Bug#926911: unblock: epsilon/0.7.1-1.1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package epsilon, the NMU fixes #924650
Debdiff attached.
unblock epsilon/0.7.1-1.1
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru epsilon-0.7.1/debian/changelog epsilon-0.7.1/debian/changelog
--- epsilon-0.7.1/debian/changelog 2015-10-10 17:43:41.0 +0200
+++ epsilon-0.7.1/debian/changelog 2019-04-06 12:38:25.0 +0200
@@ -1,3 +1,10 @@
+epsilon (0.7.1-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Apply patch from BTS to fix, thanks doko for the patch (Closes: #924650)
+
+ -- Tobias Frost Sat, 06 Apr 2019 12:38:25 +0200
+
epsilon (0.7.1-1) unstable; urgency=medium
* New upstream release.
diff -Nru epsilon-0.7.1/debian/patches/kernel-4.18-diskstats.diff
epsilon-0.7.1/debian/patches/kernel-4.18-diskstats.diff
--- epsilon-0.7.1/debian/patches/kernel-4.18-diskstats.diff 1970-01-01
01:00:00.0 +0100
+++ epsilon-0.7.1/debian/patches/kernel-4.18-diskstats.diff 2019-04-06
12:16:28.0 +0200
@@ -0,0 +1,13 @@
+--- a/epsilon/scripts/benchmark.py
b/epsilon/scripts/benchmark.py
+@@ -46,6 +46,10 @@ def parseDiskStatLine(L):
+ appropriate record type (either L{partitionstat} or L{diskstat}).
+ """
+ parts = L.split()
++# https://www.kernel.org/doc/Documentation/ABI/testing/procfs-diskstats
++# ignore new diskstat values
++if len(parts) == 18:
++parts = parts[:-4]
+ device = parts[2]
+ if len(parts) == 7:
+ factory = partitionstat
diff -Nru epsilon-0.7.1/debian/patches/series
epsilon-0.7.1/debian/patches/series
--- epsilon-0.7.1/debian/patches/series 2015-10-10 17:43:41.0 +0200
+++ epsilon-0.7.1/debian/patches/series 2019-04-06 12:16:28.0 +0200
@@ -1 +1,2 @@
0001-Gracefully-handle-not-finding-working-directory.patch
+kernel-4.18-diskstats.diff
Bug#926813: unblock: python-scipy/1.1.0-6
On 2019-04-12 11:43, Drew Parsons wrote: python-scipy/1.1.0-7 is now uploaded. Here's the debdiff $ debdiff python-scipy_1.1.0-4.dsc python-scipy_1.1.0-7.dsc diff -Nru python-scipy-1.1.0/debian/changelog python-scipy-1.1.0/debian/changelog --- python-scipy-1.1.0/debian/changelog 2019-03-14 14:12:00.0 +0800 +++ python-scipy-1.1.0/debian/changelog 2019-04-12 00:46:35.0 +0800 @@ -1,3 +1,27 @@ +python-scipy (1.1.0-7) unstable; urgency=medium + + * Team upload. + * Patch fix_test_optim_canonical~onstraint_2d7e7e8c.patch applies +upstream patch 2d7e7e8 to fix occasional random failures in +test_canonical_constraint.test_concatenation. + + -- Drew Parsons Fri, 12 Apr 2019 00:46:35 +0800 + +python-scipy (1.1.0-6) unstable; urgency=medium + + * Team upload. + * skip sparsetools.TestInt32Overflow matvec tests on python3 also. + + -- Drew Parsons Thu, 11 Apr 2019 09:38:17 +0800 + +python-scipy (1.1.0-5) unstable; urgency=medium + + * Team upload. + * Skip sparsetools.TestInt32Overflow matvec tests on python2 +(MemoryError). Closes: #919929. + + -- Drew Parsons Wed, 10 Apr 2019 16:41:47 +0800 + python-scipy (1.1.0-4) unstable; urgency=medium * Team upload. diff -Nru python-scipy-1.1.0/debian/patches/fix_test_optim_canonical_constraint_2d7e7e8c.patch python-scipy-1.1.0/debian/patches/fix_test_optim_canonical_constraint_2d7e7e8c.patch --- python-scipy-1.1.0/debian/patches/fix_test_optim_canonical_constraint_2d7e7e8c.patch 1970-01-01 08:00:00.0 +0800 +++ python-scipy-1.1.0/debian/patches/fix_test_optim_canonical_constraint_2d7e7e8c.patch 2019-04-12 00:46:35.0 +0800 @@ -0,0 +1,37 @@ +From 2d7e7e8c6142e8925c44f92f6839147690880e7d Mon Sep 17 00:00:00 2001 +From: Warren Weckesser +Date: Wed, 10 Apr 2019 14:20:40 -0400 +Subject: [PATCH] BUG/TST: optimize: Fix a test that occasionally raises an + exception. + +The test `test_initial_constraints_as_canonical()` in +scipy/scipy/optimize/_trustregion_constr/tests/test_canonical_constraint.py +occasionally raises an exception when it is run, because the random initial +value `x0` that it generates does not satisfy the nonlinear constraint used +in the test. To avoid this, use a fixed `x0` instead of generating it +randomly. + +Closes gh-9308. +--- + .../_trustregion_constr/tests/test_canonical_constraint.py | 7 +-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/scipy/optimize/_trustregion_constr/tests/test_canonical_constraint.py b/scipy/optimize/_trustregion_constr/tests/test_canonical_constraint.py +index 3ac51b6faa8..589f32f1aee 100644 +--- a/scipy/optimize/_trustregion_constr/tests/test_canonical_constraint.py b/scipy/optimize/_trustregion_constr/tests/test_canonical_constraint.py +@@ -234,9 +234,12 @@ def test_empty(): + + + def test_initial_constraints_as_canonical(): ++# rng is only used to generate the coefficients of the quadratic ++# function that is used by the nonlinear constraint. + rng = np.random.RandomState(0) +-n = 4 +-x0 = np.random.rand(n) ++ ++x0 = np.array([0.5, 0.4, 0.3, 0.2]) ++n = len(x0) + + lb1 = [-1, -np.inf, -2, 3] + ub1 = [1, np.inf, np.inf, 3] diff -Nru python-scipy-1.1.0/debian/patches/series python-scipy-1.1.0/debian/patches/series --- python-scipy-1.1.0/debian/patches/series 2019-03-14 14:12:00.0 +0800 +++ python-scipy-1.1.0/debian/patches/series 2019-04-12 00:46:35.0 +0800 @@ -4,3 +4,4 @@ matrix_API_614847c5.patch matrix_API_more_e0cfa29e2.patch matrix_API_filter_check_87e48c3c5.patch +fix_test_optim_canonical_constraint_2d7e7e8c.patch diff -Nru python-scipy-1.1.0/debian/tests/python2 python-scipy-1.1.0/debian/tests/python2 --- python-scipy-1.1.0/debian/tests/python2 2019-03-14 14:12:00.0 +0800 +++ python-scipy-1.1.0/debian/tests/python2 2019-04-12 00:46:35.0 +0800 @@ -27,6 +27,9 @@ "sparse.tests.test_sparsetools.TestInt32Overflow.test_bsr_n_block[matmat]", "sparse.tests.test_sparsetools.TestInt32Overflow.test_bsr_n_block[matvecs]", "sparse.tests.test_sparsetools.TestInt32Overflow.test_bsr_n_block[transpose]", +# postscriptum on Bug#919929 +"sparse.tests.test_sparsetools.TestInt32Overflow.test_matvecs", +"sparse.tests.test_sparsetools.TestInt32Overflow.test_dia_matvec", ] junit = "$TMPDIR/junit.xml" diff -Nru python-scipy-1.1.0/debian/tests/python3 python-scipy-1.1.0/debian/tests/python3 --- python-scipy-1.1.0/debian/tests/python3 2019-03-14 14:12:00.0 +0800 +++ python-scipy-1.1.0/debian/tests/python3 2019-04-12 00:46:35.0 +0800 @@ -19,6 +19,9 @@ "linalg.tests.test_solvers.test_solve_generalized_discrete_are", # fails with atlas "linalg.tests.test_solvers.test_solve_discrete_are", +# postscriptum on Bug#919929 +"sparse.tests.test_sparsetools.TestInt32Overflow.test_matvecs", +"sparse.tests.test_sparsetools.TestInt32Overflow.test_dia_matvec", ] junit = "$TMPDIR/junit.xml"
Bug#926813: unblock: python-scipy/1.1.0-6
On 2019-04-12 00:25, Paul Gevers wrote: E ValueError: `x0` is infeasible with respect to some inequality constraint with `keep_feasible` set to True. Upstream noticed it too, https://github.com/scipy/scipy/issues/9308 It's a small patch. Should we apply it in a python-scipy/1.1.0-7 ? Yes please. python-scipy/1.1.0-7 is now uploaded.
Processed: block 926350 with 926907
Processing commands for cont...@bugs.debian.org: > block 926350 with 926907 Bug #926350 [python3-django-casclient] CAS middleware incompatible with Django >= 1.10 926350 was not blocked by any bugs. 926350 was not blocking any bugs. Added blocking bug(s) of 926350: 926907 > thanks Stopping processing here. Please contact me if you need assistance. -- 926350: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926350 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926907: unblock: python-django-casclient/1.2.0-2.2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package python-django-casclient As explained in bug #926350 [1], python-django-casclient is broken when used with Django versions >= 1.10, due to Django middleware API changes. Since Buster will ship with Django 1.11, python-django-casclient is useless in its current state. The patch to fix the issue was obtained from upstream [2]. The source debdiff between the version in testing/unstable and the fixed version I would like to upload (via unstable) is attached. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926350 [2] https://github.com/kstateome/django-cas/pull/64 unblock python-django-casclient/1.2.0-2.2 -- System Information: Debian Release: 9.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru python-django-casclient-1.2.0/debian/changelog python-django-casclient-1.2.0/debian/changelog --- python-django-casclient-1.2.0/debian/changelog 2018-09-22 05:04:25.0 -0400 +++ python-django-casclient-1.2.0/debian/changelog 2019-04-03 17:26:47.0 -0400 @@ -1,3 +1,10 @@ +python-django-casclient (1.2.0-2.2) unstable; urgency=medium + + * Non-maintainer upload. + * Apply django 1.10 middleware fix from upstream (Closes: #926350) + + -- William Blough Wed, 03 Apr 2019 17:26:47 -0400 + python-django-casclient (1.2.0-2.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru python-django-casclient-1.2.0/debian/patches/django_110_middleware_fix python-django-casclient-1.2.0/debian/patches/django_110_middleware_fix --- python-django-casclient-1.2.0/debian/patches/django_110_middleware_fix 1969-12-31 19:00:00.0 -0500 +++ python-django-casclient-1.2.0/debian/patches/django_110_middleware_fix 2019-04-03 17:26:47.0 -0400 @@ -0,0 +1,41 @@ +Description: Fix middleware to be compatible with Django 1.10 +Origin: upstream, https://patch-diff.githubusercontent.com/raw/kstateome/django-cas/pull/64.diff +Last-Update: 2019-04-11 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/cas/middleware.py b/cas/middleware.py +@@ -5,6 +5,15 @@ try: + except ImportError: + from urllib.parse import urlencode + ++ ++MIDDLEWARE_BASE = None ++ ++try: ++from django.utils.deprecation import MiddlewareMixin ++MIDDLEWARE_BASE = MiddlewareMixin ++except ImportError: ++MIDDLEWARE_BASE = object ++ + from django.conf import settings + from django.contrib.auth import REDIRECT_FIELD_NAME + from django.contrib.auth import logout as do_logout +@@ -19,7 +28,7 @@ from cas.views import login as cas_login + __all__ = ['CASMiddleware'] + + +-class CASMiddleware(object): ++class CASMiddleware(MIDDLEWARE_BASE): + """ + Middleware that allows CAS authentication on admin pages + """ +@@ -81,7 +90,7 @@ class CASMiddleware(object): + return None + + +-class ProxyMiddleware(object): ++class ProxyMiddleware(MIDDLEWARE_BASE): + + # Middleware used to "fake" the django app that it lives at the Proxy Domain + def process_request(self, request): diff -Nru python-django-casclient-1.2.0/debian/patches/series python-django-casclient-1.2.0/debian/patches/series --- python-django-casclient-1.2.0/debian/patches/series 1969-12-31 19:00:00.0 -0500 +++ python-django-casclient-1.2.0/debian/patches/series 2019-04-03 17:26:47.0 -0400 @@ -0,0 +1 @@ +django_110_middleware_fix
Bug#926897: stretch-pu: package audiofile/0.3.6-4+deb9u1
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Fixes two minor security issue, debdiff below.
