NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: gnutls28_3.6.7-4+deb10u5_mipsel.changes
  ACCEPT
Processing changes file: transmission_2.94-2+deb10u1_mips64el.changes
  ACCEPT

NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: dbus_1.12.20-0+deb10u1_mips.changes
  ACCEPT
Processing changes file: linux_4.19.131-2_armel.changes
  ACCEPT
Processing changes file: transmission_2.94-2+deb10u1_mips.changes
  ACCEPT

NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: balsa_2.5.6-2+deb10u1_mips.changes
  ACCEPT
Processing changes file: dbus_1.12.20-0+deb10u1_mips64el.changes
  ACCEPT
Processing changes file: dbus_1.12.20-0+deb10u1_mipsel.changes
  ACCEPT
Processing changes file: glib-networking_2.58.0-2+deb10u2_mips.changes
  ACCEPT
Processing changes file: glib-networking_2.58.0-2+deb10u2_mips64el.changes
  ACCEPT
Processing changes file: mariadb-10.3_10.3.23-0+deb10u1_mips64el.changes
  ACCEPT
Processing changes file: transmission_2.94-2+deb10u1_armel.changes
  ACCEPT
Processing changes file: transmission_2.94-2+deb10u1_mipsel.changes
  ACCEPT

NEW changes in oldstable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: glib-networking_2.50.0-1+deb9u1_mips.changes
  ACCEPT

NEW changes in oldstable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: glib-networking_2.50.0-1+deb9u1_all.changes
  ACCEPT
Processing changes file: glib-networking_2.50.0-1+deb9u1_amd64.changes
  ACCEPT
Processing changes file: glib-networking_2.50.0-1+deb9u1_arm64.changes
  ACCEPT
Processing changes file: glib-networking_2.50.0-1+deb9u1_armel.changes
  ACCEPT
Processing changes file: glib-networking_2.50.0-1+deb9u1_armhf.changes
  ACCEPT
Processing changes file: glib-networking_2.50.0-1+deb9u1_i386.changes
  ACCEPT
Processing changes file: glib-networking_2.50.0-1+deb9u1_mips64el.changes
  ACCEPT
Processing changes file: glib-networking_2.50.0-1+deb9u1_mipsel.changes
  ACCEPT
Processing changes file: glib-networking_2.50.0-1+deb9u1_ppc64el.changes
  ACCEPT
Processing changes file: glib-networking_2.50.0-1+deb9u1_s390x.changes
  ACCEPT

NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: balsa_2.5.6-2+deb10u1_amd64.changes
  ACCEPT
Processing changes file: balsa_2.5.6-2+deb10u1_arm64.changes
  ACCEPT
Processing changes file: balsa_2.5.6-2+deb10u1_armel.changes
  ACCEPT
Processing changes file: balsa_2.5.6-2+deb10u1_armhf.changes
  ACCEPT
Processing changes file: balsa_2.5.6-2+deb10u1_i386.changes
  ACCEPT
Processing changes file: balsa_2.5.6-2+deb10u1_mips64el.changes
  ACCEPT
Processing changes file: balsa_2.5.6-2+deb10u1_mipsel.changes
  ACCEPT
Processing changes file: balsa_2.5.6-2+deb10u1_ppc64el.changes
  ACCEPT
Processing changes file: balsa_2.5.6-2+deb10u1_s390x.changes
  ACCEPT
Processing changes file: dbus_1.12.20-0+deb10u1_all.changes
  ACCEPT
Processing changes file: dbus_1.12.20-0+deb10u1_amd64.changes
  ACCEPT
Processing changes file: dbus_1.12.20-0+deb10u1_arm64.changes
  ACCEPT
Processing changes file: dbus_1.12.20-0+deb10u1_armel.changes
  ACCEPT
Processing changes file: dbus_1.12.20-0+deb10u1_armhf.changes
  ACCEPT
Processing changes file: dbus_1.12.20-0+deb10u1_i386.changes
  ACCEPT
Processing changes file: dbus_1.12.20-0+deb10u1_ppc64el.changes
  ACCEPT
Processing changes file: dbus_1.12.20-0+deb10u1_s390x.changes
  ACCEPT
Processing changes file: fwupd-amd64-signed_1.2.13+1_amd64.changes
  ACCEPT
Processing changes file: fwupd-arm64-signed_1.2.13+1_arm64.changes
  ACCEPT
Processing changes file: fwupd-armhf-signed_1.2.13+1_armhf.changes
  ACCEPT
Processing changes file: fwupd-i386-signed_1.2.13+1_i386.changes
  ACCEPT
Processing changes file: glib-networking_2.58.0-2+deb10u2_all.changes
  ACCEPT
Processing changes file: glib-networking_2.58.0-2+deb10u2_amd64.changes
  ACCEPT
Processing changes file: glib-networking_2.58.0-2+deb10u2_arm64.changes
  ACCEPT
Processing changes file: glib-networking_2.58.0-2+deb10u2_armel.changes
  ACCEPT
Processing changes file: glib-networking_2.58.0-2+deb10u2_armhf.changes
  ACCEPT
Processing changes file: glib-networking_2.58.0-2+deb10u2_i386.changes
  ACCEPT
Processing changes file: glib-networking_2.58.0-2+deb10u2_mipsel.changes
  ACCEPT
Processing changes file: glib-networking_2.58.0-2+deb10u2_ppc64el.changes
  ACCEPT
Processing changes file: glib-networking_2.58.0-2+deb10u2_s390x.changes
  ACCEPT
Processing changes file: gnutls28_3.6.7-4+deb10u5_armel.changes
  ACCEPT
Processing changes file: transmission_2.94-2+deb10u1_arm64.changes
  ACCEPT
Processing changes file: transmission_2.94-2+deb10u1_armhf.changes
  ACCEPT
Processing changes file: transmission_2.94-2+deb10u1_i386.changes
  ACCEPT
Processing changes file: transmission_2.94-2+deb10u1_ppc64el.changes
  ACCEPT
Processing changes file: transmission_2.94-2+deb10u1_s390x.changes
  ACCEPT

NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: mariadb-10.3_10.3.23-0+deb10u1_mips.changes
  ACCEPT

NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: libpam-radius-auth_1.4.0-3~deb10u1_sourceonly.changes
  REJECT

NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: mariadb-10.3_10.3.23-0+deb10u1_mipsel.changes
  ACCEPT

Bug#964898: buster-pu: package libpam-radius-auth/1.4.0-3~deb10u1

2020-07-11 Thread Salvatore Bonaccorso 
Hi,

On Sat, Jul 11, 2020 at 09:35:32PM +0200, Salvatore Bonaccorso wrote:
> Package: release.debian.org
> Severity: normal
> Tags: buster
> User: release.debian@packages.debian.org
> Usertags: pu
> 
> Hi
> 
> libpam-radius-auth is affected by CVE-2015-9542 (cf. #951396) in
> buster as well. A while ago Utkarsh Gupta prepared a QA update for
> unstable.
> 
> libpam-radius-pam should not be included in bullseye if there is not
> active maintainer, but for stable we can fix the CVE based on the
> upload in unstable (minus the packaging changes).
> 
> Attached the debdiff.

The correct debdiff attached now (with the packaging changes
reverted).

Regards,
Salvatore
diff -Nru libpam-radius-auth-1.4.0/debian/changelog 
libpam-radius-auth-1.4.0/debian/changelog
--- libpam-radius-auth-1.4.0/debian/changelog   2018-09-05 21:44:07.0 
+0200
+++ libpam-radius-auth-1.4.0/debian/changelog   2020-07-11 21:24:48.0 
+0200
@@ -1,3 +1,21 @@
+libpam-radius-auth (1.4.0-3~deb10u1) buster; urgency=medium
+
+  * Rebuild for buster.
+  * Revert packaging changes:
+- Lower Standards-Version to 4.2.0
+- Lower Debhelper compat level to 11   
+
+ -- Salvatore Bonaccorso   Sat, 11 Jul 2020 21:24:48 +0200
+
+libpam-radius-auth (1.4.0-3) unstable; urgency=medium
+
+  * QA upload
+  * Add patch to fix buffer overflow in password field.
+(Fixes: CVE-2015-9542) (Closes: #951396)
+  * Bump Standards-Version to 4.5.0 and dh-compat to 12
+
+ -- Utkarsh Gupta   Fri, 21 Feb 2020 15:47:11 +0530
+
 libpam-radius-auth (1.4.0-2) unstable; urgency=medium
 
