Processed: gocode 20150303-3+deb9u2 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 928556 = stretch pending Bug #928556 [release.debian.org] stretch-pu: package gocode/20150303-3+deb9u2 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 928556: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928556 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#935445: dansguardian 2.10.1.1-5.1+deb9u2 flagged for acceptance
package release.debian.org tags 935445 = stretch pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian stretch. Thanks for your contribution! Upload details == Package: dansguardian Version: 2.10.1.1-5.1+deb9u2 Explanation: add support for clamav 0.101
Processed: clamav 0.101.2+dfsg-0+deb9u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 924278 = stretch pending Bug #924278 [release.debian.org] stretch-pu: package clamav/0.101.2+dfsg-0+deb9u1 Ignoring request to alter tags of bug #924278 to the same tags previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 924278: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924278 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: dansguardian 2.10.1.1-5.1+deb9u2 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 935445 = stretch pending Bug #935445 [release.debian.org] stretch-pu: package dansguardian/2.10.1.1-5.1+deb9u2 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 935445: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935445 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#928556: gocode 20150303-3+deb9u2 flagged for acceptance
package release.debian.org tags 928556 = stretch pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian stretch. Thanks for your contribution! Upload details == Package: gocode Version: 20150303-3+deb9u2 Explanation: gocode-auto-complete-el: Make Pre-Depends: auto-complete-el versioned to fix upgrades from jessie to stretch
Bug#924278: clamav 0.101.2+dfsg-0+deb9u1 flagged for acceptance
package release.debian.org tags 924278 = stretch pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian stretch. Thanks for your contribution! Upload details == Package: clamav Version: 0.101.2+dfsg-0+deb9u1 Explanation: new upstream stable release
Processed: Re: Bug#935474: buster-pu: package xymon/4.3.28-5+deb10u1
Processing control commands: > tags -1 + confirmed Bug #935474 [release.debian.org] buster-pu: package xymon/4.3.28-5+deb10u1 Added tag(s) confirmed. -- 935474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935474 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#935473: stretch-pu: package xymon/4.3.28-2+deb9u1
Processing control commands: > tags -1 + confirmed Bug #935473 [release.debian.org] stretch-pu: package xymon/4.3.28-2+deb9u1 Added tag(s) confirmed. -- 935473: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935473 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#935474: buster-pu: package xymon/4.3.28-5+deb10u1
Control: tags -1 + confirmed On Fri, 2019-08-23 at 01:49 +0200, Axel Beckert wrote: > The Debian Security Team decided to not issue a security update for > these CVE IDs: > > * CVE-2019-13451: service overflows histlogfn in history.c. > * CVE-2019-13452: service overflows histlogfn in reportlog.c. > * CVE-2019-13273: srdb overflows dbfn in csvinfo.c. > * CVE-2019-13274: reflected XSS in csvinfo.c. > * CVE-2019-13455: htmlquoted(hostname) overflows msgline in > acknowledge.c. > * CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c. > * CVE-2019-13485: hostname overflows selfurl in history.c. > * CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in > svcstatus.c. > > Hence I propose to do these as a normal stable update. > Please go ahead. Regards, Adam
Bug#935473: stretch-pu: package xymon/4.3.28-2+deb9u1
Control: tags -1 + confirmed On Fri, 2019-08-23 at 01:46 +0200, Axel Beckert wrote: > > The Debian Security Team decided to not issue a security update for > these CVE IDs: > > * CVE-2019-13451: service overflows histlogfn in history.c. > * CVE-2019-13452: service overflows histlogfn in reportlog.c. > * CVE-2019-13273: srdb overflows dbfn in csvinfo.c. > * CVE-2019-13274: reflected XSS in csvinfo.c. > * CVE-2019-13455: htmlquoted(hostname) overflows msgline in > acknowledge.c. > * CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c. > * CVE-2019-13485: hostname overflows selfurl in history.c. > * CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in > svcstatus.c. > > Hence I propose to do these as a normal stable update. > Please go ahead. Regards, Adam
NEW changes in oldstable-new
Processing changes file: resiprocate_1.11.0~beta1-3+deb9u1_armel.changes ACCEPT Processing changes file: resiprocate_1.11.0~beta1-3+deb9u1_armhf.changes ACCEPT
NEW changes in oldstable-new
Processing changes file: resiprocate_1.11.0~beta1-3+deb9u1_arm64.changes ACCEPT Processing changes file: resiprocate_1.11.0~beta1-3+deb9u1_ppc64el.changes ACCEPT
NEW changes in stable-new
Processing changes file: dpdk_18.11.2-2+deb10u1_i386.changes ACCEPT
NEW changes in oldstable-new
Processing changes file: resiprocate_1.11.0~beta1-3+deb9u1_amd64.changes ACCEPT Processing changes file: resiprocate_1.11.0~beta1-3+deb9u1_i386.changes ACCEPT Processing changes file: resiprocate_1.11.0~beta1-3+deb9u1_s390x.changes ACCEPT
NEW changes in stable-new
Processing changes file: dbconfig-common_2.0.11+deb10u1_all.changes ACCEPT Processing changes file: dpdk_18.11.2-2+deb10u1_amd64.changes ACCEPT Processing changes file: dpdk_18.11.2-2+deb10u1_arm64.changes ACCEPT Processing changes file: dpdk_18.11.2-2+deb10u1_armhf.changes ACCEPT Processing changes file: dpdk_18.11.2-2+deb10u1_ppc64el.changes ACCEPT
NEW changes in stable-new
Processing changes file: dpdk_18.11.2-2+deb10u1_all.changes ACCEPT
Processed: Bug#935481: stretch-pu: package basez/1.6-3+deb9u1
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > retitle 935481 stretch-pu: package basez/1.6-3+deb9u1 Bug #935481 [release.debian.org] stretch-pu: package basez/1.6-3 Changed Bug title to 'stretch-pu: package basez/1.6-3+deb9u1' from 'stretch-pu: package basez/1.6-3'. > thanks Stopping processing here. Please contact me if you need assistance. -- 935481: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935481 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#935481: stretch-pu: package basez/1.6-3
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Hi Stable Release Managers,
The basez version released in stretch is affected by bug #931041 and is
consequently not properly decoding base64url stream. This bug has been
fixed in sid, testing and buster-pu. I'm about to upload fixed
basez/1.6-3+deb9u1 package for stretch. See attached debdiff.
Milan
diff -Nru basez-1.6/debian/changelog basez-1.6/debian/changelog
--- basez-1.6/debian/changelog 2016-10-27 09:33:37.0 -0400
+++ basez-1.6/debian/changelog 2019-08-22 22:07:39.0 -0400
@@ -1,3 +1,9 @@
+basez (1.6-3+deb9u1) stretch; urgency=medium
+
+ * Properly decode base64url encoded strings (closes: #931041)
+
+ -- Milan Kupcevic Thu, 22 Aug 2019 22:07:39 -0400
+
basez (1.6-3) unstable; urgency=medium
* Remove configure getconf libs.
diff -Nru basez-1.6/debian/patches/base64url-decode-bug-931041
basez-1.6/debian/patches/base64url-decode-bug-931041
--- basez-1.6/debian/patches/base64url-decode-bug-9310411969-12-31
19:00:00.0 -0500
+++ basez-1.6/debian/patches/base64url-decode-bug-9310412019-08-03
23:29:13.0 -0400
@@ -0,0 +1,16 @@
+Description: properly decode base64url encoded strings
+Author: Milan Kupcevic
+Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931041
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/base64.c
b/base64.c
+@@ -188,7 +188,7 @@
+ bout[0] = bout[0] | c[bin[1]] >> 4;
+ }
+
+- switch(c64d[bin[2]])
++ switch(c[bin[2]])
+ {
+ case 0xfe:
+ if(bin[3] == '=')
diff -Nru basez-1.6/debian/patches/series basez-1.6/debian/patches/series
--- basez-1.6/debian/patches/series 1969-12-31 19:00:00.0 -0500
+++ basez-1.6/debian/patches/series 2019-08-03 22:15:31.0 -0400
@@ -0,0 +1 @@
+base64url-decode-bug-931041
Bug#935480: buster-pu: package initramfs-tools/0.133+deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
* Fix a regression that leads to a 30 second delay at boot if certain
types of swap device are used (#916696).
* Fix a confusing boot progress message on systems using plymouth in text
mode, which is currently the default (#928736).
* Fix a regression that prevents building an initramfs on systems using
fsprotect (#928689).
* Fix lsinitramfs and unmkinitramfs when using lz4 compression (#930366).
* Fix outdated text in the update-initramfs manual page (#930366).
* Fix warning when building an initramfs using bzip2 or lzma compression
(#930754).
* Include drivers needed for booting on some Chromebook models.
Ben.
diff -Nru initramfs-tools-0.133/debian/changelog
initramfs-tools-0.133+deb10u1/debian/changelog
--- initramfs-tools-0.133/debian/changelog 2019-02-06 20:13:59.0
+
+++ initramfs-tools-0.133+deb10u1/debian/changelog 2019-08-23
02:16:37.0 +0100
@@ -1,3 +1,30 @@
+initramfs-tools (0.133+deb10u1) buster; urgency=medium
+
+ [ Ben Hutchings ]
+ * [998371a] hooks/resume: Disable resume when there are no suitable swap
+devices. Thanks to Trek (Closes: #916696)
+ * [d653197] hook-functions: Include all keyboard driver modules when
+MODULES=most. Thanks to Alper Nebi Yasak
+ * [5681ccb] hook-functions: Include cros_ec_spi and SPI drivers when
+MODULES=most. Thanks to Alper Nebi Yasak
+ * [8d62542] resume: Set plymouth status only if there is a suspend image
+(Closes: #928736)
+ * [073586a] hook-functions: Fix copy_file with target of "/bin"
+(Closes: #928689)
+ * [a78d9a5] unmkinitramfs: Work around lz4cat filename check.
