsg/debian/changelog  2017-05-30 11:40:51.0 +0200
@@ -1,3 +1,22 @@
+boinc (7.6.33+dfsg-12) unstable; urgency=medium
+
+  [ Steffen Moeller ]
+  * Added dependency on  lsb-base (>= 3.0-6) of boinc-client for the init
+script. Thanks to Lintian and the Package Tracker for spotting that.
+
+  [ Gianfranco Costamagna ]
+  * Update the previous boinc-issue-1177.patch with the upstream merged patch.
+  * Remove boinc-client-fglrx: dead, depends on removed fglrx libraries.
+(Closes: #863699)
+
+ -- Gianfranco Costamagna   Tue, 30 May 2017 
11:39:31 +0200
+
+boinc (7.6.33+dfsg-11exp1) experimental; urgency=medium
+
+  * Upload to experimental again, with the boinc-server-* packages.
+
+ -- Gianfranco Costamagna   Tue, 04 Apr 2017 
08:10:03 +0200
+
 boinc (7.6.33+dfsg-11) unstable; urgency=medium
 
   * Upload to unstable
diff -Nru boinc-7.6.33+dfsg/debian/control boinc-7.6.33+dfsg/debian/control
--- boinc-7.6.33+dfsg/debian/control2017-04-04 08:09:03.0 +0200
+++ boinc-7.6.33+dfsg/debian/control2017-05-30 11:41:46.0 +0200
@@ -103,37 +103,16 @@
  non-free section to the regular boinc package. This also meant this
  binary package to be redistributed in the contrib section of Debian.
 
-Package: boinc-client-fglrx
-Architecture: amd64 i386
-Section: contrib/net
-Priority: extra
-Breaks: boinc-nvidia-cuda
-Replaces: boinc-nvidia-cuda
-Depends: ${misc:Depends}, boinc-client
-Recommends: libfglrx | fglrx-updates | fglrx
-Description: metapackage for AMD/ATI fglrx-savvy BOINC client and manager
- The Berkeley Open Infrastructure for Network Computing (BOINC) is a
- software platform for distributed computing: several initiatives of
- various scientific disciplines all compete for the idle time of
- desktop computers. The developers' web site at the University of
- Berkeley serves as a common portal to the otherwise independently run
- projects.
- .
- Regular users (righteously) often find it an unbearable nuisance to
- care for the configuration of BOINC for the fglrx-savvy AMD/ATI
- graphics cards.  This package adds a series of dependencies from the
- non-free section to the regular boinc package. This also meant this
- binary package to be redistributed in the contrib section of Debian.
-
 Package: boinc-client
 Architecture: any
 Depends: adduser,
  ca-certificates,
+ lsb-base (>= 3.0-6),
  libboinc7 (= ${binary:Version}),
  ${misc:Depends},
  ${python:Depends},
  ${shlibs:Depends}
-Suggests: boinc-client-opencl, boinc-client-fglrx, boinc-client-nvidia-cuda, 
boinc-manager, x11-xserver-utils
+Suggests: boinc-client-opencl, boinc-client-nvidia-cuda, boinc-manager, 
x11-xserver-utils
 Description: core client for the BOINC distributed computing infrastructure
  The Berkeley Open Infrastructure for Network Computing (BOINC) is a
  software platform for distributed computing: several initiatives of
diff -Nru boinc-7.6.33+dfsg/debian/control.in 
boinc-7.6.33+dfsg/debian/control.in
--- boinc-7.6.33+dfsg/debian/control.in 2017-03-14 12:22:46.0 +0100
+++ boinc-7.6.33+dfsg/debian/control.in 2017-05-30 11:38:56.0 +0200
@@ -103,37 +103,16 @@
 @ non-free section to the regular boinc package. This also meant this
 @ binary package to be redistributed in the contrib section of Debian.
 @
-@Package: boinc-client-fglrx
-@Architecture: amd64 i386
-@Section: contrib/net
-@Priority: extra
-@Breaks: boinc-nvidia-cuda
-@Replaces: boinc-nvidia-cuda
-@Depends: ${misc:Depends}, boinc-client
-@Recommends: libfglrx | fglrx-updates | fglrx
-@Description: metapackage for AMD/ATI fglrx-savvy BOINC client and manager
-@ The Berkeley Open Infrastructure for Network Computing (BOINC) is a
-@ software platform for distributed computing: several initiatives of
-@ various scientific disciplines all compete for the idle time of
-@ desktop computers. The developers' web site at the University of
-@ Berkeley serves as a common portal to the otherwise independently run
-@ projects.
-@ .
-@ Regular users (righteously) often find it an unbearable nuisance to
-@ care for the configuration of BOINC for the fglrx-savvy AMD/ATI
-@ graphics cards.  This package adds a series of dependencies from the
-@ non-free section to the regular boinc package. This also meant this
-@ binary package to be redistributed in the contrib section of Debian.
-@
 @Package: boinc-client
 @Architecture: any
 @Depends: 

