Bug#925028: unblock: dwww/1.13.4+nmu1
On Sat, Mar 23, 2019 at 09:29:44PM +, Jonathan Wiltshire wrote:
> Control: tag -1 moreinfo
>
> On Tue, Mar 19, 2019 at 11:00:33PM +0900, Osamu Aoki wrote:
> > diff -Nru dwww-1.13.4/debian/control dwww-1.13.4+nmu1/debian/control
> > --- dwww-1.13.4/debian/control 2017-06-21 05:13:20.0 +0900
> > +++ dwww-1.13.4+nmu1/debian/control 2019-03-16 18:31:19.0 +0900
> > @@ -5,8 +5,8 @@
> > Build-Depends: debhelper (>= 10), dh-apache2, lsb-release, publib-dev
> > Build-Conflicts: apache2-dev (<< 2.4.4-6~)
> > Standards-Version: 4.0.0
> > -Vcs-Git: https://anonscm.debian.org/git/users/robert/dwww.git
> > -Vcs-Browser: https://anonscm.debian.org/cgit/users/robert/dwww.git
> > +Vcs-Git: https://salsa.debian.org/debian/dwww.git
> > +Vcs-Browser: https://salsa.debian.org/debian/dwww
> >
> > Package: dwww
> > Architecture: any
> > @@ -23,10 +23,26 @@
> > ${perl:Depends},
> > ${shlibs:Depends}
> > Breaks: apache2 (<< 2.4.4-6~)
> > -Recommends: apt, dlocate (>= 0.5-0.1), info2www, swish++,
> > ${misc:Recommends}
> > -Suggests: doc-debian, dpkg-www, links | www-browser
> > +Recommends: apt,
> > +dlocate (>= 0.5-0.1),
> > +doc-debian,
> > +dpkg-www,
> > +info2www,
> > +links | www-browser,
> > +swish++,
> > +${misc:Recommends}
>
> This promotion of packages from Suggests to Recommends is not mentioned in
> the changelog. What is its purpose?
dwww in old setting with older apache used to publish web page to
non-local machine. So browser was not needed. Now for security
concern, we limit to local as default.
links | www-browser
* this is very much intended
* user has to manually enable apache CGI module.
* The default access is limited to local
* So having browser is a almost must
--> Valid objection: Why links
Why not firefox-esr:
true but tried to be minimal change
dpkg-www
* dpkg-www recommends dwww
* CGI script is the same situation: require local
* not much loss of resource and help user via local web which is
accessed via clicking desktop icon.
--> Valid objection: Yah but ...: true
doc-debian
* Nice to have as a part of links
* not much loss of resource and help user via local web to know
what Debian is
--> Valid objection: Yah but ...: true
Osamu
Bug#925383: unblock: shorewall/5.2.3.2-1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Shorewall upstream released version 5.2.3.2 a few days ago. While this
unblock request is for 6 packages, only shorewall contains any
functional changes. The other five packages contain only a version
increment and release notes entry.
Here is the explanation of the upstream change:
5.2.3.2
1) Shorewall 5.2 automatically converts and existing 'masq' file to an
equivalent 'snat' file. Regrettably, Shorewall 5.2.3 broke that
automatic update, such that the following error message was issued:
Use of uninitialized value $Shorewall::Nat::raw::currentline in
pattern match (m//) at /usr/share/shorewall/Shorewall/Nat.pm
line 511, <$currentfile> line nnn.
and the generted 'masq' file contains only initial comments.
That has been corrected.
I have attached debdiffs for all 6 packages.
Given the small scope and size of the fix and that the Shorewall
upstream project is undergoing some changes that most likely make this
the last release for quite some time, I would very much like to see this
make it into Buster.
Regards,
- -Roberto
unblock shorewall/5.2.3.2-1
unblock shorewall6/5.2.3.2-1
unblock shorewall-lite/5.2.3.2-1
unblock shorewall6-lite/5.2.3.2-1
unblock shorewall-core/5.2.3.2-1
unblock shorewall-init/5.2.3.2-1
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAlyW5u0ACgkQLNd4Xt2n
sg+C4w/9FvQBTnKgjT3o+jNamHNw5fTofLCM0x+7uVSWzI4v9YjwJnBBjhGSvd/7
t8NsOLTj6bjplylRiiOrvqUAgfl3p8LxkSNYHtxZdgUhU8kKcTHYmWOgOtHDrp/+
2wB2YSGTjkMl6QzsvK9e/P35xZ7Sd/iQlEU9miwmYWlT5b3l18M5ekZRZmroM8VU
Wn8yhfJzWBZs1MKcaV58rtVM3yl/ZfwhtjFIIvWVqc94w20POFTZR7FkEMTxd5NQ
9C+bzrZS13+QP6wYs7XLekFDtNGGn9s5PK/k67syuT7q6YdjRfhyHKMxHM/hsY22
ppGUd1qqcRspxOod/EPI5AqE4BUmUpVkfF3I2OmbWPFgK+UNrkYd3NIzdkBn1ahW
T2LrSPJPYvmN3/bo+tSP1U1m0Hh5+g0XDllTNBExQZq7JiAgoHPKVdgmUzihEl6c
71ao9kS/FzpuwwciFcg/TrTEFFJdm1VLBMviNatZhMTttkD8Fmrot2SBtpVGvOkg
ddiEHzpR7Ba95hrBOI3Jyu7Z8Ff3iF2hrd31IrMCjYKiJmXCisPHyUeJReKo6pIB
kj4Qm8STO6rwc2hm4/nKHrrbP3pMo9nRaY8Kumqo7Qc/hv1/90WhMJdPdd75kg/s
SaQjkiyfe/egZihShkJYsZNhRXfSSTsPSkgp7csN1kDzJiYZva4=
=SmkF
-END PGP SIGNATURE-
diff --git a/Perl/Shorewall/Config.pm b/Perl/Shorewall/Config.pm
index bb68bb3d..ba800020 100644
--- a/Perl/Shorewall/Config.pm
+++ b/Perl/Shorewall/Config.pm
@@ -684,7 +684,6 @@ our $shorewall_dir; # Shorewall Directory; if
non-empty, search here fi
our $debug; # Global debugging flag
our $confess;# If true, use Carp to report errors with stack
trace.
-our $update; # True if this is an update
our $family; # Protocol family (4 or 6)
our $export; # True when compiling for export
@@ -851,7 +850,7 @@ sub initialize( $;$$$) {
TC_SCRIPT => '',
EXPORT => 0,
KLUDGEFREE => '',
- VERSION => "5.2.3.1",
+ VERSION => "5.2.3.2",
CAPVERSION => 50200 ,
BLACKLIST_LOG_TAG => '',
RELATED_LOG_TAG => '',
@@ -1192,7 +1191,6 @@ sub initialize( $;$$$) {
$debug = 0;
$confess = 0;
-$update = 0;
%params = ();
@@ -4023,9 +4021,9 @@ sub read_a_line($) {
#
handle_first_entry if $first_entry;
#
- # Save Raw Image if we are updating
+ # Save Raw Image
#
- $rawcurrentline = $currentline if $update;
+ $rawcurrentline = $currentline;
#
# Expand Shell Variables using %params and %actparams
#
@@ -4075,14 +4073,16 @@ sub process_shorewallrc( $$ ) {
my ( $shorewallrc , $product ) = @_;
$shorewallrc{PRODUCT} = $product;
+$variables{PRODUCT} = $product;
if ( open_file $shorewallrc ) {
- while ( read_a_line( STRIP_COMMENTS | SUPPRESS_WHITESPACE | CHECK_GUNK
) ) {
+ while ( read_a_line( STRIP_COMMENTS | SUPPRESS_WHITESPACE | CHECK_GUNK
| EXPAND_VARIABLES ) ) {
if ( $currentline =~ /^([a-zA-Z]\w*)=(.*)$/ ) {
my ($var, $val) = ($1, $2);
$val = $1 if $val =~ /^\"([^\"]*)\"$/;
expand_shorewallrc_variables($val) if supplied $val;
$shorewallrc{$var} = $val;
+ $variables{$var} = $val;
} else {
fatal_error "Unrecognized shorewallrc entry";
}
@@ -5593,8 +5593,8 @@ EOF
#
# Small functions called by get_configuration. We separate them so profiling
is more useful
#
-sub process_shorewall_conf( $ ) {
-my ( $annotate ) = @_;
+sub process_shorewall_conf( $$ ) {
+my ( $update, $annotate ) = @_;
my $file = find_file "$product.conf";
my @vars;
@@
Bug#925332: unblock: grub2/2.02+dfsg1-15
Control: reopen -1
Control: retitle -1 unblock: grub2/2.02+dfsg1-16
On Sat, Mar 23, 2019 at 06:19:00PM +, Niels Thykier wrote:
> Colin Watson:
> > Please review and unblock grub2 2.02+dfsg1-15 (just uploaded, so not
> > quite in the archive yet). I still have some more RC-bug-fixing to do,
> > but the EFI variable storage changes here are probably going to be the
> > most complicated remaining change for buster, so I want to maximise the
> > time available for finding bugs in it.
> >
> > unblock grub2/2.02+dfsg1-15
>
> Thanks for fixing this bug. :)
>
> Unblocked, thanks,
Could you bump this hint to:
unblock grub2/2.02+dfsg1-16
... please? I made a mistake that broke building on armel/armhf, so I
had to do a quick follow-up to fix that. Sorry for the inconvenience.
Incremental debdiff attached.
Thanks,
--
Colin Watson [cjwat...@debian.org]
diff -Nru grub2-2.02+dfsg1/debian/.git-dpm grub2-2.02+dfsg1/debian/.git-dpm
--- grub2-2.02+dfsg1/debian/.git-dpm2019-03-23 00:39:00.0 +
+++ grub2-2.02+dfsg1/debian/.git-dpm2019-03-23 13:48:41.0 +
@@ -1,6 +1,6 @@
# see git-dpm(1) from git-dpm package
-649e5a39cc5ddf42f6853a0bf818685a625f7cab
-649e5a39cc5ddf42f6853a0bf818685a625f7cab
+3ddfe605a6a472100f529c3d7465bf4eb7fe954d
+3ddfe605a6a472100f529c3d7465bf4eb7fe954d
59aeb1cfaa3d5bfd7bb0f0d37f6d9eed51fe
59aeb1cfaa3d5bfd7bb0f0d37f6d9eed51fe
grub2_2.02+dfsg1.orig.tar.xz
diff -Nru grub2-2.02+dfsg1/debian/changelog grub2-2.02+dfsg1/debian/changelog
--- grub2-2.02+dfsg1/debian/changelog 2019-03-23 09:56:35.0 +
+++ grub2-2.02+dfsg1/debian/changelog 2019-03-23 23:28:17.0 +
@@ -1,3 +1,9 @@
+grub2 (2.02+dfsg1-16) unstable; urgency=medium
+
+ * Fix -Wcast-align diagnostics on ARM.
+
+ -- Colin Watson Sat, 23 Mar 2019 23:28:17 +
+
grub2 (2.02+dfsg1-15) unstable; urgency=medium
* Build-depend on libefiboot-dev and libefivar-dev, for EFI variable
diff -Nru
grub2-2.02+dfsg1/debian/patches/efi-variable-storage-minimise-writes.patch
grub2-2.02+dfsg1/debian/patches/efi-variable-storage-minimise-writes.patch
--- grub2-2.02+dfsg1/debian/patches/efi-variable-storage-minimise-writes.patch
2019-03-23 00:39:00.0 +
+++ grub2-2.02+dfsg1/debian/patches/efi-variable-storage-minimise-writes.patch
2019-03-23 13:48:41.0 +
@@ -1,4 +1,4 @@
-From 649e5a39cc5ddf42f6853a0bf818685a625f7cab Mon Sep 17 00:00:00 2001
+From 3ddfe605a6a472100f529c3d7465bf4eb7fe954d Mon Sep 17 00:00:00 2001
From: Colin Watson
Date: Mon, 11 Mar 2019 11:17:43 +
Subject: Minimise writes to EFI variable storage
@@ -51,11 +51,11 @@
Makefile.util.def | 20 ++
configure.ac| 12 +
grub-core/osdep/efivar.c| 3 +
- grub-core/osdep/unix/efivar.c | 503
+ grub-core/osdep/unix/efivar.c | 508
grub-core/osdep/unix/platform.c | 100 +--
include/grub/util/install.h | 5 +
util/grub-install.c | 4 +-
- 8 files changed, 557 insertions(+), 95 deletions(-)
+ 8 files changed, 562 insertions(+), 95 deletions(-)
create mode 100644 grub-core/osdep/efivar.c
create mode 100644 grub-core/osdep/unix/efivar.c
@@ -213,10 +213,10 @@
+#endif
diff --git a/grub-core/osdep/unix/efivar.c b/grub-core/osdep/unix/efivar.c
new file mode 100644
-index 0..2991c71db
+index 0..4a58328b4
--- /dev/null
+++ b/grub-core/osdep/unix/efivar.c
-@@ -0,0 +1,503 @@
+@@ -0,0 +1,508 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2013,2019 Free Software Foundation, Inc.
@@ -445,57 +445,62 @@
+ else if (newlist)
+{
+ for (i = 0; i < nentries; ++i)
-+ free (newlist[i]);
++ free_efi_variable (newlist[i]);
+ free (newlist);
+}
+ return rc;
+}
+
++#define GET_ORDER(data, i) \
++ ((uint16_t) ((data)[(i) * 2]) + ((data)[(i) * 2 + 1] << 8))
++#define SET_ORDER(data, i, num) \
++ do { \
++(data)[(i) * 2] = (num) & 0xFF; \
++(data)[(i) * 2 + 1] = ((num) >> 8) & 0xFF; \
++ } while (0)
++
+static void
+remove_from_boot_order (struct efi_variable *order, uint16_t num)
+{
-+ uint16_t *data;
+ unsigned int old_i, new_i;
+
+ /* We've got an array (in order->data) of the order. Squeeze out any
+ instance of the entry we're deleting by shifting the remainder down. */
-+ data = (uint16_t *) order->data;
-+
+ for (old_i = 0, new_i = 0;
+ old_i < order->data_size / sizeof (uint16_t);
+ ++old_i)
+{
-+ if (data[old_i] != num) {
-+ if (new_i != old_i)
-+data[new_i] = data[old_i];
-+ new_i++;
-+ }
++ uint16_t old_num = GET_ORDER (order->data, old_i);
++ if (old_num != num)
++ {
++if (new_i != old_i)
++ SET_ORDER (order->data, new_i, old_num);
++++new_i;
++ }
+}
+
-+ order->data_size = sizeof (data[0]) * new_i;
++ order->data_size =
Processed: Re: Bug#925332: unblock: grub2/2.02+dfsg1-15
Processing control commands:
> reopen -1
Bug #925332 {Done: Niels Thykier } [release.debian.org]
unblock: grub2/2.02+dfsg1-15
Bug reopened
Ignoring request to alter fixed versions of bug #925332 to the same values
previously set
> retitle -1 unblock: grub2/2.02+dfsg1-16
Bug #925332 [release.debian.org] unblock: grub2/2.02+dfsg1-15
Changed Bug title to 'unblock: grub2/2.02+dfsg1-16' from 'unblock:
grub2/2.02+dfsg1-15'.
--
925332: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925332
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processed: unblock: dns-root-data/2019031302
Processing control commands: > block -1 by 925374 Bug #925376 [release.debian.org] unblock: dns-root-data/2019031302 925376 was not blocked by any bugs. 925376 was not blocking any bugs. Added blocking bug(s) of 925376: 925374 > affects -1 + src:dns-root-data Bug #925376 [release.debian.org] unblock: dns-root-data/2019031302 Added indication that 925376 affects src:dns-root-data -- 925376: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925376 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#925376: unblock: dns-root-data/2019031302
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Control: block -1 by 925374
Control: affects -1 + src:dns-root-data
Please unblock package dns-root-data, package version 2019031302.
This closes serious bug #925374 ("dns-root-data: ships an obsolete root
zone signing key"), which notes that the older versions of dns-root-data
ship with a root key that is now expired. This is not the absolute
worst thing, because they *also* ship with the functional, current root
key. But it is not a good idea to leave this sort of thing lying
around, and we probably don't want to release it in buster.
the debdiff between 2018091102 and 2019031302 is attached. It's a bit
more complex than just dropping the keys from the distributed files,
because it includes a few extra verification steps during package build,
and accounts for the validity window described in iana's
root-anchors.xml.
The binary diff is actually much smaller :)
To properly avoid this sort of delay for future planned
rollovers/transition, i think we need marginally more sophisticated
binary packages, which i've started a discussion on in #925349. But
that work isn't relevant directly for the upcoming buster release.
Thanks for your work on debian buster, and sorry for the extra unblock
hassle here,
--dkg
unblock dns-root-data/2019031302
diff --git publicsuffix-2018091102/debian/changelog publicsuffix-2019031302/debian/changelog
index 68800a6..8a4a8b3 100644
--- publicsuffix-2018091102/debian/changelog
+++ publicsuffix-2019031302/debian/changelog
@@ -1,3 +1,15 @@
+dns-root-data (2019031302) unstable; urgency=medium
+
+ * cryptographically verify root.hints
+ * get_orig_source: refresh root-anchors.{xml,p7s} as well
+ * update root data to 2019031302
+ * standards-version: bump to 4.3.0 (no changes needed)
+ * parse-root-anchors.sh: account for validity windows
+ * check: deliberately skip the TTL generated by ldns-key2ds
+ * dns-root-data is Multi-Arch: foreign
+
+ -- Daniel Kahn Gillmor Sat, 23 Mar 2019 15:33:17 +0100
+
dns-root-data (2018091102) unstable; urgency=medium
* new upstream version of root.hints, 2018091102
diff --git publicsuffix-2018091102/debian/control publicsuffix-2019031302/debian/control
index 940e507..7295849 100644
--- publicsuffix-2018091102/debian/control
+++ publicsuffix-2019031302/debian/control
@@ -8,11 +8,12 @@ Uploaders:
Robert Edmonds ,
Build-Depends:
debhelper (>= 11~),
+ gpgv,
ldnsutils,
openssl,
unbound-anchor,
xml2,
-Standards-Version: 4.2.1
+Standards-Version: 4.3.0
Homepage: https://data.iana.org/root-anchors/
Vcs-Git: https://salsa.debian.org/dns-team/dns-root-data.git
Vcs-Browser: https://salsa.debian.org/dns-team/dns-root-data
@@ -20,6 +21,7 @@ Rules-Requires-Root: no
Package: dns-root-data
Architecture: all
+Multi-Arch: foreign
Depends:
${misc:Depends},
Description: DNS root data including root zone and DNSSEC key
diff --git publicsuffix-2018091102/debian/rules publicsuffix-2019031302/debian/rules
index 3c46b59..5fe3d9a 100755
--- publicsuffix-2018091102/debian/rules
+++ publicsuffix-2019031302/debian/rules
@@ -14,11 +14,14 @@ override_dh_auto_build:
# Verify root-anchors.xml using OpenSSL
openssl smime -verify -noverify -inform DER -in root-anchors.p7s -content root-anchors.xml
+ # Verify root.hints
+ gpgv --keyring $(CURDIR)/registry-admin.key $(CURDIR)/root.hints.sig $(CURDIR)/root.hints
+
# Create key from validated root-anchors.xml
./parse-root-anchors.sh < root-anchors.xml | sort -k 4 -n > root-anchors.ds
# Create key from downloaded root.key
- /usr/bin/ldns-key2ds -n -2 root.key | sed -e 's/\t/ /g' -e 's/ 172800//' | sort -k 4 -n > root.ds
+ /usr/bin/ldns-key2ds -n -2 root.key | cut --fields=1,3- --output-delimiter=' ' | sort -k 4 -n > root.ds
# Compare the DS from root.key and from root-anchors.xml
diff -u root-anchors.ds root.ds
@@ -35,3 +38,7 @@ get_orig_source:
< $(CURDIR)/root-auto.key grep -Ev "^($$|;)" | sed -e 's/ ;;count=.*//' > $(CURDIR)/root.key
rm $(CURDIR)/root-auto.key
wget -O $(CURDIR)/root.hints "https://www.internic.net/domain/named.root;
+ wget -O $(CURDIR)/root.hints.sig "https://www.internic.net/domain/named.root.sig;
+ # get root-anchors.xml and root-anchors.p7s as well
+ wget -O $(CURDIR)/root-anchors.xml 'http://data.iana.org/root-anchors/root-anchors.xml'
+ wget -O $(CURDIR)/root-anchors.p7s 'http://data.iana.org/root-anchors/root-anchors.p7s'
diff --git publicsuffix-2018091102/parse-root-anchors.sh publicsuffix-2019031302/parse-root-anchors.sh
index 4281534..eb1696b 100755
--- publicsuffix-2018091102/parse-root-anchors.sh
+++ publicsuffix-2019031302/parse-root-anchors.sh
@@ -1,6 +1,6 @@
#!/bin/sh
-unset ZONE KTAG ALGO DTYPE DIGEST
+unset ZONE KTAG ALGO DTYPE DIGEST EXPIRES BEGINS
export IFS="="
xml2 | while read -r KEY VAL; do
@@ -9,14 +9,22 @@ xml2 | while read -r KEY VAL; do
"/TrustAnchor/KeyDigest/KeyTag") KTAG="$VAL";;
Bug#925314: unblock: wordpress/5.0.3+dfsg1-1
Hi,
Attached is a debdiff between 5.0.3 to 5.04 which is essentially the
changesets I previously reference from the upstream SVN repository.