Cheers,
Moritz
diff -Nru audiofile-0.3.6/debian/changelog audiofile-0.3.6/debian/changelog
--- audiofile-0.3.6/debian/changelog2017-03-16 21:43:45.0 +0100
+++ audiofile-0.3.6/debian/changelog2019-04-11 00:28:31.0 +0200
@@ -1,3 +1,10 @@
+audiofile (0.3.6-4+deb9u1) stretch; urgency=medium
+
+ * CVE-2018-13440 (Closes: #903499)
+ * CVE-2018-17095 (Closes: #913166)
+
+ -- Moritz Mühlenhoff Thu, 11 Apr 2019 00:28:31 +0200
+
audiofile (0.3.6-4) unstable; urgency=high
* Team upload.
diff -Nru audiofile-0.3.6/debian/patches/11_CVE-2018-13440.patch
audiofile-0.3.6/debian/patches/11_CVE-2018-13440.patch
--- audiofile-0.3.6/debian/patches/11_CVE-2018-13440.patch 1970-01-01
01:00:00.0 +0100
+++ audiofile-0.3.6/debian/patches/11_CVE-2018-13440.patch 2019-04-05
16:10:40.0 +0200
@@ -0,0 +1,28 @@
+From fde6d79fb8363c4a329a184ef0b107156602b225 Mon Sep 17 00:00:00 2001
+From: Wim Taymans
+Date: Thu, 27 Sep 2018 10:48:45 +0200
+Subject: [PATCH] ModuleState: handle compress/decompress init failure
+
+When the unit initcompress or initdecompress function fails,
+m_fileModule is NULL. Return AF_FAIL in that case instead of
+causing NULL pointer dereferences later.
+
+Fixes #49
+---
+ libaudiofile/modules/ModuleState.cpp | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libaudiofile/modules/ModuleState.cpp
b/libaudiofile/modules/ModuleState.cpp
+index 0c29d7a..070fd9b 100644
+--- a/libaudiofile/modules/ModuleState.cpp
b/libaudiofile/modules/ModuleState.cpp
+@@ -75,6 +75,9 @@ status ModuleState::initFileModule(AFfilehandle file, Track
*track)
+ m_fileModule = unit->initcompress(track, file->m_fh,
file->m_seekok,
+ file->m_fileFormat == AF_FILE_RAWDATA, );
+
++ if (!m_fileModule)
++ return AF_FAIL;
++
+ if (unit->needsRebuffer)
+ {
+ assert(unit->nativeSampleFormat == AF_SAMPFMT_TWOSCOMP);
diff -Nru audiofile-0.3.6/debian/patches/12_CVE-2018-17095.patch
audiofile-0.3.6/debian/patches/12_CVE-2018-17095.patch
--- audiofile-0.3.6/debian/patches/12_CVE-2018-17095.patch 1970-01-01
01:00:00.0 +0100
+++ audiofile-0.3.6/debian/patches/12_CVE-2018-17095.patch 2019-04-05
16:10:40.0 +0200
@@ -0,0 +1,26 @@
+From 822b732fd31ffcb78f6920001e9b1fbd815fa712 Mon Sep 17 00:00:00 2001
+From: Wim Taymans
+Date: Thu, 27 Sep 2018 12:11:12 +0200
+Subject: [PATCH] SimpleModule: set output chunk framecount after pull
+
+After pulling the data, set the output chunk to the amount of
+frames we pulled so that the next module in the chain has the correct
+frame count.
+
+Fixes #50 and #51
+---
+ libaudiofile/modules/SimpleModule.cpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libaudiofile/modules/SimpleModule.cpp
b/libaudiofile/modules/SimpleModule.cpp
+index 2bae1eb..e87932c 100644
+--- a/libaudiofile/modules/SimpleModule.cpp
b/libaudiofile/modules/SimpleModule.cpp
+@@ -26,6 +26,7 @@
+ void SimpleModule::runPull()
+ {
+ pull(m_outChunk->frameCount);
++ m_outChunk->frameCount = m_inChunk->frameCount;
+ run(*m_inChunk, *m_outChunk);
+ }
+
diff -Nru audiofile-0.3.6/debian/patches/series
audiofile-0.3.6/debian/patches/series
--- audiofile-0.3.6/debian/patches/series 2017-03-16 21:38:15.0
+0100
+++ audiofile-0.3.6/debian/patches/series 2019-04-11 00:28:31.0
+0200
@@ -8,3 +8,5 @@
08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch
09_Actually-fail-when-error-occurs-in-parseFormat.patch
10_Check-for-division-by-zero-in-BlockCodec-runPull.patch
+11_CVE-2018-13440.patch
+12_CVE-2018-17095.patch
Bug#926891: unblock: libreoffice/1:6.1.5-3
Hi, On Thu, Apr 11, 2019 at 10:31:06PM +0200, Rene Engelhard wrote: > diff -Nru libreoffice-6.1.5/debian/changelog > libreoffice-6.1.5/debian/changelog > --- libreoffice-6.1.5/debian/changelog2019-04-03 13:19:34.0 > +0200 > +++ libreoffice-6.1.5/debian/changelog2019-04-03 13:19:34.0 > +0200 > @@ -1,3 +1,10 @@ > +libreoffice (1:6.1.5-3) unstable; urgency=medium > + > + * debian/patches/jp-JP-Reiwa.diff: Introduce next Japanese gengou > +era 'Reiwa', from libreoffice-6-1 branch > + > + -- Rene Engelhard Wed, 03 Apr 2019 13:19:34 +0200 + -- Rene Engelhard Thu, 11 Apr 2019 22:39:53 +0200 obviously, thanks lintian... Regards, Rene
Bug#926894: stretch-pu: package igraph/0.7.1-2.1+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Dear release team, Upstream has fixed CVE-2018-20349 which is non-dsa. The patch is already backported to unstable/testing and now I would like to fix the Stretch version. Please find attached a corresponding debdiff. Best, Dylan igraph_0.7.1-2.1+deb9u1.debdiff Description: Binary data
Re: Handling Japanese new era "令和 (Reiwa)"
Hi, On Tue, Apr 09, 2019 at 10:18:24AM +0900, Hideki Yamane wrote: > - libreoffice [4] [...] > [4] > https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-6-1=39de7d73fdab86a1531f19076ab1d07fcff97b55 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926892 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926891 Saw the upstream commit in that branch even before I saw this mail, actually. Regards, Rene
Bug#926199: stretch-pu: package libreoffice/1:5.2.7-1+deb9u6
retitle 926199 stretch-pu: package libreoffice/1:5.2.7-1+deb9u7 thanks Hi, this is now 1:5.2.7-1+deb9u7 given the Reiwa fix... New diff will follow. Regards, Rene
Processed: Re: Bug#926199: stretch-pu: package libreoffice/1:5.2.7-1+deb9u6
Processing commands for cont...@bugs.debian.org: > retitle 926199 stretch-pu: package libreoffice/1:5.2.7-1+deb9u7 Bug #926199 [release.debian.org] stretch-pu: package libreoffice/1:5.2.7-1+deb9u6 Changed Bug title to 'stretch-pu: package libreoffice/1:5.2.7-1+deb9u7' from 'stretch-pu: package libreoffice/1:5.2.7-1+deb9u6'. > thanks Stopping processing here. Please contact me if you need assistance. -- 926199: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926199 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926891: unblock: libreoffice/1:6.1.5-3
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package libreoffice
I think we should update busters (via sid...) LibreOffice with the new Japanese
era.
This is just applying the upstream fix from
https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-6-1=39de7d73fdab86a1531f19076ab1d07fcff97b55
Diff:
diff -Nru libreoffice-6.1.5/debian/changelog libreoffice-6.1.5/debian/changelog
--- libreoffice-6.1.5/debian/changelog 2019-04-03 13:19:34.0 +0200
+++ libreoffice-6.1.5/debian/changelog 2019-04-03 13:19:34.0 +0200
@@ -1,3 +1,10 @@
+libreoffice (1:6.1.5-3) unstable; urgency=medium
+
+ * debian/patches/jp-JP-Reiwa.diff: Introduce next Japanese gengou
+era 'Reiwa', from libreoffice-6-1 branch
+
+ -- Rene Engelhard Wed, 03 Apr 2019 13:19:34 +0200
+
libreoffice (1:6.1.5-2) unstable; urgency=medium
* debian/patches/mention-java-common-package.diff: update message to
diff -Nru libreoffice-6.1.5/debian/patches/jp-JP-Reiwa.diff
libreoffice-6.1.5/debian/patches/jp-JP-Reiwa.diff
--- libreoffice-6.1.5/debian/patches/jp-JP-Reiwa.diff 1970-01-01
01:00:00.0 +0100
+++ libreoffice-6.1.5/debian/patches/jp-JP-Reiwa.diff 2019-04-03
13:19:34.0 +0200
@@ -0,0 +1,89 @@
+From 39de7d73fdab86a1531f19076ab1d07fcff97b55 Mon Sep 17 00:00:00 2001
+From: Eike Rathke
+Date: Thu, 26 Jul 2018 20:46:23 +0200
+Subject: Introduce next Japanese gengou era 'Reiwa'
+
+Prepare for "Japan's Y2K" Gengou calendar era switch after 2019-04-30
+
+The emperor Akihito will abdicate on 2019-04-30. The next emperor
+will be Naruhito, but so far neither the new era name (Heisei for
+Akihito) nor its abbreviation or a Unicode character are
+determined. At least introduce the new era with some dummy names
+(Naruhito,Na,N).
+
+Change-Id: I8c0af390ca0408ac259e47e7eaf2e49b5889c9ba
+Reviewed-on: https://gerrit.libreoffice.org/58142
+Reviewed-by: Eike Rathke
+Tested-by: Jenkins
+
+Introduce next Japanese gengou era 'Reiwa'
+
+starting from 2019-05-01, which has been announced officially.
+
+This fills the provisional slot acknowledged at
+cacbb0faef77ae8462de9ff5c7307a6a2e28b2bb.