Bug#863714: unblock: libetpan/1.6-2

[Ricardo Mones]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package libetpan

Fixes bug 862151 (CVE-2017-8825). Diff includes an update to Homepage
field which was already in git since past year ;)

Attached debdiff. Thanks in advance and best regards,

unblock libetpan/1.6-3

-- 
 Ricardo Mones
 http://people.debian.org/~mones
 «Exercise caution in your daily affairs.»
diff -Nru libetpan-1.6/debian/changelog libetpan-1.6/debian/changelog
--- libetpan-1.6/debian/changelog   2016-10-12 23:35:06.0 +0200
+++ libetpan-1.6/debian/changelog   2017-05-30 10:16:19.0 +0200
@@ -1,3 +1,12 @@
+libetpan (1.6-3) unstable; urgency=high
+
+  * patches/fix-CVE-2017-8825.diff, patches/series
+  - Add upstream patch to fix CVE-2017-8825 (Closes: #862151)
+  * control
+  - Homepage: point to library's own page
+
+ -- Ricardo Mones   Tue, 30 May 2017 10:16:19 +0200
+
 libetpan (1.6-2) unstable; urgency=medium
 
   * control
diff -Nru libetpan-1.6/debian/control libetpan-1.6/debian/control
--- libetpan-1.6/debian/control 2016-10-12 23:35:06.0 +0200
+++ libetpan-1.6/debian/control 2017-05-30 10:16:19.0 +0200
@@ -1,7 +1,7 @@
 Source: libetpan
 Section: mail
 Priority: optional
-Homepage: http://libetpan.sourceforge.net/libetpan
+Homepage: http://www.etpan.org/libetpan.html
 Maintainer: Ricardo Mones 
 Uploaders: Nikita V. Youshchenko 
 Build-Depends: debhelper (>= 9), autotools-dev, libtool, libdb-dev,
diff -Nru libetpan-1.6/debian/patches/fix-CVE-2017-8825.diff 
libetpan-1.6/debian/patches/fix-CVE-2017-8825.diff
--- libetpan-1.6/debian/patches/fix-CVE-2017-8825.diff  1970-01-01 
01:00:00.0 +0100
+++ libetpan-1.6/debian/patches/fix-CVE-2017-8825.diff  2017-05-30 
10:16:19.0 +0200
@@ -0,0 +1,39 @@
+Description: A null dereference vulnerability has been found in the MIME
+ handling component of LibEtPan before 1.8, as used in MailCore and
+ MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed
+ parse of a Cc header containing multiple e-mail addresses.
+Author: Viet Hoa Dinh 
+Origin: upstream, 
https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d
+Bug-Debian: https://bugs.debian.org/862151
+Last-Update: 2017-05-30
+
+diff --git a/src/low-level/imf/mailimf.c b/src/low-level/imf/mailimf.c
+index 4554f1c..b557070 100644
+--- a/src/low-level/imf/mailimf.c
 b/src/low-level/imf/mailimf.c
+@@ -3083,6 +3083,7 @@ static int mailimf_group_parse(const char * message, 
size_t length,
+   struct mailimf_group * group;
+   int r;
+   int res;
++  clist * list;
+ 
+   cur_token = * indx;
+ 
+@@ -3110,6 +3111,17 @@ static int mailimf_group_parse(const char * message, 
size_t length,
+   res = r;
+   goto free_display_name;
+ }
++list = clist_new();
++if (list == NULL) {
++  res = MAILIMF_ERROR_MEMORY;
++  goto free_display_name;
++}
++mailbox_list = mailimf_mailbox_list_new(list);
++if (mailbox_list == NULL) {
++  res = MAILIMF_ERROR_MEMORY;
++  clist_free(list);
++  goto free_display_name;
++}
+ break;
+   default:
+ res = r;
diff -Nru libetpan-1.6/debian/patches/series libetpan-1.6/debian/patches/series
--- libetpan-1.6/debian/patches/series  2016-10-12 23:35:06.0 +0200
+++ libetpan-1.6/debian/patches/series  2017-05-30 10:16:19.0 +0200
@@ -1 +1,2 @@
 11_use_openjade.diff
+fix-CVE-2017-8825.diff

