Bug#930058: unblock: puppet/5.5.10-3
On Mon, Jun 17, 2019 at 12:59:10AM +0200, Thomas Goirand wrote: > I don't think people read more the NEWS than the changelog. I'm not sure how you arrive at that conclusion, but here's a consideration: it's my company's policy that the NEWS are read during every upgrade of a client system (and our own) to catch surprises like this. It is a good example of exactly what NEWS files are for. Popcon also suggests that 85% of respondents have apt-listchanges installed, which is the package giving this behaviour. So I disagree with your statement that it is a waste of time documenting a surprising behaviour change like this. As Micah demonstrates, local administrators upgrading may already have a mechanism to deal with the problem and your cron job will conflict with that. > Having run puppet on a small virtual machine with 40 GB disk, and having > it taken down by 800 MB reports every day for every compute in the > cluster, no, this isn't controversial. This is completely mandatory. > What I believe puppet user do is set this up by themselves, or disable > reports all together. Keeping 1 month of reports is very conservative. I don't disagree with the problem statement. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Bug#930058: unblock: puppet/5.5.10-3
On 6/15/19 7:54 PM, Paul Gevers wrote: > Control: tags -1 moreinfo > > Hi Thomas, > > On 06-06-2019 10:36, Thomas Goirand wrote: >> Version 5.5.10-3 adds a tiny cron.daily job which cleans-up the >> /var/lib/puppet/reports folder to avoid that a puppet-master >> server gets its HDD full, which potentially could be very harmful >> for a deployment. > > This seems slightly controversial to me (as hinted by a comment in the > bug as well). Don't you think this warrants a note in NEWS? > > Paul Hi, Thanks for your time reviewing this yet another unblock request. I don't think people read more the NEWS than the changelog. Respectfully (please don't see any aggressiveness here: there's none), if you really want to waste everyone's time on this, then I can do it, but I don't think this helps. There's not much time before the final release. Having run puppet on a small virtual machine with 40 GB disk, and having it taken down by 800 MB reports every day for every compute in the cluster, no, this isn't controversial. This is completely mandatory. What I believe puppet user do is set this up by themselves, or disable reports all together. Keeping 1 month of reports is very conservative. Cheers, Thomas Goirand (zigo)
Bug#930632: unblock: libfm-qt/0.14.1-9
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package libfm-qt Latest version fixes #926803, missed file monitoring on remote file systems. Without the fix remote filesystems are nearly unusable. Diff: diff --git a/debian/changelog b/debian/changelog index 9bc9b25..54ef4eb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +libfm-qt (0.14.1-9) unstable; urgency=medium + + * Added upstream patch workaround-missed-file-monitoring.patch +(Closes: #926803) + * Added two new symbols - internal use only + + -- Alf Gaida Sat, 08 Jun 2019 16:39:11 +0200 + libfm-qt (0.14.1-8) unstable; urgency=medium * Removed the wrongly introduced build dependency on lxqt-qtplugin diff --git a/debian/libfm-qt6.symbols b/debian/libfm-qt6.symbols index d06f805..158bd23 100644 --- a/debian/libfm-qt6.symbols +++ b/debian/libfm-qt6.symbols @@ -531,12 +531,14 @@ libfm-qt.so.6 libfm-qt6 #MINVER# (c++)"Fm::Folder::filesAdded(Fm::FileInfoList&)@Base" 0.12.0 (c++)"Fm::Folder::filesChanged(std::vector, std::shared_ptr >, std::allocator, std::shared_ptr > > >&)@Base" 0.12.0 (c++)"Fm::Folder::filesRemoved(Fm::FileInfoList&)@Base" 0.12.0 + (c++)"Fm::Folder::findByPath(Fm::FilePath const&)@Base" 0.14.1~ (c++)"Fm::Folder::finishLoading()@Base" 0.12.0 (c++)"Fm::Folder::fromPath(Fm::FilePath const&)@Base" 0.12.0 (c++|arch= !armel !armhf !i386 !mips !mipsel !hppa !hurd-i386 !kfreebsd-i386 !m68k !powerpc !powerpcspe !sh4 !x32 )"Fm::Folder::getFilesystemInfo(unsigned long*, unsigned long*) const@Base" 0.12.0 (c++|arch= !amd64 !arm64 !mips64el !ppc64el !s390x !alpha !ia64 !kfreebsd-amd64 !ppc64 !riscv64 !sparc64 )"Fm::Folder::getFilesystemInfo(unsigned long long*, unsigned long long*) const@Base" 0.12.0 (c++)"Fm::Folder::hadCutFilesUnset()@Base" 0.12.0 (c++)"Fm::Folder::hasCutFiles()@Base" 0.12.0 + (c++)"Fm::Folder::hasFileMonitor() const@Base" 0.14.1~ (c++)"Fm::Folder::info() const@Base" 0.12.0 (c++)"Fm::Folder::isEmpty() const@Base" 0.12.0 (c++)"Fm::Folder::isIncremental() const@Base" 0.12.0 diff --git a/debian/patches/series b/debian/patches/series index 1a4dd71..031051b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,3 +2,4 @@ fix-smb-recursive-copy.patch fix-license-headers.patch dont-ignore-crea-del-sequences.patch workaround-glib-recursive-moving-error.patch +workaround-missed-file-monitoring.patch diff --git a/debian/patches/workaround-missed-file-monitoring.patch b/debian/patches/workaround-missed-file-monitoring.patch new file mode 100644 index 000..5be3811 --- /dev/null +++ b/debian/patches/workaround-missed-file-monitoring.patch @@ -0,0 +1,143 @@ +Description: Realod folder after transfer job if it lacks file monitoring + Closes https://github.com/lxqt/pcmanfm-qt/issues/933 and closes + https://github.com/lxqt/libfm-qt/issues/280. After a file transfer job is + finished inside a directory, if it is the path of an open folder that lacks + file monitoring, this patch reloads its corresponding folder. In this way, the + lack of file monitoring is partially compensated for. + Please note that this doesn't work with `search://` because the files inside + `search://` don't belong to it. By covering file creation, renaming, moving + from one shared folder to another and deleting after trying to move into Trash. + +Last-Update: 2019-06-08 + +--- libfm-qt-0.14.1.orig/src/core/folder.cpp libfm-qt-0.14.1/src/core/folder.cpp +@@ -112,6 +112,20 @@ std::shared_ptr Folder::fromPath + return
Bug#930621: marked as done (unblock: gpodder/3.10.7-2)
Your message dated Sun, 16 Jun 2019 23:07:57 +0100
with message-id <20190616220757.ga16...@powdarrmonkey.net>
and subject line Re: Bug#930621: unblock: gpodder/3.10.7-2
has caused the Debian Bug report #930621,
regarding unblock: gpodder/3.10.7-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
930621: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930621
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package gpodder
Dear Release Managers,
Recently YouTube started requiring connections via HTTPS. There isn't a
Debian bug filed for this, but upstream contacted me directly to ask
whether this could be addressed for buster. The upstream issue is:
https://github.com/gpodder/gpodder/issues/625
And the patch PR:
https://github.com/gpodder/gpodder/pull/626
I know it's late, but I am filing the unblock with the rationale that
the broken YouTube support will be seen as regression for our users.
Also, the patch is simple.
I have validated the change locally and the debdiff is attached.
Thank you for your consideration!
tony
unblock gpodder/3.10.7-2
diff -Nru gpodder-3.10.7/debian/changelog gpodder-3.10.7/debian/changelog
--- gpodder-3.10.7/debian/changelog 2019-02-02 15:17:35.0 -0800
+++ gpodder-3.10.7/debian/changelog 2019-06-11 17:37:34.0 -0700
@@ -1,3 +1,9 @@
+gpodder (3.10.7-2) unstable; urgency=medium
+
+ * Add patch to use HTTPS for HTTPS URLs, including YouTube.
+
+ -- tony mancill Tue, 11 Jun 2019 17:37:34 -0700
+
gpodder (3.10.7-1) unstable; urgency=medium
* New upstream version 3.10.7
diff -Nru gpodder-3.10.7/debian/patches/series
gpodder-3.10.7/debian/patches/series
--- gpodder-3.10.7/debian/patches/series2019-02-02 15:17:35.0
-0800
+++ gpodder-3.10.7/debian/patches/series2019-06-11 17:37:34.0
-0700
@@ -2,3 +2,4 @@
utf-8_coding_for_setup.patch
remove_copyright_character.patch
switch-appindicator-extension-to-AyatanaAppIndicator-and-python3.patch
+youtube_https.patch
diff -Nru gpodder-3.10.7/debian/patches/youtube_https.patch
gpodder-3.10.7/debian/patches/youtube_https.patch
--- gpodder-3.10.7/debian/patches/youtube_https.patch 1969-12-31
16:00:00.0 -0800
+++ gpodder-3.10.7/debian/patches/youtube_https.patch 2019-06-11
17:37:34.0 -0700
@@ -0,0 +1,47 @@
+Description: Fix YouTube URLs
+Source:
https://patch-diff.githubusercontent.com/raw/gpodder/gpodder/pull/626.patch
+Forwarded: not-needed
+
+---
+ src/gpodder/util.py | 5 -
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/gpodder/util.py b/src/gpodder/util.py
+index 7103bd7a3..3fd717fe9 100644
+--- a/src/gpodder/util.py
b/src/gpodder/util.py
+@@ -1402,7 +1402,10 @@ def format_seconds_to_hour_min_sec(seconds):
+
+ def http_request(url, method='HEAD'):
+ (scheme, netloc, path, parms, qry, fragid) = urllib.parse.urlparse(url)
+-conn = http.client.HTTPConnection(netloc)
++if scheme == 'https':
++conn = http.client.HTTPSConnection(netloc)
++else:
++conn = http.client.HTTPConnection(netloc)
+ start = len(scheme) + len('://') + len(netloc)
+ conn.request(method, url[start:])
+ return conn.getresponse()
+
+From deebcf8cecb46e4a47ea0a4bb4269d5e2f2c6e9a Mon Sep 17 00:00:00 2001
+From: auouymous
+Date: Sat, 25 May 2019 15:22:27 +0200
+Subject: [PATCH 2/2] Use https to download from YouTube
+
+---
+ src/gpodder/youtube.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/gpodder/youtube.py b/src/gpodder/youtube.py
+index c3e593209..2c87647a9 100644
+--- a/src/gpodder/youtube.py
b/src/gpodder/youtube.py
+@@ -116,7 +116,7 @@ def get_real_download_url(url, preferred_fmt_ids=None):
+ vid = get_youtube_id(url)
+ if vid is not None:
+ page = None
+-url =
'http://www.youtube.com/get_video_info?=detailpage_id=' + vid
++url =
'https://www.youtube.com/get_video_info?=detailpage_id=' + vid
+
+ while page is None:
+ req = util.http_request(url, method='GET')
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
On Sun, Jun 16, 2019 at 09:47:12AM -0700, tony mancill wrote:
> I know it's late, but I am filing the unblock with the rationale that
> the broken YouTube support will be seen as regression for our users.
> Also, the patch is simple.
>
> I have validated the change locally and the debdiff is attached.
Unblocked; thanks.