+Thanks to Dimitri John Ledkov (Closes: #930366)
+ * [48a35de] update-initramfs(8): Update description of "-k all" option
+
+ [ Alper Nebi Yasak ]
+ * [1abb6f6] hook-functions: Include extcon-usbc-cros-ec when MODULES=most
+ * [db6d4e2] hook-functions: Include extcon drivers when MODULES=dep
+
+ [ Uwe Kleine-König ]
+ * [360fb48] mkinitramfs: suppress warning when using bzip2 or lzma
+(Closes: #930754)
+
+ -- Ben Hutchings Fri, 23 Aug 2019 02:16:37 +0100
+
initramfs-tools (0.133) unstable; urgency=medium
[ Ben Hutchings ]
diff -Nru initramfs-tools-0.133/hook-functions
initramfs-tools-0.133+deb10u1/hook-functions
--- initramfs-tools-0.133/hook-functions2019-02-06 03:48:49.0
+
+++ initramfs-tools-0.133+deb10u1/hook-functions2019-08-23
02:11:27.0 +0100
@@ -124,15 +124,15 @@
[ -f "${src}" ] || return 2
+ if [ -d "${DESTDIR}/${target}" ]; then
+ target="${target}/${src##*/}"
+ fi
+
# Canonicalise usr-merged target directories
case "${target}" in
/bin/* | /lib* | /sbin/*) target="/usr${target}" ;;
esac
- if [ -d "${DESTDIR}/${target}" ]; then
- target="${target}/${src##*/}"
- fi
-
# check if already copied
[ -e "${DESTDIR}/${target}" ] && return 1
@@ -449,7 +449,7 @@
fi
# sys walk some important device classes
- for class in gpio phy regulator rtc; do
+ for class in extcon gpio phy regulator rtc; do
for device in "/sys/class/$class"/*; do
device="$(readlink -f "$device")" \
&& sys_walk_mod_add "$device"
@@ -538,15 +538,17 @@
copy_modules_dir kernel/drivers/usb/musb
copy_modules_dir kernel/drivers/usb/renesas_usbhs
# and any extcon drivers for USB
- modules="$modules extcon-usb-gpio"
+ modules="$modules extcon-usb-gpio extcon-usbc-cros-ec"
# Add the axp20x_usb_power power supply driver,
# required to initialize the USB host controllers
# on a number of armhf systems
modules="$modules axp20x_usb_power"
- # Include all HID drivers unless we're sure they
- # don't support keyboards. hid-*ff covers various
- # game controllers with force feedback.
+ # Include all keyboard drivers and all HID drivers
+ # unless we're sure they don't support keyboards.
+ # hid-*ff covers various game controllers with
+ # force feedback.
+ copy_modules_dir kernel/drivers/input/keyboard
copy_modules_dir kernel/drivers/hid \
'hid-*ff.ko' hid-a4tech.ko hid-cypress.ko \
hid-dr.ko hid-elecom.ko hid-gyration.ko \
@@ -560,6 +562,8 @@
hid-speedlink.ko hid-tivo.ko hid-twinhan.ko \
hid-uclogic.ko hid-wacom.ko hid-waltop.ko \
Bug#935479: buster-pu: package firmware-nonfree/20190114-2
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu * Fix a longstanding bug that affects use of plymouth on systems with AMD GPUs (#928510). Depending on the order of package installation, the initramfs might include the graphics driver but not firmware, resulting in the driver loading but not working. Since plymouth is now installed by default as part of the "desktop" task, this affects many users. The fix is to trigger an initramfs build on installation of firmware-amd-graphics, as was already done from most packages containing firmware that might be needed in the initramfs. * When I reviewed which of the binary packages did this, I noticed that firmware-cavium and firmware-netronome should also do so in case they are used for net-booting. I applied the same fix to them. * Revert an update to the QCA9377 firmware which seems to be incompatible with older kernel versions (#919632), and add a new version with a different filename that is preferred by the driver in Linux 4.19 (#903437, #919632, #927917). * Add several new firmware files requested by drivers in Linux 4.19 (#919452, #928672). Ben. diff -Nru firmware-nonfree-20190114/debian/changelog firmware-nonfree-20190114/debian/changelog --- firmware-nonfree-20190114/debian/changelog 2019-01-15 22:51:01.0 + +++ firmware-nonfree-20190114/debian/changelog 2019-08-23 02:04:48.0 +0100 @@ -1,3 +1,25 @@ +firmware-nonfree (20190114-2) buster; urgency=medium + + [ Ben Hutchings ] + * Update to linux-support 4.19.0-5 + * amd-graphics: Trigger update-initramfs when installed (Closes: #928510) + * cavium, netronome: Trigger update-initramfs when installed + * atheros: Add Qualcomm Atheros QCA9377 rev 1.0 firmware version +WLAN.TF.2.1-00021-QCARMSWP-1 (Closes: #903437, #919632, #927917) + * realtek: Add Realtek RTL8822CU Bluetooth firmware + * atheros: Revert change of QCA9377 rev 1.0 firmware in 20180518-1 +(Closes: #919632) + + [ Raphaël Hertzog ] + * misc-nonfree: Add firmware for MediaTek MT76x0/MT76x2u wireless chips +(Closes: #919452) + * misc-nonfree: Add firmware for MediaTek MT7622/MT7668 bluetooth chips + + [ Romain Perier ] + * misc-nonfree: Add GV100 signed firmware (Closes: #928672) + + -- Ben Hutchings Fri, 23 Aug 2019 02:04:48 +0100 + firmware-nonfree (20190114-1) unstable; urgency=medium [ Romain Perier ] diff -Nru firmware-nonfree-20190114/debian/config/amd-graphics/defines firmware-nonfree-20190114/debian/config/amd-graphics/defines --- firmware-nonfree-20190114/debian/config/amd-graphics/defines 2019-01-15 22:37:03.0 + +++ firmware-nonfree-20190114/debian/config/amd-graphics/defines 2019-07-28 19:45:53.0 +0100 @@ -529,6 +529,7 @@ radeon/verde_rlc.bin radeon/VERDE_smc.bin radeon/verde_smc.bin +support: initramfs-tools [amdgpu/banks_k_2_smc.bin_base] desc: "Banks" K-2 SMC microcode Binary files /var/tmp/5WQFaKfizp/firmware-nonfree-20190114/debian/config/atheros/ath10k/QCA9377/hw1.0/firmware-5.bin and /var/tmp/GBKOxvr1XD/firmware-nonfree-20190114/debian/config/atheros/ath10k/QCA9377/hw1.0/firmware-5.bin differ diff -Nru firmware-nonfree-20190114/debian/config/atheros/defines firmware-nonfree-20190114/debian/config/atheros/defines --- firmware-nonfree-20190114/debian/config/atheros/defines 2019-01-15 02:02:27.0 + +++ firmware-nonfree-20190114/debian/config/atheros/defines 2019-07-28 19:49:52.0 +0100 @@ -35,6 +35,7 @@ ath10k/QCA9377/hw1.0/board.bin ath10k/QCA9377/hw1.0/board-2.bin ath10k/QCA9377/hw1.0/firmware-5.bin + ath10k/QCA9377/hw1.0/firmware-6.bin ath10k/QCA9887/hw1.0/board.bin ath10k/QCA9887/hw1.0/firmware-5.bin ath10k/QCA9888/hw2.0/board-2.bin @@ -211,7 +212,11 @@ [ath10k/QCA9377/hw1.0/firmware-5.bin_base] desc: Qualcomm Atheros QCA9377 rev 1.0 firmware -version: WLAN.TF.1.0-2-QCATFSWPZ-5 +version: WLAN.TF.1.0-00267-1 + +[ath10k/QCA9377/hw1.0/firmware-6.bin_base] +desc: Qualcomm Atheros QCA9377 rev 1.0 firmware +version: WLAN.TF.2.1-00021-QCARMSWP-1 [ath10k/QCA9887/hw1.0/board.bin_base] desc: Qualcomm Atheros QCA9887 rev 1.0 board configuration diff -Nru firmware-nonfree-20190114/debian/config/cavium/defines firmware-nonfree-20190114/debian/config/cavium/defines --- firmware-nonfree-20190114/debian/config/cavium/defines 2019-01-15 02:02:27.0 + +++ firmware-nonfree-20190114/debian/config/cavium/defines 2019-07-28 19:20:32.0 +0100 @@ -8,6 +8,7 @@ liquidio/lio_410nv_nic.bin longdesc: Cavium crypto and Ethernet adapters supported by the nitrox and liquidio drivers +support: initramfs-tools [cavium/cnn55xx_se.fw_base] desc: Cavium CNN55XX firmware diff -Nru firmware-nonfree-20190114/debian/config/misc-nonfree/defines firmware-nonfree-20190114/debian/config/misc-nonfree/defines --- firmware-nonfree-20190114/debian/config/misc-nonfree/defines
Bug#935473: stretch-pu: package xymon/4.3.28-2+deb9u1
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Hi,
The Debian Security Team decided to not issue a security update for
these CVE IDs:
* CVE-2019-13451: service overflows histlogfn in history.c.
* CVE-2019-13452: service overflows histlogfn in reportlog.c.
* CVE-2019-13273: srdb overflows dbfn in csvinfo.c.
* CVE-2019-13274: reflected XSS in csvinfo.c.
* CVE-2019-13455: htmlquoted(hostname) overflows msgline in
acknowledge.c.
* CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c.
* CVE-2019-13485: hostname overflows selfurl in history.c.
* CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in
svcstatus.c.
Hence I propose to do these as a normal stable update.
Full source debdiff:
diff -Nru xymon-4.3.28/debian/changelog xymon-4.3.28/debian/changelog
--- xymon-4.3.28/debian/changelog 2017-03-03 23:18:20.0 +0100
+++ xymon-4.3.28/debian/changelog 2019-08-23 01:09:07.0 +0200
@@ -1,3 +1,22 @@
+xymon (4.3.28-2+deb9u1) stretch; urgency=high
+
+ * Apply minimal upstream security patch to fix several (server-only)
+vulnerabilities reported upstream by Graham Rymer:
++ CVE-2019-13451: service overflows histlogfn in history.c.
++ CVE-2019-13452: service overflows histlogfn in reportlog.c.
++ CVE-2019-13273: srdb overflows dbfn in csvinfo.c.
++ CVE-2019-13274: reflected XSS in csvinfo.c.
++ CVE-2019-13455: htmlquoted(hostname) overflows msgline in
+ acknowledge.c.
++ CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c.
++ CVE-2019-13485: hostname overflows selfurl in history.c.
++ CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in
+ svcstatus.c.
++ Closes: #935470
+ * Include hostname validation regression fixes from 4.3.30, too.
+
+ -- Axel Beckert Fri, 23 Aug 2019 01:09:07 +0200
+
xymon (4.3.28-2) unstable; urgency=low
* xymon-client: Add dependency on net-tools. (Closes: #856315)
diff -Nru xymon-4.3.28/debian/patches/91_4.3.29-CVEs.patch
xymon-4.3.28/debian/patches/91_4.3.29-CVEs.patch
--- xymon-4.3.28/debian/patches/91_4.3.29-CVEs.patch1970-01-01
01:00:00.0 +0100
+++ xymon-4.3.28/debian/patches/91_4.3.29-CVEs.patch2019-08-23
01:07:05.0 +0200
@@ -0,0 +1,760 @@
+Description: Isolated CVE Patchset
+ history.c (service overflows histlogfn) = CVE-2019-13451
+ reportlog.c (service overflows histlogfn) = CVE-2019-13452
+ csvinfo.c (srdb overflows dbfn) = CVE-2019-13273
+ csvinfo.c (reflected XSS) = CVE-2019-13274
+ acknowledge.c (htmlquoted(hostname) overflows msgline) = CVE-2019-13455
+
+ appfeed.c (htmlquoted(xymondreq) overflows errtxt) = CVE-2019-13484
+ history.c (hostname overflows selfurl) = CVE-2019-13485
+ svcstatus.c (htmlquoted(xymondreq) overflows errtxt) = CVE-2019-13486
+
+ Includes hostname validation regression fixes from 4.3.30.