Bug#863549: unblock: nvidia-graphics-drivers/375.66-1

[Andreas Beckmann]

Control: tag -1 - moreinfo

On Sun, 28 May 2017 14:37:47 +0100 Luca Boccassi
 wrote:
> Sorry, I should have been clearer: what we try to keep synched is not the
> upstream code, but the packaging code. Scripts to fetch the upstream
> installers and create source tarballs, to create dkms packages, package
> individual libraries separately, etc.
> 
> Maintaining this upstream proprietary driver is quite complex, and this
> really helps a lot keeping things sane.

Agreed.
And we usually have to upload new upstream (legacy) releases to
(old)*stable :-(
The upstream changelog also considers the new legacy releases as history
of the latest release. Bugfixes are only mentioned in the oldest release
branch where they were applied. (And CVEs are not mentioned at all,
since they are usually only disclosed after the fix is out.)


Andreas

Processed: Re: Bug#863549: unblock: nvidia-graphics-drivers/375.66-1

[Debian Bug Tracking System]

Processing control commands:

> tag -1 - moreinfo
Bug #863549 [release.debian.org] unblock: nvidia-graphics-drivers/375.66-1
Removed tag(s) moreinfo.

-- 
863549: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863549
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#863713: unblock: pd-flite/0.02.3-3

[IOhannes m zmoelnig]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package pd-flite

This upload fixes the "online" documentation of the package:
documentation is a set of interactive examples that will automatically be opened
when the user clicks on "Help" within the runtime environment (puredata, aka 
"Pd").
The documentation was broken insofar, as it was installed at a place, where Pd
wouldn't look for it, resulting in no documentation for the end-user.

unblock pd-flite/0.02.3-3

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru pd-flite-0.02.3/debian/changelog pd-flite-0.02.3/debian/changelog
--- pd-flite-0.02.3/debian/changelog2016-11-10 10:36:40.0 +0100
+++ pd-flite-0.02.3/debian/changelog2017-05-29 22:58:45.0 +0200
@@ -1,3 +1,10 @@
+pd-flite (0.02.3-3) unstable; urgency=medium
+
+  * Fixed helppatch-install-dir patch (Closes: #863658)
+  * Refreshed patches (fuzz offset)
+
+ -- IOhannes m zmölnig (Debian/GNU)   Mon, 29 May 2017 
22:58:45 +0200
+
 pd-flite (0.02.3-2) unstable; urgency=medium
 
   * Fixed permissions of externals (Closes: #715909)
diff -Nru pd-flite-0.02.3/debian/patches/fix-help-files-install-dir.patch 
pd-flite-0.02.3/debian/patches/fix-help-files-install-dir.patch
--- pd-flite-0.02.3/debian/patches/fix-help-files-install-dir.patch 
2016-11-10 10:36:40.0 +0100
+++ pd-flite-0.02.3/debian/patches/fix-help-files-install-dir.patch 
2017-05-29 22:58:45.0 +0200
@@ -1,25 +1,27 @@
 Description: fix configure to install help-files to extdir
 Author: Roman Haefeli 
 a/configure
-+++ b/configure
-@@ -4134,9 +4134,6 @@
- 
- 
+Last-Update: 2017-05-29
+--- pd-flite.orig/common/m4/ax_pd_external.m4
 pd-flite/common/m4/ax_pd_external.m4
+@@ -146,9 +146,6 @@
+   [pddir="\${prefix}/pd"])
+  AC_SUBST(pddir)
  