+
+Change-Id: Ifb12e6afaad4c66d455f664b46ec946e80324e87
+Reviewed-on: https://gerrit.libreoffice.org/70157
+Reviewed-by: Eike Rathke
+Tested-by: Jenkins
+Reviewed-on: https://gerrit.libreoffice.org/70185
+---
+ i18npool/source/calendar/calendar_gregorian.cxx | 9 +
+ i18npool/source/localedata/data/ja_JP.xml | 5 +
+ svl/source/numbers/zformat.cxx | 3 +++
+ 3 files changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/i18npool/source/calendar/calendar_gregorian.cxx
b/i18npool/source/calendar/calendar_gregorian.cxx
+index a4ac0ac..7abef52 100644
+--- a/i18npool/source/calendar/calendar_gregorian.cxx
b/i18npool/source/calendar/calendar_gregorian.cxx
+@@ -205,10 +205,11 @@ Calendar_hanja::loadCalendar( const OUString&
/*uniqueID*/, const css::lang::Loc
+ }
+
+ static const Era gengou_eraArray[] = {
+-{1868, 1, 1, 0},
+-{1912, 7, 30, 0},
+-{1926, 12, 25, 0},
+-{1989, 1, 8, 0},
++{1868, 1, 1, 0}, // Meiji
++{1912, 7, 30, 0}, // Taisho
++{1926, 12, 25, 0}, // Showa
++{1989, 1, 8, 0}, // Heisei
++{2019, 5, 1, 0}, // Reiwa
+ {0, 0, 0, 0}
+ };
+ Calendar_gengou::Calendar_gengou() : Calendar_gregorian(gengou_eraArray)
+diff --git a/i18npool/source/localedata/data/ja_JP.xml
b/i18npool/source/localedata/data/ja_JP.xml
+index 7d75260..c15c665 100644
+--- a/i18npool/source/localedata/data/ja_JP.xml
b/i18npool/source/localedata/data/ja_JP.xml
+@@ -480,6 +480,11 @@
+ 平
+ 平成
+
++
++ Reiwa
++ 令
++ 令和
++
+
+
+ sun
+diff --git a/svl/source/numbers/zformat.cxx b/svl/source/numbers/zformat.cxx
+index c9bd3d8..e14413c 100644
+--- a/svl/source/numbers/zformat.cxx
b/svl/source/numbers/zformat.cxx
+@@ -3409,6 +3409,9 @@ void SvNumberformat::ImpAppendEraG( OUStringBuffer&
OutString,
+ case 4:
+ cEra = 'H';
+ break;
++case 5:
++cEra = 'R';
++break;
+ default:
+ cEra = '?';
+ break;
+--
+cgit v1.1
+
diff -Nru libreoffice-6.1.5/debian/patches/series
libreoffice-6.1.5/debian/patches/series
--- libreoffice-6.1.5/debian/patches/series 2019-04-03 13:19:34.0
+0200
+++ libreoffice-6.1.5/debian/patches/series 2019-04-03 13:19:34.0
+0200
@@ -49,3 +49,4 @@
apparmor-opencl.diff
tdf123077.diff
java.vendor-Debian.diff
+jp-JP-Reiwa.diff
unblock libreoffice/1:6.1.5-3
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (990, 'testing')
Architecture: arm64 (aarch64)
Kernel: Linux 4.19.0-4-arm64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_CRAP
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
Bug#926892: stretch-pu: package libreoffice/1:5.2.7-1+deb9u6
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Hi,
I think we should update stables LibreOffice with the new Japanese era
(and maybe even stable-updates?):
This is basically the 1:6.1.5-3 fix applied 1:1 with the obvious
changelog/series differences:
diff -Nru libreoffice-5.2.7/debian/changelog libreoffice-5.2.7/debian/changelog
--- libreoffice-5.2.7/debian/changelog 2019-01-23 18:51:09.0 +0100
+++ libreoffice-5.2.7/debian/changelog 2019-04-11 21:48:53.0 +0200
@@ -1,3 +1,10 @@
+libreoffice (1:5.2.7-1+deb9u6) stable; urgency=medium
+
+ * debian/patches/jp-JP-Reiwa.diff: Introduce next Japanese gengou
+ era 'Reiwa', from libreoffice-6-1 branch
+
+ -- Rene Engelhard Thu, 11 Apr 2019 21:48:53 +0200
+
libreoffice (1:5.2.7-1+deb9u5) stretch-security; urgency=high
* debian/patches/disableClassPathURLCheck.diff: add workaround to
diff -Nru libreoffice-5.2.7/debian/patches/jp-JP-Reiwa.diff
libreoffice-5.2.7/debian/patches/jp-JP-Reiwa.diff
--- libreoffice-5.2.7/debian/patches/jp-JP-Reiwa.diff 1970-01-01
01:00:00.0 +0100
+++ libreoffice-5.2.7/debian/patches/jp-JP-Reiwa.diff 2019-04-11
21:48:33.0 +0200
@@ -0,0 +1,89 @@
+From 39de7d73fdab86a1531f19076ab1d07fcff97b55 Mon Sep 17 00:00:00 2001
+From: Eike Rathke
+Date: Thu, 26 Jul 2018 20:46:23 +0200
+Subject: Introduce next Japanese gengou era 'Reiwa'
+
+Prepare for "Japan's Y2K" Gengou calendar era switch after 2019-04-30
+
+The emperor Akihito will abdicate on 2019-04-30. The next emperor
+will be Naruhito, but so far neither the new era name (Heisei for
+Akihito) nor its abbreviation or a Unicode character are
+determined. At least introduce the new era with some dummy names
+(Naruhito,Na,N).
+
+Change-Id: I8c0af390ca0408ac259e47e7eaf2e49b5889c9ba
+Reviewed-on: https://gerrit.libreoffice.org/58142
+Reviewed-by: Eike Rathke
+Tested-by: Jenkins
+
+Introduce next Japanese gengou era 'Reiwa'
+
+starting from 2019-05-01, which has been announced officially.
+
+This fills the provisional slot acknowledged at
+cacbb0faef77ae8462de9ff5c7307a6a2e28b2bb.
+
+Change-Id: Ifb12e6afaad4c66d455f664b46ec946e80324e87
+Reviewed-on: https://gerrit.libreoffice.org/70157
+Reviewed-by: Eike Rathke
+Tested-by: Jenkins
+Reviewed-on: https://gerrit.libreoffice.org/70185
+---
+ i18npool/source/calendar/calendar_gregorian.cxx | 9 +
+ i18npool/source/localedata/data/ja_JP.xml | 5 +
+ svl/source/numbers/zformat.cxx | 3 +++
+ 3 files changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/i18npool/source/calendar/calendar_gregorian.cxx
b/i18npool/source/calendar/calendar_gregorian.cxx
+index a4ac0ac..7abef52 100644
+--- a/i18npool/source/calendar/calendar_gregorian.cxx
b/i18npool/source/calendar/calendar_gregorian.cxx
+@@ -205,10 +205,11 @@ Calendar_hanja::loadCalendar( const OUString&
/*uniqueID*/, const css::lang::Loc
+ }
+
+ static const Era gengou_eraArray[] = {
+-{1868, 1, 1, 0},
+-{1912, 7, 30, 0},
+-{1926, 12, 25, 0},
+-{1989, 1, 8, 0},
++{1868, 1, 1, 0}, // Meiji
++{1912, 7, 30, 0}, // Taisho
++{1926, 12, 25, 0}, // Showa
++{1989, 1, 8, 0}, // Heisei
++{2019, 5, 1, 0}, // Reiwa
+ {0, 0, 0, 0}
+ };
+ Calendar_gengou::Calendar_gengou() : Calendar_gregorian(gengou_eraArray)
+diff --git a/i18npool/source/localedata/data/ja_JP.xml
b/i18npool/source/localedata/data/ja_JP.xml
+index 7d75260..c15c665 100644
+--- a/i18npool/source/localedata/data/ja_JP.xml
b/i18npool/source/localedata/data/ja_JP.xml
+@@ -480,6 +480,11 @@
+ 平
+ 平成
+
++
++ Reiwa
++ 令
++ 令和
++
+
+
+ sun
+diff --git a/svl/source/numbers/zformat.cxx b/svl/source/numbers/zformat.cxx
+index c9bd3d8..e14413c 100644
+--- a/svl/source/numbers/zformat.cxx
b/svl/source/numbers/zformat.cxx
+@@ -3409,6 +3409,9 @@ void SvNumberformat::ImpAppendEraG( OUStringBuffer&
OutString,
+ case 4:
+ cEra = 'H';
+ break;
++case 5:
++cEra = 'R';
++break;
+ default:
+ cEra = '?';
+ break;
+--
+cgit v1.1
+
diff -Nru libreoffice-5.2.7/debian/patches/series
libreoffice-5.2.7/debian/patches/series
--- libreoffice-5.2.7/debian/patches/series 2018-12-28 11:20:43.0
+0100
+++ libreoffice-5.2.7/debian/patches/series 2019-04-11 21:48:53.0
+0200
@@ -42,3 +42,4 @@
disableClassPathURLCheck.diff
keep-pyuno-script-processing-below-base-uri.diff
show-partial-signatures-even-if-cert-validation-fails.diff
+jp-JP-Reiwa.diff
Given https://lists.debian.org/debian-devel-announce/2018/04/msg7.html
already uploaded.
(Also already fixed in sid for LibreOffice 1:6.1.5-3, filing a unblock bug
for it. too)
Regards,
Rene
Bug#926890: unblock: audiofile/0.3.6-5
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package audiofile. It fixes two security issues
and updates the meta data away from Alioth to Salsa.
unblock audiofile/0.3.6-5
Cheers,
Moritz
diff -Nru audiofile-0.3.6/debian/changelog audiofile-0.3.6/debian/changelog
--- audiofile-0.3.6/debian/changelog2017-03-16 21:43:45.0 +0100
+++ audiofile-0.3.6/debian/changelog2019-04-05 16:13:16.0 +0200
@@ -1,10 +1,28 @@
+audiofile (0.3.6-5) unstable; urgency=medium
+
+ * Team upload.
+
+ [ Ondřej Nový ]
+ * d/control: Set Vcs-* to salsa.debian.org
+ * d/copyright: Use https protocol in Format field
+
+ [ Felipe Sateler ]
+ * Change maintainer address to debian-multime...@lists.debian.org
+
+ [ Moritz Mühlenhoff ]
+ * Two security fixes from the https://github.com/wtay/audiofile fork:
+CVE-2018-13440 (Closes: #903499)
+CVE-2018-17095 (Closes: #913166)
+
+ -- Sebastian Ramacher Fri, 05 Apr 2019 16:13:16 +0200
+
audiofile (0.3.6-4) unstable; urgency=high
* Team upload.
- * debian/patches: Apply patches to fix CVE-2017-6829, CVE-2017-6831,
-CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835, CVE-2017-6836,
-CVE-2017-6837, CVE-2017-6838, CVE-2017-6839, CVE-2017-6827, CVE-2017-6828.
-(Closes: #857651)
+ * debian/patches: Apply patches to fix CVE-2017-6827, CVE-2017-6828,
+CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833,
+CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838,
+CVE-2017-6839. (Closes: #857651)
-- Sebastian Ramacher Thu, 16 Mar 2017 21:43:45 +0100
@@ -471,7 +489,7 @@
audiofile (0.1.5-5) unstable; urgency=low
- * Added extra documentation (#32366)
+ * Added extra documentation (#32366)
-- Brian M. Almeida Wed, 3 Feb 1999 13:13:08 -0500
diff -Nru audiofile-0.3.6/debian/control audiofile-0.3.6/debian/control
--- audiofile-0.3.6/debian/control 2017-03-16 21:11:18.0 +0100
+++ audiofile-0.3.6/debian/control 2019-04-05 16:10:40.0 +0200
@@ -1,7 +1,7 @@
Source: audiofile
Section: libs
Priority: optional
-Maintainer: Debian Multimedia Maintainers
+Maintainer: Debian Multimedia Maintainers
Uploaders:
Alessio Treglia
Build-Depends:
@@ -12,8 +12,8 @@
pkg-config
Standards-Version: 3.9.8
Homepage: http://audiofile.68k.org/
-Vcs-Git: https://anonscm.debian.org/git/pkg-multimedia/audiofile.git
-Vcs-Browser: https://anonscm.debian.org/cgit/pkg-multimedia/audiofile.git
+Vcs-Git: https://salsa.debian.org/multimedia-team/audiofile.git
+Vcs-Browser: https://salsa.debian.org/multimedia-team/audiofile
Package: audiofile-tools
Section: utils
diff -Nru audiofile-0.3.6/debian/copyright audiofile-0.3.6/debian/copyright
--- audiofile-0.3.6/debian/copyright2017-03-16 21:11:18.0 +0100
+++ audiofile-0.3.6/debian/copyright2019-04-05 16:10:40.0 +0200
@@ -1,4 +1,4 @@
-Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: audiofile
Upstream-Contact: Michael Pruett
Source: http://www.68k.org/~michael/audiofile/
diff -Nru audiofile-0.3.6/debian/patches/11_CVE-2018-13440.patch
audiofile-0.3.6/debian/patches/11_CVE-2018-13440.patch
--- audiofile-0.3.6/debian/patches/11_CVE-2018-13440.patch 1970-01-01
01:00:00.0 +0100
+++ audiofile-0.3.6/debian/patches/11_CVE-2018-13440.patch 2019-04-05
16:10:40.0 +0200
@@ -0,0 +1,28 @@
+From fde6d79fb8363c4a329a184ef0b107156602b225 Mon Sep 17 00:00:00 2001
+From: Wim Taymans
+Date: Thu, 27 Sep 2018 10:48:45 +0200
+Subject: [PATCH] ModuleState: handle compress/decompress init failure
+
+When the unit initcompress or initdecompress function fails,
+m_fileModule is NULL. Return AF_FAIL in that case instead of
+causing NULL pointer dereferences later.