   * QA upload.
diff -Nru libpam-radius-auth-1.4.0/debian/patches/CVE-2015-9542.fix 
libpam-radius-auth-1.4.0/debian/patches/CVE-2015-9542.fix
--- libpam-radius-auth-1.4.0/debian/patches/CVE-2015-9542.fix   1970-01-01 
01:00:00.0 +0100
+++ libpam-radius-auth-1.4.0/debian/patches/CVE-2015-9542.fix   2020-02-21 
10:52:32.0 +0100
@@ -0,0 +1,31 @@
+Description: This patch fixes CVE-2015-9542.
+Author: Justin Standring 
+Author: Utkarsh Gupta 
+Bug-Debian: https://bugs.debian.org/951396
+Origin: https://github.com/FreeRADIUS/pam_radius/commit/01173ec
+Origin: https://github.com/FreeRADIUS/pam_radius/commit/6bae92d
+Origin: https://github.com/FreeRADIUS/pam_radius/commit/ac2c1677
+Last-Update: 2020-02-21
+
+--- a/src/pam_radius_auth.c
 b/src/pam_radius_auth.c
+@@ -528,6 +528,9 @@
+   length = MAXPASS;
+   }
+ 
++  memcpy(hashed, password, length);
++  memset(hashed + length, 0, sizeof(hashed) - length);
++
+   if (length == 0) {
+   length = AUTH_PASS_LEN; /* 0 maps to 16 */
+   } if ((length & (AUTH_PASS_LEN - 1)) != 0) {
+@@ -535,9 +538,6 @@
+   length &= ~(AUTH_PASS_LEN - 1); /* chop it off */
+   }   /* 16*N maps to itself 
*/
+ 
+-  memset(hashed, 0, length);
+-  memcpy(hashed, password, strlen(password));
+-
+   attr = find_attribute(request, PW_PASSWORD);
+ 
+   if (type == PW_PASSWORD) {
diff -Nru libpam-radius-auth-1.4.0/debian/patches/series 
libpam-radius-auth-1.4.0/debian/patches/series
--- libpam-radius-auth-1.4.0/debian/patches/series  1970-01-01 
01:00:00.0 +0100
+++ libpam-radius-auth-1.4.0/debian/patches/series  2020-02-21 
11:13:05.0 +0100
@@ -0,0 +1 @@
+CVE-2015-9542.fix

NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: linux_4.19.131-2_i386.changes
  ACCEPT

Bug#964898: buster-pu: package libpam-radius-auth/1.4.0-3~deb10u1

2020-07-11 Thread Salvatore Bonaccorso 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Hi

libpam-radius-auth is affected by CVE-2015-9542 (cf. #951396) in
buster as well. A while ago Utkarsh Gupta prepared a QA update for
unstable.

libpam-radius-pam should not be included in bullseye if there is not
active maintainer, but for stable we can fix the CVE based on the
upload in unstable (minus the packaging changes).

Attached the debdiff.

Can it be included in the next buster point release?

Regards,
Salvatore

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-9-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
diff -Nru libpam-radius-auth-1.4.0/debian/changelog 
libpam-radius-auth-1.4.0/debian/changelog
--- libpam-radius-auth-1.4.0/debian/changelog   2018-09-05 21:44:07.0 
+0200
+++ libpam-radius-auth-1.4.0/debian/changelog   2020-07-11 21:24:48.0 
+0200
@@ -1,3 +1,21 @@
+libpam-radius-auth (1.4.0-3~deb10u1) buster; urgency=medium
+
+  * Rebuild for buster.
+  * Revert packaging changes:
+- Lower Standards-Version to 4.2.0
+- Lower Debhelper compat level to 11   
+
+ -- Salvatore Bonaccorso   Sat, 11 Jul 2020 21:24:48 +0200
+
+libpam-radius-auth (1.4.0-3) unstable; urgency=medium
+
+  * QA upload
+  * Add patch to fix buffer overflow in password field.
+(Fixes: CVE-2015-9542) (Closes: #951396)
+  * Bump Standards-Version to 4.5.0 and dh-compat to 12
+
+ -- Utkarsh Gupta   Fri, 21 Feb 2020 15:47:11 +0530
+
 libpam-radius-auth (1.4.0-2) unstable; urgency=medium
 
   * QA upload.
diff -Nru libpam-radius-auth-1.4.0/debian/control 
libpam-radius-auth-1.4.0/debian/control
--- libpam-radius-auth-1.4.0/debian/control 2018-09-05 21:44:07.0 
+0200
+++ libpam-radius-auth-1.4.0/debian/control 2020-02-21 11:17:11.0 
+0100
@@ -2,8 +2,8 @@
 Maintainer: Debian QA Group 
 Section: admin
 Priority: optional
-Standards-Version: 4.2.0
-Build-Depends: libpam0g-dev | libpam-dev, debhelper-compat (= 11)
+Standards-Version: 4.5.0
+Build-Depends: libpam0g-dev | libpam-dev, debhelper-compat (= 12)
 Rules-Requires-Root: no
 Homepage: https://www.freeradius.org/pam_radius_auth/
 
diff -Nru libpam-radius-auth-1.4.0/debian/patches/CVE-2015-9542.fix 
libpam-radius-auth-1.4.0/debian/patches/CVE-2015-9542.fix
--- libpam-radius-auth-1.4.0/debian/patches/CVE-2015-9542.fix   1970-01-01 
01:00:00.0 +0100
+++ libpam-radius-auth-1.4.0/debian/patches/CVE-2015-9542.fix   2020-02-21 
10:52:32.0 +0100
@@ -0,0 +1,31 @@
+Description: This patch fixes CVE-2015-9542.
+Author: Justin Standring 
+Author: Utkarsh Gupta 
+Bug-Debian: https://bugs.debian.org/951396
+Origin: https://github.com/FreeRADIUS/pam_radius/commit/01173ec
+Origin: https://github.com/FreeRADIUS/pam_radius/commit/6bae92d
+Origin: https://github.com/FreeRADIUS/pam_radius/commit/ac2c1677
+Last-Update: 2020-02-21
+
+--- a/src/pam_radius_auth.c
 b/src/pam_radius_auth.c
+@@ -528,6 +528,9 @@
+   length = MAXPASS;
+   }
+ 
++  memcpy(hashed, password, length);
++  memset(hashed + length, 0, sizeof(hashed) - length);
++
+   if (length == 0) {
+   length = AUTH_PASS_LEN; /* 0 maps to 16 */
+   } if ((length & (AUTH_PASS_LEN - 1)) != 0) {
+@@ -535,9 +538,6 @@
+   length &= ~(AUTH_PASS_LEN - 1); /* chop it off */
+   }   /* 16*N maps to itself 
*/
+ 
+-  memset(hashed, 0, length);
+-  memcpy(hashed, password, strlen(password));
+-
+   attr = find_attribute(request, PW_PASSWORD);
+ 
+   if (type == PW_PASSWORD) {
diff -Nru libpam-radius-auth-1.4.0/debian/patches/series 
libpam-radius-auth-1.4.0/debian/patches/series
--- libpam-radius-auth-1.4.0/debian/patches/series  1970-01-01 
01:00:00.0 +0100
+++ libpam-radius-auth-1.4.0/debian/patches/series  2020-02-21 
11:13:05.0 +0100
@@ -0,0 +1 @@
+CVE-2015-9542.fix

NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: linux_4.19.131-2_arm64.changes
  ACCEPT

Processed: closing 964881

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> # re-closing duplicate
> close 964881
Bug #964881 [release.debian.org] RM: getlive/2.4+cvs20120801-1
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
964881: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964881
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: closing 964885

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> # re-closing duplicate
> close 964885
Bug #964885 [release.debian.org] RM: kerneloops/0.12+git20140509-6
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
964885: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964885
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: reopening 964881

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> reopen 964881
Bug #964881 {Done: Adrian Bunk } [release.debian.org] RM: 
getlive/2.4+cvs20120801-1
Bug reopened
Ignoring request to alter fixed versions of bug #964881 to the same values 
previously set
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
964881: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964881
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: reopening 964885

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> reopen 964885
Bug #964885 [release.debian.org] RM: kerneloops/0.12+git20140509-6
Bug 964885 is not marked as done; doing nothing.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
964885: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964885
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: unmerging 959492, reopening 959492, tagging 959492, unmerging 958576, reopening 958576 ...

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> unmerge 959492
Bug #959492 {Done: Adrian Bunk } [release.debian.org] RM: 
getlive -- RoQA; Upstream Dead; Not Working Anymore
Bug #964881 {Done: Adrian Bunk } [release.debian.org] RM: 
getlive/2.4+cvs20120801-1
Disconnected #959492 from all other report(s).
> reopen 959492
Bug #959492 {Done: Adrian Bunk } [release.debian.org] RM: 
getlive -- RoQA; Upstream Dead; Not Working Anymore
Bug reopened
Ignoring request to alter fixed versions of bug #959492 to the same values 
previously set
> tags 959492 + pending
Bug #959492 [release.debian.org] RM: getlive -- RoQA; Upstream Dead; Not 
Working Anymore
Added tag(s) pending.
> unmerge 958576
Bug #958576 [release.debian.org] RM: kerneloops -- RoQA; service 
http://oops.kernel.org no longer available
Bug #964885 [release.debian.org] RM: kerneloops/0.12+git20140509-6
Disconnected #958576 from all other report(s).
> reopen 958576
Bug #958576 [release.debian.org] RM: kerneloops -- RoQA; service 
http://oops.kernel.org no longer available
Bug 958576 is not marked as done; doing nothing.
> tags 958576 + pending
Bug #958576 [release.debian.org] RM: kerneloops -- RoQA; service 
http://oops.kernel.org no longer available
Ignoring request to alter tags of bug #958576 to the same tags previously set
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
958576: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958576
959492: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959492
964881: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964881
964885: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964885
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: linux_4.19.131-2_armhf.changes
  ACCEPT

Bug#964885: RM: kerneloops/0.12+git20140509-6

2020-07-11 Thread Adam D. Barratt 
Control: forcemerge 958576 -1

On Sat, 2020-07-11 at 21:49 +0300, Adrian Bunk wrote:
> The kerneloops package is no longer usable since the
> service http://oops.kernel.org is no longer available. (#953172)
> 
> It was already removed from buster. (#958575)

Merging with the existing request.