 - pddocdir="${pddir}/doc/5.reference"
--
+- AC_SUBST(pddocdir)
 -
   ##-- pdincludedir
- 
- # Check whether --with-pd-include was given.
-@@ -4166,6 +4163,10 @@
-  pdexternsdir="$pdextdir"
+  AC_ARG_WITH(pd-include,
+   AC_HELP_STRING([--with-pd-include=DIR], [Pd include directory 
(default=NONE)]),
+@@ -171,6 +168,11 @@
   pdexecdir="$pdextdir"
- 
-+ ##-- pddocdir
+  AC_SUBST(pdexternsdir)
+  AC_SUBST(pdexecdir)
++
 + # Nowadays the help files usually are installed besides the class files
 + pddocdir="${pdextdir}"
++ AC_SUBST(pddocdir)
 +
- 
   ## pd-directory/ies
   ##^^
+ 
diff -Nru pd-flite-0.02.3/debian/patches/reproducible-build.patch 
pd-flite-0.02.3/debian/patches/reproducible-build.patch
--- pd-flite-0.02.3/debian/patches/reproducible-build.patch 2016-11-10 
10:36:40.0 +0100
+++ pd-flite-0.02.3/debian/patches/reproducible-build.patch 2017-05-29 
22:58:45.0 +0200
@@ -2,9 +2,9 @@
 Author: Chris Lamb 
 Last-Update: 2016-08-04
 
 pd-pdstring-0.10.2.orig/common/m4/ax_pd_external.m4
-+++ pd-pdstring-0.10.2/common/m4/ax_pd_external.m4
-@@ -242,7 +242,11 @@ AC_DEFUN([AX_PD_EXTERNAL],
+--- pd-flite.orig/common/m4/ax_pd_external.m4
 pd-flite/common/m4/ax_pd_external.m4
+@@ -244,7 +244,11 @@
  
   ##vv
   ## compiled

Bug#863712: unblock: pd-pdstring/0.10.2-3

[IOhannes m zmoelnig]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package pd-pdstring

This upload fixes the "online" documentation of the package:
documentation is a set of interactive examples that will automatically be opened
when the user clicks on "Help" within the runtime environment (puredata, aka
"Pd").
The documentation was broken insofar, as it was installed at a place, where Pd
wouldn't look for it, resulting in no documentation for the end-user.

unblock pd-pdstring/0.10.2-3

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru pd-pdstring-0.10.2/debian/changelog 
pd-pdstring-0.10.2/debian/changelog
--- pd-pdstring-0.10.2/debian/changelog 2016-11-10 10:22:16.0 +0100
+++ pd-pdstring-0.10.2/debian/changelog 2017-05-29 22:59:44.0 +0200
@@ -1,3 +1,12 @@
+pd-pdstring (0.10.2-3) unstable; urgency=medium
+
+  * Moved fix-help-files patch to common/m4 (Closes: #863665)
+  * Set well-defined user for repdroducible builds.
+Thanks to Chris Lamb  (Closes: #861756)
+  * Refreshed patches (fuzz offset)
+
+ -- IOhannes m zmölnig (Debian/GNU)   Mon, 29 May 2017 
22:59:44 +0200
+
 pd-pdstring (0.10.2-2) unstable; urgency=medium
 
   * Enabled reproducible build.
diff -Nru pd-pdstring-0.10.2/debian/patches/fix-help-files-install-dir.patch 
pd-pdstring-0.10.2/debian/patches/fix-help-files-install-dir.patch
--- pd-pdstring-0.10.2/debian/patches/fix-help-files-install-dir.patch  
2016-11-10 10:22:16.0 +0100
+++ pd-pdstring-0.10.2/debian/patches/fix-help-files-install-dir.patch  
2017-05-29 22:59:44.0 +0200
@@ -1,25 +1,27 @@
 Description: fix configure to install help-files to extdir
 Author: Roman Haefeli 
 a/configure
-+++ b/configure
-@@ -3550,9 +3550,6 @@
- 
- 
+Last-Update: 2017-05-04
+--- pd-pdstring.orig/common/m4/ax_pd_external.m4
 pd-pdstring/common/m4/ax_pd_external.m4
+@@ -146,9 +146,6 @@
+   [pddir="\${prefix}/pd"])
+  AC_SUBST(pddir)
  