+Author: Japheth Cleaver
+Bug-Debian: https://bugs.debian.org/935470
+
+Index: xymon/lib/strfunc.h
+===
+--- xymon/lib/strfunc.h(revision 8059)
xymon/lib/strfunc.h(working copy)
+@@ -29,5 +29,14 @@
+ extern char *prehtmlquoted(char *s);
+ extern strbuffer_t *replacetext(char *original, char *oldtext, char *newtext);
+
++#define SBUF_DEFINE(NAME) char *NAME = NULL; size_t NAME##_buflen = 0;
++#define STATIC_SBUF_DEFINE(NAME) static char *NAME = NULL; static size_t
NAME##_buflen = 0;
++#define SBUF_MALLOC(NAME, LEN) { NAME##_buflen = (LEN); NAME = (char
*)malloc((LEN)+1); }
++#define SBUF_CALLOC(NAME, NMEMB, LEN) { NAME##_buflen = (LEN); NAME = (char
*)calloc(NMEMB, (LEN)+1); }
++#define SBUF_REALLOC(NAME, LEN) { NAME##_buflen = (LEN); NAME = (char
*)realloc(NAME, (LEN)+1); }
++
++/* How much can a string expand when htmlquoted? ' ' --> '' */
++#define MAX_HTMLQUOTE_FACTOR 6
++
+ #endif
+
+Index: xymon/web/csvinfo.c
+===
+--- xymon/web/csvinfo.c(revision 8059)
xymon/web/csvinfo.c(working copy)
+@@ -123,12 +123,13 @@
+ return 1;
+ }
+
+- sprintf(dbfn, "%s/etc/%s", xgetenv("XYMONHOME"), srcdb);
++ snprintf(dbfn, sizeof(dbfn), "%s/etc/%s", xgetenv("XYMONHOME"), srcdb);
+ db = fopen(dbfn, "r");
+ if (db == NULL) {
+- char msg[PATH_MAX];
++ SBUF_DEFINE(msg);
+
+- sprintf(msg, "Cannot open sourcedb %s\n", dbfn);
++ SBUF_MALLOC(msg, 30+strlen(htmlquoted(dbfn)));
++ snprintf(msg, msg_buflen, "Cannot open sourcedb %s\n",
htmlquoted(dbfn));
+ errormsg(msg);
+ return 1;
+ }
+Index: xymon/web/svcstatus.c
+===
+--- xymon/web/svcstatus.c (revision 8059)
xymon/web/svcstatus.c (working copy)
+@@ -31,7 +31,7 @@
+ /*
Bug#935474: buster-pu: package xymon/4.3.28-5+deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Hi,
The Debian Security Team decided to not issue a security update for
these CVE IDs:
* CVE-2019-13451: service overflows histlogfn in history.c.
* CVE-2019-13452: service overflows histlogfn in reportlog.c.
* CVE-2019-13273: srdb overflows dbfn in csvinfo.c.
* CVE-2019-13274: reflected XSS in csvinfo.c.
* CVE-2019-13455: htmlquoted(hostname) overflows msgline in
acknowledge.c.
* CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c.
* CVE-2019-13485: hostname overflows selfurl in history.c.
* CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in
svcstatus.c.
Hence I propose to do these as a normal stable update.
Full source debdiff:
diff -Nru xymon-4.3.28/debian/changelog xymon-4.3.28/debian/changelog
--- xymon-4.3.28/debian/changelog 2019-03-18 01:28:51.0 +0100
+++ xymon-4.3.28/debian/changelog 2019-08-23 01:07:47.0 +0200
@@ -1,3 +1,22 @@
+xymon (4.3.28-5+deb10u1) buster; urgency=high
+
+ * Apply minimal upstream security patch to fix several (server-only)
+vulnerabilities reported upstream by Graham Rymer:
++ CVE-2019-13451: service overflows histlogfn in history.c.
++ CVE-2019-13452: service overflows histlogfn in reportlog.c.
++ CVE-2019-13273: srdb overflows dbfn in csvinfo.c.
++ CVE-2019-13274: reflected XSS in csvinfo.c.
++ CVE-2019-13455: htmlquoted(hostname) overflows msgline in
+ acknowledge.c.
++ CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c.
++ CVE-2019-13485: hostname overflows selfurl in history.c.
++ CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in
+ svcstatus.c.
++ Closes: #935470
+ * Include hostname validation regression fixes from 4.3.30, too.
+
+ -- Axel Beckert Fri, 23 Aug 2019 01:07:47 +0200
+
xymon (4.3.28-5) unstable; urgency=medium
* xymon.postinst: Check for file existence before calling chgrp/chmod on
diff -Nru xymon-4.3.28/debian/patches/91_4.3.29-CVEs.patch
xymon-4.3.28/debian/patches/91_4.3.29-CVEs.patch
--- xymon-4.3.28/debian/patches/91_4.3.29-CVEs.patch1970-01-01
01:00:00.0 +0100
+++ xymon-4.3.28/debian/patches/91_4.3.29-CVEs.patch2019-08-23
01:07:05.0 +0200
@@ -0,0 +1,760 @@
+Description: Isolated CVE Patchset
+ history.c (service overflows histlogfn) = CVE-2019-13451
+ reportlog.c (service overflows histlogfn) = CVE-2019-13452
+ csvinfo.c (srdb overflows dbfn) = CVE-2019-13273
+ csvinfo.c (reflected XSS) = CVE-2019-13274
+ acknowledge.c (htmlquoted(hostname) overflows msgline) = CVE-2019-13455
+
+ appfeed.c (htmlquoted(xymondreq) overflows errtxt) = CVE-2019-13484
+ history.c (hostname overflows selfurl) = CVE-2019-13485
+ svcstatus.c (htmlquoted(xymondreq) overflows errtxt) = CVE-2019-13486
+
+ Includes hostname validation regression fixes from 4.3.30.
+Author: Japheth Cleaver
+Bug-Debian: https://bugs.debian.org/935470
+
+Index: xymon/lib/strfunc.h
+===
+--- xymon/lib/strfunc.h(revision 8059)
xymon/lib/strfunc.h(working copy)
+@@ -29,5 +29,14 @@
+ extern char *prehtmlquoted(char *s);
+ extern strbuffer_t *replacetext(char *original, char *oldtext, char *newtext);
+
++#define SBUF_DEFINE(NAME) char *NAME = NULL; size_t NAME##_buflen = 0;
++#define STATIC_SBUF_DEFINE(NAME) static char *NAME = NULL; static size_t
NAME##_buflen = 0;
++#define SBUF_MALLOC(NAME, LEN) { NAME##_buflen = (LEN); NAME = (char
*)malloc((LEN)+1); }
++#define SBUF_CALLOC(NAME, NMEMB, LEN) { NAME##_buflen = (LEN); NAME = (char
*)calloc(NMEMB, (LEN)+1); }
++#define SBUF_REALLOC(NAME, LEN) { NAME##_buflen = (LEN); NAME = (char
*)realloc(NAME, (LEN)+1); }
++
++/* How much can a string expand when htmlquoted? ' ' --> '' */
++#define MAX_HTMLQUOTE_FACTOR 6
++
+ #endif
+
+Index: xymon/web/csvinfo.c
+===
+--- xymon/web/csvinfo.c(revision 8059)
xymon/web/csvinfo.c(working copy)
+@@ -123,12 +123,13 @@
+ return 1;
+ }
+
+- sprintf(dbfn, "%s/etc/%s", xgetenv("XYMONHOME"), srcdb);
++ snprintf(dbfn, sizeof(dbfn), "%s/etc/%s", xgetenv("XYMONHOME"), srcdb);
+ db = fopen(dbfn, "r");
+ if (db == NULL) {
+- char msg[PATH_MAX];
++ SBUF_DEFINE(msg);
+
+- sprintf(msg, "Cannot open sourcedb %s\n", dbfn);
++ SBUF_MALLOC(msg, 30+strlen(htmlquoted(dbfn)));
++ snprintf(msg, msg_buflen, "Cannot open sourcedb %s\n",
htmlquoted(dbfn));
+ errormsg(msg);
+ return 1;
+ }
+Index: xymon/web/svcstatus.c
+===
+--- xymon/web/svcstatus.c (revision 8059)
xymon/web/svcstatus.c (working copy)
+@@ -31,7 +31,7 @@
+
NEW changes in oldstable-new
Processing changes file: resiprocate_1.11.0~beta1-3+deb9u1_source.changes ACCEPT
NEW changes in stable-new
Processing changes file: dbconfig-common_2.0.11+deb10u1_source.changes ACCEPT Processing changes file: dpdk_18.11.2-2+deb10u1_source.changes ACCEPT Processing changes file: linux_4.19.67-1_armel.changes ACCEPT
Processed: resiprocate 1.11.0~beta1-3+deb9u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 928271 = stretch pending Bug #928271 [release.debian.org] stretch-pu: package resiprocate/1.11.0~beta1-3+deb9u1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 928271: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928271 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: dbconfig-common 2.0.11+deb10u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 935411 = buster pending Bug #935411 [release.debian.org] buster-pu: package dbconfig-common/2.0.11+deb10u1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 935411: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935411 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: dpdk 18.11.2-2+deb10u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 934308 = buster pending Bug #934308 [release.debian.org] buster-pu: package dpdk/18.11.2-2+deb10u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 934308: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934308 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#935411: dbconfig-common 2.0.11+deb10u1 flagged for acceptance
package release.debian.org tags 935411 = buster pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster. Thanks for your contribution! Upload details == Package: dbconfig-common Version: 2.0.11+deb10u1 Explanation: fix issue caused by change in bash POSIX behaviour
Bug#928271: resiprocate 1.11.0~beta1-3+deb9u1 flagged for acceptance
package release.debian.org tags 928271 = stretch pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian stretch. Thanks for your contribution! Upload details == Package: resiprocate Version: 1.11.0~beta1-3+deb9u1 Explanation: resolve an installation issue with libssl-dev and --install-recommends
Bug#934308: dpdk 18.11.2-2+deb10u1 flagged for acceptance
package release.debian.org tags 934308 = buster pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster. Thanks for your contribution! Upload details == Package: dpdk Version: 18.11.2-2+deb10u1 Explanation: new upstream stable release
Bug#935465: buster-pu: package jython/2.7.1+repack1-4~deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
jython/buster introduces a strictly versioned java dependency, which
causes problems on some upgrade paths from stretch. (#924283, #934111)
This problem originates from the dependency cycle (#929685) between
ca-certificates-java,default-jre-headless,openjdk-11-jre-headless
which has not been solved in sid, yet (and has been in several stable
releases already).
The cycle gets broken in a way that jython gets configured
successfully but jython-stilts gets configured subsequently and
fails because the system is in a state where openjdk-8-jre-headless
is still active (because openjdk-11-jre-headless is not yet
configured), but default-jre-headless/buster is already configured.
jython-stilts calls jython which fails because bytecode compiled for
java-9+ is getting executed with java-8.
This problem does not show up in other packages, since none adds
incompatibility with the java in stretch.
This was fixed in sid by building jython with backwards compatibility
with the java in stretch, s.t. it does not matter which java version is
run during the upgrade.