Regards,

Adam

Processed: Re: Bug#964885: RM: kerneloops/0.12+git20140509-6

2020-07-11 Thread Debian Bug Tracking System 
Processing control commands:

> forcemerge 958576 -1
Bug #958576 [release.debian.org] RM: kerneloops -- RoQA; service 
http://oops.kernel.org no longer available
Bug #964885 {Done: Adrian Bunk } [release.debian.org] RM: 
kerneloops/0.12+git20140509-6
Bug reopened
Ignoring request to alter fixed versions of bug #964885 to the same values 
previously set
Added tag(s) pending.
Merged 958576 964885

-- 
958576: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958576
964885: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964885
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: retitle 964883 to RM: gplaycli -- RoQA; broken by Google API changes, tagging 964883

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> retitle 964883 RM: gplaycli -- RoQA; broken by Google API changes
Bug #964883 [release.debian.org] RM: gplaycli/0.2.1-1
Changed Bug title to 'RM: gplaycli -- RoQA; broken by Google API changes' from 
'RM: gplaycli/0.2.1-1'.
> tags 964883 + pending
Bug #964883 [release.debian.org] RM: gplaycli -- RoQA; broken by Google API 
changes
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
964883: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964883
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#964881: RM: getlive/2.4+cvs20120801-1

2020-07-11 Thread Adam D. Barratt 
Control: forcemerge 959492 -1

On Sat, 2020-07-11 at 21:38 +0300, Adrian Bunk wrote:
> getlive is broken due to Hotmail changes (#950452)
> and was already removed from buster (#959491).

Merging with the existing request.

Regards,

Adam

Bug#964881: marked as done (RM: getlive/2.4+cvs20120801-1)

2020-07-11 Thread Debian Bug Tracking System 
Your message dated Sat, 11 Jul 2020 21:53:47 +0300
with message-id <20200711185347.GA27282@localhost>
and subject line Sorry for creating duplicates
has caused the Debian Bug report #964881,
regarding RM: getlive/2.4+cvs20120801-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
964881: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964881
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: rm

getlive is broken due to Hotmail changes (#950452)
and was already removed from buster (#959491).
--- End Message ---
--- Begin Message ---
These two are duplicates, please ignore.

cu
Adrian--- End Message ---

Bug#959492: marked as done (RM: getlive -- RoQA; Upstream Dead; Not Working Anymore)

2020-07-11 Thread Debian Bug Tracking System 
Your message dated Sat, 11 Jul 2020 21:53:47 +0300
with message-id <20200711185347.GA27282@localhost>
and subject line Sorry for creating duplicates
has caused the Debian Bug report #964881,
regarding RM: getlive -- RoQA; Upstream Dead; Not Working Anymore
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
964881: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964881
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: rm
Control: clone -1 -2
Control: tags -2 = stretch
Control: usertags -2 rm

On Tue, 18 Feb 2020 15:56:18 -0500 Boyuan Yang 
wrote in #951617:
> Package: ftp.debian.org
> 
> Dear FTP Masters,
> 
> As described in https://bugs.debian.org/950452 , the upstream of package
> getlive no longer maintains it since 2014 due to hotmail live's contstantly
> breaking changes. As a result, package getlive has been broken since then. I
> believe we should have it removed from Debian archive since it is really
> useless now.

Let's follow sid and do the same in (old-)stable.

Andreas
--- End Message ---
--- Begin Message ---
These two are duplicates, please ignore.

cu
Adrian--- End Message ---

Bug#964885: marked as done (RM: kerneloops/0.12+git20140509-6)

2020-07-11 Thread Debian Bug Tracking System 
Your message dated Sat, 11 Jul 2020 21:53:47 +0300
with message-id <20200711185347.GA27282@localhost>
and subject line Sorry for creating duplicates
has caused the Debian Bug report #964885,
regarding RM: kerneloops/0.12+git20140509-6
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
964885: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964885
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: rm

The kerneloops package is no longer usable since the
service http://oops.kernel.org is no longer available. (#953172)

It was already removed from buster. (#958575)
--- End Message ---
--- Begin Message ---
These two are duplicates, please ignore.

cu
Adrian--- End Message ---

Processed: Re: Bug#964881: RM: getlive/2.4+cvs20120801-1

2020-07-11 Thread Debian Bug Tracking System 
Processing control commands:

> forcemerge 959492 -1
Bug #959492 [release.debian.org] RM: getlive -- RoQA; Upstream Dead; Not 
Working Anymore
Bug #964881 [release.debian.org] RM: getlive/2.4+cvs20120801-1
Added tag(s) pending.
Merged 959492 964881

-- 
959492: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959492
964881: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964881
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: tagging 964883

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 964883 + stretch
Bug #964883 [release.debian.org] RM: gplaycli/0.2.1-1
Added tag(s) stretch.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
964883: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964883
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#964885: RM: kerneloops/0.12+git20140509-6

2020-07-11 Thread Adrian Bunk 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: rm

The kerneloops package is no longer usable since the
service http://oops.kernel.org is no longer available. (#953172)

It was already removed from buster. (#958575)

Bug#964883: RM: gplaycli/0.2.1-1

2020-07-11 Thread Adrian Bunk 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

gplaycli in buster was broken by Google API changes (#950112)
and already removed in the last buster point release (#958231).

I have confirmed that the older version in stretch is also nonfunctional.

Bug#964881: RM: getlive/2.4+cvs20120801-1

2020-07-11 Thread Adrian Bunk 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: rm

getlive is broken due to Hotmail changes (#950452)
and was already removed from buster (#959491).

NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: linux_4.19.131-2_amd64.changes
  ACCEPT

NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: balsa_2.5.6-2+deb10u1_source.changes
  ACCEPT
Processing changes file: glib-networking_2.58.0-2+deb10u1_source.changes
  ACCEPT
Processing changes file: glib-networking_2.58.0-2+deb10u2_source.changes
  ACCEPT
Processing changes file: transmission_2.94-2+deb10u1_amd64.changes
  ACCEPT

NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: linux_4.19.131-2_ppc64el.changes
  ACCEPT
Processing changes file: linux_4.19.131-2_s390x.changes
  ACCEPT

Processed: transmission 2.94-2+deb10u1 flagged for acceptance

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 964868 = buster pending
Bug #964868 [release.debian.org] buster--pu: package transmission/2.94-2+deb10u1
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
964868: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964868
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#964868: transmission 2.94-2+deb10u1 flagged for acceptance

2020-07-11 Thread Adam D Barratt 
package release.debian.org
tags 964868 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: transmission
Version: 2.94-2+deb10u1

Explanation: fix possible denial of service issue [CVE-2018-10756]

Processed: glib-networking 2.58.0-2+deb10u1 flagged for acceptance

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 964435 = buster pending
Bug #964435 [release.debian.org] buster-pu: package 
glib-networking/2.58.0-2+deb10u1
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
964435: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964435
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#964435: glib-networking 2.58.0-2+deb10u1 flagged for acceptance

2020-07-11 Thread Adam D Barratt 
package release.debian.org
tags 964435 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: glib-networking
Version: 2.58.0-2+deb10u1

Explanation: return bad identity error if identity is unset [CVE-2020-13645]

Processed: balsa 2.5.6-2+deb10u1 flagged for acceptance

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 964860 = buster pending
Bug #964860 [release.debian.org] buster-pu: package balsa/2.5.6-2+deb10u1
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
964860: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964860
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#964435: glib-networking 2.58.0-2+deb10u2 flagged for acceptance

2020-07-11 Thread Adam D Barratt 
package release.debian.org
tags 964435 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: glib-networking
Version: 2.58.0-2+deb10u2

Explanation: break balsa older than 2.5.6-2+deb10u1 as the fix for 
CVE-2020-13645 breaks balsa's certificate verification

Processed: glib-networking 2.58.0-2+deb10u2 flagged for acceptance

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 964435 = buster pending
Bug #964435 [release.debian.org] buster-pu: package 
glib-networking/2.58.0-2+deb10u1
Ignoring request to alter tags of bug #964435 to the same tags previously set
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
964435: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964435
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#964860: balsa 2.5.6-2+deb10u1 flagged for acceptance

2020-07-11 Thread Adam D Barratt 
package release.debian.org
tags 964860 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: balsa
Version: 2.5.6-2+deb10u1

Explanation: provide server identity when validating certificates, allowing 
successful validation when using the glib-networking patch for CVE-2020-13645

Bug#956195: buster-pu: package cloud-init/18.3-6+deb10u1

2020-07-11 Thread noahm 
On Tue, Jun 30, 2020 at 05:46:59PM -0700, Noah Meyerhans wrote:
> > > As discussed in #947351, this is a more targeted fix prepared for
> > > buster-pu. The updated debdiff is attached.
> > 
> > The metadata for #936030 implies that this issue affects the package in
> > unstable. Is that correct? If not, please add an appropriate fixed
> > version to that bug to more accurately indicate which versions are
> > affected.
> 
> I just updated the larger cloud-init buster-pu request in #947351.
> Let's leave this one alone for now; If we get cloud-init updated to 20.2
> in buster then we won't need it.