--
Bug#928882: unblock: [pre-approval] ghc/8.4.4+dfsg1-3
Dear Paul, Indeed I confirm that "happy" provided by Debian buster/sid does not work on my hardware (armv5tel Kirkwood Feroceon). Just tested now after removing Ilias' deb package and reinstalling the previous one: drakestail:/opt/bug_ghc_armel# apt remove happy Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: happy 0 upgraded, 0 newly installed, 1 to remove and 1 not upgraded. After this operation, 2,598 kB disk space will be freed. Do you want to continue? [Y/n] (Reading database ... 100878 files and directories currently installed.) Removing happy (1.19.9-6+armel0) ... Processing triggers for man-db (2.7.6.1-2) ... drakestail:/opt/bug_ghc_armel# apt clean drakestail:/etc/apt/sources.list.d# apt install -t testing happy Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: haskell-doc The following NEW packages will be installed: happy 0 upgraded, 1 newly installed, 0 to remove and 860 not upgraded. Need to get 528 kB of archives. After this operation, 2,582 kB of additional disk space will be used. Get:1 http://ftp.it.debian.org/debian buster/main armel happy armel 1.19.9-6 [528 kB] Fetched 528 kB in 0s (2,650 kB/s) Selecting previously unselected package happy. (Reading database ... 100743 files and directories currently installed.) Preparing to unpack .../happy_1.19.9-6_armel.deb ... Unpacking happy (1.19.9-6) ... Setting up happy (1.19.9-6) ... Processing triggers for man-db (2.7.6.1-2) ... drakestail:/etc/apt/sources.list.d# gdb -q -ex 'b *(0x1ab0ac)' -ex 'run' -ex 'x/i $pc' -ex 'quit' --args happy example.y Reading symbols from happy...(no debugging symbols found)...done. Breakpoint 1 at 0x1ab0ac Starting program: /usr/bin/happy example.y [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/arm-linux-gnueabi/libthread_db.so.1". Program received signal SIGILL, Illegal instruction. 0x001addc4 in ?? () => 0x1addc4:uxthr1, r2 A debugging session is active. Inferior 1 [process 13711] will be killed. Quit anyway? (y or n) y Let me know if I can help more. Best, Emanuele On Sun, Jun 16, 2019 at 9:48 PM Paul Gevers wrote: > Hi Emanuele, > > On 16-06-2019 20:25, Emanuele Olivetti wrote: > > I've just followed your instructions, downloaded and installed the > > current happy (and also ghc and the other packages) in the usual way: > > > > dpkg -i > > apt install -f > > > > then tested the example files as indicated: > > > > drakestail:/opt/bug_ghc_armel# gdb -q -ex 'b *(0x1ab0ac)' -ex 'run' > > -ex 'x/i $pc' -ex 'quit' --args happy example.y > > Reading symbols from happy...(no debugging symbols found)...done. > > Breakpoint 1 at 0x1ab0ac > > Starting program: /bin/happy example.y > > [Thread debugging using libthread_db enabled] > > Using host libthread_db library > > "/lib/arm-linux-gnueabi/libthread_db.so.1". > > [Inferior 1 (process 10654) exited normally] > > No registers. > > > > Everything works fine! > > Can you confirm that it *didn't* work with the version in sid/buster on > your system? > > Paul > >
Bug#930630: stretch-pu: package tenshi/0.13-2.1~deb9u1
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
This upload is primarily intended to fix the version ordering violation
introduced by the CVE fix from 2017 in wheezy-lts that only went to sid
(and got unblocked for buster) today:
tenshi | 0.11-2| squeeze | source, all
tenshi | 0.13-2| wheezy | source, all
tenshi | 0.13-2| stretch | source, all
tenshi | 0.13-2| buster | source, all
tenshi | 0.13-2+deb7u1 | wheezy-security | source, all
tenshi | 0.13-2.1 | sid | source, all
This is a rebuild of 0.13-2.1 from sid (which itself was a rebuild of
0.13-2+deb7u1 from wheezy-lts).
The package is already uploaded.
Andreas
diff -Nru tenshi-0.13/debian/changelog tenshi-0.13/debian/changelog
--- tenshi-0.13/debian/changelog2012-02-13 05:30:17.0 +0100
+++ tenshi-0.13/debian/changelog2019-06-16 23:43:59.0 +0200
@@ -1,3 +1,26 @@
+tenshi (0.13-2.1~deb9u1) stretch; urgency=medium
+
+ * Non-maintainer upload.
+ * Rebuild for stretch.
+
+ -- Andreas Beckmann Sun, 16 Jun 2019 23:43:59 +0200
+
+tenshi (0.13-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Upload to unstable.
+ * Drop DMUA.
+
+ -- Andreas Beckmann Sun, 16 Jun 2019 14:24:39 +0200
+
+tenshi (0.13-2+deb7u1) wheezy-security; urgency=high
+
+ * Non-maintainer upload by the Debian LTS team.
+ * Fix CVE-2017-11746: PID file issue allows local users to kill arbitrary
+processes (Closes: #871321)
+
+ -- Lucas Kanashiro Sun, 27 Aug 2017 14:47:19 -0300
+
tenshi (0.13-2) unstable; urgency=low
* debian/init:
diff -Nru tenshi-0.13/debian/control tenshi-0.13/debian/control
--- tenshi-0.13/debian/control 2012-02-10 05:23:20.0 +0100
+++ tenshi-0.13/debian/control 2019-06-16 13:55:10.0 +0200
@@ -2,7 +2,6 @@
Section: admin
Priority: optional
Maintainer: Ignace Mouzannar
-DM-Upload-Allowed: yes
Build-Depends: debhelper (>= 7.0.8)
Standards-Version: 3.9.2
Vcs-Svn: svn://svn.debian.org/collab-maint/ext-maint/tenshi/trunk/
diff -Nru tenshi-0.13/debian/patches/CVE-2017-11746.patch
tenshi-0.13/debian/patches/CVE-2017-11746.patch
--- tenshi-0.13/debian/patches/CVE-2017-11746.patch 1970-01-01
01:00:00.0 +0100
+++ tenshi-0.13/debian/patches/CVE-2017-11746.patch 2017-08-27
19:53:26.0 +0200
@@ -0,0 +1,36 @@
+Description: save PID after forking but before changing privileges
+ This is an adaptation of upstream commit
+ (d0e7f28c13ffbd5888b31d6532c2faf78f10f176) that fixes CVE-2017-11746. It was
+ written by Andrea Barisani.
+Author: Lucas Kanashiro
+Last-Updated: 2017-08-27
+
+--- a/tenshi
b/tenshi
+@@ -122,8 +122,6 @@ if ($listen) {
+
+ $SIG{'CHLD'} = sub { $debug && debug(5,'CHLD') ; print RED "[ERROR] Child
died. Bailing out\n"; $time_to_die = 1; };
+
+-prepare_process();
+-
+ #
+ # sanity checks
+ #
+@@ -242,8 +240,6 @@ if (!($debug || $profile || $foreground)
+ daemonize();
+ }
+
+-save_pid();
+-
+ while (!$time_to_die) {
+ my $now = time;
+
+@@ -963,6 +959,8 @@ sub daemonize {
+ defined(my $pid = fork) or clean_up and die RED "[ERROR] can't fork:
$!\n";
+ exit if $pid;
+ setsid()or clean_up and die RED "[ERROR] can't start
a new session: $!\n";
++save_pid();
++prepare_process();
+ }
+
+ sub save_pid {
diff -Nru tenshi-0.13/debian/patches/series tenshi-0.13/debian/patches/series
--- tenshi-0.13/debian/patches/series 2012-02-10 04:37:37.0 +0100
+++ tenshi-0.13/debian/patches/series 2017-08-26 20:50:46.0 +0200
@@ -1,2 +1,3 @@
10-Makefile.diff
20-manpage.diff
+CVE-2017-11746.patch
Bug#928111: [pre-approval] unblock: icu/63.2-1
Hi Paul,
On Sun, Jun 16, 2019 at 9:50 PM Paul Gevers wrote:
> On 16-06-2019 11:20, László Böszörményi (GCS) wrote:
> > The debdiff is larger for the following changes. The backported
> > security fixes are no longer under debian/patches but inline. The ABI
> > break, called the 'ICU-20250' issue upstream is reversed with a patch.
> > Then the s/63.1/63.2/ changes, etc.
>
> Can you please provide a diff between the patches-applied tree of the
> current buster version and a patches-applied tree of the current sid
> version?
Of course, attached. The diff size went down from 165 kB to 39 kB as
you see, even if the documentation and s/63.1/63.2/ changes are still
in as well.
Regards,
Laszlo/GCS
diff -Nur icu-63.1/readme.html icu-63.2/readme.html
--- icu-63.1/readme.html 2018-10-15 18:02:37.0 +
+++ icu-63.2/readme.html 2019-04-11 22:38:30.0 +
@@ -3,7 +3,7 @@
http://www.w3.org/1999/xhtml; xml:lang="en-US">
-ReadMe for ICU 63.1
+ReadMe for ICU 63.2
http://www.unicode.org/copyright.html"/>
diff -Nur icu-63.1/source/common/umutablecptrie.cpp icu-63.2/source/common/umutablecptrie.cpp
--- icu-63.1/source/common/umutablecptrie.cpp 2018-10-01 22:39:56.0 +
+++ icu-63.2/source/common/umutablecptrie.cpp 2019-06-16 20:23:58.0 +
@@ -60,6 +60,7 @@
constexpr int32_t INDEX_3_18BIT_BLOCK_LENGTH = UCPTRIE_INDEX_3_BLOCK_LENGTH + UCPTRIE_INDEX_3_BLOCK_LENGTH / 8;
class AllSameBlocks;
+class MixedBlocks;
class MutableCodePointTrie : public UMemory {
public:
@@ -92,8 +93,10 @@
void maskValues(uint32_t mask);
UChar32 findHighStart() const;
int32_t compactWholeDataBlocks(int32_t fastILimit, AllSameBlocks );
-int32_t compactData(int32_t fastILimit, uint32_t *newData, int32_t dataNullIndex);
-int32_t compactIndex(int32_t fastILimit, UErrorCode );
+int32_t compactData(
+int32_t fastILimit, uint32_t *newData, int32_t newDataCapacity,
+int32_t dataNullIndex, MixedBlocks , UErrorCode );
+int32_t compactIndex(int32_t fastILimit, MixedBlocks , UErrorCode );
int32_t compactTrie(int32_t fastILimit, UErrorCode );
uint32_t *index = nullptr;
@@ -548,28 +551,8 @@
}
}
-inline bool
-equalBlocks(const uint32_t *s, const uint32_t *t, int32_t length) {
-while (length > 0 && *s == *t) {
-++s;
-++t;
---length;
-}
-return length == 0;
-}
-
-inline bool
-equalBlocks(const uint16_t *s, const uint32_t *t, int32_t length) {
-while (length > 0 && *s == *t) {
-++s;
-++t;
---length;
-}
-return length == 0;
-}
-
-inline bool
-equalBlocks(const uint16_t *s, const uint16_t *t, int32_t length) {
+template
+bool equalBlocks(const UIntA *s, const UIntB *t, int32_t length) {
while (length > 0 && *s == *t) {
++s;
++t;
@@ -585,36 +568,6 @@
}
/** Search for an identical block. */
-int32_t findSameBlock(const uint32_t *p, int32_t pStart, int32_t length,
- const uint32_t *q, int32_t qStart, int32_t blockLength) {
-// Ensure that we do not even partially get past length.
-length -= blockLength;
-
-q += qStart;
-while (pStart <= length) {
-if (equalBlocks(p + pStart, q, blockLength)) {
-return pStart;
-}
-++pStart;
-}
-return -1;
-}
-
-int32_t findSameBlock(const uint16_t *p, int32_t pStart, int32_t length,
- const uint32_t *q, int32_t qStart, int32_t blockLength) {
-// Ensure that we do not even partially get past length.
-length -= blockLength;
-
-q += qStart;
-while (pStart <= length) {
-if (equalBlocks(p + pStart, q, blockLength)) {
-return pStart;
-}
-++pStart;
-}
-return -1;
-}
-
int32_t findSameBlock(const uint16_t *p, int32_t pStart, int32_t length,
const uint16_t *q, int32_t qStart, int32_t blockLength) {
// Ensure that we do not even partially get past length.
@@ -655,30 +608,9 @@
* Look for maximum overlap of the beginning of the other block
* with the previous, adjacent block.
*/
-int32_t getOverlap(const uint32_t *p, int32_t length,
- const uint32_t *q, int32_t qStart, int32_t blockLength) {
-int32_t overlap = blockLength - 1;
-U_ASSERT(overlap <= length);
-q += qStart;
-while (overlap > 0 && !equalBlocks(p + (length - overlap), q, overlap)) {
---overlap;
-}
-return overlap;
-}
-
-int32_t getOverlap(const uint16_t *p, int32_t length,
- const uint32_t *q, int32_t qStart, int32_t blockLength) {
-int32_t overlap = blockLength - 1;
-U_ASSERT(overlap <= length);
-q += qStart;
-while (overlap > 0 && !equalBlocks(p + (length - overlap), q, overlap)) {
---overlap;
-}
-return overlap;
-}
-
-int32_t getOverlap(const uint16_t *p, int32_t length,
- const uint16_t *q, int32_t qStart, int32_t blockLength) {
Bug#930597: marked as done (unblock: pikepdf/1.0.5+dfsg-3 -- redux)
Your message dated Sun, 16 Jun 2019 22:01:45 +0200
with message-id <527cef43-52e4-159c-fdb4-d40eb2f4c...@debian.org>
and subject line Re: Bug#930597: unblock: pikepdf/1.0.5+dfsg-3 -- redux
has caused the Debian Bug report #930597,
regarding unblock: pikepdf/1.0.5+dfsg-3 -- redux
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
930597: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930597
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
pikepdf 1.0.5+dfsg-3 was unblocked by nthykier but has not migrated:
Migration status: Blocked. Can't migrate due to a non-migratable
dependency. Check status below.
Blocked by: gcc-8
48 days old (2 needed)
People in #debian-release told me I should ask whether I can upload
pikepdf to testing-proposed-updates to bypass this problem.
(I guess with version number 1.0.5+dfsg-2+deb10u1 ?)