Option 1 is my preference, the main difference between #1 and #2 was the
changelog version.
- Craig
diff -Nru wordpress-5.0.3+dfsg1/debian/changelog wordpress-5.0.4+dfsg1/debian/changelog
--- wordpress-5.0.3+dfsg1/debian/changelog 2019-02-05 22:23:39.0 +1100
+++ wordpress-5.0.4+dfsg1/debian/changelog 2019-03-24 09:20:02.0 +1100
@@ -1,3 +1,10 @@
+wordpress (5.0.4+dfsg1-1) testing-proposed-updates; urgency=medium
+
+ * Backport of 5.1.1 patches
+ * Fix XSS security hole in comments Closes: #924546 CVE-2019-9787
+
+ -- Craig Small Sun, 24 Mar 2019 09:20:02 +1100
+
wordpress (5.0.3+dfsg1-1) unstable; urgency=medium
* New upstream release
diff -Nru wordpress-5.0.3+dfsg1/wp-admin/about.php wordpress-5.0.4+dfsg1/wp-admin/about.php
--- wordpress-5.0.3+dfsg1/wp-admin/about.php 2019-02-05 21:54:35.0 +1100
+++ wordpress-5.0.4+dfsg1/wp-admin/about.php 2019-03-24 09:14:11.0 +1100
@@ -65,6 +65,26 @@
Version %s addressed some security issues.' ),
+ '5.0.4'
+);
+?>
+the release notes.' ),
+ sprintf(
+ /* translators: %s: WordPress version */
+ esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+ sanitize_title( '5.0.4' )
+ )
+);
+?>
+
+
+Version %1$s addressed %2$s bug.',
diff -Nru wordpress-5.0.3+dfsg1/wp-admin/includes/ajax-actions.php wordpress-5.0.4+dfsg1/wp-admin/includes/ajax-actions.php
--- wordpress-5.0.3+dfsg1/wp-admin/includes/ajax-actions.php 2019-02-05 21:54:35.0 +1100
+++ wordpress-5.0.4+dfsg1/wp-admin/includes/ajax-actions.php 2019-03-24 09:14:11.0 +1100
@@ -1070,6 +1070,8 @@
if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
kses_remove_filters(); // start with a clean slate
kses_init_filters(); // set up the filters
+remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
+add_filter( 'pre_comment_content', 'wp_filter_kses' );
}
}
} else {
diff -Nru wordpress-5.0.3+dfsg1/wp-includes/comment.php wordpress-5.0.4+dfsg1/wp-includes/comment.php
--- wordpress-5.0.3+dfsg1/wp-includes/comment.php 2019-02-05 21:54:35.0 +1100
+++ wordpress-5.0.4+dfsg1/wp-includes/comment.php 2019-03-24 09:14:11.0 +1100
@@ -3098,6 +3098,8 @@
) {
kses_remove_filters(); // start with a clean slate
kses_init_filters(); // set up the filters
+remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
+add_filter( 'pre_comment_content', 'wp_filter_kses' );
}
}
} else {
diff -Nru wordpress-5.0.3+dfsg1/wp-includes/formatting.php wordpress-5.0.4+dfsg1/wp-includes/formatting.php
--- wordpress-5.0.3+dfsg1/wp-includes/formatting.php 2019-02-05 21:54:35.0 +1100
+++ wordpress-5.0.4+dfsg1/wp-includes/formatting.php 2019-03-24 09:14:11.0 +1100
@@ -2750,10 +2750,12 @@
$atts = shortcode_parse_atts( $matches[1] );
$rel = 'nofollow';
- if ( preg_match( '%href=["\'](' . preg_quote( set_url_scheme( home_url(), 'http' ) ) . ')%i', $text ) ||
- preg_match( '%href=["\'](' . preg_quote( set_url_scheme( home_url(), 'https' ) ) . ')%i', $text )
- ) {
- return "";
+ if ( ! empty( $atts['href'] ) ) {
+ if ( in_array( strtolower( wp_parse_url( $atts['href'], PHP_URL_SCHEME ) ), array( 'http', 'https' ), true ) ) {
+ if ( strtolower( wp_parse_url( $atts['href'], PHP_URL_HOST ) ) === strtolower( wp_parse_url( home_url(), PHP_URL_HOST ) ) ) {
+return "";
+ }
+ }
}
if ( ! empty( $atts['rel'] ) ) {
@@ -2766,11 +2768,11 @@
$html = '';
foreach ( $atts as $name => $value ) {
- $html .= "{$name}=\"$value\" ";
+ $html .= "{$name}=\"" . esc_attr( $value ) . "\" ";
}
$text = trim( $html );
}
- return "";
+ return "";
}
/**
diff -Nru wordpress-5.0.3+dfsg1/wp-includes/version.php wordpress-5.0.4+dfsg1/wp-includes/version.php
--- wordpress-5.0.3+dfsg1/wp-includes/version.php 2019-02-05 21:54:35.0 +1100
+++ wordpress-5.0.4+dfsg1/wp-includes/version.php 2019-03-24 09:14:11.0 +1100
@@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
-$wp_version = '5.0.3';
+$wp_version = '5.0.4';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
@@ -33,3 +33,4 @@
* @global string $required_mysql_version
*/
$required_mysql_version = '5.0';
+
\ No newline at end of file
Bug#924261: stretch-pu: package certbot/0.28.0-1~deb9u1
On Sat, Mar 23, 2019 at 18:21 Adam D. Barratt wrote: > It looks like there was an issue with the upload: Indeed. My new key hasn’t reached the keyring package yet, it seems. I’ll reach out to some of the other pkg-letsencrypt folks and see if I can get one of them to sponsor it in. > -- Harlan Lieberman-Berg ~hlieberman
Bug#924261: stretch-pu: package certbot/0.28.0-1~deb9u1
On Sat, 2019-03-23 at 15:30 -0400, Harlan Lieberman-Berg wrote: > Control: tags -1 + pending > > On Sat, Mar 23, 2019 at 1:17 PM Adam D. Barratt > wrote: > > Welcome to why we get paranoid about changes in stable updates. :-) > > Tell me about it! I'm always chewing my fingernails off every time I > do an upload there... and yet. > > Thanks much for your help! It looks like there was an issue with the upload: Mar 23 19:38:07 processing /python-certbot_0.28.0-1~deb9u2_amd64.changes Mar 23 19:38:08 GnuPG signature check failed on python-certbot_0.28.0-1~deb9u2_amd64.changes Mar 23 19:38:08 /python-certbot_0.28.0-1~deb9u2_amd64.changes has bad PGP/GnuPG signature! Mar 23 19:38:08 Removing /python-certbot_0.28.0-1~deb9u2_amd64.changes, but keeping its associated files for now. Regards, Adam
Bug#925319: marked as done (unblock: twig/2.6.2-2)
Your message dated Sat, 23 Mar 2019 21:36:13 +
with message-id <20190323213613.ga3...@powdarrmonkey.net>
and subject line Re: Bug#925319: unblock: twig/2.6.2-2
has caused the Debian Bug report #925319,
regarding unblock: twig/2.6.2-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
925319: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925319
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package twig, it backports a security fix (Sandbox
Information Disclosure) from the latest (2.7) version.
https://symfony.com/blog/twig-sandbox-information-disclosure
Unfortunately, upstream moved from PSR-0 to PSR-4 prior to fixing this
security issue, so I had to backport the fix instead of simply
cherry-pick the commit. I managed to backport the fixes of the testsuite
too to help in the confidence that the fix is correct. 2.7 is in
experimental, I can upload this version to unstable if you prefer.
Ditto, upstream 1.38 moved from PSR-0 to PSR-4, and backporting the fix
to 1.24 is even more tedious (some structures seem to have changed in
between), so I’m not yet proposing a stretch-update (the security-team
is X-Debbugs-CCed on this report, so they can share their point of view
on this request).
unblock twig/2.6.2-2
Thanks in advance.
Regards
David
diff --git a/debian/changelog b/debian/changelog
index 60645e8a..446f5dfd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+twig (2.6.2-2) unstable; urgency=medium
+
+ * Team upload
+ * Stick to 2.6 for buster
+ * Backport fix from 2.7: security issue in the sandbox
+
+ -- David Prévot Tue, 12 Mar 2019 10:35:44 -1000
+
twig (2.6.2-1) unstable; urgency=medium
* Team upload
diff --git a/debian/gbp.conf b/debian/gbp.conf
index cec628c7..f7127058 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,2 +1,3 @@
[DEFAULT]
+debian-branch = buster
pristine-tar = True
diff --git a/debian/patches/0001-Fix-security-issue-in-the-sandbox.patch b/debian/patches/0001-Fix-security-issue-in-the-sandbox.patch
new file mode 100644
index ..7f872fc0
--- /dev/null
+++ b/debian/patches/0001-Fix-security-issue-in-the-sandbox.patch
@@ -0,0 +1,346 @@
+From: =?utf-8?q?David_Pr=C3=A9vot?=
+Date: Tue, 12 Mar 2019 10:13:15 -1000
+Subject: Fix security issue in the sandbox
+
+Fix sandbox security issue (under some circumstances, calling the
+__toString() method on an object was possible even if not allowed by the
+security policy).
+
+Origin: backport, https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077
+---
+ lib/Twig/Node/CheckToString.php | 39
+ lib/Twig/Node/SandboxedPrint.php| 2 +
+ lib/Twig/NodeVisitor/Sandbox.php| 45 +-
+ src/Node/CheckToStringNode.php | 11
+ test/Twig/Tests/Extension/SandboxTest.php | 95 -
+ test/Twig/Tests/Node/SandboxedPrintTest.php | 33 --
+ 6 files changed, 160 insertions(+), 65 deletions(-)
+ create mode 100644 lib/Twig/Node/CheckToString.php
+ create mode 100644 src/Node/CheckToStringNode.php
+ delete mode 100644 test/Twig/Tests/Node/SandboxedPrintTest.php
+
+diff --git a/lib/Twig/Node/CheckToString.php b/lib/Twig/Node/CheckToString.php
+new file mode 100644
+index 000..07a7837
+--- /dev/null
b/lib/Twig/Node/CheckToString.php
+@@ -0,0 +1,39 @@
++
++ */
++class Twig_Node_CheckToString extends Twig_Node
++{
++public function __construct(Twig_Node_Expression $expr)
++{
++parent::__construct(['expr' => $expr], [], $expr->getTemplateLine(), $expr->getNodeTag());
++}
++
++public function compile(Twig_Compiler $compiler)
++{
++$compiler
++->write('$this->extensions[\'Twig_Extension_Sandbox\']->ensureToStringAllowed(')
++->subcompile($this->getNode('expr'))
++->raw(')')
++;
++}
++}
++
++class_alias('Twig_Node_CheckToString', 'Twig\Node\CheckToStringNode', false);
+diff --git a/lib/Twig/Node/SandboxedPrint.php b/lib/Twig/Node/SandboxedPrint.php
+index eb45cb8..aee7d2f 100644
+--- a/lib/Twig/Node/SandboxedPrint.php
b/lib/Twig/Node/SandboxedPrint.php
+@@ -17,6 +17,8 @@
+ * and if the sandbox is enabled, we need to check that the __toString()
+ * method is allowed if 'article' is an object.
+ *
++ * Not used anymore, to be deprecated in 2.x and removed in 3.0
++ *
+ * @author Fabien Potencier
+ */
+ class Twig_Node_SandboxedPrint extends
Processed: Re: Bug#925028: unblock: dwww/1.13.4+nmu1
Processing control commands: > tag -1 moreinfo Bug #925028 [release.debian.org] unblock: dwww/1.13.4+nmu1 Added tag(s) moreinfo. -- 925028: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925028 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#925028: unblock: dwww/1.13.4+nmu1
Control: tag -1 moreinfo
On Tue, Mar 19, 2019 at 11:00:33PM +0900, Osamu Aoki wrote:
> diff -Nru dwww-1.13.4/debian/control dwww-1.13.4+nmu1/debian/control
> --- dwww-1.13.4/debian/control2017-06-21 05:13:20.0 +0900
> +++ dwww-1.13.4+nmu1/debian/control 2019-03-16 18:31:19.0 +0900
> @@ -5,8 +5,8 @@
> Build-Depends: debhelper (>= 10), dh-apache2, lsb-release, publib-dev
> Build-Conflicts: apache2-dev (<< 2.4.4-6~)
> Standards-Version: 4.0.0
> -Vcs-Git: https://anonscm.debian.org/git/users/robert/dwww.git
> -Vcs-Browser: https://anonscm.debian.org/cgit/users/robert/dwww.git
> +Vcs-Git: https://salsa.debian.org/debian/dwww.git
> +Vcs-Browser: https://salsa.debian.org/debian/dwww
>
> Package: dwww
> Architecture: any
> @@ -23,10 +23,26 @@
> ${perl:Depends},
> ${shlibs:Depends}
> Breaks: apache2 (<< 2.4.4-6~)
> -Recommends: apt, dlocate (>= 0.5-0.1), info2www, swish++, ${misc:Recommends}
> -Suggests: doc-debian, dpkg-www, links | www-browser
> +Recommends: apt,
> +dlocate (>= 0.5-0.1),
> +doc-debian,
> +dpkg-www,
> +info2www,
> +links | www-browser,
> +swish++,
> +${misc:Recommends}
This promotion of packages from Suggests to Recommends is not mentioned in
the changelog. What is its purpose?
--
Jonathan Wiltshire j...@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Bug#925372: unblock: shim/15+1533136590.3beb971-6
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hey folks,
Please unblock package shim
I think we finally have a new shim package setup that's ready for
Buster, giving us a real chance of working Secure Boot with the
release. Apologies in advance, but this unblock is not a pretty one,
with a large set of changes. :-/ However, shim is clearly key to our
SB strategy for Debian. We've moved from a basically-unused amd64-only
shim package in Stretch and Buster so far (0.9+1474479173.6c180c6-1)
to something that will now provide a better working base for
us. Summary of changes:
1. We've moved to a new upstream (from 0.9+1474479173.6c180c6 to
15+1533136590.3beb971). Upstream have been pushing us to make this
change for a long time, and there are a lot of needed changes, both
in security terms and for better architecture support. I'm not even
attempting to attach a debdiff for this - it's ~200K lines.
2. As well as amd64, we're now also building shim for i386 and arm64,
and we've submitted our binaries for signing by Microsoft for all
three architectures. An important achievement in this process is
that the new build is now 100% reproducible. \o/
3. We've significantly reworked the packaging setup for shim and
shim-signed. The main part of this is to use Debian's binary
signing service to manage the process of signing the helper
binaries (mmXXX.efi and fbXXX.efi) so we're no longer using
ephemeral keys for those in the shim build process. This helps for
the reproducibility.
4. Along the way we've also renamed packages and re-arranged things
for extra clarity and fixed quite a few bugs.
5. We've moved from a single maintainer to team maintenance for the
shim packages.
Apologies for not getting this unblocked earlier, it's been quite a
ride in the last few months. :-/ We have done a lot of testing with
this code, just not yet directly in Buster.
I'm attaching a debdiff to show the small packaging changes *since*
the move to the new upstream shim release.
There will be a matching shim-signed unblock coming soon, as and when
we get our new shim binaries signed with the Microsoft key.
unblock shim/15+1533136590.3beb971-6
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru shim-15+1533136590.3beb971/debian/changelog
shim-15+1533136590.3beb971/debian/changelog
--- shim-15+1533136590.3beb971/debian/changelog 2019-02-09 07:23:19.0
+
+++ shim-15+1533136590.3beb971/debian/changelog 2019-03-23 18:19:13.0
+
@@ -1,3 +1,73 @@
+shim (15+1533136590.3beb971-6) unstable; urgency=medium
+
+ [ Steve McIntyre ]
+ * Add Provides: and Breaks: to shim-helpers-$arch-signed to fix
+clashes with the old shim-signed package for fbx64.efi.signed and
+mmx64.efi.signed. Closes: #924619
+
+ [ Helmut Grohne ]
+ * Fix FTCBFS: Set CROSS_COMPILE. (Closes: #922152)
+
+ -- Steve McIntyre <93...@debian.org> Sat, 23 Mar 2019 18:19:13 +
+
+shim (15+1533136590.3beb971-5) unstable; urgency=medium
+
+ [ Ansgar Burchardt ]
+ * Correct maintainer address in signing template
+
+ [ Steve McIntyre ]
+ * Remove Rules-Requires-Root in the signing template. We manually install
+things owned by root. There might be better ways to do this, but this
+will do for now.
+
+ -- Steve McIntyre <93...@debian.org> Tue, 12 Mar 2019 01:38:19 +
+
+shim (15+1533136590.3beb971-4) unstable; urgency=medium
+
+ [ Steve McIntyre ]
+ * No-change sourceful upload to get rebuilds (and hence build logs) from
+the buildds. Hoping to get this version signed by Microsoft, so let's
+make our setup as clean as possible.
+
+ -- Steve McIntyre <93...@debian.org> Sat, 09 Mar 2019 22:24:23 +
+
+shim (15+1533136590.3beb971-3) unstable; urgency=medium
+
+ [ Philipp Hahn ]
+ * debian/rules: fixing permissions no longer required
+ * debian/rules: Disable ephemeral key on Debian.