 - pddocdir="${pddir}/doc/5.reference"
--
+- AC_SUBST(pddocdir)
 -
   ##-- pdincludedir
- 
- # Check whether --with-pd-include was given.
-@@ -3582,6 +3579,10 @@
-  pdexternsdir="$pdextdir"
+  AC_ARG_WITH(pd-include,
+   AC_HELP_STRING([--with-pd-include=DIR], [Pd include directory 
(default=NONE)]),
+@@ -171,6 +168,11 @@
   pdexecdir="$pdextdir"
- 
-+ ##-- pddocdir
+  AC_SUBST(pdexternsdir)
+  AC_SUBST(pdexecdir)
++
 + # Nowadays the help files usually are installed besides the class files
 + pddocdir="${pdextdir}"
++ AC_SUBST(pddocdir)
 +
- 
   ## pd-directory/ies
   ##^^
+ 
diff -Nru pd-pdstring-0.10.2/debian/patches/reproducible-build.patch 
pd-pdstring-0.10.2/debian/patches/reproducible-build.patch
--- pd-pdstring-0.10.2/debian/patches/reproducible-build.patch  2016-11-10 
10:22:16.0 +0100
+++ pd-pdstring-0.10.2/debian/patches/reproducible-build.patch  2017-05-29 
22:59:44.0 +0200
@@ -1,19 +1,21 @@
 Description: Make the build reproducible
 Author: Chris Lamb 
-Last-Update: 2016-08-04
-
 pd-pdstring-0.10.2.orig/common/m4/ax_pd_external.m4
-+++ pd-pdstring-0.10.2/common/m4/ax_pd_external.m4
-@@ -242,7 +242,11 @@ AC_DEFUN([AX_PD_EXTERNAL],
+Last-Update: 2017-05-04
+--- pd-pdstring.orig/common/m4/ax_pd_external.m4
 pd-pdstring/common/m4/ax_pd_external.m4
+@@ -244,8 +244,13 @@
  
   ##vv
   ## compiled
 - AC_DEFINE_UNQUOTED(PACKAGE_BUILD_DATE,  "`date`",   [Date this package was 
configured])
+- AC_DEFINE_UNQUOTED(PACKAGE_BUILD_USER,  "$USER",[User who configured 
this package])
 + if test -n "$SOURCE_DATE_EPOCH"; then
-+   AC_DEFINE_UNQUOTED(PACKAGE_BUILD_DATE,  "`LC_ALL=C date --utc 
--date="@$SOURCE_DATE_EPOCH"`",   [Date this package was configured])
++   AC_DEFINE_UNQUOTED(PACKAGE_BUILD_DATE,  "$(LC_ALL=C date --utc 
--date="@$SOURCE_DATE_EPOCH")",   [Date this package was configured])
++   AC_DEFINE_UNQUOTED(PACKAGE_BUILD_USER,  "Debian",[User who configured 
this package])
 + else
-+   AC_DEFINE_UNQUOTED(PACKAGE_BUILD_DATE,  "`date`",   [Date this package was 
configured])
++   AC_DEFINE_UNQUOTED(PACKAGE_BUILD_DATE,  "$(date)",   [Date this package 
was configured])
++   AC_DEFINE_UNQUOTED(PACKAGE_BUILD_USER,  "$USER",[User who configured 
this package])
 + fi
-  AC_DEFINE_UNQUOTED(PACKAGE_BUILD_USER,  "$USER",[User who configured 
this package])
   ## /compiled
   ##^^
+ 

Bug#863709: unblock: seqan2/2.3.1+dfsg-3.1

[Chris Lamb]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-CC: Andreas Tille 

Dear Release Team,

Please consider unblocking seqan2 2.3.1+dfsg-3.1:
  
  seqan2 (2.3.1+dfsg-3.1) unstable; urgency=medium
  
* Non-maintainer upload.
* Fix broken /usr/bin/splazers symlink on 32-bit architectures.
  (Closes: #863669)


The full debdiff is attached.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-


debdiff
Description: Binary data

Bug#863708: unblock: nvidia-settings/375.66-1

[Andreas Beckmann]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package nvidia-settings

I just uploaded a new upstream release of nvidia-settings to unstable.