+
+Fixes #49
+---
+ libaudiofile/modules/ModuleState.cpp | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libaudiofile/modules/ModuleState.cpp
b/libaudiofile/modules/ModuleState.cpp
+index 0c29d7a..070fd9b 100644
+--- a/libaudiofile/modules/ModuleState.cpp
b/libaudiofile/modules/ModuleState.cpp
+@@ -75,6 +75,9 @@ status ModuleState::initFileModule(AFfilehandle file, Track
*track)
+ m_fileModule = unit->initcompress(track, file->m_fh,
file->m_seekok,
+ file->m_fileFormat == AF_FILE_RAWDATA, );
+
++ if (!m_fileModule)
++ return AF_FAIL;
++
+ if (unit->needsRebuffer)
+ {
+ assert(unit->nativeSampleFormat == AF_SAMPFMT_TWOSCOMP);
diff -Nru audiofile-0.3.6/debian/patches/12_CVE-2018-17095.patch
audiofile-0.3.6/debian/patches/12_CVE-2018-17095.patch
--- audiofile-0.3.6/debian/patches/12_CVE-2018-17095.patch 1970-01-01
01:00:00.0 +0100
+++ audiofile-0.3.6/debian/patches/12_CVE-2018-17095.patch 2019-04-05
Bug#926889: unblock: graphviz/2.40.1-6
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi Release Team,
Please unblock graphviz which fixes a vulnerability,
CVE-2018-10196 [1].
The debdiff which is attached contains some extra self-tests over the
fix.
Thanks for consideration,
Laszlo/GCS
[1] https://bugs.debian.org/898841
diff -Nru graphviz-2.40.1/debian/changelog graphviz-2.40.1/debian/changelog
--- graphviz-2.40.1/debian/changelog 2018-10-03 15:04:59.0 +
+++ graphviz-2.40.1/debian/changelog 2019-04-08 15:51:00.0 +
@@ -1,3 +1,10 @@
+graphviz (2.40.1-6) unstable; urgency=high
+
+ * Fix CVE-2018-10196: NULL pointer dereference in rebuild_vlists()
+(closes: #898841).
+
+ -- Laszlo Boszormenyi (GCS) Mon, 08 Apr 2019 15:51:00 +
+
graphviz (2.40.1-5) unstable; urgency=medium
* Patch upstream _gv.so symlink creation (closes: #905209).
diff -Nru graphviz-2.40.1/debian/patches/CVE-2018-10196.patch graphviz-2.40.1/debian/patches/CVE-2018-10196.patch
--- graphviz-2.40.1/debian/patches/CVE-2018-10196.patch 1970-01-01 00:00:00.0 +
+++ graphviz-2.40.1/debian/patches/CVE-2018-10196.patch 2019-04-08 15:51:00.0 +
@@ -0,0 +1,605 @@
+diff --git a/configure.ac b/configure.ac
+index b0762993c299fcd3d9040aec19d99425132b42f2..6f743e9d23e072301bd94f58b3fb865fee804f0e 100644
+--- a/configure.ac
b/configure.ac
+@@ -3363,6 +3363,7 @@ AC_CONFIG_FILES(Makefile
+ tests/unit_tests/lib/common/Makefile
+ tests/regression_tests/Makefile
+ tests/regression_tests/shapes/Makefile
++ tests/regression_tests/vuln/Makefile
+ share/Makefile
+ share/examples/Makefile
+ share/gui/Makefile
+diff --git a/lib/dotgen/conc.c b/lib/dotgen/conc.c
+index dd13e936bf25d17d8baa5b3b9e089cff35c502fe..f7307d23b3ff9151b283c9b045892a80c0d6c055 100644
+--- a/lib/dotgen/conc.c
b/lib/dotgen/conc.c
+@@ -159,7 +159,11 @@ static void rebuild_vlists(graph_t * g)
+
+ for (r = GD_minrank(g); r <= GD_maxrank(g); r++) {
+ lead = GD_rankleader(g)[r];
+- if (GD_rank(dot_root(g))[r].v[ND_order(lead)] != lead) {
++ if (lead == NULL) {
++ agerr(AGERR, "rebuiltd_vlists: lead is null for rank %d\n", r);
++ longjmp(jbuf, 1);
++ }
++ else if (GD_rank(dot_root(g))[r].v[ND_order(lead)] != lead) {
+ agerr(AGERR, "rebuiltd_vlists: rank lead %s not in order %d of rank %d\n",
+ agnameof(lead), ND_order(lead), r);
+ longjmp(jbuf, 1);
+diff --git a/tests/regression_tests/Makefile.am b/tests/regression_tests/Makefile.am
+index c375449ad3f30834eb10b19a6174977354d41230..c472181c13387de9c579f533e17d1a749fb0b534 100644
+--- a/tests/regression_tests/Makefile.am
b/tests/regression_tests/Makefile.am
+@@ -1 +1 @@
+-SUBDIRS = shapes
++SUBDIRS = shapes vuln
+diff --git a/tests/regression_tests/vuln/Makefile.am b/tests/regression_tests/vuln/Makefile.am
+new file mode 100644
+index ..e58fc3cde6384a581914f92edcacd815f4738e80
+--- /dev/null
b/tests/regression_tests/vuln/Makefile.am
+@@ -0,0 +1,2 @@
++check test rtest:
++ python vuln.py
+diff --git a/tests/regression_tests/vuln/input/nullderefrebuildlist.dot b/tests/regression_tests/vuln/input/nullderefrebuildlist.dot
+new file mode 100644
+index ..31a15a1dad27aa8a34bd47b297eb02bfdf1a6f9c
+--- /dev/null
b/tests/regression_tests/vuln/input/nullderefrebuildlist.dot
+@@ -0,0 +1,55 @@
++digraph G {
++graph [concentrate=true];
++
++routine1;
++routine2;
++
++rfontsize=9;
++nodesep="0.4";
++ranksep="0.4";
++node [fontname=Arial, fontsize=9, shape=box];
++subgraph clustere3ffa58211d69e3db000538bf02fa1d0 {
++label = "DriveCom Z";
++Ie3ffa58211d69e3db000538bf02fa1d0 [label="", shape=circle, style=filled, color=black, width=.2];
++Se3ffa4bf11d69e3db000538bf02fa1d0 [label="Idle"];
++Se3ffa7b011d69e3db000538bf02fa1d0 [label="Disabled"];
++subgraph clustere3ffa77611d69e3db000538bf02fa1d0 {
++label = "Active";
++Ie3ffa77611d69e3db000538bf02fa1d0 [label="", shape=circle, style=filled, color=black, width=.2];
++Se3fa84b11d69e3db000538bf02fa1d0 [label="Undefined"];
++Se3ffa60811d69e3db000538bf02fa1d0 [label="Wait Switch On Inhibit"];
++Se3ffa87211d69e3db000538bf02fa1d0 [label="Switch On Inhibit"];
++Se3ffa65611d69e3db000538bf02fa1d0 [label="Wait Ready To Switch On"];
++Se3ffa61c11d69e3db000538bf02fa1d0 [label="Ready To Switch On"];
++Se3ffa53211d69e3db000538bf02fa1d0 [label="Wait Switched On"];
++Se3ffa8ac11d69e3db000538bf02fa1d0 [label="Switched On"];
++Se3ffa83711d69e3db000538bf02fa1d0 [label="Wait Operation Enabled"];
++Se3ffa81011d69e3db000538bf02fa1d0 [label="Operation Enabled"];
++Se3ffa8d311d69e3db000538bf02fa1d0 [label="Quick Stop Active"];
++ }
++Se3ffa90d11d69e3db000538bf02fa1d0 [label="Moverlapion"];
++ }
Bug#926888: unblock: wget/1.20.1-1.1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
Please unblock package wget
It fixes CVE-2019-5953, #926389 a buffer overflow vulnerability in the
handling of Internationalized Resource Identifiers (IRI), it was
adressed as well in DSA-4425-1 for stretch.
Attached is the debdiff between 1.20.1-1 and 1.20.1-1.1.
unblock wget/1.20.1-1.1
Regards,
Salvatore
diff -Nru wget-1.20.1/debian/changelog wget-1.20.1/debian/changelog
--- wget-1.20.1/debian/changelog2018-12-27 18:53:18.0 +0100
+++ wget-1.20.1/debian/changelog2019-04-05 15:36:38.0 +0200
@@ -1,3 +1,10 @@
+wget (1.20.1-1.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fix a buffer overflow vulnerability (CVE-2019-5953) (Closes: #926389)
+
+ -- Salvatore Bonaccorso Fri, 05 Apr 2019 15:36:38 +0200
+
wget (1.20.1-1) unstable; urgency=high
* new upstream release 2018-12-26
diff -Nru wget-1.20.1/debian/patches/Fix-a-buffer-overflow-vulnerability.patch
wget-1.20.1/debian/patches/Fix-a-buffer-overflow-vulnerability.patch
--- wget-1.20.1/debian/patches/Fix-a-buffer-overflow-vulnerability.patch
1970-01-01 01:00:00.0 +0100
+++ wget-1.20.1/debian/patches/Fix-a-buffer-overflow-vulnerability.patch
2019-04-05 15:36:38.0 +0200
@@ -0,0 +1,30 @@
+From: Tim Ruehsen
+Date: Fri, 5 Apr 2019 11:50:44 +0200
+Subject: Fix a buffer overflow vulnerability
+Origin:
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c,
+
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=562eacb76a2b64d5dc80a443f0f739bc9ef76c17
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-5953
+Bug-Debian: https://bugs.debian.org/926389
+
+* src/iri.c(do_conversion): Reallocate the output buffer to a larger
+ size if it is already full
+---
+ src/iri.c | 12 +---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+--- a/src/iri.c
b/src/iri.c
+@@ -189,9 +189,10 @@ do_conversion (const char *tocode, const
+ {
+ tooshort++;
+ done = len;
+- len = outlen = done + inlen * 2;
+- s = xrealloc (s, outlen + 1);
+- *out = s + done;
++ len = done + inlen * 2;
++ s = xrealloc (s, len + 1);
++ *out = s + done - outlen;
++ outlen += inlen * 2;
+ }
+ else /* Weird, we got an unspecified error */
+ {
diff -Nru wget-1.20.1/debian/patches/series wget-1.20.1/debian/patches/series
--- wget-1.20.1/debian/patches/series 2018-12-15 18:07:46.0 +0100
+++ wget-1.20.1/debian/patches/series 2019-04-05 15:36:38.0 +0200
@@ -1,3 +1,4 @@
wget-doc-remove-usr-local-in-sample.wgetrc
wget-doc-remove-usr-local-in-wget.texi
wget-passive_ftp-default
+Fix-a-buffer-overflow-vulnerability.patch
Bug#926821: unblock: feersum/1.406-3
Control: retitle -1 unblock: feersum/1.406-3
Le 10/04/2019 à 22:59, Xavier Guimard a écrit :
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
>
> Please unblock package feersum
>
> Hi all,
>
> due to libhttp-tiny-perl bug, feersum build fails when only one CPU is
> available or on very poor configuration. I patched it to:
> * ignore errors on t/63-plack-apps.t test
> * don't test t/{13-pre-fork.t,60-plack.t,61-plack-suite.t} if nproc==1
>
> See https://bugs.debian.org/909480 for the full discussion.
>
> Feersum has no reverse dependencies.
>
> Since this patch affects only tests, I think it is not risky to unblock
> this new version. This fixes no bug but workaround #909480, severity
> "normal" and avoid FTBFS.
>
> Cheers,
> Xavier
>
> unblock feersum/1.406-2
Hello,
I updated my patch to better manage paralleled jobs. Thanks to gregoa !
Cheers,
Xavier
unblock feersum/1.406-3
diff --git a/debian/changelog b/debian/changelog
index a4832a2..bff23f2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+feersum (1.406-3) unstable; urgency=medium
+
+ * debian/rules: rewrite fix for 1-CPU workaround
+
+ -- Xavier Guimard Thu, 11 Apr 2019 21:55:38 +0200
+
+feersum (1.406-2) unstable; urgency=medium
+
+ * Declare compliance with policy 4.3.0
+ * Add patch to workaround libhttp-tiny-perl bug in tests and disable 3 other
+tests when only 1 CPU is available (#909480)
+
+ -- Xavier Guimard Wed, 10 Apr 2019 21:24:03 +0200
+
feersum (1.406-1) unstable; urgency=medium
* debian/rules: fix Perl path in example files
diff --git a/debian/control b/debian/control
index 081e2ba..e995ca7 100644
--- a/debian/control
+++ b/debian/control
@@ -15,7 +15,7 @@ Build-Depends: debhelper (>= 10),
libtest-leaktrace-perl,
libtest-tcp-perl,
perl
-Standards-Version: 4.2.1
+Standards-Version: 4.3.0
Vcs-Browser: https://salsa.debian.org/perl-team/modules/packages/feersum
Vcs-Git: https://salsa.debian.org/perl-team/modules/packages/feersum.git
Homepage: https://metacpan.org/release/Feersum
diff --git a/debian/patches/series b/debian/patches/series
index aba7ccb..2bcab6e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
autopkgtest.patch
+workaround-for-909480.diff
diff --git a/debian/patches/workaround-for-909480.diff
b/debian/patches/workaround-for-909480.diff
new file mode 100644
index 000..7c22ffb
--- /dev/null
+++ b/debian/patches/workaround-for-909480.diff
@@ -0,0 +1,30 @@
+Description: Workaround for #909480
+ Feersum sometimes FTBFS due to libhttp-tiny-perl
+ bug (https://bugs.debian.org/909480
+ .