+ * Rename binary package to 'shim-unsigned'
+ * Add template for signing {mm,fb}$ARCH.efi. (Closes: #98)
+
+ [ Luca Boccassi ]
+ * Override lintian error about template rules file.
+ * Include /usr/share/dpkg/architecture.mk instead of shelling out.
+ * Add uname.patch to avoid embedding the kernel architecture in the
+binary and to use a fixed string instead.
+
+ [ Steve McIntyre ]
+ * Change maintenance address to be the EFI team
+ * Add me and vorlon to the Uploaders list
+ * Rename the helper binary packages to shim-helpers-$arch.
+ * Update the signing-template JSON metadata to match new practice:
++ Move all the data under a new top-level "packages" key
Bug#925283: marked as done (unblock: x2godesktopsharing/3.2.0.0-2)
Your message dated Sat, 23 Mar 2019 21:18:19 + with message-id <20190323211819.ga...@powdarrmonkey.net> and subject line Re: Bug#925283: unblock: x2godesktopsharing/3.2.0.0-2 has caused the Debian Bug report #925283, regarding unblock: x2godesktopsharing/3.2.0.0-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 925283: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925283 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package x2godesktopsharing + [ Helmut Grohne ] + * Fix FTCBFS: (Closes: #917894) ++ Add missing Build-Depends: qt5-qmake:native for lrelease. ++ Run the right qmake through dh_auto_configure. Run it once only. Yet, another FTCBFS bug fixed... Thanks to Helmut's great efforts. + [ Mike Gabriel ] + * debian/control: ++ Bump Standards-Version: to 4.3.0. No changes needed. Formalistic change. + * debian/copyright: ++ Update auto-generated copyright.in file. Also formalistic change. unblock x2godesktopsharing/3.2.0.0-2 -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff -Nru x2godesktopsharing-3.2.0.0/debian/changelog x2godesktopsharing-3.2.0.0/debian/changelog --- x2godesktopsharing-3.2.0.0/debian/changelog 2018-11-28 12:09:27.0 +0100 +++ x2godesktopsharing-3.2.0.0/debian/changelog 2019-03-22 14:02:04.0 +0100 @@ -1,3 +1,18 @@ +x2godesktopsharing (3.2.0.0-2) unstable; urgency=medium + + [ Helmut Grohne ] + * Fix FTCBFS: (Closes: #917894) ++ Add missing Build-Depends: qt5-qmake:native for lrelease. ++ Run the right qmake through dh_auto_configure. Run it once only. + + [ Mike Gabriel ] + * debian/control: ++ Bump Standards-Version: to 4.3.0. No changes needed. + * debian/copyright: ++ Update auto-generated copyright.in file. + + -- Mike Gabriel Fri, 22 Mar 2019 14:02:04 +0100 + x2godesktopsharing (3.2.0.0-1) unstable; urgency=medium * Initial release to Debian. (Closes: #913489). diff -Nru x2godesktopsharing-3.2.0.0/debian/control x2godesktopsharing-3.2.0.0/debian/control --- x2godesktopsharing-3.2.0.0/debian/control 2018-11-28 12:09:27.0 +0100 +++ x2godesktopsharing-3.2.0.0/debian/control 2019-03-22 14:01:32.0 +0100 @@ -6,10 +6,11 @@ Mike Gabriel , Build-Depends: debhelper-compat (= 11), + qt5-qmake:native, qtbase5-dev, qttools5-dev-tools, libqt5svg5-dev, -Standards-Version: 4.2.1 +Standards-Version: 4.3.0 Homepage: https://wiki.x2go.org Vcs-Git: https://salsa.debian.org/debian-remote-team/x2godesktopsharing.git Vcs-Browser: https://salsa.debian.org/debian-remote-team/x2godesktopsharing/ diff -Nru x2godesktopsharing-3.2.0.0/debian/copyright.in x2godesktopsharing-3.2.0.0/debian/copyright.in --- x2godesktopsharing-3.2.0.0/debian/copyright.in 2018-11-11 16:44:15.0 +0100 +++ x2godesktopsharing-3.2.0.0/debian/copyright.in 2019-01-12 21:57:49.0 +0100 @@ -4,8 +4,7 @@ Source: FIXME Disclaimer: Autogenerated by CDBS -Files: ChangeLog - Doxyfile +Files: Doxyfile VERSION.x2godesktopsharing debian/changelog debian/control @@ -20,6 +19,7 @@ debian/x2godesktopsharing.manpages dlg.ui icons/svg/black-list.svg + icons/svg/dialog-question.svg icons/svg/display-allowed.svg icons/svg/display-protected.svg icons/svg/eye.svg @@ -31,15 +31,10 @@ icons/svg/x2godesktopsharing.svg icons/x2godesktopsharing.xpm man/man1/x2godesktopsharing.1 - man/man8/x2goresume-desktopsharing.8 - man/man8/x2gosuspend-desktopsharing.8 - man/man8/x2goterminate-desktopsharing.8 - resources.rcc + resources.qrc rpm/x2godesktopsharing-rpmlintrc - x2godesktopsharing-3.0.1.kdev4 x2godesktopsharing.desktop - x2godesktopsharing.kdevelop - x2godesktopsharing.kdevses + x2godesktopsharing_cs.ts x2godesktopsharing_da.ts x2godesktopsharing_de.ts x2godesktopsharing_es.ts @@ -51,45 +46,43 @@ x2godesktopsharing_ru.ts x2godesktopsharing_sv.ts x2godesktopsharing_tr.ts + x2godesktopsharing_zh_tw.ts Copyright: NONE License: UNKNOWN FIXME Files: accessaction.cpp accessaction.h + accessdialog.cpp +
Processed: tagging 924933
Processing commands for cont...@bugs.debian.org: > # need to remove the tag if you want this to get attention again > tags 924933 - moreinfo Bug #924933 [release.debian.org] unblock: android-platform-system-core/1:8.1.0+r23-5 Removed tag(s) moreinfo. > thanks Stopping processing here. Please contact me if you need assistance. -- 924933: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924933 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Reverse Blocks
Processing commands for cont...@bugs.debian.org: > unblock 922031 by 924261 Bug #922031 [certbot] certbot: Debian 9 systemd timer inactive after upgrade to 0.28.0-1~deb9u1 922031 was blocked by: 924261 922031 was not blocking any bugs. Removed blocking bug(s) of 922031: 924261 > block 924261 by 922031 Bug #924261 [release.debian.org] stretch-pu: package python-certbot/0.28.0-1~deb9u2 924261 was not blocked by any bugs. 924261 was not blocking any bugs. Added blocking bug(s) of 924261: 922031 > thanks Stopping processing here. Please contact me if you need assistance. -- 922031: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922031 924261: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924261 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#925365: unblock: mpich/3.3-3
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package mpich
It fixes building packages against mpich, see e.g. #924032.
unblock mpich/3.3-3
-- System Information:
Debian Release: 8.10
APT prefers oldstable
APT policy: (500, 'oldstable')
Architecture: i386 (i686)
Kernel: Linux 3.16.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru mpich-3.3/debian/changelog mpich-3.3/debian/changelog
--- mpich-3.3/debian/changelog 2019-02-22 17:45:42.0 +0100
+++ mpich-3.3/debian/changelog 2019-03-18 09:31:47.0 +0100
@@ -1,3 +1,11 @@
+mpich (3.3-3) unstable; urgency=medium
+
+
+ * Patch from Ana Guerrero Lopez, Andreas Beckann to remove obsolete
+GCC check. Closes: #807666, #924837.
+
+ -- Alastair McKinstry Mon, 18 Mar 2019 08:31:47 +
+
mpich (3.3-2) unstable; urgency=medium
* Use dh_fortran_mod to install Fortran mod files in $fmoddir/mpich.
diff -Nru mpich-3.3/debian/control mpich-3.3/debian/control
--- mpich-3.3/debian/control2019-02-22 17:45:42.0 +0100
+++ mpich-3.3/debian/control2019-03-18 09:31:47.0 +0100
@@ -38,7 +38,10 @@
Fortran-Mod: ${Fortran-Mod}
Breaks: libmpl-dev,
libopa-dev,
-libmpich2-dev
+libmpich2-dev,
+libopenmpi-dev (<< 3.0.1~rc1-2),
+openmpi-bin (<< 3.0.1~rc1-2),
+lam4-dev (<< 7.1.4-3.2),
Replaces: libmpl-dev,
libopa-dev,
libmpich2-dev
@@ -89,7 +92,10 @@
Suggests: mpich-doc (= ${source:Version})
Breaks: mpich-bin,
mpich2,
- libmpich-dev ( << 3.3~b2-3~)
+libmpich-dev ( << 3.3~b2-3~),
+libopenmpi-dev (<< 3.0.1~rc1-2),
+openmpi-bin (<< 3.0.1~rc1-2),
+lam4-dev (<< 7.1.4-3.2),
Replaces: mpich-bin,
mpich2,
libmpich-dev ( << 3.3~b2-3~)
diff -Nru mpich-3.3/debian/libmpich-dev.postinst.in
mpich-3.3/debian/libmpich-dev.postinst.in
--- mpich-3.3/debian/libmpich-dev.postinst.in 2019-02-22 17:45:42.0
+0100
+++ mpich-3.3/debian/libmpich-dev.postinst.in 2019-03-18 09:31:47.0
+0100
@@ -5,7 +5,7 @@
# lib*.so files, which depends on the multiarch triplet. This can be gotten
# from dpkg-architecture, but to avoid dependence on dpkg-dev, we instead
# determine it at package build-time, and include a processed version of this
-# file as the libmpich-dev.postinst, where the variable triplet has been
replaced
+# file as the libmpich-dev.postinst, where the variable TRIPLET has been
replaced
# by its appropriate value, depending on the build host architecture.
set -e
@@ -27,5 +27,6 @@
fi
+
#DEBHELPER#
diff -Nru mpich-3.3/debian/libmpich-dev.preinst.in
mpich-3.3/debian/libmpich-dev.preinst.in
--- mpich-3.3/debian/libmpich-dev.preinst.in2019-02-22 17:45:42.0
+0100
+++ mpich-3.3/debian/libmpich-dev.preinst.in2019-03-18 09:31:47.0
+0100
@@ -2,10 +2,58 @@
set -e
-# Splitting mpi and mpi-$MULTIARCH requires this
-if [ ! -z "$(update-alternatives --query mpi 2> /dev/null | grep --silent
mpi-fort.pc)" ]; then
-update-alternatives --quiet --remove-all mpi >/dev/null 2>&1
-update-alternatives --quiet --remove-all mpi-TRIPLET >/dev/null 2>&1
+remove_corrupt_alternative()
+{
+ local alt=$1
+
+ if [ -f /var/lib/dpkg/alternatives/$alt ] && \
+ ! update-alternatives --query $alt >/dev/null 2>&1
+ then
+ # file exists, but query failed? likely corrupt!
+ echo "Removing corrupt alternative(s) '$alt'"
+ update-alternatives --remove-all $alt >/dev/null 2>&1 || \
+ rm -fv /var/lib/dpkg/alternatives/$alt
+ fi
+}
+
+remove_obsolete_alternative()
+{
+ local alt=$1
+
+ remove_corrupt_alternative $alt
+
+ if update-alternatives --query $alt >/dev/null 2>&1
+ then
+ echo "Removing obsolete alternative(s) '$alt'"
+ update-alternatives --remove-all $alt
+ fi
+}
+
+if [ "$1" = "install" ] || [ "$1" = "upgrade" ]; then
+
+ if dpkg --compare-versions "$2" lt "3.3-2~" ; then
+
+ # Recover from historically grown corruption (#912437)
+ remove_corrupt_alternative mpi
+ remove_corrupt_alternative mpi-TRIPLET
+
+ # mpicc seemed to be used as a master alternative by some MPI
package. But
+ # currently, all MPI packages have the mpicc alternative
installed as a slave
+ # link. We remove the link here in order to resolve bugs
#531184 and #532910.
+ remove_obsolete_alternative mpicc
+
+ # Similarly, see #886644
+ remove_obsolete_alternative mpiCC
+
+ # Splitting mpi and mpi-$MULTIARCH requires this
+ if update-alternatives --query mpi 2>/dev/null | grep -q
Bug#925364: unblock: featherpad/0.9.4-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package featherpad The new version fixes three bugs: * #925361 - Don't toggle the insert mode with modifier * #925362 - Save button is disabled when it shouldn't * #923687 - Add qttranslations5-l10n as recommend unfortunately i was to fast with fixing #923687 (not thought about freeze start and let the faulty package migrate before uploading) so 0.9.4 did not migrate to testing in time. It would be really nice to have 0.9.4 in buster - beside the mentiond changes there are some translation updates. If not possible it have to split out the fixes for 925361 and 925362 and patch 0.9.3. It would be nice if i can save that time. featherpad is not a dependency for everything, but the considered main editor in LXQt. Cheers Alf unblock featherpad/0.9.4-2 -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.0.3-towo.1-siduction-amd64 (SMP w/8 CPU cores; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system)
Bug#925356: unblock: sane-backends/1.0.27-3.2 (pre-approval)
Control: tag -1 - moreinfo On 3/23/19 6:13 PM, Jonathan Wiltshire wrote: > You forgot the debdiff, but the upstream patch looks OK. Please go ahead > and remove the moreinfo tag when this is ready to unblock. Uploaded and built successfully on all release architectures, should be good for unblock now. Removing "moreinfo". Thanks, Adrian -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
Processed: Re: Bug#925356: unblock: sane-backends/1.0.27-3.2 (pre-approval)
Processing control commands: > tag -1 - moreinfo Bug #925356 [release.debian.org] unblock: sane-backends/1.0.27-3.2 (pre-approval) Removed tag(s) moreinfo. -- 925356: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925356 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: tagging 924261
Processing commands for cont...@bugs.debian.org: > # that happens when the upload is approved > tags 924261 - pending Bug #924261 [release.debian.org] stretch-pu: package python-certbot/0.28.0-1~deb9u2 Removed tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 924261: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924261 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#925363: unblock: nvidia-settings/410.104-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package nvidia-settings Looks like I missed this one unblock request ... to bring the nvidia-settings version in sync with the other packages from the nvidia stack. unblock nvidia-settings/410.104-1 Andreas nvidia-settings_410.104-1.dsc.diff.gz Description: application/gzip
Processed: Re: Bug#924261: stretch-pu: package certbot/0.28.0-1~deb9u1
Processing control commands: > tags -1 + pending Bug #924261 [release.debian.org] stretch-pu: package python-certbot/0.28.0-1~deb9u2 Added tag(s) pending. -- 924261: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924261 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#924261: stretch-pu: package certbot/0.28.0-1~deb9u1
Control: tags -1 + pending On Sat, Mar 23, 2019 at 1:17 PM Adam D. Barratt wrote: > Welcome to why we get paranoid about changes in stable updates. :-) Tell me about it! I'm always chewing my fingernails off every time I do an upload there... and yet. Thanks much for your help! -- Harlan Lieberman-Berg ~hlieberman
Bug#925332: marked as done (unblock: grub2/2.02+dfsg1-15)
Your message dated Sat, 23 Mar 2019 18:19:00 +
with message-id <6574966f-3104-d562-314e-241fc9b7c...@thykier.net>
and subject line Re: Bug#925332: unblock: grub2/2.02+dfsg1-15
has caused the Debian Bug report #925332,
regarding unblock: grub2/2.02+dfsg1-15
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
925332: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925332
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please review and unblock grub2 2.02+dfsg1-15 (just uploaded, so not
quite in the archive yet). I still have some more RC-bug-fixing to do,
but the EFI variable storage changes here are probably going to be the
most complicated remaining change for buster, so I want to maximise the
time available for finding bugs in it.
unblock grub2/2.02+dfsg1-15
Thanks,
--
Colin Watson [cjwat...@debian.org]
diff -Nru grub2-2.02+dfsg1/debian/.git-dpm grub2-2.02+dfsg1/debian/.git-dpm
--- grub2-2.02+dfsg1/debian/.git-dpm2019-02-28 09:35:09.0 +
+++ grub2-2.02+dfsg1/debian/.git-dpm2019-03-23 00:39:00.0 +
@@ -1,6 +1,6 @@
# see git-dpm(1) from git-dpm package
-0cc1bd74c82c94ad93049a7298987c8f155cd0d2
-0cc1bd74c82c94ad93049a7298987c8f155cd0d2
+649e5a39cc5ddf42f6853a0bf818685a625f7cab
+649e5a39cc5ddf42f6853a0bf818685a625f7cab
59aeb1cfaa3d5bfd7bb0f0d37f6d9eed51fe
59aeb1cfaa3d5bfd7bb0f0d37f6d9eed51fe
grub2_2.02+dfsg1.orig.tar.xz
diff -Nru grub2-2.02+dfsg1/debian/changelog grub2-2.02+dfsg1/debian/changelog
--- grub2-2.02+dfsg1/debian/changelog 2019-03-14 10:33:24.0 +
+++ grub2-2.02+dfsg1/debian/changelog 2019-03-23 09:56:35.0 +
@@ -1,3 +1,21 @@
+grub2 (2.02+dfsg1-15) unstable; urgency=medium
+
+ * Build-depend on libefiboot-dev and libefivar-dev, for EFI variable
+storage changes.
+ * Drop now-unnecessary dependencies on efibootmgr.
+
+ -- Colin Watson Sat, 23 Mar 2019 09:56:35 +
+
+grub2 (2.02+dfsg1-14) unstable; urgency=medium
+
+ * Make signed packages depend on a matching version of grub-common, in an
+attempt to prevent incorrect testing migrations (closes: #924814).
+ * Cherry-pick from upstream:
+- xfs: Accept filesystem with sparse inodes (closes: #924760).
+ * Minimise writes to EFI variable storage (closes: #891434).