Usually NVIDIA only bumps the version of nvidia-settings etc. for new
upstream releases of long-lived driver branches, but this time there are
some actual code changes. Since we are going to have
nvidia-graphics-drivers 375.66-1 in stretch to fix the recent CVE
series, we should not deviate from upstream here and keep the version in
sync.

There are some more upstream changes included that were not documented
in the upstream changelog (only available in the driver).
Most notable a newer version of the nvml.h header (libnvidia-ml1 is
shipped by the driver, but the header is not), this is *not* part of the
libxnvctrl0 API.

I also dropped the pie.patch, since the toolchain has improved w.r.t.
PIE defaults, s.t. this is no longer needed.

nvidia-settings (375.66-1) unstable; urgency=medium

  * New upstream release 375.66.
- Updated the display configuration page in the nvidia-settings
  control panel to accurately reflect HDMI 3D refresh rates.
  * Remove PIE workarounds, this now works out-of-the-box.

 -- Andreas Beckmann   Tue, 30 May 2017 10:42:42 +0200

unblock nvidia-settings/375.66-1


Andreas


nvidia-settings_375.66-1.dsc.diff.gz
Description: application/gzip

Bug#863706: unblock: coyim/0.3.7-3

[Sascha Steinbiss]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

please unblock coyim. The version currently in unstable fixes an
FTBFS due to failing tests which also tried network connections at
build time. See #863414 [1].

The patch, kindly provided by Chris Lamb, is very small and disables
the problematic tests, which shouldn't really run at build time anyway.
Please see attached debdiff for the exact changes.

unblock coyim/0.3.7-3

Thanks
Sascha

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863414
diff -Nru coyim-0.3.7/debian/changelog coyim-0.3.7/debian/changelog
--- coyim-0.3.7/debian/changelog2016-11-04 00:17:08.0 +0100
+++ coyim-0.3.7/debian/changelog2017-05-29 10:31:46.0 +0200
@@ -1,3 +1,14 @@
+coyim (0.3.7-3) unstable; urgency=medium
+
+  [ Chris Lamb ]
+  * Skip tests that require internet access to avoid FTBFS. Whilst this was
+proximately caused by missing Build-Depends on "ca-certificates", the
+testsuite would remain brittle due to it requiring an internet connection
+and a valid remote SSL certificate at www.olabini.se:443.
+(Closes: #863414)
+
+ -- Sascha Steinbiss   Mon, 29 May 2017 10:31:46 +0200
+
 coyim (0.3.7-2) unstable; urgency=medium
 
   * Remove unused Build-deps on golint, ruby and git.
diff -Nru coyim-0.3.7/debian/rules coyim-0.3.7/debian/rules
--- coyim-0.3.7/debian/rules2016-10-28 07:40:28.0 +0200
+++ coyim-0.3.7/debian/rules2017-05-29 10:17:08.0 +0200
@@ -12,7 +12,8 @@
 
 override_dh_auto_test:
find ./config/importer -type d -name '*test_data' | xargs cp -rv -t 
/tmp ./config/importer/xmpp_client_test_conf.json
-   dh_auto_test --
+   # Skip tests requiring internet access
+   DH_GOLANG_EXCLUDES="github.com/twstrike/coyim/xmpp" dh_auto_test --
 
 override_dh_auto_build:
dh_auto_build --

Bug#863645: marked as done (unblock: cqrlog/2.0.2-1.1)

[Debian Bug Tracking System]