-- System Information:
Debian Release: 9.9
APT prefers stable
APT policy: (900, 'stable'), (500, 'stable-updates'), (500,
'proposed-updates')
Architecture: i386 (i686)
Kernel: Linux 4.9.0-9-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--
Sean Whitton
diff -Nru pikepdf-1.0.5+dfsg/debian/changelog
pikepdf-1.0.5+dfsg/debian/changelog
--- pikepdf-1.0.5+dfsg/debian/changelog 2019-02-27 22:33:07.0 +
+++ pikepdf-1.0.5+dfsg/debian/changelog 2019-04-29 02:23:41.0 +0100
@@ -1,3 +1,11 @@
+pikepdf (1.0.5+dfsg-3) unstable; urgency=medium
+
+ * Cherry pick upstream commit 4d22fe4 as
+Fix-issue-25-year-missing-leading-zero-on-some-platforms.patch
+(Closes: #928042).
+
+ -- Sean Whitton Sun, 28 Apr 2019 18:23:41 -0700
+
pikepdf (1.0.5+dfsg-2) unstable; urgency=medium
* Team upload.
diff -Nru
pikepdf-1.0.5+dfsg/debian/patches/Fix-issue-25-year-missing-leading-zero-on-some-platforms.patch
pikepdf-1.0.5+dfsg/debian/patches/Fix-issue-25-year-missing-leading-zero-on-some-platforms.patch
---
pikepdf-1.0.5+dfsg/debian/patches/Fix-issue-25-year-missing-leading-zero-on-some-platforms.patch
1970-01-01 01:00:00.0 +0100
+++
pikepdf-1.0.5+dfsg/debian/patches/Fix-issue-25-year-missing-leading-zero-on-some-platforms.patch
2019-04-29 02:23:41.0 +0100
@@ -0,0 +1,51 @@
+From: "James R. Barlow"
+Date: Tue, 12 Feb 2019 20:42:11 -0800
+Subject: Fix issue #25 - year missing leading zero on some platforms
+
+Closes #25
+
+(cherry picked from commit 4d22fe47912c518e8b3348aedccdac3f11ed81d7)
+---
+ src/pikepdf/models/metadata.py | 7 +--
+ tests/test_metadata.py | 3 ++-
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/pikepdf/models/metadata.py b/src/pikepdf/models/metadata.py
+index 1a0eeb2..65934cd 100644
+--- a/src/pikepdf/models/metadata.py
b/src/pikepdf/models/metadata.py
+@@ -121,8 +121,11 @@ def encode_pdf_date(d: datetime) -> str:
+ the local time.
+ """
+
+-pdfmark_date_fmt = r'%Y%m%d%H%M%S'
+-s = d.strftime(pdfmark_date_fmt)
++# The formatting of %Y is not consistent as described in
++# https://bugs.python.org/issue13305 and underspecification in libc.
++# So explicitly format the year with leading zeros
++s = "{:04d}".format(d.year)
++s += d.strftime(r'%m%d%H%M%S')
+ tz = d.strftime('%z')
+ if tz:
+ sign, tz_hours, tz_mins = tz[0], tz[1:3], tz[3:5]
+diff --git a/tests/test_metadata.py b/tests/test_metadata.py
+index 1d41878..41a879c 100644
+--- a/tests/test_metadata.py
b/tests/test_metadata.py
+@@ -3,7 +3,7 @@ from datetime import datetime, timezone, timedelta
+ import re
+
+ import pytest
+-from hypothesis import given
++from hypothesis import given, example
+ from hypothesis.strategies import integers
+ import pikepdf
+ from pikepdf import Pdf, Dictionary, Name, PasswordError, Stream
+@@ -252,6 +252,7 @@ def test_date_docinfo_from_xmp():
+ integers(0, 99),
+ integers(0, 99),
+ )
++@example(1, 1, 1, 0, 0, 0)
+ def test_random_dates(year, month, day, hour, mins, sec):
+ date_args = year, month, day, hour, mins, sec
+ xmp = '{:04d}-{:02d}-{:02d}T{:02d}:{:02d}:{:02d}'.format(*date_args)
diff -Nru pikepdf-1.0.5+dfsg/debian/patches/series
pikepdf-1.0.5+dfsg/debian/patches/series
--- pikepdf-1.0.5+dfsg/debian/patches/series2019-02-27 17:39:34.0
+
+++ pikepdf-1.0.5+dfsg/debian/patches/series2019-04-29
Bug#928111: [pre-approval] unblock: icu/63.2-1
Hi László, On 16-06-2019 11:20, László Böszörményi (GCS) wrote: > The debdiff is larger for the following changes. The backported > security fixes are no longer under debian/patches but inline. The ABI > break, called the 'ICU-20250' issue upstream is reversed with a patch. > Then the s/63.1/63.2/ changes, etc. Can you please provide a diff between the patches-applied tree of the current buster version and a patches-applied tree of the current sid version? Thanks. Paul signature.asc Description: OpenPGP digital signature
Bug#928882: unblock: [pre-approval] ghc/8.4.4+dfsg1-3
Hi Emanuele, On 16-06-2019 20:25, Emanuele Olivetti wrote: > I've just followed your instructions, downloaded and installed the > current happy (and also ghc and the other packages) in the usual way: > > dpkg -i > apt install -f > > then tested the example files as indicated: > > drakestail:/opt/bug_ghc_armel# gdb -q -ex 'b *(0x1ab0ac)' -ex 'run' > -ex 'x/i $pc' -ex 'quit' --args happy example.y > Reading symbols from happy...(no debugging symbols found)...done. > Breakpoint 1 at 0x1ab0ac > Starting program: /bin/happy example.y > [Thread debugging using libthread_db enabled] > Using host libthread_db library > "/lib/arm-linux-gnueabi/libthread_db.so.1". > [Inferior 1 (process 10654) exited normally] > No registers. > > Everything works fine! Can you confirm that it *didn't* work with the version in sid/buster on your system? Paul signature.asc Description: OpenPGP digital signature
Bug#930597: unblock: pikepdf/1.0.5+dfsg-3 -- redux
control: tag -1 -moreinfo Hello, On Sun 16 Jun 2019 at 04:23PM +02, Ivo De Decker wrote: > OK. Please remove the moreinfo tag from this bug once the upload is ready to > be unblocked. Done. >> (I guess with version number 1.0.5+dfsg-2+deb10u1 ?) > > No. For a rebuild of 1.0.5+dfsg-3, the preferred version is > 1.0.5+dfsg-3~deb10u1 (with the changelog entry for 1.0.5+dfsg-3 also in the > changelog). For patches on top of 1.0.5+dfsg-2 (but not a rebuild of a newer > version), the version would have been 1.0.5+dfsg-2+deb10u1, as you suggested. > Please set the distribution in the changelog to 'buster' (not 'testing' or > 'testing-proposed-updates'). Thanks for the info & the reminder! -- Sean Whitton signature.asc Description: PGP signature
Processed: Re: unblock: pikepdf/1.0.5+dfsg-3 -- redux
Processing control commands: > tag -1 -moreinfo Bug #930597 [release.debian.org] unblock: pikepdf/1.0.5+dfsg-3 -- redux Removed tag(s) moreinfo. -- 930597: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930597 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#928882: unblock: [pre-approval] ghc/8.4.4+dfsg1-3
Dear Ililas and Paul,
Thank you for your great work.
I've just followed your instructions, downloaded and installed the current
happy (and also ghc and the other packages) in the usual way:
dpkg -i
apt install -f
then tested the example files as indicated:
drakestail:/opt/bug_ghc_armel# gdb -q -ex 'b *(0x1ab0ac)' -ex 'run' -ex
'x/i $pc' -ex 'quit' --args happy example.y
Reading symbols from happy...(no debugging symbols found)...done.
Breakpoint 1 at 0x1ab0ac
Starting program: /bin/happy example.y
[Thread debugging using libthread_db enabled]
Using host libthread_db library
"/lib/arm-linux-gnueabi/libthread_db.so.1".
[Inferior 1 (process 10654) exited normally]
No registers.
Everything works fine!
Please find attached the resulting example.hs.
Moreover "objdump -d /bin/happy |grep uxth" returns nothing, as expected.
Hashes of the downloaded files:
drakestail:/opt/bug_ghc_armel# sha256sum *.deb example.*
5d8dae44d79545aeee34755baa6c51ffe80db8309051978aaa9ac8857d6efde9
ghc_8.4.4+dfsg1-2+armel0_armel.deb
bffaf0957deb767d75e251f92dd8a59c6277c5b986241219fbb26ea3400284fa
ghc-doc_8.4.4+dfsg1-2+armel0_all.deb
8fde49d87ad410ae5fec77ac89af4da11f4a2dd0924f0085a2f5f9c6e93fc09c
ghc-prof_8.4.4+dfsg1-2+armel0_armel.deb
c560c02e7369c08de18f7151bcb53245a1c7f4ab83e9c07265beef7ca0e24921
happy_1.19.9-6+armel0_armel.deb
499108b544ad71ae4e801d05910dbc46b6701bac9f33eba5f58ab68f92541a58
example.hs
7b2f0a55e15e3db4188cde1410b1b21bcefeb092b2bc2f44bc95612bf7c60457
example.y
Thanks again,
Emanuele
On Sat, Jun 15, 2019 at 10:46 AM Paul Gevers wrote:
> Hi Emanuel,
>
> On 14-06-2019 18:07, Ilias Tsitsimpis wrote:
> > I have uploaded both ghc and happy here, in case you need Emanuele to
> > verify that the current version of happy fails, whereas the new one
> > works:
> >
> > https://www.iliastsi.net/ghc/ghc_8.4.4+dfsg1-2+armel0_armel.deb
> > sha256:
> 5d8dae44d79545aeee34755baa6c51ffe80db8309051978aaa9ac8857d6efde9
> > https://www.iliastsi.net/ghc/ghc-doc_8.4.4+dfsg1-2+armel0_all.deb
> > sha256:
> bffaf0957deb767d75e251f92dd8a59c6277c5b986241219fbb26ea3400284fa
> > https://www.iliastsi.net/ghc/ghc-prof_8.4.4+dfsg1-2+armel0_armel.deb
> > sha256:
> 8fde49d87ad410ae5fec77ac89af4da11f4a2dd0924f0085a2f5f9c6e93fc09c
> > https://www.iliastsi.net/ghc/happy_1.19.9-6+armel0_armel.deb
> > sha256:
> c560c02e7369c08de18f7151bcb53245a1c7f4ab83e9c07265beef7ca0e24921
>
> Could you please do the check that Ilias proposes? I.e. install the
> current happy and run it on the example code and see that it fails.
> Install the package from Ilias and see that it works?
>
> > So, it seems that the proposed patch does indeed resolve the issue.
>
> I agree with you, however I'd like to see the results of the check by
> Emanuele.
>
> > Unfortunately, I cannot provide any guarantee that it will not introduce
> > any bugs that weren't there before, but I believe the only way to find
> > out is to upload a fixed version of GHC on unstable and schedule the
> > required binNMUs. If all of them succeed, we can then unblock them.
>
> Guarantees like that have very little value. We are trying to weight the
> risk versus the gain. Please go ahead if and when Emanuele reports
> positive results.