+
+ -- Colin Watson Sat, 23 Mar 2019 09:47:10 +
+
grub2 (2.02+dfsg1-13) unstable; urgency=medium
* Add regexp module to signed UEFI images.
diff -Nru grub2-2.02+dfsg1/debian/control grub2-2.02+dfsg1/debian/control
--- grub2-2.02+dfsg1/debian/control 2019-02-28 09:35:06.0 +
+++ grub2-2.02+dfsg1/debian/control 2019-03-23 09:56:03.0 +
@@ -32,6 +32,8 @@
libparted-dev [any-powerpc any-ppc64 any-ppc64el],
pkg-config,
bash-completion,
+ libefiboot-dev [any-i386 any-amd64 any-ia64 any-arm any-arm64],
+ libefivar-dev [any-i386 any-amd64 any-ia64 any-arm any-arm64],
Build-Conflicts: autoconf2.13, libzfs-dev, libnvpair-dev
Standards-Version: 3.9.6
Homepage: https://www.gnu.org/software/grub/
@@ -244,7 +246,7 @@
Package: grub-efi-ia32-bin
Architecture: any-i386 any-amd64
-Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (=
${binary:Version}), efibootmgr [linux-any]
+Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version})
Recommends: grub-efi-ia32-signed,
Replaces: grub2 (<< ${source:Version}), grub-common (<= 1.97~beta2-1),
grub-efi, grub-efi-ia32 (<< 1.99-1)
Multi-Arch: foreign
@@ -305,7 +307,7 @@
Package: grub-efi-amd64-bin
Architecture: i386 kopensolaris-i386 any-amd64
-Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (=
${binary:Version}), efibootmgr [linux-any]
+Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version})
Recommends: grub-efi-amd64-signed,
Replaces: grub2 (<< ${source:Version}), grub-common (<= 1.97~beta2-1),
grub-efi-amd64 (<< 1.99-1)
Multi-Arch: foreign
@@ -415,7 +417,7 @@
Package: grub-efi-arm-bin
Architecture: any-arm
-Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (=
${binary:Version}), efibootmgr [linux-any]
+Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version})
Multi-Arch: foreign
XB-Efi-Vendor: ${efi:Vendor}
Description: GRand Unified Bootloader, version 2 (ARM UEFI modules)
@@ -465,7 +467,7 @@
Package: grub-efi-arm64-bin
Architecture: any-arm64
-Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (=
${binary:Version}), efibootmgr
Bug#925164: RM: deltachat-core/0.39.0-1+ds2
micah anderson: > Control tags -1 - moreinfo > > Hi, > > Niels Thykier writes: > >> I am adding the Debian maintainer of Delta Chat in Debian as: >> >> * I do not know anything about Delta Chat nor its situation outside of >>Debian. In Debian, it has zero bugs. > > Indeed, the upstream Delta Chat authors have requested that it not be > put into stable, as too much is changing at the moment. > Thanks for clarifying. I have added a removal hint. >> * I am not sure if the Debian maintainer has been informed of the >>situation (I got not easily way of knowing except asking). > > Yes, I am aware, and glad that this was done. > > Andre is listed as DM for this package, so I thought that it would not > be necessary to check this. > > [...] Ah, I was not aware. I only checked the maintainers/uploaders field (but it did not occur to me to check the DM permissions). Thanks, ~Niels
Processed: Re: Bug#925357: unblock: tomoyo-tools/2.6.0-20190305-1
Processing control commands: > tag -1 moreinfo Bug #925357 [release.debian.org] unblock: tomoyo-tools/2.6.0-20190305-1 Added tag(s) moreinfo. -- 925357: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925357 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#925357: unblock: tomoyo-tools/2.6.0-20190305-1
Control: tag -1 moreinfo On Sun, Mar 24, 2019 at 02:20:26AM +0900, Hideki Yamane wrote: > Please unblock package tomoyo-tools > > * I'd like to push tomoyo 2.6.0 for buster, since less upstream delta is > better to reduce maintain cost. > * tomoyo-tools is leaf package, no worries about breaking other packages' > behavior :) (and it's stable enough, IMHO). Keeping close to upstream is useful, but the freeze policy is bug fixes only. This doesn't appear to fix any bugs, or have I misunderstood? > The blocker for update is debdiff is huge. > > > $ wc -l tomoyo.debdiff > > > > > > 1528 tomoyo.debdiff > > However, most of above changes are almost same boring changes like this. There are still enough changes that I'm not comfortable with this. I am going to need some convincing. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Processed: Re: Bug#925314: unblock: wordpress/5.0.3+dfsg1-1
Processing control commands: > tag -1 moreinfo Bug #925314 [release.debian.org] unblock: wordpress/5.0.3+dfsg1-1 Added tag(s) moreinfo. -- 925314: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925314 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: severity of 925357 is normal
Processing commands for cont...@bugs.debian.org: > severity 925357 normal Bug #925357 [release.debian.org] unblock: tomoyo-tools/2.6.0-20190305-1 Severity set to 'normal' from 'wishlist' > thanks Stopping processing here. Please contact me if you need assistance. -- 925357: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925357 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#925314: unblock: wordpress/5.0.3+dfsg1-1
Control: tag -1 moreinfo On Sat, Mar 23, 2019 at 09:30:32AM +1100, Craig Small wrote: > So, we have a few options: > 1) Update Buster WordPress 5.0.3 to 5.0.4 which is the security fixes > 2) Make a security release for Buster, effectively what (1) is with > different version numbers > 3) Update Buster to follow Sid, which is a major update, 5.1.1 > 4) Do nothing and wait until Buster is released and then fix it. Tricky. I am more inclined towards option 1 (I don't understand option 2) but that presumably means an upload via t-p-u? Normally important bugs wouldn't qualify for that but I actually consider this at least serious, so it's fine. Can I see a debdiff of 5.0.3 to 5.0.4 please? Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Bug#925356: unblock: sane-backends/1.0.27-3.2 (pre-approval)
On 3/23/19 6:13 PM, Jonathan Wiltshire wrote:
> You forgot the debdiff, but the upstream patch looks OK. Please go ahead
> and remove the moreinfo tag when this is ready to unblock.
Whoops, I meant to attach it. I'm still a bit jet-lagged from my last
trip. Attaching it now and will go ahead with the upload.
Thanks,
Adrian
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - glaub...@debian.org
`. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
`-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
diff -Nru sane-backends-1.0.27/debian/changelog sane-backends-1.0.27/debian/changelog
--- sane-backends-1.0.27/debian/changelog 2018-11-02 20:30:06.0 +0100
+++ sane-backends-1.0.27/debian/changelog 2019-03-23 17:38:37.0 +0100
@@ -1,3 +1,11 @@
+sane-backends (1.0.27-3.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * New debian/patches/0720-mustek_usb2-Avoid-stack-smashing.patch
+- Fix regression in the mustek_usb2 backend (Closes: #886777).
+
+ -- John Paul Adrian Glaubitz Sat, 23 Mar 2019 17:38:37 +0100
+
sane-backends (1.0.27-3.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru sane-backends-1.0.27/debian/patches/0720-mustek_usb2-Avoid-stack-smashing.patch sane-backends-1.0.27/debian/patches/0720-mustek_usb2-Avoid-stack-smashing.patch
--- sane-backends-1.0.27/debian/patches/0720-mustek_usb2-Avoid-stack-smashing.patch 1970-01-01 01:00:00.0 +0100
+++ sane-backends-1.0.27/debian/patches/0720-mustek_usb2-Avoid-stack-smashing.patch 2019-03-23 17:34:56.0 +0100
@@ -0,0 +1,88 @@
+From 93340afddfbc4085a5297fe635b65dd7f7f3ef05 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bernhard=20=C3=9Cbelacker?=
+Date: Mon, 17 Dec 2018 00:05:43 +0100
+Subject: [PATCH] mustek_usb2: Avoid stack smashing. Fixes #35
+
+Use a properly sized variable in call to sanei_usb_{read,write}_bulk.
+
+Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886777
+Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907972
+---
+ backend/mustek_usb2_asic.c | 18 ++
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/backend/mustek_usb2_asic.c b/backend/mustek_usb2_asic.c
+index b5f3b0a4..b31c7494 100644
+--- a/backend/mustek_usb2_asic.c
b/backend/mustek_usb2_asic.c
+@@ -255,6 +255,7 @@ Mustek_DMARead (PAsic chip, unsigned int size, SANE_Byte * lpdata)
+ STATUS status = STATUS_GOOD;
+ unsigned int i, buf[1];
+ unsigned int read_size;
++ size_t read_size_usb;
+
+ DBG (DBG_ASIC, "Mustek_DMARead: Enter\n");
+
+@@ -268,9 +269,11 @@ Mustek_DMARead (PAsic chip, unsigned int size, SANE_Byte * lpdata)
+ SetRWSize (chip, 1, buf[0]);
+ status = WriteIOControl (chip, 0x03, 0, 4, (SANE_Byte *) (buf));
+
++ read_size_usb = buf[0];
+ status =
+ sanei_usb_read_bulk (chip->fd, lpdata + i * read_size,
+- (size_t *) buf);
++ _size_usb);
++ buf[0] = read_size_usb;
+ if (status != STATUS_GOOD)
+ {
+ DBG (DBG_ERR, "Mustek_DMARead: read error\n");
+@@ -284,9 +287,11 @@ Mustek_DMARead (PAsic chip, unsigned int size, SANE_Byte * lpdata)
+ SetRWSize (chip, 1, buf[0]);
+ status = WriteIOControl (chip, 0x03, 0, 4, (SANE_Byte *) (buf));
+
++ read_size_usb = buf[0];
+ status =
+ sanei_usb_read_bulk (chip->fd, lpdata + i * read_size,
+- (size_t *) buf);
++ _size_usb);
++ buf[0] = read_size_usb;
+ if (status != STATUS_GOOD)
+ {
+ DBG (DBG_ERR, "Mustek_DMARead: read error\n");
+@@ -307,6 +312,7 @@ Mustek_DMAWrite (PAsic chip, unsigned int size, SANE_Byte * lpdata)
+ unsigned int buf[1];
+ unsigned int i;
+ unsigned int write_size;
++ size_t write_size_usb;
+
+ DBG (DBG_ASIC, "Mustek_DMAWrite: Enter:size=%d\n", size);
+
+@@ -320,9 +326,11 @@ Mustek_DMAWrite (PAsic chip, unsigned int size, SANE_Byte * lpdata)
+ SetRWSize (chip, 0, buf[0]);
+ WriteIOControl (chip, 0x02, 0, 4, (SANE_Byte *) buf);
+
++ write_size_usb = buf[0];
+ status =
+ sanei_usb_write_bulk (chip->fd, lpdata + i * write_size,
+- (size_t *) buf);
++ _size_usb);
++ buf[0] = write_size_usb;
+ if (status != STATUS_GOOD)
+ {
+ DBG (DBG_ERR, "Mustek_DMAWrite: write error\n");
+@@ -337,9 +345,11 @@ Mustek_DMAWrite (PAsic chip, unsigned int size, SANE_Byte * lpdata)
+ SetRWSize (chip, 0, buf[0]);
+ WriteIOControl (chip, 0x02, 0, 4, (SANE_Byte *) buf);
+
++ write_size_usb = buf[0];
+ status =
+ sanei_usb_write_bulk (chip->fd, lpdata + i * write_size,
+- (size_t *) buf);
++ _size_usb);
++ buf[0] = write_size_usb;
+ if (status != STATUS_GOOD)
+ {
+ DBG (DBG_ERR, "Mustek_DMAWrite: write error\n");
+--
+2.18.1
+
diff -Nru sane-backends-1.0.27/debian/patches/series sane-backends-1.0.27/debian/patches/series
--- sane-backends-1.0.27/debian/patches/series
Bug#925357: unblock: tomoyo-tools/2.6.0-20190305-1
Package: release.debian.org
Severity: wishlist
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package tomoyo-tools
* I'd like to push tomoyo 2.6.0 for buster, since less upstream delta is
better to reduce maintain cost.
* tomoyo-tools is leaf package, no worries about breaking other packages'
behavior :) (and it's stable enough, IMHO).
The blocker for update is debdiff is huge.
> $ wc -l tomoyo.debdiff
>
>
> 1528 tomoyo.debdiff
However, most of above changes are almost same boring changes like this.
diff -Nru tomoyo-tools-2.5.0-20170102/examples/candy.c
tomoyo-tools-2.6.0-20190305/examples/candy.c
--- tomoyo-tools-2.5.0-20170102/examples/candy.c2017-01-04
19:12:17.0 +0900
+++ tomoyo-tools-2.6.0-20190305/examples/candy.c2019-03-05
09:00:00.0 +0900
@@ -2,11 +2,11 @@
* candy.c
*
* An example program for CERBERUS.
- * ( http://osdn.jp/projects/tomoyo/document/winf2005-en.pdf )
+ * ( https://osdn.jp/projects/tomoyo/document/winf2005-en.pdf )
*
* Copyright (C) 2005-2011 NTT DATA CORPORATION
*
- * Version: 2.5.0 2011/09/29
+ * Version: 2.6.0 2019/03/05
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License v2 as published by the
URL change (use https), version and date update. I've striped down such
things and diff size becomes just 255 lines (= upstream changes).
> $ wc -l tomoyo.diff
> 255 tomoyo.diff
And 1/3 of that is test file, remains are changes to update profile version.
diff --git a/kernel_test/tomoyo_bprm_test.c b/kernel_test/tomoyo_bprm_test.c
index c19d89e..1675ea6 100644
--- a/kernel_test/tomoyo_bprm_test.c
+++ b/kernel_test/tomoyo_bprm_test.c
@@ -178,6 +178,7 @@ int main(int argc, char *argv[])
ccs_test_init();
fprintf(domain_fp, "%s " BINDIR "/true\n", self_domain);
fprintf(domain_fp, "use_profile 255\n");
+ fprintf(domain_fp, "use_group 0\n");
fprintf(domain_fp, "select pid=%u\n", pid);
fprintf(domain_fp, "file read/write %s\n", proc_policy_domain_policy);
set_profile(3, "file::execute");
diff --git a/kernel_test/tomoyo_cond_test.c b/kernel_test/tomoyo_cond_test.c
index 123a2be..da5905d 100644
--- a/kernel_test/tomoyo_cond_test.c
+++ b/kernel_test/tomoyo_cond_test.c
@@ -388,7 +388,10 @@ static void stage_cond_test(void)
int main(int argc, char *argv[])
{
ccs_test_init();
- fprintf(domain_fp, "ignore_global\n");
+ fprintf(domain_fp, "%s " BINDIR "/true\n", self_domain);
+ fprintf(domain_fp, "use_profile 255\n");
+ fprintf(domain_fp, "use_group 0\n");
+ fprintf(domain_fp, "%s\n", self_domain);
fprintf(domain_fp, "file read/write %s\n", proc_policy_domain_policy);
set_profile(3, "file::execute");
set_profile(3, "file::open");
diff --git a/kernel_test/tomoyo_new_file_test.c
b/kernel_test/tomoyo_new_file_test.c
index 827c595..9c8ed87 100644
--- a/kernel_test/tomoyo_new_file_test.c
+++ b/kernel_test/tomoyo_new_file_test.c
@@ -118,6 +118,7 @@ static void stage_file_test(void)
size_t size = sizeof(buffer);
int pipe_fd[2] = { EOF, EOF };
int err = 0;
+ int flags;
int fd;
char pbuffer[1024];
struct stat sbuf;
@@ -184,6 +185,38 @@ static void stage_file_test(void)
write_domain_policy(policy, 1);
show_result(uselib("/tmp/uselib"), 0);
+ policy = "file write /dev/null";
+ fd = open("/dev/null", O_WRONLY);
+ show_result(fd, 0);
+ close(fd);
+ write_domain_policy(policy, 0);
+ fd = open("/dev/null", O_WRONLY);
+ show_result(fd, 1);
+ write_domain_policy(policy, 1);
+ flags = fcntl(fd, F_GETFL, 0) | O_APPEND;
+ policy = "file append /dev/null";
+ show_result(fcntl(fd, F_SETFL, flags), 0);
+ write_domain_policy(policy, 0);
+ show_result(fcntl(fd, F_SETFL, flags), 1);
+ write_domain_policy(policy, 1);
+ close(fd);
+
+ policy = "file append /dev/null";
+ fd = open("/dev/null", O_WRONLY | O_APPEND);
+ show_result(fd, 0);
+ close(fd);
+ write_domain_policy(policy, 0);
+ fd = open("/dev/null", O_WRONLY | O_APPEND);
+ show_result(fd, 1);
+ write_domain_policy(policy, 1);
+ flags = fcntl(fd, F_GETFL, 0) & ~O_APPEND;
+ policy = "file write /dev/null";
+ show_result(fcntl(fd, F_SETFL, flags), 0);
+ write_domain_policy(policy, 0);
+ show_result(fcntl(fd, F_SETFL, flags), 1);
+ write_domain_policy(policy, 1);
+ close(fd);
+
policy = "file execute " BINDIR "/true task.uid!=10 path1.parent.uid=0";
write_domain_policy(policy, 0);
fflush(stdout);
@@ -625,6 +658,7 @@ int main(int argc, char *argv[])
make_elf_lib();
Bug#924261: stretch-pu: package certbot/0.28.0-1~deb9u1
Control: tags -1 + confirmed On Sun, 2019-03-10 at 22:04 -0400, Harlan Lieberman-Berg wrote: > After talking to kibi and jrtc27 on IRC, pushing up a new proposed > diff with some tweaks to the control file and changelog. [...] > In v9, dh_systemd_enable would stop timers in prerm and then start > them in postinst. In v10, however, dh_systemd_enable switches to > using try-restart, which will noop on stopped timers. This means > when the SRU was installed, the timer was stopped (in the old v9 > prerm) and never started (in the new v10 postinst). Changing back to > use v9 will mean that the package will invoke the start on the timer > regardless of its current status, fixing broken systems and > preventing new problems. > > This problem doesn't occur on fresh installs because the postinst is > called differently, and although I tested certbot extensively (and > had upstream do the same), none of us were looking closely at the > timer functionality because "it wasn't supposed to change" (because > that's never caused bugs before, god knows.) Welcome to why we get paranoid about changes in stable updates. :-) Please go ahead. Regards, Adam
Bug#925352: marked as done (unblock: lxqt-config/0.14.1-2)
Your message dated Sat, 23 Mar 2019 17:16:40 +
with message-id <20190323171640.ga7...@powdarrmonkey.net>
and subject line Re: Bug#925352: unblock: lxqt-config/0.14.1-2
has caused the Debian Bug report #925352,
regarding unblock: lxqt-config/0.14.1-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
925352: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925352
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package lxqt-config
there was a regression with keyboard layout shortcut handling that make using
different keyboard layouts/models hard for people who need this functionality.
Source diff:
diff --git a/debian/changelog b/debian/changelog
index 712d526..eec2f8b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+lxqt-config (0.14.1-2) unstable; urgency=medium
+
+ * Fixed keyboard layout switch shortcut (Closes: #925346)
+
+ -- Alf Gaida Sat, 23 Mar 2019 15:40:43 +0100
+
lxqt-config (0.14.1-1) unstable; urgency=medium
* Cherry-picking new upstream version 0.14.1.
diff --git a/debian/patches/fix-keybord-layout-shortcut.patch
b/debian/patches/fix-keybord-layout-shortcut.patch
new file mode 100644
index 000..d94ce4c
--- /dev/null
+++ b/debian/patches/fix-keybord-layout-shortcut.patch
@@ -0,0 +1,32 @@
+From dfe9a2b27aab40262b9186672fad480a406d5c4a Mon Sep 17 00:00:00 2001
+From: Tsu Jan
+Date: Fri, 22 Mar 2019 19:55:32 +0430
+Subject: [PATCH] Fixed changing keyboard layout switch shortcut and model
+
+Fixes https://github.com/lxqt/lxqt-config/issues/445
+---
+ lxqt-config-input/keyboardlayoutconfig.cpp | 10 --
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/lxqt-config-input/keyboardlayoutconfig.cpp
b/lxqt-config-input/keyboardlayoutconfig.cpp
+index f5a7f24..bc6c369 100644
+--- a/lxqt-config-input/keyboardlayoutconfig.cpp
b/lxqt-config-input/keyboardlayoutconfig.cpp
+@@ -40,8 +40,14 @@ KeyboardLayoutConfig::KeyboardLayoutConfig(LXQt::Settings*
_settings, QWidget* p
+ connect(ui.removeLayout, ::clicked, this,
::onRemoveLayout);
+ connect(ui.moveUp, ::clicked, this,
::onMoveUp);
+ connect(ui.moveDown, ::clicked, this,
::onMoveDown);
+- connect(ui.keyboardModel, QOverload::of(::activated), this,
::settingsChanged);
+- connect(ui.switchKey, QOverload::of(::activated), this,
::settingsChanged);
++ connect(ui.keyboardModel, QOverload::of(::activated),
[this](int /*index*/) {
++applyConfig_ = true;
++Q_EMIT settingsChanged();
++ });
++ connect(ui.switchKey, QOverload::of(::activated), [this](int
/*index*/) {
++applyConfig_ = true;
++Q_EMIT settingsChanged();
++ });
+ }
+
+ KeyboardLayoutConfig::~KeyboardLayoutConfig() {
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 000..006086d
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+fix-keybord-layout-shortcut.patch
unblock lxqt-config/0.14.1-2
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500,
'buildd-unstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.0.3-towo.1-siduction-amd64 (SMP w/8 CPU cores; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
On Sat, Mar 23, 2019 at 04:48:30PM +0100, Alf Gaida wrote:
> Please unblock package lxqt-config
>
> there was a regression with keyboard layout shortcut handling that make using
> different keyboard layouts/models hard for people who need this functionality.