+ This workaround adds a "TODO" loop to not fail on build even if HTTP::Tiny
+ tries to reuse closed connections.
+Author: Xavier Guimard
+Bug-Debian: https://bugs.debian.org/909480
+Forwarded: not-needed
+Last-Update: 2019-04-10
+
+--- a/t/63-plack-apps.t
b/t/63-plack-apps.t
+@@ -22,6 +22,8 @@
+ use Plack::Request;
+ use Test::TCP;
+
++TODO: {
++local $TODO = 'Failure ignored to workaround #909480';
+ via_map: test_psgi(
+ app => builder {
+ mount '/' => Plack::App::File->new(root => 't');
+@@ -85,6 +87,7 @@
+ like $res->content, qr/^\Q$s\E$/m, "found static line (cascade)";
+ }
+ );
++}
+
+ __END__
+ # IS THIS FILE STATICALLY SERVED?
diff --git a/debian/rules b/debian/rules
index d1559c8..13bdb95 100755
--- a/debian/rules
+++ b/debian/rules
@@ -4,6 +4,7 @@ PACKAGE = $(shell dh_listpackages)
TMP = $(CURDIR)/debian/$(PACKAGE)
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+TEST_FILES_1_CPU=$(filter-out t/13-pre-fork.t t/60-plack.t
t/61-plack-suite.t,$(shell echo t/*.t)); \
%:
dh $@
@@ -15,3 +16,12 @@ override_dh_installexamples:
override_dh_auto_install:
dh_auto_install
sed -i '1s|^#!.*perl|#!/usr/bin/perl|' $(TMP)/usr/*bin/*
+
+override_dh_auto_test:
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS) $(DEB_BUILD_PROFILES)))
+ if [ `nproc` -gt 1 ]; then \
+ dh_auto_test; \
+ else \
+ dh_auto_test --no-parallel -- TEST_FILES="$(TEST_FILES_1_CPU)";
\
+ fi
+endif
Processed: unblock: feersum/1.406-3
Processing control commands: > retitle -1 unblock: feersum/1.406-3 Bug #926821 [release.debian.org] unblock: feersum/1.406-2 Changed Bug title to 'unblock: feersum/1.406-3' from 'unblock: feersum/1.406-2'. -- 926821: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926821 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926882: unblock: pymilter/1.0.3-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Control: affects -1 src:pymilter Please unblock package pymilter pymilter 1.0.3-3 resolves an important bug that causes python3-milter to fail under a common simple use case (#922733). The debdiff is attached. unblock pymilter/1.0.3-3 Thanks for your work on making Buster awesome! --dkg diff --git pymilter-1.0.3-2/debian/changelog pymilter-1.0.3-3/debian/changelog index 5afa05c..0161d90 100644 --- pymilter-1.0.3-2/debian/changelog +++ pymilter-1.0.3-3/debian/changelog @@ -1,3 +1,10 @@ +pymilter (1.0.3-3) unstable; urgency=medium + + * Avoid crashes in Milter.utils.parseaddr (Closes: #922733) + * add myself to uploaders + + -- Daniel Kahn Gillmor Tue, 19 Feb 2019 18:35:31 -0500 + pymilter (1.0.3-2) unstable; urgency=medium * Add preprocessor defines for kfreebsd and hurd diff --git pymilter-1.0.3-2/debian/control pymilter-1.0.3-3/debian/control index 016bea6..98901b4 100644 --- pymilter-1.0.3-2/debian/control +++ pymilter-1.0.3-3/debian/control @@ -2,7 +2,8 @@ Source: pymilter Section: python Priority: optional Maintainer: Scott Kitterman -Uploaders: Debian Python Modules Team +Uploaders: Debian Python Modules Team , + Daniel Kahn Gillmor , Build-Depends: debhelper (>= 9), dh-python, python-all-dev (>= 2.6.5-2~), python3-all-dev, libmilter-dev Build-Depends-Indep: doxygen Standards-Version: 4.3.0 diff --git pymilter-1.0.3-2/debian/patches/0002-utils-import-email.utils.patch pymilter-1.0.3-3/debian/patches/0002-utils-import-email.utils.patch new file mode 100644 index 000..ee90a3e --- /dev/null +++ pymilter-1.0.3-3/debian/patches/0002-utils-import-email.utils.patch @@ -0,0 +1,25 @@ +From: Daniel Kahn Gillmor +Date: Tue, 19 Feb 2019 18:20:18 -0500 +Subject: utils: import email.utils + +Without this patch, Milter.utils.parseaddr() fails with: + + File "/usr/lib/python3/dist-packages/Milter/utils.py", line 139, in parseaddr +res = email.utils.parseaddr(t) +AttributeError: module 'email' has no attribute 'utils' +--- + Milter/utils.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Milter/utils.py b/Milter/utils.py +index 2ed5db8..85fd635 100644 +--- a/Milter/utils.py b/Milter/utils.py +@@ -8,6 +8,7 @@ import socket + import email.errors + from email.header import decode_header + import email.base64mime ++import email.utils + from fnmatch import fnmatchcase + from binascii import a2b_base64 + diff --git pymilter-1.0.3-2/debian/patches/series pymilter-1.0.3-3/debian/patches/series index 44e9f8c..de96083 100644 --- pymilter-1.0.3-2/debian/patches/series +++ pymilter-1.0.3-3/debian/patches/series @@ -1 +1,2 @@ hurd_kfreebsd.patch +0002-utils-import-email.utils.patch signature.asc Description: PGP signature
Processed: unblock: pymilter/1.0.3-3
Processing control commands: > affects -1 src:pymilter Bug #926882 [release.debian.org] unblock: pymilter/1.0.3-3 Added indication that 926882 affects src:pymilter -- 926882: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926882 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#926878: unblock: exim4/4.92-5
Processing control commands: > tags -1 moreinfo Bug #926878 [release.debian.org] unblock: exim4/4.92-5 Added tag(s) moreinfo. -- 926878: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926878 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926878: unblock: exim4/4.92-5
Control: tags -1 moreinfo Hi Andreas, On 11-04-2019 19:51, Andreas Metzler wrote: > The second notable change is related to sa-exim. Exim in Debian was > patched to allow dlopening a localscan() module. The single consumer of > this patch in Debian is sa-exim. (The patch also originates there.) > > The patch in Debian has been nonfunctional in unstable for quite some > time (4.92~RC2-1/experimental/18 Dec, 4.92~RC3-1 unstable/26 Dec and > buster/03 Jan). The issue only popped up end of March on the upstream > user support ML. > > Looking at the state of sa-exim (dead upstream since 2006 and buggy: > https://lists.exim.org/lurker/message/20180726.113354.6d03efde.en.html > #879687) we have decided stop patching exim, which resulted in 4.92-5, > which > - improves the example/docs for content-scanning in exim without sa-exim > - drops the abovementioned patch and the virtual Provides for > exim4-localscanapi-2.0 and also drops the exim-dev packages (only > needed for sa-exim). Exim now also Conflicts with sa-exim. I am probably missing something, but as far as I see it, your packages can't migrate to testing/buster because it would make sa-exim uninstallable. If I am right, please coordinate with the maintainer of sa-exim (in CC). At least at this moment they should agree that it is alright to remove sa-exim from buster. I am not seeing any serious bugs reported against sa-exim so they may not be aware of the issue. Paul signature.asc Description: OpenPGP digital signature
Bug#926878: unblock: exim4/4.92-5
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package exim4:
In the first place it pulls multiple upgrades from upstream's
exim-4.92+fixes branch where important post-release fixes are published.
The second notable change is related to sa-exim. Exim in Debian was
patched to allow dlopening a localscan() module. The single consumer of
this patch in Debian is sa-exim. (The patch also originates there.)
The patch in Debian has been nonfunctional in unstable for quite some
time (4.92~RC2-1/experimental/18 Dec, 4.92~RC3-1 unstable/26 Dec and
buster/03 Jan). The issue only popped up end of March on the upstream
user support ML.
Looking at the state of sa-exim (dead upstream since 2006 and buggy:
https://lists.exim.org/lurker/message/20180726.113354.6d03efde.en.html
#879687) we have decided stop patching exim, which resulted in 4.92-5,
which
- improves the example/docs for content-scanning in exim without sa-exim
- drops the abovementioned patch and the virtual Provides for
exim4-localscanapi-2.0 and also drops the exim-dev packages (only
needed for sa-exim). Exim now also Conflicts with sa-exim.
unblock exim4/4.92-5
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
[The following lists of changes regard files as different if they have
different names, permissions or owners.]
Files in second .changes but not in first
-
-rw-r--r-- root/root /usr/lib/debug/.build-id/45/59933d7d0e4800a65884d62d6506ce390b4f07.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/59/55fdc7b64bc2f31b1e0b63c762a57924c2516e.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/5e/f1dbf7d44b659418b55dd4a173cda74ecad278.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/9b/6cfa23511aa8ae2305e45f556cd5238b07f495.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/bb/23e5a1a9f351c2a608d482dfc1e00d9998c629.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/bc/986da4b151ecfa52558aa9c20d03614d31dd25.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/bd/894614600fc329441d05ceb08017719b489417.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/ca/a4ade19a8e042ebf7f9f22782142cbd56bcd2b.debug
Files in first .changes but not in second
-
-rw-r--r-- root/root /usr/include/exim4/config.h
-rw-r--r-- root/root /usr/include/exim4/local_scan.h
-rw-r--r-- root/root /usr/include/exim4/mytypes.h
-rw-r--r-- root/root /usr/include/exim4/store.h
-rw-r--r-- root/root /usr/lib/debug/.build-id/1f/9c1ede6c32409686b1de89bb598ff598b0ee4f.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/23/c3c5b57e50336cc82bb3a27f46b9b354ccb3e6.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/50/c2969f4b54bc47c33c513e27a89cd4a09d728d.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/51/279c0f518a9e2a849c64a89ff8eaadcabe26fa.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/9c/50ed18cc20fbffb26032ecebab97af806afdd3.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/a3/1149847f6ae982b262e6aec59d3afa2e9ae841.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/ef/6c35ac2c5dc055ab4c3a7d10302123129f10b8.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/f2/12c147800e2c7a02151217960981dcaa2d4f6c.debug
-rw-r--r-- root/root /usr/share/doc/exim4-dev/NEWS.Debian.gz
-rw-r--r-- root/root /usr/share/doc/exim4-dev/changelog.Debian.gz
-rw-r--r-- root/root /usr/share/doc/exim4-dev/copyright
-rw-r--r-- root/root /usr/share/man/man1/exim4-localscan-plugin-config.1.gz
-rwxr-xr-x root/root /usr/bin/exim4-localscan-plugin-config
lrwxrwxrwx root/root /usr/share/doc/exim4-dev/README.Debian.gz -> ../exim4-base/README.Debian.gz
lrwxrwxrwx root/root /usr/share/doc/exim4-dev/changelog.gz -> ../exim4-base/changelog.gz
Control files of package exim4: lines which differ (wdiff format)
-
Depends: debconf (>= 1.4.69) | cdebconf (>= 0.39), exim4-base (<< [-4.92-2.1),-] {+4.92-5.1),+} exim4-base (>= [-4.92-2),-] {+4.92-5),+} exim4-daemon-light | exim4-daemon-heavy | exim4-daemon-custom, debconf (>= 0.5) | debconf-2.0
Version: [-4.92-2-] {+4.92-5+}
Control files of package exim4-base: lines which differ (wdiff format)
--
Installed-Size: [-1621-] {+1623+}
Version: [-4.92-2-] {+4.92-5+}
Control files of package exim4-base-dbgsym: lines which differ (wdiff format)
-
Build-Ids: [-1f9c1ede6c32409686b1de89bb598ff598b0ee4f 23c3c5b57e50336cc82bb3a27f46b9b354ccb3e6 9c50ed18cc20fbffb26032ecebab97af806afdd3 ef6c35ac2c5dc055ab4c3a7d10302123129f10b8 f212c147800e2c7a02151217960981dcaa2d4f6c-] {+4559933d7d0e4800a65884d62d6506ce390b4f07
Bug#926876: unblock: chiark-utils/6.0.4
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package chiark-utils
chiark-utils is a portmanteau of different utiliies. I am proposing
to fix two bugs. Each bug is RC for the corresponding utility in the
sense that the utility is dangerous or useless without the fix. (The
bugs are not IMO RC for the package as a whole, although I think the
dangerous one is "important".)