I've tested the failing upgrade path in piuparts and can confirm that
the proposed package successfully works around the issues.
Andreas
diff -Nru jython-2.7.1+repack1/debian/changelog
jython-2.7.1+repack1/debian/changelog
--- jython-2.7.1+repack1/debian/changelog 2019-05-04 18:16:46.0
+0200
+++ jython-2.7.1+repack1/debian/changelog 2019-08-13 13:21:55.0
+0200
@@ -1,3 +1,17 @@
+jython (2.7.1+repack1-4~deb10u1) buster; urgency=medium
+
+ * Rebuild for buster.
+
+ -- Andreas Beckmann Tue, 13 Aug 2019 13:21:55 +0200
+
+jython (2.7.1+repack1-4) unstable; urgency=medium
+
+ * Team upload.
+ * Preserve the backward compatibility with Java 7 (Closes: #934111)
+ * Adjusted the Vcs-* fields
+
+ -- Emmanuel Bourg Thu, 08 Aug 2019 10:11:23 +0200
+
jython (2.7.1+repack1-3) unstable; urgency=medium
* Improve previous fix with default-jre-headless (>= 2:1.9), thanks to
diff -Nru jython-2.7.1+repack1/debian/control
jython-2.7.1+repack1/debian/control
--- jython-2.7.1+repack1/debian/control 2019-05-04 18:14:46.0 +0200
+++ jython-2.7.1+repack1/debian/control 2019-08-08 10:04:43.0 +0200
@@ -25,14 +25,14 @@
libicu4j-java,
libnetty-java
Standards-Version: 4.2.1
-Vcs-Git: https://salsa.debian.org/java-team/jython
-Vcs-Browser: https://salsa.debian.org/java-team/jython.git
+Vcs-Git: https://salsa.debian.org/java-team/jython.git
+Vcs-Browser: https://salsa.debian.org/java-team/jython
Homepage: http://www.jython.org
Package: jython
Architecture: all
Depends: ${misc:Depends}, ${perl:Depends}, ${python:Depends}, ${java:Depends},
- default-jre-headless (>= 2:1.9) | java9-runtime-headless,
+ default-jre-headless (>= 2:1.7) | java7-runtime-headless,
Recommends: default-jdk | java-compiler
Suggests: jython-doc, libmariadb-java, libpostgresql-jdbc-java
Description: Python seamlessly integrated with Java
diff -Nru
jython-2.7.1+repack1/debian/patches/08-java-backward-compatibility.patch
jython-2.7.1+repack1/debian/patches/08-java-backward-compatibility.patch
--- jython-2.7.1+repack1/debian/patches/08-java-backward-compatibility.patch
1970-01-01 01:00:00.0 +0100
+++ jython-2.7.1+repack1/debian/patches/08-java-backward-compatibility.patch
2019-08-08 10:08:43.0 +0200
@@ -0,0 +1,45 @@
+Description: Preserves the backward compatibility with previous Java versions
when built with Java 11+
+Author: Emmanuel Bourg
+Forwarded: not
+--- a/build.xml
b/build.xml
+@@ -436,6 +436,7 @@
+ destdir="${compile.dir}"
+ target="${jdk.target.version}"
+ source="${jdk.source.version}"
++release="${jdk.target.version}"
+ debug="${debug}"
+ deprecation="${deprecation}"
+ nowarn="${nowarn}">
+@@ -483,6 +484,7 @@
+
+@@ -513,6 +516,7 @@
+destdir="${compile.dir}"
+target="${jdk.target.version}"
+source="${jdk.source.version}"
++ release="${jdk.target.version}"
+debug="${debug}"
+deprecation="${deprecation}"
+nowarn="${nowarn}"
+@@ -882,6 +886,7 @@
+destdir="${compile.dir}"
+target="${jdk.target.version}"
+source="${jdk.source.version}"
++ release="${jdk.target.version}"
+debug="${debug}"
+deprecation="${deprecation}"
+nowarn="${nowarn}"
diff -Nru jython-2.7.1+repack1/debian/patches/series
jython-2.7.1+repack1/debian/patches/series
--- jython-2.7.1+repack1/debian/patches/series 2019-01-12 19:49:41.0
+0100
+++ jython-2.7.1+repack1/debian/patches/series 2019-08-08 09:49:44.0
+0200
@@ -4,3 +4,4 @@
05-no-com.carrotsearch.sizeof.patch
Bug#935265: buster-pu: package gnome-control-center/1:3.30.3-2~deb10u1
Control: tags -1 +confirmed -moreinfo On Thu, 2019-08-22 at 14:06 +0100, Simon McVittie wrote: > On Thu, 22 Aug 2019 at 12:14:56 +0100, Adam D. Barratt wrote: > > On 2019-08-21 09:56, Simon McVittie wrote: > > > I updated gnome-control-center in unstable a few weeks ago, and I > > > think the same changes would make sense in buster. > > > > > > > * d/patches: Update to upstream gnome-3-30 commit 3.30.3-7- > > > > gf41ae4269 > > > > Does this want to go together with the gnome-shell and mutter > > updates, or can we handle this one separately? > > I think this one can be orthogonal: gnome-control-center isn't in the > same process as gnome-shell and mutter, so it isn't so closely > related. OK. In that case, please go ahead. Regards, Adam
Processed: Re: Bug#935265: buster-pu: package gnome-control-center/1:3.30.3-2~deb10u1
Processing control commands: > tags -1 +confirmed -moreinfo Bug #935265 [release.debian.org] buster-pu: package gnome-control-center/1:3.30.3-2~deb10u1 Added tag(s) confirmed. Bug #935265 [release.debian.org] buster-pu: package gnome-control-center/1:3.30.3-2~deb10u1 Removed tag(s) moreinfo. -- 935265: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935265 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#935460: stretch-pu: package sox/14.4.1-5+deb9u2
On Thu, Aug 22, 2019 at 10:07:51PM +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Thu, 2019-08-22 at 22:56 +0200, Moritz Muehlenhoff wrote: > > Attached debdiff fixes a number of bugs in sox. These have been in > > jessie for a while already (Stretch and Jessie have the same base > > version as the package was unmaintained for a while) and I've ran > > some of the POCs on > > the Stretch build. Debdiff below. > > > > Please go ahead. Thanks, uploaded. Cheers, Moritz
Bug#935460: stretch-pu: package sox/14.4.1-5+deb9u2
Control: tags -1 + confirmed On Thu, 2019-08-22 at 22:56 +0200, Moritz Muehlenhoff wrote: > Attached debdiff fixes a number of bugs in sox. These have been in > jessie for a while already (Stretch and Jessie have the same base > version as the package was unmaintained for a while) and I've ran > some of the POCs on > the Stretch build. Debdiff below. > Please go ahead. Regards, Adam
Processed: Re: Bug#935460: stretch-pu: package sox/14.4.1-5+deb9u2
Processing control commands: > tags -1 + confirmed Bug #935460 [release.debian.org] stretch-pu: package sox/14.4.1-5+deb9u2 Added tag(s) confirmed. -- 935460: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935460 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#934684: marked as done (nmu: tellico_3.2.1-1)
Your message dated Thu, 22 Aug 2019 21:59:40 +0100 with message-id <151fa94236f81c110de779ed4e53450b4540d17a.ca...@adam-barratt.org.uk> and subject line Re: Bug#934684: nmu: tellico_3.2.1-1 has caused the Debian Bug report #934684, regarding nmu: tellico_3.2.1-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 934684: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934684 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu tellico_3.2.1-1 . ANY . unstable . -m "rebuild against libbtparse2" dw tellico_3.2.1-1 . ANY . -m libbtparse2 -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- On Tue, 2019-08-13 at 08:31 -0300, David Bremner wrote: > nmu tellico_3.2.1-1 . ANY . unstable . -m "rebuild against > libbtparse2" > dw tellico_3.2.1-1 . ANY . -m libbtparse2 > Scheduled. Regards, Adam--- End Message ---
Bug#933605: marked as done (nmu: pmdk-convert_1.5.1-1)
Your message dated Thu, 22 Aug 2019 21:58:18 +0100 with message-id and subject line Re: Bug#933605: nmu: pmdk-convert_1.5.1-1 has caused the Debian Bug report #933605, regarding nmu: pmdk-convert_1.5.1-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 933605: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933605 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hi! Because of the new "binary upload needed for NEW but banned for migration", the package is stuck in unstable. Please rebuild. I uploaded with arm64 as a sacrificial arch with no build log for the same reason as the new rule is for, but since the rule is mandatory, please: nmu pmdk-convert_1.5.1-1 . arm64 . unstable . -m "Rebuild on a buildd." Meow! -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: arm64 (aarch64) Kernel: Linux 4.4.167-1213-rockchip-ayufan-g34ae07687fce (SMP w/6 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) --- End Message --- --- Begin Message --- On Thu, 2019-08-01 at 02:03 +0200, Adam Borowski wrote: > Because of the new "binary upload needed for NEW but banned for > migration", > the package is stuck in unstable. Please rebuild. > > I uploaded with arm64 as a sacrificial arch with no build log for the > same > reason as the new rule is for, but since the rule is mandatory, > please: > > nmu pmdk-convert_1.5.1-1 . arm64 . unstable . -m "Rebuild on a > buildd." > Scheduled. Regards, Adam--- End Message ---
Bug#933601: marked as done (nmu: qtstyleplugins-src_5.0.0+git23.g335dbec-3)
Your message dated Thu, 22 Aug 2019 21:57:30 +0100 with message-id <03d92d0733942db3f0f5d5af334a782f703402cd.ca...@adam-barratt.org.uk> and subject line Re: Bug#933601: nmu: qtstyleplugins-src_5.0.0+git23.g335dbec-3 has caused the Debian Bug report #933601, regarding nmu: qtstyleplugins-src_5.0.0+git23.g335dbec-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 933601: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933601 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hi! It seems that the package had a binary upload, so now a binNMU would be required for it to migrate. nmu qtstyleplugins-src_5.0.0+git23.g335dbec-3 . amd64 . unstable . -m "Rebuild to allow migration / binary uploaded by maintainer" -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'buildd-unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, arm64, armhf Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8), LANGUAGE=es_AR:es (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- On Wed, 2019-07-31 at 19:04 -0300, Lisandro Damián Nicanor Pérez Meyer wrote: > Hi! It seems that the package had a binary upload, so now a binNMU > would be > required for it to migrate. > > nmu qtstyleplugins-src_5.0.0+git23.g335dbec-3 . amd64 . unstable . -m > "Rebuild to allow migration / binary uploaded by maintainer" > Scheduled. Regards, Adam--- End Message ---
Bug#935460: stretch-pu: package sox/14.4.1-5+deb9u2
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Attached debdiff fixes a number of bugs in sox. These have been in jessie
for a while already (Stretch and Jessie have the same base version as the
package was unmaintained for a while) and I've ran some of the POCs on
the Stretch build. Debdiff below.