Unblocked; thanks.
--
Jonathan Wiltshire j...@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51--- End Message ---
Processed: Re: Bug#924261: stretch-pu: package certbot/0.28.0-1~deb9u1
Processing control commands: > tags -1 + confirmed Bug #924261 [release.debian.org] stretch-pu: package python-certbot/0.28.0-1~deb9u2 Added tag(s) confirmed. -- 924261: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924261 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#925356: unblock: sane-backends/1.0.27-3.2 (pre-approval)
Control: tag -1 confirmed moreinfo On Sat, Mar 23, 2019 at 06:04:06PM +0100, John Paul Adrian Glaubitz wrote: > I'm attaching the full debdiff for this change and would like to ask > for an unblock such that users of the mustek_usb2 backend are not > running into the unpleasant surprise that their scanner is no longer > working after updating to Debian Buster. > You forgot the debdiff, but the upstream patch looks OK. Please go ahead and remove the moreinfo tag when this is ready to unblock. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Processed: Re: Bug#925356: unblock: sane-backends/1.0.27-3.2 (pre-approval)
Processing control commands: > tag -1 confirmed moreinfo Bug #925356 [release.debian.org] unblock: sane-backends/1.0.27-3.2 (pre-approval) Added tag(s) confirmed and moreinfo. -- 925356: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925356 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#925356: unblock: sane-backends/1.0.27-3.2 (pre-approval)
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi! sane-backends suffers from a regression in the mustek_usb2 backend which makes said backend unusable [1]. The bug has already been fixed upstream [2] and consists of a rather small fix which should be easy to review. I'm attaching the full debdiff for this change and would like to ask for an unblock such that users of the mustek_usb2 backend are not running into the unpleasant surprise that their scanner is no longer working after updating to Debian Buster. Thanks, Adrian unblock sane-backends/1.0.27-3.2 > [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886777 > [2] https://gitlab.com/sane-project/backends/issues/35 -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
Bug#925164: marked as done (RM: deltachat-core/0.39.0-1+ds2)
Your message dated Sat, 23 Mar 2019 16:51:22 + with message-id <20190323165122.ga4...@powdarrmonkey.net> and subject line Re: Bug#925164: RM: deltachat-core/0.39.0-1+ds2 has caused the Debian Bug report #925164, regarding RM: deltachat-core/0.39.0-1+ds2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 925164: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925164 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Release Team, Delta Chat upstream team doesn't want the package to go into next stable (Buster) because the Delta Chat Core API is currently changing too fast and they don't want to commit to maintaining the current packaged version for the time Buster will exist. Can you please remove deltachat-core 0.39.0-1+ds2 from current testing? Thank you very much for your work. -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEsrOXkE0587PUulEepea8pim6QScFAlySeeIACgkQpea8pim6 QSenvQ//US//02hKbNeatrK7fsyMcZbpC/77kWy43CkiN/G0AVAqR+8USshyXYd3 oVQw5PdN2mYfEwNrlDzPhoACiB3Ub+kW8C9SoE5aKwQOgEehF7ckW8BMP7kvuHl1 xzmMXVATEl+qolr96KNOOG/uvvvb/DgGp6Ru0oXSQfjrO/FQUTbdUgYgpaGfHzTy cMd0g729jZaXKVlSKhucMBUCiQ6OLuXNZ58E3JOT2hrZC1jwtb34btlHfweHWdqs JCbgpIISZCBtHwaryQsWsrMoKlqyv/rlPg1M/FPfm8XPFlWI1VGLqADXbfnU5tpy RUlOexfE4qpoZoWba+23FVUy+AsohshyEw3gGfwWAqPLeYpf9FRzD8JRZjg/a/e9 wPMnRMHKBsQfDGT3r75f3VShjx1hSVO24rE70Yml7ATWUvK7W1plyKTaDgbZMqy8 EnkzE+Q7JiuqUJ165ZWgHjDq5q51+rh5YwozZDkaz8CtkKhKvVSqTO/r3A9c723z ASOIO1y5adEsTCzdebJw/WCTx6fXk69ghM/KJ2GeWGMyiE2xmv3m4qnmK0bc8qUk Z53q2qsg93w6DsqBitdYuaOUSvDkwpOguzXbBCrg3TZeSrWweNZDhm/g5PdLDQNf MT7OucntNRV2jdv2/L2djyg3eudky++gsS/qxek548D9ZFCVCYc= =CIJ0 -END PGP SIGNATURE- --- End Message --- --- Begin Message --- On Wed, Mar 20, 2019 at 05:38:01PM -, Andre Bianchi wrote: > Delta Chat upstream team doesn't want the package to go into next stable > (Buster) because the Delta Chat Core API is currently changing too fast > and they don't want to commit to maintaining the current packaged > version for the time Buster will exist. > > Can you please remove deltachat-core 0.39.0-1+ds2 from current testing? Removal hint added. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51--- End Message ---
Bug#924112: marked as done (RM: node-xterm/2.7.0+ds1-1)
Your message dated Sat, 23 Mar 2019 16:46:06 + with message-id <20190323164606.ga3...@powdarrmonkey.net> and subject line Re: Bug#924112: RM: node-xterm/2.7.0+ds1-1 has caused the Debian Bug report #924112, regarding RM: node-xterm/2.7.0+ds1-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 924112: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924112 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: node-xterm Version: 2.7.0+ds1-1 Severity: serious https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/node-xterm.html ... debian/rules override_dh_auto_build make[1]: Entering directory '/build/1st/node-xterm-2.7.0+ds1' tsc --project . src/utils/Mouse.ts(30,80): error TS2339: Property 'parentElement' does not exist on type 'never'. debian/rules:19: recipe for target 'override_dh_auto_build' failed make[1]: *** [override_dh_auto_build] Error 2 --- End Message --- --- Begin Message --- On Sat, Mar 09, 2019 at 04:26:48PM +, Andrej Shadura wrote: > Control: tag -1 buster > > Hi, > > The pending jupyter-notebook 5.7.4-2 upload will have removed the build > dependency on node-xterm, at which point node-xterm can be temoved from > testing. Removal hint added. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51--- End Message ---
Bug#924208: marked as done (unblock: runc/1.0.0~rc6+dfsg1-3)
Your message dated Sat, 23 Mar 2019 16:40:17 + with message-id <20190323164017.ga3...@powdarrmonkey.net> and subject line Re: Bug#924208: unblock: runc/1.0.0~rc6+dfsg1-3 has caused the Debian Bug report #924208, regarding unblock: runc/1.0.0~rc6+dfsg1-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 924208: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924208 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package runc -3 will be uploaded to unstable after ack, it * Improve the patch for CVE-2019-5736. After the CVE published, there are more commits in upstream applied, and are nice to have for buster. * Add version info to build flags, this fixes #909644 debdiff is in attachment, and can be viewed on salsa, https://salsa.debian.org/go-team/packages/runc/compare/debian%2F1.0.0_rc6+dfsg1-2...master unblock runc/1.0.0~rc6+dfsg1-3 diff -Nru runc-1.0.0~rc6+dfsg1/debian/changelog runc-1.0.0~rc6+dfsg1/debian/changelog --- runc-1.0.0~rc6+dfsg1/debian/changelog 2019-02-12 23:45:09.0 +0800 +++ runc-1.0.0~rc6+dfsg1/debian/changelog 2019-03-10 17:51:44.0 +0800 @@ -1,3 +1,29 @@ +runc (1.0.0~rc6+dfsg1-3) unstable; urgency=medium + + * Team upload. + + [ Shengjing Zhu ] + * Improve patch for CVE-2019-5736 based on upstream commits. +Now the patch includes following commits: ++ 2d4a37b nsenter: cloned_binary: userspace copy fallback if sendfile fails ++ 16612d7 nsenter: cloned_binary: try to ro-bind /proc/self/exe before + copying ++ af9da0a nsenter: cloned_binary: use the runc statedir for O_TMPFILE ++ 2429d59 nsenter: cloned_binary: expand and add pre-3.11 fallbacks ++ 5b775bf nsenter: cloned_binary: detect and handle short copies ++ bb7d8b1 nsexec (CVE-2019-5736): avoid parsing environ ++ 0a8e411 nsenter: clone /proc/self/exe to avoid exposing host binary to + container + + [ Arnaud Rebillout ] + * Add version and gitcommit to the ldflags (Closes: #909644) +Note that we fill the git commit with something that is NOT a git commit +at all, instead we use it as a placeholder for the debian version. The +debian version is a relevant information for the user, and it's nice to +be able to show it, some way or another. + + -- Shengjing Zhu Sun, 10 Mar 2019 17:51:44 +0800 + runc (1.0.0~rc6+dfsg1-2) unstable; urgency=medium * Team upload. diff -Nru runc-1.0.0~rc6+dfsg1/debian/patches/CVE-2019-5736.patch runc-1.0.0~rc6+dfsg1/debian/patches/CVE-2019-5736.patch --- runc-1.0.0~rc6+dfsg1/debian/patches/CVE-2019-5736.patch 2019-02-12 23:45:09.0 +0800 +++ runc-1.0.0~rc6+dfsg1/debian/patches/CVE-2019-5736.patch 2019-03-10 17:51:44.0 +0800 @@ -1,33 +1,31 @@ -Author: Aleksa Sarai -Origin: https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b -Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922050 -Subject: nsenter: clone /proc/self/exe to avoid exposing host binary to container - -There are quite a few circumstances where /proc/self/exe pointing to a -pretty important container binary is a _bad_ thing, so to avoid this we -have to make a copy (preferably doing self-clean-up and not being -writeable). - -We require memfd_create(2) -- though there is an O_TMPFILE fallback -- -but we can always extend this to use a scratch MNT_DETACH overlayfs or -tmpfs. The main downside to this approach is no page-cache sharing for -the runc binary (which overlayfs would give us) but this is far less -complicated. - -This is only done during nsenter so that it happens transparently to the -Go code, and any libcontainer users benefit from it. This also makes -ExtraFiles and --preserve-fds handling trivial (because we don't need to -worry about it). - -Fixes: CVE-2019-5736 -Co-developed-by: Christian Brauner -Signed-off-by: Aleksa Sarai +From: Shengjing Zhu +Date: Sun, 10 Mar 2019 17:47:46 +0800 +Subject: CVE-2019-5736 -Index: runc-1.0.0~rc6+dfsg1/libcontainer/nsenter/cloned_binary.c -=== +Backport upstream patches for CVE-2019-5736 + +Include commits: +2d4a37b427167907ef2402586a8e8e2931a22490 nsenter: cloned_binary: userspace copy fallback if sendfile fails +16612d74de5f84977e50a9c8ead7f0e9e13b8628 nsenter: cloned_binary: try to ro-bind /proc/self/exe before copying
Bug#924938: unblock: healpix-java/3.40-1
Control: tag -1 moreinfo On Mon, Mar 18, 2019 at 01:01:18PM -0400, Leo Singer wrote: > Please unblock package healpix-java. > > The package fixes the important bug #923752, "healpix-java: FTBFS in > buster/sid". Note that aladin and topcat depend on healpix-java. Unfortunately it also includes an unreviewable new upstream release. Please revert that and include just the bug fix. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Processed: Re: Bug#924938: unblock: healpix-java/3.40-1
Processing control commands: > tag -1 moreinfo Bug #924938 [release.debian.org] unblock: healpix-java/3.40-1 Added tag(s) moreinfo. -- 924938: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924938 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#925083: marked as done (unblock: nsca-ng/1.5-4)
Your message dated Sat, 23 Mar 2019 16:28:14 +
with message-id <20190323162814.ga1...@powdarrmonkey.net>
and subject line Re: Bug#925083: unblock: nsca-ng/1.5-4
has caused the Debian Bug report #925083,
regarding unblock: nsca-ng/1.5-4
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
925083: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925083
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package nsca-ng 1.5-4.
It cherry-picks the OpenSSL 1.1.1 change from the 1.6 release available
in experimental.
unblock nsca-ng/1.5-4
Kind Regards,
Bas
diff -Nru nsca-ng-1.5/debian/changelog nsca-ng-1.5/debian/changelog
--- nsca-ng-1.5/debian/changelog2018-07-29 12:38:31.0 +0200
+++ nsca-ng-1.5/debian/changelog2019-03-19 18:32:59.0 +0100
@@ -1,3 +1,14 @@
+nsca-ng (1.5-4) unstable; urgency=medium
+
+ * Team upload.
+ * Drop autopkgtest to test installability.
+ * Add lintian override for testsuite-autopkgtest-missing.
+ * Bump Standards-Version to 4.3.0, no changes.
+ * Add upstream patch to fix FTBFS with OpenSSL 1.1.1.
+(closes: #900152)
+
+ -- Bas Couwenberg Tue, 19 Mar 2019 18:32:59 +0100
+
nsca-ng (1.5-3) unstable; urgency=medium
* Team upload.
diff -Nru nsca-ng-1.5/debian/control nsca-ng-1.5/debian/control
--- nsca-ng-1.5/debian/control 2018-07-29 12:38:31.0 +0200
+++ nsca-ng-1.5/debian/control 2019-03-19 18:29:13.0 +0100
@@ -10,7 +10,7 @@
libbsd-dev,
libssl-dev,
libsystemd-dev
-Standards-Version: 4.1.5
+Standards-Version: 4.3.0
Vcs-Browser: https://salsa.debian.org/nagios-team/pkg-nsca-ng
Vcs-Git: https://salsa.debian.org/nagios-team/pkg-nsca-ng.git
Homepage: http://www.nsca-ng.org/
diff -Nru
nsca-ng-1.5/debian/patches/0001-Work-around-TLSv1.3-PSK-bug-in-OpenSSL-1.1.1.patch
nsca-ng-1.5/debian/patches/0001-Work-around-TLSv1.3-PSK-bug-in-OpenSSL-1.1.1.patch
---
nsca-ng-1.5/debian/patches/0001-Work-around-TLSv1.3-PSK-bug-in-OpenSSL-1.1.1.patch
1970-01-01 01:00:00.0 +0100
+++
nsca-ng-1.5/debian/patches/0001-Work-around-TLSv1.3-PSK-bug-in-OpenSSL-1.1.1.patch
2019-03-19 18:31:41.0 +0100
@@ -0,0 +1,77 @@
+Description: Work around TLSv1.3 PSK bug in OpenSSL 1.1.1
+ When TLSv1.3 is used with (at least) OpenSSL 1.1.1b, the
+ SSL_get_psk_identity(3) unexpectedly returns NULL. Work around this
+ issue be storing a copy of the PSK identity into the SSL object.
+From: Holger Weiß
+Origin
:https://github.com/weiss/nsca-ng/commit/7d9ca3413e661c0ac8a020bf674d16c3af4ebccb
+Bug: https://github.com/weiss/nsca-ng/issues/4
+Bug-Debian: https://bugs.debian.org/900152
+
+--- a/src/common/tls.c
b/src/common/tls.c
+@@ -530,6 +530,8 @@ tls_free(tls_state *tls)
+ free(tls->output);
+ if (tls->addr != NULL)
+ free(tls->addr);
++ if (tls->id != NULL)
++ free(tls->id);
+ if (tls->peer != NULL)
+ free(tls->peer);
+ if (tls->ssl != NULL)
+@@ -632,7 +634,7 @@ accept_ssl_cb(EV_P_ ev_io *w, int revent
+ debug("TLS handshake with %s not (yet) successful", tls->addr);
+ check_tls_error(EV_A_ w, result);
+ } else { /* The TLS connection is established. */
+- if ((tls->id = SSL_get_psk_identity(tls->ssl)) == NULL) {
++ if ((tls->id = SSL_get_app_data(tls->ssl)) == NULL) {
+ error("Cannot retrieve client identity");
+ tls_free(tls);
+ } else {
+--- a/src/common/tls.h
b/src/common/tls.h
+@@ -61,7 +61,7 @@
+ typedef struct tls_state_s {
+ /* public: */
+ void *data; /* Can freely be used by the caller. */
+- const char *id; /* Client ID (e.g., "foo"). */
++ char *id; /* Client ID (e.g., "foo"). */
+ char *addr; /* Client IP address (e.g., "192.0.2.2"). */
+ char *peer; /* Client ID and IP address (e.g., "foo@192.0.2.2"). */
+
+--- a/src/server/auth.c
b/src/server/auth.c
+@@ -41,6 +41,7 @@
+ #include "log.h"
+ #include "system.h"
+ #include "util.h"
++#include "wrappers.h"
+
+ static bool match(regex_t * restrict, const char * restrict);
+
+@@ -49,8 +50,8 @@ static bool match(regex_t * restrict, co
+ */
+
+ unsigned int
+-check_psk(SSL *ssl __attribute__((__unused__)), const char *identity,
+- unsigned char *password, unsigned int max_password_len)
++check_psk(SSL *ssl, const char *identity,
Processed: Re: Bug#925237: unblock: node-timeago.js/3.0.2+dfsg-2
Processing control commands: > tag -1 moreinfo Bug #925237 [release.debian.org] unblock: node-timeago.js/3.0.2+dfsg-2 Added tag(s) moreinfo. -- 925237: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925237 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#925237: unblock: node-timeago.js/3.0.2+dfsg-2
Control: tag -1 moreinfo On Thu, Mar 21, 2019 at 04:41:53PM +0100, Xavier Guimard wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock package node-timeago.js > > Hi all, > > I updated node-timeago.js to fix RC bug #924809. Main change is to find > uglifyjs since there is a conflict between webpack and uglifyjs (see > #925211). I updated also some other few things. > > Cheers, > Xavier > > unblock node-timeago.js/3.0.2+dfsg-2 > > -- System Information: > Debian Release: buster/sid > APT prefers testing > APT policy: (600, 'testing'), (50, 'unstable') > Architecture: amd64 (x86_64) > Foreign Architectures: i386 > > Kernel: Linux 4.14.0-3-amd64 (SMP w/2 CPU cores) > Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE= > (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled > diff --git a/debian/changelog b/debian/changelog > index f52ff7f..2d309c2 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,17 @@ > +node-timeago.js (3.0.2+dfsg-2) unstable; urgency=medium > + > + * Team upload > + * Switch minimal test to autopkgtest > + * Add upstream/metadata > + * Patch package.json to use unminified file > + * Remove build dependency to uglifyjs and use the one installed with > +webpack (Closes: #924809) > + * Declare compliance with policy 4.3.0 > + * Add Multi-Arch: foreign Multi-arch changes aren't really appropriate now, please revert that. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Processed: Re: Bug#925235: unblock: node-jschardet/1.6.0+dfsg-2
Processing control commands: > tag -1 moreinfo Bug #925235 [release.debian.org] unblock: node-jschardet/1.6.0+dfsg-2 Added tag(s) moreinfo. -- 925235: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925235 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#925235: unblock: node-jschardet/1.6.0+dfsg-2
Control: tag -1 moreinfo On Thu, Mar 21, 2019 at 04:10:02PM +0100, Xavier Guimard wrote: > +node-jschardet (1.6.0+dfsg-2) unstable; urgency=medium > + > + * Team upload > + * Add debian/clean > + * Use node-uglify if uglifyjs isn't available (Closes: #924807) > + * Bump debhelper compatibility level to 11 The time is gone for changing debhelper levels; please revert that. > + * Declare compliance with policy 4.3.0 > + * Fix VCS fields > + * Fix debian/copyright URL format > + * Switch minimal test to pkg-js-tools > + * Add upstream/metadata > + * Update lintian-overrides > + * Add Multi-Arch: foreign Multi-arch changes aren't really appropriate now either. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Bug#925083: unblock: nsca-ng/1.5-4
Control: tags -1 - moreinfo On 3/23/19 4:52 PM, Jonathan Wiltshire wrote: > On Tue, Mar 19, 2019 at 07:35:53PM +0100, Bas Couwenberg wrote: >> Please unblock package nsca-ng 1.5-4. >> >> It cherry-picks the OpenSSL 1.1.1 change from the 1.6 release available >> in experimental. > > nsca-ng has not been in testing since September 2018; you need a Very Good > Justification for it to enter now. The fix for the RC bug that cause the removal from testing only became available now. That's probably not good enough, but the best we could do to try have nsca-ng available in buster. Feel free to close this issue if you'd rather ship buster without nsca-ng. Kind Regards, Bas -- GPG Key ID: 4096R/6750F10AE88D4AF1 Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
Processed: Re: Bug#925083: unblock: nsca-ng/1.5-4
Processing control commands: > tags -1 - moreinfo Bug #925083 [release.debian.org] unblock: nsca-ng/1.5-4 Removed tag(s) moreinfo. -- 925083: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925083 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#924946: unblock: budgie-desktop/10.5-1
On Sat, Mar 23, 2019 at 03:51:33PM +, David Mohammed wrote: > ah - maybe I understood the freeze process - I attached the proposed > debdiff for 10.5 to this unblock request. I thought the evaluation > would be done on that. > > I can certainly upload 10.5 to unstable - should I do this? Right, OK. It's fine to request pre-approval of changes which might be controversial, but it's helpful to make that clear in the bug to save time. I haven't reviewed your diff yet but if you're sure of the changes, upload to unstable and remove the 'moreinfo' tag from this bug when it's ready to unblock please. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Bug#925345: marked as done (unblock: libapache2-mod-auth-mellon/0.14.2-1)
Your message dated Sat, 23 Mar 2019 15:56:40 +
with message-id <20190323155640.ga30...@powdarrmonkey.net>
and subject line Re: Bug#925345: unblock: libapache2-mod-auth-mellon/0.14.2-1
has caused the Debian Bug report #925345,
regarding unblock: libapache2-mod-auth-mellon/0.14.2-1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
925345: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925345
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package libapache2-mod-auth-mellon
The upload contains fixes for two security issues, it is a new
upstream that only contains these fixes.