1. fishdescriptor has a bug which makes it not work on amd64 and could
cause malfunctions or even UB in the target process. #926858
2. sync-accounts uses an ancient deprecated perl syntax and is
entirely rejected by current versions of perl. #865985
Below is the source diff. Assuming the unblock is granted I will
finalise the changelog entry for 6.0.4 and do a dgit push-source
to do a source-only upload.
(For my records: diff was generated from current master on chiark, ie
0caba95b1c3f211fa3defcff017dde1374b3caa6)
unblock chiark-utils/6.0.4
diff --git a/debian/changelog b/debian/changelog
index 1d1758f..e0ecabd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+chiark-utils (6.0.4~iwj1) unstable; urgency=medium
+
+ * sync-accounts: Fix perl syntax error. Closes:#865985.
+ * changelog: Document bug number for bugfix in 6.0.4~citrix1.
+
+ --
+
+chiark-utils (6.0.4~citrix1) unstable; urgency=medium
+
+ * fishdescriptor: cast __errno_location correctly. Closes:#926858.
+
+ -- Ian Jackson Mon, 08 Apr 2019 17:03:47 +0100
+
chiark-utils (6.0.3) unstable; urgency=medium
* Upload to Debian unstable.
diff --git a/fishdescriptor/py/fishdescriptor/indonor.py
b/fishdescriptor/py/fishdescriptor/indonor.py
index 20bc807..e227fb2 100644
--- a/fishdescriptor/py/fishdescriptor/indonor.py
+++ b/fishdescriptor/py/fishdescriptor/indonor.py
@@ -142,7 +142,7 @@ class DonorImplementation():
# in my browser). Also the error is very nonspecific :-/.
# This seems to happen on jessie, and is fixed in stretch.
# Anyway:
-return parse_eval(expr_pat % '(*((int (*)(void))__errno_location)())')
+return parse_eval(expr_pat % '(*((int*(*)(void))__errno_location)())')
# calling functions (need to cast the function name to the right
# type in case maybe gdb doesn't know the type)
diff --git a/sync-accounts/sync-accounts b/sync-accounts/sync-accounts
index cef131c..5348a14 100755
--- a/sync-accounts/sync-accounts
+++ b/sync-accounts/sync-accounts
@@ -64,7 +64,7 @@ sub fields_fmt ($$) {
my ($pfx,$fmt) = @_;
my ($vn);
$vn= "fields_pw_$fmt";
-die "unknown format $fmt\n" unless defined @$vn;
+die "unknown format $fmt\n" unless @$vn;
fields($pfx,@$vn);
$vn= "${pfx}_format";
$$vn= $fmt;
-- System Information:
Debian Release: 9.8
APT prefers stable-debug
APT policy: (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-0.bpo.2-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Bug#926867: marked as done (unblock: cacti/1.2.2+ds1-2)
Your message dated Thu, 11 Apr 2019 16:57:27 +
with message-id
and subject line unblock cacti
has caused the Debian Bug report #926867,
regarding unblock: cacti/1.2.2+ds1-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
926867: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926867
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Please unblock package cacti
A CVE was found in cacti. The patch that I applied to the cacti package
comes from upstream. Closes https://bugs.debian.org/926700
debdiff attached.
unblock cacti/1.2.2+ds1-2
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'testing-debug'), (200,
'testing'), (100, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-4-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru cacti-1.2.2+ds1/debian/changelog cacti-1.2.2+ds1/debian/changelog
--- cacti-1.2.2+ds1/debian/changelog2019-02-26 21:48:07.0 +0100
+++ cacti-1.2.2+ds1/debian/changelog2019-04-09 20:42:38.0 +0200
@@ -1,3 +1,12 @@
+cacti (1.2.2+ds1-2) unstable; urgency=medium
+
+ * Add 0001-Resolving-Issue-2581.patch from upstream (Closes: #926700)
+CVE-2019-11025: In clearFilter() in utilities.php no escaping occurs
+before printing out the value of the SNMP community string (SNMP
+Options) in the View poller cache, leading to XSS.
+
+ -- Paul Gevers Tue, 09 Apr 2019 20:42:38 +0200
+
cacti (1.2.2+ds1-1) unstable; urgency=medium
* New upstream release 1.2.2
diff -Nru cacti-1.2.2+ds1/debian/patches/0001-Resolving-Issue-2581.patch
cacti-1.2.2+ds1/debian/patches/0001-Resolving-Issue-2581.patch
--- cacti-1.2.2+ds1/debian/patches/0001-Resolving-Issue-2581.patch
1970-01-01 01:00:00.0 +0100
+++ cacti-1.2.2+ds1/debian/patches/0001-Resolving-Issue-2581.patch
2019-04-09 20:38:47.0 +0200
@@ -0,0 +1,68 @@
+From c373e66a6a224e221a1db037164144ce59b20736 Mon Sep 17 00:00:00 2001
+From: cigamit
+Date: Thu, 28 Mar 2019 06:37:45 -0500
+Subject: [PATCH] Resolving Issue #2581
+
+Stored XSS in "SNMP community string" field
+---
+ CHANGELOG | 1 +
+ utilities.php | 11 ++-
+ 2 files changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/utilities.php b/utilities.php
+index f5478d23..dc9439c4 100644
+--- a/utilities.php
b/utilities.php
+@@ -1543,7 +1543,7 @@ function utilities_view_snmp_cache() {
+
+
+
+-
++
+
+
+
+@@ -1837,7 +1837,7 @@ function utilities_view_poller_cache() {
+
+
+
+-
++
+
+
+
+@@ -1846,12 +1846,12 @@ function utilities_view_poller_cache() {
+ if ($item['snmp_version'] != 3) {
+ $details =
+ __('SNMP Version:') . '
' . $item['snmp_version'] . ', ' .
+- __('Community:') . ' '
. $item['snmp_community'] . ', ' .
++ __('Community:') . ' '
. html_escape($item['snmp_community']) . ', ' .
+ __('OID:') . ' ' .
filter_value($item['arg1'], get_request_var('filter'));
+ } else {
+ $details =
+ __('SNMP Version:') . '
' . $item['snmp_version'] . ', ' .
+- __('User:') . ' ' .
$item['snmp_username'] . ', ' . __('OID:') . ' ' . $item['arg1'];
++ __('User:') . ' ' .
html_escape($item['snmp_username']) . ', ' . __('OID:') . ' ' .
html_escape($item['arg1']);
+ }
+ } elseif ($item['action'] == 1) {
+
Bug#926813: unblock: python-scipy/1.1.0-6
Hi Drew, On 11-04-2019 17:49, Drew Parsons wrote: > On 2019-04-11 23:41, Drew Parsons wrote: >> >> The one failure is odd. It's not in the same class as previous test >> failures, not a MemoryError. > ... >> E ValueError: `x0` is infeasible with respect to some >> inequality constraint with `keep_feasible` set to True. > > Upstream noticed it too, > https://github.com/scipy/scipy/issues/9308 > > The randomness of the failure happens because the value is randomly > generated. > > Apparently fixed with > https://github.com/scipy/scipy/pull/10046/commits/2d7e7e8c6142e8925c44f92f6839147690880e7d > > > It's a small patch. Should we apply it in a python-scipy/1.1.0-7 ? Yes please. Paul signature.asc Description: OpenPGP digital signature
Bug#926813: unblock: python-scipy/1.1.0-6
On 2019-04-11 23:41, Drew Parsons wrote: The one failure is odd. It's not in the same class as previous test failures, not a MemoryError. ... E ValueError: `x0` is infeasible with respect to some inequality constraint with `keep_feasible` set to True. Upstream noticed it too, https://github.com/scipy/scipy/issues/9308 The randomness of the failure happens because the value is randomly generated. Apparently fixed with https://github.com/scipy/scipy/pull/10046/commits/2d7e7e8c6142e8925c44f92f6839147690880e7d It's a small patch. Should we apply it in a python-scipy/1.1.0-7 ?
Bug#926813: unblock: python-scipy/1.1.0-6
On 2019-04-11 10:54, Drew Parsons wrote:
On 2019-04-11 04:38, Paul Gevers wrote:
The score isn't great (and not all results are in): 3/14 failure (2 in
unstable, 1 in testing so far). Can you please have a look?
Apparently the same test failure does occur in python3 tests, but only
some of the time not all of the time. Weird.
I've uploaded 1.1.0-6 now to skip the same 2 tests in python3.
1.1.0-6 puts us in the clear with respect to the MemoryError failures.
10/10 test runs passed in unstable
9/10 test runs passed in testing.
The one failure is odd. It's not in the same class as previous test
failures, not a MemoryError.
It appears to be a true test failure, failing
_trustregion_constr.tests.test_canonical_constraint.test_concatenation
in
/usr/lib/python2.7/dist-packages/scipy/optimize/_trustregion_constr/tests/test_canonical_constraint.py:179
with
if np.any(f0[mask] < lb[mask]) or np.any(f0[mask] > ub[mask]):
raise ValueError("`x0` is infeasible with respect to some "
"inequality constraint with `keep_feasible`
"
"set to True.")
E ValueError: `x0` is infeasible with respect to some
inequality constraint with `keep_feasible` set to True.
This happens in the atlas tests (atlas provides lapack/blas), which is
not core scipy as such, since lapack can be provided by openblas.
This particular failure only happened once.
Bug#926747: unblock: adacontrol/1.20r7-2
> > if the tests don't break the buildd, it would be better to run those and > > ignore > > the test results. > Based on this suggestion, I'm tagging this unblock request moreinfo for now. > Please either do a new upload with this change, or if you believe this version > should be unblocked anyway, please explain this and remove the moreinfo tag. Hello. The attached patch is now applied on all release architectures. Thanks. diff -Nru adacontrol-1.20r7/debian/changelog adacontrol-1.20r7/debian/changelog --- adacontrol-1.20r7/debian/changelog 2019-01-13 12:12:45.0 +0100 +++ adacontrol-1.20r7/debian/changelog 2019-04-11 10:45:47.0 +0200 @@ -1,3 +1,15 @@ +adacontrol (1.20r7-3) unstable; urgency=medium + + * Ignore tests, but let them produce a log as suggested in #926747. + + -- Nicolas Boulenguez Thu, 11 Apr 2019 10:45:47 +0200 + +adacontrol (1.20r7-2) unstable; urgency=medium + + * Disable tests, lowering the severity of #924835. + + -- Nicolas Boulenguez Thu, 04 Apr 2019 21:13:55 +0200 + adacontrol (1.20r7-1) unstable; urgency=medium * New upstream release. diff -Nru adacontrol-1.20r7/debian/rules adacontrol-1.20r7/debian/rules --- adacontrol-1.20r7/debian/rules 2019-01-13 12:01:50.0 +0100 +++ adacontrol-1.20r7/debian/rules 2019-04-11 10:45:47.0 +0200 @@ -54,7 +54,11 @@ override_dh_auto_test-arch: ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS) $(DEB_BUILD_PROFILES))) - cd test && sh run.sh +# Ignore build-time tests so that the severity of #924835 can be +# lowered and the package accepted into buster. An actual fix +# requires a bit more time and probably a longer diff. +# Produce the log nevertheless. + -cd test && sh run.sh endif override_dh_auto_clean:: rm -fr test/res
Bug#926870: stretch-pu: package ca-certificates-java/20170929~deb9u2
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
My upload of ca-certificates-java_20170929~deb9u2 (currently in
stable-pu) [1] introduced a printf syntax problem in the postinst.
More discussion can be found in #923176 starting at message 38:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923176#38
Thank you to Andreas Beckmann for catching the issue.
I have tested the updated code path in a stretch chroot by unpacking the
deb9u3, modifying the postinst such that FIXOLD is true (plus adding
some echo debug to make sure that the path was executed), and then
running "apt -f install" which will pull in the r-deps and then
configure ca-certificates-java. Thus I feel confident that the
regression has been tested.