Cheers,
Moritz
diff -Nru sox-14.4.1/debian/changelog sox-14.4.1/debian/changelog
--- sox-14.4.1/debian/changelog 2019-02-01 16:18:21.0 +0100
+++ sox-14.4.1/debian/changelog 2019-08-16 00:28:55.0 +0200
@@ -1,3 +1,16 @@
+sox (14.4.1-5+deb9u2) stretch; urgency=medium
+
+ * Sync up patches with 14.4.1-5+deb8u4 (sans some uncommented patches)
+CVE-2019-8354 CVE-2019-8355 CVE-2019-8356 CVE-2019-8357 (Closes: #927906)
+CVE-2019-1010004 CVE-2017-18189 (Closes: #881121)
+CVE-2017-15642 (Closes: #882144)
+CVE-2017-15372 (Closes: #878808)
+CVE-2017-15371 (Closes: #878809)
+CVE-2017-15370 (Closes: #878810)
+CVE-2017-11359 CVE-2017-11358 CVE-2017-11332 (Closes: #870328)
+
+ -- Moritz Mühlenhoff Fri, 16 Aug 2019 00:28:55 +0200
+
sox (14.4.1-5+deb9u1) stretch; urgency=medium
* Non-maintainer upload.
diff -Nru sox-14.4.1/debian/patches/0001-Clean-up-lsx_malloc-and-friends.patch
sox-14.4.1/debian/patches/0001-Clean-up-lsx_malloc-and-friends.patch
--- sox-14.4.1/debian/patches/0001-Clean-up-lsx_malloc-and-friends.patch
1970-01-01 01:00:00.0 +0100
+++ sox-14.4.1/debian/patches/0001-Clean-up-lsx_malloc-and-friends.patch
2019-05-10 01:08:00.0 +0200
@@ -0,0 +1,80 @@
+From ccedd08802f62ed896f69d778e6a106d00f9ab58 Mon Sep 17 00:00:00 2001
+From: Mans Rullgard
+Date: Tue, 8 Dec 2015 22:52:41 +
+Subject: [PATCH 1/5] Clean up lsx_malloc() and friends
+
+---
+ src/Makefile.am | 2 +-
+ src/xmalloc.c | 30 +-
+ src/xmalloc.h | 7 ---
+ 3 files changed, 30 insertions(+), 9 deletions(-)
+
+diff --git a/src/xmalloc.c b/src/xmalloc.c
+index 9bf15969..56fe6944 100644
+--- a/src/xmalloc.c
b/src/xmalloc.c
+@@ -20,6 +20,16 @@
+ #include "sox_i.h"
+ #include
+
++static void *lsx_checkptr(void *ptr)
++{
++ if (!ptr) {
++lsx_fail("out of memory");
++exit(2);
++ }
++
++ return ptr;
++}
++
+ /* Resize an allocated memory area; abort if not possible.
+ *
+ * For malloc, `If the size of the space requested is zero, the behavior is
+@@ -34,10 +44,20 @@ void *lsx_realloc(void *ptr, size_t newsize)
+ return NULL;
+ }
+
+- if ((ptr = realloc(ptr, newsize)) == NULL) {
+-lsx_fail("out of memory");
+-exit(2);
+- }
++ return lsx_checkptr(realloc(ptr, newsize));
++}
+
+- return ptr;
++void *lsx_malloc(size_t size)
++{
++ return lsx_checkptr(malloc(size + !size));
++}
++
++void *lsx_calloc(size_t n, size_t size)
++{
++ return lsx_checkptr(calloc(n + !n, size + !size));
++}
++
++char *lsx_strdup(const char *s)
++{
++ return lsx_checkptr(strdup(s));
+ }
+diff --git a/src/xmalloc.h b/src/xmalloc.h
+index 9ee77f63..92ac64d9 100644
+--- a/src/xmalloc.h
b/src/xmalloc.h
+@@ -23,10 +23,11 @@
+ #include
+ #include
+
+-#define lsx_malloc(size) lsx_realloc(NULL, (size))
+-#define lsx_calloc(n,s) (((n)*(s))? memset(lsx_malloc((n)*(s)),0,(n)*(s)) :
NULL)
++LSX_RETURN_VALID void *lsx_malloc(size_t size);
++LSX_RETURN_VALID void *lsx_calloc(size_t n, size_t size);
++LSX_RETURN_VALID char *lsx_strdup(const char *s);
++
+ #define lsx_Calloc(v,n) v = lsx_calloc(n,sizeof(*(v)))
+-#define lsx_strdup(p) ((p)? strcpy((char *)lsx_malloc(strlen(p) + 1), p) :
NULL)
+ #define lsx_memdup(p,s) ((p)? memcpy(lsx_malloc(s), p, s) : NULL)
+ #define lsx_valloc(v,n) v = lsx_malloc((n)*sizeof(*(v)))
+ #define lsx_revalloc(v,n) v = lsx_realloc(v, (n)*sizeof(*(v)))
+--
+2.20.1
+
diff -Nru
sox-14.4.1/debian/patches/0002-fix-possible-buffer-size-overflow-in-lsx_make_lpf-CV.patch
sox-14.4.1/debian/patches/0002-fix-possible-buffer-size-overflow-in-lsx_make_lpf-CV.patch
---
sox-14.4.1/debian/patches/0002-fix-possible-buffer-size-overflow-in-lsx_make_lpf-CV.patch
1970-01-01 01:00:00.0 +0100
+++
sox-14.4.1/debian/patches/0002-fix-possible-buffer-size-overflow-in-lsx_make_lpf-CV.patch
2019-05-10 01:08:00.0 +0200
@@ -0,0 +1,23 @@
+From f70911261a84333b077c29908e1242f69d7439eb Mon Sep 17 00:00:00 2001
+From: Mans Rullgard
+Date: Wed, 24 Apr 2019 14:57:34 +0100
+Subject: [PATCH 2/5] fix possible buffer size overflow in lsx_make_lpf()
+ (CVE-2019-8354)
+
+The multiplication in the size argument malloc() might overflow,
+resulting in a small buffer being allocated. Use calloc() instead.
+---
+ src/effects_i_dsp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/effects_i_dsp.c
b/src/effects_i_dsp.c
+@@ -256,7 +256,7 @@
+ double * lsx_make_lpf(int num_taps, double Fc, double beta, double scale,
sox_bool dc_norm)
+ {
+ int i, m = num_taps - 1;
+- double * h = malloc(num_taps * sizeof(*h)), sum = 0;
NEW changes in stable-new
Processing changes file: linux_4.19.67-1_arm64.changes ACCEPT
Bug#934990: marked as done (nmu: tasksel_3.54)
Your message dated Thu, 22 Aug 2019 21:54:51 +0100 with message-id <72d853551e2dc5f64800643fc6031070be5e87c3.ca...@adam-barratt.org.uk> and subject line Re: Bug#934990: nmu: tasksel_3.54 has caused the Debian Bug report #934990, regarding nmu: tasksel_3.54 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 934990: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934990 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 nmu tasksel_3.54 . ANY . unstable . -m "Rebuild for transition to bullseye" tasksel/3.54 had to be a binary upload, as it went through NEW (renamed bin pkg) - -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEU7EqA8ZVHYoLJhPE5vmO4pLV7MsFAl1YTnwRHG5pY29vQGRl Ymlhbi5vcmcACgkQ5vmO4pLV7Mt8KA/+KK2jEcKZ+VV6ZRrMOyhazbhCGsusFIo9 55JRC2v5Wh5Opmnji9qXZsW5kCH4JU2geDxBKiGm5veNzBXb8VtscdJSfCoosk4r MXqcT9tOZHJBBU8n3pEnpWhleUf1yz5lnUWtYJhCh0TVE6GMZPuyBLdzaQAuxwOn OVtUizOzOIPiFgN9VrIIu5x88zF7HzERZDmKTDMsQ27IwxIgnf1jC6Ev0aRKrnu6 lseXVbPvj4eMy2SqUAlFOEqFV0TaBP9K+TaIvckDyfaRNO303SldrwChbXw9tzl0 1ULGCsM0PJJX/betjQNJ32E+cKT9wJwvKbS2m4ABGslZYdSOxaArWiHw0LI+5TKJ 6Ca/BhSghL81XGUxOKhs3/A1zpfhWP2j7cKvnhyk86eTcf5C8PuVHnxOKAs+pEbZ 6rNoaxCbKpxKuxDxE/l94SQBqKnw8vUNQMUEmpuw6mTc40EVkQhI2TtUu2/Iys+N 8pHjKTsF0LBYX3Uekz3HnTnuIttOGGVXBtl1Rtgdxg0iuuZvB2w29MEk74UewOzt ycADdhNeo3/FVHQ/TGBGgt0C+v/q0M6Y9rIJIOOED34SGHzvBnrEFnma1HQRtdXK 3nmM/FvghqxedbQI2TSO6dNVwFxt9ZPBohFywDMDxyN4/71hEFweveQp5V67aDvm e4tbLCmhdvU= =x2cy -END PGP SIGNATURE- --- End Message --- --- Begin Message --- On Sat, 2019-08-17 at 20:59 +0200, Nicolas Braud-Santoni wrote: > nmu tasksel_3.54 . ANY . unstable . -m "Rebuild for transition to > bullseye" > Unfortunately, that won't work. All of the binary packages are arch:all (which "ANY" explicitly and intentionally excludes). We can't binNMU arch:all packages in a useful manner, so this will need a source upload. Regards, Adam--- End Message ---
Processed: Re: Bug#931610: stretch-pu: package pound/2.7-1.3+deb9u1
Processing control commands: > tags -1 + confirmed Bug #931610 [release.debian.org] stretch-pu: package pound/2.7-1.3+deb9u1 Added tag(s) confirmed. -- 931610: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931610 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#931610: stretch-pu: package pound/2.7-1.3+deb9u1
Control: tags -1 + confirmed On Thu, 2019-08-22 at 11:51 +0200, Carsten Leonhardt wrote: [...] > longer testing revealed a regression (CPU load built up slowly, > finally reaching 100%). > > I found a fix and have applied it, the fixed version is running on > live servers since at least a week now, without a sign of abnormal > CPU load. > Thanks for the update. Please go ahead. Regards, Adam
Bug#930112: stretch-pu: package node-growl/1.7.0-1+deb9u1
Control: tags -1 + confirmed On Fri, 2019-06-07 at 12:19 +0200, Xavier Guimard wrote: > node-growl in stretch is vulnerable to #900868 / CVE-2017-16042. I > imported upstream patch and embedded the little shell-escape module. None of this makes me happy, but I guess go for it... Regards, Adam
Processed: Re: Bug#930112: stretch-pu: package node-growl/1.7.0-1+deb9u1
Processing control commands: > tags -1 + confirmed Bug #930112 [release.debian.org] stretch-pu: package node-growl/1.7.0-1+deb9u1 Added tag(s) confirmed. -- 930112: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930112 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#906258: stretch-pu: package yubico-piv-tool/1.4.2-2
On Sat, 2019-02-23 at 22:41 +0100, Julien Cristau wrote:
> On 2/23/19 7:56 PM, Nicolas Braud-Santoni wrote:
> > On Sat, Feb 23, 2019 at 02:27:04PM +0100, Nicolas Braud-Santoni
> > wrote:
> > > On Fri, Feb 15, 2019 at 04:55:58PM +0100, Nicolas Braud-Santoni
> > > wrote:
> > > > On Wed, Feb 13, 2019 at 03:34:50PM +0100, Nicolas Braud-Santoni
> > > > wrote:
> > > > > I assume I can't just dput this, as it already exists in
> > > > > stable-new.