unblock libapache2-mod-auth-mellon/0.14.2-1
Thanks,
Thijs
diff -Nru libapache2-mod-auth-mellon-0.14.1/auth_mellon_util.c
libapache2-mod-auth-mellon-0.14.2/auth_mellon_util.c
--- libapache2-mod-auth-mellon-0.14.1/auth_mellon_util.c2018-07-25
10:19:25.0 +
+++ libapache2-mod-auth-mellon-0.14.2/auth_mellon_util.c2019-03-20
07:29:16.0 +
@@ -927,6 +927,13 @@
"Control character detected in URL.");
return HTTP_BAD_REQUEST;
}
+if (*i == '\\') {
+/* Reject backslash character, as it can be used to bypass
+ * redirect URL validation. */
+AM_LOG_RERROR(APLOG_MARK, APLOG_ERR, HTTP_BAD_REQUEST, r,
+ "Backslash character detected in URL.");
+return HTTP_BAD_REQUEST;
+}
}
return OK;
diff -Nru libapache2-mod-auth-mellon-0.14.1/configure
libapache2-mod-auth-mellon-0.14.2/configure
--- libapache2-mod-auth-mellon-0.14.1/configure 2019-02-11 07:40:35.0
+
+++ libapache2-mod-auth-mellon-0.14.2/configure 2019-03-21 13:58:52.0
+
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for mod_auth_mellon 0.14.1.
+# Generated by GNU Autoconf 2.69 for mod_auth_mellon 0.14.2.
#
# Report bugs to .
#
@@ -580,8 +580,8 @@
# Identity of this package.
PACKAGE_NAME='mod_auth_mellon'
PACKAGE_TARNAME='mod_auth_mellon'
-PACKAGE_VERSION='0.14.1'
-PACKAGE_STRING='mod_auth_mellon 0.14.1'
+PACKAGE_VERSION='0.14.2'
+PACKAGE_STRING='mod_auth_mellon 0.14.2'
PACKAGE_BUGREPORT='olav.mor...@uninett.no'
PACKAGE_URL=''
@@ -1262,7 +1262,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures mod_auth_mellon 0.14.1 to adapt to many kinds of
systems.
+\`configure' configures mod_auth_mellon 0.14.2 to adapt to many kinds of
systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1324,7 +1324,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of mod_auth_mellon 0.14.1:";;
+ short | recursive ) echo "Configuration of mod_auth_mellon 0.14.2:";;
esac
cat <<\_ACEOF
@@ -1431,7 +1431,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-mod_auth_mellon configure 0.14.1
+mod_auth_mellon configure 0.14.2
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1779,7 +1779,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by mod_auth_mellon $as_me 0.14.1, which was
+It was created by mod_auth_mellon $as_me 0.14.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3098,7 +3098,7 @@
-NAMEVER=mod_auth_mellon-0.14.1
+NAMEVER=mod_auth_mellon-0.14.2
@@ -4879,7 +4879,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by mod_auth_mellon $as_me 0.14.1, which was
+This file was extended by mod_auth_mellon $as_me 0.14.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES= $CONFIG_FILES
@@ -4941,7 +4941,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/&/g'`"
ac_cs_version="\\
-mod_auth_mellon config.status 0.14.1
+mod_auth_mellon config.status 0.14.2
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -Nru libapache2-mod-auth-mellon-0.14.1/configure.ac
Processed: Re: Bug#925083: unblock: nsca-ng/1.5-4
Processing control commands: > tag -1 moreinfo Bug #925083 [release.debian.org] unblock: nsca-ng/1.5-4 Added tag(s) moreinfo. -- 925083: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925083 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#925083: unblock: nsca-ng/1.5-4
Control: tag -1 moreinfo On Tue, Mar 19, 2019 at 07:35:53PM +0100, Bas Couwenberg wrote: > Please unblock package nsca-ng 1.5-4. > > It cherry-picks the OpenSSL 1.1.1 change from the 1.6 release available > in experimental. nsca-ng has not been in testing since September 2018; you need a Very Good Justification for it to enter now. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Bug#924946: unblock: budgie-desktop/10.5-1
Jonathan, ah - maybe I understood the freeze process - I attached the proposed debdiff for 10.5 to this unblock request. I thought the evaluation would be done on that. I can certainly upload 10.5 to unstable - should I do this? David On Sat, 23 Mar 2019 at 15:44, Jonathan Wiltshire wrote: > > Control: tag -1 moreinfo > > On Mon, Mar 18, 2019 at 08:24:46PM +, David Mohammed wrote: > > Please unblock package budgie-desktop > > > > Upstream have released v10.5 of budgie desktop. I have been regularly > > uploading Git tarball releases getting valuable testing feedback and > > resolving issues with upstream. > > > > This unblock request is the final step - to catch up with the final > > changes for the release. The vast bulk of the debdiff are just > > translations. > > Comparing testing and sid: > > | I: using version 10.5~git20190218-1 from unstable > | I: versions identical, nothing to diff > > Did the upload get forgotten? > > Thanks, > > -- > Jonathan Wiltshire j...@debian.org > Debian Developer http://people.debian.org/~jmw > > 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 >
Bug#925053: marked as done (unblock: squirrel3/3.1-6)
Your message dated Sat, 23 Mar 2019 15:48:37 + with message-id <20190323154837.ga29...@powdarrmonkey.net> and subject line Re: Bug#925053: unblock: squirrel3/3.1-6 has caused the Debian Bug report #925053, regarding unblock: squirrel3/3.1-6 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 925053: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925053 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package squirrel3 I have simply taken what the maintainer Fabian Wolff had prepared on Salsa since it is fixing #923012. Except the debhelper bump from 10 to 12 changes are in line with freeze policy. Since debhelper 12 seems to work nicely I have seen no reason to revert it. unblock squirrel3/3.1-6 -- System Information: Debian Release: 9.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru squirrel3-3.1/debian/changelog squirrel3-3.1/debian/changelog --- squirrel3-3.1/debian/changelog 2017-09-17 21:31:30.0 +0200 +++ squirrel3-3.1/debian/changelog 2019-03-03 01:37:29.0 +0100 @@ -1,3 +1,15 @@ +squirrel3 (3.1-6) unstable; urgency=medium + + * Update Vcs-Git and Vcs-Browser fields in debian/control. + * Add patch 02-sphinx-ext.patch to disable the pngmath Sphinx +extension (Closes: #923012). + * Add Applied-Upstream field to header of patch +01-fix-spelling-errors.patch. + * Upgrade to Standards-Version 4.3.0 (no changes). + * Upgrade to debhelper compat level 12. + + -- Fabian Wolff Sun, 03 Mar 2019 01:37:29 +0100 + squirrel3 (3.1-5) unstable; urgency=medium * Update debian/copyright. diff -Nru squirrel3-3.1/debian/compat squirrel3-3.1/debian/compat --- squirrel3-3.1/debian/compat 2017-09-17 21:31:30.0 +0200 +++ squirrel3-3.1/debian/compat 2019-03-03 01:37:29.0 +0100 @@ -1 +1 @@ -10 +12 diff -Nru squirrel3-3.1/debian/control squirrel3-3.1/debian/control --- squirrel3-3.1/debian/control2017-09-17 21:31:30.0 +0200 +++ squirrel3-3.1/debian/control2019-03-03 01:37:29.0 +0100 @@ -2,17 +2,17 @@ Maintainer: Fabian Wolff Section: interpreters Priority: optional -Build-Depends: debhelper (>= 10), +Build-Depends: debhelper (>= 12), cmake, python3-sphinx | python-sphinx, texlive, texlive-latex-extra, texlive-generic-extra, latexmk -Standards-Version: 4.1.0 +Standards-Version: 4.3.0 Homepage: http://squirrel-lang.org/ -Vcs-Git: https://anonscm.debian.org/git/collab-maint/squirrel3.git -Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/squirrel3.git +Vcs-Git: https://salsa.debian.org/wolff-guest/squirrel3.git/ +Vcs-Browser: https://salsa.debian.org/wolff-guest/squirrel3 Package: squirrel3 Architecture: any diff -Nru squirrel3-3.1/debian/patches/01-fix-spelling-errors.patch squirrel3-3.1/debian/patches/01-fix-spelling-errors.patch --- squirrel3-3.1/debian/patches/01-fix-spelling-errors.patch 2017-09-17 21:31:30.0 +0200 +++ squirrel3-3.1/debian/patches/01-fix-spelling-errors.patch 2019-03-03 01:37:29.0 +0100 @@ -3,7 +3,8 @@ false positive). Author: Fabian Wolff Forwarded: https://github.com/albertodemichelis/squirrel/pull/30 -Last-Update: 2016-04-03 +Applied-Upstream: https://github.com/albertodemichelis/squirrel/commit/6db0aa2095da222d06a0690eaacd5a8966c0651e +Last-Update: 2019-03-03 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/sq/sq.c diff -Nru squirrel3-3.1/debian/patches/02-sphinx-ext.patch squirrel3-3.1/debian/patches/02-sphinx-ext.patch --- squirrel3-3.1/debian/patches/02-sphinx-ext.patch1970-01-01 01:00:00.0 +0100 +++ squirrel3-3.1/debian/patches/02-sphinx-ext.patch2019-03-03 01:37:29.0 +0100 @@ -0,0 +1,18 @@ +Description: Remove pngmath extension from Sphinx configuration +Author: Fabian Wolff +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923012 +Forwarded: yes +Last-Update: 2019-03-02 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/doc/source/conf.py b/doc/source/conf.py +@@ -30,7 +30,7 @@ + # extensions coming with Sphinx
Processed: Re: Bug#924946: unblock: budgie-desktop/10.5-1
Processing control commands: > tag -1 moreinfo Bug #924946 [release.debian.org] unblock: budgie-desktop/10.5-1 Added tag(s) moreinfo. -- 924946: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924946 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#924946: unblock: budgie-desktop/10.5-1
Control: tag -1 moreinfo On Mon, Mar 18, 2019 at 08:24:46PM +, David Mohammed wrote: > Please unblock package budgie-desktop > > Upstream have released v10.5 of budgie desktop. I have been regularly > uploading Git tarball releases getting valuable testing feedback and > resolving issues with upstream. > > This unblock request is the final step - to catch up with the final > changes for the release. The vast bulk of the debdiff are just > translations. Comparing testing and sid: | I: using version 10.5~git20190218-1 from unstable | I: versions identical, nothing to diff Did the upload get forgotten? Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Bug#924935: marked as done (unblock: unattended-upgrades/1.11)
Your message dated Sat, 23 Mar 2019 15:41:18 + with message-id <20190323154118.ga28...@powdarrmonkey.net> and subject line Re: Bug#924935: unblock: unattended-upgrades/1.11 has caused the Debian Bug report #924935, regarding unblock: unattended-upgrades/1.11 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 924935: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924935 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock unattended-upgrades. Changes: unattended-upgrades (1.11) unstable; urgency=medium . * Use defaults in unattended-upgrades.service when the APT configuration is broken. (LP: #1815189) * test/test_blacklisted_wrong_origin.py: Fix and enable test * Clear cache when autoremoval fails (LP: #1779157) * Find autoremovable kernel packages using the patterns in APT's way (LP: #1815494) * debian/rules: clean frontend locks left by tests before building source The notable changes are for LP: #1779157 to fix crashes and for LP: #1815494 to prevent u-u from automatically removing autoremovable packages just because their name is similar to kernel package patterns. The rest are cosmetic fixes with minor impact. All the changes are in the 19.04 Ubuntu development release already. Thanks, Balint --- End Message --- --- Begin Message --- On Mon, Mar 18, 2019 at 05:53:02PM +0100, Bálint Réczey wrote: > Please unblock unattended-upgrades. > > Changes: > unattended-upgrades (1.11) unstable; urgency=medium > . >* Use defaults in unattended-upgrades.service when the APT configuration is > broken. (LP: #1815189) >* test/test_blacklisted_wrong_origin.py: Fix and enable test >* Clear cache when autoremoval fails (LP: #1779157) >* Find autoremovable kernel packages using the patterns in APT's way > (LP: #1815494) >* debian/rules: clean frontend locks left by tests before building source Unblocked; thanks. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51--- End Message ---
Bug#924872: marked as done (unblock: knot-resolver/3.2.1-3)
Your message dated Sat, 23 Mar 2019 15:35:42 + with message-id <20190323153542.ga28...@powdarrmonkey.net> and subject line Re: Bug#924872: unblock: knot-resolver/3.2.1-3 has caused the Debian Bug report #924872, regarding unblock: knot-resolver/3.2.1-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 924872: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924872 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Control: block -1 by 924019 Control: affects -1 + src:knot-resolver Please unblock package knot-resolver, package version 3.2.1-3. knot-resolver 3.2.1-1 (in testing) ships libkres-dev, which does not work for building other tools against libkres9 :( Upstream packaging tries to install the development files, but they just aren't functional (see more discussion on the RC-critical bug https://bugs.debian.org/923970). 3.2.1-3 solves the issue by folding the .so back into the knot-resolver binary package, and removing the libkres-dev and libkres9 packages. However, those packages linger on the arm64 platform, which hasn't supported the knot-resolver binary itself for a while. see https://bugs.debian.org/924019 for the request to the ftp team to remove those binary packages on that platform to avoid shipping lingering unusable packages. i'm marking this bug as blocked by that one, because i believe this all needs to happen together. In the course of package review, i discovered that the debian/missing-sources/ file for the dygraphs javascript library was outdated, so i've replaced it as well -- that huge difference between 3.2.1-1 and 3.2.1-3 has been filtered out of the debdiff, but feel free to take a look at commit 0ca501d492beca924e1e5dd20314f0e5640a5102 in https://salsa.debian.org/dns-team/knot-resolver.git for the comparison. This update also avoids shipping an embedded copy of font file glyphs-halfling.woff, and converts from debhelper 11 to debhelper 12 (which causes no changes in the underlying package). And it fixes passing CXXFLAGS to the text-string matching Aho Corasick Lua module that it uses, further expanding the scope of automatic debian hardening. Thanks for your work on the debian release, --dkg unblock knot-resolver/3.2.1-3 -- System Information: Debian Release: buster/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff --git knot-resolver-3.2.1/debian/changelog knot-resolver-3.2.1/debian/changelog index 8e18a042..4af50d4e 100644 --- knot-resolver-3.2.1/debian/changelog +++ knot-resolver-3.2.1/debian/changelog @@ -1,3 +1,23 @@ +knot-resolver (3.2.1-3) unstable; urgency=medium + + * knot-resolver-module-http is arch: all, not arch: any + * Explicitly list all non-arm64 architectures + + -- Daniel Kahn Gillmor Fri, 08 Mar 2019 00:56:09 -0500 + +knot-resolver (3.2.1-2) unstable; urgency=medium + + * Standards-Version: move to 4.3.0 (no changes needed) + * move to debhelper 12 + * Avoid breakage when built against knot-dns 2.8.0 + * d/tests/control: wrap-and-sort + * Drop libkres9 and libkres-dev packages (Closes: #923970) + * avoid clobbering CXXFLAGS when compiling lua-aho-corasick + * missing-sources: updated dygraph-combined.js to match minified version + * avoid shipping pre-built glyphicons-halflings-regular.woff2 + + -- Daniel Kahn Gillmor Thu, 07 Mar 2019 16:23:16 -0500 + knot-resolver (3.2.1-1) unstable; urgency=medium * new upstream release (Closes: #922172) diff --git knot-resolver-3.2.1/debian/clean knot-resolver-3.2.1/debian/clean index a8241244..ce17de8f 100644 --- knot-resolver-3.2.1/debian/clean +++ knot-resolver-3.2.1/debian/clean @@ -1,5 +1,5 @@ doc/kresd.8 libkres.pc lib/libkres.a -lib/libkres.so.9 +lib/libkres.so.* test-modules/ diff --git knot-resolver-3.2.1/debian/compat knot-resolver-3.2.1/debian/compat deleted file mode 100644 index b4de3947.. +++ /dev/null @@ -1 +0,0 @@ -11 diff --git knot-resolver-3.2.1/debian/control knot-resolver-3.2.1/debian/control index 4da0323a..4ed0dad4 100644 --- knot-resolver-3.2.1/debian/control +++ knot-resolver-3.2.1/debian/control @@ -11,7 +11,7 @@
