Bug#1036524: unblock: dokuwiki/0.0.20220731.a-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: dokuw...@packages.debian.org, a...@debian.org Control: affects -1 + src:dokuwiki Please unblock package dokuwiki/0.0.20220731.a-2 It fixes a XSS security issue (#1036279) for which upstream has released a hotfix for two upstream releases including the release "Igor" which is the one currently in Debian Sid/Bookworm. (There has happened a new major upstream release since the beginning of the freeze. See https://www.dokuwiki.org/changes for details) The Debian Security Team considers this issue to be of grave severity. [ Reason ] A cross-server-side (XSS) issue has been detected in DokuWiki's RSS feed generator. This is the security update to fix it. [ Impact ] DokuWiki installations will be exposed to an XSS security issue in the RSS feed generator in Debian 12 Bookworm, at least at release time. Given that the Debian Security Team considers the issue grave, it might be that the security team publishes more or less the same package as just uploaded also as DSA for Bookworm if it's not migrating to testing before the release. (Haven't asked them, though. I just based this on the severity they've given to the issue.) [ Tests ] * Ran for 2 days on a DokuWiki instance which I run on Debian Testing. * Tested viewing, editing and the RSS feed generation on that site. [ Risks ] The upstream fix is small-ish, but not straight forward and contains order changes where it's at least not obvious for me why. It though clearly adds some additional escaping to the code. (The version bump patch is though straight forward.) [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] I've included the whole difference between 2022-07-31a and 2022-07-31b in the upload (see the upstream diff at https://github.com/dokuwiki/dokuwiki/compare/release-2022-07-31a...release-2022-07-31b#files_bucket) in two patches (as they were split over two commits upstream) including the version and message version bump. Reasoning behind the latter is that security scanners potentially won't argue about about this being 2022-07-31a and being vulnerable to that XSS issue despite it isn't. So this is defacto an upgrade to the upstream hotfix version 2022-07-31b — which contains nothing but the XSS fix and a version bump. I've not used the upstream tar ball for the hotfix for that release as it dropped about 136 files from the tar ball. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036279#14 for the whole list of missing files. So please unblock dokuwiki/0.0.20220731.a-2 diff -Nru dokuwiki-0.0.20220731.a/debian/changelog dokuwiki-0.0.20220731.a/debian/changelog --- dokuwiki-0.0.20220731.a/debian/changelog2022-11-14 04:24:11.0 +0100 +++ dokuwiki-0.0.20220731.a/debian/changelog2023-05-21 15:01:45.0 +0200 @@ -1,3 +1,12 @@ +dokuwiki (0.0.20220731.a-2) unstable; urgency=high + + * Cherry pick upstream 2022-07-31b hotfix patches for the Igor release: ++ ba76f875: fix XSS in RSS syntax ++ b7fcf218: hotfix release for Igor +Closes: #1036279 + + -- Axel Beckert Sun, 21 May 2023 15:01:45 +0200 + dokuwiki (0.0.20220731.a-1) unstable; urgency=medium * Salvage package. (Closes: #1008649) diff -Nru dokuwiki-0.0.20220731.a/debian/patches/cherrypick_b7fcf218_hotfix_release_for_igor.patch dokuwiki-0.0.20220731.a/debian/patches/cherrypick_b7fcf218_hotfix_release_for_igor.patch --- dokuwiki-0.0.20220731.a/debian/patches/cherrypick_b7fcf218_hotfix_release_for_igor.patch 1970-01-01 01:00:00.0 +0100 +++ dokuwiki-0.0.20220731.a/debian/patches/cherrypick_b7fcf218_hotfix_release_for_igor.patch 2023-05-18 22:59:00.0 +0200 @@ -0,0 +1,30 @@ +From b7fcf218f1b2e858e7d41809d7dd291fc8a898f3 Mon Sep 17 00:00:00 2001 +From: Guy Brand +Date: Tue, 16 May 2023 12:49:38 +0200 +Subject: [PATCH] hotfix release a for Igor + +--- + VERSION | 2 +- + doku.php | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/VERSION b/VERSION +index 7658b60750..2800ff9b24 100644 +--- a/VERSION b/VERSION +@@ -1 +1 @@ +-2022-07-31a "Igor" ++2022-07-31b "Igor" +diff --git a/doku.php b/doku.php +index 50e3726327..f5117ee5eb 100644 +--- a/doku.php b/doku.php +@@ -11,7 +11,7 @@ + // update message version - always use a string to avoid localized floats! + use dokuwiki\Extension\Event; + +-$updateVersion = "53"; ++$updateVersion = "53.1"; + + // xdebug_start_profiling(); + diff -Nru dokuwiki-0.0.20220731.a/debian/patches/cherrypick_ba76f875_fix_xss_in_rss_syntax.patch dokuwiki-0.0.20220731.a/debian/patches/cherrypick_ba76f875_fix_xss_in_rss_syntax.patch --- dokuwiki-0.0.20220731.a/debian/patches/cherrypick_ba76f875_fix_xss_in_rss_syntax.patch 1970-01-01 01:00:00.0
Bug#1036246: unblock: iptables-netflow/2.6-4
Hi Sebastian, Axel Beckert wrote: > Please unblock iptables-netflow/2.6-4. Sorry, but I saw only now that you already granted an unblock today (well, actually yesterday in CEST as it's already past mightnight). I waited with the unblock request until I was able to test a full upgrade of a production-grade server using this package to make sure that it was properly working under production settings. (And for multiple, work and private reasons, this wasn't possible before this night.) Anyway, I've put quite some effort into testing this properly so shortly before the release, so you might want to have a look nevertheless. :-) P.S.: And thanks for also unblocking debsums recently. There I was waiting for some more feedback from Andreas, but noticed that it migrated to testing even before I started writing an unblock request. :-) P.P.S.: Please tell me if in future I should write unblock requests more earlier after the upload to spare the release team their own look at it. So far my mode of operation was to only file the unblock request if the package proved itself in unstable for a few days at least. Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#1036246: unblock: iptables-netflow/2.6-4
00 fix building on old kernels Link: https://github.com/aabc/ipt-netflow/pull/196 diff --git a/compat.h b/compat.h index 6be9d6b..847117f 100644 --- a/compat.h +++ b/compat.h @@ -782,7 +782,14 @@ struct module *find_module(const char *name) #endif #ifndef HAVE_NF_CT_EVENT_NOTIFIER_CT_EVENT +/* + * nat event callback parameter is constified in 5.15+ + * but it prevents module building with previous kernel versions + */ +# define NF_CT_EVENT struct nf_ct_event # define ct_event fcn +#else +# define NF_CT_EVENT const struct nf_ct_event #endif #endif /* COMPAT_NETFLOW_H */ diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c index e042fe6..82805bc 100644 --- a/ipt_NETFLOW.c +++ b/ipt_NETFLOW.c @@ -4597,7 +4597,7 @@ static void rate_timer_calc( #ifdef CONFIG_NF_NAT_NEEDED #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,31) static struct nf_ct_event_notifier *saved_event_cb __read_mostly = NULL; -static int netflow_conntrack_event(const unsigned int events, const struct nf_ct_event *item) +static int netflow_conntrack_event(const unsigned int events, NF_CT_EVENT *item) #else static int netflow_conntrack_event(struct notifier_block *this, unsigned long events, void *ptr) #endif So please unblock iptables-netflow/2.6-4 diff -Nru iptables-netflow-2.6/debian/.gitignore iptables-netflow-2.6/debian/.gitignore --- iptables-netflow-2.6/debian/.gitignore 2023-01-20 11:27:09.0 +0100 +++ iptables-netflow-2.6/debian/.gitignore 1970-01-01 01:00:00.0 +0100 @@ -1,10 +0,0 @@ -/dkms -/files -/debhelper-build-stamp -/.debhelper/ -/*.debhelper.log -/*.p*.debhelper -/*.substvars -/iptables-netflow-dkms/ -/irqtop/ -/tmp/ diff -Nru iptables-netflow-2.6/debian/changelog iptables-netflow-2.6/debian/changelog --- iptables-netflow-2.6/debian/changelog 2023-01-20 11:27:09.0 +0100 +++ iptables-netflow-2.6/debian/changelog 2023-05-10 18:22:39.0 +0200 @@ -1,3 +1,11 @@ +iptables-netflow (2.6-4) unstable; urgency=medium + + * Acknowledge NMU. Thanks Andreas! + * Cherry-pick upstream commit 0901f028 "fix building on old kernels". + (Closes: #1035511) + + -- Axel Beckert Wed, 10 May 2023 18:22:39 +0200 + iptables-netflow (2.6-3.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru iptables-netflow-2.6/debian/patches/cherry-pick_0901f028_fix_building_on_old_kernels.patch iptables-netflow-2.6/debian/patches/cherry-pick_0901f028_fix_building_on_old_kernels.patch --- iptables-netflow-2.6/debian/patches/cherry-pick_0901f028_fix_building_on_old_kernels.patch 1970-01-01 01:00:00.0 +0100 +++ iptables-netflow-2.6/debian/patches/cherry-pick_0901f028_fix_building_on_old_kernels.patch 2023-05-10 17:21:46.0 +0200 @@ -0,0 +1,40 @@ +commit 0901f028617acca350132a65293ab80a480bf233 +Author: Vadim Fedorenko +Date: Mon Mar 28 21:59:10 2022 +0300 + +fix building on old kernels + +Link: https://github.com/aabc/ipt-netflow/pull/196 + +diff --git a/compat.h b/compat.h +index 6be9d6b..847117f 100644 +--- a/compat.h b/compat.h +@@ -782,7 +782,14 @@ struct module *find_module(const char *name) + #endif + + #ifndef HAVE_NF_CT_EVENT_NOTIFIER_CT_EVENT ++/* ++ * nat event callback parameter is constified in 5.15+ ++ * but it prevents module building with previous kernel versions ++ */ ++# define NF_CT_EVENT struct nf_ct_event + # define ct_event fcn ++#else ++# define NF_CT_EVENT const struct nf_ct_event + #endif + + #endif /* COMPAT_NETFLOW_H */ +diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c +index e042fe6..82805bc 100644 +--- a/ipt_NETFLOW.c b/ipt_NETFLOW.c +@@ -4597,7 +4597,7 @@ static void rate_timer_calc( + #ifdef CONFIG_NF_NAT_NEEDED + #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,31) + static struct nf_ct_event_notifier *saved_event_cb __read_mostly = NULL; +-static int netflow_conntrack_event(const unsigned int events, const struct nf_ct_event *item) ++static int netflow_conntrack_event(const unsigned int events, NF_CT_EVENT *item) + #else + static int netflow_conntrack_event(struct notifier_block *this, unsigned long events, void *ptr) + #endif diff -Nru iptables-netflow-2.6/debian/patches/series iptables-netflow-2.6/debian/patches/series --- iptables-netflow-2.6/debian/patches/series 2023-01-20 11:27:09.0 +0100 +++ iptables-netflow-2.6/debian/patches/series 2023-05-10 17:21:58.0 +0200 @@ -4,3 +4,4 @@ dont-hardcode-current-gcc.patch cherry-pick_66e43041_namespace_sk_error_report.patch cherry-pick_6a55739a_fix_build_on_v5.15.patch +cherry-pick_0901f028_fix_building_on_old_kernels.patch
Bug#1034132: unblock: dpmb/0~2023.03.11
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: d...@packages.debian.org Control: affects -1 + src:dpmb Please unblock package dpmb/0~2023.03.11 DPMB = Debian Packaging Management (E-)Book [ Reason ] Content of the e-book has been updated for the Bookworm release, describing changes like non-free-firmware, Stretch being now ELTS, vrms has been renamed to check-dfsg-status, etc. Sections about package management related packages which are no more in any supported Debian release have been removed from the book. [ Impact ] Without the update, changes in Bookworm won't be covered in Bookworm. [ Tests ] The e-book (and package) built fine on Sid in three different types of environment: locally, local minimal pbuilder chroot as well as on the buildd. Buildd-built HTML, EPUB and PDF variants have been skimmed through for proper formatting. (HTML with Chromium, EPUB and PDF with mupdf.) The Mobi version for Kindle devices hasn't been checked as I don't have a Kindle device. But is converted from the EPUB version using Calibre's ebook-convert. [ Risks ] Other book content has been updated or expanded, too. Changed or added content might have introduced typos or other content issues. [ Checklist ] [x] all (non-content) changes are documented in the d/changelog [x] I made all (non-content) changes and I approve them [x] attach debdiff against the package in testing [ Other info ] debdiff of the non-content changes: diff -Nru dpmb-0~2021.03.01/debian/changelog dpmb-0~2023.03.11/debian/changelog --- dpmb-0~2021.03.01/debian/changelog 2021-03-01 00:56:34.0 +0100 +++ dpmb-0~2023.03.11/debian/changelog 2023-03-12 00:34:38.0 +0100 @@ -1,3 +1,16 @@ +dpmb (0~2023.03.11) unstable; urgency=medium + + * The Debian 12 Bookworm Edition. ++ Covers non-free-firmware archive section. ++ Debian 9 Stretch is now ELTS. + * Bracketize sole lintian override so far. + * Add lintian override for very-long-line-length-in-source-file on +binary file and handwritten Markdown files with a few long semantic +HTML oneliners. + * Declare compliance with Debian Policy 4.6.2. (No changes needed.) + + -- Axel Beckert Sat, 11 Mar 2023 23:34:38 + + dpmb (0~2021.03.01) unstable; urgency=medium * New snapshot diff -Nru dpmb-0~2021.03.01/debian/control dpmb-0~2023.03.11/debian/control --- dpmb-0~2021.03.01/debian/control2021-02-03 04:27:56.0 +0100 +++ dpmb-0~2023.03.11/debian/control2023-03-12 00:32:59.0 +0100 @@ -10,7 +10,7 @@ dblatex, texlive-lang-german, xmlto -Standards-Version: 4.5.1 +Standards-Version: 4.6.2 Homepage: https://www.dpmb.org/ Vcs-Git: https://github.com/dpmb/dpmb.git Vcs-Browser: https://github.com/dpmb/dpmb diff -Nru dpmb-0~2021.03.01/debian/lintian-overrides dpmb-0~2023.03.11/debian/lintian-overrides --- dpmb-0~2021.03.01/debian/lintian-overrides 2016-06-29 23:15:14.0 +0200 +++ dpmb-0~2023.03.11/debian/lintian-overrides 2023-03-12 00:20:22.0 +0100 @@ -1,2 +1,2 @@ # Feature request against doc-base, see https://bugs.debian.org/730240 -debian-paketmanagement-buch: doc-base-file-unknown-format debian-paketmanagement-buch:14 epub +debian-paketmanagement-buch: doc-base-file-unknown-format epub [usr/share/doc-base/debian-paketmanagement-buch.debian-paketmanagement-buch:14] diff -Nru dpmb-0~2021.03.01/debian/source/lintian-overrides dpmb-0~2023.03.11/debian/source/lintian-overrides --- dpmb-0~2021.03.01/debian/source/lintian-overrides 1970-01-01 01:00:00.0 +0100 +++ dpmb-0~2023.03.11/debian/source/lintian-overrides 2023-03-12 00:28:25.0 +0100 @@ -0,0 +1,6 @@ +# Binary file +dpmb source: very-long-line-length-in-source-file 1296 > 512 [praxis/apt-cache/apt-cache.dia:2] + +# Handwritten Markdown with a few long semantic HTML oneliners +dpmb source: very-long-line-length-in-source-file * > 512 [README.mdwn:64] +very-long-line-length-in-source-file * > 512 [LICENSE.md:3] Full debdiff attached. So please unblock dpmb/0~2023.03.11 Thanks in advance! dpmb_0~2021.03.01_0~2023.03.11.dsc.debdiff.xz Description: application/xz
Re: Bug#1024261: debhelper: dbgsym packages contain directoryr writable by build user
Hi, Helmut Grohne wrote: > 308 armel > 313 armhf > 316 i386 > 613 mipsel > > I think it is fairly safe to say that the problem affects 32bit > architectures. Could this be https://bugs.debian.org/1023286 in fakeroot as well as Niels pointed out in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024520#37 ? Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#990739: buster-pu: package iptables-netflow/2.3-5+deb10u1
Hi Adrian, Adrian Bunk wrote: > Since it was easy to verify with kernel 4.19.249-2 that the module did > not compile before but does after the fix, I've uploaded a package with > the debdiff from the bug to buster. Thanks a lot! Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#1013112: closed by Sebastian Ramacher (Re: Bug#1013112: angelfish: Uninstallabale due to Qt transition, but not listed on https://release.debian.org/transitions/html/qtbase-
Hi Sebastian, Debian Bug Tracking System wrote: > > So I assume that this transition misses relations to > > qtwebengine-abi-5-15-10 and qtwebengine-abi-5-15-5. […] > The tracker now also checks qtwebengine-abi-5-15 and I have scheduled > binNMUs for angelfish. Thanks! Angelfish (at least on amd64) is now installable again. Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#1013112: angelfish: Uninstallabale due to Qt transition, but not listed on https://release.debian.org/transitions/html/qtbase-abi-5-15-4.html
Package: angelfish,release.debian.org Version: angelfish/22.04-1 Severity: serious Hi, seemingly due to the current Qt transition (https://release.debian.org/transitions/html/qtbase-abi-5-15-4.html), angelfish becomes uninstallable (i.e. aptitude wants to remove it) if I try to upgrade all the Qt packages in unstable. Reason seems this dependency: ii libqt5webenginecore5 [qtwebengine-abi-5-15-5] 5.15.8+dfsg-1+b2 The current libqt5webenginecore5 in Unstable only "Provides: qtwebengine-abi-5-15-10". But angelfish is not listed on https://release.debian.org/transitions/html/qtbase-abi-5-15-4.html — not even if I display the "good" ones. So I assume that this transition misses relations to qtwebengine-abi-5-15-10 and qtwebengine-abi-5-15-5. (Filing primarily against angelfish, but also against release.debian.org as it seems to be an oversight in this transition and a BinNMU by the release team might fix this already.) -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.16.0-6-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled Versions of packages angelfish depends on: ii libc6 2.33-7 ii libgcc-s1 12.1.0-2 ii libkf5configcore5 5.94.0-3 ii libkf5configgui5 5.94.0-3 ii libkf5coreaddons5 5.94.0-1 ii libkf5dbusaddons5 5.94.0-1 ii libkf5i18n55.94.0-1 ii libkf5notifications5 5.94.0-1 ii libkf5windowsystem55.94.0-1 ii libqt5core5a 5.15.2+dfsg-16+b2 ii libqt5gui5 5.15.2+dfsg-16+b2 ii libqt5network5 5.15.2+dfsg-16+b2 ii libqt5qml5 5.15.2+dfsg-10 ii libqt5quick5 5.15.2+dfsg-10 ii libqt5sql5 5.15.2+dfsg-16+b2 ii libqt5webengine5 5.15.8+dfsg-1+b2 ii libqt5webenginecore5 [qtwebengine-abi-5-15-5] 5.15.8+dfsg-1+b2 ii libqt5widgets5 5.15.2+dfsg-16+b2 ii libstdc++6 12.1.0-2 ii qml-module-org-kde-kirigami2 5.94.0-1 ii qml-module-qtfeedback 5.0~git20180903.a14bd0b-3 ii qml-module-qtwebengine 5.15.8+dfsg-1+b2 angelfish recommends no packages. angelfish suggests no packages. -- no debconf information
Bug#991313: unblock: qutebrowser/2.0.2-2
Hi Adrian, Adrian Bunk wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock package qutebrowser > > * Apply patch to update documentation with regards to the #qutebrowser > IRC channel having moved from Freenode to Libera.Chat. > (change by Axel Beckert) > > Documentation-only change. Huh? I thought I filed an unblock request last week already. Hmmm. Can't find it in the BTS. Oh, fuck, my local postfix daemon was no more running. So thanks for writing one, too! So there will show up a proper, full unblock request arrive soon. Sorry for not having noticed that it didn't go out before the full freeze. :-( Will merge them once it arrived in the BTS. Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#991319: unblock: qutebrowser/2.0.2-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: a...@debian.org, reichw...@b1-systems.de, m...@fritzreichwald.de, m...@the-compiler.org Dear Release Team, please unblock package qutebrowser/2.0.2-2. It is a pure documentation update related to the Freenode f*ckup. [ Reason ] The upload adds a patch which updates the pointers to qutebrowser's IRC channel which — like many other projects — recently had to change from Freenode to Libera.Chat due to a hostile takeover of the prject's IRC channel on Freenode. [ Impact ] According to upstream, from time to time people still join the project's old channel on Freenode. It is suspected that outdated links in packaged versions of qutebrowser are one source for this. So if we don't get this tiny documentation update into Bullseye, the Freenode f*ckup will just last longer for this project and were continue to feed the new, hostile Freenode owners. [ Tests ] * I started qutebrowser, opened qute://help/, checked the IRC links. * I viewed the man page, searched for "freenode" (not present) and "IRC" to verify that the IRC references are updated in there, too. * I used qutebrowser as usually for about a day. * A debdiff on the .changes file (i.e. the resulting .deb files only showed version field changes" $ debdiff /…/pbuilder/result/qutebrowser_2.0.2-{1,2}_amd64.changes File lists identical (after any substitutions) Control files of package qutebrowser: lines which differ (wdiff format) --- Version: [-2.0.2-1-] {+2.0.2-2+} Control files of package qutebrowser-qtwebengine: lines which differ (wdiff format) --- Depends: libqt5webenginecore5 (>= 5.12), python3-pyqt5.qtwebengine (>= 5.12), qutebrowser (= [-2.0.2-1)-] {+2.0.2-2)+} Version: [-2.0.2-1-] {+2.0.2-2+} Control files of package qutebrowser-qtwebkit: lines which differ (wdiff format) Depends: python3-pyqt5.qtwebkit (>= 5.12), libqt5webkit5 (>= 5.212), qutebrowser (= [-2.0.2-1)-] {+2.0.2-2)+} Version: [-2.0.2-1-] {+2.0.2-2+} * diffoscope /…/pbuilder/result/qutebrowser_2.0.2-{1,2}_all.deb (i.e. the .deb file where the changed files are in) only showed expected changes: * The updated parts of the documentation * One new changelog entry (expected as well :-). * Version number changes (qutebrowser and debhelper, the latter from 13.3.3 to 13.3.4, so no big gap either) * Timestamps [ Risks ] Very low: * Leaf package * Only asciidoc source files (for the man page), one SVG vector image (XML) and HTML files are touched by the added patch. * It's a simple patch updating a few lines of documentation. The standalone patch is attached as well as the full source debdiff. [ Checklist ] [√] all changes are documented in the d/changelog [√] I reviewed all changes and I approve them [√] attach debdiff against the package in testing [ Other info ] I deliberately _only_ patched the SVG/XML version of the cheatsheet image, _not_ the PNG version of it as that would have added a 1.7 MB binary patch or an additional file plus changes in e.g. debian/qutebrowser.install. (Both variants were discussed between Debian packagers and upstream. Given the time shortly before the full-freeze, we've chosen the simplest variant with the drawback of not patching each occurrence, but leaving out one deliberately.) So please… unblock qutebrowser/2.0.2-2 Thanks in advance! diff -Nru qutebrowser-2.0.2/debian/changelog qutebrowser-2.0.2/debian/changelog --- qutebrowser-2.0.2/debian/changelog 2021-02-05 04:27:06.0 +0100 +++ qutebrowser-2.0.2/debian/changelog 2021-07-14 02:38:48.0 +0200 @@ -1,3 +1,10 @@ +qutebrowser (2.0.2-2) unstable; urgency=medium + + * Apply patch to update documentation with regards to the #qutebrowser +IRC channel having moved from Freenode to Libera.Chat. + + -- Axel Beckert Wed, 14 Jul 2021 02:38:48 +0200 + qutebrowser (2.0.2-1) unstable; urgency=medium * New upstream bugfix release. diff -Nru qutebrowser-2.0.2/debian/patches/0001-Update-IRC-links-to-Libera-Chat.patch qutebrowser-2.0.2/debian/patches/0001-Update-IRC-links-to-Libera-Chat.patch --- qutebrowser-2.0.2/debian/patches/0001-Update-IRC-links-to-Libera-Chat.patch 1970-01-01 01:00:00.0 +0100 +++ qutebrowser-2.0.2/debian/patches/0001-Update-IRC-links-to-Libera-Chat.patch 2021-07-14 02:38:48.0 +0200 @@ -0,0 +1,74 @@ +Author: Axel Beckert +Description: Update IRC links to Libera Chat + Based on a patch by Florian Bruhin +Forwarded: not-needed + +--- a/doc/qutebrowser.1.asciidoc b/doc/qutebrowser.1.asciidoc +@@ -152,8 +152,8 @@ + https://lists.schokokeks.org/mailman/listinfo.cgi/qute
Bug#990739: buster-pu: package iptables-netflow/2.3-5+deb10u1
same part of the code (I didn't want to merge them for transparency reasons): 1) adfc6318 from Obtober 2020 which initially fixes this issue in kernel 5.9. Origin: adfc631816ea690cbf53c03a9f40b6c4c5be0a21 Author: ABC Description: Fix compilation for 5.9: workaround ref_module unexport compat.h:173:21: error: implicit declaration of function `ref_module' [-Werror=implicit-function-declaration] # define use_module ref_module ^ ipt_NETFLOW.c:5488:3: note: in expansion of macro `use_module' use_module(THIS_MODULE, netlink_m); ^~ Bug: https://github.com/aabc/ipt-netflow/issues/153 2) 352cdb28 from June 2021 which removes the restrictions that only applied the fixes from adfc6318 to kernel 5.9 and above. Origin: 352cdb28eecbb57de3509b18dfc37dcce0455c01 Author: ABC Description: Fix compile for stable kernels by not using 'ref_module' `ref_module' unexport in 7ef5264de7732 ("modules: mark ref_module static") is back-ported into stable kernels making old `#if LINUX_VERSION_CODE' checks irrelevant or too complicated to update. Do not use `ref_module' API at all since `try_module_get' is ancient enough to use always. Bug: https://github.com/aabc/ipt-netflow/issues/177 Bug-Debian: https://bugs.debian.org/990123 Together (and only together) they also fix this issue for stable kernels where recently ref_module was made static as in 5.9 about a year ago. [ Other info ] Minor DEP3 patch metadata style fixes plus adding the relevant Debian bug report reference to the cherry-picked 352cdb28 patch happened after the initial week-long testing of the package. See https://salsa.debian.org/debian/iptables-netflow/-/commit/1dcc6e12 for these minor patch-metadata-only changes. The package with updated DEP3 patch metadata has been tested as well on the same installations and same ways as mentioned above, but not for such a long period. diff -Nru iptables-netflow-2.3/debian/changelog iptables-netflow-2.3/debian/changelog --- iptables-netflow-2.3/debian/changelog 2018-07-27 19:47:20.0 +0200 +++ iptables-netflow-2.3/debian/changelog 2021-06-22 18:00:10.0 +0200 @@ -1,3 +1,12 @@ +iptables-netflow (2.3-5+deb10u1) buster; urgency=high + + * Fix DKMS build failure regression caused by Linux upstream changes in +the 4.19.191 kernel by cherry-picking ipt_NETFLOW upstream commits +adfc6318 (initial fix for kernel 5.9) and 352cdb28 (removing the +special casing for older kernels). (Closes: #990123) + + -- Axel Beckert Tue, 22 Jun 2021 18:00:10 +0200 + iptables-netflow (2.3-5) unstable; urgency=medium * Add missing dependency (not build-dependency) on libc6-dev for DKMS diff -Nru iptables-netflow-2.3/debian/patches/cherry-pick-352cdb28-Fix-compile-for-stable-kernels-by-not-using-ref_module.patch iptables-netflow-2.3/debian/patches/cherry-pick-352cdb28-Fix-compile-for-stable-kernels-by-not-using-ref_module.patch --- iptables-netflow-2.3/debian/patches/cherry-pick-352cdb28-Fix-compile-for-stable-kernels-by-not-using-ref_module.patch 1970-01-01 01:00:00.0 +0100 +++ iptables-netflow-2.3/debian/patches/cherry-pick-352cdb28-Fix-compile-for-stable-kernels-by-not-using-ref_module.patch 2021-06-22 18:00:10.0 +0200 @@ -0,0 +1,58 @@ +Origin: 352cdb28eecbb57de3509b18dfc37dcce0455c01 +Author: ABC +Description: Fix compile for stable kernels by not using 'ref_module' + +`ref_module' unexport in 7ef5264de7732 ("modules: mark ref_module +static") is back-ported into stable kernels making old `#if +LINUX_VERSION_CODE' checks irrelevant or too complicated to update. + +Do not use `ref_module' API at all since `try_module_get' is ancient +enough to use always. + +Bug: https://github.com/aabc/ipt-netflow/issues/177 +Bug-Debian: https://bugs.debian.org/990123 +--- + compat.h | 4 + ipt_NETFLOW.c | 7 +-- + 2 files changed, 1 insertion(+), 10 deletions(-) + +--- a/compat.h b/compat.h +@@ -169,10 +169,6 @@ + # define CHECK_OK 0 + #endif + +-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) +-# define use_module ref_module +-#endif +- + #ifndef NF_IP_LOCAL_IN /* 2.6.25 */ + # define NF_IP_PRE_ROUTINGNF_INET_PRE_ROUTING + # define NF_IP_LOCAL_IN NF_INET_LOCAL_IN +--- a/ipt_NETFLOW.c b/ipt_NETFLOW.c +@@ -5395,12 +5395,8 @@ + } + /* Reference netlink module to prevent it's unsafe unload before us. */ + if (!netlink_m && (netlink_m = find_module(NETLINK_M))) { +-#if LINUX_VERSION_CODE < KERNEL_VERSION(5,9,0) +- use_module(THIS_MODULE, netlink_m); +-#else + if (!try_module_get(netlink_m)) + netlink_m = NULL; +-#endif + } + + /* Register ct events callback. */ +@@ -5428,10 +5424,9 @@ + #else /* < v3.2 */ + unset_notifier_cb(); + #endif /* v3.2 */ +-#if LINUX_VERSION_CODE >= KERNEL_VERS
Bug#987173: closed by Sebastian Ramacher (unblock iptables-netflow)
Hi Sebastian, Debian Bug Tracking System wrote: > From: Sebastian Ramacher > > Unblocked. Thanks! Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#987173: unblock: iptables-netflow/2.5.1-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: a...@debian.org, a...@debian.org Please unblock package iptables-netflow. [ Reason ] One if this source package's binary packages is a dkms-built kernel module and it was one of the packages affected by #984929 in dkms. This upload changes the dkms dependency to a versioned dependency on ≥ the version which fixed #984929 to make sure the fixed dkms package is installed before this package is upgraded and tries to use it at configuration time. Closes RC bug #984862 (https://bugs.debian.org/984862) against this package. [ Impact ] During dist-upgrade from Buster to Bullseye, this kernel module might be tried to be compiled with the wrong (not the kernel's) C compiler or might even fail to upgrade in case only the package linux-compiler-gcc-10-x86 but not the package gcc is installed since then no compiler is found as $CC is not set in the environment by the dkms package in Buster. [ Tests ] None. Solely a migration order issue solved via a versioned dependency requiring the fixed dkms package to be installed first. The binary packages built by this source package (built in an up to date pbuilder chroot) have been successfully installed on one of my sid machines with the current and an older 5.10 kernel image + headers being installed. The version constraint added by Andreas Beckmann (X-Debbugs-Cc'ed) has been cross-checked by myself to make sure there's no typo in it. [ Risks ] None. There are no known dependencies (nor Recommends nor Suggests) on any of the binary packages built by this source package (outside the source package itself), so circular dependencies — which might cause issues with such changes if they're versioned, too — are not present. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] I deliberately did not bump the Standards-Version from 4.5.0 to 4.5.1 with this upload despite I didn't see any necessary changes to be made. Just to keep the changeset minimal. So please … unblock iptables-netflow/2.5.1-2 … and maybe also reduce the migration interval a bit, dependening on how close we are to the release. :-) Regards, Axel -- ,''`. | Axel Beckert , http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `-| 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 diff -Nru iptables-netflow-2.5.1/debian/changelog iptables-netflow-2.5.1/debian/changelog --- iptables-netflow-2.5.1/debian/changelog 2020-10-18 11:22:35.0 +0200 +++ iptables-netflow-2.5.1/debian/changelog 2021-04-18 18:29:53.0 +0200 @@ -1,3 +1,11 @@ +iptables-netflow (2.5.1-2) unstable; urgency=low + + [ Andreas Beckmann ] + * iptables-netflow-dkms: Bump dkms dependency to ensure CC/CXX are set to +the kernel's compiler. (Closes: #984862) + + -- Axel Beckert Sun, 18 Apr 2021 18:29:53 +0200 + iptables-netflow (2.5.1-1) unstable; urgency=medium * New upstream bugfix release 2.5.1. diff -Nru iptables-netflow-2.5.1/debian/control iptables-netflow-2.5.1/debian/control --- iptables-netflow-2.5.1/debian/control 2020-04-27 08:39:15.0 +0200 +++ iptables-netflow-2.5.1/debian/control 2021-04-18 18:15:16.0 +0200 @@ -15,7 +15,7 @@ Package: iptables-netflow-dkms Architecture: linux-any -Depends: dkms, +Depends: dkms (>= 2.8.4-3~), libc6-dev, libxtables-dev, pkg-config,
Bug#983065: debian-policy: Downgrades are not allowed / Package upgrades must have a greater version than previous packages of the same name in the same suite