The attached debdiff (against deb9u2, but I am also attaching
deb9u1-vs-deb9u3) should address the problem.
Thank you,
tony
[1]
https://release.debian.org/proposed-updates/stable.html#ca-certificates-java_20170929~deb9u2
diff -Nru ca-certificates-java-20170929~deb9u2/debian/changelog ca-certificates-java-20170929~deb9u3/debian/changelog
--- ca-certificates-java-20170929~deb9u2/debian/changelog 2019-02-24 09:55:04.0 -0800
+++ ca-certificates-java-20170929~deb9u3/debian/changelog 2019-04-10 19:59:01.0 -0700
@@ -1,3 +1,10 @@
+ca-certificates-java (20170929~deb9u3) stretch; urgency=medium
+
+ * Team upload.
+ * Fix printf syntax problem introduced in 20170929~deb9u2
+
+ -- tony mancill Wed, 10 Apr 2019 19:59:01 -0700
+
ca-certificates-java (20170929~deb9u2) stretch; urgency=medium
* Team upload.
diff -Nru ca-certificates-java-20170929~deb9u2/debian/postinst.in ca-certificates-java-20170929~deb9u3/debian/postinst.in
--- ca-certificates-java-20170929~deb9u2/debian/postinst.in 2019-02-24 09:55:04.0 -0800
+++ ca-certificates-java-20170929~deb9u3/debian/postinst.in 2019-04-10 19:59:01.0 -0700
@@ -52,7 +52,7 @@
# Forcibly remove diginotar cert (LP: #920758)
if [ -n "$FIXOLD" ]; then
-printf "-diginotar_root_ca\n-diginotar_root_ca_pem\n" | \
+printf -- "-diginotar_root_ca\n-diginotar_root_ca_pem\n" | \
java -Xmx64m -jar $JAR -storepass "$storepass"
fi
diff -Nru ca-certificates-java-20170929~deb9u1/debian/changelog ca-certificates-java-20170929~deb9u3/debian/changelog
--- ca-certificates-java-20170929~deb9u1/debian/changelog 2019-02-11 04:14:23.0 -0800
+++ ca-certificates-java-20170929~deb9u3/debian/changelog 2019-04-10 19:59:01.0 -0700
@@ -1,3 +1,17 @@
+ca-certificates-java (20170929~deb9u3) stretch; urgency=medium
+
+ * Team upload.
+ * Fix printf syntax problem introduced in 20170929~deb9u2
+
+ -- tony mancill Wed, 10 Apr 2019 19:59:01 -0700
+
+ca-certificates-java (20170929~deb9u2) stretch; urgency=medium
+
+ * Team upload.
+ * Address bashisms in postinst and jks-keystore (Closes: #922720)
+
+ -- tony mancill Sun, 24 Feb 2019 09:55:04 -0800
+
ca-certificates-java (20170929~deb9u1) stretch; urgency=medium
* Rebuild for stretch.
diff -Nru ca-certificates-java-20170929~deb9u1/debian/jks-keystore.hook.in ca-certificates-java-20170929~deb9u3/debian/jks-keystore.hook.in
--- ca-certificates-java-20170929~deb9u1/debian/jks-keystore.hook.in 2019-02-11 04:14:23.0 -0800
+++ ca-certificates-java-20170929~deb9u3/debian/jks-keystore.hook.in 2019-04-10 19:59:01.0 -0700
@@ -53,7 +53,7 @@
# the jre is not yet configured, but jvm.cfg is needed to run it
temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg
mkdir -p /etc/${jvm%-$arch}
-if [ "$arch" == "armhf" ]; then
+if [ "$arch" = "armhf" ]; then
printf -- "-client KNOWN\n-server ALIASED_TO -client\n" > $temp_jvm_cfg
else
printf -- "-server KNOWN\n" > $temp_jvm_cfg
diff -Nru ca-certificates-java-20170929~deb9u1/debian/postinst.in ca-certificates-java-20170929~deb9u3/debian/postinst.in
--- ca-certificates-java-20170929~deb9u1/debian/postinst.in 2019-02-11 04:14:23.0 -0800
+++ ca-certificates-java-20170929~deb9u3/debian/postinst.in 2019-04-10 19:59:01.0 -0700
@@ -52,7 +52,7 @@
# Forcibly remove diginotar cert (LP: #920758)
if [ -n "$FIXOLD" ]; then
-echo -e "-diginotar_root_ca\n-diginotar_root_ca_pem" | \
+printf -- "-diginotar_root_ca\n-diginotar_root_ca_pem\n" | \
java -Xmx64m -jar $JAR -storepass "$storepass"
fi
@@ -100,7 +100,7 @@
# the jre is not yet configured, but jvm.cfg is needed to run it
temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg
mkdir -p /etc/${jvm%-$arch}
-if [ "$arch" == "armhf" ]; then
+if [ "$arch" = "armhf" ]; then
printf -- "-client KNOWN\n-server ALIASED_TO -client\n" > $temp_jvm_cfg
else
printf -- "-server KNOWN\n" > $temp_jvm_cfg
signature.asc
Description: PGP signature
Bug#926867: unblock: cacti/1.2.2+ds1-2
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Please unblock package cacti
A CVE was found in cacti. The patch that I applied to the cacti package
comes from upstream. Closes https://bugs.debian.org/926700
debdiff attached.
unblock cacti/1.2.2+ds1-2
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'testing-debug'), (200,
'testing'), (100, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-4-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru cacti-1.2.2+ds1/debian/changelog cacti-1.2.2+ds1/debian/changelog
--- cacti-1.2.2+ds1/debian/changelog2019-02-26 21:48:07.0 +0100
+++ cacti-1.2.2+ds1/debian/changelog2019-04-09 20:42:38.0 +0200
@@ -1,3 +1,12 @@
+cacti (1.2.2+ds1-2) unstable; urgency=medium
+
+ * Add 0001-Resolving-Issue-2581.patch from upstream (Closes: #926700)
+CVE-2019-11025: In clearFilter() in utilities.php no escaping occurs
+before printing out the value of the SNMP community string (SNMP
+Options) in the View poller cache, leading to XSS.
+
+ -- Paul Gevers Tue, 09 Apr 2019 20:42:38 +0200
+
cacti (1.2.2+ds1-1) unstable; urgency=medium
* New upstream release 1.2.2
diff -Nru cacti-1.2.2+ds1/debian/patches/0001-Resolving-Issue-2581.patch
cacti-1.2.2+ds1/debian/patches/0001-Resolving-Issue-2581.patch
--- cacti-1.2.2+ds1/debian/patches/0001-Resolving-Issue-2581.patch
1970-01-01 01:00:00.0 +0100
+++ cacti-1.2.2+ds1/debian/patches/0001-Resolving-Issue-2581.patch
2019-04-09 20:38:47.0 +0200
@@ -0,0 +1,68 @@
+From c373e66a6a224e221a1db037164144ce59b20736 Mon Sep 17 00:00:00 2001
+From: cigamit
+Date: Thu, 28 Mar 2019 06:37:45 -0500
+Subject: [PATCH] Resolving Issue #2581
+
+Stored XSS in "SNMP community string" field
+---
+ CHANGELOG | 1 +
+ utilities.php | 11 ++-
+ 2 files changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/utilities.php b/utilities.php
+index f5478d23..dc9439c4 100644
+--- a/utilities.php
b/utilities.php
+@@ -1543,7 +1543,7 @@ function utilities_view_snmp_cache() {
+
+
+
+-
++
+
+
+
+@@ -1837,7 +1837,7 @@ function utilities_view_poller_cache() {
+
+
+
+-
++
+
+
+
+@@ -1846,12 +1846,12 @@ function utilities_view_poller_cache() {
+ if ($item['snmp_version'] != 3) {
+ $details =
+ __('SNMP Version:') . '
' . $item['snmp_version'] . ', ' .
+- __('Community:') . ' '
. $item['snmp_community'] . ', ' .
++ __('Community:') . ' '
. html_escape($item['snmp_community']) . ', ' .
+ __('OID:') . ' ' .
filter_value($item['arg1'], get_request_var('filter'));
+ } else {
+ $details =
+ __('SNMP Version:') . '
' . $item['snmp_version'] . ', ' .
+- __('User:') . ' ' .
$item['snmp_username'] . ', ' . __('OID:') . ' ' . $item['arg1'];
++ __('User:') . ' ' .
html_escape($item['snmp_username']) . ', ' . __('OID:') . ' ' .
html_escape($item['arg1']);
+ }
+ } elseif ($item['action'] == 1) {
+ $details = __('Script:') . ' '
. filter_value($item['arg1'], get_request_var('filter'));
+@@ -1860,6 +1860,7 @@ function utilities_view_poller_cache() {
+ }
+
+ print $details;
++
+ ?>
+
+
+@@ -1869,7 +1870,7 @@ function utilities_view_poller_cache() {
+
+
+
+-
++
+
+
+
signature.asc
Description: OpenPGP digital signature
Bug#926853: unblock: openssh/1:7.9p1-10
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock openssh 1:7.9p1-10; as discussed recently on
debian-devel, this reverts an upstream change in 7.8 that causes
problems for certain iptables configurations as well as for VMware.
unblock openssh/1:7.9p1-10
diff -Nru openssh-7.9p1/debian/.git-dpm openssh-7.9p1/debian/.git-dpm
--- openssh-7.9p1/debian/.git-dpm 2019-03-01 10:57:53.0 +0100
+++ openssh-7.9p1/debian/.git-dpm 2019-04-08 11:51:26.0 +0200
@@ -1,6 +1,6 @@
# see git-dpm(1) from git-dpm package
-7a3fa37583d4abf128f7f4c6eb1e7ffc90115eab
-7a3fa37583d4abf128f7f4c6eb1e7ffc90115eab
+6b56cd57db9061296231f14d537f1ebaf25e8877
+6b56cd57db9061296231f14d537f1ebaf25e8877
3d246f10429fc9a37b98eabef94fe8dc7c61002b
3d246f10429fc9a37b98eabef94fe8dc7c61002b
openssh_7.9p1.orig.tar.gz
diff -Nru openssh-7.9p1/debian/README.Debian openssh-7.9p1/debian/README.Debian
--- openssh-7.9p1/debian/README.Debian 2019-03-01 10:57:52.0 +0100
+++ openssh-7.9p1/debian/README.Debian 2019-04-08 11:56:59.0 +0200
@@ -270,6 +270,26 @@
https://bugs.launchpad.net/bugs/1674330
+IPQoS defaults reverted to pre-7.8 values
+-
+
+OpenSSH 7.8 changed the default IPQoS settings to use DSCP AF21 for
+interactive traffic and CS1 for bulk. This caused some problems with other
+software ("iptables -m tos" and VMware), so Debian's OpenSSH reverts this
+change for the time being.
+
+This is *temporary*, and we expect to come back into sync with upstream
+OpenSSH once those other issues have been fixed. If you want to restore the
+upstream default, add this to ssh_config and sshd_config:
+
+ IPQoS af21 cs1
+
+For further discussion, see:
+
+ https://bugs.debian.org/923879
+ https://bugs.debian.org/926229
+ https://bugs.launchpad.net/1822370
+
--
Matthew Vernon
Colin Watson
diff -Nru openssh-7.9p1/debian/changelog openssh-7.9p1/debian/changelog
--- openssh-7.9p1/debian/changelog 2019-03-01 13:23:36.0 +0100
+++ openssh-7.9p1/debian/changelog 2019-04-08 12:13:04.0 +0200
@@ -1,3 +1,11 @@
+openssh (1:7.9p1-10) unstable; urgency=medium
+
+ * Temporarily revert IPQoS defaults to pre-7.8 values until issues with
+"iptables -m tos" and VMware have been fixed (closes: #923879, #926229;
+LP: #1822370).