>
> Paul
>
>
{-# OPTIONS_GHC -w #-}
module Main where
import qualified Data.Array as Happy_Data_Array
import qualified Data.Bits as Bits
import Control.Applicative(Applicative(..))
import Control.Monad (ap)
-- parser produced by Happy Version 1.19.9
data HappyAbsSyn t4 t5 t6 t7
= HappyTerminal (Token)
| HappyErrorToken Int
| HappyAbsSyn4 t4
| HappyAbsSyn5 t5
| HappyAbsSyn6 t6
| HappyAbsSyn7 t7
happyExpList :: Happy_Data_Array.Array Int Int
happyExpList = Happy_Data_Array.listArray (0,49) ([1664,1025,0,1,0,768,24576,0,0,0,0,2100,32768,3072,24578,16,131,1048,256,1664,1,6,48,0,0,0,1024,53248,32,0,0
])
{-# NOINLINE happyExpListPerState #-}
happyExpListPerState st =
token_strs_expected
where token_strs = ["error","%dummy","%start_calc","Exp","Exp1","Term","Factor","let","in","int","var","'='","'+'","'-'","'*'","'/'","'('","')'","%eof"]
bit_start = st * 19
bit_end = (st + 1) * 19
read_bit = readArrayBit happyExpList
bits = map read_bit [bit_start..bit_end - 1]
bits_indexed = zip bits [0..18]
token_strs_expected = concatMap f bits_indexed
f (False, _) = []
f (True, nr) = [token_strs !! nr]
action_0 (8) = happyShift action_2
action_0 (10) = happyShift action_7
action_0 (11) = happyShift action_8
action_0 (17) = happyShift action_9
action_0 (4) = happyGoto action_3
action_0 (5) = happyGoto action_4
action_0 (6) = happyGoto action_5
action_0 (7) = happyGoto action_6
action_0 _ = happyFail (happyExpListPerState 0)
action_1 (8) = happyShift action_2
action_1 _ = happyFail (happyExpListPerState 1)
action_2 (11) = happyShift action_15
action_2 _ = happyFail (happyExpListPerState 2)
action_3 (19) = happyAccept
Bug#930616: marked as done (unblock: vim/2:8.1.0875-5)
Your message dated Sun, 16 Jun 2019 18:06:25 +0100 with message-id <20190616170625.ga22...@powdarrmonkey.net> and subject line Re: Bug#930616: unblock: vim/2:8.1.0875-5 has caused the Debian Bug report #930616, regarding unblock: vim/2:8.1.0875-5 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 930616: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930616 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package vim This is a follow up to the previous fixes for CVE-2019-12735. Upstream added a new option (disabled by default) to control whether expressions can be evaluated in modelines, so that modelines are further restricted. unblock vim/2:8.1.0875-5 -- System Information: Debian Release: 10.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diffstat for vim-8.1.0875 vim-8.1.0875 changelog | 12 gbp.conf|2 patches/patch-8.1.1366-using-expressions-in-a-modeline-is-unsafe.patch | 588 ++ patches/patch-8.1.1367-can-set-modelineexpr-in-modeline.patch | 54 patches/patch-8.1.1368-modeline-test-fails-with-python-but-withou.patch | 42 patches/patch-8.1.1382-error-when-editing-test-file.patch | 71 + patches/patch-8.1.1401-misspelled-mkspellmem-as-makespellmem.patch | 69 + patches/series |5 8 files changed, 842 insertions(+), 1 deletion(-) diff -Nru vim-8.1.0875/debian/changelog vim-8.1.0875/debian/changelog --- vim-8.1.0875/debian/changelog 2019-06-07 06:49:19.0 -0400 +++ vim-8.1.0875/debian/changelog 2019-06-15 12:41:15.0 -0400 @@ -1,3 +1,15 @@ +vim (2:8.1.0875-5) unstable; urgency=medium + + * gbp.conf: Set debian-tag to debian/%(version)s + * Backport 'modelineexpr' patches to further restrict modelines ++ 8.1.1366: Using expressions in a modeline is unsafe ++ 8.1.1367: can set 'modelineexpr' in modeline ++ 8.1.1368: Modeline test fails with python but without pythonhome ++ 8.1.1382: Error when editing test file ++ 8.1.1401: misspelled mkspellmem as makespellmem (test fix) + + -- James McCoy Sat, 15 Jun 2019 12:41:15 -0400 + vim (2:8.1.0875-4) unstable; urgency=high * Backport 8.1.1046 and 8.1.1365 to fix CVE-2019-12735 (Closes: #930020) diff -Nru vim-8.1.0875/debian/gbp.conf vim-8.1.0875/debian/gbp.conf --- vim-8.1.0875/debian/gbp.conf2019-06-07 06:49:19.0 -0400 +++ vim-8.1.0875/debian/gbp.conf2019-06-15 12:41:15.0 -0400 @@ -1,6 +1,6 @@ [DEFAULT] upstream-tag = v%(version)s -debian-tag = v%(version)s +debian-tag = debian/%(version)s debian-branch = debian/sid [pq] diff -Nru vim-8.1.0875/debian/patches/patch-8.1.1366-using-expressions-in-a-modeline-is-unsafe.patch vim-8.1.0875/debian/patches/patch-8.1.1366-using-expressions-in-a-modeline-is-unsafe.patch --- vim-8.1.0875/debian/patches/patch-8.1.1366-using-expressions-in-a-modeline-is-unsafe.patch 1969-12-31 19:00:00.0 -0500 +++ vim-8.1.0875/debian/patches/patch-8.1.1366-using-expressions-in-a-modeline-is-unsafe.patch 2019-06-15 12:41:15.0 -0400 @@ -0,0 +1,588 @@ +From: Bram Moolenaar +Date: Thu, 23 May 2019 15:38:06 +0200 +Subject: patch 8.1.1366: using expressions in a modeline is unsafe + +Problem:Using expressions in a modeline is unsafe. +Solution: Disallow using expressions in a modeline, unless the +'modelineexpr' option is set. Update help, add more tests. + +(cherry picked from commit 110289e78195b6d01e1e6ad26ad450de476d41c1) + +Signed-off-by: James McCoy +--- + runtime/doc/options.txt | 69 +++- + src/option.c | 35 ++-- + src/option.h | 1 + + src/testdir/test49.in | 2 +- + src/testdir/test_modeline.vim | 93 +++ + src/version.c | 2 + + 6 files changed, 169 insertions(+), 33 deletions(-) + +diff --git
Bug#930593: marked as done (unblock: ompl/1.4.2+ds1-2)
Your message dated Sun, 16 Jun 2019 17:51:41 +0100
with message-id <20190616165141.ga20...@powdarrmonkey.net>
and subject line Re: Bug#930593: unblock: ompl/1.4.2+ds1-2
has caused the Debian Bug report #930593,
regarding unblock: ompl/1.4.2+ds1-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
930593: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930593
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package ompl
The libompl-dev package uses libeigen3-dev but was missing a dependency,
as reported in #930507. I removed it's Multi-Arch flag as well, as it
was wrong according to the hinter. Hope that's fine with you.
unblock ompl/1.4.2+ds1-2
-- System Information:
Debian Release: 10.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index 44a3482..617317e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+ompl (1.4.2+ds1-2) unstable; urgency=medium
+
+ * Team upload.
+ * Remove wrong MA hint (according to hinter)
+ * Add missing dependency (Closes: #930507)
+
+ -- Jochen Sprickerhof Sun, 16 Jun 2019 10:34:15 +0200
+
ompl (1.4.2+ds1-1) unstable; urgency=medium
* New upstream version.
diff --git a/debian/control b/debian/control
index b8c0900..baccfc8 100644
--- a/debian/control
+++ b/debian/control
@@ -25,12 +25,12 @@ Vcs-Git: https://salsa.debian.org/science-team/ompl.git
Homepage: http://ompl.kavrakilab.org
Package: libompl-dev
-Multi-Arch: same
Architecture: any
Section: libdevel
Depends: libompl15 (= ${binary:Version}),
${misc:Depends},
- libboost-dev
+ libboost-dev,
+ libeigen3-dev
Suggests: libode-dev, pkg-config
Description: Open Motion Planning Library (OMPL) development files
The Open Motion Planning Library is a set of sampling-based motion
--- End Message ---
--- Begin Message ---
On Sun, Jun 16, 2019 at 10:39:26AM +0200, Jochen Sprickerhof wrote:
> The libompl-dev package uses libeigen3-dev but was missing a dependency,
> as reported in #930507. I removed it's Multi-Arch flag as well, as it
> was wrong according to the hinter. Hope that's fine with you.
Unblocked; thanks.
--
Jonathan Wiltshire j...@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51--- End Message ---
Bug#930621: unblock: gpodder/3.10.7-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package gpodder
Dear Release Managers,
Recently YouTube started requiring connections via HTTPS. There isn't a
Debian bug filed for this, but upstream contacted me directly to ask
whether this could be addressed for buster. The upstream issue is:
https://github.com/gpodder/gpodder/issues/625
And the patch PR:
https://github.com/gpodder/gpodder/pull/626
I know it's late, but I am filing the unblock with the rationale that
the broken YouTube support will be seen as regression for our users.
Also, the patch is simple.
I have validated the change locally and the debdiff is attached.
Thank you for your consideration!
tony
unblock gpodder/3.10.7-2
diff -Nru gpodder-3.10.7/debian/changelog gpodder-3.10.7/debian/changelog
--- gpodder-3.10.7/debian/changelog 2019-02-02 15:17:35.0 -0800
+++ gpodder-3.10.7/debian/changelog 2019-06-11 17:37:34.0 -0700
@@ -1,3 +1,9 @@
+gpodder (3.10.7-2) unstable; urgency=medium
+
+ * Add patch to use HTTPS for HTTPS URLs, including YouTube.
+
+ -- tony mancill Tue, 11 Jun 2019 17:37:34 -0700
+
gpodder (3.10.7-1) unstable; urgency=medium
* New upstream version 3.10.7
diff -Nru gpodder-3.10.7/debian/patches/series
gpodder-3.10.7/debian/patches/series
--- gpodder-3.10.7/debian/patches/series2019-02-02 15:17:35.0
-0800
+++ gpodder-3.10.7/debian/patches/series2019-06-11 17:37:34.0
-0700
@@ -2,3 +2,4 @@
utf-8_coding_for_setup.patch
remove_copyright_character.patch
switch-appindicator-extension-to-AyatanaAppIndicator-and-python3.patch
+youtube_https.patch
diff -Nru gpodder-3.10.7/debian/patches/youtube_https.patch
gpodder-3.10.7/debian/patches/youtube_https.patch
--- gpodder-3.10.7/debian/patches/youtube_https.patch 1969-12-31
16:00:00.0 -0800
+++ gpodder-3.10.7/debian/patches/youtube_https.patch 2019-06-11
17:37:34.0 -0700
@@ -0,0 +1,47 @@
+Description: Fix YouTube URLs
+Source:
https://patch-diff.githubusercontent.com/raw/gpodder/gpodder/pull/626.patch
+Forwarded: not-needed
+
+---
+ src/gpodder/util.py | 5 -
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/gpodder/util.py b/src/gpodder/util.py
+index 7103bd7a3..3fd717fe9 100644
+--- a/src/gpodder/util.py
b/src/gpodder/util.py
+@@ -1402,7 +1402,10 @@ def format_seconds_to_hour_min_sec(seconds):
+
+ def http_request(url, method='HEAD'):
+ (scheme, netloc, path, parms, qry, fragid) = urllib.parse.urlparse(url)
+-conn = http.client.HTTPConnection(netloc)
++if scheme == 'https':
++conn = http.client.HTTPSConnection(netloc)
++else:
++conn = http.client.HTTPConnection(netloc)
+ start = len(scheme) + len('://') + len(netloc)
+ conn.request(method, url[start:])
+ return conn.getresponse()
+
+From deebcf8cecb46e4a47ea0a4bb4269d5e2f2c6e9a Mon Sep 17 00:00:00 2001
+From: auouymous
+Date: Sat, 25 May 2019 15:22:27 +0200
+Subject: [PATCH 2/2] Use https to download from YouTube
+
+---
+ src/gpodder/youtube.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/gpodder/youtube.py b/src/gpodder/youtube.py
+index c3e593209..2c87647a9 100644
+--- a/src/gpodder/youtube.py
b/src/gpodder/youtube.py
+@@ -116,7 +116,7 @@ def get_real_download_url(url, preferred_fmt_ids=None):
+ vid = get_youtube_id(url)
+ if vid is not None:
+ page = None
+-url =
'http://www.youtube.com/get_video_info?=detailpage_id=' + vid
++url =
'https://www.youtube.com/get_video_info?=detailpage_id=' + vid
+
+ while page is None:
+ req = util.http_request(url, method='GET')
signature.asc
Description: PGP signature
Bug#929318: marked as done (unblock: papi/5.7.0+dfsg-2)
Your message dated Sun, 16 Jun 2019 16:21:03 +0100
with message-id <20190616152103.ga10...@powdarrmonkey.net>
and subject line Re: Bug#929318: unblock: papi/5.7.0+dfsg-1
has caused the Debian Bug report #929318,
regarding unblock: papi/5.7.0+dfsg-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
929318: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929318
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Control: block -1 with 928368
Please unblock package papi
Hi,
there are two things that need to be fixed in PAPI for buster.