> > > > > Could you reject the existing package first, and I will
> > > > > reupload?
> > > >
> > > > Uploaded a new revision at the request of jcristau.
> > >
> > > Ping?
> >
> > Nevermind, ftpmaster rejected the upload:
> >
> They did not; I did, as I told you in
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906258#69
The mail claims to be from "Debian FTP Masters" as it is sent by dak at
the point of rejection. However, in the case of rejections from
{,old}stable-new, dak is simply carrying out requests from the Release
Team.
> > On Sat, Feb 23, 2019 at 05:47:07PM +, Debian FTP Masters wrote:
> > > yubico-piv-tool - inappropriate changelog entry
> >
> > Dear ftpmasters, could you clarify in which way the changelog entry
> > is inappropriate, and what would be an appropriate changelog entry?
> >
> An appropriate changelog entry is one that describes the changes made
> to the package. For example, "Remove cruft that was included in the
> source package by mistake" would be one way to describe the changes
> in your upload.
Ping on a new upload? There's just over a week if you want to get this
in to 9.10.
Regards,
Adam
Processed: Re: Bug#928276: stretch-pu: package biomaj-watcher/1.2.2-4+deb9u1
Processing control commands: > tags -1 + confirmed Bug #928276 [release.debian.org] stretch-pu: package biomaj-watcher/1.2.2-4+deb9u1 Added tag(s) confirmed. -- 928276: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928276 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#928276: stretch-pu: package biomaj-watcher/1.2.2-4+deb9u1
Control: tags -1 + confirmed On Wed, 2019-05-01 at 03:58 +0200, Andreas Beckmann wrote: > I finally found a solution for the biomaj-watcher jessie->stretch > upgrade problem I noticed long ago. #866980 > We need to ensure that the build-time jdk is also available at run- > time. > The problem occurred if biomaj-watcher from stretch, built against > openjdk-8, was installed (and configured) along openjdk-7 from jessie > as default-jdk (which was not jet upgraded) ... > So lets just tighten the dependencies and the problem is gone. Please go ahead; thanks. Regards, Adam
Bug#934704: buster-pu: package node-lodash/4.17.11+dfsg-2+deb10u1
Control: tags -1 + confirmed On Tue, 2019-08-13 at 19:07 +0200, Xavier Guimard wrote: > node-lodash is vulnerable to prototype pollution (#933079, > CVE-2019-10744). I imported upstream fix in the attached debdiff. Please go ahead. Regards, Adam
Processed: Re: Bug#934704: buster-pu: package node-lodash/4.17.11+dfsg-2+deb10u1
Processing control commands: > tags -1 + confirmed Bug #934704 [release.debian.org] buster-pu: package node-lodash/4.17.11+dfsg-2+deb10u1 Added tag(s) confirmed. -- 934704: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934704 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: tagging 935458, retitle 935458 to RM: pump -- RoST; unmaintained; security issues
Processing commands for cont...@bugs.debian.org: > tags 935458 + buster pending Bug #935458 [release.debian.org] RM: pump/0.8.24-7.1 Added tag(s) buster and pending. > retitle 935458 RM: pump -- RoST; unmaintained; security issues Bug #935458 [release.debian.org] RM: pump/0.8.24-7.1 Changed Bug title to 'RM: pump -- RoST; unmaintained; security issues' from 'RM: pump/0.8.24-7.1'. > thanks Stopping processing here. Please contact me if you need assistance. -- 935458: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935458 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#935458: RM: pump/0.8.24-7.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Hi, please remove pump in the 10.1 point release. It's unmaintained both in Debian and upstream and security-buggy. I've gotten in touch with Red Hat (the former upstream), it was formerly developed by Red Hat by for RHEL 5 and they recommended very strongly to remove it. Cheers, Moritz
NEW changes in stable-new
Processing changes file: linux_4.19.67-1_amd64.changes ACCEPT
Bug#934507: buster-pu: package openldap/2.4.47+dfsg-3+deb10u1
Hmm, sorry for the noise, that is because of bug 905563. I forgot I had that blocked in the past. Paul On 22-08-2019 21:07, Paul Gevers wrote: > Hi Ryan, > > On Wed, 14 Aug 2019 09:53:22 -0700 Ryan Tandy wrote: >> On Tue, Aug 13, 2019 at 06:25:13PM +0100, Adam D. Barratt wrote: >>> Please go ahead; thanks. >> >> Thank you. Uploaded, accepted, and visible on the queue page now. > > Do you have any idea why the autopkgtest of gnupg2 (maintainers in CC) > is failing with the new openldap package? Looking at the error it seems > that wine32 (maintainers in CC) in a multiarch environment isn't > installable on amd64 anymore. libwine does have a dependency on > libldap-2.4.2 so this isn't totally weird. > > Paul > signature.asc Description: OpenPGP digital signature
Bug#934507: buster-pu: package openldap/2.4.47+dfsg-3+deb10u1
Hi Ryan, On Wed, 14 Aug 2019 09:53:22 -0700 Ryan Tandy wrote: > On Tue, Aug 13, 2019 at 06:25:13PM +0100, Adam D. Barratt wrote: > >Please go ahead; thanks. > > Thank you. Uploaded, accepted, and visible on the queue page now. Do you have any idea why the autopkgtest of gnupg2 (maintainers in CC) is failing with the new openldap package? Looking at the error it seems that wine32 (maintainers in CC) in a multiarch environment isn't installable on amd64 anymore. libwine does have a dependency on libldap-2.4.2 so this isn't totally weird. Paul signature.asc Description: OpenPGP digital signature
NEW changes in stable-new
Processing changes file: linux_4.19.67-1_armhf.changes ACCEPT Processing changes file: pulseaudio_12.2-4+deb10u1_mips64el.changes ACCEPT Processing changes file: webkit2gtk_2.24.3-1~deb10u1_mips.changes ACCEPT
NEW changes in stable-new
Processing changes file: fuse-emulator_1.5.7+dfsg1-2~deb10u1_amd64.changes ACCEPT Processing changes file: fuse-emulator_1.5.7+dfsg1-2~deb10u1_i386.changes ACCEPT Processing changes file: fuse-emulator_1.5.7+dfsg1-2~deb10u1_mips64el.changes ACCEPT Processing changes file: netdata_1.12.0-1+deb10u1_i386.changes ACCEPT Processing changes file: netdata_1.12.0-1+deb10u1_mips64el.changes ACCEPT Processing changes file: pulseaudio_12.2-4+deb10u1_amd64.changes ACCEPT Processing changes file: pulseaudio_12.2-4+deb10u1_i386.changes ACCEPT Processing changes file: pulseaudio_12.2-4+deb10u1_mipsel.changes ACCEPT
Bug#935445: stretch-pu: package dansguardian/2.10.1.1-5.1+deb9u2
Package: release.debian.org User: release.debian@packages.debian.org Usertags: pu Tags: stretch Severity: normal Please find attached the proposed update to dansguardian for Stretch as part of the clamav transition, #924278. Sebastian diff -u dansguardian-2.10.1.1/debian/changelog dansguardian-2.10.1.1/debian/changelog --- dansguardian-2.10.1.1/debian/changelog +++ dansguardian-2.10.1.1/debian/changelog @@ -1,3 +1,10 @@ +dansguardian (2.10.1.1-5.1+deb9u2) stretch; urgency=medium + + * Non-maintainer upload. + * Add support for clamav 0.101 (Closes: #923981). + + -- Sebastian Andrzej Siewior Thu, 22 Aug 2019 19:19:58 +0200 + dansguardian (2.10.1.1-5.1+deb9u1) stretch; urgency=medium * Non-maintainer upload. diff -u dansguardian-2.10.1.1/debian/control dansguardian-2.10.1.1/debian/control --- dansguardian-2.10.1.1/debian/control +++ dansguardian-2.10.1.1/debian/control @@ -6,7 +6,7 @@ debhelper (>= 9), dh-autoreconf, dpatch (>= 2.0.32~), - libclamav-dev (>= 0.90), + libclamav-dev (>= 0.101.1), libpcre3-dev, zlib1g-dev Standards-Version: 3.9.2 diff -u dansguardian-2.10.1.1/debian/patches/00list dansguardian-2.10.1.1/debian/patches/00list --- dansguardian-2.10.1.1/debian/patches/00list +++ dansguardian-2.10.1.1/debian/patches/00list @@ -9,0 +10 @@ +90_clamav111_support.dpatch only in patch2: unchanged: --- dansguardian-2.10.1.1.orig/debian/patches/90_clamav111_support.dpatch +++ dansguardian-2.10.1.1/debian/patches/90_clamav111_support.dpatch @@ -0,0 +1,44 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 90_clamav111_support.dpatch by Sebastian A. Siewior +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Adds support for clamav 0.101.1 + +@DPATCH@ +diff --git a/src/contentscanners/clamav.cpp b/src/contentscanners/clamav.cpp +index cb5e5be1b3fc..7af3c9383e60 100644 +--- a/src/contentscanners/clamav.cpp b/src/contentscanners/clamav.cpp +@@ -172,7 +172,13 @@ int clamavinstance::scanMemory(HTTPHeader * requestheader, HTTPHeader * docheade + } + + #ifdef CL_INIT_DEFAULT +- rc = cl_scandesc(fd, , NULL, engine, CL_SCAN_STDOPT); ++ struct cl_scan_options cl_options; ++ ++ memset(_options, 0, sizeof(struct cl_scan_options)); ++ cl_options.general = CL_SCAN_GENERAL_ALLMATCHES; ++ cl_options.parse = ~0; ++ ++ rc = cl_scandesc(fd, NULL, , NULL, engine, _options); + #else + rc = cl_scandesc(fd, , NULL, engine, , CL_SCAN_STDOPT); + #endif +@@ -201,7 +207,13 @@ int clamavinstance::scanFile(HTTPHeader * requestheader, HTTPHeader * docheader, + lastmessage = lastvirusname = ""; + const char *vn = NULL; + #ifdef CL_INIT_DEFAULT +- int rc = cl_scanfile(filename, , NULL, engine, CL_SCAN_STDOPT ); ++ struct cl_scan_options cl_options; ++ ++ memset(_options, 0, sizeof(struct cl_scan_options)); ++ cl_options.general = CL_SCAN_GENERAL_ALLMATCHES; ++ cl_options.parse = ~0; ++ ++ int rc = cl_scanfile(filename, , NULL, engine, _options); + #else + int rc = cl_scanfile(filename, , NULL, engine, , CL_SCAN_STDOPT ); + #endif +-- +2.20.1 +