Bug#924904: marked as done (unblock: putty/0.70-6)
Your message dated Sat, 23 Mar 2019 15:37:23 + with message-id <20190323153723.ga28...@powdarrmonkey.net> and subject line Re: Bug#924904: unblock: putty/0.70-6 has caused the Debian Bug report #924904, regarding unblock: putty/0.70-6 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 924904: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924904 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock The EU recently funded a bug bounty for PuTTY, and PuTTY 0.71 was released over the weekend including a large number of security fixes many of which were found by that. Since this is too late for buster, the upstream maintainer kindly sent me a backported patch series which he recommended that we apply to 0.70, and I uploaded that to unstable yesterday. I think we should have this in buster, so please unblock. (When I last asked, no CVEs had been allocated for any of this yet.) unblock putty/0.70-6 Thanks, -- Colin Watson [cjwat...@debian.org] diff -Nru putty-0.70/debian/.git-dpm putty-0.70/debian/.git-dpm --- putty-0.70/debian/.git-dpm 2018-10-28 17:18:52.0 + +++ putty-0.70/debian/.git-dpm 2019-03-17 09:36:53.0 + @@ -1,6 +1,6 @@ # see git-dpm(1) from git-dpm package -694018afd4da9c7e00c7247c275e44b3aab49d4b -694018afd4da9c7e00c7247c275e44b3aab49d4b +1ebfc3bc04d0bbde174da1999a922b491a0e90dd +1ebfc3bc04d0bbde174da1999a922b491a0e90dd 8d3b8df5deee84238c92dfa4b4c4e3a787d73b64 8d3b8df5deee84238c92dfa4b4c4e3a787d73b64 putty_0.70.orig.tar.gz diff -Nru putty-0.70/debian/changelog putty-0.70/debian/changelog --- putty-0.70/debian/changelog 2018-10-28 18:07:45.0 + +++ putty-0.70/debian/changelog 2019-03-17 09:37:02.0 + @@ -1,3 +1,22 @@ +putty (0.70-6) unstable; urgency=high + + * Apply security patch series from upstream: +- New facility for removing pending toplevel callbacks. +- Fix one-byte buffer overrun in random_add_noise(). +- uxnet: clean up callbacks when closing a NetSocket. +- sk_tcp_close: fix memory leak of output bufchain. +- Fix handling of bad RSA key with n=p=q=0. +- Sanity-check the 'Public-Lines' field in ppk files. +- Introduce an enum of the uxsel / select_result flags. +- Switch to using poll(2) in place of select(2). +- RSA kex: enforce the minimum key length. +- Fix crash on ESC#6 + combining chars + GTK + odd-width terminal. +- Limit the number of combining chars per terminal cell. +- minibidi: fix read past end of line in rule W5. +- Fix crash printing a width-2 char in a width-1 terminal. + + -- Colin Watson Sun, 17 Mar 2019 09:37:02 + + putty (0.70-5) unstable; urgency=medium [ Colin Watson ] diff -Nru putty-0.70/debian/patches/fix-bad-rsa-key-handling.patch putty-0.70/debian/patches/fix-bad-rsa-key-handling.patch --- putty-0.70/debian/patches/fix-bad-rsa-key-handling.patch1970-01-01 01:00:00.0 +0100 +++ putty-0.70/debian/patches/fix-bad-rsa-key-handling.patch2019-03-17 09:36:52.0 + @@ -0,0 +1,48 @@ +From 475366539d4bf768567b635782c577cdfde40026 Mon Sep 17 00:00:00 2001 +From: Simon Tatham +Date: Wed, 6 Feb 2019 21:09:29 + +Subject: Fix handling of bad RSA key with n=p=q=0. + +In this situation, rsa_verify won't notice anything wrong until it +gets to the point where decbn() tries to subtract 1 from p, and +underruns the Bignum buffer. + +Just in case some other attack vector reaches that same problem point, +I've also put a protective assertion in decbn() itself just before the +memory overwrite would have happened. + +Last-Update: 2019-03-16 + +Patch-Name: fix-bad-rsa-key-handling.patch +--- + sshbn.c | 1 + + sshrsa.c | 4 + 2 files changed, 5 insertions(+) + +diff --git a/sshbn.c b/sshbn.c +index 6768204b..b21797f0 100644 +--- a/sshbn.c b/sshbn.c +@@ -1400,6 +1400,7 @@ void decbn(Bignum bn) + int i = 1; + while (i < (int)bn[0] && bn[i] == 0) + bn[i++] = BIGNUM_INT_MASK; ++assert(i < (int)bn[0]); + bn[i]--; + } + +diff --git a/sshrsa.c b/sshrsa.c +index e565a64a..1dbf16bf 100644 +--- a/sshrsa.c b/sshrsa.c +@@ -411,6 +411,10 @@ int rsa_verify(struct RSAKey *key) + Bignum n, ed, pm1, qm1; + int cmp; + ++/* n cannot be zero. */ ++if (!bignum_cmp(key->modulus, Zero)) ++return 0; ++ + /* n must equal pq. */ + n = bigmul(key->p, key->q); + cmp = bignum_cmp(n, key->modulus); diff -Nru
Bug#925351: stretch-pu: package dns-root-data/2019031302~deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Control: affects -1 src:dns-root-data Please consider an update to dns-root-data in debian stretch. This package reflects the state of the network, and keeping it current is useful for all the packages that depend on it. In particular, it removes a DNSSEC root key that is expired. For future DNSSEC root key rollovers, we should do something better than a package upgrade (see https://bugs.debian.org/925349) but for now this is the least restrictive change. The debdiff from the previous version in stretch is attached. This proposed release is also available at the "debian/2019031302_deb9u1" tag on the "debian/stretch" branch at the git repo for dns-root-data packaging: https://salsa.debian.org/dns-team/dns-root-data Please followup on this ticket to confirm whether I should upload this revision to stretch. Thanks for helping to maintain debian's stable release! --dkg diff --git publicsuffix-2017072601~deb9u1/debian/changelog publicsuffix-2019031302~deb9u1/debian/changelog index 036aebe..660bdd3 100644 --- publicsuffix-2017072601~deb9u1/debian/changelog +++ publicsuffix-2019031302~deb9u1/debian/changelog @@ -1,3 +1,19 @@ +dns-root-data (2019031302~deb9u1) stretch; urgency=medium + + * Rebuild for stretch-backports. + * d/control: move Vcs-* to salsa.debian.org + * d/control: use dns-root-d...@packages.debian.org as Maintainer + * sort generated .ds files by key tag + * Update root.hints to 2018013001 + * Update order of root.key to follow output of unbound-anchor + * use DEP-14 branches + * update root data to 2019031302 + * parse-root-anchors.sh: account for validity windows + * check: deliberately skip the TTL generated by ldns-key2ds + * add myself to uploaders + + -- Daniel Kahn Gillmor Sat, 23 Mar 2019 15:43:27 +0100 + dns-root-data (2017072601~deb9u1) stretch; urgency=high * Update root.hints to 2017072601 version diff --git publicsuffix-2017072601~deb9u1/debian/control publicsuffix-2019031302~deb9u1/debian/control index 8413872..bd0ab25 100644 --- publicsuffix-2017072601~deb9u1/debian/control +++ publicsuffix-2019031302~deb9u1/debian/control @@ -1,8 +1,9 @@ Source: dns-root-data Section: misc Priority: optional -Maintainer: Debian DNS Maintainers +Maintainer: dns-root-data packagers Uploaders: Ondřej Surý , + Daniel Kahn Gillmor , Robert Edmonds Build-Depends: debhelper (>= 8.0.0), unbound-anchor, @@ -11,8 +12,8 @@ Build-Depends: debhelper (>= 8.0.0), xml2 Standards-Version: 3.9.6 Homepage: https://data.iana.org/root-anchors/ -Vcs-Git: git://git.debian.org/pkg-dns/dns-root-data.git -Vcs-Browser: http://git.debian.org/?p=pkg-dns/dns-root-data.git;a=summary +Vcs-Git: https://salsa.debian.org/dns-team/dns-root-data.git -b debian/stretch +Vcs-Browser: https://salsa.debian.org/dns-team/dns-root-data Package: dns-root-data Architecture: all diff --git publicsuffix-2017072601~deb9u1/debian/gbp.conf publicsuffix-2019031302~deb9u1/debian/gbp.conf index 3b27f6d..9453f5b 100644 --- publicsuffix-2017072601~deb9u1/debian/gbp.conf +++ publicsuffix-2019031302~deb9u1/debian/gbp.conf @@ -1,2 +1,2 @@ [DEFAULT] -debian-branch = master-stretch +debian-branch = debian/stretch diff --git publicsuffix-2017072601~deb9u1/debian/rules publicsuffix-2019031302~deb9u1/debian/rules index b697fc0..453b594 100755 --- publicsuffix-2017072601~deb9u1/debian/rules +++ publicsuffix-2019031302~deb9u1/debian/rules @@ -15,13 +15,13 @@ override_dh_auto_build: openssl smime -verify -noverify -inform DER -in root-anchors.p7s -content root-anchors.xml # Create key from validated root-anchors.xml - ./parse-root-anchors.sh < root-anchors.xml > root-anchors.ds + ./parse-root-anchors.sh < root-anchors.xml | sort -k 4 -n > root-anchors.ds # Create key from downloaded root.key - /usr/bin/ldns-key2ds -n -2 root.key | sed -e 's/\t/ /g' -e 's/ 172800//' > root.ds + /usr/bin/ldns-key2ds -n -2 root.key | cut --fields=1,3- --output-delimiter=' ' | sort -k 4 -n > root.ds # Compare the DS from root.key and from root-anchors.xml - diff root-anchors.ds root.ds + diff -u root-anchors.ds root.ds override_dh_auto_clean: rm -f root-anchors.ds root.ds diff --git publicsuffix-2017072601~deb9u1/parse-root-anchors.sh publicsuffix-2019031302~deb9u1/parse-root-anchors.sh index 4281534..eb1696b 100755 --- publicsuffix-2017072601~deb9u1/parse-root-anchors.sh +++ publicsuffix-2019031302~deb9u1/parse-root-anchors.sh @@ -1,6 +1,6 @@ #!/bin/sh -unset ZONE KTAG ALGO DTYPE DIGEST +unset ZONE KTAG ALGO DTYPE DIGEST EXPIRES BEGINS export IFS="=" xml2 | while read -r KEY VAL; do @@ -9,14 +9,22 @@ xml2 | while read -r KEY VAL; do "/TrustAnchor/KeyDigest/KeyTag") KTAG="$VAL";; "/TrustAnchor/KeyDigest/Algorithm") ALGO="$VAL";; "/TrustAnchor/KeyDigest/DigestType") DTYPE="$VAL";; + "/TrustAnchor/KeyDigest/@validUntil") EXPIRES="$VAL";; +
Processed: stretch-pu: package dns-root-data/2019031302~deb9u1
Processing control commands: > affects -1 src:dns-root-data Bug #925351 [release.debian.org] stretch-pu: package dns-root-data/2019031302~deb9u1 Added indication that 925351 affects src:dns-root-data -- 925351: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925351 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#925350: unblock: ubuntu-keyring/2018.09.18.1-5
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package ubuntu-keyring
* This update fixes file removal at maintainer script, and also deals with
symlink
removal that the package in testing doesn't create properly as below
>> # force remove garbage that was created by previous version, oh moron...
>> rm -f /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cloud-archive\,\
>> ubuntu-cloud-removed-keys.gpg
* ubuntu-keyring is leaf package, no package will be affected with this
change if there would be a regression ;)
>> $ apt-rdepends -r ubuntu-keyring
>> ubuntu-keyring
>> Reverse Depends: ubuntu-archive-keyring (2018.09.18.1-5)
ubuntu-archive-keyring is just a transitional package.
Here's a debdiff.
diff -Nru ubuntu-keyring-2018.09.18.1/debian/changelog
ubuntu-keyring-2018.09.18.1/debian/changelog
--- ubuntu-keyring-2018.09.18.1/debian/changelog2019-02-07
00:26:23.0 +0900
+++ ubuntu-keyring-2018.09.18.1/debian/changelog2019-03-12
01:40:45.0 +0900
@@ -1,3 +1,16 @@
+ubuntu-keyring (2018.09.18.1-5) unstable; urgency=medium
+
+ * debian/*.post{inst,rm}
+- use apt-config(8)'s Dir::Etc::trustedparts and fix keyring removal error.
+ Thanks to Linda Lapinlampi and
+ Hiroyuki YAMAMORI (Closes: #922176, #922177)
+ * debian/ubuntu-dbgsym-keyring.templates
+- add ubuntu-dbgsym-keyring.gpg (See #922348)
+ * debian/control
+- add Rules-Requires-Root: no
+
+ -- Hideki Yamane Tue, 12 Mar 2019 01:40:45 +0900
+
ubuntu-keyring (2018.09.18.1-4) unstable; urgency=medium
* debian/control
diff -Nru ubuntu-keyring-2018.09.18.1/debian/control
ubuntu-keyring-2018.09.18.1/debian/control
--- ubuntu-keyring-2018.09.18.1/debian/control 2019-02-07 00:26:23.0
+0900
+++ ubuntu-keyring-2018.09.18.1/debian/control 2019-03-12 01:40:45.0
+0900
@@ -8,6 +8,7 @@
Homepage: https://launchpad.net/ubuntu/+source/ubuntu-keyring
Vcs-Git: https://salsa.debian.org/debian/ubuntu-keyring.git
Vcs-Browser: https://salsa.debian.org/debian/ubuntu-keyring
+Rules-Requires-Root: no
Package: ubuntu-archive-keyring
Architecture: all
diff -Nru ubuntu-keyring-2018.09.18.1/debian/ubuntu-cloud-keyring.postinst
ubuntu-keyring-2018.09.18.1/debian/ubuntu-cloud-keyring.postinst
--- ubuntu-keyring-2018.09.18.1/debian/ubuntu-cloud-keyring.postinst
2019-02-07 00:26:23.0 +0900
+++ ubuntu-keyring-2018.09.18.1/debian/ubuntu-cloud-keyring.postinst
2019-03-12 01:40:45.0 +0900
@@ -5,15 +5,26 @@
case "$1" in
install|configure)
+ # force remove garbage that was created by previous version, oh moron...
+ rm -f /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cloud-archive\,\
ubuntu-cloud-removed-keys.gpg
+
+
+ TRUSTEDPARTS="/etc/apt/trusted.gpg.d/"
+ eval "$(apt-config shell TRUSTEDPARTS Dir::Etc::trustedparts/d)"
+
+ # once clean up keyrings
+ rm -f "${TRUSTEDPARTS}ubuntu-keyring-2012-cloud-archive.gpg" \
+"${TRUSTEDPARTS}ubuntu-keyring-2012-removed-keys.gpg"
+
. /usr/share/debconf/confmodule
db_version 2.0
db_get ubuntu-cloud-keyring/keyring
if [ -n "$RET" ]; then
-for keyring in "$RET"
+selected=$(echo "$RET" | sed -e 's/, /\n/g')
+echo "$selected" | while read keyring
do
- rm -f /etc/apt/trusted.gpg.d/"$keyring".gpg
- ln -sf /usr/share/keyrings/"$keyring".gpg /etc/apt/trusted.gpg.d/
+ ln -sf "/usr/share/keyrings/${keyring}.gpg" "$TRUSTEDPARTS"
done
fi
diff -Nru ubuntu-keyring-2018.09.18.1/debian/ubuntu-cloud-keyring.postrm
ubuntu-keyring-2018.09.18.1/debian/ubuntu-cloud-keyring.postrm
--- ubuntu-keyring-2018.09.18.1/debian/ubuntu-cloud-keyring.postrm
2019-02-07 00:26:23.0 +0900
+++ ubuntu-keyring-2018.09.18.1/debian/ubuntu-cloud-keyring.postrm
2019-03-12 01:40:45.0 +0900
@@ -5,9 +5,12 @@
case "$1" in
purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
-rm -f /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cloud-archive.gpg \
- /etc/apt/trusted.gpg.d/ubuntu-cloud-removed-keys.gpg \
- /etc/apt/trusted.gpg.d/ubuntu-cloud-keyring.gpg
+TRUSTEDPARTS="/etc/apt/trusted.gpg.d/"
+eval "$(apt-config shell TRUSTEDPARTS Dir::Etc::trustedparts/d)"
+
+rm -f "${TRUSTEDPARTS}ubuntu-keyring-2012-cloud-archive.gpg" \
+ "${TRUSTEDPARTS}ubuntu-cloud-removed-keys.gpg" \
+ "${TRUSTEDPARTS}ubuntu-cloud-keyring.gpg"
;;
*)
diff -Nru ubuntu-keyring-2018.09.18.1/debian/ubuntu-dbgsym-keyring.postinst
ubuntu-keyring-2018.09.18.1/debian/ubuntu-dbgsym-keyring.postinst
--- ubuntu-keyring-2018.09.18.1/debian/ubuntu-dbgsym-keyring.postinst
2019-02-07 00:26:23.0 +0900
+++ ubuntu-keyring-2018.09.18.1/debian/ubuntu-dbgsym-keyring.postinst
2019-03-12 01:40:45.0 +0900
@@ -5,15
Bug#925345: unblock: libapache2-mod-auth-mellon/0.14.2-1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package libapache2-mod-auth-mellon
The upload contains fixes for two security issues, it is a new
upstream that only contains these fixes.
unblock libapache2-mod-auth-mellon/0.14.2-1
Thanks,
Thijs
diff -Nru libapache2-mod-auth-mellon-0.14.1/auth_mellon_util.c
libapache2-mod-auth-mellon-0.14.2/auth_mellon_util.c
--- libapache2-mod-auth-mellon-0.14.1/auth_mellon_util.c2018-07-25
10:19:25.0 +
+++ libapache2-mod-auth-mellon-0.14.2/auth_mellon_util.c2019-03-20
07:29:16.0 +
@@ -927,6 +927,13 @@
"Control character detected in URL.");
return HTTP_BAD_REQUEST;
}
+if (*i == '\\') {
+/* Reject backslash character, as it can be used to bypass
+ * redirect URL validation. */
+AM_LOG_RERROR(APLOG_MARK, APLOG_ERR, HTTP_BAD_REQUEST, r,
+ "Backslash character detected in URL.");
+return HTTP_BAD_REQUEST;
+}
}
return OK;
diff -Nru libapache2-mod-auth-mellon-0.14.1/configure
libapache2-mod-auth-mellon-0.14.2/configure
--- libapache2-mod-auth-mellon-0.14.1/configure 2019-02-11 07:40:35.0
+
+++ libapache2-mod-auth-mellon-0.14.2/configure 2019-03-21 13:58:52.0
+
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for mod_auth_mellon 0.14.1.
+# Generated by GNU Autoconf 2.69 for mod_auth_mellon 0.14.2.