* transition libpapi5 -> libpapi5.7, (one package needs a binNMU),
see #928368 for details (upstream has now accepted and applied my
patch)
* removal of non-dfsg-free iozone code (only used for tests for a
component not included in our builds, so no negative effect)
The package is not uploaded to unstable yet, waiting for 5.7.0-2 to pass
experimental/NEW for libpapi5.7.
debian/changelog |16
+
debian/control |12
+-
debian/copyright | 6
+-
debian/gbp.conf| 2
+-
debian/libpapi5.install| 2
-
debian/{libpapi5.README.Debian => libpapiSOVERSION.README.Debian} | 0
debian/{libpapi5.docs => libpapiSOVERSION.docs}| 0
debian/libpapiSOVERSION.install| 2
+
debian/{libpapi5.symbols => libpapiSOVERSION.symbols} |20
+-
debian/patches/0001-set-SONAME-to-libpapi.so.-PAPIVER-.-PAPIREV.patch | 163
+
debian/patches/0002-Clean-up-of-carriage-return-character-M-from.patch | 119
+
debian/patches/do-not-ignore-failures.patch| 8
+-
debian/patches/for-debian-no-rpath.patch | 4
+-
debian/patches/series | 2
+
debian/rules |20
+
debian/watch | 3
+-
src/components/appio/tests/iozone/Changes.txt | 2409
src/components/appio/tests/iozone/Generate_Graphs |32
-
src/components/appio/tests/iozone/Gnuplot.txt |23
-
src/components/appio/tests/iozone/client_list |36
-
src/components/appio/tests/iozone/fileop.c | 1389
---
src/components/appio/tests/iozone/gengnuplot.sh|57
-
src/components/appio/tests/iozone/gnu3d.dem| 146
-
src/components/appio/tests/iozone/gnuplot.dem |60
-
src/components/appio/tests/iozone/gnuplotps.dem|63
-
src/components/appio/tests/iozone/iozone.c | 25297
---
src/components/appio/tests/iozone/iozone_visualizer.pl | 262
-
src/components/appio/tests/iozone/libasync.c | 1604
---
src/components/appio/tests/iozone/libbif.c | 452
-
src/components/appio/tests/iozone/makefile | 1461
---
src/components/appio/tests/iozone/pit_server.c | 831
--
src/components/appio/tests/iozone/read_telemetry |29
-
src/components/appio/tests/iozone/report.pl| 150
-
src/components/appio/tests/iozone/spec.in | 107
-
src/components/appio/tests/iozone/write_telemetry |29
-
35 files changed, 350 insertions(+), 34466 deletions(-)
A git diff (since it better copes with the renames) from 5.7.0-1 in buster
with the deletions excluded is attached. Obviously still needs a dch -r :-)
unblock papi/5.7.0+dfsg-1
Thanks for considering,
Andreas
diff --git a/debian/changelog b/debian/changelog
index d019e5d..2c87196 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
+papi (5.7.0+dfsg-1) UNRELEASED; urgency=medium
+
+ * Repack upstream tarball to remove src/components/appio/tests/iozone/*
+which does not permit distribution of
Bug#930238: marked as done (unblock: zfs-linux/0.7.12-2+deb10u1 [t-p-u])
Your message dated Sun, 16 Jun 2019 15:42:40 +0100
with message-id <20190616144240.ga6...@powdarrmonkey.net>
and subject line Re: Bug#930238: unblock: zfs-linux/0.7.12-2+deb10u1 [t-p-u]
has caused the Debian Bug report #930238,
regarding unblock: zfs-linux/0.7.12-2+deb10u1 [t-p-u]
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
930238: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930238
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package zfs-linux
Following
https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#t-p-u
I've not uploaded it yet but asking for permission first.
(explain the reason for the unblock here)
Fix a GRAVE stable RC due to linux's unexporting several
fpu-related symbols:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929929
This is the very only purpose of this upload.
The solution in this upload is cherry-picked from upstream,
which directly disable the SIMD thing for linux (>= 4.19.38).
I scanned the rest historical patches we have applied to
zfs 0.7.12. Some of them fix crashes and segfaults but they
don't look fatal enough and would inflate the debdiff hence
incur rejection. Let's forget them.
I've tested this patch on Buster with a manually-built
4.19.48 kernel (make defconfig, make, make bindeb-pkg).
Full source:
https://people.debian.org/~lumin/upload/zfs-linux_0.7.12-2+deb10u1_source.changes
Debdiff: attached.
(include/attach the debdiff against the package in testing)
unblock zfs-linux/0.7.12-2+deb10u1
diff --git a/debian/changelog b/debian/changelog
index 41d4a9fe..e6aad323 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+zfs-linux (0.7.12-2+deb10u1) testing-proposed-updates; urgency=high
+
+ * Patch: Disable SIMD on 4.19.37+ or 5.0+ kernels. (Closes: #929929)
+
+ -- Mo Zhou Sun, 09 Jun 2019 03:17:40 +
+
zfs-linux (0.7.12-2) unstable; urgency=medium
[ Colin Ian King ]
diff --git a/debian/patches/e22bfd814960295029ca41c8e116e8d516d3e730.patch b/debian/patches/e22bfd814960295029ca41c8e116e8d516d3e730.patch
new file mode 100644
index ..ceb02ca2
--- /dev/null
+++ b/debian/patches/e22bfd814960295029ca41c8e116e8d516d3e730.patch
@@ -0,0 +1,404 @@
+From e22bfd814960295029ca41c8e116e8d516d3e730 Mon Sep 17 00:00:00 2001
+From: Tony Hutter
+Date: Fri, 11 Jan 2019 18:01:28 -0800
+Subject: [PATCH] Linux 5.0 compat: Disable vector instructions on 5.0+ kernels
+
+The 5.0 kernel no longer exports the functions we need to do vector
+(SSE/SSE2/SSE3/AVX...) instructions. Disable vector-based checksum
+algorithms when building against those kernels.
+
+Reviewed-by: Brian Behlendorf
+Signed-off-by: Tony Hutter
+Closes #8259
+---
+ config/kernel-fpu.m4 | 41 ++---
+ include/linux/simd_x86.h | 127 +++
+ 2 files changed, 134 insertions(+), 34 deletions(-)
+
+diff --git a/config/kernel-fpu.m4 b/config/kernel-fpu.m4
+index 1c5690969d4..671fe7ea54e 100644
+--- a/config/kernel-fpu.m4
b/config/kernel-fpu.m4
+@@ -1,18 +1,41 @@
++dnl #
++dnl # Handle differences in kernel FPU code.
+ dnl #
+-dnl # 4.2 API change
+-dnl # asm/i387.h is replaced by asm/fpu/api.h
++dnl # Kernel
++dnl # 5.0: All kernel fpu functions are GPL only, so we can't use them.
++dnl # (nothing defined)
++dnl #
++dnl # 4.2: Use __kernel_fpu_{begin,end}()
++dnl # HAVE_UNDERSCORE_KERNEL_FPU & KERNEL_EXPORTS_X86_FPU
++dnl #
++dnl # Pre-4.2: Use kernel_fpu_{begin,end}()
++dnl # HAVE_KERNEL_FPU & KERNEL_EXPORTS_X86_FPU
+ dnl #
+ AC_DEFUN([ZFS_AC_KERNEL_FPU], [
+- AC_MSG_CHECKING([whether asm/fpu/api.h exists])
++ AC_MSG_CHECKING([which kernel_fpu function to use])
+ ZFS_LINUX_TRY_COMPILE([
+- #include
+- #include
++ #include
++ #include
+ ],[
+- __kernel_fpu_begin();
++ kernel_fpu_begin();
++ kernel_fpu_end();
+ ],[
+- AC_MSG_RESULT(yes)
+- AC_DEFINE(HAVE_FPU_API_H, 1, [kernel has interface])
++ AC_MSG_RESULT(kernel_fpu_*)
++ AC_DEFINE(HAVE_KERNEL_FPU, 1, [kernel has kernel_fpu_* functions])
++ AC_DEFINE(KERNEL_EXPORTS_X86_FPU, 1, [kernel exports FPU functions])
+ ],[
+- AC_MSG_RESULT(no)
++ ZFS_LINUX_TRY_COMPILE([
++ #include
++ #include
++ ],[
++ __kernel_fpu_begin();
++ __kernel_fpu_end();
++ ],[
++ AC_MSG_RESULT(__kernel_fpu_*)
++ AC_DEFINE(HAVE_UNDERSCORE_KERNEL_FPU, 1, [kernel has __kernel_fpu_* functions])
++ AC_DEFINE(KERNEL_EXPORTS_X86_FPU, 1, [kernel exports FPU functions])
++ ],[
++ AC_MSG_RESULT(not
Bug#930617: marked as done (unblock: debian-security-support/2019.06.13)
Your message dated Sun, 16 Jun 2019 14:29:47 + with message-id and subject line unblock debian-security-support has caused the Debian Bug report #930617, regarding unblock: debian-security-support/2019.06.13 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 930617: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930617 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-security-support, the changes are rather trivial, yet with the nice result of all included translations to being complete now: $ debdiff debian-security-support_2019.06.01.dsc debian-security-support_2019.06.13.dsc|diffstat debian/changelog| 12 po/cs.po| 24 +++- po/da.po| 26 +- security-support-ended.deb8 |1 + 4 files changed, 37 insertions(+), 26 deletions(-) full debdiff attached. unblock debian-security-support/2019.06.13 -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C In Europe there are people prosecuted by courts because they saved other people from drowning in the Mediterranean Sea. That is almost as absurd as if there were people being prosecuted because they save humans from drowning in the sea. diff -Nru debian-security-support-2019.06.01/debian/changelog debian-security-support-2019.06.13/debian/changelog --- debian-security-support-2019.06.01/debian/changelog 2019-06-01 17:44:00.0 +0200 +++ debian-security-support-2019.06.13/debian/changelog 2019-06-13 18:27:05.0 +0200 @@ -1,3 +1,15 @@ +debian-security-support (2019.06.13) unstable; urgency=medium + + [ Emilio Pozuelo Monfort ] + * Add mysql-5.5 to security-support-ended.deb8. + + * Translation updates: +- Danish, thanks to Joe Dalton. Closes: #929941. +- Czech, thanks to Michal Simunek. Closes: #930384. +- this means all included translations are uptodate, yay! + + -- Holger Levsen Thu, 13 Jun 2019 18:27:05 +0200 + debian-security-support (2019.06.01) unstable; urgency=medium * New translations: diff -Nru debian-security-support-2019.06.01/po/cs.po debian-security-support-2019.06.13/po/cs.po --- debian-security-support-2019.06.01/po/cs.po 2018-03-16 15:39:59.0 +0100 +++ debian-security-support-2019.06.13/po/cs.po 2019-06-12 18:27:03.0 +0200 @@ -1,14 +1,14 @@ # Czech PO debconf template translation of debian-security-support. # Copyright (C) 2014 Michal Simunek # This file is distributed under the same license as the debian-security-support package. -# Michal Simunek , 2014. +# Michal Simunek , 2014 - 2019. # msgid "" msgstr "" -"Project-Id-Version: debian-security-support 2014.05.16\n" +"Project-Id-Version: debian-security-support 2019.05.23\n" "Report-Msgid-Bugs-To: debian-security-supp...@packages.debian.org\n" "POT-Creation-Date: 2016-06-07 12:13+0200\n" -"PO-Revision-Date: 2014-06-20 09:15+0200\n" +"PO-Revision-Date: 2019-06-11 20:15+0200\n" "Last-Translator: Michal Simunek \n" "Language-Team: Czech \n" "Language: cs\n" @@ -22,6 +22,8 @@ "Unknown DEBIAN_VERSION $DEBIAN_VERSION. Valid values from " "$DEB_LOWEST_VER_ID and $DEB_NEXT_VER_ID" msgstr "" +"Neznámá verze Debianu $DEBIAN_VERSION. Platné hodnoty od " +"$DEB_LOWEST_VER_ID a $DEB_NEXT_VER_ID" #: ../check-support-status.in:63 msgid "Failed to parse the command line parameters" @@ -38,12 +40,12 @@ #: ../check-support-status.in:117 msgid "E: Need a --type if --list is given" -msgstr "" +msgstr "E: Je-li zadán --list, je třeba zadat --type" #: ../check-support-status.in:130 #, sh-format msgid "E: Unknown --type '$TYPE'" -msgstr "" +msgstr "E: Neznámý --type '$TYPE'" #: ../check-support-status.in:152 msgid "E: Cannot detect dpkg version, assuming wheezy or newer" @@ -52,18 +54,16 @@ "wheezy nebo novější" #: ../check-support-status.in:282 -#, fuzzy msgid "Future end of support for one or more packages" -msgstr "Omezená bezpečnostní podpora jednoho nebo více balíčků" +msgstr "Budoucí omezená bezpečnostní podpora jednoho nebo více balíčků" #: ../check-support-status.in:285 -#, fuzzy msgid "" "Unfortunately, it will be necessary to end security support for some " "packages before the end of the regular security maintenance life " "cycle."