Package: debian-policy Version: 4.5.1.0 Severity: normal Hi, I know this is very obvious, but if you read * https://www.debian.org/Bugs/Developer#severities and * https://release.debian.org/testing/rc_policy.txt it seems as if it should be listed somewhere in the policy that package downgrades MUST not happen during upgrades within the same suite (i.e. also not during dist-upgrades from e.g. oldstable to stable). I searched for "downgrad" (case-insensitively) in the whole policy and read at least the sections 3.2 "The version of a package" and 5.6.12 "Version". (If it's documented elsewhere in the policy, it might need a pointer to there in these sections.) Reason for this bug report: After reading https://release.debian.org/testing/rc_policy.txt, especially after word "complete" this paragraph … The purpose of this document is to be a correct, complete and canonical list of issues that merit a "serious" bug under the clause "a severe violation of Debian policy". … I really had a hard time arguing why https://bugs.debian.org/983018 is actually release-critical, despite I was 100% sure that it is. Luckily the maintainer did not start discussing but just fixed it. :-) X-Debugs-Cc'ing the release team for the involvement of rc_policy.txt. The best written source I so far found was https://wiki.debian.org/SystemDowngrade and hence outside the policy. I suggest to add maybe a section 3.2.3 at https://www.debian.org/doc/debian-policy/ch-binary.html#the-version-of-a-package with a text like this: ---8<--- 3.2.3 Version numbers of upgrades within one suite Version numbers of succeeding package upgrades within the same suite MUST be strictly greater than the one of the previous package. Package downgrades within one suite or when dist-upgrading from an old stable to a new stable release MUST not happen. See 5.6.12.1. Epochs should be used sparingly for cases where you need to package an upstream release with a lower upstream version number. Even in that case the package version itself MUST be greater. --->8--- Maybe some of the phrases from https://wiki.debian.org/SystemDowngrade can be reused, too. Mostly thinking of these, because these are the core reasons: 1. The packages' installation scripts (postinst...) are designed to handle upgrade only. 2. The installation tools are designed to replace older versions of packages by newer versions. Improvements of this text are very welcome as it's currently just a first brain dump. -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-1-amd64 (SMP w/4 CPU threads) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled debian-policy depends on no packages. Versions of packages debian-policy recommends: ii libjs-sphinxdoc 3.4.3-1 Versions of packages debian-policy suggests: ii doc-base 0.11.1 -- no debconf information
Bug#980847: pre-approval: qutebrowser/2.0.0-1
Hi Paul, Paul Gevers wrote: > With the understanding that autoremovals remain on during the whole > freeze, we may manually remove RC buggy packages at any time and that > after the soft freeze starts, removed packages are not allowed to enter > bullseye again, this request is basically a maintainer call. > > Go ahead if you think the risk is acceptable for your package. Thanks! With a very responsive upstream, I'm very optimistic that there won't be any severe issues which can't be fixed quickly. So I just did a no-source-change upload of the package in experimental to unstable. Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#980847: pre-approval: qutebrowser/2.0.0-1
Hi Sebastian, Sebastian Ramacher wrote: > … and what about the changes to the packaging? This would be easier to > judge if something like a release candidate would be in testing already. > The size of the diff doesn't look like something we can sensibly review. Sure. You'll get that once 2.0.0 is released. Current ETA: Either tonoght or tomorrow. Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#980847: pre-approval: qutebrowser/2.0.0-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please pre-approve the package qutebrowser/2.0.0-1. [ Reason ] A major upstream release (2.0.0) of qutebrowser is going to be released soon (currently aimed at early next week, i.e. around 26th of January 2021). While it certainly counts as a "large change", it is a leaf package and risk is believed to be small (see below). [ Impact ] Users on Debian Stable will continue to use the previous release series (1.14.x) for the next couple of years. Since there are some changes around the names of commands/settings, this introduces an undesirable gap between users on Debian Stable and users on other distributions (many of qutebrowser's users are on rolling-release distributions). This gap would make it more difficult both for upstream and the affected users to give/take support, share configuration files, etc. [ Tests ] qutebrowser has a big automated testsuite with over 9000 (sic) tests. Note that many of those result from parametrization (running the same test with different sets of inputs), but still this reduces the potential for regressions. Upstream also uses other measures to reduce defects where appropriate, such as type annotations. A part of its users is using it directly from its git repository, so that any remaining issues with changes usually get reported and fixed quickly. [ Risks ] qutebrowser is a leaf package, so no coordination with other package(r)s is required. It is also a desktop application - while those certainly shouldn't be held to lower standards, the impact (or need for additional "preparation time" for users) might be smaller compared to e.g. a server application. There are many changes upstream: $ git diff --stat v1.14.1...master 540 files changed, 12654 insertions(+), 10182 deletions(-) Excluding tests/scripts/...: $ git diff --stat v1.14.1...master -- qutebrowser/ 199 files changed, 5189 insertions(+), 5794 deletions(-) However, the bulk of those changes are a result of relatively boring changes upstream, such as dropping support for old Python/Qt versions. The upstream changelog is probably a better indication: https://github.com/qutebrowser/qutebrowser/blob/master/doc/changelog.asciidoc#v200-unreleased [ Checklist ] (N/A because this is a pre-approval) [ Other info ] The upstream maintainer is on Cc for this bug and is willing to work with the package maintainers for this, where needed. If (despite all measures) regressions would be introduced, a potential patch release would happen as soon as possible. Patch releases are done from a dedicated v2.0.x maintenance branch, keeping care to keep changes as small as possible and without any non-bugfix changes. The release also introduces a new optional dependency on the Python "adblock" module for better ad blocking. It is currently not packaged for Debian and doing so is outside of the scope of this request. If the dependency is unavailable, qutebrowser will fall back on the same hosts-based adblocking it used before this release. So please pre-approve qutebrowser/2.0.0-1. For Debian's qutebrowser package, the qutebrowser package maintainers and upstream. -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-1-amd64 (SMP w/4 CPU threads) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled
Bug#935474: buster-pu: package xymon/4.3.28-5+deb10u1
Hi Adam, Adam D. Barratt wrote: > Please go ahead. Thanks. Uploaded. Didn't get any upload result mail yet, though. Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#935473: stretch-pu: package xymon/4.3.28-2+deb9u1
Hi Adam, Adam D. Barratt wrote: > Please go ahead. Thanks. Uploaded. Didn't get any upload result mail yet, though. Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#935473: stretch-pu: package xymon/4.3.28-2+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hi, The Debian Security Team decided to not issue a security update for these CVE IDs: * CVE-2019-13451: service overflows histlogfn in history.c. * CVE-2019-13452: service overflows histlogfn in reportlog.c. * CVE-2019-13273: srdb overflows dbfn in csvinfo.c. * CVE-2019-13274: reflected XSS in csvinfo.c. * CVE-2019-13455: htmlquoted(hostname) overflows msgline in acknowledge.c. * CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c. * CVE-2019-13485: hostname overflows selfurl in history.c. * CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in svcstatus.c. Hence I propose to do these as a normal stable update. Full source debdiff: diff -Nru xymon-4.3.28/debian/changelog xymon-4.3.28/debian/changelog --- xymon-4.3.28/debian/changelog 2017-03-03 23:18:20.0 +0100 +++ xymon-4.3.28/debian/changelog 2019-08-23 01:09:07.0 +0200 @@ -1,3 +1,22 @@ +xymon (4.3.28-2+deb9u1) stretch; urgency=high + + * Apply minimal upstream security patch to fix several (server-only) +vulnerabilities reported upstream by Graham Rymer: ++ CVE-2019-13451: service overflows histlogfn in history.c. ++ CVE-2019-13452: service overflows histlogfn in reportlog.c. ++ CVE-2019-13273: srdb overflows dbfn in csvinfo.c. ++ CVE-2019-13274: reflected XSS in csvinfo.c. ++ CVE-2019-13455: htmlquoted(hostname) overflows msgline in + acknowledge.c. ++ CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c. ++ CVE-2019-13485: hostname overflows selfurl in history.c. ++ CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in + svcstatus.c. ++ Closes: #935470 + * Include hostname validation regression fixes from 4.3.30, too. + + -- Axel Beckert Fri, 23 Aug 2019 01:09:07 +0200 + xymon (4.3.28-2) unstable; urgency=low * xymon-client: Add dependency on net-tools. (Closes: #856315) diff -Nru xymon-4.3.28/debian/patches/91_4.3.29-CVEs.patch xymon-4.3.28/debian/patches/91_4.3.29-CVEs.patch --- xymon-4.3.28/debian/patches/91_4.3.29-CVEs.patch1970-01-01 01:00:00.0 +0100 +++ xymon-4.3.28/debian/patches/91_4.3.29-CVEs.patch2019-08-23 01:07:05.0 +0200 @@ -0,0 +1,760 @@ +Description: Isolated CVE Patchset + history.c (service overflows histlogfn) = CVE-2019-13451 + reportlog.c (service overflows histlogfn) = CVE-2019-13452 + csvinfo.c (srdb overflows dbfn) = CVE-2019-13273 + csvinfo.c (reflected XSS) = CVE-2019-13274 + acknowledge.c (htmlquoted(hostname) overflows msgline) = CVE-2019-13455 + + appfeed.c (htmlquoted(xymondreq) overflows errtxt) = CVE-2019-13484 + history.c (hostname overflows selfurl) = CVE-2019-13485 + svcstatus.c (htmlquoted(xymondreq) overflows errtxt) = CVE-2019-13486 + + Includes hostname validation regression fixes from 4.3.30. +Author: Japheth Cleaver +Bug-Debian: https://bugs.debian.org/935470 + +Index: xymon/lib/strfunc.h +=== +--- xymon/lib/strfunc.h(revision 8059) xymon/lib/strfunc.h(working copy) +@@ -29,5 +29,14 @@ + extern char *prehtmlquoted(char *s); + extern strbuffer_t *replacetext(char *original, char *oldtext, char *newtext); + ++#define SBUF_DEFINE(NAME) char *NAME = NULL; size_t NAME##_buflen = 0; ++#define STATIC_SBUF_DEFINE(NAME) static char *NAME = NULL; static size_t NAME##_buflen = 0; ++#define SBUF_MALLOC(NAME, LEN) { NAME##_buflen = (LEN); NAME = (char *)malloc((LEN)+1); } ++#define SBUF_CALLOC(NAME, NMEMB, LEN) { NAME##_buflen = (LEN); NAME = (char *)calloc(NMEMB, (LEN)+1); } ++#define SBUF_REALLOC(NAME, LEN) { NAME##_buflen = (LEN); NAME = (char *)realloc(NAME, (LEN)+1); } ++ ++/* How much can a string expand when htmlquoted? ' ' --> '' */ ++#define MAX_HTMLQUOTE_FACTOR 6 ++ + #endif + +Index: xymon/web/csvinfo.c +=== +--- xymon/web/csvinfo.c(revision 8059) xymon/web/csvinfo.c(working copy) +@@ -123,12 +123,13 @@ + return 1; + } + +- sprintf(dbfn, "%s/etc/%s", xgetenv("XYMONHOME"), srcdb); ++ snprintf(dbfn, sizeof(dbfn), "%s/etc/%s", xgetenv("XYMONHOME"), srcdb); + db = fopen(dbfn, "r"); + if (db == NULL) { +- char msg[PATH_MAX]; ++ SBUF_DEFINE(msg); + +- sprintf(msg, "Cannot open sourcedb %s\n", dbfn); ++ SBUF_MALLOC(msg, 30+strlen(htmlquoted(dbfn))); ++ snprintf(msg, msg_buflen, "Cannot open sourcedb %s\n", htmlquoted(dbfn)); + errormsg(msg); + return 1; + } +Index: xymon/web/svcstatus.c +=== +--- xymon/web/svcstatus.c (revision 8059)
Bug#935474: buster-pu: package xymon/4.3.28-5+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Hi, The Debian Security Team decided to not issue a security update for these CVE IDs: * CVE-2019-13451: service overflows histlogfn in history.c. * CVE-2019-13452: service overflows histlogfn in reportlog.c. * CVE-2019-13273: srdb overflows dbfn in csvinfo.c. * CVE-2019-13274: reflected XSS in csvinfo.c. * CVE-2019-13455: htmlquoted(hostname) overflows msgline in acknowledge.c. * CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c. * CVE-2019-13485: hostname overflows selfurl in history.c. * CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in svcstatus.c. Hence I propose to do these as a normal stable update. Full source debdiff: diff -Nru xymon-4.3.28/debian/changelog xymon-4.3.28/debian/changelog --- xymon-4.3.28/debian/changelog 2019-03-18 01:28:51.0 +0100 +++ xymon-4.3.28/debian/changelog 2019-08-23 01:07:47.0 +0200 @@ -1,3 +1,22 @@ +xymon (4.3.28-5+deb10u1) buster; urgency=high + + * Apply minimal upstream security patch to fix several (server-only) +vulnerabilities reported upstream by Graham Rymer: ++ CVE-2019-13451: service overflows histlogfn in history.c. ++ CVE-2019-13452: service overflows histlogfn in reportlog.c. ++ CVE-2019-13273: srdb overflows dbfn in csvinfo.c. ++ CVE-2019-13274: reflected XSS in csvinfo.c. ++ CVE-2019-13455: htmlquoted(hostname) overflows msgline in + acknowledge.c. ++ CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c. ++ CVE-2019-13485: hostname overflows selfurl in history.c. ++ CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in + svcstatus.c. ++ Closes: #935470 + * Include hostname validation regression fixes from 4.3.30, too. + + -- Axel Beckert Fri, 23 Aug 2019 01:07:47 +0200 + xymon (4.3.28-5) unstable; urgency=medium * xymon.postinst: Check for file existence before calling chgrp/chmod on diff -Nru xymon-4.3.28/debian/patches/91_4.3.29-CVEs.patch xymon-4.3.28/debian/patches/91_4.3.29-CVEs.patch --- xymon-4.3.28/debian/patches/91_4.3.29-CVEs.patch1970-01-01 01:00:00.0 +0100 +++ xymon-4.3.28/debian/patches/91_4.3.29-CVEs.patch2019-08-23 01:07:05.0 +0200 @@ -0,0 +1,760 @@ +Description: Isolated CVE Patchset + history.c (service overflows histlogfn) = CVE-2019-13451 + reportlog.c (service overflows histlogfn) = CVE-2019-13452 + csvinfo.c (srdb overflows dbfn) = CVE-2019-13273 + csvinfo.c (reflected XSS) = CVE-2019-13274 + acknowledge.c (htmlquoted(hostname) overflows msgline) = CVE-2019-13455 + + appfeed.c (htmlquoted(xymondreq) overflows errtxt) = CVE-2019-13484 + history.c (hostname overflows selfurl) = CVE-2019-13485 + svcstatus.c (htmlquoted(xymondreq) overflows errtxt) = CVE-2019-13486 + + Includes hostname validation regression fixes from 4.3.30. +Author: Japheth Cleaver +Bug-Debian: https://bugs.debian.org/935470 + +Index: xymon/lib/strfunc.h +=== +--- xymon/lib/strfunc.h(revision 8059) xymon/lib/strfunc.h(working copy) +@@ -29,5 +29,14 @@ + extern char *prehtmlquoted(char *s); + extern strbuffer_t *replacetext(char *original, char *oldtext, char *newtext); + ++#define SBUF_DEFINE(NAME) char *NAME = NULL; size_t NAME##_buflen = 0; ++#define STATIC_SBUF_DEFINE(NAME) static char *NAME = NULL; static size_t NAME##_buflen = 0; ++#define SBUF_MALLOC(NAME, LEN) { NAME##_buflen = (LEN); NAME = (char *)malloc((LEN)+1); } ++#define SBUF_CALLOC(NAME, NMEMB, LEN) { NAME##_buflen = (LEN); NAME = (char *)calloc(NMEMB, (LEN)+1); } ++#define SBUF_REALLOC(NAME, LEN) { NAME##_buflen = (LEN); NAME = (char *)realloc(NAME, (LEN)+1); } ++ ++/* How much can a string expand when htmlquoted? ' ' --> '' */ ++#define MAX_HTMLQUOTE_FACTOR 6 ++ + #endif + +Index: xymon/web/csvinfo.c +=== +--- xymon/web/csvinfo.c(revision 8059) xymon/web/csvinfo.c(working copy) +@@ -123,12 +123,13 @@ + return 1; + } + +- sprintf(dbfn, "%s/etc/%s", xgetenv("XYMONHOME"), srcdb); ++ snprintf(dbfn, sizeof(dbfn), "%s/etc/%s", xgetenv("XYMONHOME"), srcdb); + db = fopen(dbfn, "r"); + if (db == NULL) { +- char msg[PATH_MAX]; ++ SBUF_DEFINE(msg); + +- sprintf(msg, "Cannot open sourcedb %s\n", dbfn); ++ SBUF_MALLOC(msg, 30+strlen(htmlquoted(dbfn))); ++ snprintf(msg, msg_buflen, "Cannot open sourcedb %s\n", htmlquoted(dbfn)); + errormsg(msg); + return 1; + } +Index: xymon/web/svcstatus.c +=== +--- xymon/web/svcstatus.c (revi
Bug#929336: unblock: evolvotron/0.7.1-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock evolvotron/0.7.1-3. It fixes frequent segfaults at startup, namely #929034. Full source debdiff: diff -Nru evolvotron-0.7.1/debian/changelog evolvotron-0.7.1/debian/changelog --- evolvotron-0.7.1/debian/changelog 2018-01-02 08:32:53.0 +0100 +++ evolvotron-0.7.1/debian/changelog 2019-05-21 01:40:39.0 +0200 @@ -1,3 +1,15 @@ +evolvotron (0.7.1-3) unstable; urgency=high + + [ Ondřej Nový ] + * debian/watch: Use HTTPS. + + [ Axel Beckert ] + * Apply patch to fix erasing while iterating. Fixes frequent segfaults +on startup. (Closes: #929034) Thanks to Saverio Brancaccio for +reporting the issue and thanks to Jan Nordholz for the patch! + + -- Axel Beckert Tue, 21 May 2019 01:40:39 +0200 + evolvotron (0.7.1-2) unstable; urgency=medium * Add lintian override for bogus tech-ctte decision imposed onto policy, diff -Nru evolvotron-0.7.1/debian/patches/fix_erasing_while_iterating.patch evolvotron-0.7.1/debian/patches/fix_erasing_while_iterating.patch --- evolvotron-0.7.1/debian/patches/fix_erasing_while_iterating.patch 1970-01-01 01:00:00.0 +0100 +++ evolvotron-0.7.1/debian/patches/fix_erasing_while_iterating.patch 2019-05-21 01:39:42.0 +0200 @@ -0,0 +1,66 @@ +Description: Fix erasing while iterating +Author: Jan Nordholz +Origin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929034#41 +Bug-Debian: https://bugs.debian.org/929034 +Forwarded: yes + +Index: evolvotron-0.7.1/libevolvotron/mutatable_image_computer_farm.cpp +=== +--- evolvotron-0.7.1.orig/libevolvotron/mutatable_image_computer_farm.cpp evolvotron-0.7.1/libevolvotron/mutatable_image_computer_farm.cpp +@@ -72,19 +72,20 @@ void MutatableImageComputerFarm::fasttra + { + QMutexLocker lock(&_mutex); + +- // \todo: Inefficient starting search again each time. Some problem with erase otherwise though, but might have been task abort mem leak. +- TodoQueue::iterator it; +- while ( +- ( +-it=std::find_if(_todo.begin(),_todo.end(),predicate_aborted) +-) +- != +- _todo.end() +- ) +-{ +- _done[(*it)->display()].insert(*it); +- _todo.erase(it); +-} ++ TodoQueue::iterator it = _todo.begin(); ++ ++ while (it != _todo.end()) ++{ ++ if ((*it)->aborted()) ++ { ++_done[(*it)->display()].insert(*it); ++it = _todo.erase(it); ++ } ++ else ++ { ++it++; ++ } ++} + } + + void MutatableImageComputerFarm::push_todo(const boost::shared_ptr& task) +@@ -214,7 +215,9 @@ void MutatableImageComputerFarm::abort_f + if ((*it)->display()==disp) + { + (*it)->abort(); +-_todo.erase(it); ++it = _todo.erase(it); ++if (it == _todo.end()) ++ break; + } + } + +@@ -234,7 +237,9 @@ void MutatableImageComputerFarm::abort_f + if ((*it1)->display()==disp) + { + (*it1)->abort(); +-q.erase(it1); ++it1 = q.erase(it1); ++if (it1 == q.end()) ++ break; + } + } + } diff -Nru evolvotron-0.7.1/debian/patches/series evolvotron-0.7.1/debian/patches/series --- evolvotron-0.7.1/debian/patches/series 1970-01-01 01:00:00.0 +0100 +++ evolvotron-0.7.1/debian/patches/series 2019-05-21 01:20:58.0 +0200 @@ -0,0 +1 @@ +fix_erasing_while_iterating.patch diff -Nru evolvotron-0.7.1/debian/watch evolvotron-0.7.1/debian/watch --- evolvotron-0.7.1/debian/watch 2016-05-18 23:16:11.0 +0200 +++ evolvotron-0.7.1/debian/watch 2019-05-17 00:24:11.0 +0200 @@ -1,2 +1,2 @@ version=3 -http://sf.net/evolvotron/evolvotron-(.*)\.tar\.gz +https://sf.net/evolvotron/evolvotron-(.*)\.tar\.gz It has been built successfully on all release architectures as well on all other architectures except kfreebsd-* where the build is still pending: https://buildd.debian.org/status/package.php?p=evolvotron So please: unblock evolvotron/0.7.1-3 -- System Information: Debian Release: 10.0 APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled
Bug#928428: unblock: [pre-approval] wicd/1.7.4+tb2-7
Hi Niels, Niels Thykier wrote: > Axel Beckert: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: unblock > > > > In the light of dhcpcd5 automremoval (#928056, #928104, #928105), I'd > > like to upload a wicd package which relies less on dhcpcd5. [...] [...] > AFAICT, the dhcpcd5 issues have been fixed and wicd is at the moment not > at risk of being removed from testing on that account. Ack. Actually I didn't expected those CVEs to be fixed that quickly given how RC bugs in that package were handled in the past. I guess these memories are from the times where the Debian packages of dhcpcd* was (not really) maintained by the upstream maintainer. > If so, then I would prefer deferring these changes to bullseye in > general to reduce the risks of regressions in testing at the moment. I actually thought that way, too, and nearly would have closed the request myself. But then again it seems that if only the default DHCP client dependency is installed, it won't find the according binary. (See https://bugs.debian.org/852343 — probably has the wrong severity, should be at least important from my point of view.) Then again, in most cases, when wicd is being installed, that alternative dependency where dhcpcd5 comes first (#901592) is usually already fulfilled by isc-dhcp-client which is installed by default and hence present on most installations. So while the impact of #852343 (at least together with #901592) is probably RC on the paper, there are actually only very few people who actually will run into it (and nobody who complained by having run into it so far), e.g. those who have no DHCP client installed at all when wicd is being installed or which uninstall all other DHCP clients afterwards. The only real impact I can imagine is on derivatives which install wicd by default and follow Debian release cycles — of which I can't remember any at the moment — at least Raspbian uses pure dhcpcd5 + dhcpcd-gtk (and not Debian's packages of dhcpcd* as I just noticed). So I'm generally fine with postponing this until bullseye. If you agree with my reasoning above, please close this unblock request. Will drop the created git branch "buster" only after the release of buster, though, just to be on the safe side. Salvo Tomaselli wrote: > Well I use isc-dhcp-client and it works fine I'm sorry, but IMHO this fact is not really relevant for this discussion. > so I guess it is an ok change. ... and since it ignores the core issues of th proposed change, this reasoning is IMHO bogus. Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#928428: unblock: [pre-approval] wicd/1.7.4+tb2-7
Hi, Axel Beckert wrote: > I'll prepare a feature branch for this in git including a planned > debdiff and let you know once it's ready for review/upload. I though > would happy to receive feedback from the release team beforehand. Preliminary (and obviously not yet finished) patch as of the branch "buster" at https://salsa.debian.org/debian/wicd/tree/buster: diff --git a/debian/changelog b/debian/changelog index aa96f2b..0e00a8b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,17 @@ +wicd (1.7.4+tb2-7) UNRELEASED; urgency=medium + + [ Axel Beckert ] + TODO: Test on a machine with dhcpcd5 only before uploading! + + * Don't list dhcpcd5 as preferred DHCP client in the alternative +dependencies list. (Closes: #901592) + * Look for "dhcpcd5" instead of "dhcpcd". (Closes: #852343) + + [ Ondřej Nový ] + * d/copyright: Change Format URL to correct one + + -- Axel Beckert Fri, 15 Jun 2018 12:38:12 +0200 + wicd (1.7.4+tb2-6) unstable; urgency=low * Set "Rules-Requires-Root: no". diff --git a/debian/control b/debian/control index 9869ef6..6c5c4e8 100644 --- a/debian/control +++ b/debian/control @@ -42,7 +42,7 @@ Package: wicd-daemon Architecture: all Depends: adduser, dbus, - dhcpcd5 | isc-dhcp-client | pump | udhcpc, + isc-dhcp-client | pump | udhcpc | dhcpcd5, iputils-ping | inetutils-ping, lsb-base (>= 3.2-13), psmisc, diff --git a/debian/copyright b/debian/copyright index 8f973c9..a6f30e0 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,4 +1,4 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0 +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Source: https://launchpad.net/wicd/+download Files: * diff --git a/debian/patches/46-dhcpcd_is_now_dhcpcd5.patch b/debian/patches/46-dhcpcd_is_now_dhcpcd5.patch new file mode 100644 index 000..71cfd2f --- /dev/null +++ b/debian/patches/46-dhcpcd_is_now_dhcpcd5.patch @@ -0,0 +1,147 @@ +Description: Update binary names from dhcpcd to dhcpcd5 +Author: Axel Beckert +Bug-Debian: https://bugs.debian.org/852343 +Forwarded: no + +--- a/data/wicd.ui b/data/wicd.ui +@@ -1226,7 +1226,7 @@ + + + +-dhcpcd ++dhcpcd5 + True + True + False +--- a/in/man=nl=wicd-manager-settings.conf.5.in b/in/man=nl=wicd-manager-settings.conf.5.in +@@ -39,7 +39,7 @@ + .br + 1 = dhclient + .br +-2 = dhcpcd ++2 = dhcpcd5 + .br + 3 = pump + .TP +--- a/in/man=nl=wicd.8.in b/in/man=nl=wicd.8.in +@@ -37,7 +37,7 @@ + Wicd gebruikt ingebouwde Linux draadloze netwerktools, zoals ifconfig en + iwconfig, om netwerkinformatie te krijgen en in te stellen. Er is enige + flexibiliteit in het gebruik van DHCP, door het ondersteunen van dhclient, +-dhcpcd en pump. Wicd gebruikt wpa_supplicant voor alle draadloze ++dhcpcd5 en pump. Wicd gebruikt wpa_supplicant voor alle draadloze + coderingsinstellingen, en gebruikt een sjabloongebaseert systeem om de + configuratiebestanden te maken die door wpa_supplicant worden gebruikt. Deze + sjablonen kunnen worden bewerkt, en nieuwe sjablonen kunnen worden gemaakt door +@@ -153,7 +153,7 @@ + .BR mii-tool (8), + .BR ethtool (8), + .BR dhclient (8), +-.BR dhcpcd (8), ++.BR dhcpcd5 (8), + .BR pump (8). + + +--- a/in/man=wicd-manager-settings.conf.5.in b/in/man=wicd-manager-settings.conf.5.in +@@ -39,7 +39,7 @@ + .br + 1 = dhclient + .br +-2 = dhcpcd ++2 = dhcpcd5 + .br + 3 = pump + .TP +--- a/in/man=wicd.8.in b/in/man=wicd.8.in +@@ -35,7 +35,7 @@ + + Wicd uses built-in linux wireless-tools, such as ifconfig and iwconfig, to + get and configure network info. There is some flexibility in its use of DHCP, +-providing support for dhclient, dhcpcd, and pump. Wicd uses wpa_supplicant ++providing support for dhclient, dhcpcd5, and pump. Wicd uses wpa_supplicant + to handle all wireless encryption settings, and uses a template-based system + to create the configuration files used by wpa_supplicant. These templates + can be edited, and new templates can be created by the user and imported into +@@ -178,7 +178,7 @@ + .BR mii-tool (8), + .BR ethtool (8), + .BR dhclient (8), +-.BR dhcpcd (8), ++.BR dhcpcd5 (8), + .BR pump (8). + + +--- a/wicd/wnettools.py b/wicd/wnettools.py +@@ -307,7 +307,7 @@ + def get_client_name(cl): + """ Converts the integer value for a dhcp client to a string. """ + if self.dhcpcd_cmd and cl in [misc.DHCPCD, misc.AUTO]: +-client = "dhcpcd" ++client = "dhcpcd5" + cmd = self.dhcpcd_cm
Bug#928428: unblock: [pre-approval] wicd/1.7.4+tb2-7
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock In the light of dhcpcd5 automremoval (#928056, #928104, #928105), I'd like to upload a wicd package which relies less on dhcpcd5. It actually is already committed in Git, but the upload didn't happen due to not having found the time to test it thoroughly on a machine which only has dhcpcd5 installed. (Which I still plan to do, even iqn this light.) Currently the master branch of https://salsa.debian.org/debian/wicd contains a bit more commits than useful at this stage of the release, so I intent to cherry pick a bunch of these commits into a new branch for buster/1.7.4+tb2-7 and then upload the remaining commits with probably 1.7.4+tb2-8 after buster. What I'd cherry-pick in any case: * Don't list dhcpcd5 as preferred DHCP client in the alternative dependencies list. (Closes: #901592) This should (hopefully) also make wicd no more affected by dhcpcd5's autoremoval. What I think should be done, too, but is probably less important when dhcpcd5 is removed: * Look for "dhcpcd5" instead of "dhcpcd". (Closes: #852343) This is currently of normal severity but in combination with an unfixed #901592 it is actually grave as it doesn't find the default DHCP client anymore. Then again, if dhcpcd5 is no more the default or even removed, the current severity of normal is more than fitting. I'd also include these purely documentational changes: * d/copyright: Change Format URL to correct one I'll prepare a feature branch for this in git including a planned debdiff and let you know once it's ready for review/upload. I though would happy to receive feedback from the release team beforehand. -- System Information: Debian Release: 10.0 APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled
Bug#927080: unblock: links2/2.18-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock links2/2.18-2: It fixes a crash on invalid IDN URLs (e.g. http://test,ï.com/) which is currently present and easily reproducible in Debian Buster. See https://bugs.debian.org/926674 for the according Debian bug report. The patch has been provided by upstream to Debian and is part of upstream's 2.19 release (currently in Debian Experimental). Full debdiff between 2.18-1 and 2.18-2: diff -Nru links2-2.18/debian/changelog links2-2.18/debian/changelog --- links2-2.18/debian/changelog2019-01-23 01:58:22.0 +0100 +++ links2-2.18/debian/changelog2019-04-08 21:28:08.0 +0200 @@ -1,3 +1,10 @@ +links2 (2.18-2) unstable; urgency=low + + * Cherry-pick patch from upstream to fix crash on invalid IDN +URL. (Closes: #926674) + + -- Axel Beckert Mon, 08 Apr 2019 21:28:08 +0200 + links2 (2.18-1) unstable; urgency=medium * Import new upstream release 2.18. diff -Nru links2-2.18/debian/patches/fix-crash-on-invalid-idn-url.patch links2-2.18/debian/patches/fix-crash-on-invalid-idn-url.patch --- links2-2.18/debian/patches/fix-crash-on-invalid-idn-url.patch 1970-01-01 01:00:00.0 +0100 +++ links2-2.18/debian/patches/fix-crash-on-invalid-idn-url.patch 2019-04-08 21:28:08.0 +0200 @@ -0,0 +1,20 @@ +Description: Fix a crash on invalid IDN URL + Example: http://test,ï.com/ + . + Found by lsxv...@gmail.com. +Origin: commit 9dc711da9b61431f83f863920583d4c9d3bea26d +Author: Mikulas Patocka +Date: Sat Mar 30 22:36:43 2019 +0100 +Bug-Debian: https://bugs.debian.org/926674 + +--- a/url.c b/url.c +@@ -1153,6 +1153,8 @@ + url_enc = idn_encode_url(url_conv2, 0); + else + url_enc = idn_encode_host(url_conv2, (int)strlen(cast_const_char url_conv2), separator, 0); ++ if (!url_enc) ++ url_enc = stracpy(url_conv2), is_idn = 1; + mem_free(url_conv2); + if (!strcmp(cast_const_char url_enc, cast_const_char url)) { + if (is_idn && warn_idn) { diff -Nru links2-2.18/debian/patches/series links2-2.18/debian/patches/series --- links2-2.18/debian/patches/series 2018-03-29 01:51:56.0 +0200 +++ links2-2.18/debian/patches/series 2019-04-08 21:28:08.0 +0200 @@ -5,3 +5,4 @@ use-local-calibration-files.diff use-packaged-publicsuffix.diff fix-FTBFS-with-autoreconf-enabled.diff +fix-crash-on-invalid-idn-url.patch So please unblock links2/2.18-2 -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled
Bug#925194: unblock: [pre-approval] qutebrowser/1.6.1-1 or qutebrowser/1.6.0-2?