I've closed this bug, as the 20.2 upload from #947351 has been accepted
into s-p-u

Processed: closing 956195

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> close 956195
Bug #956195 [release.debian.org] buster-pu: package cloud-init/18.3-6+deb10u1
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
956195: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956195
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: gnutls28_3.6.7-4+deb10u5_armhf.changes
  ACCEPT
Processing changes file: linux_4.19.131-2_all.changes
  ACCEPT

NEW changes in oldstable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: glib-networking_2.50.0-1+deb9u1_source.changes
  ACCEPT

NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: gnutls28_3.6.7-4+deb10u5_mips.changes
  ACCEPT
Processing changes file: gnutls28_3.6.7-4+deb10u5_mips64el.changes
  ACCEPT

Bug#964861: glib-networking 2.50.0-1+deb9u1 flagged for acceptance

2020-07-11 Thread Adam D Barratt 
package release.debian.org
tags 964861 = stretch pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian stretch.

Thanks for your contribution!

Upload details
==

Package: glib-networking
Version: 2.50.0-1+deb9u1

Explanation: return bad identity error if identity is unset [CVE-2020-13645]

Processed: glib-networking 2.50.0-1+deb9u1 flagged for acceptance

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 964861 = stretch pending
Bug #964861 [release.debian.org] stretch-pu: package 
glib-networking/2.50.0-1+deb9u1
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
964861: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964861
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: retitle 964343 to RM: mathematica-fonts -- RoQA; relies on unavailable download location ...

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> retitle 964343 RM: mathematica-fonts -- RoQA; relies on unavailable download 
> location
Bug #964343 [release.debian.org] RM: mathematica-fonts/21
Changed Bug title to 'RM: mathematica-fonts -- RoQA; relies on unavailable 
download location' from 'RM: mathematica-fonts/21'.
> tags 964343 + pending
Bug #964343 [release.debian.org] RM: mathematica-fonts -- RoQA; relies on 
unavailable download location
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
964343: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964343
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: dbus_1.12.20-0+deb10u1_source.changes
  ACCEPT
Processing changes file: fwupd-amd64-signed_1.2.13+1_source.changes
  ACCEPT
Processing changes file: fwupd-arm64-signed_1.2.13+1_source.changes
  ACCEPT
Processing changes file: fwupd-armhf-signed_1.2.13+1_source.changes
  ACCEPT
Processing changes file: fwupd-i386-signed_1.2.13+1_source.changes
  ACCEPT
Processing changes file: linux-latest_105+deb10u5_mips.changes
  ACCEPT
Processing changes file: mariadb-10.3_10.3.23-0+deb10u1_all.changes
  ACCEPT
Processing changes file: mariadb-10.3_10.3.23-0+deb10u1_amd64.changes
  ACCEPT
Processing changes file: mariadb-10.3_10.3.23-0+deb10u1_arm64.changes
  ACCEPT
Processing changes file: mariadb-10.3_10.3.23-0+deb10u1_armel.changes
  ACCEPT
Processing changes file: mariadb-10.3_10.3.23-0+deb10u1_armhf.changes
  ACCEPT
Processing changes file: mariadb-10.3_10.3.23-0+deb10u1_s390x.changes
  ACCEPT

Processed: Re: Bug#961195: transition: glibc

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> block 961195 with 955368 964223 964225 964226 964220 964227 964229 964231
Bug #961195 [release.debian.org] transition: glibc
961195 was not blocked by any bugs.
961195 was not blocking any bugs.
Added blocking bug(s) of 961195: 964223, 964229, 964225, 955368, 964231, 
964226, 964220, and 964227
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
961195: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961195
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#964069: transition: adplug

2020-07-11 Thread Emilio Pozuelo Monfort 
Control: tags -1 confirmed

On 01/07/2020 06:46, Yangfl wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> 
> adplug uses a versioned soname. Packages which should only require binNMU:
> 
>   adplay
>   mpd
>   ocp

Go ahead.

Emilio

Processed: Re: Bug#964069: transition: adplug

2020-07-11 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 confirmed
Bug #964069 [release.debian.org] transition: adplug
Added tag(s) confirmed.

-- 
964069: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964069
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#962068: stretch-pu: package dbus/1.10.30-0+deb9u1

2020-07-11 Thread Cyril Brulebois 
Simon McVittie  (2020-07-11):
> Does that also go for the 1.10.32-0+deb9u1
> that is in stretch-proposed-updates and
> ? (I think
> you only tested 1.10.32 and not 1.10.30, but asking to make sure the
> situation is obvious.)

I indeed tested what is exposed through paradis, that is:

  dbus-udeb_1.10.32-0+deb9u1_amd64.udeb (unused)
  libdbus-1-3-udeb_1.10.32-0+deb9u1_amd64.udeb


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#962068: stretch-pu: package dbus/1.10.30-0+deb9u1

2020-07-11 Thread Simon McVittie 
On Sat, 11 Jul 2020 at 14:34:06 +0200, Cyril Brulebois wrote:
> Adam D. Barratt  (2020-06-20):
> > I suspect this will be the last such update before stretch moves to
> > LTS, but that seems fair.
> > 
> > This will need the usual KiBi ack, so tagging and CCing.
> 
> No objections, thanks.

Does that also go for the 1.10.32-0+deb9u1
that is in stretch-proposed-updates and
? (I think
you only tested 1.10.32 and not 1.10.30, but asking to make sure the
situation is obvious.)

Thanks,
smcv

NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: linux_4.19.131-2_source.changes
  ACCEPT
Processing changes file: mariadb-10.3_10.3.23-0+deb10u1_i386.changes
  ACCEPT
Processing changes file: mariadb-10.3_10.3.23-0+deb10u1_ppc64el.changes
  ACCEPT

NEW changes in oldstable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: dbus_1.10.32-0+deb9u1_mips.changes
  ACCEPT
Processing changes file: dbus_1.10.32-0+deb9u1_mips64el.changes
  ACCEPT
Processing changes file: dbus_1.10.32-0+deb9u1_mipsel.changes
  ACCEPT

Processed: dbus 1.12.20-0+deb10u1 flagged for acceptance

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 962067 = buster pending
Bug #962067 [release.debian.org] buster-pu: package dbus/1.12.20-0+deb10u1
Added tag(s) pending; removed tag(s) confirmed and d-i.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
962067: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962067
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#962067: dbus 1.12.20-0+deb10u1 flagged for acceptance

2020-07-11 Thread Adam D Barratt 
package release.debian.org
tags 962067 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: dbus
Version: 1.12.20-0+deb10u1

Explanation: new upstream stable release; prevent a denial of service issue 
[CVE-2020-12049]; prevent use-after-free if two usernames share a uid

NEW changes in oldstable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: batik_1.8-4+deb9u2_all.changes
  ACCEPT
Processing changes file: dbus_1.10.32-0+deb9u1_arm64.changes
  ACCEPT
Processing changes file: dbus_1.10.32-0+deb9u1_armel.changes
  ACCEPT
Processing changes file: dbus_1.10.32-0+deb9u1_armhf.changes
  ACCEPT
Processing changes file: dbus_1.10.32-0+deb9u1_i386.changes
  ACCEPT
Processing changes file: dbus_1.10.32-0+deb9u1_ppc64el.changes
  ACCEPT
Processing changes file: dbus_1.10.32-0+deb9u1_s390x.changes
  ACCEPT
Processing changes file: debian-security-support_2020.06.21~deb9u1_all.changes
  ACCEPT

NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: batik_1.10-2+deb10u1_all.changes
  ACCEPT
Processing changes file: debian-security-support_2020.06.21~deb10u1_all.changes
  ACCEPT
Processing changes file: gist_5.0.0-2+deb10u1_all.changes
  ACCEPT
Processing changes file: gnutls28_3.6.7-4+deb10u5_all.changes
  ACCEPT
Processing changes file: gnutls28_3.6.7-4+deb10u5_amd64.changes
  ACCEPT
Processing changes file: gnutls28_3.6.7-4+deb10u5_arm64.changes
  ACCEPT
Processing changes file: gnutls28_3.6.7-4+deb10u5_i386.changes
  ACCEPT
Processing changes file: gnutls28_3.6.7-4+deb10u5_ppc64el.changes
  ACCEPT
Processing changes file: gnutls28_3.6.7-4+deb10u5_s390x.changes
  ACCEPT
Processing changes file: linux-latest_105+deb10u5_armhf.changes
  ACCEPT

Processed: retitle 964868 to buster--pu: package transmission/2.94-2+deb10u1, tagging 964868

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> retitle 964868 buster--pu: package transmission/2.94-2+deb10u1
Bug #964868 [release.debian.org] stretch-pu: package transmission/2.94-2+deb10u1
Changed Bug title to 'buster--pu: package transmission/2.94-2+deb10u1' from 
'stretch-pu: package transmission/2.94-2+deb10u1'.
> tags 964868 = buster
Bug #964868 [release.debian.org] buster--pu: package transmission/2.94-2+deb10u1
Added tag(s) buster; removed tag(s) stretch.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
964868: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964868
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

NEW changes in oldstable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: dbus_1.10.32-0+deb9u1_all.changes
  ACCEPT
Processing changes file: dbus_1.10.32-0+deb9u1_amd64.changes
  ACCEPT

Bug#964868: stretch-pu: package transmission/2.94-2+deb10u1

2020-07-11 Thread Moritz Muehlenhoff 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Fixes a security issue in Transmission, which doesn't warrant a DSA,
but still good to fix in stable. I've tested the update extensively
(I had prepared the update for 10.4, but it fell through the cracks)

Debdiff attached.