Bug#930615: marked as done (unblock: qscintilla2/2.10.4+dfsg-2.1)
Your message dated Sun, 16 Jun 2019 14:25:37 +
with message-id
and subject line unblock qscintilla2
has caused the Debian Bug report #930615,
regarding unblock: qscintilla2/2.10.4+dfsg-2.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
930615: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930615
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package qscintilla2
Add a Breaks against an ancient predecessor package that gets crippled
on some upgrade paths due to Replaces being used without Breaks.
unblock qscintilla2/2.10.4+dfsg-2.1
Andreas
diff -Nru qscintilla2-2.10.4+dfsg/debian/changelog
qscintilla2-2.10.4+dfsg/debian/changelog
--- qscintilla2-2.10.4+dfsg/debian/changelog2019-02-21 19:34:03.0
+0100
+++ qscintilla2-2.10.4+dfsg/debian/changelog2019-06-16 14:55:29.0
+0200
@@ -1,3 +1,13 @@
+qscintilla2 (2.10.4+dfsg-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * libqscintilla2-qt4-13: Add Breaks against libqscintilla2-3 from lenny
+since some upgrade paths uncleanly delete files, causing debsums to
+complain about missing /usr/share/qt4/translations/qscintilla_ru.qm.
+(Closes: #925403)
+
+ -- Andreas Beckmann Sun, 16 Jun 2019 14:55:29 +0200
+
qscintilla2 (2.10.4+dfsg-2) unstable; urgency=medium
[ Scott Kitterman ]
diff -Nru qscintilla2-2.10.4+dfsg/debian/control
qscintilla2-2.10.4+dfsg/debian/control
--- qscintilla2-2.10.4+dfsg/debian/control 2019-02-21 19:34:03.0
+0100
+++ qscintilla2-2.10.4+dfsg/debian/control 2019-03-24 11:03:41.0
+0100
@@ -39,6 +39,7 @@
${misc:Depends},
${shlibs:Depends}
Pre-Depends: ${misc:Pre-Depends}
+Breaks: libqscintilla2-3
Suggests: libqscintilla2-doc
Description: Qt4 port of the Scintilla source code editing widget
QScintilla is a text editor for Qt4 with features especially useful when
--- End Message ---
--- Begin Message ---
Unblocked qscintilla2.--- End Message ---
Bug#930610: marked as done (unblock: tenshi/0.13-2.1)
Your message dated Sun, 16 Jun 2019 14:25:03 +
with message-id
and subject line unblock tenshi
has caused the Debian Bug report #930610,
regarding unblock: tenshi/0.13-2.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
930610: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930610
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package tenshi
This upload is primarily intended to fix the version ordering violation
introduced by the CVE fix in wheezy-lts that never went into sid or
stretch:
tenshi | 0.11-2| squeeze | source, all
tenshi | 0.13-2| wheezy | source, all
tenshi | 0.13-2| stretch | source, all
tenshi | 0.13-2| buster | source, all
tenshi | 0.13-2| sid | source, all
tenshi | 0.13-2+deb7u1 | wheezy-security | source, all
This is a rebuild of 0.13-2+deb7u1 for sid. I'll follow up with
0.13-2.1~deb9u1 for stretch.
unblock tenshi/0.13-2.1
Andreas
diff -Nru tenshi-0.13/debian/changelog tenshi-0.13/debian/changelog
--- tenshi-0.13/debian/changelog2012-02-13 05:30:17.0 +0100
+++ tenshi-0.13/debian/changelog2019-06-16 14:24:39.0 +0200
@@ -1,3 +1,19 @@
+tenshi (0.13-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Upload to unstable.
+ * Drop DMUA.
+
+ -- Andreas Beckmann Sun, 16 Jun 2019 14:24:39 +0200
+
+tenshi (0.13-2+deb7u1) wheezy-security; urgency=high
+
+ * Non-maintainer upload by the Debian LTS team.
+ * Fix CVE-2017-11746: PID file issue allows local users to kill arbitrary
+processes (Closes: #871321)
+
+ -- Lucas Kanashiro Sun, 27 Aug 2017 14:47:19 -0300
+
tenshi (0.13-2) unstable; urgency=low
* debian/init:
diff -Nru tenshi-0.13/debian/control tenshi-0.13/debian/control
--- tenshi-0.13/debian/control 2012-02-10 05:23:20.0 +0100
+++ tenshi-0.13/debian/control 2019-06-16 13:55:10.0 +0200
@@ -2,7 +2,6 @@
Section: admin
Priority: optional
Maintainer: Ignace Mouzannar
-DM-Upload-Allowed: yes
Build-Depends: debhelper (>= 7.0.8)
Standards-Version: 3.9.2
Vcs-Svn: svn://svn.debian.org/collab-maint/ext-maint/tenshi/trunk/
diff -Nru tenshi-0.13/debian/patches/CVE-2017-11746.patch
tenshi-0.13/debian/patches/CVE-2017-11746.patch
--- tenshi-0.13/debian/patches/CVE-2017-11746.patch 1970-01-01
01:00:00.0 +0100
+++ tenshi-0.13/debian/patches/CVE-2017-11746.patch 2017-08-27
19:53:26.0 +0200
@@ -0,0 +1,36 @@
+Description: save PID after forking but before changing privileges
+ This is an adaptation of upstream commit
+ (d0e7f28c13ffbd5888b31d6532c2faf78f10f176) that fixes CVE-2017-11746. It was
+ written by Andrea Barisani.
+Author: Lucas Kanashiro
+Last-Updated: 2017-08-27
+
+--- a/tenshi
b/tenshi
+@@ -122,8 +122,6 @@ if ($listen) {
+
+ $SIG{'CHLD'} = sub { $debug && debug(5,'CHLD') ; print RED "[ERROR] Child
died. Bailing out\n"; $time_to_die = 1; };
+
+-prepare_process();
+-
+ #
+ # sanity checks
+ #
+@@ -242,8 +240,6 @@ if (!($debug || $profile || $foreground)
+ daemonize();
+ }
+
+-save_pid();
+-
+ while (!$time_to_die) {
+ my $now = time;
+
+@@ -963,6 +959,8 @@ sub daemonize {
+ defined(my $pid = fork) or clean_up and die RED "[ERROR] can't fork:
$!\n";
+ exit if $pid;
+ setsid()or clean_up and die RED "[ERROR] can't start
a new session: $!\n";
++save_pid();
++prepare_process();
+ }
+
+ sub save_pid {
diff -Nru tenshi-0.13/debian/patches/series tenshi-0.13/debian/patches/series
--- tenshi-0.13/debian/patches/series 2012-02-10 04:37:37.0 +0100
+++ tenshi-0.13/debian/patches/series 2017-08-26 20:50:46.0 +0200
@@ -1,2 +1,3 @@
10-Makefile.diff
20-manpage.diff
+CVE-2017-11746.patch
--- End Message ---
--- Begin Message ---
Unblocked tenshi.--- End Message ---
Bug#930597: unblock: pikepdf/1.0.5+dfsg-3 -- redux
Control: tags -1 confirmed moreinfo Hi, On Sun, Jun 16, 2019 at 10:37:01AM +0100, Sean Whitton wrote: > pikepdf 1.0.5+dfsg-3 was unblocked by nthykier but has not migrated: > > Migration status: Blocked. Can't migrate due to a non-migratable > dependency. Check status below. > Blocked by: gcc-8 > 48 days old (2 needed) > > People in #debian-release told me I should ask whether I can upload > pikepdf to testing-proposed-updates to bypass this problem. OK. Please remove the moreinfo tag from this bug once the upload is ready to be unblocked. > (I guess with version number 1.0.5+dfsg-2+deb10u1 ?) No. For a rebuild of 1.0.5+dfsg-3, the preferred version is 1.0.5+dfsg-3~deb10u1 (with the changelog entry for 1.0.5+dfsg-3 also in the changelog). For patches on top of 1.0.5+dfsg-2 (but not a rebuild of a newer version), the version would have been 1.0.5+dfsg-2+deb10u1, as you suggested. Please set the distribution in the changelog to 'buster' (not 'testing' or 'testing-proposed-updates'). Thanks, Ivo
Processed: Re: unblock: pikepdf/1.0.5+dfsg-3 -- redux
Processing control commands: > tags -1 confirmed moreinfo Bug #930597 [release.debian.org] unblock: pikepdf/1.0.5+dfsg-3 -- redux Added tag(s) moreinfo and confirmed. -- 930597: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930597 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#930617: unblock: debian-security-support/2019.06.13
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-security-support, the changes are rather trivial, yet with the nice result of all included translations to being complete now: $ debdiff debian-security-support_2019.06.01.dsc debian-security-support_2019.06.13.dsc|diffstat debian/changelog| 12 po/cs.po| 24 +++- po/da.po| 26 +- security-support-ended.deb8 |1 + 4 files changed, 37 insertions(+), 26 deletions(-) full debdiff attached. unblock debian-security-support/2019.06.13 -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C In Europe there are people prosecuted by courts because they saved other people from drowning in the Mediterranean Sea. That is almost as absurd as if there were people being prosecuted because they save humans from drowning in the sea. diff -Nru debian-security-support-2019.06.01/debian/changelog debian-security-support-2019.06.13/debian/changelog --- debian-security-support-2019.06.01/debian/changelog 2019-06-01 17:44:00.0 +0200 +++ debian-security-support-2019.06.13/debian/changelog 2019-06-13 18:27:05.0 +0200 @@ -1,3 +1,15 @@ +debian-security-support (2019.06.13) unstable; urgency=medium + + [ Emilio Pozuelo Monfort ] + * Add mysql-5.5 to security-support-ended.deb8. + + * Translation updates: +- Danish, thanks to Joe Dalton. Closes: #929941. +- Czech, thanks to Michal Simunek. Closes: #930384. +- this means all included translations are uptodate, yay! + + -- Holger Levsen Thu, 13 Jun 2019 18:27:05 +0200 + debian-security-support (2019.06.01) unstable; urgency=medium * New translations: diff -Nru debian-security-support-2019.06.01/po/cs.po debian-security-support-2019.06.13/po/cs.po --- debian-security-support-2019.06.01/po/cs.po 2018-03-16 15:39:59.0 +0100 +++ debian-security-support-2019.06.13/po/cs.po 2019-06-12 18:27:03.0 +0200 @@ -1,14 +1,14 @@ # Czech PO debconf template translation of debian-security-support. # Copyright (C) 2014 Michal Simunek # This file is distributed under the same license as the debian-security-support package. -# Michal Simunek , 2014. +# Michal Simunek , 2014 - 2019. # msgid "" msgstr "" -"Project-Id-Version: debian-security-support 2014.05.16\n" +"Project-Id-Version: debian-security-support 2019.05.23\n" "Report-Msgid-Bugs-To: debian-security-supp...@packages.debian.org\n" "POT-Creation-Date: 2016-06-07 12:13+0200\n" -"PO-Revision-Date: 2014-06-20 09:15+0200\n" +"PO-Revision-Date: 2019-06-11 20:15+0200\n" "Last-Translator: Michal Simunek \n" "Language-Team: Czech \n" "Language: cs\n" @@ -22,6 +22,8 @@ "Unknown DEBIAN_VERSION $DEBIAN_VERSION. Valid values from " "$DEB_LOWEST_VER_ID and $DEB_NEXT_VER_ID" msgstr "" +"Neznámá verze Debianu $DEBIAN_VERSION. Platné hodnoty od " +"$DEB_LOWEST_VER_ID a $DEB_NEXT_VER_ID" #: ../check-support-status.in:63 msgid "Failed to parse the command line parameters" @@ -38,12 +40,12 @@ #: ../check-support-status.in:117 msgid "E: Need a --type if --list is given" -msgstr "" +msgstr "E: Je-li zadán --list, je třeba zadat --type" #: ../check-support-status.in:130 #, sh-format msgid "E: Unknown --type '$TYPE'" -msgstr "" +msgstr "E: Neznámý --type '$TYPE'" #: ../check-support-status.in:152 msgid "E: Cannot detect dpkg version, assuming wheezy or newer" @@ -52,18 +54,16 @@ "wheezy nebo novější" #: ../check-support-status.in:282 -#, fuzzy msgid "Future end of support for one or more packages" -msgstr "Omezená bezpečnostní podpora jednoho nebo více balíčků" +msgstr "Budoucí omezená bezpečnostní podpora jednoho nebo více balíčků" #: ../check-support-status.in:285 -#, fuzzy msgid "" "Unfortunately, it will be necessary to end security support for some " "packages before the end of the regular security maintenance life " "cycle." msgstr "" -"U některých balíčků bylo bohužel nutné ukončit bezpečnostní podporu " +"U některých balíčků bude bohužel nutné ukončit bezpečnostní podporu " "před koncem životního cyklu běžně poskytované bezpečnostní podpory." #: ../check-support-status.in:288 ../check-support-status.in:298 @@ -98,11 +98,9 @@ "U některých balíčků bylo bohužel nutné omezit bezpečnostní podporu." #: ../check-support-status.in:320 -#, fuzzy, sh-format +#, sh-format msgid "* Source:$SRC_NAME, will end on $ALERT_WHEN" -msgstr "" -"* Zdrojový balíček: $SRC_NAME, podpora ukončena $ALERT_WHEN u verze " -"$ALERT_VERSION" +msgstr "* Zdrojový balíček: $SRC_NAME, podpora skončí $ALERT_WHEN" #: ../check-support-status.in:323 #, sh-format diff -Nru debian-security-support-2019.06.01/po/da.po