Your message dated Tue, 30 May 2017 08:21:28 + (UTC)
with message-id <1808321498.4732421.1496132488...@mail.yahoo.com>
and subject line Re: Bug#863645: unblock: cqrlog 2.0.2-1.1
has caused the Debian Bug report #863645,
regarding unblock: cqrlog/2.0.2-1.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863645: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863645
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org

User: release.debian@packages.debian.org

Usertags: unblock


Hi release team


Please unblock package cqrlog

unblock cqrlog/2.0.2-1.1

I found a bug that was preventing the package from working if the mysql compat 
library
was not installed.
The code is doing the pascal "dlopen" call to find libmysqlclient.so, and this 
is not available
anymore since mariadb switch.



Using the compat package brings a symlink that makes the program behave 
correctly.

thanks

G.


diff -Nru cqrlog-2.0.2/debian/changelog cqrlog-2.0.2/debian/changelog

--- cqrlog-2.0.2/debian/changelog2016-09-09 14:58:50.0 +0200

+++ cqrlog-2.0.2/debian/changelog2017-05-29 19:06:55.0 +0200

@@ -1,3 +1,13 @@

+cqrlog (2.0.2-1.1) unstable; urgency=medium

+

+  * Non-maintainer upload.

+  * Depent on virtual mysql server implementation (Closes: #848430)

+  * Depend on default-libmysqlclient-dev, to have the libmysqlclient.so

+symlink available at runtime (function TdmData.GetMySQLLib

+loads it dynamically Closes: #863644.

+

+ -- Gianfranco Costamagna   Mon, 29 May 2017 
17:29:07 +0200

+

cqrlog (2.0.2-1) unstable; urgency=medium


* New upstream bugfix release.

diff -Nru cqrlog-2.0.2/debian/control cqrlog-2.0.2/debian/control

--- cqrlog-2.0.2/debian/control2016-05-03 10:56:29.0 +0200

+++ cqrlog-2.0.2/debian/control2017-05-29 19:05:57.0 +0200

@@ -13,8 +13,8 @@


Package: cqrlog

Architecture: any

-Depends: ${shlibs:Depends}, ${misc:Depends}, libssl-dev, mysql-client | 
mariadb-client, libhamlib2 (>= 1.2.10), libhamlib-utils (>= 1.2.10)

-Recommends: mysql-server | mariadb-server, xplanet

+Depends: ${shlibs:Depends}, ${misc:Depends}, libssl-dev, default-mysql-client 
| virtual-mysql-client, default-libmysqlclient-dev, libhamlib2 (>= 1.2.10), 
libhamlib-utils (>= 1.2.10)

+Recommends: default-mysql-server | virtual-mysql-server, xplanet

Description: Advanced logging program for hamradio operators

CQRLOG is an advanced ham radio logger based on MySQL embedded database. 

Provides radio control based on hamlib libraries (currently support of 140+ 
--- End Message ---
--- Begin Message ---
Hi

>your choice, probably the upstream fix is better because it pulls one less 
>package from the archive :)


closing in the meanwhile, seems that the maintainer answered, so I'll leave the 
problem
to him :)

G.--- End Message ---

Processed: Re: Bug#863628: unblock: apt-mirror/0.5.4-1

[Debian Bug Tracking System]

Processing control commands:

> tag -1 - moreinfo
Bug #863628 [release.debian.org] unblock: apt-mirror/0.5.4-1
Removed tag(s) moreinfo.

-- 
863628: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863628
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#863628: unblock: apt-mirror/0.5.4-1

[Benjamin Drung]

Control: tag -1 - moreinfo

Hi Jonathan,

Am Montag, den 29.05.2017, 18:49 +0100 schrieb Jonathan Wiltshire:
> Control: tag -1 moreinfo
> 
> On Mon, May 29, 2017 at 02:45:31PM +0200, Benjamin Drung wrote:
> > apt-mirror 0.5.4 is a very small bug-fix release for stretch. It
> > fixes
> > the warning about the use of uninitialized value $config{"options"}
> > (which hits most users).
> 
> That is not all though, is it? Could you provide some background to
> the
> other changes?