NEW changes in stable-new
Processing changes file: fuse-emulator_1.5.7+dfsg1-2~deb10u1_mipsel.changes ACCEPT Processing changes file: fuse-emulator_1.5.7+dfsg1-2~deb10u1_s390x.changes ACCEPT Processing changes file: linux_4.19.67-1_s390x.changes ACCEPT Processing changes file: netdata_1.12.0-1+deb10u1_s390x.changes ACCEPT Processing changes file: pulseaudio_12.2-4+deb10u1_s390x.changes ACCEPT
NEW changes in stable-new
Processing changes file: linux_4.19.67-1_ppc64el.changes ACCEPT Processing changes file: netdata_1.12.0-1+deb10u1_mipsel.changes ACCEPT Processing changes file: pulseaudio_12.2-4+deb10u1_armhf.changes ACCEPT Processing changes file: pulseaudio_12.2-4+deb10u1_mips.changes ACCEPT
NEW changes in stable-new
Processing changes file: fuse-emulator_1.5.7+dfsg1-2~deb10u1_armel.changes ACCEPT Processing changes file: fuse-emulator_1.5.7+dfsg1-2~deb10u1_armhf.changes ACCEPT Processing changes file: fuse-emulator_1.5.7+dfsg1-2~deb10u1_mips.changes ACCEPT Processing changes file: pulseaudio_12.2-4+deb10u1_armel.changes ACCEPT
NEW changes in oldstable-new
Processing changes file: c-icap-modules_0.4.4-1+deb9u1_all.changes ACCEPT Processing changes file: c-icap-modules_0.4.4-1+deb9u1_amd64.changes ACCEPT Processing changes file: havp_0.92a-4+deb9u1_amd64.changes ACCEPT Processing changes file: lemonldap-ng_1.9.7-3+deb9u2_all.changes ACCEPT Processing changes file: python-clamav_0.4.1-8+deb9u1_amd64.changes ACCEPT
NEW changes in stable-new
Processing changes file: enigmail_2.0.12+ds1-1~deb10u1_all.changes ACCEPT Processing changes file: fuse-emulator_1.5.7+dfsg1-2~deb10u1_all.changes ACCEPT Processing changes file: fuse-emulator_1.5.7+dfsg1-2~deb10u1_arm64.changes ACCEPT Processing changes file: fuse-emulator_1.5.7+dfsg1-2~deb10u1_ppc64el.changes ACCEPT Processing changes file: netdata_1.12.0-1+deb10u1_arm64.changes ACCEPT Processing changes file: netdata_1.12.0-1+deb10u1_armel.changes ACCEPT Processing changes file: netdata_1.12.0-1+deb10u1_armhf.changes ACCEPT Processing changes file: netdata_1.12.0-1+deb10u1_mips.changes ACCEPT Processing changes file: netdata_1.12.0-1+deb10u1_ppc64el.changes ACCEPT Processing changes file: pulseaudio_12.2-4+deb10u1_arm64.changes ACCEPT Processing changes file: pulseaudio_12.2-4+deb10u1_ppc64el.changes ACCEPT
Bug#933911: pulseaudio 12.2-4+deb10u1 flagged for acceptance
package release.debian.org tags 933911 = buster pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster. Thanks for your contribution! Upload details == Package: pulseaudio Version: 12.2-4+deb10u1 Explanation: fix mute state restoring
Processed: pulseaudio 12.2-4+deb10u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 933911 = buster pending Bug #933911 [release.debian.org] buster-pu: package pulseaudio Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 933911: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933911 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#933911: buster-pu: package pulseaudio
On Tue, Aug 20, 2019 at 4:47 PM Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Thu, 2019-08-15 at 11:28 -0400, Felipe Sateler wrote: > > Control: tags -1 -moreinfo > > > > On Sun, Aug 11, 2019 at 9:53 AM Jonathan Wiltshire > > wrote: > > > Control: tag -1 moreinfo > > > > > > Hi, > > > > > > On Sun, Aug 04, 2019 at 09:31:37PM -0400, Felipe Sateler wrote: > [...] > > > > There is a bug affecting pulseaudio users: #913102. This bug > > > causes the > > > > mute state to be incorrectly restored. Some users have asked for > > > the fix > > > > (which is now on unstable), to be backported to buster given that > > > GDM is > > > > affected by this bug. The upstream patch fixing this issue is > > > very > > > > small[1]. > > Please go ahead; thanks. > Done, thank you -- Saludos, Felipe Sateler
NEW changes in stable-new
Processing changes file: glib2.0_2.58.3-2+deb10u1_arm64.changes ACCEPT
Processed: Re: Bug#935419: RM: python-django-session-security/2.6.5+dfsg-1 -- ROM; cruft
Processing control commands: > reassign -1 ftp.debian.org Bug #935419 [release.debian.org] RM: python-django-session-security/2.6.5+dfsg-1 -- ROM; cruft Bug reassigned from package 'release.debian.org' to 'ftp.debian.org'. Ignoring request to alter found versions of bug #935419 to the same values previously set Ignoring request to alter fixed versions of bug #935419 to the same values previously set -- 935419: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935419 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#887324: stretch-pu: package python-flask-rdf/0.2.0-1.1~deb9u1
On 21/08/2019 00.30, Adam D. Barratt wrote: >> That is not sufficient: #896358, #896385 >> >> ImportError: No module named 'rdflib' > > What's the status here? Still reproducible in sid (same version as in buster), just reopened the bugs. Andreas
Bug#935265: buster-pu: package gnome-control-center/1:3.30.3-2~deb10u1
On Thu, 22 Aug 2019 at 12:14:56 +0100, Adam D. Barratt wrote: > On 2019-08-21 09:56, Simon McVittie wrote: > > I updated gnome-control-center in unstable a few weeks ago, and I think > > the > > same changes would make sense in buster. > > > > > * d/patches: Update to upstream gnome-3-30 commit 3.30.3-7-gf41ae4269 > > Does this want to go together with the gnome-shell and mutter updates, or > can we handle this one separately? I think this one can be orthogonal: gnome-control-center isn't in the same process as gnome-shell and mutter, so it isn't so closely related. smcv
Bug#935419: RM: python-django-session-security/2.6.5+dfsg-1 -- ROM; cruft
Control: reassign -1 ftp.debian.org On 2019-08-22 13:16, Jean-Michel Vourgère wrote: Due to #933034, I believe I need manual decrufting: source package django-session-security 2.6.5+dfsg-2 no longer builds binary package(s): python-django-session-security That may well be the case, but this: Please remove python-django-session-security/2.6.5+dfsg-1 from testing so that django-session-security 2.6.5+dfsg-2 can migrate from sid to testing. is not. The cruft is in unstable, and it needs removing from unstable, which is handled by the FTP Team. I'm reassigning the request to them. As an additional note, the excuses include this item: Not built on buildd: arch all binaries uploaded by jmv_...@nirgal.com which means that the package still will not be able to migrate in any case, and you will need to make a new source upload. If you're not already aware of this, see the second topic in https://lists.debian.org/debian-devel-announce/2019/07/msg2.html Regards, Adam
Re: reflecting on the buster release cycle and RFF
Dear Release Team On 2019/07/21 20:43, Paul Gevers wrote: [1] A note on that: the release team needs help. If you want to help, consider joining. I've been a "core developer" in Ubuntu since 2016, and know a little bit about how transitions and autopkgtest blocking migrations work there. I would like to help. Regards Graham
NEW changes in stable-new
Processing changes file: webkit2gtk_2.24.3-1~deb10u1_mips64el.changes ACCEPT
Bug#935419: RM: python-django-session-security/2.6.5+dfsg-1 -- ROM; cruft
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Hello Due to #933034, I believe I need manual decrufting: source package django-session-security 2.6.5+dfsg-2 no longer builds binary package(s): python-django-session-security Please remove python-django-session-security/2.6.5+dfsg-1 from testing so that django-session-security 2.6.5+dfsg-2 can migrate from sid to testing. https://qa.debian.org/madison.php?package=django-session-security=debian===bullseye=on django-session-security | 2.6.5+dfsg-1 | bullseye | source python-django-session-security | 2.6.5+dfsg-1 | bullseye | all python3-django-session-security | 2.6.5+dfsg-1 | bullseye | all The binary only removal itself is because of python2 removal (#931659).
Reklama Twojej firmy na Facebooku
Dzień dobry, skuteczne administrowanie /*FanPage na Facebook’u*/ to nasza specjalność. W związku z tym, chcemy zwiększyć zysk Państwa firmy oraz ilość fanów. Przesłanie odpowiedzi o treści* Tak*, umożliwi nam kontakt z Państwem. Ponieważ sami prowadzimy biznes, jesteśmy świadomi, że podstawą każdej firmy są klienci. Zadbamy o przypływ nowych klientów dla Państwa firmy. .. Z poważaniem , Agencja Interaktywna.
NEW changes in stable-new
Processing changes file: webkit2gtk_2.24.3-1~deb10u1_mipsel.changes ACCEPT
NEW changes in oldstable-new
Processing changes file: c-icap-modules_0.4.4-1+deb9u1_source.changes ACCEPT Processing changes file: havp_0.92a-4+deb9u1_source.changes ACCEPT Processing changes file: lemonldap-ng_1.9.7-3+deb9u2_sourceonly.changes ACCEPT Processing changes file: python-clamav_0.4.1-8+deb9u1_source.changes ACCEPT Processing changes file: glib2.0_2.50.3-2+deb9u1_amd64.changes ACCEPT
Bug#905957: stretch-pu: package libgpod/0.8.3-8.2+deb9u1
Control: tags -1 + confirmed
On 2018-08-12 11:40, Adrian Bunk wrote:
* python-gpod: Add the missing dependency on python-gobject-2.
(Closes: #896230)
Depends: libgpod4 (= [-0.8.3-8.2),-] {+0.8.3-8.2+deb9u1),+} libc6 (>=
2.14), libgdk-pixbuf2.0-0 (>= 2.22.0), libglib2.0-0 (>= 2.16),
libplist3 (>= 1.11), libsqlite3-0 (>= 3.5.9), libxml2 (>= 2.6.27),
python (<< 2.8), python (>= 2.7~), python-mutagen, python:any (<<
2.8), python:any (>= [-2.7.5-5~)-] {+2.7.5-5~), python-gobject-2+}
Please go ahead; thanks.
Regards,
Adam
Processed: Re: Bug#905957: stretch-pu: package libgpod/0.8.3-8.2+deb9u1
Processing control commands: > tags -1 + confirmed Bug #905957 [release.debian.org] stretch-pu: package libgpod/0.8.3-8.2+deb9u1 Added tag(s) confirmed. -- 905957: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905957 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#891581: stretch-pu: package chaosreader/0.96-2+deb9u1
Processing control commands: > tags -1 + confirmed Bug #891581 [release.debian.org] stretch-pu: package chaosreader/0.96-2+deb9u1 Added tag(s) confirmed. -- 891581: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891581 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#891581: stretch-pu: package chaosreader/0.96-2+deb9u1
Control: tags -1 + confirmed On 2018-02-26 20:09, Adrian Bunk wrote: * Added libnet-dns-perl to Depends field. (Closes: #890589) Please go ahead. Sorry for the long delay. Regards, Adam
Processed: c-icap-modules 0.4.4-1+deb9u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 935368 = stretch pending Bug #935368 [release.debian.org] stretch-pu: package c-icap-modules/0.4.4-1+deb9u1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 935368: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935368 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#935366: havp 0.92a-4+deb9u1 flagged for acceptance
package release.debian.org tags 935366 = stretch pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian stretch. Thanks for your contribution! Upload details == Package: havp Version: 0.92a-4+deb9u1 Explanation: add support for clamav 0.101.1
Processed: lemonldap-ng 1.9.7-3+deb9u2 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 929611 = stretch pending Bug #929611 [release.debian.org] stretch-pu: package lemonldap-ng/1.9.7-3+deb9u2 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 929611: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929611 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#929611: lemonldap-ng 1.9.7-3+deb9u2 flagged for acceptance
package release.debian.org tags 929611 = stretch pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian stretch. Thanks for your contribution! Upload details == Package: lemonldap-ng Version: 1.9.7-3+deb9u2 Explanation: fix cross-domain authentication regression; fix XML external entity vulnerability
Processed: havp 0.92a-4+deb9u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 935366 = stretch pending Bug #935366 [release.debian.org] stretch-pu: package havp/0.92a-4+deb9u1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 935366: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935366 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: python-clamav 0.4.1-8+deb9u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 935367 = stretch pending Bug #935367 [release.debian.org] stretch-pu: package python-clamav/0.4.1-8+deb9u1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 935367: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935367 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#935368: c-icap-modules 0.4.4-1+deb9u1 flagged for acceptance
package release.debian.org tags 935368 = stretch pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian stretch. Thanks for your contribution! Upload details == Package: c-icap-modules Version: 0.4.4-1+deb9u1 Explanation: add support for clamav 0.101.1
Bug#935367: python-clamav 0.4.1-8+deb9u1 flagged for acceptance
package release.debian.org tags 935367 = stretch pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian stretch. Thanks for your contribution! Upload details == Package: python-clamav Version: 0.4.1-8+deb9u1 Explanation: add support for clamav 0.101.1
NEW changes in stable-new
Processing changes file: netdata_1.12.0-1+deb10u1_amd64.changes ACCEPT
Processed: Re: Bug#875714: stretch-pu: package zeroc-ice/3.6.3-5
Processing control commands: > tags -1 + moreinfo Bug #875714 [release.debian.org] stretch-pu: package zeroc-ice/3.6.3-5 Added tag(s) moreinfo. -- 875714: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875714 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#875714: stretch-pu: package zeroc-ice/3.6.3-5
Control: tags -1 + moreinfo On 2018-07-09 07:12, Jose Gutierrez de la Concha wrote: On Sat, Jul 7, 2018 at 1:53 PM Adam D. Barratt wrote: On Mon, 2018-02-26 at 12:48 +0100, Jose Gutierrez de la Concha wrote: Hi, any change we can get this approved on time for debian 9.4? The current diff is nearly 20,000 lines, with a lot of effective noise like changing quoting on command invocation and logging, and s/OS X/macOS/, which is really difficult to try and find real changes in, and probably one of the reasons that people unfortunately keep not finding time to deal with this request (which isn't an excuse, but...). I understand, there were a lot of minor and cosmetic changes in this release, but still it will be good to get it uploaded at some point as there is some important bug fixes see https://github.com/zeroc-ice/ice/blob/v3.6.4/CHANGELOG-3.6.md We will eventually release 3.6.5 and we will be in a better position if 3.6.4 is arlready in stretch. Unfortunately this managed to not make it onto anyone's radar for some time again. :-| (and it appears that 3.6.5 was rleeased in the meantime.) One thing I did notice from a quick look through the packaging changes is that introducing new binary packages (i.e. the Python 2 bindings) is not something that is generally done within a stable Debian release. Python2 packages were requested in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=82 We can consider leaving this package out if that is an stopper. It would be at this stage, yes. Is this update (now for oldstable rather than stable) something you're still interesting in persuing? Regards, Adam
Bug#935411: buster-pu: package dbconfig-common/2.0.11+deb10u1
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: buster
Severity: normal
Hi all,
After the buster release, it was discovered that bash changed its POSIX
behavior for `local` variables (bug #935115). This was first reported
against dbconfig-common (bug #934027), because the change in bash causes
other packages, that use dbconfig-common to setup their database, to
fail during installation if the system administrator is using bash for
/bin/sh. I hope that the bug in bash gets fixed, but a work-around in
dbconfig-common is available and uploaded to unstable and pu.
I improved the autopkgtest to run its tests with /bin/sh as was my
intention. It would have caught this issue before bash migrated to buster.
Please consider accepting dbconfig-common 2.0.11+deb10u1.
Paul
diff -Nru dbconfig-common-2.0.11/debian/changelog
dbconfig-common-2.0.11+deb10u1/debian/changelog
--- dbconfig-common-2.0.11/debian/changelog 2018-12-13 10:32:33.0
+0100
+++ dbconfig-common-2.0.11+deb10u1/debian/changelog 2019-08-18
21:23:05.0 +0200
@@ -1,3 +1,14 @@
+dbconfig-common (2.0.11+deb10u1) buster; urgency=medium
+
+ [ Marius Burkard ]
+ * Fix regression with /bin/sh pointing to bash due to changes in its
+POSIX behaviour (Closes: #934027)
+
+ [ Paul Gevers ]
+ * tests: use sh instead of hardcoded *sh to catch issues like the above
+
+ -- Paul Gevers Sun, 18 Aug 2019 21:23:05 +0200
+
dbconfig-common (2.0.11) unstable; urgency=medium
[ Sunil Mohan Adapa ]
diff -Nru dbconfig-common-2.0.11/internal/mysql
dbconfig-common-2.0.11+deb10u1/internal/mysql
--- dbconfig-common-2.0.11/internal/mysql 2018-12-13 10:32:33.0
+0100
+++ dbconfig-common-2.0.11+deb10u1/internal/mysql 2019-08-18
21:23:05.0 +0200
@@ -195,7 +195,8 @@
if [ "${dbc_mysql_createdb_encoding:-}" ]; then
extrasql=" CHARACTER SET '$dbc_mysql_createdb_encoding'";
fi
-_dbc_nodb="yes" dbc_mysql_exec_command "CREATE DATABASE
\`$dbc_dbname\`${extrasql:-}"
+_dbc_nodb="yes"
+dbc_mysql_exec_command "CREATE DATABASE \`$dbc_dbname\`${extrasql:-}"
ret=$?
_dbc_nodb=""
if [ "$ret" = "0" ]; then
@@ -314,7 +315,8 @@
FLUSH PRIVILEGES;
EOF
l_dbname=$dbc_dbname
-_dbc_nodb="yes" dbc_mysql_exec_file "$l_sqlfile"
+_dbc_nodb="yes"
+dbc_mysql_exec_file "$l_sqlfile"
l_ret=$?
_dbc_nodb=""
diff -Nru dbconfig-common-2.0.11/test/runtests.sh
dbconfig-common-2.0.11+deb10u1/test/runtests.sh
--- dbconfig-common-2.0.11/test/runtests.sh 2018-12-13 10:32:33.0
+0100
+++ dbconfig-common-2.0.11+deb10u1/test/runtests.sh 2019-08-18
21:23:05.0 +0200
@@ -14,13 +14,13 @@
printf "# # #\n# # # Test: $t\n# # #\n"
printf "# #\n# # Shell: bash\n# #\n"
rm /bin/sh && ln -s bash /bin/sh
-bash $t
+sh $t
printf "\n# #\n# # Shell: dash\n# #\n"
rm /bin/sh && ln -s dash /bin/sh
-dash $t
+sh $t
printf "# #\n# # Shell: lksh\n# #\n"
rm /bin/sh && ln -s lksh /bin/sh
-lksh $t
+sh $t
#printf "# #\n# # Shell: posh\n# #\n"
#rm /bin/sh && ln -s posh /bin/sh
#posh $t
signature.asc
Description: OpenPGP digital signature
Processed: Re: Bug#929257: stretch-pu: package mariadb-10.1 10.1.41-0+deb9u
Processing control commands: > tags -1 + moreinfo Bug #929257 [release.debian.org] stretch-pu: package mariadb-10.1 10.1.41-0+deb9u1 Added tag(s) moreinfo. -- 929257: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929257 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: tagging 932684
Processing commands for cont...@bugs.debian.org: > tags 932684 - moreinfo Bug #932684 [release.debian.org] buster-pu: package gnupg2/2.2.12-1+deb10u1 Removed tag(s) moreinfo. > thanks Stopping processing here. Please contact me if you need assistance. -- 932684: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932684 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#929257: stretch-pu: package mariadb-10.1 10.1.41-0+deb9u
Control: tags -1 + moreinfo On 2019-08-02 22:42, Otto Kekäläinen wrote: (sorry for replying to wrong bug report earlier) Hello! I have now prepared 10.1.41 for upload to Stretch. I am CC'ing security team in case you want this faster in than waiting for the next stable update (planned for 2019-09-07). https://salsa.debian.org/mariadb-team/mariadb-10.1/ *** mariadb-10.1 (10.1.41-0+deb9u1) stretch; urgency=medium * SECURITY UPDATE: New upstream version 10.1.41. Includes fixes for the following security vulnerabilities: - CVE-2019-2737 - CVE-2019-2739 - CVE-2019-2740 - CVE-2019-2805 * Previous release 10.1.39 includes fixes for the following security vulnerabilities: - CVE-2019-2627 - CVE-2019-2614 * Amend previous changelog entries to include newly released CVE numbers. * Gitlab-CI: Sync latest version from Debian Sid but with Stretch adaptions * Uses respolveip from correct path as per upstream fix (Closes: #928758) -- Otto Kekäläinen Fri, 02 Aug 2019 18:10:23 +0100 Could we have a current diff, please? Regards, Adam
Processed: Re: Bug#935265: buster-pu: package gnome-control-center/1:3.30.3-2~deb10u1
Processing control commands: > tags -1 + moreinfo Bug #935265 [release.debian.org] buster-pu: package gnome-control-center/1:3.30.3-2~deb10u1 Added tag(s) moreinfo. -- 935265: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935265 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#935265: buster-pu: package gnome-control-center/1:3.30.3-2~deb10u1
Control: tags -1 + moreinfo On 2019-08-21 09:56, Simon McVittie wrote: I updated gnome-control-center in unstable a few weeks ago, and I think the same changes would make sense in buster. * d/patches: Update to upstream gnome-3-30 commit 3.30.3-7-gf41ae4269 Does this want to go together with the gnome-shell and mutter updates, or can we handle this one separately? Regards, Adam
NEW changes in stable-new
Processing changes file: fuse-emulator_1.5.7+dfsg1-2~deb10u1_source.changes ACCEPT Processing changes file: linux_4.19.67-1_multi.changes ACCEPT Processing changes file: pulseaudio_12.2-4+deb10u1_source.changes ACCEPT