Bug#929318: unblock: papi/5.7.0+dfsg-1
On 16/06/2019 14.59, Jonathan Wiltshire wrote: > On Sun, Jun 09, 2019 at 11:00:10PM +0200, Andreas Beckmann wrote: >> The transition from libpapi5 to libpapi5.7 will require only a single >> binNMU: eztrace. > > Scheduled and will monitor. The extra-depends is not valid for s390x (and some non-release architectures) which does not build papi at all. Andreas
Bug#930616: unblock: vim/2:8.1.0875-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package vim This is a follow up to the previous fixes for CVE-2019-12735. Upstream added a new option (disabled by default) to control whether expressions can be evaluated in modelines, so that modelines are further restricted. unblock vim/2:8.1.0875-5 -- System Information: Debian Release: 10.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diffstat for vim-8.1.0875 vim-8.1.0875 changelog | 12 gbp.conf|2 patches/patch-8.1.1366-using-expressions-in-a-modeline-is-unsafe.patch | 588 ++ patches/patch-8.1.1367-can-set-modelineexpr-in-modeline.patch | 54 patches/patch-8.1.1368-modeline-test-fails-with-python-but-withou.patch | 42 patches/patch-8.1.1382-error-when-editing-test-file.patch | 71 + patches/patch-8.1.1401-misspelled-mkspellmem-as-makespellmem.patch | 69 + patches/series |5 8 files changed, 842 insertions(+), 1 deletion(-) diff -Nru vim-8.1.0875/debian/changelog vim-8.1.0875/debian/changelog --- vim-8.1.0875/debian/changelog 2019-06-07 06:49:19.0 -0400 +++ vim-8.1.0875/debian/changelog 2019-06-15 12:41:15.0 -0400 @@ -1,3 +1,15 @@ +vim (2:8.1.0875-5) unstable; urgency=medium + + * gbp.conf: Set debian-tag to debian/%(version)s + * Backport 'modelineexpr' patches to further restrict modelines ++ 8.1.1366: Using expressions in a modeline is unsafe ++ 8.1.1367: can set 'modelineexpr' in modeline ++ 8.1.1368: Modeline test fails with python but without pythonhome ++ 8.1.1382: Error when editing test file ++ 8.1.1401: misspelled mkspellmem as makespellmem (test fix) + + -- James McCoy Sat, 15 Jun 2019 12:41:15 -0400 + vim (2:8.1.0875-4) unstable; urgency=high * Backport 8.1.1046 and 8.1.1365 to fix CVE-2019-12735 (Closes: #930020) diff -Nru vim-8.1.0875/debian/gbp.conf vim-8.1.0875/debian/gbp.conf --- vim-8.1.0875/debian/gbp.conf2019-06-07 06:49:19.0 -0400 +++ vim-8.1.0875/debian/gbp.conf2019-06-15 12:41:15.0 -0400 @@ -1,6 +1,6 @@ [DEFAULT] upstream-tag = v%(version)s -debian-tag = v%(version)s +debian-tag = debian/%(version)s debian-branch = debian/sid [pq] diff -Nru vim-8.1.0875/debian/patches/patch-8.1.1366-using-expressions-in-a-modeline-is-unsafe.patch vim-8.1.0875/debian/patches/patch-8.1.1366-using-expressions-in-a-modeline-is-unsafe.patch --- vim-8.1.0875/debian/patches/patch-8.1.1366-using-expressions-in-a-modeline-is-unsafe.patch 1969-12-31 19:00:00.0 -0500 +++ vim-8.1.0875/debian/patches/patch-8.1.1366-using-expressions-in-a-modeline-is-unsafe.patch 2019-06-15 12:41:15.0 -0400 @@ -0,0 +1,588 @@ +From: Bram Moolenaar +Date: Thu, 23 May 2019 15:38:06 +0200 +Subject: patch 8.1.1366: using expressions in a modeline is unsafe + +Problem:Using expressions in a modeline is unsafe. +Solution: Disallow using expressions in a modeline, unless the +'modelineexpr' option is set. Update help, add more tests. + +(cherry picked from commit 110289e78195b6d01e1e6ad26ad450de476d41c1) + +Signed-off-by: James McCoy +--- + runtime/doc/options.txt | 69 +++- + src/option.c | 35 ++-- + src/option.h | 1 + + src/testdir/test49.in | 2 +- + src/testdir/test_modeline.vim | 93 +++ + src/version.c | 2 + + 6 files changed, 169 insertions(+), 33 deletions(-) + +diff --git a/runtime/doc/options.txt b/runtime/doc/options.txt +index c269fea..7b25f20 100644 +--- a/runtime/doc/options.txt b/runtime/doc/options.txt +@@ -1,4 +1,4 @@ +-*options.txt* For Vim version 8.1. Last change: 2019 Feb 03 ++*options.txt* For Vim version 8.1. Last change: 2019 May 23 + + + VIM REFERENCE MANUALby Bram Moolenaar +@@ -588,14 +588,17 @@ backslash in front of the ':' will be removed. Example: +/* vi:set dir=c\:\tmp: */ ~ + This sets the 'dir' option to "c:\tmp". Only a single backslash before the + ':' is removed. Thus to include "\:" you have to specify "\\:". +- ++ *E992* + No other commands than "set" are supported, for security reasons (somebody + might create a Trojan horse text file with modelines). And not all options +-can be
Bug#930615: unblock: qscintilla2/2.10.4+dfsg-2.1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package qscintilla2
Add a Breaks against an ancient predecessor package that gets crippled
on some upgrade paths due to Replaces being used without Breaks.
unblock qscintilla2/2.10.4+dfsg-2.1
Andreas
diff -Nru qscintilla2-2.10.4+dfsg/debian/changelog
qscintilla2-2.10.4+dfsg/debian/changelog
--- qscintilla2-2.10.4+dfsg/debian/changelog2019-02-21 19:34:03.0
+0100
+++ qscintilla2-2.10.4+dfsg/debian/changelog2019-06-16 14:55:29.0
+0200
@@ -1,3 +1,13 @@
+qscintilla2 (2.10.4+dfsg-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * libqscintilla2-qt4-13: Add Breaks against libqscintilla2-3 from lenny
+since some upgrade paths uncleanly delete files, causing debsums to
+complain about missing /usr/share/qt4/translations/qscintilla_ru.qm.
+(Closes: #925403)
+
+ -- Andreas Beckmann Sun, 16 Jun 2019 14:55:29 +0200
+
qscintilla2 (2.10.4+dfsg-2) unstable; urgency=medium
[ Scott Kitterman ]
diff -Nru qscintilla2-2.10.4+dfsg/debian/control
qscintilla2-2.10.4+dfsg/debian/control
--- qscintilla2-2.10.4+dfsg/debian/control 2019-02-21 19:34:03.0
+0100
+++ qscintilla2-2.10.4+dfsg/debian/control 2019-03-24 11:03:41.0
+0100
@@ -39,6 +39,7 @@
${misc:Depends},
${shlibs:Depends}
Pre-Depends: ${misc:Pre-Depends}
+Breaks: libqscintilla2-3
Suggests: libqscintilla2-doc
Description: Qt4 port of the Scintilla source code editing widget
QScintilla is a text editor for Qt4 with features especially useful when
Bug#930491: marked as done (unblock: gnutls28/3.6.7-4)
Your message dated Sun, 16 Jun 2019 14:27:07 +0100
with message-id <20190616132707.ga30...@powdarrmonkey.net>
and subject line Re: Bug#930491: unblock: gnutls28/3.6.7-4
has caused the Debian Bug report #930491,
regarding unblock: gnutls28/3.6.7-4
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
930491: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930491
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package gnutls28. This upload cherry-picks the
recommended fixes[1] from upstream latest stable release (3.6.8) and fixes
#929907.
+ 40_rel3.6.8_01-gnutls_srp_entry_free-follow-consistent-behavior-in.patch
The gnutls_srp_set_server_credentials_function can be used with the 8192
parameters as well.
https://gitlab.com/gnutls/gnutls/issues/761
+ 40_rel3.6.8_05-lib-nettle-fix-carry-flag-in-Streebog-code.patch
Fix calculation of Streebog digests (incorrect carry operation in
512 bit addition).
+ 40_rel3.6.8_10-ext-record_size_limit-distinguish-sending-and-receiv.patch
Fix compatibility of GnuTLS 3.6.[456] server with GnuTLS 3.6.7 client.
Closes: #929907
+ 40_rel3.6.8_15-Apply-STD3-ASCII-rules-in-gnutls_idna_map.patch
Apply STD3 ASCII rules in gnutls_idna_map() to prevent hostname/domain
crafting via IDNA conversion.
https://gitlab.com/gnutls/gnutls/issues/720
+ 40_rel3.6.8_20-pubkey-remove-deprecated-TLS1_RSA-flag-check.patch
Fixed bug preventing the use of gnutls_pubkey_verify_data2() and
gnutls_pubkey_verify_hash2() with the GNUTLS_VERIFY_DISABLE_CA_SIGN
flag.
https://gitlab.com/gnutls/gnutls/issues/754
(explain the reason for the unblock here)
(include/attach the debdiff against the package in testing)
unblock gnutls28/3.6.7-4
cu Andreas
[1] https://lists.gnutls.org/pipermail/gnutls-help/2019-June/004552.html
I have left out the fix for the DH security hardening measure in this
upload as adds new symbols.
[The following lists of changes regard files as different if they have
different names, permissions or owners.]
Files only in first set of .debs, found in package libgnutls-dane0-dbgsym
-
-rw-r--r-- root/root
/usr/lib/debug/.build-id/d5/67cd17694664c4204ff158450183359925afb1.debug
Files only in first set of .debs, found in package libgnutls-openssl27-dbgsym
-
-rw-r--r-- root/root
/usr/lib/debug/.build-id/6c/cd7f2e8735b2f7448f0757271b8413bbaac807.debug
Files only in first set of .debs, found in package libgnutls30-dbgsym
-
-rw-r--r-- root/root
/usr/lib/debug/.build-id/fe/becd51bb621afd4a8f0352f55d6c2ed96df57a.debug
New files in second set of .debs, found in package libgnutls-dane0-dbgsym
-
-rw-r--r-- root/root
/usr/lib/debug/.build-id/d3/28298de34135fca5f236357f2f2dd56cb109f3.debug
New files in second set of .debs, found in package libgnutls-openssl27-dbgsym
-
-rw-r--r-- root/root
/usr/lib/debug/.build-id/fe/4c3c0c38af44779c38ae5d1e187b6250f7afe0.debug
New files in second set of .debs, found in package libgnutls30-dbgsym
-
-rw-r--r-- root/root
/usr/lib/debug/.build-id/4d/66d28cd2e7537e1e1d2905595b260226b22ad2.debug
Control files of package gnutls-bin: lines which differ (wdiff format)
--
Version: [-3.6.7-3-] {+3.6.7-4+}
Control files of package gnutls-bin-dbgsym: lines which differ (wdiff format)
-
Depends: gnutls-bin (= [-3.6.7-3)-] {+3.6.7-4)+}
Version: [-3.6.7-3-] {+3.6.7-4+}
Control files of package gnutls-doc: lines which differ (wdiff format)
--
Version: [-3.6.7-3-] {+3.6.7-4+}
Control files of package libgnutls-dane0: lines which differ (wdiff format)
---
Depends: libgnutls30 (= [-3.6.7-3),-] {+3.6.7-4),+} libc6 (>= 2.14),
libunbound8 (>= 1.8.0)
Version: [-3.6.7-3-] {+3.6.7-4+}
Control files of package libgnutls-dane0-dbgsym: lines which differ (wdiff
format)
Bug#929318: unblock: papi/5.7.0+dfsg-1
On Sun, Jun 09, 2019 at 11:00:10PM +0200, Andreas Beckmann wrote: > The transition from libpapi5 to libpapi5.7 will require only a single > binNMU: eztrace. Scheduled and will monitor. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Bug#930610: unblock: tenshi/0.13-2.1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package tenshi
This upload is primarily intended to fix the version ordering violation
introduced by the CVE fix in wheezy-lts that never went into sid or
stretch:
tenshi | 0.11-2| squeeze | source, all
tenshi | 0.13-2| wheezy | source, all
tenshi | 0.13-2| stretch | source, all
tenshi | 0.13-2| buster | source, all
tenshi | 0.13-2| sid | source, all
tenshi | 0.13-2+deb7u1 | wheezy-security | source, all
This is a rebuild of 0.13-2+deb7u1 for sid. I'll follow up with
0.13-2.1~deb9u1 for stretch.
unblock tenshi/0.13-2.1
Andreas
diff -Nru tenshi-0.13/debian/changelog tenshi-0.13/debian/changelog
--- tenshi-0.13/debian/changelog2012-02-13 05:30:17.0 +0100
+++ tenshi-0.13/debian/changelog2019-06-16 14:24:39.0 +0200
@@ -1,3 +1,19 @@
+tenshi (0.13-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Upload to unstable.