+
+ -- Colin Watson Mon, 08 Apr 2019 11:13:04 +0100
+
openssh (1:7.9p1-9) unstable; urgency=medium
* Apply upstream patch to make scp handle shell-style brace expansions
diff -Nru openssh-7.9p1/debian/patches/revert-ipqos-defaults.patch
openssh-7.9p1/debian/patches/revert-ipqos-defaults.patch
--- openssh-7.9p1/debian/patches/revert-ipqos-defaults.patch1970-01-01
01:00:00.0 +0100
+++ openssh-7.9p1/debian/patches/revert-ipqos-defaults.patch2019-04-08
11:51:26.0 +0200
@@ -0,0 +1,93 @@
+From 6b56cd57db9061296231f14d537f1ebaf25e8877 Mon Sep 17 00:00:00 2001
+From: Colin Watson
+Date: Mon, 8 Apr 2019 10:46:29 +0100
+Subject: Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP
+ AF21 for"
+
+This reverts commit 5ee8448ad7c306f05a9f56769f95336a8269f379.
+
+The IPQoS default changes have some unfortunate interactions with
+iptables (see https://bugs.debian.org/923880) and VMware, so I'm
+temporarily reverting them until those have been fixed.
+
+Bug-Debian: https://bugs.debian.org/923879
+Bug-Debian: https://bugs.debian.org/926229
+Bug-Ubuntu: https://bugs.launchpad.net/1822370
+Last-Update: 2019-04-08
+
+Patch-Name: revert-ipqos-defaults.patch
+---
+ readconf.c| 4 ++--
+ servconf.c| 4 ++--
+ ssh_config.5 | 6 ++
+ sshd_config.5 | 6 ++
+ 4 files changed, 8 insertions(+), 12 deletions(-)
+
+diff --git a/readconf.c b/readconf.c
+index 661b8bf40..6d046f063 100644
+--- a/readconf.c
b/readconf.c
+@@ -2133,9 +2133,9 @@ fill_default_options(Options * options)
+ if (options->visual_host_key == -1)
+ options->visual_host_key = 0;
+ if (options->ip_qos_interactive == -1)
+- options->ip_qos_interactive = IPTOS_DSCP_AF21;
++ options->ip_qos_interactive = IPTOS_LOWDELAY;
+ if (options->ip_qos_bulk == -1)
+- options->ip_qos_bulk = IPTOS_DSCP_CS1;
++ options->ip_qos_bulk = IPTOS_THROUGHPUT;
+ if (options->request_tty == -1)
+ options->request_tty = REQUEST_TTY_AUTO;
+ if (options->proxy_use_fdpass == -1)
+diff --git a/servconf.c b/servconf.c
+index c5dd617ef..bf2669147 100644
+--- a/servconf.c
b/servconf.c
+@@ -403,9 +403,9 @@ fill_default_server_options(ServerOptions *options)
+ if (options->permit_tun == -1)
+ options->permit_tun = SSH_TUNMODE_NO;
+ if (options->ip_qos_interactive == -1)
+- options->ip_qos_interactive = IPTOS_DSCP_AF21;
++ options->ip_qos_interactive = IPTOS_LOWDELAY;
+ if (options->ip_qos_bulk == -1)
+-
Bug#926383: unblock: neutron-dynamic-routing-common/2:13.0.0-2
Hello, In attachment you can find debdiff. Thanks, Michal Arbet ( kevko ) debdiff Description: Binary data
Bug#926841: marked as done (unblock: librsvg/2.44.10-2)
Your message dated Thu, 11 Apr 2019 09:21:04 +
with message-id
and subject line unblock librsvg
has caused the Debian Bug report #926841,
regarding unblock: librsvg/2.44.10-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
926841: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926841
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
Maybe you'll see this anyway since the upload closes an RC bug?
librsvg 2.44.10-2 (just uploaded, not accepted yet) is am upload only to
fix a build failure on (at least) i386, AKA #926840. Please could you
unblock it?
unblock librsvg/2.44.10-2
--
Iain Lane [ i...@orangesquash.org.uk ]
Debian Developer [ la...@debian.org ]
Ubuntu Developer [ la...@ubuntu.com ]
diff -Nru librsvg-2.44.10/debian/changelog librsvg-2.44.10/debian/changelog
--- librsvg-2.44.10/debian/changelog2018-12-11 21:02:52.0 +
+++ librsvg-2.44.10/debian/changelog2019-04-11 09:29:30.0 +0100
@@ -1,3 +1,13 @@
+librsvg (2.44.10-2) unstable; urgency=medium
+
+ * debian/patches/typenum-i386-ftbfs.patch: backport an upstream fix for a
+build failure in the vendored typenum crate on i386 (LP: #1823426)
+(Closes: #926840)
+ * debian/patches/i386-rounding-errors.patch: fix a rounding error on i386
+that would result in a unit test failure
+
+ -- Olivier Tilloy Thu, 11 Apr 2019 09:29:30
+0100
+
librsvg (2.44.10-1) unstable; urgency=medium
* New upstream release
diff -Nru librsvg-2.44.10/debian/patches/i386-rounding-errors.patch
librsvg-2.44.10/debian/patches/i386-rounding-errors.patch
--- librsvg-2.44.10/debian/patches/i386-rounding-errors.patch 1970-01-01
01:00:00.0 +0100
+++ librsvg-2.44.10/debian/patches/i386-rounding-errors.patch 2019-04-11
09:29:30.0 +0100
@@ -0,0 +1,17 @@
+Description: fix a rounding error on i386 that would result in a unit test
failure
+Author: Olivier Tilloy
+Origin:
https://gitlab.gnome.org/GNOME/librsvg/commit/aaef7bb37c9f0cceffc3bdf2138ec80242349653
+
+--- a/rsvg_internals/src/marker.rs
b/rsvg_internals/src/marker.rs
+@@ -589,7 +589,9 @@ fn find_outgoing_directionality_forwards
+
+ // Normalizes an angle to [0.0, 2*PI)
+ fn normalize_angle(mut angle: f64) -> f64 {
+-if angle < 0.0 {
++if angle.abs() < std::f64::EPSILON {
++angle = angle.abs();
++} else if angle < 0.0 {
+ while angle < 0.0 {
+ angle += PI * 2.0;
+ }
diff -Nru librsvg-2.44.10/debian/patches/series
librsvg-2.44.10/debian/patches/series
--- librsvg-2.44.10/debian/patches/series 2018-12-11 21:02:52.0
+
+++ librsvg-2.44.10/debian/patches/series 2019-04-11 09:29:30.0
+0100
@@ -1 +1,3 @@
10_rsvg-gz.patch
+typenum-i386-ftbfs.patch
+i386-rounding-errors.patch
diff -Nru librsvg-2.44.10/debian/patches/typenum-i386-ftbfs.patch
librsvg-2.44.10/debian/patches/typenum-i386-ftbfs.patch
--- librsvg-2.44.10/debian/patches/typenum-i386-ftbfs.patch 1970-01-01
01:00:00.0 +0100
+++ librsvg-2.44.10/debian/patches/typenum-i386-ftbfs.patch 2019-04-11
09:29:30.0 +0100
@@ -0,0 +1,22 @@
+Descriptpion: round result of (highest as f64).log(2.0)
+Author: Michael Hudson-Doyle
+Origin:
https://github.com/paholg/typenum/commit/14a3322d1081fd63d5eb44bf8ab8f90676208228
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/librsvg/+bug/1823426
+
+--- a/vendor/typenum/build/main.rs
b/vendor/typenum/build/main.rs
+@@ -77,7 +77,7 @@ pub fn no_std() {}
+ fn main() {
+ let highest: u64 = 1024;
+
+-let first2: u32 = (highest as f64).log(2.0) as u32 + 1;
++let first2: u32 = (highest as f64).log(2.0).round() as u32 + 1;
+ let first10: u32 = (highest as f64).log(10.0) as u32 + 1;
+ let uints = (0..(highest + 1))
+ .chain((first2..64).map(|i| 2u64.pow(i)))
+--- a/vendor/typenum/.cargo-checksum.json
b/vendor/typenum/.cargo-checksum.json
+@@ -1 +1 @@
Bug#926841: unblock: librsvg/2.44.10-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
Maybe you'll see this anyway since the upload closes an RC bug?
librsvg 2.44.10-2 (just uploaded, not accepted yet) is am upload only to
fix a build failure on (at least) i386, AKA #926840. Please could you
unblock it?
unblock librsvg/2.44.10-2
--
Iain Lane [ i...@orangesquash.org.uk ]
Debian Developer [ la...@debian.org ]
Ubuntu Developer [ la...@ubuntu.com ]
diff -Nru librsvg-2.44.10/debian/changelog librsvg-2.44.10/debian/changelog
--- librsvg-2.44.10/debian/changelog2018-12-11 21:02:52.0 +
+++ librsvg-2.44.10/debian/changelog2019-04-11 09:29:30.0 +0100
@@ -1,3 +1,13 @@
+librsvg (2.44.10-2) unstable; urgency=medium
+
+ * debian/patches/typenum-i386-ftbfs.patch: backport an upstream fix for a
+build failure in the vendored typenum crate on i386 (LP: #1823426)
+(Closes: #926840)
+ * debian/patches/i386-rounding-errors.patch: fix a rounding error on i386
+that would result in a unit test failure
+
+ -- Olivier Tilloy Thu, 11 Apr 2019 09:29:30
+0100
+
librsvg (2.44.10-1) unstable; urgency=medium
* New upstream release
diff -Nru librsvg-2.44.10/debian/patches/i386-rounding-errors.patch
librsvg-2.44.10/debian/patches/i386-rounding-errors.patch
--- librsvg-2.44.10/debian/patches/i386-rounding-errors.patch 1970-01-01
01:00:00.0 +0100
+++ librsvg-2.44.10/debian/patches/i386-rounding-errors.patch 2019-04-11
09:29:30.0 +0100
@@ -0,0 +1,17 @@
+Description: fix a rounding error on i386 that would result in a unit test
failure
+Author: Olivier Tilloy
+Origin:
https://gitlab.gnome.org/GNOME/librsvg/commit/aaef7bb37c9f0cceffc3bdf2138ec80242349653
+
+--- a/rsvg_internals/src/marker.rs
b/rsvg_internals/src/marker.rs
+@@ -589,7 +589,9 @@ fn find_outgoing_directionality_forwards
+
+ // Normalizes an angle to [0.0, 2*PI)
+ fn normalize_angle(mut angle: f64) -> f64 {
+-if angle < 0.0 {
++if angle.abs() < std::f64::EPSILON {
++angle = angle.abs();
++} else if angle < 0.0 {
+ while angle < 0.0 {
+ angle += PI * 2.0;
+ }
diff -Nru librsvg-2.44.10/debian/patches/series
librsvg-2.44.10/debian/patches/series
--- librsvg-2.44.10/debian/patches/series 2018-12-11 21:02:52.0
+
+++ librsvg-2.44.10/debian/patches/series 2019-04-11 09:29:30.0
+0100
@@ -1 +1,3 @@
10_rsvg-gz.patch
+typenum-i386-ftbfs.patch
+i386-rounding-errors.patch
diff -Nru librsvg-2.44.10/debian/patches/typenum-i386-ftbfs.patch
librsvg-2.44.10/debian/patches/typenum-i386-ftbfs.patch
--- librsvg-2.44.10/debian/patches/typenum-i386-ftbfs.patch 1970-01-01
01:00:00.0 +0100
+++ librsvg-2.44.10/debian/patches/typenum-i386-ftbfs.patch 2019-04-11
09:29:30.0 +0100
@@ -0,0 +1,22 @@
+Descriptpion: round result of (highest as f64).log(2.0)
+Author: Michael Hudson-Doyle
+Origin:
https://github.com/paholg/typenum/commit/14a3322d1081fd63d5eb44bf8ab8f90676208228
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/librsvg/+bug/1823426
+
+--- a/vendor/typenum/build/main.rs
b/vendor/typenum/build/main.rs
+@@ -77,7 +77,7 @@ pub fn no_std() {}
+ fn main() {
+ let highest: u64 = 1024;
+
+-let first2: u32 = (highest as f64).log(2.0) as u32 + 1;
++let first2: u32 = (highest as f64).log(2.0).round() as u32 + 1;
+ let first10: u32 = (highest as f64).log(10.0) as u32 + 1;
+ let uints = (0..(highest + 1))
+ .chain((first2..64).map(|i| 2u64.pow(i)))
+--- a/vendor/typenum/.cargo-checksum.json
b/vendor/typenum/.cargo-checksum.json
+@@ -1 +1 @@
Bug#922996: Bug#923176: stretch-pu: package ca-certificates-java/20170929~deb9u1
On 2019-04-11 06:41, tony mancill wrote: > Andreas, please let me know if this looks okay to you and I'll file the > stretch-pu bug. Looks good to me. Andreas