Cheers,
Moritz
diff -Nru transmission-2.94/debian/changelog transmission-2.94/debian/changelog
--- transmission-2.94/debian/changelog  2019-01-01 00:07:49.0 +0100
+++ transmission-2.94/debian/changelog  2020-05-29 00:05:53.0 +0200
@@ -1,3 +1,9 @@
+transmission (2.94-2+deb10u1) buster; urgency=medium
+
+  * CVE-2018-10756 (Closes: #961461)
+
+ -- Moritz Muehlenhoff   Fri, 29 May 2020 00:05:53 +0200
+
 transmission (2.94-2) unstable; urgency=medium
 
   [ Ondřej Nový ]
diff -Nru transmission-2.94/debian/patches/CVE-2018-10756.patch 
transmission-2.94/debian/patches/CVE-2018-10756.patch
--- transmission-2.94/debian/patches/CVE-2018-10756.patch   1970-01-01 
01:00:00.0 +0100
+++ transmission-2.94/debian/patches/CVE-2018-10756.patch   2020-05-29 
00:05:53.0 +0200
@@ -0,0 +1,66 @@
+Backport to 2.94 of 
+
+From 2123adf8e5e1c2b48791f9d22fc8c747e974180e Mon Sep 17 00:00:00 2001
+From: Mike Gelfand 
+Date: Sun, 28 Apr 2019 11:27:33 +0300
+Subject: [PATCH] CVE-2018-10756: Fix heap-use-after-free in tr_variantWalk
+
+In libtransmission/variant.c, function tr_variantWalk, when the variant
+stack is reallocated, a pointer to the previously allocated memory
+region is kept. This address is later accessed (heap use-after-free)
+while walking back down the stack, causing the application to crash.
+The application can be any application which uses libtransmission, such
+as transmission-daemon, transmission-gtk, transmission-show, etc.
+
+Reported-by: Tom Richards 
+
+--- transmission-2.94.orig/libtransmission/variant.c
 transmission-2.94/libtransmission/variant.c
+@@ -820,7 +820,7 @@ compareKeyIndex (const void * va, const
+ struct SaveNode
+ {
+   const tr_variant * v;
+-  tr_variant sorted;
++  tr_variant* sorted;
+   size_t childIndex;
+   bool isVisited;
+ };
+@@ -849,26 +849,31 @@ nodeConstruct (struct SaveNode   * node,
+ 
+   qsort (tmp, n, sizeof (struct KeyIndex), compareKeyIndex);
+ 
+-  tr_variantInitDict (>sorted, n);
++  node->sorted = tr_new(tr_variant, 1);
++  tr_variantInitDict(node->sorted, n);
++
+   for (i=0; isorted.val.l.vals[i] = *tmp[i].val;
+-  node->sorted.val.l.count = n;
++node->sorted->val.l.vals[i] = *tmp[i].val;
++  node->sorted->val.l.count = n;
+ 
+   tr_free (tmp);
+ 
+-  node->v = >sorted;
++  v = node->sorted;
++
+ }
+   else
+ {
+-  node->v = v;
++  node->sorted = NULL;
+ }
++
++  node->v = v;
+ }
+ 
+ static void
+ nodeDestruct (struct SaveNode * node)
+ {
+-  if (node->v == >sorted)
+-tr_free (node->sorted.val.l.vals);
++  if (node->v == node->sorted)
++tr_free (node->sorted->val.l.vals);
+ }
+ 
+ /**
diff -Nru transmission-2.94/debian/patches/series 
transmission-2.94/debian/patches/series
--- transmission-2.94/debian/patches/series 2019-01-01 00:07:49.0 
+0100
+++ transmission-2.94/debian/patches/series 2020-05-29 00:05:53.0 
+0200
@@ -4,3 +4,4 @@
 transmission-daemon_execstop_service.patch
 ayatana-indicators.patch
 patch-vendored-libdht.patch
+CVE-2018-10756.patch

NEW changes in oldstable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: dbus_1.10.32-0+deb9u1_source.changes
  ACCEPT

NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: linux_4.19.131-1_mips.changes
  ACCEPT

Processed: dbus 1.10.32-0+deb9u1 flagged for acceptance

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 962068 = stretch pending
Bug #962068 [release.debian.org] stretch-pu: package dbus/1.10.30-0+deb9u1
Added tag(s) pending; removed tag(s) confirmed and d-i.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
962068: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962068
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#962068: dbus 1.10.32-0+deb9u1 flagged for acceptance

2020-07-11 Thread Adam D Barratt 
package release.debian.org
tags 962068 = stretch pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian stretch.

Thanks for your contribution!

Upload details
==

Package: dbus
Version: 1.10.32-0+deb9u1

Explanation: new upstream stable release; prevent a denial of service issue 
[CVE-2020-12049]; prevent use-after-free if two usernames share a uid

Bug#962067: buster-pu: package dbus/1.12.20-0+deb10u1

2020-07-11 Thread Cyril Brulebois 
Adam D. Barratt  (2020-07-05):
> I'd be OK with that from the SRM side (with the remaining d-i caveat).

No objections, thanks.
 

Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#964435: buster-pu: package glib-networking/2.58.0-2+deb10u1

2020-07-11 Thread Emilio Pozuelo Monfort 
Control: tags -1 -moreinfo

On 11/07/2020 14:49, Adam D. Barratt wrote:
> On Sat, 2020-07-11 at 13:54 +0200, Emilio Pozuelo Monfort wrote:
>> On 07/07/2020 17:14, Simon McVittie wrote:
>>> Control: tags -1 + moreinfo
>>>
>>> On Tue, 07 Jul 2020 at 16:50:36 +0200, Emilio Pozuelo Monfort
>>> wrote:
 On 07/07/2020 11:04, Simon McVittie wrote:
> The only application that was believed to be vulnerable to this
> in practice is balsa, which only became vulnerable in post-
> buster versions; older versions such as the one in buster
> implemented their own TLS.
> [...]
>>> If balsa in buster is affected by this, then we'll need to hold off
>>> on doing this stable-update until a matching version of balsa is
>>> ready, like I originally suspected was going to be necessary.
> [...]
>> I have verified that balsa needed a fix, and uploaded it to buster-
>> pu, see #964860.
>>
>> Should we add a breaks to glib-networking?
> 
> That seems like a good idea, given that we know the new glib-networking 
> + old balsa combination won't work.

Uploaded +deb10u2 with the attached debdiff.

Thanks,
Emilio
diff -Nru glib-networking-2.58.0/debian/changelog 
glib-networking-2.58.0/debian/changelog
--- glib-networking-2.58.0/debian/changelog 2020-07-07 10:30:02.0 
+0200
+++ glib-networking-2.58.0/debian/changelog 2020-07-11 14:55:23.0 
+0200
@@ -1,3 +1,10 @@
+glib-networking (2.58.0-2+deb10u2) buster; urgency=medium
+
+  * Break balsa older than 2.5.6-2+deb10u1 as the fix for CVE-2020-13645
+breaks balsa's certificate verification (see #961792).
+
+ -- Emilio Pozuelo Monfort   Sat, 11 Jul 2020 14:55:23 +0200
+
 glib-networking (2.58.0-2+deb10u1) buster; urgency=medium
 
   * Team upload
diff -Nru glib-networking-2.58.0/debian/control 
glib-networking-2.58.0/debian/control
--- glib-networking-2.58.0/debian/control   2018-12-24 15:40:07.0 
+0100
+++ glib-networking-2.58.0/debian/control   2020-07-11 14:55:23.0 
+0200
@@ -6,7 +6,7 @@
 Section: libs
 Priority: optional
 Maintainer: Debian GNOME Maintainers 

-Uploaders: Iain Lane , Jeremy Bicha , 
Michael Biebl 
+Uploaders: Emilio Pozuelo Monfort , Iain Lane 
, Jeremy Bicha , Michael Biebl 

 Build-Depends: debhelper (>= 10.3),
meson (>= 0.42),
gnome-pkg-tools,
@@ -29,6 +29,7 @@
  glib-networking-services (<< ${source:Version}.1~),
  glib-networking-common (>= ${source:Version}),
  gsettings-desktop-schemas
+Breaks: balsa (<< 2.5.6-2+deb10u1)
 Description: network-related giomodules for GLib
  This package contains various network related extensions for the GIO
  library.
diff -Nru glib-networking-2.58.0/debian/control.in 
glib-networking-2.58.0/debian/control.in
--- glib-networking-2.58.0/debian/control.in2018-12-24 15:40:07.0 
+0100
+++ glib-networking-2.58.0/debian/control.in2020-07-11 14:54:02.0 
+0200
@@ -25,6 +25,7 @@
  glib-networking-services (<< ${source:Version}.1~),
  glib-networking-common (>= ${source:Version}),
  gsettings-desktop-schemas
+Breaks: balsa (<< 2.5.6-2+deb10u1)
 Description: network-related giomodules for GLib
  This package contains various network related extensions for the GIO
  library.

Processed: Re: Bug#964435: buster-pu: package glib-networking/2.58.0-2+deb10u1

2020-07-11 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 -moreinfo
Bug #964435 [release.debian.org] buster-pu: package 
glib-networking/2.58.0-2+deb10u1
Removed tag(s) moreinfo.

-- 
964435: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964435
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#964435: buster-pu: package glib-networking/2.58.0-2+deb10u1

2020-07-11 Thread Adam D. Barratt 
On Sat, 2020-07-11 at 13:54 +0200, Emilio Pozuelo Monfort wrote:
> On 07/07/2020 17:14, Simon McVittie wrote:
> > Control: tags -1 + moreinfo
> > 
> > On Tue, 07 Jul 2020 at 16:50:36 +0200, Emilio Pozuelo Monfort
> > wrote:
> > > On 07/07/2020 11:04, Simon McVittie wrote:
> > > > The only application that was believed to be vulnerable to this
> > > > in practice is balsa, which only became vulnerable in post-
> > > > buster versions; older versions such as the one in buster
> > > > implemented their own TLS.
[...]
> > If balsa in buster is affected by this, then we'll need to hold off
> > on doing this stable-update until a matching version of balsa is
> > ready, like I originally suspected was going to be necessary.
[...]
> I have verified that balsa needed a fix, and uploaded it to buster-
> pu, see #964860.
> 
> Should we add a breaks to glib-networking?

That seems like a good idea, given that we know the new glib-networking 
+ old balsa combination won't work.

Regards,

Adam

Bug#962068: stretch-pu: package dbus/1.10.30-0+deb9u1

2020-07-11 Thread Cyril Brulebois 
Adam D. Barratt  (2020-06-20):
> I suspect this will be the last such update before stretch moves to
> LTS, but that seems fair.
> 
> This will need the usual KiBi ack, so tagging and CCing.

No objections, thanks.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: batik_1.10-2+deb10u1_source.changes
  ACCEPT
Processing changes file: 
debian-security-support_2020.06.21~deb10u1_source.changes
  ACCEPT
Processing changes file: gist_5.0.0-2+deb10u1_source.changes
  ACCEPT
Processing changes file: gnutls28_3.6.7-4+deb10u5_multi.changes
  ACCEPT
Processing changes file: mariadb-10.3_10.3.23-0+deb10u1_source.changes
  ACCEPT

Bug#964435: buster-pu: package glib-networking/2.58.0-2+deb10u1

2020-07-11 Thread Emilio Pozuelo Monfort 
On 07/07/2020 17:14, Simon McVittie wrote:
> Control: tags -1 + moreinfo
> 
> On Tue, 07 Jul 2020 at 16:50:36 +0200, Emilio Pozuelo Monfort wrote:
>> On 07/07/2020 11:04, Simon McVittie wrote:
>>> The only application that was believed to be vulnerable to this
>>> in practice is balsa, which only became vulnerable in post-buster
>>> versions; older versions such as the one in buster implemented their
>>> own TLS.
>>
>> Are you sure about this? Ubuntu had to patch balsa in eoan, which had the
>> same version that buster has, see [1].
>>
>> [1] 
>> https://launchpadlibrarian.net/485808024/balsa_2.5.6-2_2.5.6-2ubuntu0.1.diff.gz
> 
> Well spotted. I haven't verified this myself, I
> was just relaying what the balsa maintainer said on
> .
> 
> Daniel: perhaps there is more than one module using TLS? In #961792 you're
> talking about libbalsa/{server,libbalsa}.c, but the Ubuntu patch is against
> libnetclient/net-client.c. Sorry, I don't know this codebase.
> 
> If balsa in buster is affected by this, then we'll need to hold off on
> doing this stable-update until a matching version of balsa is ready, like
> I originally suspected was going to be necessary.
> 
> I've uploaded the proposed glib-networking to proposed-updates, and it's
> available from
> https://salsa.debian.org/gnome-team/glib-networking/-/tree/debian/buster-proposed
> if that helps with testing against it.

I have verified that balsa needed a fix, and uploaded it to buster-pu, see 
#964860.

Should we add a breaks to glib-networking?

Cheers,
Emilio

Bug#964861: stretch-pu: package glib-networking/2.50.0-1+deb9u1

2020-07-11 Thread Emilio Pozuelo Monfort 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

This fixes CVE-2020-13645 for stretch. balsa in stretch doesn't
use GIO for connecting to the servers or validating the certificates,
so we don't need any further changes here.

Thanks,
Emilio
diff -Nru glib-networking-2.50.0/debian/changelog 
glib-networking-2.50.0/debian/changelog
--- glib-networking-2.50.0/debian/changelog 2016-09-19 21:01:51.0 
+0200
+++ glib-networking-2.50.0/debian/changelog 2020-07-07 16:57:37.0 
+0200
@@ -1,3 +1,11 @@
+glib-networking (2.50.0-1+deb9u1) stretch; urgency=medium
+
+  * Team upload
+  * d/p/Return-bad-identity-error-if-identity-is-unset.patch:
+Backport fix for CVE-2020-13645 from upstream (Closes: #961756)
+
+ -- Emilio Pozuelo Monfort   Tue, 07 Jul 2020 16:57:37 +0200
+
 glib-networking (2.50.0-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru glib-networking-2.50.0/debian/patches/CVE-2020-13645.patch 
glib-networking-2.50.0/debian/patches/CVE-2020-13645.patch
--- glib-networking-2.50.0/debian/patches/CVE-2020-13645.patch  1970-01-01 
01:00:00.0 +0100
+++ glib-networking-2.50.0/debian/patches/CVE-2020-13645.patch  2020-07-07 
16:56:41.0 +0200
@@ -0,0 +1,139 @@
+Backported from upstream patch:
+From 29513946809590c4912550f6f8620468f9836d94 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro 
+Date: Mon, 4 May 2020 17:47:28 -0500
+Subject: [PATCH] Return bad identity error if identity is unset
+
+When the server-identity property of GTlsClientConnection is unset, the
+documentation sasy we need to fail the certificate verification with
+G_TLS_CERTIFICATE_BAD_IDENTITY. This is important because otherwise,
+it's easy for applications to fail to specify server identity.
+
+Unfortunately, we did not correctly implement the intended, documented
+behavior. When server identity is missing, we check the validity of the
+TLS certificate, but do not check if it corresponds to the expected
+server (since we have no expected server). Then we assume the identity
+is good, instead of returning bad identity, as documented. This means,
+for example, that evil.com can present a valid certificate issued to
+evil.com, and we would happily accept it for paypal.com.
+
+Fixes #135
+---
+ tls/gnutls/gtlsconnection-gnutls.c | 20 +-
+ tls/tests/connection.c | 70 ++
+ 2 files changed, 81 insertions(+), 9 deletions(-)
+
+--- a/tls/gnutls/gtlsconnection-gnutls.c
 b/tls/gnutls/gtlsconnection-gnutls.c
+@@ -1174,18 +1174,18 @@ verify_peer_certificate (GTlsConnectionG
+GTlsCertificate  *peer_certificate)
+ {
+   GTlsConnection *conn = G_TLS_CONNECTION (gnutls);
+-  GSocketConnectable *peer_identity;
++  GSocketConnectable *peer_identity = NULL;
+   GTlsDatabase *database;
+-  GTlsCertificateFlags errors;
++  GTlsCertificateFlags errors = 0;
+   gboolean is_client;
+ 
+   is_client = G_IS_TLS_CLIENT_CONNECTION (gnutls);
+   if (is_client)
+-peer_identity = g_tls_client_connection_get_server_identity 
(G_TLS_CLIENT_CONNECTION (gnutls));
+-  else
+-peer_identity = NULL;
+-
+-  errors = 0;
++{
++  peer_identity = g_tls_client_connection_get_server_identity 
(G_TLS_CLIENT_CONNECTION (gnutls));
++  if (!peer_identity)
++errors |= G_TLS_CERTIFICATE_BAD_IDENTITY;
++}
+ 
+   database = g_tls_connection_get_database (conn);
+   if (database == NULL)
+--- a/tls/tests/connection.c
 b/tls/tests/connection.c
+@@ -1964,6 +1964,74 @@ test_output_stream_close (TestConnection
+   g_assert (ret);
+ }
+ 
++static void
++test_connection_missing_server_identity (TestConnection *test,
++ gconstpointer   data)
++{
++  GIOStream *connection;
++  GError *error = NULL;
++
++  test->database = g_tls_file_database_new (tls_test_file_path 
("ca-roots.pem"), );
++  g_assert_no_error (error);
++  g_assert_nonnull (test->database);
++
++  /* We pass NULL instead of test->identity when creating the client
++   * connection. This means verification must fail with
++   * G_TLS_CERTIFICATE_BAD_IDENTITY.
++   */
++  connection = start_async_server_and_connect_to_it (test, 
G_TLS_AUTHENTICATION_NONE);
++  test->client_connection = g_tls_client_connection_new (connection, NULL, 
);
++  g_assert_no_error (error);
++  g_assert_nonnull (test->client_connection);
++  g_object_unref (connection);
++
++  g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), 
test->database);
++
++  /* All validation in this test */
++  g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION 
(test->client_connection),
++
G_TLS_CERTIFICATE_VALIDATE_ALL);
++
++  read_test_data_async (test);
++  g_main_loop_run (test->loop);
++  wait_until_server_finished (test);
++
++  g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
++

Bug#964860: buster-pu: package balsa/2.5.6-2+deb10u1

2020-07-11 Thread Emilio Pozuelo Monfort 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

This fixes the problem that was mentioned in #964435. I have
verified that with the new glib-networking, balsa fails to check
the certs, asking the user to accept/reject it (IMAP is not affected
but SMTP and POP are). With this patched version, it works again.

The new version also works with the old glib-networking, so there's no
bumped dependency here. A breaks could be added to glib-networking,
but let's discuss that on the other bug.

Thanks,
Emilio
diff -Nru balsa-2.5.6/debian/changelog balsa-2.5.6/debian/changelog
--- balsa-2.5.6/debian/changelog2018-12-23 23:17:25.0 +0100
+++ balsa-2.5.6/debian/changelog2020-07-11 09:22:22.0 +0200
@@ -1,3 +1,11 @@
+balsa (2.5.6-2+deb10u1) buster; urgency=medium
+
+  * Provide server identity when validating certificates (allows to verify
+certs with a glib-networking patch for CVE-2020-13645).
+Patch taken from Ubuntu. Closes: #961792.
+
+ -- Emilio Pozuelo Monfort   Sat, 11 Jul 2020 09:22:22 +0200
+
 balsa (2.5.6-2) unstable; urgency=medium
 
   * Restore -Wl,-O1 to our LDFLAGS
diff -Nru balsa-2.5.6/debian/patches/CVE-2020-13645.patch 
balsa-2.5.6/debian/patches/CVE-2020-13645.patch
--- balsa-2.5.6/debian/patches/CVE-2020-13645.patch 1970-01-01 
01:00:00.0 +0100
+++ balsa-2.5.6/debian/patches/CVE-2020-13645.patch 2020-07-11 
09:20:22.0 +0200
@@ -0,0 +1,596 @@
+Backport of upstream patch
+From e8952e3ccb1bb5094a6f8920e7c274e2e7dae184 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Albrecht=20Dre=C3=9F?= 
+Date: Sat, 18 Apr 2020 18:25:30 +0200
+Subject: [PATCH] fix NULL server-identity TLS warning with recent gio
+
+- libnetclient/net-client.c: use the remote host name as expected server
+  identity for TLS connections.  This fixes a strange warning when using
+  recent GIO versions (see issue #34)
+- libnetclient/test: replace the snakeoil test certificates as the old ones
+  are not accepted any more by GnuTLS for security reasons; fix unit tests;
+  add some more Valgrind suppressions for false-positives
+---
+ libnetclient/net-client.c   |  27 +--
+ libnetclient/test/ca_cert.pem   | 106 +++--
+ libnetclient/test/cert.pem  | 134 
+ libnetclient/test/cert_u.pem| 130 ---
+ libnetclient/test/tests.c   |  28 +++
+ libnetclient/test/valgrind.supp |  15 
+ 6 files changed, 280 insertions(+), 160 deletions(-)
+
+--- a/libnetclient/net-client.c
 b/libnetclient/net-client.c
+@@ -25,6 +25,7 @@ struct _NetClientPrivate {
+   gsize max_line_len;
+ 
+   GSocketClient *sock;
++  GSocketConnectable *remote_address;
+   GSocketConnection *plain_conn;
+   GIOStream *tls_conn;
+   GDataInputStream *istream;
+@@ -115,13 +116,19 @@ net_client_connect(NetClient *client, GE
+   if (priv->plain_conn != NULL) {
+   g_set_error(error, NET_CLIENT_ERROR_QUARK, (gint) 
NET_CLIENT_ERROR_CONNECTED, _("network client is already connected"));
+   } else {
+-  priv->plain_conn = g_socket_client_connect_to_host(priv->sock, 
priv->host_and_port, priv->default_port, NULL, error);
+-  if (priv->plain_conn != NULL) {
+-  g_debug("connected to %s", priv->host_and_port);
+-  priv->istream = 
g_data_input_stream_new(g_io_stream_get_input_stream(G_IO_STREAM(priv->plain_conn)));
+-  g_data_input_stream_set_newline_type(priv->istream, 
G_DATA_STREAM_NEWLINE_TYPE_CR_LF);
+-  priv->ostream = 
g_io_stream_get_output_stream(G_IO_STREAM(priv->plain_conn));
+-  result = TRUE;
++  priv->remote_address = 
g_network_address_parse(priv->host_and_port, priv->default_port, error);
++  if (priv->remote_address != NULL) {
++  priv->plain_conn = g_socket_client_connect(priv->sock, 
priv->remote_address, NULL, error);
++  if (priv->plain_conn != NULL) {
++  g_debug("connected to %s", priv->host_and_port);
++  priv->istream = 
g_data_input_stream_new(g_io_stream_get_input_stream(G_IO_STREAM(priv->plain_conn)));
++  
g_data_input_stream_set_newline_type(priv->istream, 
G_DATA_STREAM_NEWLINE_TYPE_CR_LF);
++  priv->ostream = 
g_io_stream_get_output_stream(G_IO_STREAM(priv->plain_conn));
++  result = TRUE;
++  } else {
++  g_object_unref(priv->remote_address);
++  priv->remote_address = NULL;
++  }
+   }
+   }
+ 
+@@ -146,6 +153,10 @@ net_client_shutdown(const NetClient *cli
+   g_object_unref(G_OBJECT(client->priv->plain_conn));
+

Processed: debian-security-support 2020.06.21~deb10u1 flagged for acceptance

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 964808 = buster pending
Bug #964808 [release.debian.org] buster-pu: package 
debian-security-support/2020.04.16~deb10u3
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
964808: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964808
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: gnutls28 3.6.7-4+deb10u5 flagged for acceptance

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 960836 = buster pending
Bug #960836 [release.debian.org] buster-pu: package gnutls28/3.6.7-4+deb10u5
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
960836: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960836
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#964792: gist 5.0.0-2+deb10u1 flagged for acceptance

2020-07-11 Thread Adam D Barratt 
package release.debian.org
tags 964792 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: gist
Version: 5.0.0-2+deb10u1

Explanation: avoid deprecated authorization API

Bug#960836: gnutls28 3.6.7-4+deb10u5 flagged for acceptance

2020-07-11 Thread Adam D Barratt 
package release.debian.org
tags 960836 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: gnutls28
Version: 3.6.7-4+deb10u5

Explanation: fix TL1.2 resumption errors; fix memory leak; handle zero length 
session tickets, fixing connection errors on TLS1.2 sessions to some big 
hosting providers; fix verification error with alternate chains

Processed: gist 5.0.0-2+deb10u1 flagged for acceptance

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 964792 = buster pending
Bug #964792 [release.debian.org] buster-pu: package gist/5.0.0-2+deb10u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
964792: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964792
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#964807: batik 1.10-2+deb10u1 flagged for acceptance

2020-07-11 Thread Adam D Barratt 
package release.debian.org
tags 964807 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: batik
Version: 1.10-2+deb10u1

Explanation: fix server-side request forgery via xlink:href attributes 
[CVE-2019-17566]

Bug#964808: debian-security-support 2020.06.21~deb10u1 flagged for acceptance

2020-07-11 Thread Adam D Barratt 
package release.debian.org
tags 964808 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: debian-security-support
Version: 2020.06.21~deb10u1

Explanation: update support status of several packages

Processed: mariadb-10.3 10.3.23-0+deb10u1 flagged for acceptance

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 964338 = buster pending
Bug #964338 [release.debian.org] buster-pu: package mariadb-10.3 
10.3.23-0+deb10u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
964338: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964338
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: batik 1.10-2+deb10u1 flagged for acceptance

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 964807 = buster pending
Bug #964807 [release.debian.org] buster-pu: package batik/1.10-2
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
964807: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964807
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#964338: mariadb-10.3 10.3.23-0+deb10u1 flagged for acceptance

2020-07-11 Thread Adam D Barratt 
package release.debian.org
tags 964338 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: mariadb-10.3
Version: 10.3.23-0+deb10u1

Explanation: new upstream stable release; security fixes [CVE-2020-2752 
CVE-2020-2760 CVE-2020-2812 CVE-2020-2814 CVE-2020-13249]; fix regression in 
RocksDB ZSTD detection

NEW changes in stable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: linux_4.19.131-1_armhf.changes
  ACCEPT

NEW changes in oldstable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: batik_1.8-4+deb9u2_source.changes
  ACCEPT
Processing changes file: 
debian-security-support_2020.06.21~deb9u1_source.changes
  ACCEPT

Bug#964809: batik 1.8-4+deb9u2 flagged for acceptance

2020-07-11 Thread Adam D Barratt 
package release.debian.org
tags 964809 = stretch pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian stretch.

Thanks for your contribution!

Upload details
==

Package: batik
Version: 1.8-4+deb9u2

Explanation: fix server-side request forgery via xlink:href attributes 
[CVE-2019-17566]

Processed: batik 1.8-4+deb9u2 flagged for acceptance

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 964809 = stretch pending
Bug #964809 [release.debian.org] stretch-pu: package batik/1.8-4+deb9u1
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
964809: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964809
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#964813: debian-security-support 2020.06.21~deb9u1 flagged for acceptance

2020-07-11 Thread Adam D Barratt 
package release.debian.org
tags 964813 = stretch pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian stretch.

Thanks for your contribution!

Upload details
==

Package: debian-security-support
Version: 2020.06.21~deb9u1

Explanation: update support status of several packages

Processed: debian-security-support 2020.06.21~deb9u1 flagged for acceptance

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 964813 = stretch pending
Bug #964813 [release.debian.org] stretch-pu: package 
debian-security-support/2020.06.21~deb9u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
964813: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964813
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#960193: marked as done (transition: icu)

2020-07-11 Thread Debian Bug Tracking System 
Your message dated Sat, 11 Jul 2020 12:13:19 +0200
with message-id <20200711101319.ga1954...@ramacher.at>
and subject line Re: Bug#960193: transition: icu
has caused the Debian Bug report #960193,
regarding transition: icu
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
960193: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960193
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Hi RMs,

Quite a big transition of ICU I would like to start.
The build test is done on amd64 only and has the following FTBFS reasons.
Level 1:
casparcg-server: linking problem with Boost, already reported and it's
sid only already due to this,
dino-im tied to a specific version of libsignal-protocol-c for an
unknown reason:
CMake Error at 
/usr/share/cmake-3.16/Modules/FindPackageHandleStandardArgs.cmake:146
(message):
  Could NOT find SignalProtocol: Found unsuitable version "2.3.3", but
  required is exact version "2.3.2" (found
  /usr/lib/x86_64-linux-gnu/libsignal-protocol-c.so)
But libsignal-protocol-c 2.3.3-1 was uploaded recently as the CMake
error shows that.

freshplayerplugin: missing build dependency of libdrm which is known,
filed and due to this sid only already.
ledger: fails with the current ICU release in Sid as well, hence
unrelated to the new version:
226 - RegressTest_1057 (Failed)

libvmime: this is ICU specific and upstream has a patch[1].
simpleitk: self-test failures, known, reported and due to these
already sid only.

Level 1.5 is needed for Boost packages to be binNMUed:
Both boost1.67 and boost1.71 build correctly.

Level 2:
clickhouse: has a missing build dependcy on tzdata with that it
builds, otherwise:
Poco::Exception. Code: 1000, e.code() = 0, e.displayText() =
Exception: Could not determine time zone from TZ variable value:
`Europe/Moscow': boost::filesystem::canonical: No such file or
directory: "/usr/share/zoneinfo/", e.what() = Exception

mongo-c-driver: seems to be Sphinx related: didn't check without the old ICU:
[Sphinx]
Warning, treated as error:
the taglist extension is not safe for parallel reading
Not creating man page for index

mozjs68: fails with the current ICU release in Sid as well, seems lz4 broke it:
/usr/bin/ld: ../Unified_cpp_mfbt0.o: in function `mozPoisonValueInit':
./debian/build/mfbt/./mfbt/Poison.cpp:120: undefined reference to `sysconf'
/usr/bin/ld: ../Unified_cpp_mfbt0.o: in function `mozilla::RandomUint64()':
./debian/build/mfbt/./mfbt/RandomNum.cpp:118: undefined reference to `syscall'
/usr/bin/ld: ./debian/build/mfbt/./mfbt/RandomNum.cpp:136: undefined
reference to `close'
/usr/bin/ld: ../lz4.o: in function `LZ4_createStream':
./debian/build/mfbt/./mfbt/lz4.c:1288: undefined reference to `malloc'
/usr/bin/ld: ../lz4.o: in function `LZ4_freeStream':
./debian/build/mfbt/./mfbt/lz4.c:1336: undefined reference to `free'
/usr/bin/ld: ../lz4.o: in function `LZ4_createStreamDecode':
./debian/build/mfbt/./mfbt/lz4.c:2075: undefined reference to `calloc'
/usr/bin/ld: ../lz4.o: in function `LZ4_freeStreamDecode':
./debian/build/mfbt/./mfbt/lz4.c:2083: undefined reference to `free'
/usr/bin/ld: TestAlgorithm: hidden symbol `syscall' isn't defined
/usr/bin/ld: final link failed: bad value

zimlib: due to the new ICU package release (updating the symbols file
make it builds):
dpkg-gensymbols: error: some symbols or patterns disappeared in the
symbols file: see diff output below
[ICU related symbols]

Level 2.5:
haskell-text-icu needs to be binNMUed first for level 3 Haskell packages.

Level 3:
chromium: embeds the V8 JavaSript engine which FTBFS:
[37842/38456] CXX obj/v8/v8_base_without_compiler/js-number-format.o
../../v8/src/objects/js-number-format.cc:1223:17: error: no member
named 'getAllFieldPositions' in 'icu_67::number::FormattedNumber'
  formatted.getAllFieldPositions(*fp_iter, status);
  ~ ^
../../v8/src/objects/js-number-format.cc:1238:17: error: no member
named 'getAllFieldPositions' in 'icu_67::number::FormattedNumber'
  formatted.getAllFieldPositions(*fp_iter, status);
  ~ ^
2 errors generated.

These seems to be fixed in its upstream[2] tree with other patches.
The problem is that I couldn't backport those into the current
Chromium package in Sid. It's two security releases behind of
upstream. Seems there's no enough manpower to maintain that package.
Problably that's the reason it was removed from Ubuntu, I'm not sure.
Tried to package the new upstream release but failed for the first try
and

NEW changes in oldstable-new

2020-07-11 Thread Debian FTP Masters 
Processing changes file: acmetool_0.0.58-5+b2_amd64.changes
  ACCEPT
Processing changes file: acmetool_0.0.58-5+b2_arm64.changes
  ACCEPT
Processing changes file: acmetool_0.0.58-5+b2_armel.changes
  ACCEPT
Processing changes file: acmetool_0.0.58-5+b2_armhf.changes
  ACCEPT
Processing changes file: acmetool_0.0.58-5+b2_i386.changes
  ACCEPT
Processing changes file: acmetool_0.0.58-5+b2_mips.changes
  ACCEPT
Processing changes file: acmetool_0.0.58-5+b2_mips64el.changes
  ACCEPT
Processing changes file: acmetool_0.0.58-5+b2_mipsel.changes
  ACCEPT
Processing changes file: acmetool_0.0.58-5+b2_s390x.changes
  ACCEPT
Processing changes file: chasquid_0.01+git20161124.6479138-2+b3_amd64.changes
  ACCEPT
Processing changes file: chasquid_0.01+git20161124.6479138-2+b3_arm64.changes
  ACCEPT
Processing changes file: chasquid_0.01+git20161124.6479138-2+b3_armel.changes
  ACCEPT
Processing changes file: chasquid_0.01+git20161124.6479138-2+b3_armhf.changes
  ACCEPT
Processing changes file: chasquid_0.01+git20161124.6479138-2+b3_i386.changes
  ACCEPT
Processing changes file: chasquid_0.01+git20161124.6479138-2+b3_ppc64el.changes
  ACCEPT
Processing changes file: heartbleeder_0.1.1-5+b3_amd64.changes
  ACCEPT
Processing changes file: heartbleeder_0.1.1-5+b3_arm64.changes
  ACCEPT
Processing changes file: heartbleeder_0.1.1-5+b3_armel.changes
  ACCEPT
Processing changes file: heartbleeder_0.1.1-5+b3_armhf.changes
  ACCEPT
Processing changes file: heartbleeder_0.1.1-5+b3_i386.changes
  ACCEPT
Processing changes file: mongo-tools_3.2.11-1+b3_amd64.changes
  ACCEPT
Processing changes file: mongo-tools_3.2.11-1+b3_armel.changes
  ACCEPT
Processing changes file: mongo-tools_3.2.11-1+b3_armhf.changes
  ACCEPT
Processing changes file: mongo-tools_3.2.11-1+b3_i386.changes
  ACCEPT
Processing changes file: mongo-tools_3.2.11-1+b3_ppc64el.changes
  ACCEPT

Processed: tagging 922170

2020-07-11 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 922170 + pending
Bug #922170 [release.debian.org] nmu: Four packages for golang
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
922170: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922170
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version

2020-07-11 Thread Andrej Shadura 
Hi,

On Fri, 10 Jul 2020, at 19:13, Moritz Mühlenhoff wrote:
> Let's remove it for the upcoming 10.5 update, then?

Sure.

-- 
Cheers,
  Andrej