+ * Drop DMUA.
+
+ -- Andreas Beckmann Sun, 16 Jun 2019 14:24:39 +0200
+
+tenshi (0.13-2+deb7u1) wheezy-security; urgency=high
+
+ * Non-maintainer upload by the Debian LTS team.
+ * Fix CVE-2017-11746: PID file issue allows local users to kill arbitrary
+processes (Closes: #871321)
+
+ -- Lucas Kanashiro Sun, 27 Aug 2017 14:47:19 -0300
+
tenshi (0.13-2) unstable; urgency=low
* debian/init:
diff -Nru tenshi-0.13/debian/control tenshi-0.13/debian/control
--- tenshi-0.13/debian/control 2012-02-10 05:23:20.0 +0100
+++ tenshi-0.13/debian/control 2019-06-16 13:55:10.0 +0200
@@ -2,7 +2,6 @@
Section: admin
Priority: optional
Maintainer: Ignace Mouzannar
-DM-Upload-Allowed: yes
Build-Depends: debhelper (>= 7.0.8)
Standards-Version: 3.9.2
Vcs-Svn: svn://svn.debian.org/collab-maint/ext-maint/tenshi/trunk/
diff -Nru tenshi-0.13/debian/patches/CVE-2017-11746.patch
tenshi-0.13/debian/patches/CVE-2017-11746.patch
--- tenshi-0.13/debian/patches/CVE-2017-11746.patch 1970-01-01
01:00:00.0 +0100
+++ tenshi-0.13/debian/patches/CVE-2017-11746.patch 2017-08-27
19:53:26.0 +0200
@@ -0,0 +1,36 @@
+Description: save PID after forking but before changing privileges
+ This is an adaptation of upstream commit
+ (d0e7f28c13ffbd5888b31d6532c2faf78f10f176) that fixes CVE-2017-11746. It was
+ written by Andrea Barisani.
+Author: Lucas Kanashiro
+Last-Updated: 2017-08-27
+
+--- a/tenshi
b/tenshi
+@@ -122,8 +122,6 @@ if ($listen) {
+
+ $SIG{'CHLD'} = sub { $debug && debug(5,'CHLD') ; print RED "[ERROR] Child
died. Bailing out\n"; $time_to_die = 1; };
+
+-prepare_process();
+-
+ #
+ # sanity checks
+ #
+@@ -242,8 +240,6 @@ if (!($debug || $profile || $foreground)
+ daemonize();
+ }
+
+-save_pid();
+-
+ while (!$time_to_die) {
+ my $now = time;
+
+@@ -963,6 +959,8 @@ sub daemonize {
+ defined(my $pid = fork) or clean_up and die RED "[ERROR] can't fork:
$!\n";
+ exit if $pid;
+ setsid()or clean_up and die RED "[ERROR] can't start
a new session: $!\n";
++save_pid();
++prepare_process();
+ }
+
+ sub save_pid {
diff -Nru tenshi-0.13/debian/patches/series tenshi-0.13/debian/patches/series
--- tenshi-0.13/debian/patches/series 2012-02-10 04:37:37.0 +0100
+++ tenshi-0.13/debian/patches/series 2017-08-26 20:50:46.0 +0200
@@ -1,2 +1,3 @@
10-Makefile.diff
20-manpage.diff
+CVE-2017-11746.patch
Bug#930238: unblock: zfs-linux/0.7.12-2+deb10u1 [t-p-u]
On 2019-06-15 11:04, Paul Gevers wrote: On 14-06-2019 12:50, Aron Xu wrote: I have tested the package in a virtual machine on amd64 for linux/4.19.37-3 (buster) and a locally built updated linux kernel that breaks zfs-linux/0.7.12-2. The dkms package builds fine with both of the versions and zpool create/export/import works fine. Therefore, please unblock the t-p-u update for buster, thanks. I am probably asking a very stupid question, but ... The changes in the patch are in the source code. Do these dkms package work is such a way that the binaries are compiled every time that a kernel gets updated? I.e. a change in the source that checks for the kernel version actually results in a binary that works for that source? The whole point of dkms is to make sure that kernel modules available as source are made available to all installed kernels. So as long as the ABI version of the kernel changes (in Ubuntu with every upload, for us much more rarely) the module is recompiled. The corollary here is that it is not recompiled if the ABI version did not change because the module is assumed to still be compatible. (Our kernel maintainers also regularly ignore certain ABI changes they do not consider to actually be part of the ABI they support.) Kind regards Philipp Kern
Bug#928368: Bug#929318: unblock: papi/5.7.0+dfsg-1
Control: tag -1 - moreinfo On 15/06/2019 20.03, Paul Gevers wrote: >> The transition from libpapi5 to libpapi5.7 will require only a single >> binNMU: eztrace. > > Please go ahead and upload to unstable. Please remove the moreinfo tag > when the time is there to schedule the binNMU's. Thanks. The package is in sid, built on all release architectures and I verified that all reverse build-depends still build on amd64. Andreas
Processed: Re: Bug#929318: unblock: papi/5.7.0+dfsg-1
Processing control commands: > tag -1 - moreinfo Bug #928368 [release.debian.org] transition: papi Ignoring request to alter tags of bug #928368 to the same tags previously set -- 928368: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928368 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#930597: unblock: pikepdf/1.0.5+dfsg-3 -- redux
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
pikepdf 1.0.5+dfsg-3 was unblocked by nthykier but has not migrated:
Migration status: Blocked. Can't migrate due to a non-migratable
dependency. Check status below.
Blocked by: gcc-8
48 days old (2 needed)
People in #debian-release told me I should ask whether I can upload
pikepdf to testing-proposed-updates to bypass this problem.
(I guess with version number 1.0.5+dfsg-2+deb10u1 ?)
-- System Information:
Debian Release: 9.9
APT prefers stable
APT policy: (900, 'stable'), (500, 'stable-updates'), (500,
'proposed-updates')
Architecture: i386 (i686)
Kernel: Linux 4.9.0-9-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--
Sean Whitton
diff -Nru pikepdf-1.0.5+dfsg/debian/changelog
pikepdf-1.0.5+dfsg/debian/changelog
--- pikepdf-1.0.5+dfsg/debian/changelog 2019-02-27 22:33:07.0 +
+++ pikepdf-1.0.5+dfsg/debian/changelog 2019-04-29 02:23:41.0 +0100
@@ -1,3 +1,11 @@
+pikepdf (1.0.5+dfsg-3) unstable; urgency=medium
+
+ * Cherry pick upstream commit 4d22fe4 as
+Fix-issue-25-year-missing-leading-zero-on-some-platforms.patch
+(Closes: #928042).
+
+ -- Sean Whitton Sun, 28 Apr 2019 18:23:41 -0700
+
pikepdf (1.0.5+dfsg-2) unstable; urgency=medium
* Team upload.
diff -Nru
pikepdf-1.0.5+dfsg/debian/patches/Fix-issue-25-year-missing-leading-zero-on-some-platforms.patch
pikepdf-1.0.5+dfsg/debian/patches/Fix-issue-25-year-missing-leading-zero-on-some-platforms.patch
---
pikepdf-1.0.5+dfsg/debian/patches/Fix-issue-25-year-missing-leading-zero-on-some-platforms.patch
1970-01-01 01:00:00.0 +0100
+++
pikepdf-1.0.5+dfsg/debian/patches/Fix-issue-25-year-missing-leading-zero-on-some-platforms.patch
2019-04-29 02:23:41.0 +0100
@@ -0,0 +1,51 @@
+From: "James R. Barlow"
+Date: Tue, 12 Feb 2019 20:42:11 -0800
+Subject: Fix issue #25 - year missing leading zero on some platforms
+
+Closes #25
+
+(cherry picked from commit 4d22fe47912c518e8b3348aedccdac3f11ed81d7)
+---
+ src/pikepdf/models/metadata.py | 7 +--
+ tests/test_metadata.py | 3 ++-
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/pikepdf/models/metadata.py b/src/pikepdf/models/metadata.py
+index 1a0eeb2..65934cd 100644
+--- a/src/pikepdf/models/metadata.py
b/src/pikepdf/models/metadata.py
+@@ -121,8 +121,11 @@ def encode_pdf_date(d: datetime) -> str:
+ the local time.
+ """
+
+-pdfmark_date_fmt = r'%Y%m%d%H%M%S'
+-s = d.strftime(pdfmark_date_fmt)
++# The formatting of %Y is not consistent as described in
++# https://bugs.python.org/issue13305 and underspecification in libc.
++# So explicitly format the year with leading zeros
++s = "{:04d}".format(d.year)
++s += d.strftime(r'%m%d%H%M%S')
+ tz = d.strftime('%z')
+ if tz:
+ sign, tz_hours, tz_mins = tz[0], tz[1:3], tz[3:5]
+diff --git a/tests/test_metadata.py b/tests/test_metadata.py
+index 1d41878..41a879c 100644
+--- a/tests/test_metadata.py
b/tests/test_metadata.py
+@@ -3,7 +3,7 @@ from datetime import datetime, timezone, timedelta
+ import re
+
+ import pytest
+-from hypothesis import given
++from hypothesis import given, example
+ from hypothesis.strategies import integers
+ import pikepdf
+ from pikepdf import Pdf, Dictionary, Name, PasswordError, Stream
+@@ -252,6 +252,7 @@ def test_date_docinfo_from_xmp():
+ integers(0, 99),
+ integers(0, 99),
+ )
++@example(1, 1, 1, 0, 0, 0)
+ def test_random_dates(year, month, day, hour, mins, sec):
+ date_args = year, month, day, hour, mins, sec
+ xmp = '{:04d}-{:02d}-{:02d}T{:02d}:{:02d}:{:02d}'.format(*date_args)
diff -Nru pikepdf-1.0.5+dfsg/debian/patches/series
pikepdf-1.0.5+dfsg/debian/patches/series
--- pikepdf-1.0.5+dfsg/debian/patches/series2019-02-27 17:39:34.0
+
+++ pikepdf-1.0.5+dfsg/debian/patches/series2019-04-29 02:23:41.0
+0100
@@ -3,3 +3,4 @@
drop-setuptools_scm_git_archive-from-setup.py.patch
fix_xmp_metadata_without_xmpmeta_wrapper.patch
disable-test_docinfo_problems.patch
+Fix-issue-25-year-missing-leading-zero-on-some-platforms.patch
signature.asc
Description: PGP signature
Processed: Re: Bug#928111: [pre-approval] unblock: icu/63.2-1
Processing control commands: > tags -1 -moreinfo Bug #928111 [release.debian.org] [pre-approval] unblock: icu/63.2-1 Removed tag(s) moreinfo. -- 928111: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928111 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#930593: unblock: ompl/1.4.2+ds1-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package ompl
The libompl-dev package uses libeigen3-dev but was missing a dependency,
as reported in #930507. I removed it's Multi-Arch flag as well, as it
was wrong according to the hinter. Hope that's fine with you.
unblock ompl/1.4.2+ds1-2
-- System Information:
Debian Release: 10.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index 44a3482..617317e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+ompl (1.4.2+ds1-2) unstable; urgency=medium
+
+ * Team upload.
+ * Remove wrong MA hint (according to hinter)
+ * Add missing dependency (Closes: #930507)
+
+ -- Jochen Sprickerhof Sun, 16 Jun 2019 10:34:15 +0200
+
ompl (1.4.2+ds1-1) unstable; urgency=medium
* New upstream version.
diff --git a/debian/control b/debian/control
index b8c0900..baccfc8 100644
--- a/debian/control
+++ b/debian/control
@@ -25,12 +25,12 @@ Vcs-Git: https://salsa.debian.org/science-team/ompl.git
Homepage: http://ompl.kavrakilab.org
Package: libompl-dev
-Multi-Arch: same
Architecture: any
Section: libdevel
Depends: libompl15 (= ${binary:Version}),
${misc:Depends},
- libboost-dev
+ libboost-dev,
+ libeigen3-dev
Suggests: libode-dev, pkg-config
Description: Open Motion Planning Library (OMPL) development files
The Open Motion Planning Library is a set of sampling-based motion
