Bug#930575: marked as done (unblock: developers-reference/3.4.25)
Your message dated Sun, 16 Jun 2019 07:33:01 +0200 with message-id <457ed8ce-a83f-9dfa-fa5c-5a1af72bc...@debian.org> and subject line Re: Bug#930575: unblock: developers-reference/3.4.25 has caused the Debian Bug report #930575, regarding unblock: developers-reference/3.4.25 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 930575: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930575 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package developers-reference, the changes are trivial and documentation only...: $ debdiff developers-reference_3.4.24.dsc developers-reference_3.4.25.dsc diff -Nru developers-reference-3.4.24/common.ent developers-reference-3.4.25/common.ent --- developers-reference-3.4.24/common.ent 2019-02-13 21:28:03.0 +0100 +++ developers-reference-3.4.25/common.ent 2019-06-15 18:27:56.0 +0200 @@ -10,22 +10,22 @@ - + - - - - - - - - - - + + + + + + + + + + Sat, 15 Jun 2019 21:02:04 +0200 + developers-reference (3.4.24) unstable; urgency=medium unblock developers-reference/3.4.25 Thanks & kudos for announcing the release date 3 weeks in advance, very cool! -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature --- End Message --- --- Begin Message --- Hi Holger, On 15-06-2019 21:06, Holger Levsen wrote: > unblock developers-reference/3.4.25 Unblocked, thanks. Paul signature.asc Description: OpenPGP digital signature --- End Message ---
Bug#930575: unblock: developers-reference/3.4.25
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package developers-reference, the changes are trivial and documentation only...: $ debdiff developers-reference_3.4.24.dsc developers-reference_3.4.25.dsc diff -Nru developers-reference-3.4.24/common.ent developers-reference-3.4.25/common.ent --- developers-reference-3.4.24/common.ent 2019-02-13 21:28:03.0 +0100 +++ developers-reference-3.4.25/common.ent 2019-06-15 18:27:56.0 +0200 @@ -10,22 +10,22 @@ - + - - - - - - - - - - + + + + + + + + + + Sat, 15 Jun 2019 21:02:04 +0200 + developers-reference (3.4.24) unstable; urgency=medium unblock developers-reference/3.4.25 Thanks & kudos for announcing the release date 3 weeks in advance, very cool! -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#929839: unblock: syslog-ng/3.19.1-5
Hi Paul, On Sat, Jun 15, 2019 at 7:43 PM Paul Gevers wrote: > On 01-06-2019 16:12, László Böszörményi (GCS) wrote: > > The first one is very small, adding a configuration entry which is > > chosen automatically but with a warning issued. Explicitly adding the > > configuration prevents that extra message issued. > > I'm slightly annoyed that this fix is in the debdiff at this moment of > the freeze. Why? As said, this is almost a no-op: the explicitly set configuration change is chosen automatically with a warning message. Meaning the working configuration remains the same, we just prevent an unneeded message line on every start. > > The second one contains several security fixes backported from stable > > upstream releases. > Is this something the release team should be aware of (for stable)? Good question, I couldn't find time to check these as Stretch and Buster versions differ with fourteen (yes, 14!) upstream stable releases. :-/ What I know that several (all?) of these were demonstrated to be real issues in recent upstream releases. > Unblocked. Thanks! Regards, Laszlo/GCS
Processed: Re: Bug#929318: unblock: papi/5.7.0+dfsg-1
Processing control commands: > tags 929318 moreinfo confirmed Bug #929318 [release.debian.org] unblock: papi/5.7.0+dfsg-2 Ignoring request to alter tags of bug #929318 to the same tags previously set -- 929318: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929318 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#929318: unblock: papi/5.7.0+dfsg-1
Processing control commands: > tags 929318 moreinfo confirmed Bug #929318 [release.debian.org] unblock: papi/5.7.0+dfsg-2 Added tag(s) confirmed and moreinfo. -- 928368: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928368 929318: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929318 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#928368: Bug#929318: unblock: papi/5.7.0+dfsg-1
Control: tags 929318 moreinfo confirmed Hi Andreas, On 09-06-2019 23:00, Andreas Beckmann wrote: > The attached diff between 5.7.0-1 (buster) and 5.7.0+dfsg-1 > (experimental) is a git diff because this better copes with the > renames. It also excludes all the deletions (-D). > All that is missing for 5.7.0+dfsg-2 is an "Upload to unstable." > changelog entry. > > The transition from libpapi5 to libpapi5.7 will require only a single > binNMU: eztrace. Please go ahead and upload to unstable. Please remove the moreinfo tag when the time is there to schedule the binNMU's. Paul
Bug#930058: unblock: puppet/5.5.10-3
Control: tags -1 moreinfo Hi Thomas, On 06-06-2019 10:36, Thomas Goirand wrote: > Version 5.5.10-3 adds a tiny cron.daily job which cleans-up the > /var/lib/puppet/reports folder to avoid that a puppet-master > server gets its HDD full, which potentially could be very harmful > for a deployment. This seems slightly controversial to me (as hinted by a comment in the bug as well). Don't you think this warrants a note in NEWS? Paul signature.asc Description: OpenPGP digital signature
Processed: Re: Bug#930058: unblock: puppet/5.5.10-3
Processing control commands: > tags -1 moreinfo Bug #930058 [release.debian.org] unblock: puppet/5.5.10-3 Added tag(s) moreinfo. -- 930058: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930058 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#929839: marked as done (unblock: syslog-ng/3.19.1-5)
Your message dated Sat, 15 Jun 2019 19:42:59 +0200
with message-id <2fe27633-1a3c-ece3-e2a1-c4dce9274...@debian.org>
and subject line Re: Bug#929839: unblock: syslog-ng/3.19.1-5
has caused the Debian Bug report #929839,
regarding unblock: syslog-ng/3.19.1-5
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
929839: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929839
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi Release Team,
I would like to update syslog-ng from 3.19.1-3 to 3.19-5 which means
two debdiffs.
The first one is very small, adding a configuration entry which is
chosen automatically but with a warning issued. Explicitly adding the
configuration prevents that extra message issued.
The second one contains several security fixes backported from stable
upstream releases.
Just to be sure, I let it age a week.
Thanks for consideration,
Laszlo/GCS
diff -Nru syslog-ng-3.19.1/debian/changelog syslog-ng-3.19.1/debian/changelog
--- syslog-ng-3.19.1/debian/changelog 2019-02-04 18:47:26.0 +
+++ syslog-ng-3.19.1/debian/changelog 2019-04-22 11:02:19.0 +
@@ -1,3 +1,9 @@
+syslog-ng (3.19.1-4) unstable; urgency=medium
+
+ * Add dns_cache(no) to options (closes: #922524).
+
+ -- Laszlo Boszormenyi (GCS) Mon, 22 Apr 2019 11:02:19 +
+
syslog-ng (3.19.1-3) unstable; urgency=medium
* Correct syslog-ng-mod-examples description (closes: #920846).
diff -Nru syslog-ng-3.19.1/debian/syslog-ng.conf syslog-ng-3.19.1/debian/syslog-ng.conf
--- syslog-ng-3.19.1/debian/syslog-ng.conf 2018-12-25 09:40:28.0 +
+++ syslog-ng-3.19.1/debian/syslog-ng.conf 2019-04-22 11:02:19.0 +
@@ -6,8 +6,8 @@
# First, set some global options.
options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
- owner("root"); group("adm"); perm(0640); stats_freq(0);
- bad_hostname("^gconfd$");
+ dns_cache(no); owner("root"); group("adm"); perm(0640);
+ stats_freq(0); bad_hostname("^gconfd$");
};
diff -Nru syslog-ng-3.19.1/debian/changelog syslog-ng-3.19.1/debian/changelog
--- syslog-ng-3.19.1/debian/changelog 2019-04-22 11:02:19.0 +
+++ syslog-ng-3.19.1/debian/changelog 2019-05-19 11:03:30.0 +
@@ -1,3 +1,22 @@
+syslog-ng (3.19.1-5) unstable; urgency=high
+
+ * Backport security fixes:
+- fix app-parser() per reload memory leak,
+- logger: fix leaking file handlers,
+- DNS memory leak/segfault fix,
+- cmake: add missing detection for O_LARGEFILE,
+- threaded-dest: fix integer overflow,
+- threaded-dest: move last_worker to DestDriver,
+- cmake: fix typo in HAVE_STRNLEN,
+- http: add missing free for self->body_template,
+- test_pathutils: fix leak,
+- test_file_list: fix leak,
+- template: tf_simple_func_prepare leak fix,
+- gorupingby: fix memory leak,
+- groupingby: fix invalid memory access.