Control: tag -1 - moreinfo Hi Paul, Axel Beckert wrote: > Paul Gevers wrote: > > Please upload the 1.6.1-1 version in experimental to unstable an removed > > the moreinfo tag when it is build (I couldn't find logs on buildd.d.o, > > please do a source-only upload). > > Will do. Thanks for the review! Uploaded last night. (Was travelling, so it took a day until I had the occassion to do an upload.) It build fine: https://buildd.debian.org/status/package.php?p=qutebrowser Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#925194: unblock: [pre-approval] qutebrowser/1.6.1-1 or qutebrowser/1.6.0-2?
Hi Paul, Paul Gevers wrote: > Please upload the 1.6.1-1 version in experimental to unstable an removed > the moreinfo tag when it is build (I couldn't find logs on buildd.d.o, > please do a source-only upload). Will do. Thanks for the review! Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#925194: unblock: [pre-approval] qutebrowser/1.6.1-1 or qutebrowser/1.6.0-2?
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear Release Team, qutebrowser upstream (Florian Bruhin, X-Debbugs-CC'ed) has released a bugfix release for the 1.6.x series which we currently have in Buster. It fixes at least one crash and some (syntax/conformance) issues with the .desktop file and the icons it uses. I consider at least the crash and the issues with the .desktop file as severity important if not RC because both cause unexpected misbehaving. The impact of the SVG conformance issue is currently unclear to me, but some Freedesktop related validators argue about wrong dimensions/scaling according to upstream. There are also included tiny fixes for one UI issue and one rendering issue as well as some commits reducing resource usage and test suite dependencies. (Florian: please correct me if understood these wrong.) The whole upstream source diff is at https://github.com/qutebrowser/qutebrowser/compare/v1.6.0...v1.6.1 (15 commits, 15 changed files, 88 added lines and 30 deleted lines), but also attached. diff --git a/doc/changelog.asciidoc b/doc/changelog.asciidoc index 46b9a12abb..076fa00320 100644 --- a/doc/changelog.asciidoc +++ b/doc/changelog.asciidoc @@ -15,6 +15,26 @@ breaking changes (such as renamed commands) can happen in minor releases. // `Fixed` for any bug fixes. // `Security` to invite users to upgrade in case of vulnerabilities. +v1.6.1 +-- + +Changed +~~~ + +- Windows/macOS releases now ship with Qt 5.12.2, which includes + security fixes up to Chromium 72.0.3626.121 (including CVE-2019-5786 + which is known to be exploited in the wild). + +Fixed +~ + +- Crash when using `:config-{dict,list}-{add,remove}` with an invalid setting. +- Functionality like hinting on pages with an element with ID `_qutebrowser` (such as qutebrowser.org) on Qt 5.12. +- The .desktop file in v1.6.0 was missing the "Actions" key, which is now fixed. +- The SVG icon now has a size of 256x256px set to comply with freedesktop standards. +- Setting `colors.statusbar.*.bg` to a gradient now has the expected effect of + the gradient spanning the entire statusbar. + v1.6.0 -- diff --git a/doc/help/commands.asciidoc b/doc/help/commands.asciidoc index 2d71a28c13..f0328f2c64 100644 --- a/doc/help/commands.asciidoc +++ b/doc/help/commands.asciidoc @@ -165,8 +165,7 @@ If no command is given, show the current binding for the given key. Using :bind * +'command'+: The command to execute, with optional args. optional arguments -* +*-m*+, +*--mode*+: A comma-separated list of modes to bind the key in (default: `normal`). See `:help bindings.commands` for the - available modes. +* +*-m*+, +*--mode*+: The mode to bind the key in (default: `normal`). See `:help bindings.commands` for the available modes. * +*-d*+, +*--default*+: If given, restore a default binding. @@ -1425,7 +1424,7 @@ Unbind a keychain. optional arguments -* +*-m*+, +*--mode*+: A mode to unbind the key in (default: `normal`). See `:help bindings.commands` for the available modes. +* +*-m*+, +*--mode*+: The mode to unbind the key in (default: `normal`). See `:help bindings.commands` for the available modes. [[undo]] diff --git a/icons/qutebrowser.svg b/icons/qutebrowser.svg index 47ef97b75a..b26c80c2b1 100644 --- a/icons/qutebrowser.svg +++ b/icons/qutebrowser.svg @@ -9,13 +9,13 @@ xmlns="http://www.w3.org/2000/svg; xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd; xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape; - width="650.00012" - height="650.00018" - viewBox="0 0 650.0001 650.00015" + width="256" + height="256" + viewBox="0 0 255.9 255.9" id="svg4546" version="1.1" - inkscape:version="0.91 r13725" - sodipodi:docname="qutebrowser-logo.svg"> + inkscape:version="0.92.3 (2405546, 2018-03-11)" + sodipodi:docname="qutebrowser.svg"> + transform="translate(522.14287,-1192.7909)"> + transform="matrix(0.39384608,0,0,0.39384608,1551.3054,331.90062)"> qutebrowser-logo @@ -98,7 +98,7 @@ sodipodi:nodetypes="cssccsssccssc" inkscape:connector-curvature="0" id="qutebrowser-letterform-classical-clone" - d="m -4845.3304,2264.927 -85.7148,51.123 0,130.7539 85.7148,-51.123 z m -149.0039,11.4375 c -78.5937,-0.4315 -227.4791,22.2666 -228.1386,190.8066 -0.8,204.4536 152.4167,157.7755 187.1425,137.1426 66.7691,-39.4285 135.559,-81.1427 198.5723,-118.0625 34.3158,-20.0731 98.5703,-33.1412 98.5703,61.1445 0,94.2857 -69.7669,123.5203 -107.1426,121.5 l 0,-159.2324 -85.7148,50.5879 0,181.7148 c 4.6167,0.947 22.0891,3.2468 46.1484,3.3789 78.5937,0.4315 227.4792,-22.2666 228.1387,-190.8066 0.8,-204.4536 -152.4167,-157.7755 -187.1426,-137.1426 -66.7691,39.4286 -135.5589,81.1428 -198.5722,118.0625 -34.3158,20.0731 -98.5703,33.1412 -98.5703,-61.1445 0,-94.2857 69.7669,-123.5203 107.1425,-121.5 l
Bug#913069: python3-arcus + python3-savitar missing in the transition page, but uninstallable
Hi, Emilio Pozuelo Monfort wrote: > > https://release.debian.org/transitions/html/python3.7-default.html > > says: "Affected: .build-depends ~ /python3-dev/" > > > > But that doesn't suffice, there's likely a "| .build-depends ~ > > /python3-all-dev/" missing. > > That would introduce a lot of false positives, because most packages that > build-dep on python3-all-dev are not affected by the default change, as they > should already build for all the supported versions, including python3.7. I > would prefer to handle this via > > is_affected: .depends ~ /python3 (< > or similar. I see. Thanks for the explanation. > Both packages binNMUed. Thanks! libsavitar seems to have worked well, but libarcus FTBFS on many, but not all architectures. I filed a bug report to track this one: https://bugs.debian.org/914953 Mattia Rizzolo wrote: > Anyway, I'm confident we will find such weird causes other ways. q.e.d. ;-) > > Affected source package is e.g. libarcus whose binary package > > python3-arcus is currently uninstallable, but has no python3-dev in > > the build-dependencies: > > > > Build-Depends: debhelper (>= 10.2.1), cmake (>= 2.8.12), dh-python, > >libprotobuf-dev (>= 3.0.0), libprotoc-dev (>= 3.0.0), > >protobuf-compiler (>= 3.0.0), python3-all-dev, python3-sip-dev > > That's a bug: https://bugs.debian.org/905803 > > > The same counts for python3-savitar and src:libsavitar: > > > > Build-Depends: debhelper (>= 10.2.1), cmake (>= 2.8.12), dh-python, > >libpugixml-dev (>= 1.7), python3-all-dev, python3-sip-dev (>= > >4.19.12+dfsg-1) | python3-sip-dev (<< 4.19.11+dfsg-1) > > And another bug: https://bugs.debian.org/909730 Thanks for referring to these bug reports! Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#913069: python3-arcus + python3-savitar missing in the transition page, but uninstallable
Hi, https://release.debian.org/transitions/html/python3.7-default.html says: "Affected: .build-depends ~ /python3-dev/" But that doesn't suffice, there's likely a "| .build-depends ~ /python3-all-dev/" missing. Affected source package is e.g. libarcus whose binary package python3-arcus is currently uninstallable, but has no python3-dev in the build-dependencies: Build-Depends: debhelper (>= 10.2.1), cmake (>= 2.8.12), dh-python, libprotobuf-dev (>= 3.0.0), libprotoc-dev (>= 3.0.0), protobuf-compiler (>= 3.0.0), python3-all-dev, python3-sip-dev The same counts for python3-savitar and src:libsavitar: Build-Depends: debhelper (>= 10.2.1), cmake (>= 2.8.12), dh-python, libpugixml-dev (>= 1.7), python3-all-dev, python3-sip-dev (>= 4.19.12+dfsg-1) | python3-sip-dev (<< 4.19.11+dfsg-1) P.S.: I'm not subscribed to the bug report, please Cc on reply. Reply-To is set. Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Re: Bug#882099: libnih1: Dependency from libc6<2.25 breaks dist-upgrade
Hi again, Axel Beckert wrote: > Indeed. It still depends on libc6 < 2.25 despite being rebuilt against > libc6 2.25 according to > https://buildd.debian.org/status/package.php?p=libnih Nope, the rebuilt against libc6 2.25 went wrong and was still against version 2.24, at least on amd64: https://buildd.debian.org/status/fetch.php?pkg=libnih=amd64=1.0.3-8%2Bb1=155842=0 And a local rebuilt in pbuilder (as of Git HEAD in the packaging repo) worked fine and shows the proper dependencies. So for now, it just seems necessary to fix the binary rebuild (BinNMU). And since the release team is tracking this at https://release.debian.org/transitions/html/glibc-2.25.html anyway, I expect them to notice that, too, very soon, or already have. Nevertheless, Cc'ing them to make sure they're aware of this bug report. As far as I can see, this bug can be closed when the fixed rebuild on amd64 hits unstable. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#862961: jessie-pu: package libembperl-perl/2.5.0-4+deb8u1
Hi, Cyril Brulebois wrote: > gregor herrmann <gre...@debian.org> (2017-06-28): > > So the only remaining code change is actually: > > > > #v+ > > --- a/debian/zembperl.load.in > > +++ b/debian/zembperl.load.in > > @@ -1,6 +1,6 @@ > > # The sucky "zembperl" name is so we load after perl > > > > -# Depends: perl > > +# Recommends: perl > > > > > >LoadModule embperl_module @ARCHLIB@/auto/Embperl/Embperl.so > > #v- > > > > > > I've now tentatively changed d/changelog to say > > > > #v+ > > * Change hard dependency on mod_perl in zembperl.load to Recommends. > > mod_perl is not required, and is enabled by default anyway if it is > > installed. > > This change matches the package dependencies and fixes an installation > > failure when libapache2-mod-perl2 is not installed. > > (Closes: #810655) > > #v- > > > > > > Does this make sense? > > I think the situation is clearer with your explanations above, and the > changes+changelog look in sync and reasonable. *nod* Looks fine to me, too. > > I'm attaching the full new debdiff, and I'm looping in Axel for a sanity > > check. > > I won't be tagging this bug report with +confirmed right away, since we're > awaiting for some more feedback, but the proposed changes look good to me. No objections from my side. I only vaguely remember the case back then, but I do remember that there were issues if mod_perl wasn't installed despite Embperl can be used without, e.g. as CGI. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE signature.asc Description: Digital signature
Bug#864783: RM: aiccu/20070115-17
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Control: severity 863720 serious Control: found 863720 20070115-14 Hi, the sunset of SixXS has passed, see https://bugs.debian.org/863720 for details and discussion. And unfortunately, neither * SixXS changed their mind, nor * did SixXS open-source the server implementation, nor * did someone else come up with an AYIYA(*) server implementation or a comparable service. There though seems to be one ISP though which uses aiccu to setup tunnels for his own customers, but also only for them as the authentication seems to be based on the MAC address from where the TIC(**) request comes from. See https://en.wikipedia.org/wiki/AICCU#Usage and http://n6.netbox.cz/mediawiki/index.php/AICCU (the latter is in Czech language only.) I also doubt that they've implemented an AYIYA server for the tunnel and suspect they use other tunnel types. https://en.wikipedia.org/wiki/List_of_IPv6_tunnel_brokers also lists AARNet as existing tunnel broker and at least in the past this broker was supported by aiccu officially. (See https://web.archive.org/web/20061026034634/http://www.sixxs.net/tools/aiccu/brokers/.) And http://broker.aarnet.net.au/ indeed still exists. But then again they're listed as "broken" on Wikipedia. And the TIC server implementation I found on CPAN (https://metacpan.org/pod/Net::SixXS::TIC::Server) is rather esoteric respectively academic. While it seems to be able to communicate with aiccu, no according AYIYA server implementation showed up so you can only use it with tunnel protocols where better clients exist anyways. So the only production-mode way to still use aiccu is with Netbox.cz while being one of their customers. But neither Mike (AFAIK) nor I are customers of Netbox.cz. Hence I must agree with a heavy heart that it indeed is better to remove aiccu from Stretch as we can't really fully test it anymore for e.g. stable security updates or so. Other distributions have removed aiccu as well, e.g. OpenWRT at https://github.com/openwrt/packages/commit/441f8a3e So please remove aiccu from Stretch. There seem to be no reverse dependencies and also no reverse build dependencies. Mike and me agreed to keep it around in Debian Unstable for at least a few more months in the hope that any of the above mentioned events still happen. If neither of these events happen (within a year or so), we'll likely let aiccu also be removed from Debian Unstable. Accordingly I'm setting #863720 back to serious with this mail to keep it out of testing for now. I'll probably also open an RFA with the explicit mention that the only known use case are customers of Netbox.cz. *sigh* (*) AYIYA is aiccu's most used tunneling protocol and the only one suitable for NAT traversal and dynamic IPs. Unfortunately there's no publically available server implementation. (**) TIC is the Tunnel Information and Control protocol, i.e. a protocol to gather the necessary information to setup tunnels. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE signature.asc Description: Digital signature
Bug#864233: unblock: linux/4.9.30-1
Hi, Ben Hutchings wrote: > This includes many important bug fixes, including security fixes. It > adds support for system reset on Malta boards, additional GPUs on > ARM64 systems, and PL011 serial consoles on ARM64 systems. It makes > the efivarfs module available in the installer, which is important for > supporting some x86 systems. > > The debdiff would be too large for you to review, unfortunately. > Instead, here are the changelog entries: > > linux (4.9.30-1) unstable; urgency=medium JFTR: This upload of linux 4.9.30-1 to unstable made at least one package start to FTBFS in unstable, namely radvd. Please see https://bugs.debian.org/864269 for details. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#864000: unblock: debian-goodies/0.69.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-goodies version 0.69.1. Laurent Bigonville discovered a syntax error in check-enhancements, one of debian-goodies' scripts. It shows up in most use cases of that script and hence makes that script unusable in the way it's usually used (by checking enhancements for all installed packages). The other change is a fix which is in Debian Experimental since 22nd of April (without any related bug reports) and was the result of a comment by a release team member after reviewing the changes for 0.69, but wasn't worth an upload of its own. Full debdiff: diff -Nru debian-goodies-0.69/check-enhancements debian-goodies-0.69.1/check-enhancements --- debian-goodies-0.69/check-enhancements 2016-08-06 14:46:24.0 +0200 +++ debian-goodies-0.69.1/check-enhancements2017-06-03 00:46:22.0 +0200 @@ -62,7 +62,7 @@ case $? in 0) if test $OPT_VERBOSE != 0; then echo -e "Package <<$1>> could be Enhanced by:"; fi ;; - 1) continue + 1) return ;; *) echo "${SELF}: Internal Error!" exit 1 diff -Nru debian-goodies-0.69/checkrestart debian-goodies-0.69.1/checkrestart --- debian-goodies-0.69/checkrestart2017-02-20 02:28:58.0 +0100 +++ debian-goodies-0.69.1/checkrestart 2017-02-28 00:23:41.0 +0100 @@ -131,6 +131,7 @@ if line.startswith("#"): continue blacklist.append(re.compile(line.strip())) +blacklistFile.close() # Start checking diff -Nru debian-goodies-0.69/debian/changelog debian-goodies-0.69.1/debian/changelog --- debian-goodies-0.69/debian/changelog2017-02-20 02:37:42.0 +0100 +++ debian-goodies-0.69.1/debian/changelog 2017-06-03 00:56:48.0 +0200 @@ -1,3 +1,13 @@ +debian-goodies (0.69.1) unstable; urgency=high + + * Fix missing close statement in checkrestart. (c.f. #84) +Thanks Emilio Pozuelo Monfort! + * Fix syntax error in check-enhancements when querying a package which +isn't enhanced by any other package or when querying all installed +packages. (Closes: #863944) Thanks Laurent Bigonville! + + -- Axel Beckert <a...@debian.org> Sat, 03 Jun 2017 00:56:48 +0200 + debian-goodies (0.69) unstable; urgency=low * checkrestart: Fix regression with -b/--blacklist from python3 So please... unblock debian-goodies/0.69.1 -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
Re: Bug#863705: aptitude: symbol lookup error: aptitude: undefined symbol:
Control: clone -1 -2 Control: reassign -2 libstdc++6 6.3.0-18 Control: retitle -2 libstdc++6: Add versioned Breaks against libxapian30/1.4.1-1~bpo8+1 Control: severity -2 serious Hi, Sven Joachim wrote: > >> > aptitude: symbol lookup error: aptitude: undefined symbol: > >> _ZNK6Xapian8Database14postlist_beginERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE > >> > >> This happens because libxapian30 from jessie-backports is not compatible > >> with libstdc++6 from unstable [...] > > Or maybe even better: libstdc++6 should break with this version of > > libxapian30 from backports. > > That's probably the most realistic way considering the proximity of the > stretch release. Cloning this bug report accordingly against libstdc++6. Debian Release Team: Feel free to downgrade the severity of the cloned bug report. For now, I leave it at RC. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#863588: unblock: wicd/1.7.4+tb2-4 (documentation and translation only)
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package wicd, it only contains documentation fixes, translation bug fixes and one new translation: * I oversaw in the previous upload that there was still an outdated, non-source-format-3.0 related debian/README.source. I replaced it with some useful documentation for the team. * A semantically wrong translation ("automatically connect" vs "never connect") has been found and fixed in the Galician translation file. See https://bugs.debian.org/856690. * A Vietnamese translation file has been added. * One uploader's name has been normalized to ASCII-only letters. Diffstat: README.source | 28 21 +7 - 0 ! changelog | 18 16 +2 - 0 ! control |2 1 + 1 - 0 ! patches/43-fix-wrong-Galician-translation.patch | 19 19 +0 - 0 ! patches/series |1 1 + 0 - 0 ! po/vi.po| 33 33 +0 - 0 ! 6 files changed, 91 insertions(+), 10 deletions(-) Full debdiff: diff -Nru wicd-1.7.4+tb2/debian/README.source wicd-1.7.4+tb2/debian/README.source --- wicd-1.7.4+tb2/debian/README.source 2016-01-23 22:43:47.0 +0100 +++ wicd-1.7.4+tb2/debian/README.source 2017-05-24 21:36:58.0 +0200 @@ -1,12 +1,26 @@ wicd for Debian +=== -This package uses quilt to manage all modifications to the upstream -source. Changes are stored in the source package as diffs in -debian/patches and applied during the build. +Where to look for wicd patches from other distributions? + -Please read how to use quilt in the provided documentation: +* Gentoo: + https://gitweb.gentoo.org/repo/gentoo.git/tree/net-misc/wicd/files +* ArchLinux: + + https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/wicd + + https://aur.archlinux.org/cgit/aur.git/tree/?h=wicd-patched +* Voidlinux: + https://github.com/voidlinux/void-packages/tree/master/srcpkgs/wicd/patches +* Pull-requests against outdated upstream repo at GitHub: + https://github.com/dpaleino/wicd/pulls +* openSUSE: + https://build.opensuse.org/package/show/home:msalle:extras/wicd - /usr/share/doc/quilt/README.source +Bug reports with patches + - -- David Paleino <d.pale...@gmail.com> Wed, 24 Dec 2008 10:40:45 +0100 +* Upstream: https://bugs.launchpad.net/wicd/+bugs?field.tag=patch +* Ubuntu: + https://bugs.launchpad.net/ubuntu/+source/wicd/+bugs?field.tag=patch + + -- Axel Beckert <a...@debian.org>, Wed, 24 May 2017 21:36:58 +0200 diff -Nru wicd-1.7.4+tb2/debian/changelog wicd-1.7.4+tb2/debian/changelog --- wicd-1.7.4+tb2/debian/changelog 2017-01-22 17:16:07.0 +0100 +++ wicd-1.7.4+tb2/debian/changelog 2017-05-28 22:20:00.0 +0200 @@ -1,3 +1,17 @@ +wicd (1.7.4+tb2-4) unstable; urgency=medium + + [ Axel Beckert ] + * Drop old quilt-related contents of debian/README.source and hijack it +for inter-distribution hints. + + [ Giap Tran ] + * Add patch to fix wrong Galician translation (Closes: #856690, +LP: #1689138) + * Add Vietnamese translation. + * Change my name to ASCII-compatible variant also in debian/changelog. + + -- Axel Beckert <a...@debian.org> Sun, 28 May 2017 22:20:00 +0200 + wicd (1.7.4+tb2-3) unstable; urgency=medium [ Axel Beckert ] @@ -18,7 +32,7 @@ (re)generates. Also update mention path in an older NEWS.Debian item to avoid confusion. (Closes: #773809) - [ Giáp Trần ] + [ Giap Tran ] * Remove $DAEMON_OPTIONS from reload function. [ John C. Peterson ] @@ -41,7 +55,7 @@ * Declare compliance with Debian Policy 3.9.8. (No changes needed.) * Switch Vcs-Git header from git:// to https://. - [ Giáp Trần ] + [ Giap Tran ] * Add default DAEMON_ARGS="--keep-connection" to /etc/default/wicd (Closes: #816076) diff -Nru wicd-1.7.4+tb2/debian/control wicd-1.7.4+tb2/debian/control --- wicd-1.7.4+tb2/debian/control 2017-01-22 06:08:42.0 +0100 +++ wicd-1.7.4+tb2/debian/control 2017-05-08 00:41:25.0 +0200 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Debian WICD Packaging Team <pkg-wicd-ma...@lists.alioth.debian.org> Uploaders: Axel Beckert <a...@debian.org>, - Giáp Trần <txg...@gmail.com> + Giap Tran <txg...@gmail.com> Build-Depends: debhelper (>= 9~), dh-python, python (>= 2.6.6-3~) diff -Nru wicd-1.7.4+tb2/debian/patches/43-fix-wrong-Galician-translation.patch wicd-1.7.4+tb2/debian/patches/43-fix-wrong-Galician-translation.patch --- wicd-1.7.4+tb2/debian/patches/43-fix-wrong-Galici
Bug#863220: unblock: screen/4.5.0-6
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear Release Team, Dear D-I Release Manager, please unblock package screen/4.5.0-6. Daniel Kahn Gillmor (beside others upstream) noticed that in 4.5.0 the -L commandline option was subtly broken in a way that -L is documented to have an optional parameter, but in fact, the parameter becomes non-optional if further commandline options (i.e. parameters are starting with a dash) are given as the next parameter after -L (if existing) is unconditionally treated as log file name and screen bails out if a log file name starts with a dash. This leads to breakage in screen's commandline API: Some option combinations are no more possible (due to potential positional parameters after all options) without explicitly giving an log file name as parameter to -L. But in previous screen versions -L didn't accept any parameter, so any potential parameter would have been treated like a positional parameter. This makes screen behaving severly different with the same parameters depending on the version. Namely it works as expected in all versions except 4.5.0 since upstream has fixed that API breakage in 4.5.1 (already in experimental). So I cherry-picked the first and simplest commit in 4.5.1 targeting this issue. It was later rewritten for the final 4.5.1 release to add additional options and further logic, but it already fixed most of the API breakage. While testing the patch I noticed that upstream forgot to revert anticipatorily incremented/decremented counters (ac, av) if the next argument starts with a dash. I've added two lines ("av--;" and "ac++;") and that's the only difference between the patch in 4.5.0-6 and upstream's variant at http://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4=c14e05e7c36c64d85198ed0fc89177427ece48d4 I must admit, I haven't tested it inside D-I, but since I haven't heard of any D-I breakage due to that unplanned CLI API change in 4.5.0, I don't expect any breakage when I'm fixing that API breakage. Full debdiff between 4.5.0-5 in testing and 4.5.0-6 in unstable: diff -Nru screen-4.5.0/debian/changelog screen-4.5.0/debian/changelog --- screen-4.5.0/debian/changelog 2017-04-04 01:14:01.0 +0200 +++ screen-4.5.0/debian/changelog 2017-05-23 01:57:09.0 +0200 @@ -1,3 +1,12 @@ +screen (4.5.0-6) unstable; urgency=low + + * Cherry-pick c14e05e7 to fix -L parsing regression. (Closes: #863095) ++ Modify patch to revert anticipatorily incremented/decremented + counters if next argument starts with a dash. ++ Refresh line-numbers in 80_session_creation_docs.patch. + + -- Axel Beckert <a...@debian.org> Tue, 23 May 2017 01:57:09 +0200 + screen (4.5.0-5) unstable; urgency=low * Replace all occurrences of /var/run/ in packaging with /run/. (Closes: diff -Nru screen-4.5.0/debian/patches/64-cherry-pick-c14e05e7-to-fix-cli-api-regression.patch screen-4.5.0/debian/patches/64-cherry-pick-c14e05e7-to-fix-cli-api-regression.patch --- screen-4.5.0/debian/patches/64-cherry-pick-c14e05e7-to-fix-cli-api-regression.patch 1970-01-01 01:00:00.0 +0100 +++ screen-4.5.0/debian/patches/64-cherry-pick-c14e05e7-to-fix-cli-api-regression.patch 2017-05-23 01:56:25.0 +0200 @@ -0,0 +1,65 @@ +Origin: c14e05e7c36c64d85198ed0fc89177427ece48d4 +Author: Alexander Naumov <alexander_nau...@opensuse.org> +Description: Ignore logfile's name that begins with the "-" symbol + This fixes the API: + . + To enable logging we use -L option. But in case of + default logfile name (screenlog.0) we will need to + define it anyway. Because screen will try to interpret + next option as a parameter for -L option (which is + logfile name). It will fails ALWAYS, because next + parameter will always start with "-" symbol... + what is not permited for logfile name of course. + . + For example: + . + $ screen -L -D -m ./configure + . + In this case logfile name is screenlog.0, because "-D" + will not be interpreted by screen as a name of logfile. +Bug-Debian: https://bugs.debian.org/863095 +Bug: https://savannah.gnu.org/bugs/?50440 +Reviewd-By: Axel Beckert <a...@debian.org> + +--- a/doc/screen.1 b/doc/screen.1 +@@ -262,8 +262,8 @@ + tells + .I screen + to turn on automatic output logging for the windows. By default, logfile's name +-is screenlog.1. You can sets new name: add it right after -L option e.g. "screen +--L my_logfile". ++is screenlog.0. You can set new name: add it right after -L option e.g. "screen ++-L my_logfile". Keep in mind that name can not start with "-" symbol. + .TP 5 + .B \-m + causes +--- a/doc/screen.texinfo b/doc/screen.texinfo +@@ -334,7 +334,9 @@ + + @item -L + Tell @code{screen} to turn on automatic output logging for the +-windows. ++windows. By default, logfile's name is screenlog.0. You can set new name:
Bug#863087: unblock: fwsnort/1.6.5-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock In case you consider https://bugs.debian.org/862485 ("fwsnort mustn't set iptables rules when purged") as RC (as the reporter does and I don't), please unblock fwsnort/1.6.5-4. In case you don't consider this RC and don't want to unblock fwsnort, please downgrade #862485 again accordingly. full debdiff: diff -Nru fwsnort-1.6.5/debian/changelog fwsnort-1.6.5/debian/changelog --- fwsnort-1.6.5/debian/changelog 2017-05-07 11:47:15.0 +0200 +++ fwsnort-1.6.5/debian/changelog 2017-05-14 22:57:20.0 +0200 @@ -1,3 +1,13 @@ +fwsnort (1.6.5-4) unstable; urgency=medium + + * QA upload. + * Flush all fwsnort firewall rules during prerm at package removal time +instead of restoring the firewall state from before "fwsnort +--ipt-apply" was called the last time at package purging time. +(Closes: #862485) + + -- Axel Beckert <a...@debian.org> Sun, 14 May 2017 22:57:20 +0200 + fwsnort (1.6.5-3) unstable; urgency=medium * QA upload. diff -Nru fwsnort-1.6.5/debian/fwsnort.postrm fwsnort-1.6.5/debian/fwsnort.postrm --- fwsnort-1.6.5/debian/fwsnort.postrm 2017-05-07 11:43:40.0 +0200 +++ fwsnort-1.6.5/debian/fwsnort.postrm 2017-05-14 21:05:27.0 +0200 @@ -5,12 +5,6 @@ # In case the user wants to purge the fwsnort package, we must manually remove # some files. if [ "$1" = "purge" ]; then - # Remove all fwsnort generated firewall rules - if [ -f /var/lib/fwsnort/fwsnort.save ]; then - echo "[+] Reverting to original iptables policy..." - grep -Fv FWSNORT /var/lib/fwsnort/fwsnort.save | iptables-restore - fi - # Remove old log files (default directory) if [ -d /var/log/fwsnort ]; then find /var/log/fwsnort/ -type f -exec rm {} \; diff -Nru fwsnort-1.6.5/debian/fwsnort.prerm fwsnort-1.6.5/debian/fwsnort.prerm --- fwsnort-1.6.5/debian/fwsnort.prerm 1970-01-01 01:00:00.0 +0100 +++ fwsnort-1.6.5/debian/fwsnort.prerm 2017-05-14 22:34:17.0 +0200 @@ -0,0 +1,28 @@ +#!/bin/sh + +set -e + +if [ "$1" = "remove" ]; then +FWSNORT_CHAINS=$(iptables -L -n | fgrep 'Chain FWSNORT' | awk '{print $2}') +if [ -n "${FWSNORT_CHAINS}" ]; then +# Remove all fwsnort generated firewall rules +fwsnort --ipt-flush + +# --ipt-flush doesn't remove the additional chains of fwsnort, but +# --ipt-revert is not recommended for cleaning up according to +# the man page. So do that manually. *sigh* + +# Remove all potential leftover references in other chains +iptables -D INPUT ! -i lo -j FWSNORT_INPUT || true +iptables -D FORWARD ! -i lo -j FWSNORT_FORWARD || true +iptables -D OUTPUT ! -o lo -j FWSNORT_OUTPUT || true + +# Remove remaining chains +for fwsnort_chain in ${FWSNORT_CHAINS} ; do +iptables -X "${fwsnort_chain}" +done +fi +fi +#DEBHELPER# + +exit 0 unblock fwsnort/1.6.5-4 -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (990, 'unstable'), (980, 'unstable-debug'), (600, 'testing'), (111, 'buildd-unstable'), (111, 'buildd-experimental'), (110, 'experimental'), (105, 'experimental-debug') Architecture: amd64 (x86_64) Kernel: Linux 4.11.0-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#862043: unblock: fwsnort/1.6.5-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package fwsnort 1.6.5-3. It fixes two bug reports (1 RC, 1 important) and fixes the DEP-5 debian/copyright syntax (lintian warning dep5-copyright-license-name-not-unique). My patch for the RC bug already has been accepted upstream and triggered a new upstream release (1.6.7). Additionally it contains the following changes: * Adding a debian/gbp.conf to declare the non-standard git branch being used. This should be a no-op for building the package from source, but fixes building the package from git. * Updating Vcs-Git to declare the non-standard branch, too. * Update the Maintainer field as the package has been orphaned due to Franck Joncourt's retirement. diff -Nru fwsnort-1.6.5/debian/changelog fwsnort-1.6.5/debian/changelog --- fwsnort-1.6.5/debian/changelog 2014-08-30 19:11:55.0 +0200 +++ fwsnort-1.6.5/debian/changelog 2017-05-07 11:47:15.0 +0200 @@ -1,3 +1,23 @@ +fwsnort (1.6.5-3) unstable; urgency=medium + + * QA upload. + * Remove all fwsnort generated firewall rules upon purge. +(Closes: #861999) + * Fix debian/copyright syntax by using a separate License stanza. + + -- Axel Beckert <a...@debian.org> Sun, 07 May 2017 11:47:15 +0200 + +fwsnort (1.6.5-2) unstable; urgency=medium + + * Orphan the package. (See #831274.) ++ Set Maintainer to Debian QA Group. + * Add a debian/gbp.conf and "-b debian" to Vcs-Git to reflect the git +repository layout. + * Add patch to also remove square brackets from single port definitions. +(Closes: #860164) + + -- Axel Beckert <a...@debian.org> Sat, 06 May 2017 16:17:38 +0200 + fwsnort (1.6.5-1) unstable; urgency=low * Imported Upstream version 1.6.5 diff -Nru fwsnort-1.6.5/debian/control fwsnort-1.6.5/debian/control --- fwsnort-1.6.5/debian/control2014-08-30 19:11:55.0 +0200 +++ fwsnort-1.6.5/debian/control2017-05-07 11:12:59.0 +0200 @@ -3,9 +3,9 @@ Priority: optional Build-Depends: debhelper (>= 8) Build-Depends-Indep: po-debconf -Maintainer: Franck Joncourt <fra...@debian.org> +Maintainer: Debian QA Group <packa...@qa.debian.org> Standards-Version: 3.9.5 -Vcs-git: git://anonscm.debian.org/collab-maint/fwsnort.git +Vcs-Git: git://anonscm.debian.org/collab-maint/fwsnort.git -b debian Vcs-Browser: https://anonscm.debian.org/gitweb/?p=collab-maint/fwsnort.git;a=summary Homepage: http://www.cipherdyne.org/fwsnort/ diff -Nru fwsnort-1.6.5/debian/copyright fwsnort-1.6.5/debian/copyright --- fwsnort-1.6.5/debian/copyright 2014-08-30 19:11:55.0 +0200 +++ fwsnort-1.6.5/debian/copyright 2017-05-07 11:43:40.0 +0200 @@ -6,14 +6,17 @@ Files: * Copyright: Copyright 2003-2012 by Michael B. Rash <m...@cipherdyne.com> License: GPL-2+ - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. You can find a copy of it in your - Debian system under /usr/share/common-licenses/ Files: debian/* Copyright: Copyright 2008-2012 by Franck Joncourt <fra...@debian.org> License: GPL-2+ +Comment: Debian packaging is licensed under the same terms as the software itself (see above). + +License: GPL-2+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. You can find a copy of it in your + Debian system under /usr/share/common-licenses/ diff -Nru fwsnort-1.6.5/debian/fwsnort.postrm fwsnort-1.6.5/debian/fwsnort.postrm --- fwsnort-1.6.5/debian/fwsnort.postrm 2014-08-30 19:11:55.0 +0200 +++ fwsnort-1.6.5/debian/fwsnort.postrm 2017-05-07 11:43:40.0 +0200 @@ -5,6 +5,11 @@ # In case the user wants to purge the fwsnort package, we must manually remove # some files. if [ "$1" = "purge" ]; then + # Remove all fwsnort generated firewall rules + if [ -f /var/lib/fwsnort/fwsnort.save ]; then + echo "[+] Reverting to original iptables policy..." + grep -Fv FWSNORT /var/lib/fwsnort/fwsnort.save | iptables-restore + fi # Remove old log files (default directory) if [ -d /var/log/fwsnort ]; then diff -Nru fwsnort-1.6.5/debian/gbp.conf fwsnort-1.6.5/debian/gbp.conf --- fwsnort-1.6.5/debian/gbp.conf 1970-01-01 01:00:00.0 +0100 +++ fwsnort-1.6.5/debian/gbp.conf 2017-05-06 12:18:38.0 +0200 @@ -0,0 +1,4 @@ +# Configuration file for git-buildpackage and friends + +[DEFAULT] +debian-branch = debian diff -Nru fwsnort-1.6.5/debian/patches/fix-dport-bracket-usage.patch fwsnort-1.6.5/debian/p
Bug#861867: unblock: debsums/2.2.2 (was: unblock: debsums/2.2.1)
Control: retitle -1 unblock: debsums/2.2.2 Control: tag -1 - moreinfo Hi, Axel Beckert wrote: > Niels Thykier wrote: > > I am a bit concerned with changing the default at this time of the > > freeze. [...] > > Could we make the --no-ignore-obsolete the default for stretch > > and then have piuparts use --ignore-obsolete for now? That should be > > "safer" (read: less likely to unforeseen consequences). > > Granted. Will come up with a 2.2.2 release soonish. Uploaded and has been accepted. Andreas Beckmann wrote: > On 2017-05-06 12:26, Axel Beckert wrote: > > I assume that's fine for the Piuparts guys (Andreas and Holger Cc'ed) > > as Andreas was able to run piuparts also with --no-ignore-obsolete. If > > not, please speak up and explain. :-) > > We just need it in jessie-backports and installed on the slaves, then we > can enable thazt option :-) Can you please test 2.2.2 again as you did with 2.2.1~rc1? TIA! Debdiff between 2.2 (currently in testing) and 2.2.2 (just uploaded) without diff of the regenerated PO files (full debdiff attached): diff -Nru debsums-2.2/debian/changelog debsums-2.2.2/debian/changelog --- debsums-2.2/debian/changelog2017-01-21 21:37:12.0 +0100 +++ debsums-2.2.2/debian/changelog 2017-05-07 16:05:58.00000 +0200 @@ -1,3 +1,32 @@ +debsums (2.2.2) unstable; urgency=medium + + [ Axel Beckert ] + * Don't make ignoring obsolete conffiles default for now. (See #861867 +and #689508 for the discussion.) + * Regenerate po-files. + + [ Dominique Dumont ] + * Add code comment to explain why a symlink loop triggers a die. +(Related to the fix for #822633.) + + -- Axel Beckert <a...@debian.org> Sun, 07 May 2017 16:05:58 +0200 + +debsums (2.2.1) unstable; urgency=low + + * Release umodified as 2.2.1 and upload to unstable. Thanks to Andreas +Beckmann for testing the release candidate! + + -- Axel Beckert <a...@debian.org> Wed, 03 May 2017 02:49:52 +0200 + +debsums (2.2.1~rc1) experimental; urgency=low + + * Ignore obsolete conffiles by default (c.f. #689508). Based on patch by +Andreas Beckmann, but with option to disable the ignoring of obsolete +conffiles. + * Regenerate po-files. + + -- Axel Beckert <a...@debian.org> Sun, 30 Apr 2017 18:14:35 +0200 + debsums (2.2) unstable; urgency=medium [ Andreas Beckmann ] diff -Nru debsums-2.2/debsums debsums-2.2.2/debsums --- debsums-2.2/debsums 2017-01-21 19:51:36.0 +0100 +++ debsums-2.2.2/debsums 2017-05-07 13:38:04.0 +0200 @@ -78,6 +78,7 @@ is configured --no-prelink report changed ELF files even if prelink is configured + --ignore-obsoleteignore obsolete conffiles. --help print this help, then exit --versionprint version number, then exit EOT @@ -98,6 +99,7 @@ 'locale-purge!'=> \my $localepurge, 'prelink!' => \my $prelink, 'ignore-permissions' => \my $ignore_permissions, +'ignore-obsolete!' => \my $ignore_obsolete, g => sub { $gen_opt = 'missing' }, help => sub { print $help; exit }, version=> sub { print version_info(); exit }, @@ -262,7 +264,9 @@ $package_name{$field{"Package"}} = $field{"binary:Package"}; } $installed{$field{"binary:Package"}}{Conffiles} = { -map m!^\s*/(\S+)\s+([\da-f]+)!, split /\n/, $field{Conffiles} +map m!^\s*/(\S+)\s+([\da-f]+)!, +grep { not ($ignore_obsolete and / obsolete$/) } +split /\n/, $field{Conffiles} } if $field{Conffiles}; for (split /,\s*/, $field{Replaces}) @@ -440,6 +444,8 @@ } my $fp = $root . '/' . join('/', @parts) . '/' . $token; if ($seen{$fp}) { +# better die now with a clear error message then later +# with a sysopen fails die "$self: Error: symlink loop detected in path '$path'. ", "Please file a bug again $package.\n"; } diff -Nru debsums-2.2/man/debsums.1 debsums-2.2.2/man/debsums.1 --- debsums-2.2/man/debsums.1 2016-05-09 17:04:38.0 +0200 +++ debsums-2.2.2/man/debsums.1 2017-05-07 13:43:02.0 +0200 @@ -105,6 +105,9 @@ .BR \-\-ignore\-permissions Treat permission errors as warnings when running as non-root. .TP +.BR \-\-ignore\-obsolete +Ignore obsolete conffiles. +.TP .B \-\-help .PD 0 .TP Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE debsums_2.2_2.2.2.dsc.debdiff.gz Description: Binary data signature.asc Description: Digital signature
Bug#861867: unblock: debsums/2.2.1
Hi Niels, Niels Thykier wrote: > > It mitigates an issue with false positives in piuparts. See > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689508#67 and the > > following comments. > > > > Andreas Beckmann verified with a previously known false positive that > > the patch works as expected, see > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689508#103 [...] > I am a bit concerned with changing the default at this time of the > freeze. Good point. > Could we make the --no-ignore-obsolete the default for stretch > and then have piuparts use --ignore-obsolete for now? That should be > "safer" (read: less likely to unforeseen consequences). Granted. Will come up with a 2.2.2 release soonish. I assume that's fine for the Piuparts guys (Andreas and Holger Cc'ed) as Andreas was able to run piuparts also with --no-ignore-obsolete. If not, please speak up and explain. :-) Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#861867: unblock: debsums/2.2.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debsums 2.2.1. It mitigates an issue with false positives in piuparts. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689508#67 and the following comments. Andreas Beckmann verified with a previously known false positive that the patch works as expected, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689508#103 debdiff | diffstat against 2.2 from Debian Testing: debian/changelog | 16 +++ debsums|9 +++- man/debsums.1 |3 + man/po/de.po | 117 +--- man/po/debsums.pot | 115 --- man/po/es.po | 116 man/po/fr.po | 117 +--- man/po/pt.po | 116 man/po/pt_BR.po| 118 + man/po/ru.po | 117 +--- man/po/sv.po | 117 +--- 11 files changed, 543 insertions(+), 418 deletions(-) All the files under man/po/ are generated files and most changes in there are updated line numbers. debdiff against 2.2 from Debian Testing (without regenerated po files): diff -Nru debsums-2.2/debian/changelog debsums-2.2.1/debian/changelog --- debsums-2.2/debian/changelog2017-01-21 21:37:12.0 +0100 +++ debsums-2.2.1/debian/changelog 2017-05-03 02:49:52.0 +0200 @@ -1,3 +1,19 @@ +debsums (2.2.1) unstable; urgency=low + + * Release umodified as 2.2.1 and upload to unstable. Thanks to Andreas +Beckmann for testing the release candidate! + + -- Axel Beckert <a...@debian.org> Wed, 03 May 2017 02:49:52 +0200 + +debsums (2.2.1~rc1) experimental; urgency=low + + * Ignore obsolete conffiles by default (c.f. #689508). Based on patch by +Andreas Beckmann, but with option to disable the ignoring of obsolete +conffiles. + * Regenerate po-files. + + -- Axel Beckert <a...@debian.org> Sun, 30 Apr 2017 18:14:35 +0200 + debsums (2.2) unstable; urgency=medium [ Andreas Beckmann ] diff -Nru debsums-2.2/debsums debsums-2.2.1/debsums --- debsums-2.2/debsums 2017-01-21 19:51:36.0 +0100 +++ debsums-2.2.1/debsums 2017-05-03 02:47:48.0 +0200 @@ -78,6 +78,7 @@ is configured --no-prelink report changed ELF files even if prelink is configured + --no-ignore-obsolete don't ignore obsolete conffiles. --help print this help, then exit --versionprint version number, then exit EOT @@ -98,6 +99,7 @@ 'locale-purge!'=> \my $localepurge, 'prelink!' => \my $prelink, 'ignore-permissions' => \my $ignore_permissions, +'ignore-obsolete!' => \my $ignore_obsolete, g => sub { $gen_opt = 'missing' }, help => sub { print $help; exit }, version=> sub { print version_info(); exit }, @@ -206,6 +208,9 @@ ($prelink) = grep -x, map +("$_.bin", $_), '/usr/sbin/prelink'; } +# default is to use ignore obsolete conffiles, see #689508 +$ignore_obsolete = 1 unless defined $ignore_obsolete; + $silent++ if $changed; my @debpath = '.'; @@ -262,7 +267,9 @@ $package_name{$field{"Package"}} = $field{"binary:Package"}; } $installed{$field{"binary:Package"}}{Conffiles} = { -map m!^\s*/(\S+)\s+([\da-f]+)!, split /\n/, $field{Conffiles} +map m!^\s*/(\S+)\s+([\da-f]+)!, +grep { not ($ignore_obsolete and / obsolete$/) } +split /\n/, $field{Conffiles} } if $field{Conffiles}; for (split /,\s*/, $field{Replaces}) diff -Nru debsums-2.2/man/debsums.1 debsums-2.2.1/man/debsums.1 --- debsums-2.2/man/debsums.1 2016-05-09 17:04:38.0 +0200 +++ debsums-2.2.1/man/debsums.1 2017-05-03 02:47:48.0 +0200 @@ -105,6 +105,9 @@ .BR \-\-ignore\-permissions Treat permission errors as warnings when running as non-root. .TP +.BR \-\-no\-ignore\-obsolete +Disable the ignoring of obsolete conffiles. +.TP .B \-\-help .PD 0 .TP Full debdiff attached, too. So please... unblock debsums/2.2.1 -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysv
Bug#860130: unblock: zsh/5.3.1-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package zsh the upload fixes an upgrade issue from Jessie (#860033) which lets /usr/bin/zsh unexpectedly vanish until the next package upgrade, reinstallation or reconfiguration. Full debdiff: diff -Nru zsh-5.3.1/debian/changelog zsh-5.3.1/debian/changelog --- zsh-5.3.1/debian/changelog 2017-01-19 23:25:40.0 +0100 +++ zsh-5.3.1/debian/changelog 2017-04-11 21:34:40.0 +0200 @@ -1,3 +1,11 @@ +zsh (5.3.1-4) unstable; urgency=high + + * [5c3b52b8] Reorder zsh.postinst: do alternatives removal before +(re)creating /usr/bin/zsh symlink. Thanks to ilf for the bug report +and Adrian Bunk for finding the right solution. (Closes: #860033) + + -- Axel Beckert <a...@debian.org> Tue, 11 Apr 2017 21:34:40 +0200 + zsh (5.3.1-3) unstable; urgency=medium * [348c47bd] Cherry-pick four stability patches from upstream: diff -Nru zsh-5.3.1/debian/zsh.postinst zsh-5.3.1/debian/zsh.postinst --- zsh-5.3.1/debian/zsh.postinst 2017-01-08 23:19:29.0 +0100 +++ zsh-5.3.1/debian/zsh.postinst 2017-04-11 21:09:00.0 +0200 @@ -2,6 +2,14 @@ set -e +# ksh alternatives +update-alternatives --remove ksh /usr/bin/zsh +update-alternatives --remove ksh /bin/zsh4 + +# Remove alternatives system for zsh in general +update-alternatives --remove zsh /bin/zsh5 +update-alternatives --remove rzsh /bin/zsh5 + case "$1" in (configure) add-shell /bin/zsh @@ -23,14 +31,6 @@ ;; esac -# ksh alternatives -update-alternatives --remove ksh /usr/bin/zsh -update-alternatives --remove ksh /bin/zsh4 - -# Remove alternatives system for zsh in general -update-alternatives --remove zsh /bin/zsh5 -update-alternatives --remove rzsh /bin/zsh5 - #DEBHELPER# exit 0 So please ... unblock zsh/5.3.1-4 -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
Bug#859378: unblock: screen/4.5.0-5 (pre-approval)
Control: tag -1 - moreinfo Hi, Niels Thykier wrote: > Ack, please go ahead, thanks. Uploaded last night, built fine on all architectures, hence removing the moreinfo tag. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#859378: unblock: screen/4.5.0-5 (pre-approval)
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear Release Team, https://bugs.debian.org/856824 (which I already fixed in experimental a while ago) seems to be more severe than I initially thought. If unfixed, it can lead to a race condition at boot time when running with systemd as init system. See Marc's explanations at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856824#24 So I would upload screen/4.5.0-5 with the same fix as already applied in experimental (and with no issues or bug reports there so far) to unstable, too, if you're ok with it. I've prepared the upload in the "stretch" branch at https://anonscm.debian.org/cgit/collab-maint/screen.git/log/?h=stretch The diff as currently committed to git (still at UNRELEASED on purpose) is following, git I recommend to checkout the git repository and run the following command instead: git show 360c7cbfbe4dd7f2dac029b371da973731e4c2ad --color-words=. It makes clear that all of the commit is only removing the string "var/" over and over again. Nevertheless here's the classic diff for the change: diff --git a/debian/NEWS b/debian/NEWS index bac905c..7bef72a 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -1,6 +1,6 @@ screen (4.1.0~20120320gitdb59704-10) unstable; urgency=medium - On systems running systemd, the management of /var/run/screen previously + On systems running systemd, the management of /run/screen previously handled by /etc/init.d/screen-cleanup now occurs via systemd-tmpfiles and /usr/lib/tmpfiles.d/screen-cleanup.conf. The installed version of that file works for systems with the default screen permissions; if you override diff --git a/debian/README.Debian b/debian/README.Debian index d8160da..0ad2f44 100644 --- a/debian/README.Debian +++ b/debian/README.Debian @@ -7,23 +7,23 @@ and other assorted information. Debian Modifications * added Debian package maintenance files - * Use /var/run/screen as socket directory + * Use /run/screen as socket directory * Make it set-gid "utmp" instead of setuid root Debian Screen Q - -Q: screen always complains about the permissions of /var/run/screen. +Q: screen always complains about the permissions of /run/screen. What's wrong? A: Simplified, the binary ensures that $SCREENDIR has just enough permission bits enabled so that each user can create and access his socket directory. This means: - /usr/bin/screen setuid root -> /var/run/screen 0755 - /usr/bin/screen setgid utmp -> /var/run/screen 0775 - /usr/bin/screen without setid bits -> /var/run/screen 0777 + /usr/bin/screen setuid root -> /run/screen 0755 + /usr/bin/screen setgid utmp -> /run/screen 0775 + /usr/bin/screen without setid bits -> /run/screen 0777 These cases are all handled by the init script or by the tmpfiles.d configuration documented later in this file. However, the actual test is a @@ -108,11 +108,11 @@ A: Screen has to be setuid root to accomplish this. (Note the security implicati the feature, you may do so with the following commands: ] dpkg-statoverride --update --add root utmp 4755 /usr/bin/screen -] chmod 0755 /var/run/screen -] echo 'd /var/run/screen 0755 root utmp' > /etc/tmpfiles.d/screen-cleanup.conf +] chmod 0755 /run/screen +] echo 'd /run/screen 0755 root utmp' > /etc/tmpfiles.d/screen-cleanup.conf dpkg-statoverride will make sure that the modified permissions remain in effect - even if a new version of the screen package is installed. /var/run/screen will + even if a new version of the screen package is installed. /run/screen will be automatically recreated with the proper permissions if the directory lives on volatile storage (doesn't persist between subsequent reboots). @@ -122,8 +122,8 @@ Q: I don't want screen to be setuid *or* setgid - how do I disable that? A: As above, via dpkg-statoverride: ] dpkg-statoverride --update --add root utmp 0755 /usr/bin/screen -] chmod 1777 /var/run/screen -] echo 'd /var/run/screen 1777 root utmp' > /etc/tmpfiles.d/screen-cleanup.conf +] chmod 1777 /run/screen +] echo 'd /run/screen 1777 root utmp' > /etc/tmpfiles.d/screen-cleanup.conf Q: I've configured screen with different permissions, but I want to go back to @@ -132,7 +132,7 @@ Q: I've configured screen with different permissions, but I want to go back to A: ] dpkg-statoverride --remove /usr/bin/screen -] chmod 0775 /var/run/screen +] chmod 0775 /run/screen ] rm /etc/tmpfiles.d/screen-cleanup.conf - -- Axel Beckert <a...@debian.org>, Tue, 16 Jun 2015 23:27:03 +0200 + -- Axel Beckert <a...@debian.org>, Sun, 5 Mar 2017 17:23:27 +0100 diff --git a/debian/changelog b/debian/changelog index 36227ce..4b87a32 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +screen (4.5.0-5) UNRELEASED; urgency=low + + * Replace all
Bug#858403: unblock: screen/4.5.0-4 (pre-approval)
Control: tag -1 - moreinfo Hi, Axel Beckert wrote: > Niels Thykier wrote: > > > In the Debian Installer https://bugs.debian.org/857808 popped up and > > > Samuel Thibault found a patch for a workaround. See the upstream bug > > > at https://savannah.gnu.org/bugs/?50588 for an explanation how the > > > patch works. > > > > > > I've prepared, but not yet uploaded version 4.5.0-4 of Debian's screen > > > package to address this. The package is prepared in the branch > > > "stretch": > > > https://anonscm.debian.org/cgit/collab-maint/screen.git/log/?h=stretch > [...] > > Please go ahead. It will also need a d-i ack, but we will deal with > > that after the upload. > > Uploaded. Full final debdiff attached. The package has now been built on all release architectures (c.f. https://buildd.debian.org/screen), hence removing the "moreinfo" tag. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#858403: unblock: screen/4.5.0-4 (pre-approval)
Hi, Niels Thykier wrote: > > In the Debian Installer https://bugs.debian.org/857808 popped up and > > Samuel Thibault found a patch for a workaround. See the upstream bug > > at https://savannah.gnu.org/bugs/?50588 for an explanation how the > > patch works. > > > > I've prepared, but not yet uploaded version 4.5.0-4 of Debian's screen > > package to address this. The package is prepared in the branch > > "stretch": > > https://anonscm.debian.org/cgit/collab-maint/screen.git/log/?h=stretch [...] > Please go ahead. It will also need a d-i ack, but we will deal with > that after the upload. Uploaded. Full final debdiff attached. There's one minor and no-op change compared to the git diff I posted initially: diff --git a/debian/patches/series b/debian/patches/series index 7c90770..c1d448c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -11,8 +11,8 @@ 60-screen-4.2.1-debian4.1.0-compatibility.patch 61-default-PATH_MAX-if-undefined-for-hurd.patch 62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch -# 80-99: experimental patches, new features etc. 63-fix-garbage-on-serial-terminal.patch +# 80-99: experimental patches, new features etc. 80_session_creation_docs.patch 81_session_creation_util.patch 82_session_creation_core.patch i.e. I moved that comment back to the right position as the patch was added behind that comment by quilt.. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE diff -Nru screen-4.5.0/debian/changelog screen-4.5.0/debian/changelog --- screen-4.5.0/debian/changelog 2017-01-24 22:57:44.0 +0100 +++ screen-4.5.0/debian/changelog 2017-03-22 01:13:07.0 +0100 @@ -1,8 +1,17 @@ +screen (4.5.0-4) unstable; urgency=low + + * Add CVE-ID to previous changelog entry and +62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch. + * Apply patch by Samuel Thibault to fix terminal garbage in Debian +Installer over serial line. (Closes: #857808) + + -- Axel Beckert <a...@debian.org> Wed, 22 Mar 2017 01:13:07 +0100 + screen (4.5.0-3) unstable; urgency=medium * Add patch to revert upstream commit 5460f5d2 ("adding permissions check for the logfile name") which caused a privilege escalation. -(Closes: #852484) +(CVE-2017-5618, Closes: #852484) -- Axel Beckert <a...@debian.org> Tue, 24 Jan 2017 22:57:44 +0100 diff -Nru screen-4.5.0/debian/patches/62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch screen-4.5.0/debian/patches/62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch --- screen-4.5.0/debian/patches/62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch 2017-01-24 22:48:04.0 +0100 +++ screen-4.5.0/debian/patches/62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch 2017-03-22 01:13:07.0 +0100 @@ -1,7 +1,7 @@ -Description: Fix privilege escalation by reverting upstream commit 5460f5d2 +Description: [CVE-2017-5618] Fix privilege escalation by reverting upstream commit 5460f5d2 Author: Axel Beckert <a...@debian.org> Bug-Debian: https://bugs.debian.org/852484 -Bug-CVE: http://www.openwall.com/lists/oss-security/2017/01/24/10 +Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5618 Bug: https://savannah.gnu.org/bugs/?50142 https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html diff -Nru screen-4.5.0/debian/patches/63-fix-garbage-on-serial-terminal.patch screen-4.5.0/debian/patches/63-fix-garbage-on-serial-terminal.patch --- screen-4.5.0/debian/patches/63-fix-garbage-on-serial-terminal.patch 1970-01-01 01:00:00.0 +0100 +++ screen-4.5.0/debian/patches/63-fix-garbage-on-serial-terminal.patch 2017-03-22 01:13:07.0 +0100 @@ -0,0 +1,17 @@ +Description: Fix terminal garbage in Debian Installer over serial line +Author: Samuel Thibault <sthiba...@debian.org> +Reviewed-By: John Paul Adrian Glaubitz <glaub...@physik.fu-berlin.de> +Bug-Debian: https://bugs.debian.org/857808 +Bug: https://savannah.gnu.org/bugs/?50588 + +--- a/termcap.c b/termcap.c +@@ -486,6 +486,8 @@ + + D_tcinited = 1; + MakeTermcap(0); ++ /* Make sure libterm uses external term properties for our tputs() calls. */ ++ e_tgetent(tbuf, D_termname); + #ifdef MAPKEYS + CheckEscape(); + #endif diff -Nru screen-4.5.0/debian/patches/series screen-4.5.0/debian/patches/series --- screen-4.5.0/debian/patches/series 2017-01-24 22:46:11.0 +0100 +++ screen-4.5.0/debian/patches/series 2017-03-22 01:13:07.0 +0100 @@ -11,6 +11,7 @@ 60-screen-4.2.1-debian4.1.0-compatibility.patch 61-default-PATH_MAX-if-u
Bug#858403: unblock: screen/4.5.0-4 (pre-approval)
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock In the Debian Installer https://bugs.debian.org/857808 popped up and Samuel Thibault found a patch for a workaround. See the upstream bug at https://savannah.gnu.org/bugs/?50588 for an explanation how the patch works. I've prepared, but not yet uploaded version 4.5.0-4 of Debian's screen package to address this. The package is prepared in the branch "stretch": https://anonscm.debian.org/cgit/collab-maint/screen.git/log/?h=stretch Here's the current git diff between the package in Testing and the stretch branch as I plan to upload the package: diff --git a/debian/changelog b/debian/changelog index 2f87ccd..36227ce 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,17 @@ +screen (4.5.0-4) unstable; urgency=low + + * Add CVE-ID to previous changelog entry and +62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch. + * Apply patch by Samuel Thibault to fix terminal garbage in Debian +Installer over serial line. (Closes: #857808) + + -- Axel Beckert <a...@debian.org> Wed, 22 Mar 2017 01:13:07 +0100 + screen (4.5.0-3) unstable; urgency=medium * Add patch to revert upstream commit 5460f5d2 ("adding permissions check for the logfile name") which caused a privilege escalation. -(Closes: #852484) +(CVE-2017-5618, Closes: #852484) -- Axel Beckert <a...@debian.org> Tue, 24 Jan 2017 22:57:44 +0100 diff --git a/debian/patches/62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch b/debian/patches/62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch index 32c6c61..0f62702 100644 --- a/debian/patches/62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch +++ b/debian/patches/62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch @@ -1,7 +1,7 @@ -Description: Fix privilege escalation by reverting upstream commit 5460f5d2 +Description: [CVE-2017-5618] Fix privilege escalation by reverting upstream commit 5460f5d2 Author: Axel Beckert <a...@debian.org> Bug-Debian: https://bugs.debian.org/852484 -Bug-CVE: http://www.openwall.com/lists/oss-security/2017/01/24/10 +Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5618 Bug: https://savannah.gnu.org/bugs/?50142 https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html diff --git a/debian/patches/63-fix-garbage-on-serial-terminal.patch b/debian/patches/63-fix-garbage-on-serial-terminal.patch new file mode 100644 index 000..62a149a --- /dev/null +++ b/debian/patches/63-fix-garbage-on-serial-terminal.patch @@ -0,0 +1,17 @@ +Description: Fix terminal garbage in Debian Installer over serial line +Author: Samuel Thibault <sthiba...@debian.org> +Reviewed-By: John Paul Adrian Glaubitz <glaub...@physik.fu-berlin.de> +Bug-Debian: https://bugs.debian.org/857808 +Bug: https://savannah.gnu.org/bugs/?50588 + +--- a/termcap.c b/termcap.c +@@ -486,6 +486,8 @@ + + D_tcinited = 1; + MakeTermcap(0); ++ /* Make sure libterm uses external term properties for our tputs() calls. */ ++ e_tgetent(tbuf, D_termname); + #ifdef MAPKEYS + CheckEscape(); + #endif diff --git a/debian/patches/series b/debian/patches/series index f68461c..7c90770 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -12,6 +12,7 @@ 61-default-PATH_MAX-if-undefined-for-hurd.patch 62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch # 80-99: experimental patches, new features etc. +63-fix-garbage-on-serial-terminal.patch 80_session_creation_docs.patch 81_session_creation_util.patch 82_session_creation_core.patch -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
Bug#856848: unblock: aptitude/0.8.6-1 (pre-approval)
Control: tags -1 - moreinfo Hi Niels, Niels Thykier wrote: > Please go ahead and remove the moreinfo tag once the upload has been > successfully built on all relevant release architectures. That has happened now. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#856686: unblock: xymon/4.3.28-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock xymon/4.3.28-2. It fixes a missing dependency in one of its binary packages, see #856315. Full debdiff: diff -Nru xymon-4.3.28/debian/changelog xymon-4.3.28/debian/changelog --- xymon-4.3.28/debian/changelog 2017-01-20 02:14:35.0 +0100 +++ xymon-4.3.28/debian/changelog 2017-03-03 23:18:20.0 +0100 @@ -1,3 +1,9 @@ +xymon (4.3.28-2) unstable; urgency=low + + * xymon-client: Add dependency on net-tools. (Closes: #856315) + + -- Axel Beckert <a...@debian.org> Fri, 03 Mar 2017 23:18:20 +0100 + xymon (4.3.28-1) unstable; urgency=medium [ Axel Beckert ] diff -Nru xymon-4.3.28/debian/control xymon-4.3.28/debian/control --- xymon-4.3.28/debian/control 2016-10-30 02:54:08.0 +0200 +++ xymon-4.3.28/debian/control 2017-03-03 21:35:27.0 +0100 @@ -62,6 +62,7 @@ Pre-Depends: debconf (>= 0.5) | debconf-2.0, ${misc:Pre-Depends} Depends: adduser, lsb-base, + net-tools, procps, ${misc:Depends}, ${shlibs:Depends} unblock xymon/4.3.28-2 -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.8.0-rc5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
Bug#855554: unblock: debian-goodies/0.69
Hi Emilio, Emilio Pozuelo Monfort wrote: > > diff -Nru debian-goodies-0.68/checkrestart debian-goodies-0.69/checkrestart > > --- debian-goodies-0.68/checkrestart2017-01-21 16:27:32.0 > > +0100 > > +++ debian-goodies-0.69/checkrestart2017-02-20 02:28:58.0 > > +0100 > > @@ -126,7 +126,8 @@ > > checkroot() > > > > for f in blacklistFiles: > > -for line in file(f, "r"): > > +blacklistFile = open(f, 'r') > > +for line in blacklistFile.readlines(): > > if line.startswith("#"): > > continue > > blacklist.append(re.compile(line.strip())) > > BTW you don't seem to close those files ever. You may want to call f.close(), > or > use the with statement. Thanks for the hint. Do you think it can hurt somewhere? checkrestart is not a permanently running daemon and I've tested the functionality extensively. (What about the old Python 2.7 file statement? That didn't have a close either and nobody argued. Or didn't it need a close statement while open needs one?) Anyway, my current plan is to fix that in git, but only upload the fix to Stretch if another bug, which validates a freeze exception, shows up. I hope that's fine for the release team, too. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#855554: unblock: debian-goodies/0.69
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock the just uploaded debian-goodies version 0.69. (Not yet accepted due to a just started dinstall run, but should be accepted within the next hour or so.) It fixes a regression from the Python 3 conversion in 0.65. It only happens with a specific option, but causes a syntax error if that option is used, i.e. makes that option unusable. Unfortunately I didn't notice the according bug report when preparing the last upload before the freeze and only a second bug report for the same issue made me aware of it. Full debdiff: diff -Nru debian-goodies-0.68/checkrestart debian-goodies-0.69/checkrestart --- debian-goodies-0.68/checkrestart2017-01-21 16:27:32.0 +0100 +++ debian-goodies-0.69/checkrestart2017-02-20 02:28:58.0 +0100 @@ -126,7 +126,8 @@ checkroot() for f in blacklistFiles: -for line in file(f, "r"): +blacklistFile = open(f, 'r') +for line in blacklistFile.readlines(): if line.startswith("#"): continue blacklist.append(re.compile(line.strip())) diff -Nru debian-goodies-0.68/debian/changelog debian-goodies-0.69/debian/changelog --- debian-goodies-0.68/debian/changelog2017-01-21 16:36:15.0 +0100 +++ debian-goodies-0.69/debian/changelog2017-02-20 02:37:42.0 +0100 @@ -1,3 +1,11 @@ +debian-goodies (0.69) unstable; urgency=low + + * checkrestart: Fix regression with -b/--blacklist from python3 +conversion. Thanks to Andrew Rolfe and Michael Glockenstein! +(Closes: #835523, #854982) + + -- Axel Beckert <a...@debian.org> Mon, 20 Feb 2017 02:37:42 +0100 + debian-goodies (0.68) unstable; urgency=medium * Fix "TypeError: a bytes-like object is required, not 'str'" when unblock debian-goodies/0.69 -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
Bug#855546: unblock: hobbit-plugins/20170219
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package hobbit-plugins as just uploaded to Debian Unstable. It fixes a single issue caused by changed output of git ("working directory" in older versions, "working tree" in more recent versions). Full debdiff: diff -Nru hobbit-plugins-20170122/debian/changelog hobbit-plugins-20170219/debian/changelog --- hobbit-plugins-20170122/debian/changelog2017-01-22 14:54:14.0 +0100 +++ hobbit-plugins-20170219/debian/changelog2017-02-19 21:09:58.0 +0100 @@ -1,3 +1,10 @@ +hobbit-plugins (20170219) unstable; urgency=low + + * dirtyvcs: Update regular expression to detect clean git +repositories. (Closes: #852824) + + -- Axel Beckert <a...@debian.org> Sun, 19 Feb 2017 21:09:58 +0100 + hobbit-plugins (20170122) unstable; urgency=medium * Fix wrong package name in Suggest, long package description and diff -Nru hobbit-plugins-20170122/src/usr/lib/xymon/client/ext/dirtyvcs hobbit-plugins-20170219/src/usr/lib/xymon/client/ext/dirtyvcs --- hobbit-plugins-20170122/src/usr/lib/xymon/client/ext/dirtyvcs 2016-06-05 03:29:28.0 +0200 +++ hobbit-plugins-20170219/src/usr/lib/xymon/client/ext/dirtyvcs 2017-02-19 21:09:35.0 +0100 @@ -41,7 +41,7 @@ my $empty_re = qr/^\s*$/s; my %vcs_to_dir = ( 'git' => { dir => '.git', - clean => qr/nothing to commit,? \(?working directory clean/ }, + clean => qr/nothing to commit,? \(?working \w+ clean/ }, 'bzr' => { dir => '.bzr', clean => $empty_re }, 'hg' => { dir => '.hg', -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
Re: Bug#851018: dpmb: FTBFS: a2x: ERROR: missing configuration file: /etc/asciidoc/dblatex/asciidoc-dblatex.xsl
Hi Lucas, Lucas Nussbaum wrote: > During a rebuild of all packages in sid, your package failed to build on > amd64. I actually expected this. This is due to the fix for https://bugs.debian.org/850301 in asciidoc — IMHO such transitions (neither the one in 8.6.9-4 c.f. #850305 nor the one in 8.6.9-5) shouldn't happen anymore so shortly before the freeze and _during_ the transition freeze. (Cc'ing the asciidoc maintainers as well as the release team for that.) Probably many of the bug reports addressed in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850305#30 suffer from this issue. Anyway, for a solution, changing the dependency on "asciidoc" to "asciidoc, asciidoc-dblatex (>= 8.6.9-5) | asciidoc (<= 8.6.9-3.1)" will probably suffice to still be able to build the package on Debian 8 Jessie, too. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#837607: jessie-pu: package elog/2.9.2+2014.05.11git44800a7-2
Hi together, Adam D. Barratt wrote: > On Tue, 2016-09-20 at 20:49 +0200, Roger Kalt wrote: > > Find attached the proposed patch to form 2.9.2+2014.05.11git44800a7-2 to > > 2.9.2+2014.05.11git44800a7-2+deb8u1. > > > > The version number has been corrected. > > Thanks. > > In case it wasn't clear from my previous mail, please go ahead with the > upload. Uploaded now. Sorry for the delay, I'm in the middle of changing jobs and didn't find time to do much for Debian in the past two weeks. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#837312: Bug#837311: cdist: FTBFS with some additional packages being installed: ImportError: No module named sphinx_rtd_theme
Hi Dmitry, Dmitry Bogatov wrote: > > > I will add Build-Conflicts: in incoming 18 hours, ping you, you will > > > upload, and bug will be closed. [...] > New version on mentors, with following changelog: > > * Rebuild for unstable to get latest sphinx dependency (Closes: #837312) > * Force `sphinx-build' use Python3 (Closes: #837311) Thanks! Uploaded. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#837312: nmu: cdist_4.3.1-1
Hi, Mattia Rizzolo wrote: > On Sat, Sep 10, 2016 at 03:03:42PM +0200, Axel Beckert wrote: > > cdist-doc depends on "sphinx-common (<< 1.4.5.0~), sphinx-common (>= > > 1.4.5)". This causes the following issues: > > > > * It's uninstallable in unstable > > * sphinx doesn't migrate to testing[0] > > > > Rebuilding against sphinx 1.4.6-1 inside a clean chroot > > (e.g. pbuilder) helps[1]. So please schedule a BinNMU on architecture > > "all" for cdist: > > > > nmu cdist_4.3.1-1 . all . unstable . -m "Rebuild documentation against > > sphinx 1.4.6" […] > You need to ask for a full upload, perhaps by means of a RC bug (given > that it's blocking other stuff, and it is uninstallable) *sigh* I'd reopened and reassiged it if I were you. Not doing that now myself because there is also a sponsorship request for cdist at https://bugs.debian.org/837319 which will solve this anyways. Dmitry: Will have a look at #837319. :-) > While on it I'd investigate why it has such particular needs of a so > weird depdency. That's something the sphinx maintainers should have a look at it as they seem to have decided that it's needed, otherwise they probably wouldn't have made the effort to implement it. Since not every sphinx reverse dependency which uses ${sphinxdoc:Depends} (about 527 source packages in unstable according to [1]) seems to have that rather strict dependency (thanks to Mattia for pointing that out on IRC :-), I wonder what makes cdist's package build causing that strict dependency. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#837312: nmu: cdist_4.3.1-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hi, cdist-doc depends on "sphinx-common (<< 1.4.5.0~), sphinx-common (>= 1.4.5)". This causes the following issues: * It's uninstallable in unstable * sphinx doesn't migrate to testing[0] Rebuilding against sphinx 1.4.6-1 inside a clean chroot (e.g. pbuilder) helps[1]. So please schedule a BinNMU on architecture "all" for cdist: nmu cdist_4.3.1-1 . all . unstable . -m "Rebuild documentation against sphinx 1.4.6" (Hope, I got the "Architecture: all" thing right in the line above. :-) [0] https://qa.debian.org/excuses.php?package=sphinx [1] Be aware of https://bugs.debian.org/837311 (cdist FTBFS with additional packages being installed; seems a Python 2 vs 3 issue) -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.8.0-rc5-amd64 (SMP w/8 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
Bug#829603: jessie-pu: package conkeror/1.0~~pre-1+git141025-1+deb8u2
Hi Adam, Adam D. Barratt wrote: > > Cherry-picking the according upstream fix solves the issue also in > > Jessie. I've prepared and tested an upload for that and would like to > > upload this to jessie-proposed-updates. > > Please go ahead. Thanks, uploaded. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#829603: jessie-pu: package conkeror/1.0~~pre-1+git141025-1+deb8u2
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu With the update to Firefox 45 in Jessie, it once again caused regressions in depending packages due to removed features. For conkeror it's this time the removal of some specific syntactic sugar around the "let" construct. Cherry-picking the according upstream fix solves the issue also in Jessie. I've prepared and tested an upload for that and would like to upload this to jessie-proposed-updates. Full source debdiff: diff -Nru conkeror-1.0~~pre-1+git141025/debian/changelog conkeror-1.0~~pre-1+git141025/debian/changelog --- conkeror-1.0~~pre-1+git141025/debian/changelog 2016-02-23 21:01:37.0 +0100 +++ conkeror-1.0~~pre-1+git141025/debian/changelog 2016-07-04 16:59:43.0 +0200 @@ -1,3 +1,11 @@ +conkeror (1.0~~pre-1+git141025-1+deb8u2) jessie; urgency=medium + + * Cherry-pick 631644f5 from upstream master branch to remove "let" +expressions to support Firefox 44 and later (including the ESR release +45.x in Debian Jessie). (Closes: #813039) + + -- Axel Beckert <a...@debian.org> Fri, 17 Jun 2016 19:26:15 +0200 + conkeror (1.0~~pre-1+git141025-1+deb8u1) jessie; urgency=medium * Cherry-pick 6906955e from upstream master branch to fix matching of diff -Nru conkeror-1.0~~pre-1+git141025/debian/patches/cherry-pick-631644f5-remove-let-expressions-for-ff44.diff conkeror-1.0~~pre-1+git141025/debian/patches/cherry-pick-631644f5-remove-let-expressions-for-ff44.diff --- conkeror-1.0~~pre-1+git141025/debian/patches/cherry-pick-631644f5-remove-let-expressions-for-ff44.diff 1970-01-01 01:00:00.0 +0100 +++ conkeror-1.0~~pre-1+git141025/debian/patches/cherry-pick-631644f5-remove-let-expressions-for-ff44.diff 2016-07-04 16:59:43.0 +0200 @@ -0,0 +1,197 @@ +Origin: commit 631644f5c4a6bc544312603eab8ae4deed0f125e +Author: Istvan Marko <mi-...@kismala.com> +Description: Remove let expressions + SpiderMonkey no longer supports them since Firefox 44, see + https://bugzilla.mozilla.org/show_bug.cgi?id=1023609 +Bug: http://bugs.conkeror.org/issue498 +Bug-Debian: https://bugs.debian.org/813039 +Reviewed-By: Axel Beckert <a...@debian.org> + +diff --git a/modules/block-content-focus-change.js b/modules/block-content-focus-change.js +index ce20fb1..b245c71 100644 +--- a/modules/block-content-focus-change.js b/modules/block-content-focus-change.js +@@ -58,7 +58,8 @@ function block_content_focus_change_buffer_teardown (buffer) { +true); + } + +-let (foo = browser_set_element_focus) { ++{ ++let foo = browser_set_element_focus; + define_global_mode("block_content_focus_change_mode", + function () { // enable + for_each_buffer(function (buffer) { +diff --git a/modules/buffer.js b/modules/buffer.js +index 8d02a97..667aef2 100644 +--- a/modules/buffer.js b/modules/buffer.js +@@ -757,7 +757,8 @@ function create_buffer (window, creator, target) { + } + } + +-let (queued_buffer_creators = null) { ++{ ++let queued_buffer_creators = null; + function create_buffer_in_current_window (creator, target, focus_existing) { + function process_queued_buffer_creators (window) { + for (var i = 0; i < queued_buffer_creators.length; ++i) { +diff --git a/modules/debug.js b/modules/debug.js +index 7f989b8..2fb2d4a 100644 +--- a/modules/debug.js b/modules/debug.js +@@ -83,8 +83,9 @@ const DEBUG_HERE = "function (__DEBUG_HERE) { return eval(__DEBUG_HERE); }"; + + + +-let (console = Cc["@mozilla.org/consoleservice;1"] +- .getService(Ci.nsIConsoleService)) { ++{ ++let console = Cc["@mozilla.org/consoleservice;1"] ++.getService(Ci.nsIConsoleService); + console.registerListener({ + observe: function (msg) { + if (msg instanceof Ci.nsIScriptError) { +diff --git a/modules/env.js b/modules/env.js +index 73d32c1..270d6f7 100644 +--- a/modules/env.js b/modules/env.js +@@ -11,8 +11,9 @@ + * get_os returns a string identifying the current OS. + * possible values include 'Darwin', 'Linux' and 'WINNT'. + */ +-let (xul_runtime = Cc['@mozilla.org/xre/app-info;1'] +- .getService(Ci.nsIXULRuntime)) { ++{ ++let xul_runtime = Cc['@mozilla.org/xre/app-info;1'] ++.getService(Ci.nsIXULRuntime); + function get_os () { + return xul_runtime.OS; + } +@@ -37,8 +38,9 @@ function get_mozilla_version () { + * getenv returns the value of a named environment variable or null if + * the environment variable does not exist. + */ +-let (env = Cc['@mozilla.org/process/environment;1'] +- .getService(Ci.nsIEnvironment)) { ++{ ++let env = Cc['@mozilla.org/process/environment;1'] ++.getService(Ci.nsIEnvironment); + function getenv (variable) { + if (env.exists(variable)) +
Bug#798404: jessie-pu: package conkeror/1.0~~pre-1+git141025-1+deb8u1
Hi, Julien Cristau wrote: > > diff -Nru conkeror-1.0~~pre-1+git141025/debian/changelog > > conkeror-1.0~~pre-1+git141025/debian/changelog > > --- conkeror-1.0~~pre-1+git141025/debian/changelog 2014-10-25 > > 18:37:02.0 +0200 > > +++ conkeror-1.0~~pre-1+git141025/debian/changelog 2015-09-08 > > 22:02:37.0 +0200 > > @@ -1,3 +1,11 @@ > > +conkeror (1.0~~pre-1+git141025-1+deb8u1) stable-proposed-updates; > > urgency=medium > > Please use "jessie" as the distribution, and feel free to upload. Done. > > + * Cherry-pick 6906955e from upstream master branch to fix matching of > > +module load error messages to work with Firefox 36 and later > > +(including the ESR release 38.x in Debian Jessie). I've also allowed myself to add the missing bug report number here and in the DEP3 patch header. No further differences compared to the originally posted debdiff. Full, new debdiff as uploaded follows: diff -Nru conkeror-1.0~~pre-1+git141025/debian/changelog conkeror-1.0~~pre-1+git141025/debian/changelog --- conkeror-1.0~~pre-1+git141025/debian/changelog 2014-10-25 18:37:02.0 +0200 +++ conkeror-1.0~~pre-1+git141025/debian/changelog 2016-02-23 21:01:37.0 +0100 @@ -1,3 +1,11 @@ +conkeror (1.0~~pre-1+git141025-1+deb8u1) jessie; urgency=medium + + * Cherry-pick 6906955e from upstream master branch to fix matching of +module load error messages to work with Firefox 36 and later +(including the ESR release 38.x in Debian Jessie). (Closes: #795597) + + -- Axel Beckert <a...@debian.org> Tue, 08 Sep 2015 22:00:42 +0200 + conkeror (1.0~~pre-1+git141025-1) unstable; urgency=low * New upstream snapshot diff -Nru conkeror-1.0~~pre-1+git141025/debian/patches/cherry-pick-6906955e-fix-load-error-messages-with-ff36.diff conkeror-1.0~~pre-1+git141025/debian/patches/cherry-pick-6906955e-fix-load-error-messages-with-ff36.diff --- conkeror-1.0~~pre-1+git141025/debian/patches/cherry-pick-6906955e-fix-load-error-messages-with-ff36.diff 1970-01-01 01:00:00.0 +0100 +++ conkeror-1.0~~pre-1+git141025/debian/patches/cherry-pick-6906955e-fix-load-error-messages-with-ff36.diff 2016-02-23 21:01:16.0 +0100 @@ -0,0 +1,27 @@ +Origin: commit 6906955ef78caeb357b729e1f608dfe1f0171dcc +Author: Jeremy Maitin-Shepard <jer...@jeremyms.com> +Date: Thu Feb 26 19:10:05 2015 -0800 +Description: application.js: fix matching of module load error messages to work with Firefox 36 + Firefox 36 includes the path in some error messages, causing them to + no longer precisely match the strings that had been specified. Using + String.prototype.startsWith fixes the problem. +Bug-Debian: https://bugs.debian.org/795597 + +diff --git a/components/application.js b/components/application.js +index 962ca73..bd9f30c 100644 +--- a/components/application.js b/components/application.js +@@ -161,10 +161,9 @@ application.prototype = { + return; + } + } catch (e if (typeof e == 'string' && +- {"ContentLength not available (not a local URL?)":true, +-"Error creating channel (invalid URL scheme?)":true, +-"Error opening input stream (invalid filename?)":true} +- [e])) { ++ (e.startsWith("ContentLength not available (not a local URL?)") || ++e.startsWith("Error creating channel (invalid URL scheme?)") || ++e.startsWith("Error opening input stream (invalid filename?)" { + // null op. (suppress error, try next path) + } + if (autoext) diff -Nru conkeror-1.0~~pre-1+git141025/debian/patches/series conkeror-1.0~~pre-1+git141025/debian/patches/series --- conkeror-1.0~~pre-1+git141025/debian/patches/series 2014-06-14 11:58:40.0 +0200 +++ conkeror-1.0~~pre-1+git141025/debian/patches/series 2016-02-23 18:51:14.0 +0100 @@ -1,2 +1,3 @@ sensible-editor-xdg-open.diff deb-webjumps.diff +cherry-pick-6906955e-fix-load-error-messages-with-ff36.diff Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE signature.asc Description: Digital signature
Bug#798404: jessie-pu: package conkeror/1.0~~pre-1+git141025-1+deb8u1
Hi, Julien Cristau wrote: > > the upgrade of iceweasel from 31.x to 38.x broke conkeror in Jessie: > > https://bugs.debian.org/795597 > > > > I've prepared an update cherry-picking an upstream fix which is > > already part of conkeror in testing and unstable: > > > > diff -Nru conkeror-1.0~~pre-1+git141025/debian/changelog > > conkeror-1.0~~pre-1+git141025/debian/changelog > > --- conkeror-1.0~~pre-1+git141025/debian/changelog 2014-10-25 > > 18:37:02.0 +0200 > > +++ conkeror-1.0~~pre-1+git141025/debian/changelog 2015-09-08 > > 22:02:37.0 +0200 > > @@ -1,3 +1,11 @@ > > +conkeror (1.0~~pre-1+git141025-1+deb8u1) stable-proposed-updates; > > urgency=medium > > Please use "jessie" as the distribution, and feel free to upload. Thanks, will do. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#813328: source package migrated to testing in 5 days despite explicit urgency=low as well as not having been in testing before
Package: release.debian.org Severity: important User: release.debian@packages.debian.org Usertags: britney Hi, I was totally surprised to get this mail already today after 5 days instead of after 10 days: https://packages.qa.debian.org/l/lynx/news/20160131T163912Z.html src:lynx migrated to testing within 5 days, despite: * Explicit urgency=low. I consider ignoring this setting a quite important issues. I really wanted more exposion for this package as it contained some changes which might break things. * New source package name, i.e. it's the first upload to unstable since the package went through NEW (two uploads to experimental inbetween, though), but it's definitely a source package which wasn't in Testing before. (Not sure if I understand the used metrics in this case completely.) See https://packages.qa.debian.org/l/lynx.html for the dates. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (990, 'unstable'), (980, 'unstable-debug'), (600, 'testing'), (111, 'buildd-unstable'), (111, 'buildd-experimental'), (110, 'experimental'), (105, 'experimental-debug') Architecture: amd64 (x86_64) Kernel: Linux 4.4.0-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#796345: Status report on perl 5.22 transition readiness (30th Sept)
Hi, Emilio Pozuelo Monfort wrote: > On 30/10/15 14:34, Emilio Pozuelo Monfort wrote: > > That'd only leave us with the apache bug. > > There's a patch available for that now, right? Yes. It has been included in the upload to experimental 1.5 days ago: https://packages.qa.debian.org/liba/libapache2-mod-perl2/news/20151130T194855Z.html Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#798404: jessie-pu: package conkeror/1.0~~pre-1+git141025-1+deb8u1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Control: block 795597 by -1 Hi, the upgrade of iceweasel from 31.x to 38.x broke conkeror in Jessie: https://bugs.debian.org/795597 I've prepared an update cherry-picking an upstream fix which is already part of conkeror in testing and unstable: diff -Nru conkeror-1.0~~pre-1+git141025/debian/changelog conkeror-1.0~~pre-1+git141025/debian/changelog --- conkeror-1.0~~pre-1+git141025/debian/changelog 2014-10-25 18:37:02.0 +0200 +++ conkeror-1.0~~pre-1+git141025/debian/changelog 2015-09-08 22:02:37.0 +0200 @@ -1,3 +1,11 @@ +conkeror (1.0~~pre-1+git141025-1+deb8u1) stable-proposed-updates; urgency=medium + + * Cherry-pick 6906955e from upstream master branch to fix matching of +module load error messages to work with Firefox 36 and later +(including the ESR release 38.x in Debian Jessie). + + -- Axel Beckert <a...@debian.org> Tue, 08 Sep 2015 22:00:42 +0200 + conkeror (1.0~~pre-1+git141025-1) unstable; urgency=low * New upstream snapshot diff -Nru conkeror-1.0~~pre-1+git141025/debian/patches/cherry-pick-6906955e-fix-load-error-messages-with-ff36.diff conkeror-1.0~~pre-1+git141025/debian/patches/cherry-pick-6906955e-fix-load-error-messages-with-ff36.diff --- conkeror-1.0~~pre-1+git141025/debian/patches/cherry-pick-6906955e-fix-load-error-messages-with-ff36.diff 1970-01-01 01:00:00.0 +0100 +++ conkeror-1.0~~pre-1+git141025/debian/patches/cherry-pick-6906955e-fix-load-error-messages-with-ff36.diff 2015-09-08 22:02:37.0 +0200 @@ -0,0 +1,26 @@ +Origin: commit 6906955ef78caeb357b729e1f608dfe1f0171dcc +Author: Jeremy Maitin-Shepard <jer...@jeremyms.com> +Date: Thu Feb 26 19:10:05 2015 -0800 +Description: application.js: fix matching of module load error messages to work with Firefox 36 + Firefox 36 includes the path in some error messages, causing them to + no longer precisely match the strings that had been specified. Using + String.prototype.startsWith fixes the problem. + +diff --git a/components/application.js b/components/application.js +index 962ca73..bd9f30c 100644 +--- a/components/application.js b/components/application.js +@@ -161,10 +161,9 @@ application.prototype = { + return; + } + } catch (e if (typeof e == 'string' && +- {"ContentLength not available (not a local URL?)":true, +-"Error creating channel (invalid URL scheme?)":true, +-"Error opening input stream (invalid filename?)":true} +- [e])) { ++ (e.startsWith("ContentLength not available (not a local URL?)") || ++e.startsWith("Error creating channel (invalid URL scheme?)") || ++e.startsWith("Error opening input stream (invalid filename?)" { + // null op. (suppress error, try next path) + } + if (autoext) diff -Nru conkeror-1.0~~pre-1+git141025/debian/patches/series conkeror-1.0~~pre-1+git141025/debian/patches/series --- conkeror-1.0~~pre-1+git141025/debian/patches/series 2014-06-14 11:58:40.0 +0200 +++ conkeror-1.0~~pre-1+git141025/debian/patches/series 2015-09-08 22:02:37.0 +0200 @@ -1,2 +1,3 @@ sensible-editor-xdg-open.diff deb-webjumps.diff +cherry-pick-6906955e-fix-load-error-messages-with-ff36.diff -- System Information: Debian Release: 8.2 APT prefers stable APT policy: (909, 'stable'), (902, 'stable-updates'), (901, 'proposed-updates'), (900, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
Bug#782478: unblock: bb/1.3rc1-8.3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package bb/1.3rc1-8.3 which I've just uploaded to unstable. As discussed with Niels as well as in https://bugs.debian.org/761023 this upload of bb improves README.Debian which was introduced in the previous upload as a way to mitigate #761023. After the previous upload migrated to testing, a typo fix and some very helpful additional information have been posted to #761023, and this upload includes them. Only documentation were changed: diff -u bb-1.3rc1/debian/README.Debian bb-1.3rc1/debian/README.Debian --- bb-1.3rc1/debian/README.Debian +++ bb-1.3rc1/debian/README.Debian @@ -5,10 +5,18 @@ -Music is requested. If you have PulseAudio installed and want to show -off BB with Music, you can do that by switching to the virtual text -console and running BB there. +Music is requested. Due to this issue Music in BB is turned off by +default in Debian. -Due to this issue Music in BB is turned of by default in Debian. +If you have PulseAudio installed and want to show off BB with Music, +you can do that by either: + +* switching to the virtual text console and running bb there, or by + +* temporarily letting PulseAudio release the audio hardware and hiding + from bb the fact that there is a PulseAudio server with the + following command: + + pasuspender -- env PULSE_SERVER= bb This issue is tracked in the Debian Bug Tracking System at https://bugs.debian.org/761023 - -- Axel Beckert a...@debian.org, Wed, 1 Apr 2015 22:13:34 +0200 + -- Axel Beckert a...@debian.org, Sat, 11 Apr 2015 15:22:37 +0200 diff -u bb-1.3rc1/debian/changelog bb-1.3rc1/debian/changelog --- bb-1.3rc1/debian/changelog +++ bb-1.3rc1/debian/changelog @@ -1,3 +1,13 @@ +bb (1.3rc1-8.3) unstable; urgency=medium + + * Non-maintainer upload. + * Improve README.Debian from previous upload: ++ Mention how to run bb under PulseAudio anyways (Thanks Anthony + DeRobertis!) ++ Fix typo (Thanks Antoine Amarilli!) + + -- Axel Beckert a...@debian.org Sun, 12 Apr 2015 22:10:43 +0200 + bb (1.3rc1-8.2) unstable; urgency=medium * Non-maintainer upload. So please unblock bb/1.3rc1-8.3 -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (110, 'experimental'), (109, 'buildd-unstable'), (109, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.19.0-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150412203615.723.15645.report...@c-cactus.deuxchevaux.org
Bug#782180: unblock pre-approval: apt-zip/0.18+nmu1
Hi Niels, hi Cate, Niels Thykier wrote: Thanks for spending time on it and trying to solve it. Sadly, I am not convinced that apt-zip is actively maintained, regularly used/tested nor that it is ready for Jessie. Indeed, I noticed that, too: Last upload 2008. I was actually surprised about that fact, because Cate seems clearly active elsewhere in Debian. If you are interested in keeping apt-zip in Jessie, then please include a fix for #718376 I'll have at least a look this evening. (I promoted it to grave) Thanks for reviewing the severities and the prompt reply. and also (have the maintainers) commit to maintaining it for Jessie as well. Cate, any comment here? While I would like to see apt-zip staying in Debian Stable because I think it's a nice feature addition to Debian's package management eco system, I unfortunately cannot commit to (co-) maintain apt-zip as I have no use for it myself currently. For testing the NMU, I just unplugged the network and used a tmpfs instead of an USB stick. In the absence of a commitment and a fix for #718376, I would rather see apt-zip removed from Jessie. I unfortunately agree that sounds realistic. Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150409082723.gz3...@sym.noone.org
Bug#782180: unblock pre-approval: apt-zip/0.18+nmu1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi, following is a debdiff which should fix the following issues in apt-zip: #782179 [G|+| ] [apt-zip] apt-zip: apt-zip-list --aptgetaction=update doesn't do anything because apt-get -qq --print-uris update outputs nothing #781915 [G| | ] [apt-zip] Checksum fails and other issues in Jessie #638840 [i|+| ] [apt-zip] apt-zip: wrong checksum: checksum calculation broken The last one (#638840) is currently only set to severity important, but IMHO validates for severity grave, too, as it doesn't download any packages anymore because of the failed hashsum check. This patch does not fix #718376 (Most deb data.tar member files are unsupported) and there seem similar issues with package lists. Additionally the patch also fixes this non-RC and no-op issue: #624368 [m| | ] [apt-zip] Updating the apt-zip Uploaders list Would the following debdiff suffice for an unblock? If so, I'd upload it as NMU either directly or to DELAYED/1 so that it migrates to Testing before the deadline ends. diff -Nru apt-zip-0.18/debian/changelog apt-zip-0.18+nmu1/debian/changelog --- apt-zip-0.18/debian/changelog 2008-02-01 08:18:33.0 +0100 +++ apt-zip-0.18+nmu1/debian/changelog 2015-04-09 03:49:29.0 +0200 @@ -1,3 +1,20 @@ +apt-zip (0.18+nmu1) unstable; urgency=medium + + * Non-maintainer upload + * Fix updating package lists by using -q instead of -qq for apt-get +update (Closes: #782179) + * Properly handle package list downloads (Closes: #781915) ++ Don't try to bunzip2 empty files ++ Don't save files with .bz2 or .gz suffix without suffix ++ Don't try to add .bz2 or .gz suffix to URIs which already have them. ++ Honour the fact that apt can't know checksums of package list in + advance. + * Fix checksum verification of packages (Closes: #638840; patch by +Rainer Dorsch rdor...@web.de, thanks!) + * Remove François Févotte from Uploaders (Closes: #624368) + + -- Axel Beckert a...@debian.org Thu, 09 Apr 2015 01:30:22 +0200 + apt-zip (0.18) unstable; urgency=medium * Use sha256 instead of md5 for checksum, as in apt 0.7.7. diff -Nru apt-zip-0.18/apt-zip-inst apt-zip-0.18+nmu1/apt-zip-inst --- apt-zip-0.18/apt-zip-inst 2008-02-01 08:07:37.0 +0100 +++ apt-zip-0.18+nmu1/apt-zip-inst 2015-04-09 03:44:21.0 +0200 @@ -36,8 +36,9 @@ tar xvf ${MEDIUM}/${APTZIPTARFILE} | while read FILE do - [ `basename $FILE .bz2` != $FILE ] bunzip2 -f $FILE - [ `basename $FILE .gz` != $FILE ] gunzip -f $FILE + [ ! -s $FILE ] rm -f $FILE + [ -e $FILE -a `basename $FILE .bz2` != $FILE ] bunzip2 -f $FILE + [ -e $FILE -a `basename $FILE .gz` != $FILE ] gunzip -f $FILE done rm -f foo-stamp ) diff -Nru apt-zip-0.18/apt-zip-list apt-zip-0.18+nmu1/apt-zip-list --- apt-zip-0.18/apt-zip-list 2008-02-01 07:57:01.0 +0100 +++ apt-zip-0.18+nmu1/apt-zip-list 2015-04-09 02:35:38.0 +0200 @@ -33,9 +33,15 @@ TMP=$(tempfile -p aptzip) TEMP=$(tempfile -p aptzip) +if [ $APTGETACTION = update ]; then +APTGETQUIETLEVEL=-q +else +APTGETQUIETLEVEL=-qq +fi + [ -n $PACKAGES ] apt-get ${APTGETEXTRAOPTS} -qq --print-uris install $PACKAGES $TMP -[ -n $APTGETACTION ] apt-get ${APTGETEXTRAOPTS} -qq --print-uris ${APTGETACTION} $TMP -grep $GREP $TMP | tr -d ' | sed 's/SHA256://' | sort -u $TEMP +[ -n $APTGETACTION ] apt-get ${APTGETEXTRAOPTS} ${APTGETQUIETLEVEL} --print-uris ${APTGETACTION} $TMP +grep $GREP $TMP | tr -d ' | sed 's/MD5Sum://' | sort -u $TEMP if [ $? != 0 ] then error apt-get failed diff -Nru apt-zip-0.18/debian/control apt-zip-0.18+nmu1/debian/control --- apt-zip-0.18/debian/control 2008-02-01 08:24:00.0 +0100 +++ apt-zip-0.18+nmu1/debian/control2015-04-09 01:50:07.0 +0200 @@ -4,7 +4,7 @@ Build-Depends-Indep: docbook-utils, docbook Build-Depends: debhelper (= 5), cdbs Maintainer: Giacomo Catenazzi c...@debian.org -Uploaders: Eddy Petrișor eddy.petri...@gmail.com, François Févotte francois.fevo...@ensta.org +Uploaders: Eddy Petrișor eddy.petri...@gmail.com Standards-Version: 3.7.3 Homepage: http://alioth.debian.org/projects/apt-zip diff -Nru apt-zip-0.18/methods/wget apt-zip-0.18+nmu1/methods/wget --- apt-zip-0.18/methods/wget 2008-02-01 07:54:37.0 +0100 +++ apt-zip-0.18+nmu1/methods/wget 2015-04-09 03:34:04.0 +0200 @@ -31,10 +31,12 @@ [ ! ${USECHECKSUMS} = 'no' ] cat -EOF check(){ [ ! -r \$1 ] return 1 + [ ! -s \$1 ] return 1 [ \$2 = 0 ] return \$3 [ \$2 = ] return \$3 - [ \`type sha256sum\` ] - if [ \`sha256sum \$1 | cut -d' ' -f1\` = \$2 ] + [ \$2 = : ] return \$3 + [ \`type
Bug#781708: unblock: bb/1.3rc1-8.2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi, I've just uploaded bb/1.3rc1-8.2 to DELAYED/1 to mitigate #761023 (bb: Visual stops when audio starts under pulseaudio). I plan to lower the severity of #761023 to important as soon as the package upload reaches unstable. After some propositions in the bug report itself and some discussion on IRC we (mostly gregoa and myself with nthykier not crying out loudly about it ;-) came to the conclusion that having Music off by default plus adding a README.Debian mitigates the issue enough to lower the severity. README.Debian describes which combinations cause issues including a pointer to https://bugs.debian.org/761023 Since the package updates config.sub and config.guess upon source package build, the full debdiff is quite large. I'll include the full debdiff as attachment and the reduced debdiff (only the manual changes) inline here: diff -u bb-1.3rc1/main.c bb-1.3rc1/main.c --- bb-1.3rc1/main.c +++ bb-1.3rc1/main.c @@ -155,9 +155,9 @@ bbinit (argc, argv); #ifdef HAVE_LIBMIKMOD - aa_puts (context, 0, p++, AA_SPECIAL, Music?[Y/n]); + aa_puts (context, 0, p++, AA_SPECIAL, Music?[y/N]); aa_flush (context); - if (tolower (aa_getkey (context, 1)) != 'n') + if (tolower (aa_getkey (context, 1)) == 'y') { MikMod_RegisterAllDrivers (); MikMod_RegisterLoader (load_s3m); diff -u bb-1.3rc1/debian/changelog bb-1.3rc1/debian/changelog --- bb-1.3rc1/debian/changelog +++ bb-1.3rc1/debian/changelog @@ -1,3 +1,13 @@ +bb (1.3rc1-8.2) unstable; urgency=medium + + * Non-maintainer upload. + * Mitigate hanging visuals in combination with PulseAudio. ++ Set default answer for Music to no. ++ Add README.Debian explaining the situation. ++ Mitigates: #761023 + + -- Axel Beckert a...@debian.org Wed, 01 Apr 2015 21:35:03 +0200 + bb (1.3rc1-8.1) unstable; urgency=low * Non-maintainer upload. only in patch2: unchanged: --- bb-1.3rc1.orig/debian/README.Debian +++ bb-1.3rc1/debian/README.Debian @@ -0,0 +1,14 @@ +BB vs PulseAudio + + +Unfortunately BB does not work under X if PulseAudio is active and +Music is requested. If you have PulseAudio installed and want to show +off BB with Music, you can do that by switching to the virtual text +console and running BB there. + +Due to this issue Music in BB is turned of by default in Debian. + +This issue is tracked in the Debian Bug Tracking System at +https://bugs.debian.org/761023 + + -- Axel Beckert a...@debian.org, Wed, 1 Apr 2015 22:13:34 +0200 So please unblock bb/1.3rc1-8.2 as soon as it hits unstable. -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (110, 'experimental'), (109, 'buildd-unstable'), (109, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.19.0-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -u bb-1.3rc1/main.c bb-1.3rc1/main.c --- bb-1.3rc1/main.c +++ bb-1.3rc1/main.c @@ -155,9 +155,9 @@ bbinit (argc, argv); #ifdef HAVE_LIBMIKMOD - aa_puts (context, 0, p++, AA_SPECIAL, Music?[Y/n]); + aa_puts (context, 0, p++, AA_SPECIAL, Music?[y/N]); aa_flush (context); - if (tolower (aa_getkey (context, 1)) != 'n') + if (tolower (aa_getkey (context, 1)) == 'y') { MikMod_RegisterAllDrivers (); MikMod_RegisterLoader (load_s3m); diff -u bb-1.3rc1/config.sub bb-1.3rc1/config.sub --- bb-1.3rc1/config.sub +++ bb-1.3rc1/config.sub @@ -1,38 +1,31 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 -# Free Software Foundation, Inc. - -timestamp='2010-01-22' - -# This file is (in principle) common to ALL GNU software. -# The presence of a machine in this file suggests that SOME GNU software -# can handle that machine. It does not imply ALL GNU software can. -# -# This file is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or +# Copyright 1992-2014 Free Software Foundation, Inc. + +timestamp='2014-09-11' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY
Bug#781708: unblock: bb/1.3rc1-8.2
Hi, Axel Beckert wrote: I've just uploaded bb/1.3rc1-8.2 to DELAYED/1 to mitigate #761023 (bb: Visual stops when audio starts under pulseaudio). The package maintainer of bb has acknowledged the NMU. So I've moved it to DELAYED/0 and it has been uploaded to unstable already now and built on most architectures already: https://buildd.debian.org/status/package.php?p=bb I plan to lower the severity of #761023 to important as soon as the package upload reaches unstable. Actually, I've thought about this a little bit more. I'll better lower the severity only when the unblock request has been granted. That's closer to the common workflow and won't confuse PTS and friends. Another and maybe even better possibility to properly track the issue with its different severities depending on the package version would be to clone the bug report and to lower one of them to important and close the other one with the 1.3rc1-8.2 version. Does the Release Team has any preference on this? Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150401225855.gz5...@sym.noone.org
Bug#781637: unblock: apt-build/0.12.45
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear Release Team, I just did a QA upload of apt-build/0.12.45. The upload fixes https://bugs.debian.org/659015 which recently has been bumped to RC severity. From the changelog entry: * Use per-repo deb [trusted=yes] ... instead of global -o Apt::Get::AllowUnauthenticated=true. (Closes: #659015) This required multiple changes: + Bump versioned apt dependency to 0.8.16~exp3 for trusted=yes the option trusted=yes in sources.list files has been introduced with this apt version, hence apt-build won't work with earlier versions anymore. + Automatically add [trusted=yes] to existing generated file /etc/apt/sources.list.d/apt-build.list in postinst. First tests showed that the obvious way to fix it only fixes it for new installations of apt-build, but with an upgrade, -o Apt::Get::AllowUnauthenticated=true is no more used, but [trusted=yes] has not been added. So an additional sed call was needed in postinst. + Use grep -F instead of grep to search for the whole deb line in postinst to avoid the brackets around trusted=yes being parsed as character class. Previous postinst used plain grep to check for existing apt-build sources.list entries. But since the new sources.list entry contains square brackets, grep -F instead of grep is required. * Update Vcs-* URLs to current canonical forms and use collab-maint repository instead of the apt-build project one's while being under QA maintenance to allow write access to all DDs. I left the original Vcs-* headers in there as comments, but since neither me nor most QA uploads doing DDs have write-permissions to the apt-build project's Git repository and I didn't want to stop using a Vcs, I created a copy of the original repo under collab-maint and let the Vcs-* headers point there -- with the current canonical forms. Full source debdiff: diff -Nru apt-build-0.12.44/apt-build apt-build-0.12.45/apt-build --- apt-build-0.12.44/apt-build 2012-04-11 23:11:12.0 +0200 +++ apt-build-0.12.45/apt-build 2015-04-01 00:28:20.0 +0200 @@ -582,8 +582,7 @@ if(@pkgs !($conf-build_only)) { update() if $conf-update; - system($conf-apt_get . -t apt-build @apt_args \\ --o Apt::Get::AllowUnauthenticated=true install @pkglist); + system($conf-apt_get . -t apt-build @apt_args install @pkglist); wait; } return 1; diff -Nru apt-build-0.12.44/debian/changelog apt-build-0.12.45/debian/changelog --- apt-build-0.12.44/debian/changelog 2012-11-27 18:43:26.0 +0100 +++ apt-build-0.12.45/debian/changelog 2015-04-01 02:56:35.0 +0200 @@ -1,3 +1,20 @@ +apt-build (0.12.45) unstable; urgency=medium + + * QA upload + * Use per-repo deb [trusted=yes] ... instead of global -o +Apt::Get::AllowUnauthenticated=true. (Closes: #659015) ++ Bump versioned apt dependency to 0.8.16~exp3 for trusted=yes ++ Automatically add [trusted=yes] to existing generated file + /etc/apt/sources.list.d/apt-build.list in postinst. ++ Use grep -F instead of grep to search for the whole deb line + in postinst to avoid the brackets around trusted=yes being parsed as + character class. + * Update Vcs-* URLs to current canonical forms and use collab-maint +repository instead of the apt-build project one's while being under QA +maintenance to allow write access to all DDs. + + -- Axel Beckert a...@debian.org Wed, 01 Apr 2015 02:42:19 +0200 + apt-build (0.12.44) unstable; urgency=low * QA upload. diff -Nru apt-build-0.12.44/debian/config apt-build-0.12.45/debian/config --- apt-build-0.12.44/debian/config 2012-10-15 23:46:03.0 +0200 +++ apt-build-0.12.45/debian/config 2015-04-01 00:28:20.0 +0200 @@ -88,7 +88,7 @@ # run loop to prevent errors if some sources does not exist for source in $sourceslist $sourcesparts*.list ; do if [ -e $source ] ; then - if grep -Eq ^[[:space:]]*deb file:$repository_dir apt-build main $source ; then + if grep -Eq ^[[:space:]]*deb \[trusted=yes\] file:$repository_dir apt-build main $source ; then db_set apt-build/add_to_sourceslist true break fi diff -Nru apt-build-0.12.44/debian/control apt-build-0.12.45/debian/control --- apt-build-0.12.44/debian/control2012-04-11 23:11:12.0 +0200 +++ apt-build-0.12.45/debian/control2015-04-01 01:12:04.0 +0200 @@ -4,12 +4,14 @@ Maintainer: Debian QA Group packa...@qa.debian.org Build-Depends: debhelper (= 9), po4a, po-debconf Standards-Version: 3.9.3 -Vcs-Git: git://git.debian.org/git/apt-build/apt-build.git -Vcs-Browser: http://git.debian.org/?p=apt-build/apt-build.git +#Vcs-Git: git://anonscm.debian.org/apt-build/apt-build.git +#Vcs-Browser: https://anonscm.debian.org/cgit/apt-build/apt-build.git +Vcs-Git: git://anonscm.debian.org/collab-maint/apt-build.git +Vcs-Browser: https
Bug#780762: unblock: debsums/2.0.53
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debsums/2.0.53 Release 2.0.53 of debsums fixes https://bugs.debian.org/773136 which has been upped to RC recently and Niels has acked that I should go on with a fix of #773136 for Jessie. Compared to my previous NMUs of debsums, this release also contains the takeover of debsums by the Debian Perl Group with me added as additional Uploader. For the discussions about moving to group maintenance, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744398#722 and https://lists.debian.org/debian-perl/2015/01/msg00010.html. I initially planned this switch with the first post-Jessie upload, but since we now do another upload target for Jessie, I included the takeover in this upload, too. This makes the diff a little bit larger: diff -Nru debsums-2.0.52+nmu3/debian/changelog debsums-2.0.53/debian/changelog --- debsums-2.0.52+nmu3/debian/changelog2015-01-25 08:59:28.0 +0100 +++ debsums-2.0.53/debian/changelog 2015-03-18 21:44:45.0 +0100 @@ -1,3 +1,19 @@ +debsums (2.0.53) unstable; urgency=medium + + * Take package under maintenance of the Debian Perl Group ++ Move Maintainer to Uploaders ++ Set Maintainer to the Debian Perl Group ++ Update Vcs-* header to point to pkg-perl git repository ++ See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744398#722 and + https://lists.debian.org/debian-perl/2015/01/msg00010.html for + discussions about moving to group maintenance. + * Add myself as Uploader. + * Canonicalize Vcs-* headers. + * Apply patch by Vladimir N. Solovyov to also report modified files of +arch-qualified (multiarch) packages. (Closes: #773136) + + -- Axel Beckert a...@debian.org Wed, 18 Mar 2015 20:35:02 +0100 + debsums (2.0.52+nmu3) unstable; urgency=medium * Non-maintainer upload diff -Nru debsums-2.0.52+nmu3/debian/control debsums-2.0.53/debian/control --- debsums-2.0.52+nmu3/debian/control 2015-01-25 08:58:22.0 +0100 +++ debsums-2.0.53/debian/control 2015-03-18 21:44:45.0 +0100 @@ -1,12 +1,12 @@ Source: debsums Section: admin Priority: optional -Maintainer: Ryan Niebur r...@debian.org -Uploaders: Anders Kaseorg ande...@mit.edu +Maintainer: Debian Perl Group pkg-perl-maintain...@lists.alioth.debian.org +Uploaders: Ryan Niebur r...@debian.org, Anders Kaseorg ande...@mit.edu, Axel Beckert a...@debian.org Build-Depends: debhelper (= 8), po-debconf, po4a Standards-Version: 3.9.3 -Vcs-Git: git://git.debian.org/git/collab-maint/debsums.git -Vcs-Browser: http://git.debian.org/?p=collab-maint/debsums.git;a=summary +Vcs-Git: git://anonscm.debian.org/pkg-perl/packages/debsums.git +Vcs-Browser: https://anonscm.debian.org/cgit/pkg-perl/packages/debsums.git Package: debsums Architecture: all diff -Nru debsums-2.0.52+nmu3/debsums debsums-2.0.53/debsums --- debsums-2.0.52+nmu3/debsums 2015-01-25 08:59:28.0 +0100 +++ debsums-2.0.53/debsums 2015-03-18 21:44:45.0 +0100 @@ -462,7 +462,7 @@ return 0; } - my $correct_package = `dpkg-query --admindir=$DPKG -S /$path | awk -F: '{print \$1}'`; + my $correct_package = `dpkg-query --admindir=$DPKG -S /$path | awk -F': ' '{print \$1}'`; chomp($correct_package); if ($pack ne $correct_package) { #print $pack != $correct_package\n; So please unblock debsums/2.0.53 P.S.: Thanks to Niels for his help with stripping down the debdiff to what's necessary to properly include the Maintainer switch. -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (110, 'experimental'), (109, 'buildd-unstable'), (109, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.19.0-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150318213723.14236.23176.report...@c-cactus.deuxchevaux.org
Re: Bug#773136: debsums: modified files of arch-qualified (multiarch) packages are not being reported
Control: owner -1 ! Hi, Artem Chuprina wrote: I confirm this bug also when only one of multiarch packages is installed (that is, arch qualification is enough), and that it still exists in 2.0.52+nmu3. Probably it is reasonable to consider it release-critical because of its security implications. I already planned to do an update of debsums to fix #773136 in Jessie. I'm just quite busy with other stuff these days days. Will do the upload within a few days, maybe today in the evening, but latest earlier next week. I also already talked with nthykier (Cc'ed) of the release team (Cc'ed) on IRC about this issue and got a go from him. Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150317142303.gr17...@sym.noone.org
Bug#779997: unblock: (pre-approval) mksh/50d-4
Hi, Thorsten Glaser wrote: I see the upload has happened, but the diff seems to be very unlike the one you included in the bug. A diffstat of what I see is: […] I.e. a patch is being dropped and no other changes. Your original debdiff suggested there ought to be changes to said patch instead. Indeed. Huh. This seems to be a mistake on the sponsor’s side, Yep. And I fail to reproduce that failure. I thought I've build it as usual in pbuilder, but any attempt to reproduce that broken build (multiple builds in a row, building first locally, then in pbuilder, vice versa, etc.) all produced the expected debdiff. I'm confused myself. I’ll retry; sorry. I've just made a pbuilder build whose debdiff only differs from the debdiff posted here as follows, i.e. only in dates and version numbers: ~/debian/mksh-50d → colordiff (GET https://bugs.debian.org/cgi-bin/bugreport.cgi\?msg\=5\;filename\=mksh_50d-4.debdiff\;att\=1\;bug\=779997) (debdiff ../mksh_50d-3.dsc /var/cache/pbuilder/result/mksh_50d-5.dsc) 3c3 +++ mksh-50d/debian/changelog 2015-03-07 22:17:11.0 +0100 --- +++ mksh-50d/debian/changelog 2015-03-13 15:28:43.0 +0100 5c5 +mksh (50d-4) unstable; urgency=medium --- +mksh (50d-5) unstable; urgency=medium 19c19 +++ mksh-50d/debian/patches/debian-changes2015-03-07 22:19:12.0 +0100 --- +++ mksh-50d/debian/patches/debian-changes2015-03-13 15:30:05.0 +0100 25c25 ++@(#)MIRBSD KSH R50 2014/10/19 Debian-4 --- ++@(#)MIRBSD KSH R50 2014/10/19 Debian-5 34c34 ++@(#)LEGACY KSH R50 2014/10/19 Debian-4 --- ++@(#)LEGACY KSH R50 2014/10/19 Debian-5 83c83 ++#define MKSH_VERSION R50 2014/10/19 Debian-4 --- ++#define MKSH_VERSION R50 2014/10/19 Debian-5 I'll do some more checks to make sure I upload a non-broken package this time and then upload it. Sorry for the noise. Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150315175701.gr17...@sym.noone.org
Bug#779997: unblock: (pre-approval) mksh/50d-4
Control: tag -1 - moreinfo Hi, I've just uploaded mksh/50d-5 (as prepared by Thorsten) with the following debdiff to mksh/50d-3 (i.e. ignoring the broken 50d-4 upload): diff -Nru mksh-50d/debian/changelog mksh-50d/debian/changelog --- mksh-50d/debian/changelog 2014-10-23 11:20:27.0 +0200 +++ mksh-50d/debian/changelog 2015-03-13 15:28:43.0 +0100 @@ -1,3 +1,12 @@ +mksh (50d-5) unstable; urgency=medium + + * QA upload. + * Backport upstream fix: +- [tg] SECURITY: make unset HISTFILE actually work + * Adjust shell version accordingly + + -- Thorsten Glaser t...@mirbsd.de Sat, 07 Mar 2015 22:16:53 +0100 + mksh (50d-3) unstable; urgency=high * QA upload. diff -Nru mksh-50d/debian/patches/debian-changes mksh-50d/debian/patches/debian-changes --- mksh-50d/debian/patches/debian-changes 2014-10-23 11:24:49.0 +0200 +++ mksh-50d/debian/patches/debian-changes 2015-03-13 15:30:05.0 +0100 @@ -18,7 +18,7 @@ expected-stdout: - @(#)MIRBSD KSH R50 2014/10/07 -+ @(#)MIRBSD KSH R50 2014/10/19 ++ @(#)MIRBSD KSH R50 2014/10/19 Debian-5 description: Check version of shell. stdin: @@ -27,7 +27,7 @@ --- expected-stdout: - @(#)LEGACY KSH R50 2014/10/07 -+ @(#)LEGACY KSH R50 2014/10/19 ++ @(#)LEGACY KSH R50 2014/10/19 Debian-5 description: Check version of legacy shell. stdin: @@ -531,6 +531,39 @@ /* set $# and $* */ if (setargs) { wp += argi - 1; +--- mksh-50d.orig/histrap.c mksh-50d/histrap.c +@@ -563,7 +563,7 @@ sethistfile(const char *name) + return; + + /* if the name is the same as the name we have */ +- if (hname strcmp(hname, name) == 0) ++ if (hname name !strcmp(hname, name)) + return; + + /* +@@ -581,7 +581,8 @@ sethistfile(const char *name) + hist_source-line = 0; + } + +- hist_init(hist_source); ++ if (name) ++ hist_init(hist_source); + } + #endif + +@@ -713,8 +714,10 @@ hist_init(Source *s) + hist_source = s; + + #if HAVE_PERSISTENT_HISTORY +- if ((hname = str_val(global(HISTFILE))) == NULL) ++ if (((hname = str_val(global(HISTFILE))) == NULL) || !*hname) { ++ hname = NULL; + return; ++ } + strdupx(hname, hname, APERM); + hs = hist_init_first; + --- mksh-50d.orig/main.c +++ mksh-50d/main.c @@ -34,7 +34,7 @@ @@ -561,7 +594,7 @@ +__RCSID($MirOS: src/bin/mksh/sh.h,v 1.701 2014/10/19 21:53:08 tg Exp $); #endif -#define MKSH_VERSION R50 2014/10/07 -+#define MKSH_VERSION R50 2014/10/19 ++#define MKSH_VERSION R50 2014/10/19 Debian-5 /* arithmetic types: C implementation */ #if !HAVE_CAN_INTTYPES @@ -585,3 +618,17 @@ #define X_EXTRA 20 /* this many extra bytes in X string */ +--- mksh-50d.orig/var.c mksh-50d/var.c +@@ -1351,6 +1351,11 @@ unsetspec(struct tbl *vp) +*/ + + switch (special(vp-name)) { ++#if HAVE_PERSISTENT_HISTORY ++ case V_HISTFILE: ++ sethistfile(NULL); ++ return; ++#endif + case V_IFS: + setctypes(TC_IFSWS, C_IFS); + ifs0 = ' '; It already built fine on all platforms except sparc (still at needs-build as of now): https://buildd.debian.org/status/package.php?p=mkshsuite=unstable Please verify that I indeed upload a non-broken package this time. :-) Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE signature.asc Description: Digital signature
Bug#778352: (pre-approval) unblock: xymon/4.3.17-6
Hi Adam, Adam D. Barratt wrote: I've just uploaded xymon/4.3.17-6 to DELAYED/15 (see https://ftp-master.debian.org/deferred.html) with: [...] As soon as I've got your approval for the debdiff below, I'll fast-forward the upload to unstable. Please go ahead, and Thanks! Rescheduled. remove the moreinfo tag once that's been done. Will remove it as soon as I got the ACCEPTED mail. Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150214122958.go21...@sym.noone.org
Bug#778352: (pre-approval) unblock: xymon/4.3.17-6
Control: tags -1 - moreinfo Hi, the upload reached unstable: https://packages.qa.debian.org/x/xymon/news/20150214T123351Z.html Adam D. Barratt wrote: Please go ahead, and remove the moreinfo tag once that's been done. Done herewith. Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150214123921.gp21...@sym.noone.org
Bug#778352: (pre-approval) unblock: xymon/4.3.17-6
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Upstream recently fixed two memory leaks in xymond, xymon's main daemon. Without these fixes leakages of 2 GB memory per day have been observed under production conditions. I've just uploaded xymon/4.3.17-6 to DELAYED/15 (see https://ftp-master.debian.org/deferred.html) with: * two patches cherry picked from upstream to fix memory leaks (https://bugs.debian.org/778343) * one debconf translation update (https://bugs.debian.org/776126) * one so far missing addition to debian/copyright (https://bugs.debian.org/775590) As soon as I've got your approval for the debdiff below, I'll fast-forward the upload to unstable. Full debdiff: diff -Nru xymon-4.3.17/debian/changelog xymon-4.3.17/debian/changelog --- xymon-4.3.17/debian/changelog 2015-01-22 17:37:30.0 +0100 +++ xymon-4.3.17/debian/changelog 2015-02-13 21:59:49.0 +0100 @@ -1,10 +1,24 @@ +xymon (4.3.17-6) unstable; urgency=medium + + [ Axel Beckert ] + * Add CVE ID to the previous changelog entry. + * Debconf translations, thanks! ++ ru by Yuri Kozlov (Closes: #776126) + * Cherry pick two patches from upstream to fix multiple memory leaks. +(Closes: #778343) + + [ Christian Kastner ] + * Document license of sha?.* files in debian/copyright (Closes: #775590) + + -- Axel Beckert a...@debian.org Fri, 13 Feb 2015 21:59:49 +0100 + xymon (4.3.17-5) unstable; urgency=medium [ Christoph Berg ] * Restore the lost ROOTFS variable in xymonclient-linux.sh, and patch xymond/rrd/do_disk.c to ignore duplicate submissions for the / partition. (Closes: #767901) - * Fix buffer overrun in web/acknowledge.c (Closes: #776007) + * Fix buffer overrun in web/acknowledge.c (Closes: #776007, CVE-2015-1430) * Debconf translations, thanks! + pt by Américo Monteiro (Closes: #767840) + fr by Jean-Pierre Giraud (Closes: #770168) diff -Nru xymon-4.3.17/debian/copyright xymon-4.3.17/debian/copyright --- xymon-4.3.17/debian/copyright 2014-10-01 15:41:26.0 +0200 +++ xymon-4.3.17/debian/copyright 2015-02-13 15:34:20.0 +0100 @@ -121,6 +121,38 @@ copied and put under another distribution licence [including the GNU Public Licence.] +lib/sha1.c: + 100% Public Domain, by Steve Reid st...@edmweb.com, with small changes + by Thomas Roessler roess...@does-not-exist.org. + +lib/sha2.* + Copyright (C) 2005, 2007 Olivier Gay olivier@a3.epfl.ch + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the project nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + There is a nested c-ares tarball in bbnet/: Copyright 1998, 2000 by the Massachusetts Institute of Technology. Copyright (C) 2004 by Daniel Stenberg et al diff -Nru xymon-4.3.17/debian/patches/fix-xymond-memory-leak xymon-4.3.17/debian/patches/fix-xymond-memory-leak --- xymon-4.3.17/debian/patches/fix-xymond-memory-leak 1970-01-01 01:00:00.0 +0100 +++ xymon-4.3.17/debian/patches/fix-xymond-memory-leak 2015-02-13 20:32:46.0 +0100 @@ -0,0 +1,19 @@ +Description:Fix memory leak in acknowledge handling. + Cherry-picked from the 4.3.18 upstream release. +Origin: http://sourceforge.net/p/xymon/code/7488/ +Applied-Upstream: http://sourceforge.net/p/xymon/code/7488/ +Reviewed-by: Axel Beckert a...@debian.org + +Index: xymon/xymond/xymond.c +=== +--- xymon.orig/xymond/xymond.c 2015-02-13 15:38:17.0 +0100 xymon/xymond/xymond.c 2015-02-13 15:40
Bug#776009: unblock: xymon/4.3.17-5
Control: tag -1 - moreinfo Hi Niels, Niels Thykier wrote: Please go ahead with these changes Thanks! I've rescheduled it and it has been accepted in unstable (and built on most architectures). It should reach the archive with the next dinstall run. and remove the moreinfo tag once they reach unstable. Done. Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150130112613.gw6...@sym.noone.org
Bug#776009: Gentle ping wrt. Bug#776009: unblock: xymon/4.3.17-5
Dear Release Team, Christoph Berg wrote: several updates for xymon have accumulated since the last upload. We'd like to have them in Jessie, so we are asking for approval of the changes below. half of the DELAYED/15 period is now over (7 days left) and the autoremoval warning has started to pop up for xymon and hobbit-plugins. We'd be happy about feedback wrt. the proposed upload, which fixes one RC bug and one RC-equivalent bug reported in Ubuntu. Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150130003903.gs6...@sym.noone.org
RFC: RC-Bug#776251: ack-grep fails to install due to [local] diversion problem
Hi, I forgot to Cc the release team on this despite I'd like to hear the view of the release team on https://bugs.debian.org/776251 (Please reply to the bug report and maybe also Cc the debian-release ML so that it's clear that there was a comment without having to look at the bug report itself. The Reply-To header is set accordingly.) - Forwarded message from Axel Beckert a...@debian.org - Date: Mon, 26 Jan 2015 01:01:03 +0100 From: Axel Beckert a...@debian.org To: Olivier Schwander olivier.schwan...@ens-lyon.org, 776...@bugs.debian.org Subject: Bug#776251: ack-grep fails to install due to diversion problem Hi, this seems more or less the same issue as https://bugs.launchpad.net/ubuntu/+source/ack-grep/+bug/1385390 Olivier Schwander wrote: ack-grep fails to install pretending `/usr/bin/ack' is diverted by `/usr/bin/ack-grep' although the /usr/bin/ack file does not exist: [...] It works well after manullay removing the diversion: The package never used a diversion. That diversion must have been made by the local admin and hence can be regarded as a non-package issue. $ dpkg-divert --list *ack* local diversion of /usr/bin/ack-grep to /usr/bin/ack ^ ... which backs my assumption that a _local_ diversion (i.e. none made by a package) is the cause. I tend to close this issue as invalid/wontfix since the cause is a local (common(*) but so far unsupported) modification of the package. IMHO it has nothing to do with the package itself. But I'd like to hear comments from others from others (especially the Debian Perl Team and the Release Team) first, too. If they agree, I can imagine to add a diversion detection and then removal to ack-grep's preinst script despite the package never used a diversion. But I'm a) unsure if it's ok for a package to remove a _local_ diversion, and b) if it's a good idea to introduce such a change that late in the freeze. (*) Due to the Kanji converter ack[1], Debian was forced to rename the later introduced grep-like tool also called ack to ack-grep. It soon was more popular than the Kanji converter and many admins used dpkg-divert to rename ack-grep back to ack. Which is perfectly ok, but not supported by the package. At some point upstream even seem to have recommended to use such a diversion[2], despite he nowadays recommends a simple symlink[3]. [1] https://packages.qa.debian.org/a/ack.html [2] https://bugs.launchpad.net/ubuntu/+source/ack-grep/+bug/1385390/comments/3 [3] http://beyondgrep.com/documentation/ack-2.14-man.html#faq Regards, Axel […] - End forwarded message - Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE signature.asc Description: Digital signature
Bug#774932: Bug#774931: Trying to find the licenses for the alt.sysadmin.recovery man page collection
Jonathan Wiltshire wrote: On Sun, Jan 18, 2015 at 04:06:01PM +0100, Axel Beckert wrote: asr-manpages unfortunately got removed from testing manually without explicit reason instead of just waiting for the autoremoval period. That happened despite there are obvious efforts to fix this issue -- which definitely lowered my motiviation to do an NMU for this issue once the upstream authors have answered. :-( The maintainer indicated in #774932 that it would be best to remove it. Gah, this anonymous submitter is annoying. His claim that this is practically impossible is yet to be proved as I'm trying to prove the opposite. He rather should be constructive instead of kicking people's work in the ass. I'm quite pissed that anyone seems to ignore that I'm trying to fix this issue to avoid the same fate as with funny-manpages (where the copyright questions are indeed difficult to fix as the authors first have to be figured out). Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150118165148.gj26...@sym.noone.org
Bug#774932: Bug#774931: Trying to find the licenses for the alt.sysadmin.recovery man page collection
Hi, Riley Baird wrote: Gah, this anonymous submitter is annoying. His claim that this is practically impossible is yet to be proved as I'm trying to prove the opposite. I am not anonymous. Just a first name and an anonymous remailer is more or less anonymous for me. My name is Riley Baird. I am the maintainer of pyelliptic. Thanks! He rather should be constructive instead of kicking people's work in the ass. I'm quite pissed that anyone seems to ignore that I'm trying to fix this issue to avoid the same fate as with funny-manpages (where the copyright questions are indeed difficult to fix as the authors first have to be figured out). You might not have seen this, but I have tried contacting many of the authors of the funny-manpages, Indeed I didn't notice the progress over there. Thanks for your effort over there even though it seems the more difficult case of those two. and not a single one responded - except RMS, who refused to relicense his manpages. RMS declaring that something doesn't need to be free is weird. I even tried making a phone call to someone after looking up their name in the white pages. Thanks! I actually would only try that in my own country... The reason that I filed the RM request was that the RC bug on funny-manpages was left open for several hundred days, with no action. Despite they are different authors and nobody had tried to contact them before? Sorry, from my PoV this is clearly not the same. Since it seemed that nobody cared about this issue with funny-manpages, I saw no reason to assume that anyone would care about it with asr-manpages. I didn't try it with funny-manpages as there were more or less no authors listed in there. But in asr-manpages, most authors were listed and it was clear that the original postings can be found in the usenet group alt.sysadmin.recovery. For me that's a huge difference and the reason why I started the effort for asr-manpages, but not for funny-manpages. Now that you are making an effort to fix it, that's great. I *want* asr-manpages to be in Debian. I just don't think that you are likely to get permission from all, or even most, of the authors, and especially not in time for the jessie release. Not anymore after the package has been removed earlier than needed, no. IMHO, there was a small chance before the removal. *sigh* (I can see that result of the effort around funny-manpages can be demotivating and frustrating. But someone taking away the chance to get something fixed in time is demotivating and frustrating, too. So please be less impatient when you file an RM bug next time.) Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150118204633.gm26...@sym.noone.org
Re: Bug#774890: Is this bug really RC?
Hi together, Andreas Tille wrote: I stumbled upon this bug since it affects staden maintained by Debian Med. Same here with gnudatalanguage. When reading the bug report I stumbled upon The errors seems to date back to the lenny-squeeze update ... Well, you (Andreas T) did not cite a possible relevant part here: | This was observed on the following upgrade paths: | | lenny - squeeze - wheezy - jessie Although this upgrade path is not 100% true for all involved packages. See below. I'm seriously wondering whether this issue is RC critical for Jessie release To be honest: I think this is generally an RC-level issue and should be fixed. But I also think, it's a candidate for a jessie-ignore tag as the bug has been in there for quite a while (obviously) and -- from a first glance at the log which Andreas B. attached -- has no operational impact, just legal impact (wrong copyright file, etc.). Cc'ing debian-release for that. (This does not mean that I think it can't be fixed for Jessie. I just think that it's not an urgent issue as it exists for about 5 years now.) since we do not support upgrades over several releases. I'm not 100% sure what you mean with upgrades over several releases. Let me elaborate: We definitely support sequent dist-upgrades, even if it's not explicitly mentioned anywhere. Everyone does them. There's no rule that you need to reinstall after one dist-upgrade and can't do the next one because it's not supported. What we don't support is upgrades where releases are skipped, e.g. upgrades directly from Squeeze to Jessie without first upgrading to Wheezy -- that's clearly not supported. So far so good, but the attached log shows a case not covered by either scenario above: A package (msort-gui) which was not part of the one release was kept installed for that release: During the squeeze state of that chroot, the msort-gui package from lenny was still installed and then upgraded to the Wheezy version with the dist-upgrade to Wheezy. So the package which triggered this issue is msort-gui which was not part of the Squeeze release. But itk3 was. So while this issue showed up in an unsupported scenario, it still could happen and be an issue in a supported scenario. (I initially thought, Andreas B. attached the wrong piuparts log, because it's not for itk3 but for msort-gui. But msort-gui depends on itk3 via iwidgets4 and the issue in itk3 indeed shows up in that log.) Can you please be more verbose in how far this issue affects the Jessie release? The issue was likely caused by this non-trivial change back in 2009 (3.3-1): * New upstream release, moving itk3 to a separate source package. Lenny had itcl3 and itk3 in version 3.2.1-5 and Squeeze itk3 version 3.3-2. As far as I understand it, the issue is that on a box which such a history, the file /usr/share/doc/itcl3/copyright is actually the copyright file of itk3 which comes from different source package. This clearly violates the policy and is hence RC. The issue exists probably since itk3/3.3-1 -- it just hasn't been found before as it has no operational impact. And piuparts back then probably didn't do _that_ kind of check. So this issue will persist until any later package fixes it. I though wonder how to fix it, since the copyright file of itcl3 already has been overwritten. May require a Breaks in itcl3, too, so that itk3 is first upgraded and can fix the issue, and the itcl3 upgrade then fixes the missing copyright file. Such a Breaks, which forces itk3 to fix the issue before itcl3 gets upgraded, likely also fixes the issues Sergei brought up in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774890#15 (which has been posted after I started writing this mail). One more thing I'm still curious about: How the fuck do you stumble upon such a bug? :-) I don't expect that Andreas runs piuparts starting with Lenny on a daily business or without reason. I expect that a real-life case (which Andreas B. didn't mention) is hidden behind it and caused him to do that piuparts run. Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150116110341.ga32...@sym.noone.org
Bug#771801: unblock: hobbit-plugins/20141201
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock hobbit-plugins/20141201 It fixes the following bug with severity important: #770467 [i|+| ] [hobbit-plugins] hobbit-plugins: client-ext/apt: Warning: Use of uninitialized value $cand in string eq at /usr/lib/hobbit/client/ext/apt line 206, … See https://bugs.debian.org/770467 for details. Full source debdiff: $ debdiff /var/cache/pbuilder/sid/result/hobbit-plugins_2014{1006,1201}.dsc diff -Nru hobbit-plugins-20141006/client-ext/apt hobbit-plugins-20141201/client-ext/apt --- hobbit-plugins-20141006/client-ext/apt 2014-05-23 03:31:28.0 +0200 +++ hobbit-plugins-20141201/client-ext/apt 2014-11-28 16:43:40.0 +0100 @@ -202,7 +202,7 @@ $inst = $1 if / +Installed: (.+)/; $cand = $1 if / +Candidate: (.+)/; $pin = $1 if / +Package pin: (.+)/ and $1 eq $inst; -if (/^[ *]+(\S+) (\d+)$/) { +if (/^ (?: |\*\*\*) (\S*[^\s:]) (\d+)$/) { $in_dist = ($1 eq $cand); $pinprio = $2; } diff -Nru hobbit-plugins-20141006/debian/changelog hobbit-plugins-20141201/debian/changelog --- hobbit-plugins-20141006/debian/changelog2014-10-06 14:50:47.0 +0200 +++ hobbit-plugins-20141201/debian/changelog2014-12-01 12:33:05.0 +0100 @@ -1,3 +1,10 @@ +hobbit-plugins (20141201) unstable; urgency=medium + + * Fix parsing of apt-cache policy output in cases where the version of +the first listed package only contains digits. (Closes: #770467) + + -- Axel Beckert a...@debian.org Mon, 01 Dec 2014 12:33:05 +0100 + hobbit-plugins (20141006) unstable; urgency=medium * mount-ro: Do not alert about read-only tmpfs mounts (Closes: #764197) While the changelog entry may suggest that bug only surfaced under the mentioned conditions, it could also lead to false negatives in other cases. But the exact conditions for that are unknown. (It caused false positives under the mentioned conditions. Which is how it got noticed.) Changes debdiff: $ debdiff /var/cache/pbuilder/sid/result/hobbit-plugins_2014{1006,1201}_amd64.changes File lists identical (after any substitutions) Control files: lines which differ (wdiff format) Installed-Size: [-290-] {+291+} Version: [-20141006-] {+20141201+} So please unblock hobbit-plugins/20141201 -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'buildd-unstable'), (400, 'stable'), (110, 'experimental'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.17-rc5-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141202150600.9265.57144.report...@kiva6.ethz.ch
Bug#771103: unblock: zsh/5.0.7-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock zsh/5.0.7-5 it fixes one RC bug which is basically the manual fix of a current issue in debhelper which was found initially in the zsh package: #770226 [S| |☺] [zsh-common] installation fails with dpkg-maintscript-helper: error: original symlink target is not an absolute path #770245 [i|P| ] [debhelper] dh_installdeb: Using symlink_to_dir with relative symlinks needs ${misc:Pre-Depends} = dpkg = 1.17.14 $ debdiff /var/cache/pbuilder/result/zsh_5.0.7-{4,5}.dsc diff -Nru zsh-5.0.7/debian/changelog zsh-5.0.7/debian/changelog --- zsh-5.0.7/debian/changelog 2014-11-13 01:18:54.0 +0100 +++ zsh-5.0.7/debian/changelog 2014-11-25 23:41:23.0 +0100 @@ -1,3 +1,10 @@ +zsh (5.0.7-5) unstable; urgency=medium + + * [ab70e9dc] Pre-Depend on dpkg = 1.17.14 explicitly for using +symlink_to_dir with relative symlinks (Closes: #770226) + + -- Axel Beckert a...@debian.org Tue, 25 Nov 2014 23:42:17 +0100 + zsh (5.0.7-4) unstable; urgency=medium [ Simon McVittie ] diff -Nru zsh-5.0.7/debian/control zsh-5.0.7/debian/control --- zsh-5.0.7/debian/control2014-11-13 01:16:37.0 +0100 +++ zsh-5.0.7/debian/control2014-11-20 02:42:43.0 +0100 @@ -32,7 +32,8 @@ Package: zsh-common Architecture: all Depends: ${misc:Depends} -Pre-Depends: ${misc:Pre-Depends} +Pre-Depends: ${misc:Pre-Depends}, + dpkg (= 1.17.14) Replaces: zsh (= 5.0.2-1) Recommends: zsh Suggests: zsh-doc @@ -53,7 +54,8 @@ Depends: zsh-common (= ${source:Version}), ${misc:Depends}, ${shlibs:Depends} -Pre-Depends: ${misc:Pre-Depends} +Pre-Depends: ${misc:Pre-Depends}, + dpkg (= 1.17.14) Recommends: ${shlibs:Recommends} Suggests: zsh-doc Description: shell with lots of features @@ -102,7 +104,8 @@ Architecture: any Depends: zsh-common (= ${source:Version}), ${misc:Depends} -Pre-Depends: ${misc:Pre-Depends} +Pre-Depends: ${misc:Pre-Depends}, + dpkg (= 1.17.14) Section: libdevel Description: shell with lots of features (development files) Zsh is a UNIX command interpreter (shell) usable as an $ debdiff /var/cache/pbuilder/result/zsh_5.0.7-{4,5}_amd64.changes | fgrep -v /usr/lib/debug/.build-id/ [The following lists of changes regard files as different if they have different names, permissions or owners.] Files in second .changes but not in first - Files in first .changes but not in second - Control files of package zsh: lines which differ (wdiff format) --- Depends: zsh-common (= [-5.0.7-4),-] {+5.0.7-5),+} libc6 (= 2.15), libcap2 (= 1:2.10), libtinfo5 Pre-Depends: dpkg (= [-1.17.5)-] {+1.17.14)+} Recommends: libncursesw5 (= 5.6+20070908), libpcre3 (= [-8.10)-] {+8.35)+} Version: [-5.0.7-4-] {+5.0.7-5+} Control files of package zsh-beta: lines which differ (wdiff format) Depends: zsh (= 5), zsh-common (= [-5.0.7-4)-] {+5.0.7-5)+} Version: [-5.0.7-4-] {+5.0.7-5+} Control files of package zsh-beta-doc: lines which differ (wdiff format) Depends: zsh-common (= [-5.0.7-4),-] {+5.0.7-5),+} zsh-doc Version: [-5.0.7-4-] {+5.0.7-5+} Control files of package zsh-common: lines which differ (wdiff format) -- Installed-Size: [-10874-] {+10875+} Pre-Depends: dpkg (= [-1.17.5)-] {+1.17.14)+} Version: [-5.0.7-4-] {+5.0.7-5+} Control files of package zsh-dbg: lines which differ (wdiff format) --- Depends: zsh (= [-5.0.7-4),-] {+5.0.7-5),+} zsh-common (= [-5.0.7-4)-] {+5.0.7-5)+} Version: [-5.0.7-4-] {+5.0.7-5+} Control files of package zsh-dev: lines which differ (wdiff format) --- Depends: zsh-common (= [-5.0.7-4)-] {+5.0.7-5)+} Pre-Depends: dpkg (= [-1.17.5)-] {+1.17.14)+} Version: [-5.0.7-4-] {+5.0.7-5+} Control files of package zsh-doc: lines which differ (wdiff format) --- Depends: zsh-common (= [-5.0.7-4)-] {+5.0.7-5)+} Version: [-5.0.7-4-] {+5.0.7-5+} Control files of package zsh-static: lines which differ (wdiff format) -- Built-Using: glibc (= 2.19-13), libcap2 (= 1:2.24-6), ncurses (= 5.9+20140913-1), pcre3 (= [-1:8.35-3.2)-] {+1:8.36-1)+} Version: [-5.0.7-4-] {+5.0.7-5+} -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (110, 'experimental'), (109, 'buildd-unstable'), (109, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel
Bug#769027: (pre-approval for) unblock: dhcpy6d/0.4-2
Control: retitle -1 unblock: dhcpy6d/0.4-2 Hi Jonathan, Jonathan Wiltshire wrote: But since it didn't relate to any of the planned RC-fixes and we have a quite rigid freeze policy, I only planned the fix for an post-Jessie upload. This sounds wise to me. Unless it's actively causing a problem, we don't know what might break by changing it at this stage. I've looked into it (group adm for log files, #769029) closer and it's less trivial than expected as upstream has some chown calls in the code, too. So I need to discuss this first with upstream anyways. I'm happy with your proposed upload. Thanks, uploaded. Please unblock dhcpy6d/0.4-2. Compared to the diff posted so far, there's -- besides the updated changelog -- one small addition, because I missed a small but important detail: → git show 6060ae19c5edf7137425356f449d7a72b6fe8974 commit 6060ae19c5edf7137425356f449d7a72b6fe8974 Author: Axel Beckert a...@deuxchevaux.org Date: Thu Nov 13 15:36:09 2014 +0100 Debian package: postrm: Also delete /etc/default/dhcpy6d itself, ucf doesn't diff --git a/debian/dhcpy6d.postrm b/debian/dhcpy6d.postrm index 9f6499d..2e9f464 100755 --- a/debian/dhcpy6d.postrm +++ b/debian/dhcpy6d.postrm @@ -9,7 +9,7 @@ case $1 in purge) rm -f /var/log/dhcpy6d.log* /var/lib/dhcpy6d/volatile.sqlite # Taken from ucf's postrm example -for ext in '~' '%' .bak .ucf-new .ucf-old .ucf-dist; do +for ext in '' '~' '%' .bak .ucf-new .ucf-old .ucf-dist; do rm -f /etc/default/dhcpy6d$ext done if which ucf /dev/null; then Initially I missed the fact that calling ucf --purge does actually not remove the file itself as I expected. This also removes the file. Would result in a piuparts error otherwise. Here's the full debdiff of source packages between Testing and Unstable: diff -Nru dhcpy6d-0.4/debian/changelog dhcpy6d-0.4/debian/changelog --- dhcpy6d-0.4/debian/changelog2014-10-22 21:03:57.0 +0200 +++ dhcpy6d-0.4/debian/changelog2014-11-13 15:36:36.0 +0100 @@ -1,3 +1,21 @@ +dhcpy6d (0.4-2) unstable; urgency=medium + + * Handle /etc/default/dhcpy6d with ucf. (Closes: #767817) ++ Install file to /usr/share/dhcpy6d/default/dhcpy6d instead, remove + symlink debian/dhcpy6d.default, add debian/dhcpy6d.install. ++ Depend on ucf. + * Install volatile.sqlite into /usr/share/dhcpy6d/ and copy it to +/var/lib/dhcpy6d/volatile.sqlite during postinst only if it doesn't +yet exist. Remove it upon purge. (Closes: #768989) + * Both fixes above together also remove unnecessary executable bits. +(Else the fix for #767817 newly introduces the lintian warning +executable-not-elf-or-script; closes: #769006) + * Additionally replace symlink debian/dhcpy6d.logrotate with a patched +copy of etc/logrotate.d/dhcpy6d to remove the executable bit also +there. (Fixes another facet of #769006) + + -- Axel Beckert a...@debian.org Thu, 13 Nov 2014 12:39:09 +0100 + dhcpy6d (0.4-1) unstable; urgency=low [ Henri Wahl ] diff -Nru dhcpy6d-0.4/debian/control dhcpy6d-0.4/debian/control --- dhcpy6d-0.4/debian/control 2014-10-22 15:41:40.0 +0200 +++ dhcpy6d-0.4/debian/control 2014-11-10 12:40:18.0 +0100 @@ -15,6 +15,7 @@ Package: dhcpy6d Architecture: all Depends: adduser, + ucf, ${misc:Depends}, ${python:Depends} Pre-Depends: dpkg (= 1.16.5) diff -Nru dhcpy6d-0.4/debian/dhcpy6d.default dhcpy6d-0.4/debian/dhcpy6d.default --- dhcpy6d-0.4/debian/dhcpy6d.default 2014-10-22 21:36:32.0 +0200 +++ dhcpy6d-0.4/debian/dhcpy6d.default 1970-01-01 01:00:00.0 +0100 @@ -1,2 +0,0 @@ -# dhcpy6d is disabled by default -#RUN=yes diff -Nru dhcpy6d-0.4/debian/dhcpy6d.dirs dhcpy6d-0.4/debian/dhcpy6d.dirs --- dhcpy6d-0.4/debian/dhcpy6d.dirs 1970-01-01 01:00:00.0 +0100 +++ dhcpy6d-0.4/debian/dhcpy6d.dirs 2014-11-10 16:13:28.0 +0100 @@ -0,0 +1 @@ +usr/share/dhcpy6d/ diff -Nru dhcpy6d-0.4/debian/dhcpy6d.install dhcpy6d-0.4/debian/dhcpy6d.install --- dhcpy6d-0.4/debian/dhcpy6d.install 1970-01-01 01:00:00.0 +0100 +++ dhcpy6d-0.4/debian/dhcpy6d.install 2014-11-07 19:45:02.0 +0100 @@ -0,0 +1 @@ +etc/default/dhcpy6d usr/share/dhcpy6d/default/ diff -Nru dhcpy6d-0.4/debian/dhcpy6d.logrotate dhcpy6d-0.4/debian/dhcpy6d.logrotate --- dhcpy6d-0.4/debian/dhcpy6d.logrotate2014-10-22 21:36:32.0 +0200 +++ dhcpy6d-0.4/debian/dhcpy6d.logrotate2014-11-11 15:40:27.0 +0100 @@ -4,6 +4,6 @@ rotate 4 compress notifempty - create 770 dhcpy6d dhcpy6d + create 660 dhcpy6d dhcpy6d } diff -Nru dhcpy6d-0.4/debian/dhcpy6d.postinst dhcpy6d-0.4/debian/dhcpy6d.postinst --- dhcpy6d-0.4/debian/dhcpy6d.postinst 2014-09-18 19:53:36.0 +0200 +++ dhcpy6d-0.4/debian/dhcpy6d.postinst 2014-11-11 15:24:57.0 +0100 @@ -50,14 +50,23 @@ if [ ! -e /var/log/dhcpy6d.log
Bug#769488: unblock: zsh/5.0.7-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock zsh/5.0.7-4. It fixes the following bugs: #768937 [S| |=☺] [zsh] [patch] not binNMU-safe due to --link-doc between arch-dep and arch-indep #769140 [S| |=☺] [zsh] Unable to Install zsh #768241 [i| | ☺] [zsh] leaves alternatives after purge: /bin/rzsh = /bin/zsh4 (The first two RC-level bug reports were merged. The second issue was found by piuparts.) Source debdiff between the version in Testing (5.0.7-3) and the version in Sid (5.0.7-4): diff -Nru zsh-5.0.7/debian/TODO.md zsh-5.0.7/debian/TODO.md --- zsh-5.0.7/debian/TODO.md1970-01-01 01:00:00.0 +0100 +++ zsh-5.0.7/debian/TODO.md2014-11-08 22:31:00.0 +0100 @@ -0,0 +1,14 @@ +Debian Zsh TODO +=== + +After the Jessie-Release + + +* Remove zsh-beta* packages +* Remove alternatives system properly +* Remove zsh4* wrappers + +Decisions +- + +* Do we want to continue providing a static build (zsh-static)? diff -Nru zsh-5.0.7/debian/changelog zsh-5.0.7/debian/changelog --- zsh-5.0.7/debian/changelog 2014-10-21 02:41:42.0 +0200 +++ zsh-5.0.7/debian/changelog 2014-11-13 01:18:54.0 +0100 @@ -1,3 +1,25 @@ +zsh (5.0.7-4) unstable; urgency=medium + + [ Simon McVittie ] + * [991d536c] Make zsh source package binNMU-safe (Closes: #768937) ++ Do not use dh_installdocs --link-doc=zsh-common in + architecture-dependent packages ++ Symlink zsh-common documentation files into /usr/share/doc/zsh ++ Migrate /usr/share/doc/zsh and /usr/share/doc/zsh-dev from symlink + to directory using dpkg-maintscript-helper + + [ Axel Beckert ] + * [7b632623] Simplify Simon's patch by making /usr/share/doc/zsh/doc a +symlink to ../zsh-common/ in the zsh binary package. Avoids unpack +errors probably caused by having _two_ binary packages containing the +directory which was previously a symlink. (See the log of #768937.) + * [0e03e623,ad143a67] Add Pre-Depends: ${misc:Pre-Depends} for using +dpkg-maintscript-helper's symlink_to_dir. + * [af8ab9de] Also remove zsh4 alternative for rzsh (Closes: #768241) + * [353e05ab] Add a post-jessie TODO list to the source package + + -- Axel Beckert a...@debian.org Thu, 13 Nov 2014 01:18:54 +0100 + zsh (5.0.7-3) unstable; urgency=low * Upload to unstable again diff -Nru zsh-5.0.7/debian/control zsh-5.0.7/debian/control --- zsh-5.0.7/debian/control2014-10-21 02:33:01.0 +0200 +++ zsh-5.0.7/debian/control2014-11-13 01:16:37.0 +0100 @@ -32,6 +32,7 @@ Package: zsh-common Architecture: all Depends: ${misc:Depends} +Pre-Depends: ${misc:Pre-Depends} Replaces: zsh (= 5.0.2-1) Recommends: zsh Suggests: zsh-doc @@ -52,6 +53,7 @@ Depends: zsh-common (= ${source:Version}), ${misc:Depends}, ${shlibs:Depends} +Pre-Depends: ${misc:Pre-Depends} Recommends: ${shlibs:Recommends} Suggests: zsh-doc Description: shell with lots of features @@ -100,6 +102,7 @@ Architecture: any Depends: zsh-common (= ${source:Version}), ${misc:Depends} +Pre-Depends: ${misc:Pre-Depends} Section: libdevel Description: shell with lots of features (development files) Zsh is a UNIX command interpreter (shell) usable as an diff -Nru zsh-5.0.7/debian/rules zsh-5.0.7/debian/rules --- zsh-5.0.7/debian/rules 2014-10-13 22:55:03.0 +0200 +++ zsh-5.0.7/debian/rules 2014-11-12 00:31:08.0 +0100 @@ -182,7 +182,8 @@ -dDependsdebian/zsh/bin/* \ -dRecommends debian/zsh/usr/lib/*/zsh/*/zsh/*.so - dh_installdocs -pzsh -pzsh-dbg --link-doc=zsh-common + dh_installdocs -pzsh -pzsh-dbg --link-doc=zsh + dh_installchangelogs -pzsh binary-arch-static: build-static dh_testdir @@ -192,7 +193,8 @@ # Do not symlink /usr/share/doc/zsh-static to # /usr/share/doc/zsh-common because zsh-static has a unique, - # generated README.Debian + # generated README.Debian, and because --link-doc between + # arch-dep and arch-indep packages breaks binNMUs dh_installdocs -pzsh-static awk 'BEGIN { print The following modules are statically-compiled into the static zsh binary:\n; } /link=static/ { printf %s (%s %s)\n, substr($$1,6), $$4, $$5; }' obj-static/config.modules debian/zsh-static/usr/share/doc/zsh-static/README.Debian @@ -215,7 +217,8 @@ cd debian/zsh-dev/usr/share/aclocal; mv aczshoot.m4 zshoot.m4 - dh_installdocs -pzsh-dev --link-doc=zsh-common + dh_installdocs -pzsh-dev + dh_installchangelogs -pzsh-dev binary-arch: binary-arch-dynamic binary-arch-static binary-arch-dev dh_lintian-a diff -Nru zsh-5.0.7/debian/zsh-common.maintscript zsh-5.0.7/debian/zsh-common.maintscript --- zsh-5.0.7/debian/zsh-common.maintscript 1970-01-01 01:00:00.0 +0100 +++ zsh-5.0.7/debian
Bug#769488: unblock: zsh/5.0.7-4
Hi, Axel Beckert wrote: Binary debdiff (i.e. debdiff between the two _amd64.changes files): [The following lists of changes regard files as different if they have different names, permissions or owners.] Files in second .changes but not in first - -rw-r--r-- root/root /usr/share/doc/zsh-dev/NEWS.Debian.gz -rw-r--r-- root/root /usr/share/doc/zsh-dev/changelog.Debian.gz -rw-r--r-- root/root /usr/share/doc/zsh-dev/changelog.gz -rw-r--r-- root/root /usr/share/doc/zsh-dev/copyright -rw-r--r-- root/root /usr/share/doc/zsh/NEWS.Debian.gz -rw-r--r-- root/root /usr/share/doc/zsh/changelog.Debian.gz -rw-r--r-- root/root /usr/share/doc/zsh/changelog.gz -rw-r--r-- root/root /usr/share/doc/zsh/copyright lrwxrwxrwx root/root /usr/share/doc/zsh-dbg - zsh lrwxrwxrwx root/root /usr/share/doc/zsh/doc - ../zsh-common lrwxrwxrwx root/root /usr/share/doc/zsh/examples - ../zsh-common/examples Files in first .changes but not in second - lrwxrwxrwx root/root /usr/share/doc/zsh - zsh-common lrwxrwxrwx root/root /usr/share/doc/zsh-dbg - zsh-common lrwxrwxrwx root/root /usr/share/doc/zsh-dev - zsh-common I forgot to mention that the above binary debdiff is filtered to not show any files under /usr/lib/debug/.build-id/ as the build-id is part of the path and hence generated some irrelevant noise in the debdiff. The actual command to generate that debdiff was: debdiff /var/cache/pbuilder/result/zsh_5.0.7-{3,4}_amd64.changes | fgrep -v /usr/lib/debug/.build-id/ Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `-| 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141114001012.gc28...@sym.noone.org
Bug#769027: (pre-approval for) unblock: dhcpy6d/0.4-2
Hi, Julien Cristau wrote: On Tue, Nov 11, 2014 at 15:52:00 +0100, Axel Beckert wrote: After having sent this mail, I noticed that there is one more facet of #769006. The following patch would also remove the executable bit of rotated logs: Why are log files not root:adm? This is another open minor bug report which I'll happily fix for Jessie if I get a freeze exception for it: https://bugs.debian.org/769029 But since it didn't relate to any of the planned RC-fixes and we have a quite rigid freeze policy, I only planned the fix for an post-Jessie upload. Feel free to raise its severity if you think minor is inappropriate. Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `-| 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141112145213.gs28...@sym.noone.org
Bug#769027: (pre-approval for) unblock: dhcpy6d/0.4-2
Hi, Axel Beckert wrote: Since the minimal fix for #767817 introduced a new lintian warning (executable-not-elf-or-script usr/share/dhcpy6d/default/dhcpy6d) and because the fix #768989 already modifies the one line in debian/dhcpy6d.postinst which needs to be changed to fix the remaining part of ... #769006 [m| | ] [dhcpy6d] dhcpy6d: Multiple files with unnecessary executable bit I included a fix for this issue/lintian warning, too, but I have neither yet pushed that part nor uploaded 0.4-2 yet. So if the fix for #769006 included below is not ok, and the lintian warning executable-not-elf-or-script is ok to be introduced by the RC fix, I'll upload 0.4-2 without the #769006 fix (and send a new debdiff afterwards). After having sent this mail, I noticed that there is one more facet of #769006. The following patch would also remove the executable bit of rotated logs: diff --git a/etc/logrotate.d/dhcpy6d b/etc/logrotate.d/dhcpy6d index 6a11d52..d4169bb 100644 --- a/etc/logrotate.d/dhcpy6d +++ b/etc/logrotate.d/dhcpy6d @@ -4,6 +4,6 @@ rotate 4 compress notifempty - create 770 dhcpy6d dhcpy6d + create 660 dhcpy6d dhcpy6d } Actually this has been fixed upstream just today. Since this is upstream code which I don't want to touch anymore for Jessie, I'd replace the current symlink (debian/dhcpy6d.logrotate - ../etc/logrotate.d/dhcpy6d) with a copy patched as above. The full git diff would be: diff --git a/debian/dhcpy6d.logrotate b/debian/dhcpy6d.logrotate deleted file mode 12 index ff6efc1..000 --- a/debian/dhcpy6d.logrotate +++ /dev/null @@ -1 +0,0 @@ -../etc/logrotate.d/dhcpy6d \ No newline at end of file diff --git a/debian/dhcpy6d.logrotate b/debian/dhcpy6d.logrotate new file mode 100644 index 000..d4169bb --- /dev/null +++ b/debian/dhcpy6d.logrotate @@ -0,0 +1,9 @@ +/var/log/dhcpy6d.log { + weekly + missingok + rotate 4 + compress + notifempty + create 660 dhcpy6d dhcpy6d +} + I'd like to add that to the upload, too. But I'm ok if that's out of scope. (I'm also fine with splitting up #769006 into multiple issues and only fixing some of them for Jessie.) Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `-| 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/2014145200.gl28...@sym.noone.org
Bug#769027: (pre-approval for) unblock: dhcpy6d/0.4-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock I intend to upload the debdiff below to unstable to fix the following two RC bugs: #768989 [G|P| ] [dhcpy6d] dhcpy6d: Overwrites lease databases upon package upgrade if SQLite backend is used #767817 [S|P| ] [dhcpy6d] dhcpy6d: modifies conffiles (policy 10.7.3): /etc/default/dhcpy6d Since the minimal fix for #767817 introduced a new lintian warning (executable-not-elf-or-script usr/share/dhcpy6d/default/dhcpy6d) and because the fix #768989 already modifies the one line in debian/dhcpy6d.postinst which needs to be changed to fix the remaining part of ... #769006 [m| | ] [dhcpy6d] dhcpy6d: Multiple files with unnecessary executable bit I included a fix for this issue/lintian warning, too, but I have neither yet pushed that part nor uploaded 0.4-2 yet. So if the fix for #769006 included below is not ok, and the lintian warning executable-not-elf-or-script is ok to be introduced by the RC fix, I'll upload 0.4-2 without the #769006 fix (and send a new debdiff afterwards). Please note that the removal of dhcpy6d-0.4/debian/dhcpy6d.default below is actually just deletion of a symbolic link. Upstream's dhcpy6d-0.4/etc/default/dhcpy6d (to which the symlink pointed) still exists. Following the debdiff between the two source packages and then the debdiff between the two resulting binary packages. $ debdiff ../dhcpy6d_0.4-{1,2}.dsc diff -Nru dhcpy6d-0.4/debian/changelog dhcpy6d-0.4/debian/changelog --- dhcpy6d-0.4/debian/changelog2014-10-22 21:03:57.0 +0200 +++ dhcpy6d-0.4/debian/changelog2014-11-10 19:56:59.0 +0100 @@ -1,3 +1,18 @@ +dhcpy6d (0.4-2) unstable; urgency=medium + + * Handle /etc/default/dhcpy6d with ucf. (Closes: #767817) ++ Install file to /usr/share/dhcpy6d/default/dhcpy6d instead, remove + symlink debian/dhcpy6d.default, add debian/dhcpy6d.install. ++ Depend on ucf. + * Install volatile.sqlite into /usr/share/dhcpy6d/ and copy it to +/var/lib/dhcpy6d/volatile.sqlite during postinst only if it doesn't +yet exist. Remove it upon purge. (Closes: #768989) + * Both fixes above together also remove unnecessary executable bits. +(Else the fix for #767817 newly introduces the lintian warning +executable-not-elf-or-script; closes: #769006) + + -- Axel Beckert a...@debian.org Mon, 10 Nov 2014 19:56:57 +0100 + dhcpy6d (0.4-1) unstable; urgency=low [ Henri Wahl ] diff -Nru dhcpy6d-0.4/debian/control dhcpy6d-0.4/debian/control --- dhcpy6d-0.4/debian/control 2014-10-22 15:41:40.0 +0200 +++ dhcpy6d-0.4/debian/control 2014-11-10 12:40:18.0 +0100 @@ -15,6 +15,7 @@ Package: dhcpy6d Architecture: all Depends: adduser, + ucf, ${misc:Depends}, ${python:Depends} Pre-Depends: dpkg (= 1.16.5) diff -Nru dhcpy6d-0.4/debian/dhcpy6d.default dhcpy6d-0.4/debian/dhcpy6d.default --- dhcpy6d-0.4/debian/dhcpy6d.default 2014-10-22 21:36:32.0 +0200 +++ dhcpy6d-0.4/debian/dhcpy6d.default 1970-01-01 01:00:00.0 +0100 @@ -1,2 +0,0 @@ -# dhcpy6d is disabled by default -#RUN=yes diff -Nru dhcpy6d-0.4/debian/dhcpy6d.dirs dhcpy6d-0.4/debian/dhcpy6d.dirs --- dhcpy6d-0.4/debian/dhcpy6d.dirs 1970-01-01 01:00:00.0 +0100 +++ dhcpy6d-0.4/debian/dhcpy6d.dirs 2014-11-10 16:13:28.0 +0100 @@ -0,0 +1 @@ +usr/share/dhcpy6d/ diff -Nru dhcpy6d-0.4/debian/dhcpy6d.install dhcpy6d-0.4/debian/dhcpy6d.install --- dhcpy6d-0.4/debian/dhcpy6d.install 1970-01-01 01:00:00.0 +0100 +++ dhcpy6d-0.4/debian/dhcpy6d.install 2014-11-07 19:45:02.0 +0100 @@ -0,0 +1 @@ +etc/default/dhcpy6d usr/share/dhcpy6d/default/ diff -Nru dhcpy6d-0.4/debian/dhcpy6d.postinst dhcpy6d-0.4/debian/dhcpy6d.postinst --- dhcpy6d-0.4/debian/dhcpy6d.postinst 2014-09-18 19:53:36.0 +0200 +++ dhcpy6d-0.4/debian/dhcpy6d.postinst 2014-11-10 19:14:41.0 +0100 @@ -50,14 +50,23 @@ if [ ! -e /var/log/dhcpy6d.log ]; then touch /var/log/dhcpy6d.log fi -chown $SERVER_USER:$SERVER_GROUP /var/log/dhcpy6d.log -chmod 0770 /var/log/dhcpy6d.log +if [ ! -e /var/lib/dhcpy6d/volatile.sqlite ]; then +cp /usr/share/dhcpy6d/volatile.sqlite /var/lib/dhcpy6d/volatile.sqlite +fi +chown $SERVER_USER:$SERVER_GROUP /var/log/dhcpy6d.log /var/lib/dhcpy6d/volatile.sqlite +chmod 0660 /var/log/dhcpy6d.log /var/lib/dhcpy6d/volatile.sqlite # 6. add DUID entry to /etc/default/dhcpy6d if not yet existing -if [ ! $(grep DUID= /etc/default/dhcpy6d) ]; then -echo /etc/default/dhcpy6d -echo # LLT DUID generated by Debian /etc/default/dhcpy6d -echo DUID=$(dhcpy6d --generate-duid) /etc/default/dhcpy6d +TMPFILE=`mktemp` +cat /usr/share/dhcpy6d/default/dhcpy6d ${TMPFILE} +echo${TMPFILE} +echo # LLT DUID generated by Debian ${TMPFILE} +if [ ! -e /etc/default/dhcpy6d ] || ! grep -q
Re: Bug#747141 debhelper: dh_installdocs --link-doc forces source-version dependencies (was: Re: Bug#766795: afterstep not binnmu safe and not installable in sid)
forcemerge 747141 766711 766795 thanks Hi, Robert Luberda wrote: reassign 766795 debhelper merge 766795 766711 [...] It seems after the binnmu for the libjpeg-turbo transition afterstep is no longer installable in sid (and hence the binnmu won't migrate and the transition won't complete in testing). This is debhelper bug. Yes. From my point of view it's actually a known bug which is currently tagged jessie-ignore https://bugs.debian.org/747141 While I can understand that tag, this issue caused quite some havoc with the recent BinNMUs across all architectures for more recent hardening flags and rebuilds against a newer libc. I've just uploaded afterstep 2.2.12-3, which removes usage of {misc:Depends} as a work-around. I suspect that's currently the only solution. zsh is affected, too: Depends: zsh-common (= 5.0.7-3), zsh-common (= 5.0.7-3+b1), [...] debian/control says: Depends: zsh-common (= ${source:Version}), ${misc:Depends}, [...] So it may be worth reinvestigating this issue instead of removing ${misc:Depends} from tons of packages (and causing lintian warnings about that) and requesting freeze exceptions for all these uploads. (I expected hundreds of them, zsh and afterstep only being some examples.) Any advice by the release team on this issue is appreciated. Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `-| 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141109163253.ga5...@sym.noone.org
Re: Bug#747141 debhelper: dh_installdocs --link-doc forces source-version dependencies (was: Re: Bug#766795: afterstep not binnmu safe and not installable in sid)
Hi Bernhard, thanks for the clarifications. Bernhard R. Link wrote: * Axel Beckert a...@debian.org [141109 17:33]: I suspect that's currently the only solution. zsh is affected, too: Depends: zsh-common (= 5.0.7-3), zsh-common (= 5.0.7-3+b1), [...] debian/control says: Depends: zsh-common (= ${source:Version}), ${misc:Depends}, [...] [...] The problem is that removing the misc:Depends just replaces one bug with another one: The packages created that way will not include a changelog for the binnmu. Correct. It came to me, too, when chatting with Niels about it on IRC. The arch:any packages install a changelog.Debian.$ARCH.gz file which is not there in this case: Packages using --link-doc to link from an architecture any[1] to an architecture all package are not really bin-nmuable. But then again I'd expect that this is the most common case of --link-doc: A lean arch:any package with binary programs depending on a much bigger arch:all package with architecture-independent data files. - change the affected packages in question to not use --link-doc. That's likely the way I'd go with zsh then, with the addition of some additional symlinks from /usr/share/doc/zsh/something to /usr/share/doc/zsh-common/something for most files not being changelogs. *sigh* Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `-| 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141109185938.gc28...@sym.noone.org
Bug#744825: wheezy-pu: conkeror with support for more recent xulrunner ESR
Package: release.debian.org Severity: normal Tags: wheezy User: release.debian@packages.debian.org Usertags: pu Control: block 736364 by -1 Control: tag 736364 + pending Hi, for the upcoming stable update I'd like to upload the following conkeror package to address the planned removal of xulrunner-10.0 from stable. Please tell me if it's ok to upload 1.0~~pre+git120527-1+deb7u1 to stable-proposed-updates as shown below. → debdiff conkeror_1.0~~pre+git120527-1.dsc conkeror_1.0~~pre+git120527-1+deb7u1.dsc diff -Nru conkeror-1.0~~pre+git120527/debian/changelog conkeror-1.0~~pre+git120527/debian/changelog --- conkeror-1.0~~pre+git120527/debian/changelog2012-05-27 17:07:33.0 +0200 +++ conkeror-1.0~~pre+git120527/debian/changelog2014-04-15 02:33:14.0 +0200 @@ -1,3 +1,16 @@ +conkeror (1.0~~pre+git120527-1+deb7u1) stable-proposed-updates; urgency=low + + * Add support for current Xulrunner ESR releases (Closes: #736364) + * Cherry-pick the following upstream commits: ++ 2c36b5072: scroll-top-left: fix for XR = 23 (Closes: #726245) ++ 38b6279c2: completions_tree_view.getCellProperties: fix for XR = 22 ++ bbd010b5a: favicon.js: use setAndFetchFaviconForPage for XR = 18 ++ 9bb360e64: favicon_set: fix for XR 18 ++ 3fa86d908: modifiers.s: Meta vs Super key (regression after XR 12) + * Update Vcs-Git to sport proper branch for stable updates + + -- Axel Beckert a...@debian.org Tue, 15 Apr 2014 01:48:08 +0200 + conkeror (1.0~~pre+git120527-1) unstable; urgency=low * New upstream snapshot diff -Nru conkeror-1.0~~pre+git120527/debian/conkeror.bin conkeror-1.0~~pre+git120527/debian/conkeror.bin --- conkeror-1.0~~pre+git120527/debian/conkeror.bin 2012-05-23 18:29:54.0 +0200 +++ conkeror-1.0~~pre+git120527/debian/conkeror.bin 2014-04-15 02:20:01.0 +0200 @@ -4,7 +4,7 @@ # Find an appropriate xulrunner binary XULRUNNER='' -for version in `LC_ALL=C seq 5.0 13.0 | tac` 2.0 1.9.2 1.9.1; do +for version in 24.0 17.0 `LC_ALL=C seq 5.0 13.0 | tac` 2.0 1.9.2 1.9.1; do XRTMP=`which xulrunner-$version` if [ -n $XRTMP -a -x $XRTMP ]; then XULRUNNER=$XRTMP diff -Nru conkeror-1.0~~pre+git120527/debian/control conkeror-1.0~~pre+git120527/debian/control --- conkeror-1.0~~pre+git120527/debian/control 2012-05-27 16:59:53.0 +0200 +++ conkeror-1.0~~pre+git120527/debian/control 2014-04-15 02:31:42.0 +0200 @@ -6,11 +6,13 @@ Standards-Version: 3.9.3 Homepage: http://conkeror.org/ Vcs-Browser: http://repo.or.cz/w/conkeror.git -Vcs-Git: git://repo.or.cz/conkeror.git +Vcs-Git: git://repo.or.cz/conkeror.git -b debian-wheezy Package: conkeror Architecture: all Depends: ${misc:Depends}, + xulrunner-24.0 | + xulrunner-17.0 | xulrunner-10.0 | xulrunner-13.0 | xulrunner-12.0 | diff -Nru conkeror-1.0~~pre+git120527/debian/patches/cherry-pick-for-stable-2c36b5072.patch conkeror-1.0~~pre+git120527/debian/patches/cherry-pick-for-stable-2c36b5072.patch --- conkeror-1.0~~pre+git120527/debian/patches/cherry-pick-for-stable-2c36b5072.patch 1970-01-01 01:00:00.0 +0100 +++ conkeror-1.0~~pre+git120527/debian/patches/cherry-pick-for-stable-2c36b5072.patch 2014-04-15 02:23:13.0 +0200 @@ -0,0 +1,25 @@ +commit 2c36b5072cdcfeb1effe308a83b9121f9a5bed08 +Author: John Foerch jjfoe...@earthlink.net +Date: Thu Oct 17 09:12:40 2013 -0400 + +scroll-top-left: fix for xulrunner = 23 + +resolves issue450 (see http://bugs.conkeror.org/issue450 for details). + +diff --git a/modules/commands.js b/modules/commands.js +index dd13267..2123365 100644 +--- a/modules/commands.js b/modules/commands.js +@@ -52,8 +52,10 @@ interactive(scroll-end-of-line, + + interactive(scroll-top-left, + Scroll the current frame all the way to the top left, +- function (I) { I.buffer.do_command(cmd_scrollTop); +-scroll_horiz_complete(I.buffer, -1); }); ++ function (I) { ++ scroll_horiz_complete(I.buffer, -1); ++ I.buffer.do_command(cmd_scrollTop); ++ }); + + + function delete_window (window) { diff -Nru conkeror-1.0~~pre+git120527/debian/patches/cherry-pick-for-stable-38b6279c2.patch conkeror-1.0~~pre+git120527/debian/patches/cherry-pick-for-stable-38b6279c2.patch --- conkeror-1.0~~pre+git120527/debian/patches/cherry-pick-for-stable-38b6279c2.patch 1970-01-01 01:00:00.0 +0100 +++ conkeror-1.0~~pre+git120527/debian/patches/cherry-pick-for-stable-38b6279c2.patch 2014-04-15 02:23:13.0 +0200 @@ -0,0 +1,35 @@ +commit 38b6279c2053854c2e8f24e70facb5328d9f170c +Author: John Foerch jjfoe...@earthlink.net +Date: Thu Nov 7 23:29:47 2013 -0500 + +completions_tree_view.getCellProperties: fix for XULRunner = 22 + +Conkeror would issue errors like the following to the terminal when +running on XULRunner 22 or later: + +Console error: [JavaScript Error: TypeError: props is undefined + {file: chrome
Bug#744826: release.debian.org: wheezy-pu: wml/2.0.12ds1-3+deb7u1
Package: release.debian.org Severity: normal Tags: wheezy User: release.debian@packages.debian.org Usertags: pu Hi, to fix #734507 (which causes issues with webwml on www.debian.org) in stable, too, I'd like to upload a wml package version 2.0.12ds1-3+deb7u1 to stable-proposed-updates as follows. The fix is already in Jessie and Sid, uploaded in 2.0.12ds1-7. Please tell me if it's ok to upload the following package update to stable-proposed-updates. → debdiff wml_2.0.12ds1-3.dsc wml_2.0.12ds1-3+deb7u1.dsc diff -Nru wml-2.0.12ds1/debian/changelog wml-2.0.12ds1/debian/changelog --- wml-2.0.12ds1/debian/changelog 2012-06-11 00:38:04.0 +0200 +++ wml-2.0.12ds1/debian/changelog 2014-04-15 02:58:46.0 +0200 @@ -1,3 +1,10 @@ +wml (2.0.12ds1-3+deb7u1) stable-proposed-updates; urgency=low + + * Add patch by KiBi to remove /tmp/ipp.* directories (Closes: #734507; +reported by taffit on #debian-www) + + -- Axel Beckert a...@debian.org Tue, 15 Apr 2014 02:53:13 +0200 + wml (2.0.12ds1-3) unstable; urgency=low * Fix FTBFS in testsuite on i386 and s390x buildds by not running those diff -Nru wml-2.0.12ds1/debian/patches/remove-tmp-ipp-directories.diff wml-2.0.12ds1/debian/patches/remove-tmp-ipp-directories.diff --- wml-2.0.12ds1/debian/patches/remove-tmp-ipp-directories.diff 1970-01-01 01:00:00.0 +0100 +++ wml-2.0.12ds1/debian/patches/remove-tmp-ipp-directories.diff 2014-04-15 02:58:46.0 +0200 @@ -0,0 +1,16 @@ +Description: Remove /tmp/ipp.* directories after successful runs +Author: Cyril Brulebois k...@debian.org +Bug-Debian: http://bugs.debian.org/734507 + +Index: wml/wml_backend/p1_ipp/ipp.src +=== +--- wml.orig/wml_backend/p1_ipp/ipp.src2014-01-07 21:56:44.009298086 +0100 wml/wml_backend/p1_ipp/ipp.src 2014-01-07 21:58:10.457913784 +0100 +@@ -682,6 +682,7 @@ + } + + # die gracefully ++rmdir($tmpdir); + exit(0); + + ##EOF## diff -Nru wml-2.0.12ds1/debian/patches/series wml-2.0.12ds1/debian/patches/series --- wml-2.0.12ds1/debian/patches/series 2012-06-10 20:49:27.0 +0200 +++ wml-2.0.12ds1/debian/patches/series 2014-04-15 02:53:40.0 +0200 @@ -12,3 +12,4 @@ fix-WMLGD-linkage.diff fix-WML_VERSION-in-manpage.diff disable-wmk-test-3.diff +remove-tmp-ipp-directories.diff -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87tx9v2y83@c-crosser.deuxchevaux.org
Bug#744827: wheezy-pu: glark/1.8.0-1.1~deb7u1 (RC bug fix)
Package: release.debian.org Severity: normal Tags: wheezy User: release.debian@packages.debian.org Usertags: pu Hi, to also address RC bug http://bugs.debian.org/724768 in stable, I'd upload my NMU 1.8.0-1.1 also to stable-proposed-updates as 1.8.0-1.1~deb7u1. (Cc'ing glark's maintainer.) Since the patch and changelog entry are exactly the same as already uploaded to unstable I decided to include the according changelog entry completely and adding a new entry for the upload instead of using the same changelog entry, just with a different version and target distribution. Please tell me if it's ok to upload this to stable-proposed-updates. If the version number and the changelog entries are not ok, please advise me what way is preferred. → debdiff glark_1.8.0-1.dsc glark_1.8.0-1.1\~deb7u1.dsc diff -u glark-1.8.0/debian/changelog glark-1.8.0/debian/changelog --- glark-1.8.0/debian/changelog +++ glark-1.8.0/debian/changelog @@ -1,3 +1,18 @@ +glark (1.8.0-1.1~deb7u1) stable-proposed-updates; urgency=low + + * Upload to stable-proposed-updates + + -- Axel Beckert a...@debian.org Tue, 15 Apr 2014 03:15:34 +0200 + +glark (1.8.0-1.1) unstable; urgency=low + + * Non-maintainer upload + * Enforce Ruby 1.8 usage (Closes: #724768) ++ Patch installed glark binary to use ruby1.8 ++ Switch dependency from ruby to rub1.8. + + -- Axel Beckert a...@debian.org Wed, 09 Oct 2013 17:52:18 +0200 + glark (1.8.0-1) unstable; urgency=low * New upstream release diff -u glark-1.8.0/debian/control glark-1.8.0/debian/control --- glark-1.8.0/debian/control +++ glark-1.8.0/debian/control @@ -8,7 +8,7 @@ Package: glark Architecture: all -Depends: ruby (= 1.6.7-3) +Depends: ruby1.8 Description: pattern matching tool similar to grep glark is a program like 'grep' to search for text in files. It can be used from the command line or in scripts. diff -u glark-1.8.0/debian/rules glark-1.8.0/debian/rules --- glark-1.8.0/debian/rules +++ glark-1.8.0/debian/rules @@ -4,0 +5,5 @@ + +install/glark:: + sed -e 's/^exec ruby /exec ruby1.8 /;s/^#!ruby /#!ruby1.8/;s:^#!/usr/bin/ruby :#!/usr/bin/ruby1.8 :' -i \ + $(CURDIR)/debian/glark/usr/bin/glark \ + $(CURDIR)/debian/glark/usr/share/glark/*.rb -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87r44z2xf0@c-crosser.deuxchevaux.org
sparc64 buildd state wrt. Perl transition (was: Re: Results of the porter roll call)
Hi, Michael Cree wrote: On Thu, Oct 03, 2013 at 01:06:01AM +0200, Axel Beckert wrote: Julien Cristau wrote: On Wed, Oct 2, 2013 at 11:44:44 +0200, Axel Beckert wrote: Yesterday I tried to setup a sparc64 chroot on a second disc in one of my Sparcs, but the currently documented way[1] to do so failed[2] due to outdated packages. On a first glance it looks like missing BinNMUs for the Perl 5.14 to Perl 5.18 transition. Part of the porter's job is to take care of that kind of things. Definitely. If that's not happening for sparc64 because nobody's actually taking care of the port, I don't see it as a viable candidate for the archive... *nod* One of the reasons why I'm trying to improve that... Looking at a recent build log on sparc64 it is obvious the chroots on at least one of the sparc64 buildds have not even been upgraded to have perl 5.18. So that one (and presumably the rest) is building packages against the old (no longer available) perl! That explains a lot. Thanks for checking. I'd also volunteer as sparc64 buildd admin as there seems to be some need for it. Cc'ing ad...@debian-ports.org for that. I though have no experience as buildd admin so far and hence are not sure how the actual duties of a buildd admin look like. It might be possible to set up a sparc64 chroot by bootstrapping from snapshot.d.o at a date a bit before the upload of perl 5.18, and then upgrading as much of the chroot as possible to as recently as possible from debian-ports I actually was able to rebuild all Perl modules I needed in my (in the meanwhile working) sparc64 chroot. but even if that is done on a local machine and one rebuilds the relevant perl packages to get a fully upgradeable chroot one is still faced with buildds at debian-ports that will build packages against an obsolete perl. Correct. I'll try to take care of that issue. So I would suggest locating the buildd admins. The following lists a useful email address for that purpose: http://www.debian-ports.org/contacts Thanks for that pointer! I was already looking for such contacts, but apparently at the wrong place, namely at http://wiki.debian.org/Sparc64 -- I've added this information to the wiki now. Cc'ing spar...@debian-ports.org and therewith contacting the sparc64 buildd maintainers, too. I'm also dropping debian-de...@lists.debian.org and setting Reply-To to debian-sp...@lists.debian.org to not clutter the other lists while working on these sparc-specific issues. Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `-| 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131003120918.gl3...@sym.noone.org