#
# Report bugs to .
#
@@ -580,8 +580,8 @@
# Identity of this package.
PACKAGE_NAME='mod_auth_mellon'
PACKAGE_TARNAME='mod_auth_mellon'
-PACKAGE_VERSION='0.14.1'
-PACKAGE_STRING='mod_auth_mellon 0.14.1'
+PACKAGE_VERSION='0.14.2'
+PACKAGE_STRING='mod_auth_mellon 0.14.2'
PACKAGE_BUGREPORT='olav.mor...@uninett.no'
PACKAGE_URL=''
@@ -1262,7 +1262,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures mod_auth_mellon 0.14.1 to adapt to many kinds of
systems.
+\`configure' configures mod_auth_mellon 0.14.2 to adapt to many kinds of
systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1324,7 +1324,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of mod_auth_mellon 0.14.1:";;
+ short | recursive ) echo "Configuration of mod_auth_mellon 0.14.2:";;
esac
cat <<\_ACEOF
@@ -1431,7 +1431,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-mod_auth_mellon configure 0.14.1
+mod_auth_mellon configure 0.14.2
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1779,7 +1779,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by mod_auth_mellon $as_me 0.14.1, which was
+It was created by mod_auth_mellon $as_me 0.14.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3098,7 +3098,7 @@
-NAMEVER=mod_auth_mellon-0.14.1
+NAMEVER=mod_auth_mellon-0.14.2
@@ -4879,7 +4879,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by mod_auth_mellon $as_me 0.14.1, which was
+This file was extended by mod_auth_mellon $as_me 0.14.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES= $CONFIG_FILES
@@ -4941,7 +4941,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/&/g'`"
ac_cs_version="\\
-mod_auth_mellon config.status 0.14.1
+mod_auth_mellon config.status 0.14.2
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -Nru libapache2-mod-auth-mellon-0.14.1/configure.ac
libapache2-mod-auth-mellon-0.14.2/configure.ac
--- libapache2-mod-auth-mellon-0.14.1/configure.ac 2019-02-11
07:26:49.0 +
+++ libapache2-mod-auth-mellon-0.14.2/configure.ac 2019-03-21
13:58:35.0 +
@@ -1,4 +1,4 @@
-AC_INIT([mod_auth_mellon],[0.14.1],[olav.mor...@uninett.no])
+AC_INIT([mod_auth_mellon],[0.14.2],[olav.mor...@uninett.no])
AC_CONFIG_HEADERS([config.h])
# We require support for C99.
diff -Nru libapache2-mod-auth-mellon-0.14.1/debian/changelog
libapache2-mod-auth-mellon-0.14.2/debian/changelog
--- libapache2-mod-auth-mellon-0.14.1/debian/changelog 2019-02-11
08:44:03.0 +
+++ libapache2-mod-auth-mellon-0.14.2/debian/changelog 2019-03-22
12:10:11.0 +
@@ -1,3 +1,11 @@
+libapache2-mod-auth-mellon (0.14.2-1) unstable; urgency=high
+
+ * New upstream security release. (closes: #925197)
+- Auth bypass when used with
Bug#924070: [pre-approval] unblock: nvidia-cuda-toolkit/10.1.105-1
Followup-For: Bug #924070
Hi,
I've now prepared the packaging of 10.1.105-1 and attach the debdiffs.
It's split into two parts: one from 9.2.148-6 (testing) to 9.2.148-7
(sid) which contains a lot of small packaging fixes, improvements,
cleanups I noticed while preparing 10.0/10.1 and I'd like to have in
buster. Notably I folded our outdated enhanced copies of
usr/bin/{nsight,nvpp,nvcc.profile) into debianize.patch to ease
tracking upstream changes. And I cleaned up the examples installation
mess. Some hardcoded bits are being replaced by dynamic settings,
simplifying working with newer upstreams.
b/debian/changelog| 15 -
b/debian/control | 13 +++-
b/debian/libcupti-doc.examples|1
b/debian/libnvgraphSOVER.lintian-overrides|1
b/debian/not-installed.in |3 -
b/debian/nvidia-cuda-doc.install |6 +-
b/debian/nvidia-cuda-doc.lintian-overrides|2
b/debian/nvidia-cuda-toolkit.install |2
b/debian/nvidia-nsight.install|2
b/debian/nvidia-nsight.lintian-overrides |1
b/debian/nvidia-visual-profiler.install |2
b/debian/nvidia-visual-profiler.lintian-overrides |1
b/debian/patches/debianize.patch.in | 55 +++
b/debian/patches/series-postunpack.in |1
b/debian/rules| 62 ++
b/debian/rules.defs |5 +
debian/libcupti-doc.install |1
debian/nsight.in |6 --
debian/nvcc.profile.in| 17 --
debian/nvvp.in|6 --
20 files changed, 134 insertions(+), 68 deletions(-)
unblock nvidia-cuda-toolkit/9.2.148-7
Second part is the preliminary diff from 9.2.148-7 (sid) to 10.1.105-1
(not yet uploaded)
The packaging changes are a bit larger than usually since upstream
changed more things than usually, bundled new stuff and requires us
to repack differently. The soname related changes require some
renames (SOVER->SORTVER) blowing up the diffstat.
Switching to 10.1.105 will also require updating nvidia-graphics-drivers
(and the assiciated software stack -settings,-xconfig,-modprobe,
-persistenced) from 410.xx (testing/sid) to 418.xx (experimental).
I'll file a separate request for these in case this nvidia-cuda-toolkit
request gets approved.
b/debian/changelog | 51
b/debian/control | 143 +-
b/debian/copyright | 1754 +++--
b/debian/gbp.conf |4
b/debian/gcc | 12
b/debian/libaccinj64-SORTVER.symbols.in|5
b/debian/libcublasltSOVER.install.in |1
b/debian/libcublasltSOVER.lintian-overrides|2
b/debian/libcublasltSOVER.symbols.in |3
b/debian/libcudartSORTVER.symbols.in |3
b/debian/libcuinj64-SORTVER.lintian-overrides |3
b/debian/libcuinj64-SORTVER.symbols.in |3
b/debian/libcupti-dev.install.in |5
b/debian/libcupti-dev.lintian-overrides|2
b/debian/libcupti-doc.docs |3
b/debian/libcuptiSORTVER.install.in|3
b/debian/libcuptiSORTVER.lintian-overrides | 10
b/debian/libcuptiSORTVER.symbols.in| 161 ++
b/debian/libnppialSOVER.lintian-overrides |1
b/debian/libnppitcSOVER.lintian-overrides |1
b/debian/libnvjpegSOVER.install.in |1
b/debian/libnvjpegSOVER.lintian-overrides |3
b/debian/libnvjpegSOVER.symbols.in |3
b/debian/libnvrtcSORTVER.lintian-overrides |6
b/debian/libnvrtcSORTVER.symbols.in|6
b/debian/libnvvm3.lintian-overrides|2
b/debian/libnvvm3.symbols |1
b/debian/not-installed.in |9
b/debian/nsight-compute.docs |2
b/debian/nsight-compute.install|6
b/debian/nsight-compute.lintian-overrides.in | 34
b/debian/nsight-systems.install|2
b/debian/nsight-systems.links |1
b/debian/nsight-systems.lintian-overrides | 19
b/debian/nvidia-cuda-dev.install.in|1
b/debian/nvidia-cuda-dev.lintian-overrides |7
b/debian/nvidia-cuda-doc.install |1
b/debian/nvidia-cuda-toolkit.README.Debian | 29
b/debian/nvidia-cuda-toolkit.install |3
b/debian/nvidia-profiler.lintian-overrides |1
b/debian/nvidia-visual-profiler.install|1
b/debian/patches/man-typos.patch | 735 +-
Bug#925332: unblock: grub2/2.02+dfsg1-15
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please review and unblock grub2 2.02+dfsg1-15 (just uploaded, so not
quite in the archive yet). I still have some more RC-bug-fixing to do,
but the EFI variable storage changes here are probably going to be the
most complicated remaining change for buster, so I want to maximise the
time available for finding bugs in it.
unblock grub2/2.02+dfsg1-15
Thanks,
--
Colin Watson [cjwat...@debian.org]
diff -Nru grub2-2.02+dfsg1/debian/.git-dpm grub2-2.02+dfsg1/debian/.git-dpm
--- grub2-2.02+dfsg1/debian/.git-dpm2019-02-28 09:35:09.0 +
+++ grub2-2.02+dfsg1/debian/.git-dpm2019-03-23 00:39:00.0 +
@@ -1,6 +1,6 @@
# see git-dpm(1) from git-dpm package
-0cc1bd74c82c94ad93049a7298987c8f155cd0d2
-0cc1bd74c82c94ad93049a7298987c8f155cd0d2
+649e5a39cc5ddf42f6853a0bf818685a625f7cab
+649e5a39cc5ddf42f6853a0bf818685a625f7cab
59aeb1cfaa3d5bfd7bb0f0d37f6d9eed51fe
59aeb1cfaa3d5bfd7bb0f0d37f6d9eed51fe
grub2_2.02+dfsg1.orig.tar.xz
diff -Nru grub2-2.02+dfsg1/debian/changelog grub2-2.02+dfsg1/debian/changelog
--- grub2-2.02+dfsg1/debian/changelog 2019-03-14 10:33:24.0 +
+++ grub2-2.02+dfsg1/debian/changelog 2019-03-23 09:56:35.0 +
@@ -1,3 +1,21 @@
+grub2 (2.02+dfsg1-15) unstable; urgency=medium
+
+ * Build-depend on libefiboot-dev and libefivar-dev, for EFI variable
+storage changes.
+ * Drop now-unnecessary dependencies on efibootmgr.
+
+ -- Colin Watson Sat, 23 Mar 2019 09:56:35 +
+
+grub2 (2.02+dfsg1-14) unstable; urgency=medium
+
+ * Make signed packages depend on a matching version of grub-common, in an
+attempt to prevent incorrect testing migrations (closes: #924814).
+ * Cherry-pick from upstream:
+- xfs: Accept filesystem with sparse inodes (closes: #924760).
+ * Minimise writes to EFI variable storage (closes: #891434).
+
+ -- Colin Watson Sat, 23 Mar 2019 09:47:10 +
+
grub2 (2.02+dfsg1-13) unstable; urgency=medium
* Add regexp module to signed UEFI images.
diff -Nru grub2-2.02+dfsg1/debian/control grub2-2.02+dfsg1/debian/control
--- grub2-2.02+dfsg1/debian/control 2019-02-28 09:35:06.0 +
+++ grub2-2.02+dfsg1/debian/control 2019-03-23 09:56:03.0 +
@@ -32,6 +32,8 @@
libparted-dev [any-powerpc any-ppc64 any-ppc64el],
pkg-config,
bash-completion,
+ libefiboot-dev [any-i386 any-amd64 any-ia64 any-arm any-arm64],
+ libefivar-dev [any-i386 any-amd64 any-ia64 any-arm any-arm64],
Build-Conflicts: autoconf2.13, libzfs-dev, libnvpair-dev
Standards-Version: 3.9.6
Homepage: https://www.gnu.org/software/grub/
@@ -244,7 +246,7 @@
Package: grub-efi-ia32-bin
Architecture: any-i386 any-amd64
-Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (=
${binary:Version}), efibootmgr [linux-any]
+Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version})
Recommends: grub-efi-ia32-signed,
Replaces: grub2 (<< ${source:Version}), grub-common (<= 1.97~beta2-1),
grub-efi, grub-efi-ia32 (<< 1.99-1)
Multi-Arch: foreign
@@ -305,7 +307,7 @@
Package: grub-efi-amd64-bin
Architecture: i386 kopensolaris-i386 any-amd64
-Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (=
${binary:Version}), efibootmgr [linux-any]
+Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version})
Recommends: grub-efi-amd64-signed,
Replaces: grub2 (<< ${source:Version}), grub-common (<= 1.97~beta2-1),
grub-efi-amd64 (<< 1.99-1)
Multi-Arch: foreign
@@ -415,7 +417,7 @@
Package: grub-efi-arm-bin
Architecture: any-arm
-Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (=
${binary:Version}), efibootmgr [linux-any]
+Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version})
Multi-Arch: foreign
XB-Efi-Vendor: ${efi:Vendor}
Description: GRand Unified Bootloader, version 2 (ARM UEFI modules)
@@ -465,7 +467,7 @@
Package: grub-efi-arm64-bin
Architecture: any-arm64
-Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (=
${binary:Version}), efibootmgr [linux-any]
+Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version})
Recommends: grub-efi-arm64-signed,
Multi-Arch: foreign
XB-Efi-Vendor: ${efi:Vendor}
diff -Nru
grub2-2.02+dfsg1/debian/patches/efi-variable-storage-minimise-writes.patch
grub2-2.02+dfsg1/debian/patches/efi-variable-storage-minimise-writes.patch
--- grub2-2.02+dfsg1/debian/patches/efi-variable-storage-minimise-writes.patch
1970-01-01 01:00:00.0 +0100
+++ grub2-2.02+dfsg1/debian/patches/efi-variable-storage-minimise-writes.patch
2019-03-23 00:39:00.0 +
@@ -0,0 +1,890 @@
+From 649e5a39cc5ddf42f6853a0bf818685a625f7cab Mon Sep 17 00:00:00 2001
+From: Colin Watson
+Date: Mon, 11 Mar 2019 11:17:43 +
+Subject: Minimise writes to EFI variable storage
+
+Some UEFI firmware is easily provoked into running out of space in its
Bug#925330: unblock: qtwebkit-opensource-src/5.212.0~alpha2-21
On Sat, Mar 23, 2019 at 12:06:46PM +0300, Dmitry Shachnev wrote:
> Please unblock package qtwebkit-opensource-src.
>
> It fixes a bug of severity important: #924402. The debdiff is attached.
Actually attaching the debdiff...
--
Dmitry Shachnev
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+qtwebkit-opensource-src (5.212.0~alpha2-21) unstable; urgency=medium
+
+ * Add fastcall attribute to JSImageConstructor::construct method.
+This fixes crash on i386 (closes: #909366, #924402). Thanks Bernhard
+Übelacker for the patch!
+ * Remove -fpermissive from build flags. It was wrong and not needed
+with the applied patch.
+
+ -- Dmitry Shachnev Fri, 22 Mar 2019 11:42:38 +0300
+
qtwebkit-opensource-src (5.212.0~alpha2-20) unstable; urgency=medium
* Backport two upstream commits to fix page width in plain text messages
--- /dev/null
+++ b/debian/patches/i386_fastcall.diff
@@ -0,0 +1,16 @@
+Description: add attribute fastcall to derived class member JSImageConstructor::construct
+Author: Bernhard Übelacker
+Forwarded: https://github.com/annulen/webkit/pull/803
+Last-Update: 2019-03-22
+
+--- a/Source/WebCore/bindings/js/JSImageConstructor.cpp
b/Source/WebCore/bindings/js/JSImageConstructor.cpp
+@@ -44,7 +44,7 @@ template<> JSValue JSImageConstructor::p
+ return JSHTMLElement::getConstructor(vm, );
+ }
+
+-template<> EncodedJSValue JSImageConstructor::construct(ExecState* state)
++template<> EncodedJSValue JSC_HOST_CALL JSImageConstructor::construct(ExecState* state)
+ {
+ JSImageConstructor* jsConstructor = jsCast(state->callee());
+ Document* document = jsConstructor->document();
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,3 +11,4 @@ use_system_woff2.diff
pkgconfig_includedir.diff
doxygen_tags.diff
fix_trojita_plaintext.diff
+i386_fastcall.diff
--- a/debian/rules
+++ b/debian/rules
@@ -44,8 +44,6 @@ ifneq (,$(filter $(DEB_HOST_ARCH_CPU),ppc64el s390x))
EXTRA_CMAKE_ARGUMENTS += -DUSE_SYSTEM_MALLOC=ON
endif
-DEB_CXXFLAGS_MAINT_APPEND += -fpermissive
-
%:
dh $@ --buildsystem=cmake+ninja --with pkgkde_symbolshelper
signature.asc
Description: PGP signature
Bug#925330: unblock: qtwebkit-opensource-src/5.212.0~alpha2-21
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Dear Release team, Please unblock package qtwebkit-opensource-src. It fixes a bug of severity important: #924402. The debdiff is attached. unblock qtwebkit-opensource-src/5.212.0~alpha2-21 -- Dmitry Shachnev signature.asc Description: PGP signature
Bug#925321: marked as done (RM: openjdk-8/8u171-b11-2)
Your message dated Sat, 23 Mar 2019 07:30:20 +0100 with message-id <4302d8c2-0be7-55ae-edae-335c4f243...@debian.org> and subject line Re: Bug#925321: RM: openjdk-8/8u171-b11-2 has caused the Debian Bug report #925321, regarding RM: openjdk-8/8u171-b11-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 925321: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925321 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: rm Hi, please kick openjdk-8 out of testing, finally it has no rdepends left. The version skew w.r.t. stable, i.e. stretch has a newer version than buster, blocks a lot of piuparts stretch->buster upgrade tests. Andreas --- End Message --- --- Begin Message --- Hi Andreas, On 23-03-2019 02:37, Andreas Beckmann wrote: > please kick openjdk-8 out of testing, finally it has no rdepends left. > > The version skew w.r.t. stable, i.e. stretch has a newer version than > buster, blocks a lot of piuparts stretch->buster upgrade tests. This should be handled in unstable. I have updated bug 915620 for this. Paul signature.asc Description: OpenPGP digital signature --- End Message ---
Bug#925323: marked as done (unblock: ibuffer-projectile/0.2-3)
Your message dated Sat, 23 Mar 2019 07:21:37 +0100
with message-id <3a4722c3-5eac-66bc-5f68-891d09686...@debian.org>
and subject line Re: Bug#925323: unblock: ibuffer-projectile/0.2-3
has caused the Debian Bug report #925323,
regarding unblock: ibuffer-projectile/0.2-3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
925323: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925323
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package ibuffer-projectile
The only difference is a trivial fix of #924295. Please, find attached
the debdiff between 0.2-2 (currently in testing) and 0.2-3 (currently
in unstable).
Cheers!
Lev Lamberov
unblock ibuffer-projectile/0.2-3
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8),
LANGUAGE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru ibuffer-projectile-0.2/debian/changelog
ibuffer-projectile-0.2/debian/changelog
--- ibuffer-projectile-0.2/debian/changelog 2018-06-03 04:55:54.0
+0500
+++ ibuffer-projectile-0.2/debian/changelog 2019-03-22 23:19:40.0
+0500
@@ -1,3 +1,9 @@
+ibuffer-projectile (0.2-3) unstable; urgency=medium
+
+ * Explicitly depend on elpa-dash (Closes: #924295)
+
+ -- Lev Lamberov Fri, 22 Mar 2019 23:19:40 +0500
+
ibuffer-projectile (0.2-2) unstable; urgency=medium
* Team upload.
diff -Nru ibuffer-projectile-0.2/debian/control
ibuffer-projectile-0.2/debian/control
--- ibuffer-projectile-0.2/debian/control 2018-06-03 04:55:54.0
+0500
+++ ibuffer-projectile-0.2/debian/control 2019-03-22 23:19:40.0
+0500
@@ -16,6 +16,7 @@
Depends: ${elpa:Depends},
${misc:Depends},
emacs,
+ elpa-dash,
elpa-projectile
Recommends: emacs (>= 46.0)
Enhances: emacs,
--- End Message ---
--- Begin Message ---
On 23-03-2019 06:11, Lev Lamberov wrote:
> Please unblock package ibuffer-projectile
done, thanks.
Paul
signature.asc
Description: OpenPGP digital signature
--- End Message ---