+
+ -- Laszlo Boszormenyi (GCS) Sun, 19 May 2019 11:03:30 +
+
syslog-ng (3.19.1-4) unstable; urgency=medium
* Add dns_cache(no) to options (closes: #922524).
diff -Nru syslog-ng-3.19.1/debian/patches/0010-Fix_app-parser_per_reload_memory_leak_part1.patch syslog-ng-3.19.1/debian/patches/0010-Fix_app-parser_per_reload_memory_leak_part1.patch
--- syslog-ng-3.19.1/debian/patches/0010-Fix_app-parser_per_reload_memory_leak_part1.patch 1970-01-01 00:00:00.0 +
+++ syslog-ng-3.19.1/debian/patches/0010-Fix_app-parser_per_reload_memory_leak_part1.patch 2019-05-19 11:03:30.0 +
@@ -0,0 +1,93 @@
+From 8400d4aa419a9fe818d09c0a1fbfff173dbaff38 Mon Sep 17 00:00:00 2001
+From: Balazs Scheidler
+Date: Tue, 18 Dec 2018 09:52:50 +0100
+Subject: [PATCH] cfg-block: make CfgBlockGenerator instances refcounted
+
+Sometimes CfgBlock instances are constructed every time they are
+referenced (e.g. app-parser() in its construct method), in other cases
+the same generator instance is returned (e.g. those created by
+block {} statements).
+
+The shared ones were properly freed, but the dynamic kind were not.
+
+This patch adds reference counting, the followup patch will fix the leak.
+
+Signed-off-by: Balazs Scheidler
+---
+ lib/cfg-block-generator.c | 19 +++
+ lib/cfg-block-generator.h | 4 +++-
+ lib/cfg-lexer.c | 2 +-
+ 3 files changed, 19 insertions(+), 6 deletions(-)
+
+diff --git a/lib/cfg-block-generator.c b/lib/cfg-block-generator.c
+index 292094cb6a..c096fd38d5 100644
+---
Bug#930555: marked as done (unblock: curl/7.64.0-4)
Your message dated Sat, 15 Jun 2019 12:56:44 + with message-id and subject line unblock curl has caused the Debian Bug report #930555, regarding unblock: curl/7.64.0-4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 930555: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930555 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi release team, Please unblock package curl. To admit the two CVEs are not really at RC severity (and thus were filled only as important severity), but if possible it would be great to start buster with including those two CVE fixes in curl. Alessandro uploaded 7.64.0-4 to unstable containting fixes for the following: +curl (7.64.0-4) unstable; urgency=medium + + * Fix TFTP receive buffer overflow as per CVE-2019-5436 (Closes: #929351) +https://curl.haxx.se/docs/CVE-2019-5436.html + * Fix integer overflow in curl_url_set() as per CVE-2019-5435 (Closes: #929352) +https://curl.haxx.se/docs/CVE-2019-5435.html + + -- Alessandro Ghedini Fri, 14 Jun 2019 19:23:32 +0100 Attached is as well the debdiff produced from the version in testing to the one in sid. unblock curl/7.64.0-4 Regards, Salvatore --- End Message --- --- Begin Message --- Unblocked curl.--- End Message ---
Bug#930551: nmu: znc-backlog_0.20180824-1
Hi, On Sat, Jun 15, 2019 at 12:43:29PM +0200, Ivo De Decker wrote: > Hi, > > On Sat, Jun 15, 2019 at 12:20:10PM +0200, Salvatore Bonaccorso wrote: > > Apparently, cf. #916764 znc-backlog has quite strict dependency > > relations to znc, so once znc is updated, znc-backlog needs a rebuild. > > > > Can you please schedule binNMU's for znc-backlog? (This will need as > > well to move to testing, as znc itself got an unblock to fix > > CVE-2019-12816). > > > > nmu znc-backlog_0.20180824-1 . ANY . unstable . -m "Rebuild against 1.7.2-3" > > Scheduled and unblocked. Thank you, much appreciated so we can get the znc fixes into buster! > Obviously this will also be an issue if there are security updates for znc > once buster is stable. Yes even worse, if a DSA would be needed, then znc-backlog would need a sourcefull upload (the first time) because of the schedule binNMU in security archive issue. > I'm wondering if it wouldn't be better if znc-backlog was just built by > src:znc. There is only a single znc plugin, and it's very small, so having the > overhead of this mini-transition for every znc update seems excessive. Right, that or having the #917222 implemented, but guess in any case that's now to late for buster. maintainers of both packages CC'ed. Salvatore
Bug#930555: unblock: curl/7.64.0-4
Hi,
On Sat, Jun 15, 2019 at 02:19:22PM +0200, Salvatore Bonaccorso wrote:
[...]
> Attached is as well the debdiff produced from the version in testing
> to the one in sid.
... or not. Now attached.
Regards,
Salvatore
diff -Nru curl-7.64.0/debian/changelog curl-7.64.0/debian/changelog
--- curl-7.64.0/debian/changelog2019-05-04 13:51:06.0 +0200
+++ curl-7.64.0/debian/changelog2019-06-14 20:23:32.0 +0200
@@ -1,3 +1,12 @@
+curl (7.64.0-4) unstable; urgency=medium
+
+ * Fix TFTP receive buffer overflow as per CVE-2019-5436 (Closes: #929351)
+https://curl.haxx.se/docs/CVE-2019-5436.html
+ * Fix integer overflow in curl_url_set() as per CVE-2019-5435 (Closes:
#929352)
+https://curl.haxx.se/docs/CVE-2019-5435.html
+
+ -- Alessandro Ghedini Fri, 14 Jun 2019 19:23:32 +0100
+
curl (7.64.0-3) unstable; urgency=medium
* Fix potential crash in HTTP/2 code and busy loop at the end of connections
diff -Nru
curl-7.64.0/debian/patches/16_tftp-use-the-current-blksize-for-recvfrom.patch
curl-7.64.0/debian/patches/16_tftp-use-the-current-blksize-for-recvfrom.patch
---
curl-7.64.0/debian/patches/16_tftp-use-the-current-blksize-for-recvfrom.patch
1970-01-01 01:00:00.0 +0100
+++
curl-7.64.0/debian/patches/16_tftp-use-the-current-blksize-for-recvfrom.patch
2019-06-14 20:23:32.0 +0200
@@ -0,0 +1,23 @@
+From 2576003415625d7b5f0e390902f8097830b82275 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg
+Date: Fri, 3 May 2019 22:20:37 +0200
+Subject: [PATCH] tftp: use the current blksize for recvfrom()
+
+bug: https://curl.haxx.se/docs/CVE-2019-5436.html
+Reported-by: l00p3r on hackerone
+CVE-2019-5436
+---
+ lib/tftp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/lib/tftp.c
b/lib/tftp.c
+@@ -1005,7 +1005,7 @@
+ state->sockfd = state->conn->sock[FIRSTSOCKET];
+ state->state = TFTP_STATE_START;
+ state->error = TFTP_ERR_NONE;
+- state->blksize = TFTP_BLKSIZE_DEFAULT;
++ state->blksize = blksize;
+ state->requested_blksize = blksize;
+
+ ((struct sockaddr *)>local_addr)->sa_family =
diff -Nru
curl-7.64.0/debian/patches/17_CURL_MAX_INPUT_LENGTH-largest-acceptable-string-inpu.patch
curl-7.64.0/debian/patches/17_CURL_MAX_INPUT_LENGTH-largest-acceptable-string-inpu.patch
---
curl-7.64.0/debian/patches/17_CURL_MAX_INPUT_LENGTH-largest-acceptable-string-inpu.patch
1970-01-01 01:00:00.0 +0100
+++
curl-7.64.0/debian/patches/17_CURL_MAX_INPUT_LENGTH-largest-acceptable-string-inpu.patch
2019-06-14 20:23:32.0 +0200
@@ -0,0 +1,245 @@
+From 5fc28510a4664f46459d9a40187d81cc08571e60 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg
+Date: Mon, 29 Apr 2019 08:00:49 +0200
+Subject: [PATCH] CURL_MAX_INPUT_LENGTH: largest acceptable string input size
+
+This limits all accepted input strings passed to libcurl to be less than
+CURL_MAX_INPUT_LENGTH (800) bytes, for these API calls:
+curl_easy_setopt() and curl_url_set().
+
+The 800 number is arbitrary picked and is meant to detect mistakes
+or abuse, not to limit actual practical use cases. By limiting the
+acceptable string lengths we also reduce the risk of integer overflows
+all over.
+
+NOTE: This does not apply to `CURLOPT_POSTFIELDS`.
+
+Test 1559 verifies.
+
+Closes #3805
+---
+ lib/setopt.c | 7
+ lib/urlapi.c | 8
+ lib/urldata.h | 4 ++
+ tests/data/Makefile.inc| 2 +-
+ tests/data/test1559| 44 +
+ tests/libtest/Makefile.inc | 6 ++-
+ tests/libtest/lib1559.c| 78 ++
+ 7 files changed, 146 insertions(+), 3 deletions(-)
+ create mode 100644 tests/data/test1559
+ create mode 100644 tests/libtest/lib1559.c
+
+--- a/lib/setopt.c
b/lib/setopt.c
+@@ -60,6 +60,13 @@
+ if(s) {
+ char *str = strdup(s);
+
++if(str) {
++ size_t len = strlen(str);
++ if(len > CURL_MAX_INPUT_LENGTH) {
++free(str);
++return CURLE_BAD_FUNCTION_ARGUMENT;
++ }
++}
+ if(!str)
+ return CURLE_OUT_OF_MEMORY;
+
+--- a/lib/urlapi.c
b/lib/urlapi.c
+@@ -648,6 +648,10 @@
+/
+ /* allocate scratch area */
+ urllen = strlen(url);
++ if(urllen > CURL_MAX_INPUT_LENGTH)
++/* excessive input length */
++return CURLUE_MALFORMED_INPUT;
++
+ path = u->scratch = malloc(urllen * 2 + 2);
+ if(!path)
+ return CURLUE_OUT_OF_MEMORY;
+@@ -1278,6 +1282,10 @@
+ const char *newp = part;
+ size_t nalloc = strlen(part);
+
++if(nalloc > CURL_MAX_INPUT_LENGTH)
++ /* excessive input length */
++ return CURLUE_MALFORMED_INPUT;
++
+ if(urlencode) {
+ const char *i;
+ char *o;
+--- a/lib/urldata.h
b/lib/urldata.h
+@@ -79,6 +79,10 @@
+ */
+ #define RESP_TIMEOUT (120*1000)
+
++/* Max string intput length is a precaution against abuse and to detect junk
++ input easier and better. */
++#define
Bug#930555: unblock: curl/7.64.0-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi release team, Please unblock package curl. To admit the two CVEs are not really at RC severity (and thus were filled only as important severity), but if possible it would be great to start buster with including those two CVE fixes in curl. Alessandro uploaded 7.64.0-4 to unstable containting fixes for the following: +curl (7.64.0-4) unstable; urgency=medium + + * Fix TFTP receive buffer overflow as per CVE-2019-5436 (Closes: #929351) +https://curl.haxx.se/docs/CVE-2019-5436.html + * Fix integer overflow in curl_url_set() as per CVE-2019-5435 (Closes: #929352) +https://curl.haxx.se/docs/CVE-2019-5435.html + + -- Alessandro Ghedini Fri, 14 Jun 2019 19:23:32 +0100 Attached is as well the debdiff produced from the version in testing to the one in sid. unblock curl/7.64.0-4 Regards, Salvatore
Bug#930550: marked as done (unblock: thunderbird/1:60.7.1-1)
Your message dated Sat, 15 Jun 2019 11:32:20 + with message-id and subject line unblock thunderbird has caused the Debian Bug report #930550, regarding unblock: thunderbird/1:60.7.1-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 930550: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930550 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package thunderbird The release of an updated Thunderbird package by Mozilla was needed due found CVE issues. There are no changes did happen to the packaging thunderbird itself, it was only necessary to import the new sources and start a rebuild. The modification within the debian folder are really small and simple. $ diff -Naur thunderbird-60.7.0/debian/ thunderbird-60.7.1/debian/ diff -puNr -Naur thunderbird-60.7.0/debian/changelog thunderbird-60.7.1/debian/changelog --- thunderbird-60.7.0/debian/changelog 2019-06-15 10:00:28.591606482 +0200 +++ thunderbird-60.7.1/debian/changelog 2019-06-15 10:02:39.604085695 +0200 @@ -1,3 +1,14 @@ +thunderbird (1:60.7.1-1) unstable; urgency=high + + * [f791dee] New upstream version 60.7.1 +Fixed CVE issues in upstream version 60.7.1 (MFSA 2019-17) +CVE-2019-11703: Heap buffer overflow in icalparser.c +CVE-2019-11704: Heap buffer overflow in icalvalue.c +CVE-2019-11705: Stack buffer overflow in icalrecur.c +CVE-2019-11706: Type confusion in icalproperty.c + + -- Carsten Schoenert Fri, 14 Jun 2019 07:25:35 +0200 + thunderbird (1:60.7.0-1) unstable; urgency=medium * [f6dd130] New upstream version 60.7.0 So please consider to unblock the thunderbird package 1:60.7.1-1. unblock thunderbird/1:60.7.1-1 -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, aarch64, arm64 Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- Unblocked thunderbird.--- End Message ---
Bug#930392: marked as done (unblock: ibus-sunpinyin/2.0.3+git20181120-4)
Your message dated Sat, 15 Jun 2019 11:27:33 +
with message-id
and subject line unblock ibus-sunpinyin
has caused the Debian Bug report #930392,
regarding unblock: ibus-sunpinyin/2.0.3+git20181120-4
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
930392: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930392
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-CC: debian-input-met...@lists.debian.org idaob...@gmail.com
Please unblock ibus-sunpinyin 2.0.3+git20181120-4. This upload fixes
https://bugs.debian.org/929078 , which caused crash when the user is trying to
save settings for this input method.
The full debdiff is pasted below. Please let me know if there are any issues.
Regards,
Boyuan Yang
diff -Nru ibus-sunpinyin-2.0.3+git20181120/debian/changelog ibus-sunpinyin-
2.0.3+git20181120/debian/changelog
--- ibus-sunpinyin-2.0.3+git20181120/debian/changelog 2018-11-20
15:38:43.0 -0500
+++ ibus-sunpinyin-2.0.3+git20181120/debian/changelog 2019-06-11
13:40:06.0 -0400
@@ -1,3 +1,29 @@
+ibus-sunpinyin (2.0.3+git20181120-4) unstable; urgency=medium
+
+ * Team upload.
+ * debian/patches/0003-Fix-upstream-issue-85: Rework again on the
+patch to fix issues introduced in the previous uploads. (really
+really closes: #929078).
+
+ -- Boyuan Yang Tue, 11 Jun 2019 13:40:06 -0400
+
+ibus-sunpinyin (2.0.3+git20181120-3) unstable; urgency=high
+
+ * Team upload.
+ * debian/patches/0003-Fix-upstream-issue-85: Rework on the patch
+to fix issues introduced in the previous upload. (really
+closes: #929078).
+
+ -- Boyuan Yang Tue, 11 Jun 2019 12:07:21 -0400
+
+ibus-sunpinyin (2.0.3+git20181120-2) unstable; urgency=high
+
+ * Team upload.
+ * debian/patches: Cherry-pick upstream patch to fix crashing
+when trying to save user settings. (Closes: #929078)
+
+ -- Boyuan Yang Mon, 10 Jun 2019 12:41:17 -0400
+
ibus-sunpinyin (2.0.3+git20181120-1) unstable; urgency=medium
* Team upload.
diff -Nru ibus-sunpinyin-2.0.3+git20181120/debian/patches/0003-Fix-upstream-
issue-85-the-config-value-is-glib.Varia.patch ibus-sunpinyin-
2.0.3+git20181120/debian/patches/0003-Fix-upstream-issue-85-the-config-value-
is-glib.Varia.patch
--- ibus-sunpinyin-2.0.3+git20181120/debian/patches/0003-Fix-upstream-issue-
85-the-config-value-is-glib.Varia.patch 1969-12-31 19:00:00.0
-0500
+++ ibus-sunpinyin-2.0.3+git20181120/debian/patches/0003-Fix-upstream-issue-
85-the-config-value-is-glib.Varia.patch 2019-06-11 13:40:02.0
-0400
@@ -0,0 +1,64 @@
+From: Boyuan Yang
+Date: Tue, 11 Jun 2019 12:06:51 -0400
+Subject: Fix upstream issue 85: the config value is glib.Variant
+
+Bug-Debian: https://bugs.debian.org/929078
+Forwarded: https://github.com/sunpinyin/sunpinyin/issues/85
+Applied-Upstream: https://github.com/sunpinyin/sunpinyin/pull/86
+Signed-off-by: LI Daobing
+Signed-off-by: Boyuan Yang
+Last-Update: 2019-06-11
+---
+ setup/main.py | 19 +++
+ 1 file changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/setup/main.py b/setup/main.py
+index e20a3a5..aaa4a7d 100644
+--- a/setup/main.py
b/setup/main.py
+@@ -39,10 +39,13 @@ import os
+ from os import path
+ try:
+ import gtk
++import glib
+ except ImportError:
+ from gi import require_version as gi_require_version
+ gi_require_version('Gtk', '3.0')
++gi_require_version('GLib', '2.0')
+ from gi.repository import Gtk as gtk
++from gi.repository import GLib as glib
+ try:
+ import ibus
+ except ImportError:
+@@ -69,19 +72,27 @@ class Option(object):
+ it is used to synchronize the configuration with setting on user
interface
+ """
+ config = ibus.Bus().get_config()
+-
++
++__wrappers = {
++type(True): glib.Variant.new_boolean,
++type(1): glib.Variant.new_int32,
++type('str'): glib.Variant.new_string,
++type([]): glib.Variant.new_strv,
++}
++
+ def __init__(self, name, default):
+ self.name = name
+ self.default = default
++self.__wrap = self.__wrappers[type(self.default)]
+
+ def read(self):
+ section, key = self.__get_config_name()
+-return self.config.get_value(section, key, self.default)
++wrapped = self.config.get_value(section, key)
++return self.default if wrapped is None else wrapped.unpack()
+
+ def write(self, v):
+ section, key =
Bug#930335: marked as done (unblock: therion/5.4.3ds1-6)
Your message dated Sat, 15 Jun 2019 11:26:18 +
with message-id
and subject line unblock therion
has caused the Debian Bug report #930335,
regarding unblock: therion/5.4.3ds1-6
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
930335: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930335
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package therion.
This fixes a "Severity: important" bug in a "Priority: optional"
package, which is a regression from the version in stretch:
https://bugs.debian.org/930289
The diff is small so I've already uploaded to unstable as suggested by
the freeze policy. The package has successfully built for all release
architectures, and the autopkgtest is passing.
Debdiff against 5.4.3ds-5 (currently in testing) attached.
unblock therion/5.4.3ds1-6
Cheers,
Olly
diff -Nru therion-5.4.3ds1/debian/changelog therion-5.4.3ds1/debian/changelog
--- therion-5.4.3ds1/debian/changelog 2019-03-06 10:41:20.0 +1300
+++ therion-5.4.3ds1/debian/changelog 2019-06-10 12:33:11.0 +1200
@@ -1,3 +1,11 @@
+therion (5.4.3ds1-6) unstable; urgency=medium
+
+ * debian/patches/fix-epsg-esri-cs.patch: Fix coordinate system handling when
+more than one coordinate system is specified using an EPSG or ESRI code.
+(Closes: #930289)
+
+ -- Olly Betts Mon, 10 Jun 2019 12:33:11 +1200
+
therion (5.4.3ds1-5) unstable; urgency=medium
* debian/patches/fix-svg-export-segfault.patch: Fix segmentation fault when
diff -Nru therion-5.4.3ds1/debian/patches/fix-epsg-esri-cs.patch
therion-5.4.3ds1/debian/patches/fix-epsg-esri-cs.patch
--- therion-5.4.3ds1/debian/patches/fix-epsg-esri-cs.patch 1970-01-01
12:00:00.0 +1200
+++ therion-5.4.3ds1/debian/patches/fix-epsg-esri-cs.patch 2019-06-10
12:33:11.0 +1200
@@ -0,0 +1,292 @@
+Subject: [PATCH] New EPSG CS handling bugfix.
+ Therion 5.4.3 uses the wrong coordinate system if more than one
+ coordinate system is specified using an EPSG or ESRI code (the function
+ in question returns a pointer to a static variable which gets
+ overwritten if called again).
+Origin: upstream
+Author: Stacho Mudrak
+Bug-Debian: https://bugs.debian.org/930289
+Last-Update: 2019-06-10
+
+---
+ thconfig.cxx | 8
+ thcs.cxx | 4
+ thcs.h | 2 ++
+ thdataobject.cxx | 21 ++---
+ thexpmap.cxx | 4 ++--
+ thexpmodel.cxx | 12 ++--
+ thexptable.cxx | 2 +-
+ thexpuni.cxx | 12 ++--
+ 8 files changed, 35 insertions(+), 30 deletions(-)
+
+diff --git a/thconfig.cxx b/thconfig.cxx
+index 8af4192..d359829 100644
+--- a/thconfig.cxx
b/thconfig.cxx
+@@ -843,7 +843,7 @@ double thconfig::get_outcs_convergence()
+ {
+ double x, y, z;
+ if (this->get_outcs_center(x, y, z)) {
+-return thcsconverg(thcs_get_data(this->outcs)->params, x, y);
++return thcsconverg(thcs_get_params(this->outcs), x, y);
+ } else {
+ return 0.0;
+ }
+@@ -853,8 +853,8 @@ double thconfig::get_cs_convergence(int cs)
+ {
+ double x, y, z, lx, ly, lz;
+ if (this->get_outcs_center(x, y, z)) {
+-thcs2cs(thcs_get_data(this->outcs)->params, thcs_get_data(cs)->params, x,
y, z, lx, ly, lz);
+-return thcsconverg(thcs_get_data(cs)->params, lx, ly);
++thcs2cs(thcs_get_params(this->outcs), thcs_get_params(cs), x, y, z, lx,
ly, lz);
++return thcsconverg(thcs_get_params(cs), lx, ly);
+ } else {
+ return 0.0;
+ }
+@@ -868,7 +868,7 @@ bool thconfig::get_outcs_mag_decl(double year, double &
decl)
+ return false;
+ if ((year < double(thgeomag_minyear)) || (year > double(thgeomag_minyear +
thgeomag_step * (thgeomag_maxmindex + 1
+ return false;
+- thcs2cs(thcs_get_data(this->outcs)->params, "+proj=latlong +datum=WGS84",
x, y, z, lon, lat, alt);
++ thcs2cs(thcs_get_params(this->outcs), "+proj=latlong +datum=WGS84", x, y,
z, lon, lat, alt);
+ decl = thgeomag(lat, lon, alt, year);
+ return true;
+ }
+diff --git a/thcs.cxx b/thcs.cxx
+index 67b7514..6d565bb 100644
+--- a/thcs.cxx
b/thcs.cxx
+@@ -108,6 +108,10 @@ const char * thcs_get_name(int cs)
+ return csstr;
+ }
+
++std::string thcs_get_params(int cs) {
++ return std::string(thcs_get_data(cs)->params);
++}
++
+ const thcsdata * thcs_get_data(int cs) {
+ static thcsdata rv;
+ static char params[200];
+diff --git a/thcs.h b/thcs.h
+index 7906b53..cda4abc 100644
+--- a/thcs.h
b/thcs.h
+@@ -36,6 +36,8 @@ const char
Bug#930494: marked as done (unblock: rootskel/1.131)
Your message dated Sat, 15 Jun 2019 11:25:15 + with message-id and subject line unblock rootskel has caused the Debian Bug report #930494, regarding unblock: rootskel/1.131 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 930494: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930494 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hello, As mentioned in #930493, I have re-measured the minimum memory contraints of d-i, and the g-i part is in rootskel, as attached here, could you unblock it? unblock rootskel/1.131 -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'proposed-updates'), (500, 'oldoldstable'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.1.0 (SMP w/8 CPU cores) Kernel taint flags: TAINT_OOT_MODULE Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru rootskel-1.129/debian/changelog rootskel-1.131/debian/changelog --- rootskel-1.129/debian/changelog 2019-04-20 02:24:53.0 +0200 +++ rootskel-1.131/debian/changelog 2019-06-13 21:28:44.0 +0200 @@ -1,3 +1,24 @@ +rootskel (1.131) unstable; urgency=medium + + * Team upload + * Remove spurious files. + + -- Samuel Thibault Thu, 13 Jun 2019 21:28:44 +0200 + +rootskel (1.130) unstable; urgency=medium + + * Team upload + + [ Cyril Brulebois ] + * Remove Christian Perrier from Uploaders, with many thanks for all +his contributions over the years! (Closes: #927486) + + [ Samuel Thibault ] + * src/lib/debian-installer.d/S60frontend: Update gtk memory limit, now with +encryption support which eats a lot. + + -- Samuel Thibault Thu, 13 Jun 2019 20:39:11 +0200 + rootskel (1.129) unstable; urgency=medium * S50entropy-source: start haveged when appropriate, to avoid entropy diff -Nru rootskel-1.129/debian/control rootskel-1.131/debian/control --- rootskel-1.129/debian/control 2019-03-08 15:21:53.0 +0100 +++ rootskel-1.131/debian/control 2019-06-02 13:29:14.0 +0200 @@ -2,7 +2,7 @@ Section: debian-installer Priority: standard Maintainer: Debian Install System Team -Uploaders: Colin Watson , Bastian Blank , Christian Perrier , Steve McIntyre <93...@debian.org> +Uploaders: Colin Watson , Bastian Blank , Steve McIntyre <93...@debian.org> Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.7.0), linux-libc-dev (>= 2.6.38) [linux-any] Vcs-Browser: https://salsa.debian.org/installer-team/rootskel Vcs-Git: https://salsa.debian.org/installer-team/rootskel.git diff -Nru rootskel-1.129/src/lib/debian-installer.d/S60frontend rootskel-1.131/src/lib/debian-installer.d/S60frontend --- rootskel-1.129/src/lib/debian-installer.d/S60frontend 2017-02-11 22:24:40.0 +0100 +++ rootskel-1.131/src/lib/debian-installer.d/S60frontend 2019-06-02 13:28:52.0 +0200 @@ -31,14 +31,14 @@ case "$(archdetect)" in # Tested with Uyghur powerpc/*|amd64/*) - local MEMLIMIT=310 ;; # is 316864kB, qemu -m 327 + local MEMLIMIT=766 ;; # is 783460kB, qemu -m 800 kfreebsd-amd64/*) # See Bug#783775 for derivation. local MEMLIMIT=144 ;; # is 147456kB, qemu -m 256 hurd-i386/*) local MEMLIMIT=750 ;; # qemu -m 750 *) - local MEMLIMIT=281 ;; # is 287732kB, qemu -m 293 + local MEMLIMIT=534 ;; # is 546188kB, qemu -m 550 esac if [ $(get_mem) -lt $MEMLIMIT ] ; then --- End Message --- --- Begin Message --- Unblocked rootskel.--- End Message ---
Bug#930493: marked as done (unblock: lowmem/1.47)
Your message dated Sat, 15 Jun 2019 11:23:41 + with message-id and subject line unblock lowmem has caused the Debian Bug report #930493, regarding unblock: lowmem/1.47 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 930493: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930493 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hello, Now that things have settled down, I have re-measured the minimum memory contraints of d-i and thus uploaded a new version of lowmem with the attached changes, could you unblock it? It can be noted that the minimum have changed quite a lot because I changed the test a bit: we were not testing with encryption support previously, and it happens to require quite a lot of memory. I have also added ignoring a lintian error about missing translations, since lowmem conditions are precisely when we want to drop translations :) unblock lowmem/1.47 -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'proposed-updates'), (500, 'oldoldstable'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.1.0 (SMP w/8 CPU cores) Kernel taint flags: TAINT_OOT_MODULE Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- Samuel r: et la marmotte, elle écrit un papier IPDPS diff -Nru lowmem-1.46/debian/changelog lowmem-1.47/debian/changelog --- lowmem-1.46/debian/changelog2018-08-28 18:00:17.0 +0200 +++ lowmem-1.47/debian/changelog2019-06-13 20:28:13.0 +0200 @@ -1,3 +1,17 @@ +lowmem (1.47) unstable; urgency=medium + + * Team upload + + [ Cyril Brulebois ] + * Remove Christian Perrier from Uploaders, with many thanks for all +his contributions over the years! (Closes: #927570) + + [ Samuel Thibault ] + * Update limits. + * source.lintian-overrides: Ignore untranslated templates. + + -- Samuel Thibault Thu, 13 Jun 2019 20:28:13 +0200 + lowmem (1.46) unstable; urgency=medium * Team upload diff -Nru lowmem-1.46/debian/control lowmem-1.47/debian/control --- lowmem-1.46/debian/control 2018-08-10 21:22:39.0 +0200 +++ lowmem-1.47/debian/control 2019-06-02 14:23:59.0 +0200 @@ -2,7 +2,6 @@ Section: debian-installer Priority: optional Maintainer: Debian Install System Team -Uploaders: Christian Perrier Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.9.0) Vcs-Browser: https://salsa.debian.org/installer-team/lowmem Vcs-Git: https://salsa.debian.org/installer-team/lowmem.git diff -Nru lowmem-1.46/debian/source.lintian-overrides lowmem-1.47/debian/source.lintian-overrides --- lowmem-1.46/debian/source.lintian-overrides 2018-08-10 21:22:39.0 +0200 +++ lowmem-1.47/debian/source.lintian-overrides 2019-06-13 20:28:13.0 +0200 @@ -1 +1,2 @@ lowmem source: not-using-po-debconf +lowmem source: untranslatable-debconf-templates diff -Nru lowmem-1.46/debian-installer-startup.d/S15lowmem lowmem-1.47/debian-installer-startup.d/S15lowmem --- lowmem-1.46/debian-installer-startup.d/S15lowmem2018-08-10 21:22:39.0 +0200 +++ lowmem-1.47/debian-installer-startup.d/S15lowmem2019-06-02 14:21:18.0 +0200 @@ -25,9 +25,9 @@ min=39 ;; amd64) - level1=163 # MT=166348, qemu: -m 178 - level2=163 # MT=166348, qemu: -m 178 - min=163# MT=166348, qemu: -m 178 + level1=483 # MT=494300, qemu: -m 550 + level2=273 # MT=279260, qemu: -m 300 + min=145# MT=148188, qemu: -m 170 ;; arm|armel|armhf) # Update needed @@ -42,9 +42,9 @@ min=18 ;; i386) - level1=135 # MT=137688, qemu: -m 145 - level2=135 # MT=137688, qemu: -m 145 - min=135# MT=137688, qemu: -m 145 + level1=386 # MT=394604, qemu: -m 400 + level2=237 # MT=242628, qemu: -m 250
Bug#930330: marked as done (unblock: cryptsetup/2.1.0-5)
Your message dated Sat, 15 Jun 2019 11:21:39 + with message-id and subject line unblock cryptsetup has caused the Debian Bug report #930330, regarding unblock: cryptsetup/2.1.0-5 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 930330: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930330 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Tags: d-i Hi there, During a chat last at MiniDebConf Hamburg last week-end we (cryptsetup package maintainers + KiBi + ivodd) discussed a path forward for #927165 (debian-installer: improve support for LUKS) in Buster. In the cryptsetup side of thing, we produced an online document/guide/notes on GRUB unlocking for both LUKS devices, including extra work-arounds for LUKS2: https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html The document isn't shipped to any of cryptsetup/2.1.0-5's binary packages, because it'll likely be amended in later d-i Buster RCs (based on which flag/workaround is implemented there), and shipping the document to our binary packages would then require extra roundtrips and unblock requests. Instead, we added a section "Unlocking LUKS devices from GRUB" to README.Debian with a link to the aforementioned document [0]. The debdiff diffstat (without ‘--ignore-space’) between 2:2.1.0-4 and 2:2.1.0-5 goes as follows: README.Debian| 196 --- README.debug | 71 README.gnupg | 34 ++-- README.gnupg-sc | 36 ++-- README.initramfs | 148 ++ README.keyctl| 51 +++--- README.opensc| 99 +--- README.source|2 changelog| 12 + cryptsetup-run.docs |1 doc/pandoc/encrypted-boot.md | 353 +++ doc/pandoc/index.md | 24 ++ doc/pandoc/pandoc.css| 74 + gitlab-ci.yml| 53 ++ 14 files changed, 894 insertions(+), 260 deletions(-) There is a bit of clutter in the above: - New files gitlab-ci.yml and doc/pandoc/* are what let us build the docs for pages.debian.net. These files are not shipped in any binary package. - Some minor cosmetic changes in README.* to comply with (Pandoc's) Mardown format. Debdiff between 2:2.1.0-4 and 2:2.1.0-5 (with ‘--ignore-space’) attached. Again, the important bit for this unblock request is the new section in README.Debian. The remaining bits are documentation-only changes. unblock cryptsetup/2.1.0-5 Thanks for considering its inclusion in Buster! Cheers, -- Guilhem. [0] The new section in README.Debian can also be found online at https://cryptsetup-team.pages.debian.net/cryptsetup/README.Debian.html#unlocking-luks-devices-from-grub signature.asc Description: PGP signature --- End Message --- --- Begin Message --- Unblocked cryptsetup.--- End Message ---
Bug#929724: marked as done (unblock: shim-signed/1.33)
Your message dated Sat, 15 Jun 2019 13:18:51 +0200
with message-id <20190615111850.7iln6jljmhlvg...@debian.org>
and subject line Re: unblock: shim-signed/1.33 (was Re: unblock:
shim-signed/1.32)
has caused the Debian Bug report #929724,
regarding unblock: shim-signed/1.33
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
929724: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929724
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package shim-signed
I've tweaked the shim-signed packaging to make what I believe are all
the changes wanted before we get our latest signed binaries back from
the Microsoft CA. Summary:
* Add Breaks/Replaces to shim-signed-common for
update-secureboot-policy etc. Closes: #929673
* update-secureboot-policy: fix error if /var/lib/dkms does not
exist. Closes: #923718
* Separate the helper scripts into a new shim-signed-common package,
apart from the actual signed shim binaries so that we can
sensibly support co-installability using Multi-Arch.
Closes: #928486
* Add/update translations:
+ Italian (Closes: #915993, thanks to Beatrice Torracca)
+ Swedish (Closes: #921410, thanks to Matrin Bagge)
+ Russian (Closes: #99, thanks to Lev Lamberov)
+ Dutch (Closes: #917580, #926664, thanks to Frans Spiesschaert)
* Remove doc link used to quieten old lintian versions
The main fixes are for #928486 (which is blocking some users building
multi-arch live media), but I've also rolled in a trivial fix for
#923718 (cosmetic) and a bunch of translation updates (filtered out
here). #929673 showed I made a daft mistake with the 1.31 upload. :-(
I expect to make one more shim-signed upload before buster, just
adding the new signed binaries. I'm doing all the other changes here
and now to make that final change as small and as easy to review as
possible.
This package still has the same outstanding RC bug as version 1.30
(#928107), which is impossible to fix right now. When they arrive, the
new signed binaries will allow us to fix this with the 1.33 upload.
debdiff attached.
unblock shim-signed/1.32
-- System Information:
Debian Release: 10.0
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru shim-signed-1.30/debian/changelog shim-signed-1.32/debian/changelog
--- shim-signed-1.30/debian/changelog 2019-04-23 00:01:10.0 +0100
+++ shim-signed-1.32/debian/changelog 2019-05-28 14:23:54.0 +0100
@@ -1,3 +1,27 @@
+shim-signed (1.32) unstable; urgency=medium
+
+ * Add Breaks/Replaces to shim-signed-common for
+update-secureboot-policy etc. Closes: #929673
+
+ -- Steve McIntyre <93...@debian.org> Tue, 28 May 2019 14:23:54 +0100
+
+shim-signed (1.31) unstable; urgency=medium
+
+ * update-secureboot-policy: fix error if /var/lib/dkms does not
+exist. Closes: #923718
+ * Separate the helper scripts into a new shim-signed-common package,
+apart from the actual signed shim binaries so that we can
+sensibly support co-installability using Multi-Arch.
+Closes: #928486
+ * Add/update translations:
++ Italian (Closes: #915993, thanks to Beatrice Torracca)
++ Swedish (Closes: #921410, thanks to Matrin Bagge)
++ Russian (Closes: #99, thanks to Lev Lamberov)
++ Dutch (Closes: #917580, #926664, thanks to Frans Spiesschaert)
+ * Remove doc link used to quieten old lintian versions
+
+ -- Steve McIntyre <93...@debian.org> Mon, 27 May 2019 23:02:10 +0100
+
shim-signed (1.30) unstable; urgency=medium
* Force the built-using version to be 15+1533136590.3beb971-6. That
diff -Nru shim-signed-1.30/debian/control shim-signed-1.32/debian/control
--- shim-signed-1.30/debian/control 2019-04-22 23:59:15.0 +0100
+++ shim-signed-1.32/debian/control 2019-05-28 14:23:54.0 +0100
@@ -18,6 +18,7 @@
Package: shim-signed
Architecture: amd64 i386 arm64
+Multi-Arch: same
Depends: ${misc:Depends},
grub-efi-amd64-bin [amd64],
shim-helpers-amd64-signed (>= 1+15+1533136590.3beb971+5) [amd64],
@@ -25,8 +26,7 @@
shim-helpers-i386-signed (>= 1+15+1533136590.3beb971+5) [i386],
grub-efi-arm64-bin [arm64],
shim-helpers-arm64-signed (>=
Bug#930551: marked as done (nmu: znc-backlog_0.20180824-1)
Your message dated Sat, 15 Jun 2019 12:43:29 +0200 with message-id <20190615104327.roxsyrfcwjwqk...@debian.org> and subject line Re: nmu: znc-backlog_0.20180824-1 has caused the Debian Bug report #930551, regarding nmu: znc-backlog_0.20180824-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 930551: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930551 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hi Apparently, cf. #916764 znc-backlog has quite strict dependency relations to znc, so once znc is updated, znc-backlog needs a rebuild. Can you please schedule binNMU's for znc-backlog? (This will need as well to move to testing, as znc itself got an unblock to fix CVE-2019-12816). nmu znc-backlog_0.20180824-1 . ANY . unstable . -m "Rebuild against 1.7.2-3" Thanks for your work! Regards, Salvatore -- System Information: Debian Release: 10.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- Hi, On Sat, Jun 15, 2019 at 12:20:10PM +0200, Salvatore Bonaccorso wrote: > Apparently, cf. #916764 znc-backlog has quite strict dependency > relations to znc, so once znc is updated, znc-backlog needs a rebuild. > > Can you please schedule binNMU's for znc-backlog? (This will need as > well to move to testing, as znc itself got an unblock to fix > CVE-2019-12816). > > nmu znc-backlog_0.20180824-1 . ANY . unstable . -m "Rebuild against 1.7.2-3" Scheduled and unblocked. Obviously this will also be an issue if there are security updates for znc once buster is stable. I'm wondering if it wouldn't be better if znc-backlog was just built by src:znc. There is only a single znc plugin, and it's very small, so having the overhead of this mini-transition for every znc update seems excessive. Ivo--- End Message ---
Bug#930551: nmu: znc-backlog_0.20180824-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hi Apparently, cf. #916764 znc-backlog has quite strict dependency relations to znc, so once znc is updated, znc-backlog needs a rebuild. Can you please schedule binNMU's for znc-backlog? (This will need as well to move to testing, as znc itself got an unblock to fix CVE-2019-12816). nmu znc-backlog_0.20180824-1 . ANY . unstable . -m "Rebuild against 1.7.2-3" Thanks for your work! Regards, Salvatore -- System Information: Debian Release: 10.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#930238: unblock: zfs-linux/0.7.12-2+deb10u1 [t-p-u]
Hi Mo, Aron, On 14-06-2019 12:50, Aron Xu wrote: > I have tested the package in a virtual machine on amd64 for > linux/4.19.37-3 (buster) and a locally built updated linux kernel that > breaks zfs-linux/0.7.12-2. The dkms package builds fine with both of > the versions and zpool create/export/import works fine. Therefore, > please unblock the t-p-u update for buster, thanks. I am probably asking a very stupid question, but ... The changes in the patch are in the source code. Do these dkms package work is such a way that the binaries are compiled every time that a kernel gets updated? I.e. a change in the source that checks for the kernel version actually results in a binary that works for that source? Paul signature.asc Description: OpenPGP digital signature
Bug#928882: unblock: [pre-approval] ghc/8.4.4+dfsg1-3
Hi Emanuel, On 14-06-2019 18:07, Ilias Tsitsimpis wrote: > I have uploaded both ghc and happy here, in case you need Emanuele to > verify that the current version of happy fails, whereas the new one > works: > > https://www.iliastsi.net/ghc/ghc_8.4.4+dfsg1-2+armel0_armel.deb > sha256: > 5d8dae44d79545aeee34755baa6c51ffe80db8309051978aaa9ac8857d6efde9 > https://www.iliastsi.net/ghc/ghc-doc_8.4.4+dfsg1-2+armel0_all.deb > sha256: bffaf0957deb767d75e251f92dd8a59c6277c5b986241219fbb26ea3400284fa > https://www.iliastsi.net/ghc/ghc-prof_8.4.4+dfsg1-2+armel0_armel.deb > sha256: 8fde49d87ad410ae5fec77ac89af4da11f4a2dd0924f0085a2f5f9c6e93fc09c > https://www.iliastsi.net/ghc/happy_1.19.9-6+armel0_armel.deb > sha256: c560c02e7369c08de18f7151bcb53245a1c7f4ab83e9c07265beef7ca0e24921 Could you please do the check that Ilias proposes? I.e. install the current happy and run it on the example code and see that it fails. Install the package from Ilias and see that it works? > So, it seems that the proposed patch does indeed resolve the issue. I agree with you, however I'd like to see the results of the check by Emanuele. > Unfortunately, I cannot provide any guarantee that it will not introduce > any bugs that weren't there before, but I believe the only way to find > out is to upload a fixed version of GHC on unstable and schedule the > required binNMUs. If all of them succeed, we can then unblock them. Guarantees like that have very little value. We are trying to weight the risk versus the gain. Please go ahead if and when Emanuele reports positive results. Paul signature.asc Description: OpenPGP digital signature
Bug#929820: marked as done (nmu: cdebootstrap_0.7.7+b11)
Your message dated Sat, 15 Jun 2019 10:34:57 +0200 with message-id and subject line Re: Bug#929820: nmu: cdebootstrap_0.7.7+b11 has caused the Debian Bug report #929820, regarding nmu: cdebootstrap_0.7.7+b11 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 929820: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929820 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu cdebootstrap_0.7.7+b11 . ANY . buster . -m "Rebuild for change in libdebian-installer (v0.119)" I don't know if this is the correct way, but cdebootstrap-static needs a rebuild to pick up the change in libdebian-installer (version 0.119, fixing #55) and this is my attempt to request it. -- System Information: Debian Release: 10.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (101, 'experimental'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/16 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- Hi On 02-06-2019 11:07, Paul Gevers wrote: > I scheduled the binNMU, but the new version can only migrate when > libdebian-installer migrates and it still needs a manual unblock. Hence, > not closing the bug yet. This can happen now, hence unblocked. Thanks, Paul signature.asc Description: OpenPGP digital signature --- End Message ---
Bug#928908: marked as done (unblock: libdebian-installer/0.119)
Your message dated Sat, 15 Jun 2019 10:30:07 +0200 with message-id and subject line Re: Bug#928908: unblock: libdebian-installer/0.119 has caused the Debian Bug report #928908, regarding unblock: libdebian-installer/0.119 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 928908: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928908 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock libdebian-installer/0.119 fixing RC bug #55 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=55 Changes: libdebian-installer (0.119) unstable; urgency=medium [ Cyril Brulebois ] * Drop support for arm*/ixp4xx and arm*/iop32x; support for those platforms was removed from the Linux kernel and therefore d-i. * Remove Christian Perrier from Uploaders, with many thanks for all his contributions over the years! (Closes: #927544) . [ Bastian Blank ] * Enlarge maximum line length in Packages and Sources files. (closes: #55) Diff stat: debian/changelog | 14 ++ debian/control | 2 +- src/parser_rfc822.c| 2 +- src/system/subarch-arm-linux.c | 17 - 4 files changed, 16 insertions(+), 19 deletions(-) Bastian Blank (2): Enlarge maximum line length in Packages and Sources files releasing version 0.119 Cyril Brulebois (2): Drop support for arm*/ixp4xx and arm*/iop32x. Remove Christian Perrier from Uploaders. Holger Wansing (1): Add reference to bugreport -- Best regards Asbjørn Sloth Tønnesen --- End Message --- --- Begin Message --- Hi, On Wed, 15 May 2019 20:03:00 + Niels Thykier wrote: > OK from here. CC'ing KiBi for a d-i ack. Fully unblocked, thanks. Paul signature.asc Description: OpenPGP digital signature --- End Message ---
Bug#929908: marked as done (unblock: tomcat9/9.0.16-4)
Your message dated Sat, 15 Jun 2019 10:27:42 +0200 with message-id and subject line Re: Bug#929908: unblock: tomcat9/9.0.16-4 has caused the Debian Bug report #929908, regarding unblock: tomcat9/9.0.16-4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 929908: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929908 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi, This is a pre-upload request to unblock tomcat9/9.0.16-4. This update fixes: - a minor security issue (CVE-2019-0221, see #929895) - a startup failure on the architectures supporting only the Zero VM (#925928) - the variable enabling the security manager that wasn't properly renamed in the startup script - a couple of regressions compared to the old tomcat8 package that were caused by the transition to systemd (variable expansion no longer working in /etc/default/tomcat9, wrong permissions on the log directory) This update doesn't implement the sysvinit script that was discussed in #925473, this may be reconsidered in a later point release after sufficient testing in unstable. Thank you, Emmanuel Bourg unblock tomcat9/9.0.16-4 diff -Nru tomcat9-9.0.16/debian/changelog tomcat9-9.0.16/debian/changelog --- tomcat9-9.0.16/debian/changelog 2019-02-26 09:31:13.0 +0100 +++ tomcat9-9.0.16/debian/changelog 2019-06-03 00:44:27.0 +0200 @@ -1,3 +1,26 @@ +tomcat9 (9.0.16-4) unstable; urgency=medium + + * Team upload. + + [ Emmanuel Bourg ] + * Fixed CVE-2019-0221: The SSI printenv command echoes user provided data +without escaping and is, therefore, vulnerable to XSS. SSI is disabled +by default (Closes: #929895) + + [ Thorsten Glaser ] + * Remove -XX:+UseG1GC from standard JAVA_OPTS; the JRE chooses +a suitable GC automatically anyway (Closes: #925928) + * Correct the ownership and permissions on the log directory: +group adm and setgid (Closes: #925929) + * Make the startup script honour the (renamed) $SECURITY_MANAGER + * debian/libexec/tomcat-locate-java.sh: Remove shebang and make +not executable as this is only ever sourced (makes no sense otherwise) + + [ Christian Hänsel ] + * Restored the variable expansion in /etc/default/tomcat9 (Closes: #926319) + + -- Emmanuel Bourg Mon, 03 Jun 2019 00:44:27 +0200 + tomcat9 (9.0.16-3) unstable; urgency=medium * Removed read/write access to /var/lib/solr (Closes: #923299) diff -Nru tomcat9-9.0.16/debian/default.template tomcat9-9.0.16/debian/default.template --- tomcat9-9.0.16/debian/default.template 2019-02-05 10:11:13.0 +0100 +++ tomcat9-9.0.16/debian/default.template 2019-06-02 23:05:39.0 +0200 @@ -3,9 +3,10 @@ # OpenJDK and the Oracle JDK are tried. #JAVA_HOME=/usr/lib/jvm/java-8-openjdk -# You may pass JVM startup parameters to Java here. If unset, the default -# options will be: -Djava.awt.headless=true -XX:+UseG1GC -JAVA_OPTS="-Djava.awt.headless=true -XX:+UseG1GC" +# You may pass JVM startup parameters to Java here. If you run Tomcat with +# Java 8 instead of 9 or newer, add "-XX:+UseG1GC" to select a suitable GC. +# If unset, the default options will be: -Djava.awt.headless=true +JAVA_OPTS="-Djava.awt.headless=true" # To enable remote debugging uncomment the following line. # You will then be able to use a Java debugger on port 8000. diff -Nru tomcat9-9.0.16/debian/libexec/tomcat-locate-java.sh tomcat9-9.0.16/debian/libexec/tomcat-locate-java.sh --- tomcat9-9.0.16/debian/libexec/tomcat-locate-java.sh 2019-02-05 10:11:13.0 +0100 +++ tomcat9-9.0.16/debian/libexec/tomcat-locate-java.sh 2019-06-03 00:44:27.0 +0200 @@ -1,4 +1,3 @@ -#!/bin/sh # # Script looking for a Java runtime suitable for running Tomcat # diff -Nru tomcat9-9.0.16/debian/libexec/tomcat-start.sh tomcat9-9.0.16/debian/libexec/tomcat-start.sh --- tomcat9-9.0.16/debian/libexec/tomcat-start.sh 2019-02-05 10:11:13.0 +0100 +++ tomcat9-9.0.16/debian/libexec/tomcat-start.sh 2019-06-03 00:44:27.0 +0200 @@ -5,6 +5,9 @@ set -e +# Load the service settings +. /etc/default/tomcat9 + # Find the Java runtime and set JAVA_HOME . /usr/libexec/tomcat9/tomcat-locate-java.sh @@ -15,7 +18,7 @@ # Enable the Java security manager? SECURITY="" -[ "$TOMCAT_SECURITY" = "yes" ] && SECURITY="-security" +[ "$SECURITY_MANAGER" = "true" ] && SECURITY="-security" # Start Tomcat diff -Nru tomcat9-9.0.16/debian/patches/CVE-2019-0221.patch
Bug#930371: marked as done (unblock: dbus/1.12.16-1)
Your message dated Sat, 15 Jun 2019 10:25:18 +0200 with message-id <3e2879ef-9654-6948-7b39-bcfe1b144...@debian.org> and subject line Re: Bug#930371: unblock: dbus/1.12.16-1 has caused the Debian Bug report #930371, regarding unblock: dbus/1.12.16-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 930371: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930371 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal Tags: d-i User: release.debian@packages.debian.org Usertags: unblock Please unblock package dbus to fix CVE-2019-12749. I forgot to set high urgency, so you might want to adjust its age-days too. Filtered and full diffs are attached (the former has Autotools noise removed). As usual, I'm happy to revert anything that -release can't accept, because the whole 1.12.x branch exists for the benefit of distros with a bugfix-only policy (but having said that, everything in this particular version is either CVE-2019-12749, tests for it, or release preparation). dbus builds udebs, so this will need an ack from debian-boot (although from comments on #929132 it isn't clear to me whether the udebs are actually used for anything). unblock dbus/1.12.16-1 Breakdown of the diff: > diffstat for dbus-1.12.14 dbus-1.12.16 > > dbus/dbus-auth.c| 32 CVE-2019-12749 > dbus/dbus-auth-script.c | 87 > +++- > dbus/dbus-sysdeps-util-unix.c | 40 +++ > dbus/dbus-sysdeps-util-win.c| 25 ++ > dbus/dbus-sysdeps.h | 10 ++ > test/Makefile.am|2 > test/data/auth/cookie-sha1-username.auth-script | 12 +++ > test/data/auth/cookie-sha1.auth-script | 11 +++ Regression tests for CVE-2019-12749 (these are #ifdef'd out and do not affect the dbus binary package, although they do end up in the special debug build in the dbus-tests package) > NEWS| 18 > configure.ac|4 - > debian/changelog| 15 Release preparation > Makefile.in |4 - > aminclude_static.am |2 > bus/Makefile.in |2 > configure | 26 +++ > dbus/Makefile.in|2 > test/Makefile.in|4 - Autotools noise from doing the release Thanks, smcv filterdiff -p1 -xMakefile.in -x'*/Makefile.in' -xaminclude_static.am -xconfigure < dbus_1.12.16-1.diff > dbus_1.12.16-1-filtered.diff diffstat for dbus-1.12.14 dbus-1.12.16 Makefile.in |4 - NEWS| 18 aminclude_static.am |2 bus/Makefile.in |2 configure | 26 +++ configure.ac|4 - dbus/Makefile.in|2 dbus/dbus-auth-script.c | 87 +++- dbus/dbus-auth.c| 32 dbus/dbus-sysdeps-util-unix.c | 40 +++ dbus/dbus-sysdeps-util-win.c| 25 ++ dbus/dbus-sysdeps.h | 10 ++ debian/changelog| 15 test/Makefile.am|2 test/Makefile.in|4 - test/data/auth/cookie-sha1-username.auth-script | 12 +++ test/data/auth/cookie-sha1.auth-script | 11 +++ 17 files changed, 272 insertions(+), 24 deletions(-) diff -Nru dbus-1.12.14/configure.ac dbus-1.12.16/configure.ac --- dbus-1.12.14/configure.ac 2019-05-17 10:38:45.0 +0100 +++ dbus-1.12.16/configure.ac 2019-06-09 13:09:13.0 +0100 @@ -3,7 +3,7 @@ m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [12]) -m4_define([dbus_micro_version], [14]) +m4_define([dbus_micro_version], [16]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) @@ -42,7 +42,7 @@ ## increment any time the source changes; set to ## 0 if you
Bug#930194: marked as done (unblock: openssl/1.1.1c-1)
Your message dated Sat, 15 Jun 2019 10:20:48 +0200 with message-id <4faa6749-5eda-516d-e906-7e7de9129...@debian.org> and subject line Re: Bug#930194: unblock: openssl/1.1.1c-1 has caused the Debian Bug report #930194, regarding unblock: openssl/1.1.1c-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 930194: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930194 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Severity: normal Please unblock package openssl. The updated package is the `c' version, which is the latest upstream release for the 1.1.1 series. This update causes a regresion in the m2crypto test suite which is tracked as #929903. The regression is fixed upstream and I plan to provide an update. There is also a minor report valgrind report about an unitialized memory tracked as #930061. This one will be fixed in the next upload because it is not serious enough to cherry-pick the patch right away. unblock openssl/1.1.1c-1 Sebastian --- End Message --- --- Begin Message --- Hi On 11-06-2019 20:45, Paul Gevers wrote: > I have unblock this from Release Team point of view, but this needs an > ACK from the d-i, hence KiBi in CC. Fully unblocked. Paul signature.asc Description: OpenPGP digital signature --- End Message ---
Bug#930550: unblock: thunderbird/1:60.7.1-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package thunderbird The release of an updated Thunderbird package by Mozilla was needed due found CVE issues. There are no changes did happen to the packaging thunderbird itself, it was only necessary to import the new sources and start a rebuild. The modification within the debian folder are really small and simple. $ diff -Naur thunderbird-60.7.0/debian/ thunderbird-60.7.1/debian/ diff -puNr -Naur thunderbird-60.7.0/debian/changelog thunderbird-60.7.1/debian/changelog --- thunderbird-60.7.0/debian/changelog 2019-06-15 10:00:28.591606482 +0200 +++ thunderbird-60.7.1/debian/changelog 2019-06-15 10:02:39.604085695 +0200 @@ -1,3 +1,14 @@ +thunderbird (1:60.7.1-1) unstable; urgency=high + + * [f791dee] New upstream version 60.7.1 +Fixed CVE issues in upstream version 60.7.1 (MFSA 2019-17) +CVE-2019-11703: Heap buffer overflow in icalparser.c +CVE-2019-11704: Heap buffer overflow in icalvalue.c +CVE-2019-11705: Stack buffer overflow in icalrecur.c +CVE-2019-11706: Type confusion in icalproperty.c + + -- Carsten Schoenert Fri, 14 Jun 2019 07:25:35 +0200 + thunderbird (1:60.7.0-1) unstable; urgency=medium * [f6dd130] New upstream version 60.7.0 So please consider to unblock the thunderbird package 1:60.7.1-1. unblock thunderbird/1:60.7.1-1 -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, aarch64, arm64 Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
possible???? hybrid kernel run android app
possible hybrid kernel run android app on debian