I thought that the debian/changelog was sufficient:

- Fix use of uninitialized value $config{"options"} warning
  (Closes: #851979, #859601)
- Fix warning on repository without md5sum
- Write SHA1 and SHA256 in addition to MD5
- Also download xz-compressed Components-$arch.yml.xz

For more details, please look at the 5 individual commits from git
repository: https://github.com/apt-mirror/apt-mirror/commits/master

-- 
Benjamin Drung
System Developer
Debian & Ubuntu Developer

ProfitBricks GmbH
Greifswalder Str. 207
D - 10405 Berlin

Email: benjamin.dr...@profitbricks.com
Web: https://www.profitbricks.com

Sitz der Gesellschaft: Berlin.
Registergericht: Amtsgericht Charlottenburg, HRB 125506B.
Geschäftsführer: Achim Weiss.

Bug#863702: unblock: compiz/0.9.13.0+16.10.20160818.2-5.1 (pre-approval)

[Andreas Beckmann]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi,

I want to upload a NMU of compiz to unstable fixing an upgrade issue
from squeeze (there was no compiz in wheezy or jessie) by adding missing
Breaks+Replaces, proposed patch attached.

unblock compiz/0.9.13.0+16.10.20160818.2-5.1

Andreas
diff -u compiz-0.9.13.0+16.10.20160818.2/debian/changelog compiz-0.9.13.0+16.10.20160818.2/debian/changelog
--- compiz-0.9.13.0+16.10.20160818.2/debian/changelog
+++ compiz-0.9.13.0+16.10.20160818.2/debian/changelog
@@ -1,3 +1,12 @@
+compiz (1:0.9.13.0+16.10.20160818.2-5.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * compiz-plugins-default: Fix upgrading from the squeeze packages by adding
+Breaks+Replaces: compiz-core (<< 1:0.9.4+bzr20110606-0ubuntu3).
+(Closes: #860780)
+
+ -- Andreas Beckmann   Tue, 30 May 2017 09:33:29 +0200
+
 compiz (1:0.9.13.0+16.10.20160818.2-5) unstable; urgency=medium
 
   * Adjust 65compiz_profile-on-session to look at x-session-manager
diff -u compiz-0.9.13.0+16.10.20160818.2/debian/control compiz-0.9.13.0+16.10.20160818.2/debian/control
--- compiz-0.9.13.0+16.10.20160818.2/debian/control
+++ compiz-0.9.13.0+16.10.20160818.2/debian/control
@@ -182,8 +182,10 @@
  ${misc:Depends},
 Replaces: compiz-plugins-main-default (<< 1:0.9.8),
   compiz-plugins (<< 1:0.9.12.1+15.10.20150724),
+  compiz-core (<< 1:0.9.4+bzr20110606-0ubuntu3),
 Breaks: compiz-plugins-main-default (<< 1:0.9.8),
 compiz-plugins (<< 1:0.9.12.1+15.10.20150724),
+compiz-core (<< 1:0.9.4+bzr20110606-0ubuntu3),
 Description: OpenGL window and compositing manager - default plugins
  Compiz brings to life a variety of visual effects that make the Linux desktop
  easier to use, more powerful and intuitive, and more accessible for users

Bug#863634: unblock: systemd/232-24

[Michael Biebl]

Control: tags -1 - moreinfo
Control: retitle -1 unblock: systemd/232-24

Hi!

Am 29.05.2017 um 23:56 schrieb Jonathan Wiltshire:
> Please go ahead and remove the moreinfo tag when it is ready to be
> unblocked.

Uploaded and built everywhere.

Regards,
Michael


unblock: systemd/232-24

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Processed: Re: Bug#863634: unblock: systemd/232-24

[Debian Bug Tracking System]

Processing control commands:

> tags -1 - moreinfo
Bug #863634 [release.debian.org] unblock (pre-approval): systemd/232-24
Removed tag(s) moreinfo.
> retitle -1 unblock: systemd/232-24
Bug #863634 [release.debian.org] unblock (pre-approval): systemd/232-24
Changed Bug title to 'unblock: systemd/232-24' from 'unblock (pre-approval): 
systemd/232-24'.

-- 
863634: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863634
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems