Bug#1055588: bookworm-pu: package jdupes/1.21.3-1+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: jdu...@packages.debian.org
Control: affects -1 + src:jdupes
[ Reason ]
jdupes is a fork from fdupes. A bug was introduced by the initial fork some
years ago. The current fdupes on Debian is already fixed. A warning about this
bug was sent by the jdupes upstream (Jody Bruchon) for me via email message.
The help option for jdupes says:
-d --delete: prompt user for files to preserve and delete all
others; [...]
Using the command 'jdupes -d .', a prompt will appear:
Set 1 of 1: keep which files? (1 - 5, [a]ll, [n]one, [l]ink all, [s]ymlink
all):
It is a mistake to set 2-4 because the jdupes considers one file only. Setting
'2-4', the file 2 will be kept and the files 3 and 4 will be deleted. The
sentence 'keep which files? (1 - 5' induces the users to use a range and it is
not valid. Currently, jdupes is not denying this behaviour and it is generating
a data loss.
[ Impact ]
If the update isn't approved, the users can be induced to select a range of
files and it will cause a possible data loss.
[ Tests ]
Some manual tests have been done over jdupes with a patch created by the
upstream. I also tested fdupes to verify if it would be necessary to open a bug
against this package. The current fdupes has no issues.
[ Risks ]
There are no risks, because the patch to fix the issue is trivial, making a
check for data inputs and generating better messages for the users.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in stable
[x] the issue is verified as fixed in unstable
[ Changes ]
A patch, created by the upstream, will improve the messages to be shown to
users and will add checks for inputs.
[ Other info ]
No more info.
diff -Nru jdupes-1.21.3/debian/changelog jdupes-1.21.3/debian/changelog
--- jdupes-1.21.3/debian/changelog 2023-02-20 06:51:57.0 -0300
+++ jdupes-1.21.3/debian/changelog 2023-11-08 11:24:57.0 -0300
@@ -1,3 +1,12 @@
+jdupes (1.21.3-1+deb12u1) bookworm; urgency=medium
+
+ * debian/patches/010_fix-data-loss.patch: created to avoid a potential data
+loss caused by a wrong message that induces the users to use a range of
+values with -d option. Currently, the -d option doesn't understand ranges.
+ (Closes: #1054237)
+
+ -- Joao Eriberto Mota Filho Wed, 08 Nov 2023 11:24:57
-0300
+
jdupes (1.21.3-1) unstable; urgency=medium
* New upstream version 1.21.3.
diff -Nru jdupes-1.21.3/debian/patches/010_fix-data-loss.patch
jdupes-1.21.3/debian/patches/010_fix-data-loss.patch
--- jdupes-1.21.3/debian/patches/010_fix-data-loss.patch1969-12-31
21:00:00.0 -0300
+++ jdupes-1.21.3/debian/patches/010_fix-data-loss.patch2023-11-08
11:24:57.0 -0300
@@ -0,0 +1,78 @@
+Description: fix potential data loss
+ The help option for jdupes says:
+ -d --delete: prompt user for files to preserve and delete all
+others; [...]
+ .
+ Using the command 'jdupes -d .', a prompt will appear:
+ Set 1 of 1: keep which files? (1 - 5, [a]ll, [n]one, [l]ink
all, [s]ymlink all):
+ It is a mistake to set 2-4 because the jdupes considers one file
+ only. Setting '2-4', the file 2 will be kept and the files 3 and 4
+ will be deleted. The sentence 'keep which files? (1 - 5' induces
+ the users to use a range and it is not valid. Currently, jdupes is
+ not denying this behaviour and it is generating a data loss.
+ .
+ This patch fixes this issue.
+Author: Jody Bruchon
+Origin: https://codeberg.org/jbruchon/jdupes/commit/4888e85
+Bug-Debian: https://bugs.debian.org/1054237
+Last-Update: 2023-10-19
+Index: jdupes/act_deletefiles.c
+===
+--- jdupes.orig/act_deletefiles.c
jdupes/act_deletefiles.c
+@@ -101,8 +101,8 @@ void deletefiles(file_t *files, int prom
+ for (x = 2; x <= counter; x++) preserve[x] = 0;
+ } else do {
+ /* Prompt for files to preserve */
+-printf("Set %u of %u: keep which files? (1 - %u, [a]ll, [n]one",
+- curgroup, groups, counter);
++printf("Specify multiple files with commas like this: 1,2,4,6\n");
++printf("Set %u of %u: keep which files? (1 - %u, [a]ll, [n]one",
curgroup, groups, counter);
+ #ifndef NO_HARDLINKS
+printf(", [l]ink all");
+ #endif
+@@ -139,6 +139,33 @@ void deletefiles(file_t *files, int prom
+
+ for (x = 1; x <= counter; x++) preserve[x] = 0;
+
++ /* Catch attempts to use invalid characters and block them */
++
Bug#1053141: bookworm-pu: package mrtg/2.17.10-5+deb12u2
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: m...@packages.debian.org Control: affects -1 + src:mrtg [ Reason ] The last SPU was broken by #1041332. This new SPU fixes the issue using a new approach. Now a debconf message is used to warn the user about a change of the configuration place. [ Impact ] The impact is the final user will not know the new place of the configuration file. Consequently, the mrtg will not use the configuration parameters created by the user before the last upgrade (from Bullseye to Bookworm). [ Tests ] Several tests were made to make sure that a warning will be shown when needed. [ Risks ] No risks because this is only a debconf warning for the user. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] In 2.17.10-5+deb12u1 the confile was moved from /etc/ to /etc/mrtg/ via a debconf process. This process was cancelled and, now, the user will receive a warning telling that is needed to move this file manually. Consequently, the Debian Policy 10.7.3 is being honored. [ Other info ] No more info. Regards, Eriberto diff -Nru mrtg-2.17.10/debian/changelog mrtg-2.17.10/debian/changelog --- mrtg-2.17.10/debian/changelog 2023-07-10 14:04:14.0 -0300 +++ mrtg-2.17.10/debian/changelog 2023-09-27 22:59:14.0 -0300 @@ -1,3 +1,24 @@ +mrtg (2.17.10-5+deb12u2) bookworm; urgency=medium + + * Changed a debconf template to honor Debian Policy (10.7.3), not +changing the place a conffile, discarding any user changes. +Thanks to Andreas Beckmann . Consequently: + - debian/mrtg.config: changed a comment. + - debian/mrtg.postinst: dropped the first conditional block, +related to moving the /etc/mrtg.cfg to /etc/mrtg/. + - debian/mrtg.templates: updated to show a specific message to +users. + - debian/po/: ran debconf-updatepo to update all templates. + - Closes: #1039103, #1041332 + * debian/po/: + - mrtg.templates: reviewed all messages. Thanks to Justin B Rye + for all help in debian-l10n-english +list and to Jonathan Wiltshire for the suggestion +to ask for help in that list. + - Updated all translations. Thanks to all translators. + + -- Joao Eriberto Mota Filho Wed, 27 Sep 2023 22:59:14 -0300 + mrtg (2.17.10-5+deb12u1) bookworm; urgency=medium * Added a debconf dialog to allow the user to decide if /etc/mrtg.cfg must diff -Nru mrtg-2.17.10/debian/mrtg.config mrtg-2.17.10/debian/mrtg.config --- mrtg-2.17.10/debian/mrtg.config 2023-07-10 14:04:14.0 -0300 +++ mrtg-2.17.10/debian/mrtg.config 2023-09-24 11:26:07.0 -0300 @@ -7,7 +7,7 @@ # Source debconf library. . /usr/share/debconf/confmodule -# Move /etc/mrtg.cfg to /etc/mrtg/mrtg.cfg? +# /etc/mrtg.cfg should be moved to /etc/mrtg/mrtg.cfg if [ -e /etc/mrtg.cfg ] then db_input high mrtg/move_config_file || true diff -Nru mrtg-2.17.10/debian/mrtg.postinst mrtg-2.17.10/debian/mrtg.postinst --- mrtg-2.17.10/debian/mrtg.postinst 2023-07-10 14:04:14.0 -0300 +++ mrtg-2.17.10/debian/mrtg.postinst 2023-09-24 11:26:07.0 -0300 @@ -28,17 +28,6 @@ if [ "$1" = "configure" ] then -# Move /etc/mrtg.cfg to /etc/mrtg/mrtg.cfg? -db_get mrtg/move_config_file || RET="false" -if [ "$RET" = "true" ] -then - if [ -e /etc/mrtg/mrtg.cfg ] - then - mv /etc/mrtg/mrtg.cfg /etc/mrtg/mrtg.cfg.NEW - fi - mv -f /etc/mrtg.cfg /etc/mrtg/ -fi - # Fix owner, group and permissions for /var/www/html/mrtg/? db_get mrtg/fix_permissions || RET="false" if [ "$RET" = "true" ] diff -Nru mrtg-2.17.10/debian/mrtg.templates mrtg-2.17.10/debian/mrtg.templates --- mrtg-2.17.10/debian/mrtg.templates 2023-07-10 14:04:14.0 -0300 +++ mrtg-2.17.10/debian/mrtg.templates 2023-09-24 11:26:07.0 -0300 @@ -1,44 +1,41 @@ Template: mrtg/move_config_file -Type: boolean -Default: true -_Description: Move /etc/mrtg.cfg to /etc/mrtg/mrtg.cfg? - Older versions of the MRTG on Debian had the /etc/mrtg.cfg configuration - file. Currently, this file is located in /etc/mrtg/ directory, but there - is a /etc/mrtg.cfg. +Type: note +_Description: /etc/mrtg.cfg should be moved to /etc/mrtg/mrtg.cfg + Older versions of MRTG on Debian had the configuration file /etc/mrtg.cfg. + The new version reads from /etc/mrtg/mrtg.cfg instead, so MRTG will not + work correctly until you move your configuration across manually. Template: mrtg/fix_permissions Type: boolean Default: true _Description: Fix owner, group and permissions for /var/www/html/mrtg? - By default MRTG writes all graphics in /var/www/html/mrtg/ directo
Bug#1040860: bookworm-pu: package mrtg/2.17.10-5+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: m...@packages.debian.org Control: affects -1 + src:mrtg [ Reason ] Older versions of the MRTG on Debian had the /etc/mrtg.cfg configuration file. Currently, this file is located in /etc/mrtg/ directory. This PU introduces changes from Sid (revision 2.17.10-6) to ask to user if the configuration file must be moved to /etc/mrtg/, if it exists in /etc/. Some updated and new translations for the debconf template are being sent with this PU (from revisions 2.17.10-7 and 2.17.10-8). This PU closes #1039103. [ Impact ] If the update isn't approved, a user migrating MRTG from an older version will need to handle manually the configuration file, moving it to the right current place. [ Tests ] Some manual tests over unstable and stable environments were done to check if the purposed action is occurring. [ Risks ] No risks because this is a trivial change. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in stable [x] the issue is verified as fixed in unstable [ Changes ] A new action, via debconf, was implemented. If the /etc/mrtg.cfg file exists when the system is being updated, the user will be asked about moving the file to /etc/mrtg/ directory. If yes, the system will rename a possible new conf file in /etc/mrtg/ and move /etc/mrtg.cfg to /etc/mrtg/. [ Other info ] No more info. diff -Nru mrtg-2.17.10/debian/changelog mrtg-2.17.10/debian/changelog --- mrtg-2.17.10/debian/changelog 2023-04-19 00:10:02.0 -0300 +++ mrtg-2.17.10/debian/changelog 2023-07-10 14:04:14.0 -0300 @@ -1,3 +1,17 @@ +mrtg (2.17.10-5+deb12u1) bookworm; urgency=medium + + * Added a debconf dialog to allow the user to decide if /etc/mrtg.cfg must +be moved to /etc/mrtg/mrtg.cfg. Consequently: + - Added a new debconf template (files debian/mrtg.config and +debian/mrtg.templates). + - Updated debian/mrtg.postinst. + - Updated translations in debian/po/ (es.po, fr.po, nl.po, pt.po, +pt_BR.po, ro.po and sv.po). + - Added new translations to debian/po/ (gl.po and vi_VN.po). + - Closes: #1039103 + + -- Joao Eriberto Mota Filho Mon, 10 Jul 2023 14:04:14 -0300 + mrtg (2.17.10-5) unstable; urgency=medium * debian/control: bumped Standards-Version to 4.6.2. diff -Nru mrtg-2.17.10/debian/mrtg.config mrtg-2.17.10/debian/mrtg.config --- mrtg-2.17.10/debian/mrtg.config 2023-04-19 00:09:56.0 -0300 +++ mrtg-2.17.10/debian/mrtg.config 2023-07-10 14:04:14.0 -0300 @@ -1,12 +1,21 @@ #!/bin/sh -# 2021 - Eriberto +# 2021-2023 - Eriberto set -e # Source debconf library. . /usr/share/debconf/confmodule +# Move /etc/mrtg.cfg to /etc/mrtg/mrtg.cfg? +if [ -e /etc/mrtg.cfg ] +then +db_input high mrtg/move_config_file || true +db_go || true +else +db_set mrtg/move_config_file false +fi + # Fix permissions for /var/www/html/mrtg/? if [ -d /var/www/html/mrtg ] then diff -Nru mrtg-2.17.10/debian/mrtg.postinst mrtg-2.17.10/debian/mrtg.postinst --- mrtg-2.17.10/debian/mrtg.postinst 2023-04-19 00:09:56.0 -0300 +++ mrtg-2.17.10/debian/mrtg.postinst 2023-07-10 14:04:14.0 -0300 @@ -28,6 +28,17 @@ if [ "$1" = "configure" ] then +# Move /etc/mrtg.cfg to /etc/mrtg/mrtg.cfg? +db_get mrtg/move_config_file || RET="false" +if [ "$RET" = "true" ] +then + if [ -e /etc/mrtg/mrtg.cfg ] + then + mv /etc/mrtg/mrtg.cfg /etc/mrtg/mrtg.cfg.NEW + fi + mv -f /etc/mrtg.cfg /etc/mrtg/ +fi + # Fix owner, group and permissions for /var/www/html/mrtg/? db_get mrtg/fix_permissions || RET="false" if [ "$RET" = "true" ] diff -Nru mrtg-2.17.10/debian/mrtg.templates mrtg-2.17.10/debian/mrtg.templates --- mrtg-2.17.10/debian/mrtg.templates 2023-04-19 00:09:56.0 -0300 +++ mrtg-2.17.10/debian/mrtg.templates 2023-07-10 14:04:14.0 -0300 @@ -1,3 +1,11 @@ +Template: mrtg/move_config_file +Type: boolean +Default: true +_Description: Move /etc/mrtg.cfg to /etc/mrtg/mrtg.cfg? + Older versions of the MRTG on Debian had the /etc/mrtg.cfg configuration + file. Currently, this file is located in /etc/mrtg/ directory, but there + is a /etc/mrtg.cfg. + Template: mrtg/fix_permissions Type: boolean Default: true diff -Nru mrtg-2.17.10/debian/po/cs.po mrtg-2.17.10/debian/po/cs.po --- mrtg-2.17.10/debian/po/cs.po2023-04-19 00:09:56.0 -0300 +++ mrtg-2.17.10/debian/po/cs.po2023-07-10 14:04:14.0 -0300 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: mrtg 2.17.8+git20211022.f52e91e-1\n" "Report-Msgid-Bugs-To: m...@packages.debian.org\n" -"POT-Creation-Date: 2022-01-08 15:02-0300\n" +&
Bug#1037003: unblock: forensics-extra/2.45
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: forensics-ex...@packages.debian.org Control: affects -1 + src:forensics-extra Please unblock package forensics-extra [ Reason ] forensics-extra (like forensics-all) is a metapackage to install several tools to aid in forensics activities. Due an issue in reaver (see #1036809), forensics-extra is marked for autoremoval. The solution was move reaver from Depends field to Recommends field in forensics-extra. Consequently, the files list-of-packages-extra, debian/control and debian/forensics-extra.README.Debian were updated. This metapackage is native and uses some scripts to generate a final debian/control and a debian/forensics-extra.README.Debian. The list-of-packages-extra file describes which packages will be put in debian/control and where they will be put (Depends, Recommends, Suggests). The debian/forensics-extra.README.Debian is a list of all packages on forensics-extra and their short descriptions. [ Impact ] The impact for the user if the unblock isn't granted is that package forensics-extra will not available in next stable release (Bookworm). [ Tests ] Considering that this is a metapackage, no great tests are needed. The package has a CI test and the Salsa CI is activated too. The package pass in CI, piuparts, etc. There is a script in forensics-extra called find-deps.sh (available in a branch in Salsa, not merged yet, but functional). This script ensures that no other package is affected by reaver in forensics-extra. [ Risks ] No risks. This is a trivial change in a metapackage. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] No more info needed. unblock forensics-extra/2.45 diff -Nru forensics-extra-2.44/debian/changelog forensics-extra-2.45/debian/changelog --- forensics-extra-2.44/debian/changelog 2023-04-17 20:59:36.0 -0300 +++ forensics-extra-2.45/debian/changelog 2023-05-31 17:01:50.0 -0300 @@ -1,3 +1,12 @@ +forensics-extra (2.45) unstable; urgency=medium + + * list-of-packages-extra: moved reaver from FED to FER. See #1036809 and +#1036591. + * debian/control: updated. + * debian/forensics-extra.README.Debian: updated. + + -- Joao Eriberto Mota Filho Wed, 31 May 2023 17:01:50 -0300 + forensics-extra (2.44) unstable; urgency=medium * list-of-packages-extra: changed bzip3 from FED to FER. See #1034177. diff -Nru forensics-extra-2.44/debian/control forensics-extra-2.45/debian/control --- forensics-extra-2.44/debian/control 2023-04-17 20:59:36.0 -0300 +++ forensics-extra-2.45/debian/control 2023-05-31 17:01:50.0 -0300 @@ -31,6 +31,7 @@ exfatprogs, guestfs-tools, pngcheck, +reaver, ree, tcpreplay Depends: ancient, @@ -125,7 +126,6 @@ psrip, rarcrack, readstat, - reaver, rzip, scrot, secure-delete, @@ -225,7 +225,7 @@ ncompress, netcat-openbsd, netdiscover, ngrep, nomarch, nstreams, ntfs-3g, nwipe, openpace, p7zip-full, packit, parted, pcapfix, pcaputils, pdfcrack, pecomato, pev, plzip, png-definitive-guide, - poppler-utils, psrip, rarcrack, readstat, reaver, rzip, scrot, + poppler-utils, psrip, rarcrack, readstat, rzip, scrot, secure-delete, sipcrack, sipgrep, sipvicious, sngrep, squashfs-tools-ng, ssh-audit, sslscan, stepic, sxiv, tcpdump, tcpflow, tcptrace, tcpxtract, testdisk, tshark, ugrep, unrar-free, diff -Nru forensics-extra-2.44/debian/forensics-extra.README.Debian forensics-extra-2.45/debian/forensics-extra.README.Debian --- forensics-extra-2.44/debian/forensics-extra.README.Debian 2023-04-17 20:59:36.0 -0300 +++ forensics-extra-2.45/debian/forensics-extra.README.Debian 2023-05-31 17:01:50.0 -0300 @@ -99,7 +99,6 @@ psrip - Extract images from PostScript files rarcrack - Password cracker for rar archives readstat - read/write data sets from SAS, Stata, and SPSS -reaver - brute force attack tool against Wifi Protected Setup PIN number rzip - compression program for large files scrot - command line screen capture utility secure-delete - tools to wipe files, free disk space, swap and memory @@ -173,8 +172,9 @@ exfatprogs - exFAT file system utilities guestfs-tools - guest disk image management system - tools pngcheck - print info and check PNG, JNG and MNG files +reaver - brute force attack tool against Wifi Protected Setup PIN number ree - extract ROM extensions tcpreplay - Tool to replay saved tcpdump files at arbitrary speeds - -- Joao Eriberto Mota Filho Mon, 17 Apr 2023 21:03:07 -0300 + -- Joao Eriberto Mota Filho Wed, 31 May 2023 17:06:35 -0300 diff -Nru forensics-extra-2.44/list-of-packages-extra forensics-extra-2.45/list-of-packages-
Bug#1037002: unblock: forensics-all/3.45
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: forensics-...@packages.debian.org
Control: affects -1 + src:forensics-all
Please unblock package forensics-all.
[ Reason ]
forensics-all (like forensics-extra) is a metapackage to install several
tools to aid in forensics activities. Due an issue in reaver (see #1036809),
forensics-all is marked for autoremoval. The solution was move wifite, that
depends of the reaver, from Depends field to Recommends field in forensics-all.
Consequently, the files list-of-packages, debian/control and
debian/forensics-all.README.Debian were updated.
This metapackage is native and uses some scripts to generate a final
debian/control and a debian/forensics-all.README.Debian. The list-of-packages
file describes which packages will be put in debian/control and where they
will be put (Depends, Recommends, Suggests). The
debian/forensics-all.README.Debian is a list of all packages on forensics-all
and their short descriptions.
[ Impact ]
The impact for the user if the unblock isn't granted is that package
forensics-all will not available in next stable release (Bookworm).
[ Tests ]
Considering that this is a metapackage, no great tests are needed. The package
has a CI test and the Salsa CI is activated too. The package pass in CI,
piuparts, etc.
There is a script in forensics-all called find-deps.sh. This script ensures
that only wifite depends of the reaver in forensics-all.
[ Risks ]
No risks. This is a trivial change in a metapackage.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
No more info needed.
unblock forensics-all/3.45
diff -Nru forensics-all-3.44/debian/changelog
forensics-all-3.45/debian/changelog
--- forensics-all-3.44/debian/changelog 2023-03-16 08:04:52.0 -0300
+++ forensics-all-3.45/debian/changelog 2023-05-31 16:38:48.0 -0300
@@ -1,3 +1,11 @@
+forensics-all (3.45) unstable; urgency=medium
+
+ * list-of-packages: moved wifite from FD to FR. See #1036809 and #1036591.
+ * debian/control: updated.
+ * debian/forensics-all.README.Debian: updated.
+
+ -- Joao Eriberto Mota Filho Wed, 31 May 2023 16:38:48
-0300
+
forensics-all (3.44) unstable; urgency=medium
* list-of-packages:
diff -Nru forensics-all-3.44/debian/control forensics-all-3.45/debian/control
--- forensics-all-3.44/debian/control 2023-03-16 08:04:52.0 -0300
+++ forensics-all-3.45/debian/control 2023-05-31 16:38:48.0 -0300
@@ -38,6 +38,7 @@
plaso,
radare2,
wapiti,
+wifite,
xmount,
yara
Depends: acct,
@@ -145,7 +146,6 @@
unhide.rb,
vinetto,
wfuzz,
- wifite,
winregfs,
wipe,
${misc:Depends}
@@ -176,7 +176,7 @@
scrounge-ntfs, shed, sleuthkit, smbmap, snowdrop, ssdeep, ssldump,
statsprocessor, stegcracker, steghide, stegsnow, sucrack,
tableau-parm, tcpick, testssl.sh, time-decode, undbx, unhide,
- unhide.rb, vinetto, wfuzz, wifite, winregfs, wipe
+ unhide.rb, vinetto, wfuzz, winregfs, wipe
.
This metapackage is useful for pentesters, ethical hackers and forensics
experts.
diff -Nru forensics-all-3.44/debian/forensics-all.README.Debian
forensics-all-3.45/debian/forensics-all.README.Debian
--- forensics-all-3.44/debian/forensics-all.README.Debian 2023-03-16
08:04:52.0 -0300
+++ forensics-all-3.45/debian/forensics-all.README.Debian 2023-05-31
16:38:48.0 -0300
@@ -110,7 +110,6 @@
unhide.rb - Forensics tool to find processes hidden by rootkits
vinetto - forensics tool to examine Thumbs.db files
wfuzz - Web application bruteforcer
-wifite - Python script to automate wireless auditing using aircrack-ng tools
winregfs - Windows registry FUSE filesystem
wipe - secure file deletion
@@ -128,8 +127,9 @@
plaso - super timeline all the things -- metapackage
radare2 - free and advanced command line hexadecimal editor
wapiti - web application vulnerability scanner
+wifite - Python script to automate wireless auditing using aircrack-ng tools
xmount - tool for crossmounting between disk image formats
yara - Pattern matching swiss knife for malware researchers
- -- Joao Eriberto Mota Filho Thu, 16 Mar 2023 08:33:39
-0300
+ -- Joao Eriberto Mota Filho Wed, 31 May 2023 16:43:31
-0300
diff -Nru forensics-all-3.44/list-of-packages
forensics-all-3.45/list-of-packages
--- forensics-all-3.44/list-of-packages 2023-03-16 08:04:52.0 -0300
+++ forensics-all-3.45/list-of-packages 2023-05-31 16:38:48.0 -0300
@@ -234,7 +234,7 @@
websploit SS
weevely SS
wfuzz FD
-wifite FD
+wifite FR # FIXME. Was F-D. See #1036809 and #1036591.
wig SS
winregfs FD
wipe FD
Re: Could I ask for unblock for 7 OBS plugins?
Em seg., 13 de mar. de 2023 às 15:21, Sebastian Ramacher escreveu: > > On 2023-03-13 15:10:40 -0300, Eriberto wrote: > > Em seg., 13 de mar. de 2023 às 15:01, Sebastian Ramacher > > escreveu: > > > > > > On 2023-03-13 14:20:54 -0300, Eriberto Mota wrote: > > > > Dear Release Managers, > > > > > > > > obs-text-slideshow was accepted in Debian in 2021-10-10[1] and removed > > > > in 2022-10-17[2] (ROM; FTBFS, dead upstream). However, yesterday, a > > > > user detected that the package was present in its machine running > > > > testing and this plugin was causing an abnormal behavior on > > > > obs-studio. After removing the package, the system was stable. > > > > > > > > I would like to add 'Breaks: obs-text-slideshow (<= 1.5.2-3)' to seven > > > > plugins (obs-downstream-keyer, obs-move-transition, > > > > obs-scene-collection-manager, obs-scene-notes-dock, obs-source-clone, > > > > obs-source-copy, obs-transition-table) to force a removing of the > > > > obs-text-slideshow on users machines, avoiding future issues. What you > > > > think about this action? If ok for you, I will send an ask for unblock > > > > per package, considering all these packages are using trivial > > > > autopkgtests only. > > > > > > Wouldn't it make more sense to add the Breaks to obs-studio itself? > > > > Yes, but it is a change in obs-studio on freeze and I thought you (as > > maintainer of obs-studio) was told me "no". So, I used some of my > > packages (with more relevance) as an alternative. Thanks a lot for > > your help. > > ? > > Do you have a reference for that? I don't remember anything regarding > Breaks in obs-studio from the last two to three months. > > Cheers > -- > Sebastian Ramacher Sorry, I am not English native and I think that the right is "I thought you would tell me no". I never asked for a Breaks in obs-studio. This problem occurred in the first time yesterday. I hope all right now. Cheers, Eriberto
Re: Could I ask for unblock for 7 OBS plugins?
Em seg., 13 de mar. de 2023 às 15:01, Sebastian Ramacher escreveu: > > On 2023-03-13 14:20:54 -0300, Eriberto Mota wrote: > > Dear Release Managers, > > > > obs-text-slideshow was accepted in Debian in 2021-10-10[1] and removed > > in 2022-10-17[2] (ROM; FTBFS, dead upstream). However, yesterday, a > > user detected that the package was present in its machine running > > testing and this plugin was causing an abnormal behavior on > > obs-studio. After removing the package, the system was stable. > > > > I would like to add 'Breaks: obs-text-slideshow (<= 1.5.2-3)' to seven > > plugins (obs-downstream-keyer, obs-move-transition, > > obs-scene-collection-manager, obs-scene-notes-dock, obs-source-clone, > > obs-source-copy, obs-transition-table) to force a removing of the > > obs-text-slideshow on users machines, avoiding future issues. What you > > think about this action? If ok for you, I will send an ask for unblock > > per package, considering all these packages are using trivial > > autopkgtests only. > > Wouldn't it make more sense to add the Breaks to obs-studio itself? Yes, but it is a change in obs-studio on freeze and I thought you (as maintainer of obs-studio) was told me "no". So, I used some of my packages (with more relevance) as an alternative. Thanks a lot for your help.
Could I ask for unblock for 7 OBS plugins?
Dear Release Managers, obs-text-slideshow was accepted in Debian in 2021-10-10[1] and removed in 2022-10-17[2] (ROM; FTBFS, dead upstream). However, yesterday, a user detected that the package was present in its machine running testing and this plugin was causing an abnormal behavior on obs-studio. After removing the package, the system was stable. I would like to add 'Breaks: obs-text-slideshow (<= 1.5.2-3)' to seven plugins (obs-downstream-keyer, obs-move-transition, obs-scene-collection-manager, obs-scene-notes-dock, obs-source-clone, obs-source-copy, obs-transition-table) to force a removing of the obs-text-slideshow on users machines, avoiding future issues. What you think about this action? If ok for you, I will send an ask for unblock per package, considering all these packages are using trivial autopkgtests only. [1] https://tracker.debian.org/news/1275487/accepted-obs-text-slideshow-151-1-source-amd64-into-experimental-experimental/ [2] https://tracker.debian.org/news/1374607/removed-152-3-from-unstable/ Regards, Eriberto
Bug#1021963: bullseye-pu: package dcfldd/1.7-3+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu [ Reason ] This is not a regression, but a discovered bug. dcfldd is an enhanced dd command that is able to calculate the following hashes when copying data: MD5, SHA1 and SHA2. The SHA1 was being wrongly calculated on big endian architectures. dcfldd SHA1 implementation relies on the WORDS_BIGENDIAN define on big-endian platforms to operate correctly, but it was not defined anywhere, causing wrong results. [ Impact ] If not approved, the SHA1 will be wrong on big endian archs. [ Tests ] Some tests were made on s390x and the current CI test on unstable was improved. [ Risks ] This is a trivial change, no risks. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] All changes were made in configure.ac file, via patch, to enable big endian. Please, see the debdiff. [ Other info ] No more information. diff -Nru dcfldd-1.7/debian/changelog dcfldd-1.7/debian/changelog --- dcfldd-1.7/debian/changelog 2020-12-07 01:28:07.0 -0300 +++ dcfldd-1.7/debian/changelog 2022-10-17 20:32:39.0 -0300 @@ -1,3 +1,21 @@ +dcfldd (1.7-3+deb11u1) bullseye; urgency=medium + + * debian/patches/010_fix-sha1-big-endian.patch: created to fix SHA1 output +on big-endian architectures. dcfldd SHA1 implementation relies on the +WORDS_BIGENDIAN defined on big-endian platforms to operate correctly, +but it was not defined anywhere, causing wrong results. +. +Autoconf's AC_C_BIGENDIAN macro defines WORDS_BIGENDIAN when building on +those platforms, fixing the issue. +. +dcfldd SHA1 implementation can perform endianness runtime checks if +RUNTIME_ENDIAN is defined. This patch also makes runtime checking the +default when configuring the build. +. +Closes: #1021784 + + -- Joao Eriberto Mota Filho Mon, 17 Oct 2022 20:32:39 -0300 + dcfldd (1.7-3) unstable; urgency=medium * debian/control: diff -Nru dcfldd-1.7/debian/patches/010_fix-sha1-big-endian.patch dcfldd-1.7/debian/patches/010_fix-sha1-big-endian.patch --- dcfldd-1.7/debian/patches/010_fix-sha1-big-endian.patch 1969-12-31 21:00:00.0 -0300 +++ dcfldd-1.7/debian/patches/010_fix-sha1-big-endian.patch 2022-10-17 20:32:39.0 -0300 @@ -0,0 +1,42 @@ +Description: Fix SHA1 output on big-endian architectures + dcfldd SHA1 implementation relies on the WORDS_BIGENDIAN define on + big-endian platforms to operate correctly, but it was not defined + anywhere, causing wrong results. + . + Autoconf's AC_C_BIGENDIAN macro defines WORDS_BIGENDIAN when building on + those platforms, fixing the issue. + . + dcfldd SHA1 implementation can perform endianness runtime checks if + RUNTIME_ENDIAN is defined. This patch also makes runtime checking the + default when configuring the build. +Author: David Polverari +Origin: https://github.com/resurrecting-open-source-projects/dcfldd/commit/cb54a40d831999fff4158e3ac1c2c561c3dea59f.patch + https://github.com/resurrecting-open-source-projects/dcfldd/commit/72fcf757553965ab7f9fca108768b7c4b843baff.patch + https://github.com/resurrecting-open-source-projects/dcfldd/commit/0a03a00875bc59a8983b022da8bfee77ef8b0cd9.patch +Bug: https://github.com/resurrecting-open-source-projects/dcfldd/issues/11 +Bug-Debian: https://bugs.debian.org/1021784 +Last-Update: 2022-10-17 +Index: dcfldd-1.7/configure.ac +=== +--- dcfldd-1.7.orig/configure.ac dcfldd-1.7/configure.ac +@@ -38,9 +38,19 @@ AC_PROG_RANLIB + AC_HEADER_STDC + + AC_C_CONST ++AC_C_BIGENDIAN + AC_TYPE_OFF_T + AC_TYPE_SIZE_T + ++AC_ARG_ENABLE([runtime-endian-check], ++AC_HELP_STRING([--disable-runtime-endian-check], [disable runtime checks for endianness]) ++) ++ ++AS_IF([test "x$enable_runtime_endian_check" != "xno"], [ ++dnl Do the stuff needed for enabling the feature ++AC_DEFINE([RUNTIME_ENDIAN], 1, [Define whether to check for endianness during runtime]) ++]) ++ + AC_CHECK_DECLS([strtol, strtoul, strtoumax, strndup]) + + AC_OUTPUT(Makefile src/Makefile man/Makefile) diff -Nru dcfldd-1.7/debian/patches/series dcfldd-1.7/debian/patches/series --- dcfldd-1.7/debian/patches/series1969-12-31 21:00:00.0 -0300 +++ dcfldd-1.7/debian/patches/series2022-10-17 20:32:39.0 -0300 @@ -0,0 +1 @@ +010_fix-sha1-big-endian.patch
Bug#996728: bullseye-pu: package mrtg/2.17.7-2+deb11u1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
This update is not for a regression. I am the new maintainer of the mrtg. When
checking for spelling errors, I found two spelling errors in variables names in
the source code. These errors generated the bugs #995950 and #996090.
[ Impact ]
These spelling errors will break the program in some circumstances.
[ Tests ]
No tests were needed. It is a simple fix to follow the right names already in
source code. The upstream already approved and committed these fixes.
[ Risks ]
No risks, a trivial fix only.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Single fixes in variables names in source code.
[ Other info ]
No more info. Thanks.
diff -Nru mrtg-2.17.7/debian/changelog mrtg-2.17.7/debian/changelog
--- mrtg-2.17.7/debian/changelog2021-01-01 01:23:44.0 -0300
+++ mrtg-2.17.7/debian/changelog2021-10-17 15:50:42.0 -0300
@@ -1,3 +1,12 @@
+mrtg (2.17.7-2+deb11u1) bullseye; urgency=medium
+
+ * debian/patches/: created two patches to fix spelling errors in source code.
+These spelling errors will break the program in some circumstances.
+ - deb11-01-fix-variable-name-cfgmaker.patch (Closes: #995950)
+ - deb11-02-fix-variable-name-MRTG_lib.patch (Closes: #996090)
+
+ -- Joao Eriberto Mota Filho Sun, 17 Oct 2021 15:50:42
-0300
+
mrtg (2.17.7-2) unstable; urgency=medium
[ Debian Janitor ]
diff -Nru mrtg-2.17.7/debian/patches/deb11-01-fix-variable-name-cfgmaker.patch
mrtg-2.17.7/debian/patches/deb11-01-fix-variable-name-cfgmaker.patch
--- mrtg-2.17.7/debian/patches/deb11-01-fix-variable-name-cfgmaker.patch
1969-12-31 21:00:00.0 -0300
+++ mrtg-2.17.7/debian/patches/deb11-01-fix-variable-name-cfgmaker.patch
2021-10-17 15:50:42.0 -0300
@@ -0,0 +1,18 @@
+Description: fix an important spelling error in source code
+Author: Joao Eriberto Mota Filho
+Bug-Debian: https://bugs.debian.org/995950
+Forwarded: https://github.com/oetiker/mrtg/pull/35
+Last-Update: 2021-10-17
+Index: mrtg-2.17.7/bin/cfgmaker
+===
+--- mrtg-2.17.7.orig/bin/cfgmaker
mrtg-2.17.7/bin/cfgmaker
+@@ -956,7 +956,7 @@ sub DeviceInfo ($$$) {
+ my @variables = snmpwalk(v4onlyifnecessary($router,
$ipv4only),$v3opt,'1.3.6.1.2.1.1'); # walk system
+ if (!(defined $variables[0])) {
+ # Do we need to fall back to IPv4?
+-my ($commmunity, $host) = ($1, $2) if ($router =~ /^(.*)@([^@]+)$/);
++my ($community, $host) = ($1, $2) if ($router =~ /^(.*)@([^@]+)$/);
+ if ( ( ! $ipv4only ) && ( $host !~ /^\[(.*)\]/) ) {
+ # Not using IPv4, not an IPv6 address, so a hostname
+ debug ('base',"No response using IPv6 for $router, trying again
using IPv4");
diff -Nru mrtg-2.17.7/debian/patches/deb11-02-fix-variable-name-MRTG_lib.patch
mrtg-2.17.7/debian/patches/deb11-02-fix-variable-name-MRTG_lib.patch
--- mrtg-2.17.7/debian/patches/deb11-02-fix-variable-name-MRTG_lib.patch
1969-12-31 21:00:00.0 -0300
+++ mrtg-2.17.7/debian/patches/deb11-02-fix-variable-name-MRTG_lib.patch
2021-10-17 15:50:42.0 -0300
@@ -0,0 +1,18 @@
+Description: fix an important mistake in variable name
+Author: Joao Eriberto Mota Filho
+Bug-Debian: https://bugs.debian.org/996090
+Forwarded: https://github.com/oetiker/mrtg/pull/50
+Last-Update: 2021-10-17
+Index: mrtg-2.17.7/lib/mrtg2/MRTG_lib.pm
+===
+--- mrtg-2.17.7.orig/lib/mrtg2/MRTG_lib.pm
mrtg-2.17.7/lib/mrtg2/MRTG_lib.pm
+@@ -1798,7 +1798,7 @@ sub populateconfcache ($) {
+ push @{$$confcache{___updated}}, $hostkey;
+
+ $SNMP_Session::suppress_warnings = $snmp_errlevel;
+-$Net_SNMP_util::supress_warnings = $net_snmp_errlevel;
++$Net_SNMP_util::suppress_warnings = $net_snmp_errlevel;
+ }
+
+ sub log2rrd ($$$) {
diff -Nru mrtg-2.17.7/debian/patches/series mrtg-2.17.7/debian/patches/series
--- mrtg-2.17.7/debian/patches/series 2021-01-01 01:23:44.0 -0300
+++ mrtg-2.17.7/debian/patches/series 2021-10-17 15:50:42.0 -0300
@@ -6,3 +6,5 @@
dont_create_varlockmrtg.patch
cfgmaker_debian_workdir.patch
iptables-accounting_linewrap.patch
+deb11-01-fix-variable-name-cfgmaker.patch
+deb11-02-fix-variable-name-MRTG_lib.patch
Bug#995144: bullseye-pu: package jailkit/2.21-4+deb11u1
Em qui., 30 de set. de 2021 às 16:24, Adam D. Barratt escreveu: > > Control: tags -1 + confirmed > > On Sun, 2021-09-26 at 23:01 -0300, Joao Eriberto Mota Filho wrote: > > This update is not for a regression. There are two bugs discovered > > recently. > > With these bugs, jailkit will work partially. The bugs are #992420 > > and #992422. > > > > + * debian/patches/: > + - 050_fix-incorrect-device.patch: created to fix the incorrect calc of > +device major number. Without this patch, jailkit won't be able to > +create jails that needs a device from /dev. Thanks to Jesse Norell > +. (Closes: #992422) > > s/needs/need/ > > + - 060_fix-typo-jk_init.patch: created to fix a typo in > /usr/sbin/jk_init. > +Without this patch, jailkit won't be able to check the presence of > +some libraries. Thanks to Peter Viskup . > +(Closes: #992420) > > s/check the/check for the/ > > Please go ahead. Thank you Adam. Fixed the errors and sent the package. Have a nice day! Regards, Eriberto
Bug#995144: bullseye-pu: package jailkit/2.21-4+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu [ Reason ] This update is not for a regression. There are two bugs discovered recently. With these bugs, jailkit will work partially. The bugs are #992420 and #992422. [ Impact ] Jailkit is a set of tools to help us to create jails for shells or services, e.g. ssh. If this request is not approved, the jailkit won't be able to create jails that need to use files in /dev. Also, some checks for libraries will fail. [ Tests ] Some tests were made by me and users, creating new jails. Is not possible to make automated tests because jailkit don't trust in $AUTOPKGTEST_TMP environment since it uses permission 755, instead of 700. [ Risks ] The changes are trivial and they were reviewed by the upstream. I can't see risks. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in stable [x] the issue is verified as fixed in unstable [ Changes ] There are two trivial patches, changing few lines in two files. The first patch will change a division with floating point to an integer division to select the right device. The second patch will fix a mistake, adding an option to a line. [ Other info ] No more info. Thanks. diff -Nru jailkit-2.21/debian/changelog jailkit-2.21/debian/changelog --- jailkit-2.21/debian/changelog 2021-07-16 11:31:18.0 -0300 +++ jailkit-2.21/debian/changelog 2021-09-26 22:24:08.0 -0300 @@ -1,3 +1,17 @@ +jailkit (2.21-4+deb11u1) bullseye; urgency=medium + + * debian/patches/: + - 050_fix-incorrect-device.patch: created to fix the incorrect calc of +device major number. Without this patch, jailkit won't be able to +create jails that needs a device from /dev. Thanks to Jesse Norell +. (Closes: #992422) + - 060_fix-typo-jk_init.patch: created to fix a typo in /usr/sbin/jk_init. +Without this patch, jailkit won't be able to check the presence of +some libraries. Thanks to Peter Viskup . +(Closes: #992420) + + -- Joao Eriberto Mota Filho Sun, 26 Sep 2021 22:24:08 -0300 + jailkit (2.21-4) unstable; urgency=medium * debian/control: bumped Standards-Version to 4.5.1. diff -Nru jailkit-2.21/debian/patches/050_fix-incorrect-device.patch jailkit-2.21/debian/patches/050_fix-incorrect-device.patch --- jailkit-2.21/debian/patches/050_fix-incorrect-device.patch 1969-12-31 21:00:00.0 -0300 +++ jailkit-2.21/debian/patches/050_fix-incorrect-device.patch 2021-09-26 22:19:07.0 -0300 @@ -0,0 +1,33 @@ +Description: fix the incorrect calc of device major number +Author: Jesse Norell +Bug: https://savannah.nongnu.org/bugs/?61130 +Bug-Debian: https://bugs.debian.org/992422 +Forwarded: https://lists.nongnu.org/archive/html/jailkit-dev/2021-08/msg4.html +Last-Update: 2021-09-08 +Index: jailkit/py/jk_lib.py +=== +--- jailkit.orig/py/jk_lib.py jailkit/py/jk_lib.py +@@ -578,18 +578,18 @@ def copy_device(chroot, path, be_verbose + sb = os.stat(path) + try: + if (sys.platform[:5] == 'linux'): +- major = sb.st_rdev / 256 #major = st_rdev divided by 256 (8bit reserved for the minor number) ++ major = sb.st_rdev // 256 #major = st_rdev divided by 256 (8bit reserved for the minor number) + minor = sb.st_rdev % 256 #minor = remainder of st_rdev divided by 256 + elif (sys.platform == 'sunos5'): + if (sys.maxint == 2147483647): +- major = sb.st_rdev / 262144 #major = st_rdev divided by 256 (18 bits reserved for the minor number) ++ major = sb.st_rdev // 262144 #major = st_rdev divided by 256 (18 bits reserved for the minor number) + minor = sb.st_rdev % 262144 #minor = remainder of st_rdev divided by 256 + else: + #64 bit solaris has 32 bit minor/32bit major +- major = sb.st_rdev / 2147483647 ++ major = sb.st_rdev // 2147483647 + minor = sb.st_rdev % 2147483647 + else: +- major = sb.st_rdev / 256 #major = st_rdev divided by 256 ++ major = sb.st_rdev // 256 #major = st_rdev divided by 256 + minor = sb.st_rdev % 256 #minor = remainder of st_rdev divided by 256 + if (stat.S_ISCHR(sb.st_mode)): + mode = 'c' diff -Nru jailkit-2.21/debian/patches/060_fix-typo-jk_init.patch jailkit-2.21/debian/patches/060_fix-typo-jk_init.patch --- jailkit-2.21/debian/patches/060_fix-typo-jk_init.patch 1969-12-31 2
Bug#992547: bullseye-pu: package detox/1.3.3-1+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu [ Reason ] A Raspbian user discovered a bug that makes impossible rename files bigger than 4 GB. This bug was originally sent to GitHub[1] and I opened a new in Debian[2]. The upstream fixed the bug adding a line in configure.ac. [1] https://github.com/dharple/detox/issues/81 [2] https://bugs.debian.org/992542 [ Impact ] ARM users will be not able to use detox in directories with large files. [ Tests ] The upstream and the user that sent the initial report confirmed that bug was fixed. It can be checked here[1]. The source code builds fine and current CI tests work fine. [ Risks ] No risks. The fix is very trivial. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] The line AC_SYS_LARGEFILE was added to configure.ac. Regards, Eriberto diff -Nru detox-1.3.3/debian/changelog detox-1.3.3/debian/changelog --- detox-1.3.3/debian/changelog2021-02-05 23:58:45.0 -0300 +++ detox-1.3.3/debian/changelog2021-08-18 21:57:04.0 -0300 @@ -1,3 +1,12 @@ +detox (1.3.3-1+deb11u1) bullseye; urgency=medium + + * debian/patches/010_fix-largefiles.patch: created to fix 'Value too large +for defined data type' on ARM. This issue is related to large files and +was fixed by upstream in configure.ac, adding AC_SYS_LARGEFILE. +(Closes: #992542) + + -- Joao Eriberto Mota Filho Wed, 18 Aug 2021 21:57:04 -0300 + detox (1.3.3-1) unstable; urgency=medium * New upstream version 1.3.3. diff -Nru detox-1.3.3/debian/patches/010_fix-largefiles.patch detox-1.3.3/debian/patches/010_fix-largefiles.patch --- detox-1.3.3/debian/patches/010_fix-largefiles.patch 1969-12-31 21:00:00.0 -0300 +++ detox-1.3.3/debian/patches/010_fix-largefiles.patch 2021-08-18 21:57:04.0 -0300 @@ -0,0 +1,21 @@ +Description: fix 'Value too large for defined data type' on ARM +Author: Doug Harple +Bug-Debian: https://bugs.debian.org/992542 +Origin: https://github.com/dharple/detox/commit/7fccc0871a285e5edcaa0606d7d92a2e6171f81c +Bug: https://github.com/dharple/detox/issues/81 +Forwarded: not-needed +Reviewed-By: Joao Eriberto Mota Filho +Last-Update: 2021-08-19 +Index: detox-1.3.3/configure.ac +=== +--- detox-1.3.3.orig/configure.ac detox-1.3.3/configure.ac +@@ -8,6 +8,8 @@ AC_PROG_YACC + + AC_CHECK_FUNCS([getopt_long]) + ++AC_SYS_LARGEFILE ++ + AC_CONFIG_HEADER([src/config.h]) + AC_CONFIG_FILES([ + Makefile diff -Nru detox-1.3.3/debian/patches/series detox-1.3.3/debian/patches/series --- detox-1.3.3/debian/patches/series 1969-12-31 21:00:00.0 -0300 +++ detox-1.3.3/debian/patches/series 2021-08-18 21:57:04.0 -0300 @@ -0,0 +1 @@ +010_fix-largefiles.patch
Bug#992546: buster-pu: package detox/1.3.0-4+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu [ Reason ] A Raspbian user discovered a bug that makes impossible rename files bigger than 4 GB. This bug was originally sent to GitHub[1] and I opened a new in Debian[2]. The upstream fixed the bug adding a line in configure.ac. [1] https://github.com/dharple/detox/issues/81 [2] https://bugs.debian.org/992542 [ Impact ] ARM users will be not able to use detox in directories with large files. [ Tests ] The upstream and the user that sent the initial report confirmed that the bug was fixed. It can be checked here[1]. The source code builds fine and current CI tests work fine. [ Risks ] No risks. The fix is very trivial. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] The line AC_SYS_LARGEFILE was added to configure.ac. Thanks in advance. Regards, Eriberto diff -Nru detox-1.3.0/debian/changelog detox-1.3.0/debian/changelog --- detox-1.3.0/debian/changelog2018-12-12 23:21:47.0 -0200 +++ detox-1.3.0/debian/changelog2021-08-14 22:39:13.0 -0300 @@ -1,3 +1,12 @@ +detox (1.3.0-4+deb10u1) buster; urgency=medium + + * debian/patches/010_fix-largefiles.patch: created to fix 'Value too large +for defined data type' on ARM. This issue is related to large files and +was fixed by upstream in configure.ac, adding AC_SYS_LARGEFILE. +(Closes: #992542) + + -- Joao Eriberto Mota Filho Sat, 14 Aug 2021 22:39:13 -0300 + detox (1.3.0-4) unstable; urgency=medium * debian/control: bumped Standards-Version to 4.2.1. diff -Nru detox-1.3.0/debian/patches/010_fix-largefiles.patch detox-1.3.0/debian/patches/010_fix-largefiles.patch --- detox-1.3.0/debian/patches/010_fix-largefiles.patch 1969-12-31 21:00:00.0 -0300 +++ detox-1.3.0/debian/patches/010_fix-largefiles.patch 2021-08-14 22:39:13.0 -0300 @@ -0,0 +1,21 @@ +Description: fix 'Value too large for defined data type' on ARM +Author: Doug Harple +Bug-Debian: https://bugs.debian.org/992542 +Origin: https://github.com/dharple/detox/commit/7fccc0871a285e5edcaa0606d7d92a2e6171f81c +Bug: https://github.com/dharple/detox/issues/81 +Forwarded: not-needed +Reviewed-By: Joao Eriberto Mota Filho +Last-Update: 2021-08-19 +Index: detox-1.3.0/configure.ac +=== +--- detox-1.3.0.orig/configure.ac detox-1.3.0/configure.ac +@@ -8,6 +8,8 @@ AC_PROG_YACC + + AC_CHECK_FUNCS([getopt_long]) + ++AC_SYS_LARGEFILE ++ + AC_CONFIG_HEADER([src/config.h]) + AC_CONFIG_FILES([ + Makefile diff -Nru detox-1.3.0/debian/patches/series detox-1.3.0/debian/patches/series --- detox-1.3.0/debian/patches/series 1969-12-31 21:00:00.0 -0300 +++ detox-1.3.0/debian/patches/series 2021-08-14 22:39:13.0 -0300 @@ -0,0 +1 @@ +010_fix-largefiles.patch
Bug#992299: bullseye-pu: package txt2man/1.7.1-1+deb11u1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
Dear team,
[ Reason ]
This is a regression. The upstream released the 1.7.1 version and a day after,
he made a commit to fix the issue[1]. This pu is fully based in the last
upstream commit. The previous version 1.7.0 worked fine in Sid and was
replaced by 1.7.1.
[1]
https://github.com/mvertes/txt2man/commit/be89fb412fd443813db6b4d2fcd4223546138757
txt2man is used to create manpages from an ASCII text following some format
rules. To generate a literal block, each line must be preceded by a TAB. In
1.7.1 version, the literal block is being generated as a normal paragraph.
Consequently, the original format is arbitrary changed by txt2man.
This upload is related to bug #992283 and I discovered this issue today.
[ Impact ]
If not approved, the user will not be able to create a manpage with literal
blocks, useful to display source codes, tables, etc.
[ Tests ]
New CI tests were introduced in the package sent to Sid to verify and avoid
future regressions.
[ Risks ]
This is a trivial fix, no risks.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
A patch (quilt) was created to modify two lines in the final executable. This
executable (txt2man) is a shell script.
[ Other info ]
None.
Thanks in advance.
Regards,
Eriberto
diff -Nru txt2man-1.7.1/debian/changelog txt2man-1.7.1/debian/changelog
--- txt2man-1.7.1/debian/changelog 2020-06-28 23:09:08.0 -0300
+++ txt2man-1.7.1/debian/changelog 2021-08-16 17:21:58.0 -0300
@@ -1,3 +1,12 @@
+txt2man (1.7.1-1+deb11u1) bullseye; urgency=medium
+
+ * debian/patches/020_fix-display-blocks.patch: created to fix regression in
+handling display blocks. Currently, literal blocks are being treated as
+paragraphs. Consequently, is not possible put a source code or a literal
+text in a manpage. (Closes: #992283)
+
+ -- Joao Eriberto Mota Filho Mon, 16 Aug 2021 17:21:58
-0300
+
txt2man (1.7.1-1) unstable; urgency=medium
* New upstream version 1.7.1.
diff -Nru txt2man-1.7.1/debian/patches/020_fix-display-blocks.patch
txt2man-1.7.1/debian/patches/020_fix-display-blocks.patch
--- txt2man-1.7.1/debian/patches/020_fix-display-blocks.patch 1969-12-31
21:00:00.0 -0300
+++ txt2man-1.7.1/debian/patches/020_fix-display-blocks.patch 2021-08-16
17:21:58.0 -0300
@@ -0,0 +1,30 @@
+Description: fix regression in handling display blocks
+ Literal blocks are started by a 'tab' per line.
+Author: Marc Vertes
+Origin:
https://github.com/mvertes/txt2man/commit/be89fb412fd443813db6b4d2fcd4223546138757
+Bug-Debian: https://bugs.debian.org/992283
+Forwarded: not-needed
+Reviewed-By: Joao Eriberto Mota Filho
+Last-Update: 2021-08-16
+Index: txt2man/txt2man
+===
+--- txt2man.orig/txt2man
txt2man/txt2man
+@@ -153,7 +153,7 @@ do
+ (I) itxt="$OPTARG§$itxt";;
+ (B) btxt="$OPTARG§$btxt";;
+ (T) post="groff -mandoc -Tlatin1 | ${PAGER:-pager}";;
+- (X) post="groff -mandoc -X -P-resolution -P100";;
++ (X) post="groff -mandoc -TX100-12 -rS12";;
+ (*) usage; exit;;
+ esac
+ done
+@@ -214,7 +214,7 @@ BEGIN {
+ # remove spaces in empty lines
+ sub(/^ +$/,"")
+ }
+-/^[[:upper:][:space:][:digit:][:punct:]]+$/ {
++/^[:space:]*[[:upper:][:digit:]]+[[:upper:][:space:][:digit:][:punct:]]+$/ {
+ # Section header
+ if ((in_bd + 0) == 1) {
+ in_bd = 0
diff -Nru txt2man-1.7.1/debian/patches/series
txt2man-1.7.1/debian/patches/series
--- txt2man-1.7.1/debian/patches/series 2020-06-28 23:09:08.0 -0300
+++ txt2man-1.7.1/debian/patches/series 2021-08-16 17:21:58.0 -0300
@@ -1 +1,2 @@
010_fix-pager-option.patch
+020_fix-display-blocks.patch
Bug#991286: unblock: netdiscover/0.7-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: eribe...@debian.org Dear Release Team, Please unblock package netdiscover. [ Reason ] The revision 0.7-4 has a patch (030) to add an important fix from the upstream[1]. This fix allows netdiscover to use correctly CIDR /24 if netdiscover is being built with libpcap >= 1.10. This fix closes #991258 [1] https://github.com/netdiscover-scanner/netdiscover/commit/2de0187c8b6aad3ca5393d96fbc5b00c453c3d23 Short explanation: Older versions of libpcap ignored to_ms on Linux. The current version captures packets until a buffer a filled or the specified timeout elapses. The value 0 disables that timeout, so libpcap will only start delivering packets once the buffer is filled. [ Impact ] If the unblock isn't granted, the user will not able to scan a network using the option '-r /24', so only /8 and /16 will work. [ Tests ] Several tests were made after the fix and it worked fine. [ Risks ] This is a trivial fix and it has no risks for the whole source code. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock netdiscover/0.7-4 diff -Nru netdiscover-0.7/debian/changelog netdiscover-0.7/debian/changelog --- netdiscover-0.7/debian/changelog2021-02-06 00:05:00.0 -0300 +++ netdiscover-0.7/debian/changelog2021-07-18 17:23:16.0 -0300 @@ -1,3 +1,10 @@ +netdiscover (0.7-4) unstable; urgency=medium + + * debian/patches/030_fix_cidr24.patch: created to fix no results with CIDR /24 +and libpcap >= 1.10. Thanks to Enrico Schmitz. (Closes: #991258) + + -- Joao Eriberto Mota Filho Sun, 18 Jul 2021 17:23:16 -0300 + netdiscover (0.7-3) unstable; urgency=medium * debian/patches/20_update-oui.patch: updated. diff -Nru netdiscover-0.7/debian/patches/030_fix_cidr24.patch netdiscover-0.7/debian/patches/030_fix_cidr24.patch --- netdiscover-0.7/debian/patches/030_fix_cidr24.patch 1969-12-31 21:00:00.0 -0300 +++ netdiscover-0.7/debian/patches/030_fix_cidr24.patch 2021-07-18 17:23:16.0 -0300 @@ -0,0 +1,21 @@ +Description: Fix no results with CIDR /24 and libpcap >= 1.10 +Author: Enrico Schmitz +Origin: https://github.com/netdiscover-scanner/netdiscover/commit/2de0187c8b6aad3ca5393d96fbc5b00c453c3d23 +Bug: https://github.com/netdiscover-scanner/netdiscover/issues/9 +Bug-Debian: https://bugs.debian.org/991258 +Forwarded: not-needed +Reviewed-By: Joao Eriberto Mota Filho +Last-Update: 2021-07-18 +Index: netdiscover/src/ifaces.h +=== +--- netdiscover.orig/src/ifaces.h netdiscover/src/ifaces.h +@@ -45,7 +45,7 @@ extern "C" + typedef uint16_t u_int16_t; + typedef uint8_t u_int8_t; +#else +- #define PCAP_TOUT 0 ++ #define PCAP_TOUT 512 +#endif + + diff -Nru netdiscover-0.7/debian/patches/series netdiscover-0.7/debian/patches/series --- netdiscover-0.7/debian/patches/series 2021-02-06 00:04:57.0 -0300 +++ netdiscover-0.7/debian/patches/series 2021-07-18 17:23:16.0 -0300 @@ -1,2 +1,3 @@ 10_fix-makefile.patch 20_update-oui.patch +030_fix_cidr24.patch
Bug#991182: unblock: jailkit/2.21-4
Hi Graham, Thank you. Regards, Eriberto
Bug#991182: unblock: jailkit/2.21-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: eribe...@debian.org Dear Release Team, Please unblock package jailkit. [ Reason ] The upstream migrated the source code from Python2 to Python3 in a previous release (Debian revision 2.21-1). Recently, he released a new version to fix some issues (upstream/2.22). This new version fixes two bad lines, not compatibles with Python3 in file py/jk_update.in. In this week, the bug #991075 pointed a crash in the current revision in testing (2.21-3), caused by those two lines (without the fix), generating a crash in the jail environment when updating it. To fix, I made a patch over 2.21 version. [ Impact ] jailkit is a set of tools to generate chroot jails easily. If the unblock isn't granted, the final user will be able to create a chroot environment but it will not be updated. There is a security issue here, because the user will always work inside an outdated environment. [ Tests ] This fix was tested by the upstream, by the bug submitter (Jesse Norel) and by me. [ Risks ] This is a trivial fix and it has no risks. I made contact with the upstream to ask if this alone change could impact negatively in whole source code and the answer was "yes it is secure to change only those two lines"[1]. [1] https://lists.nongnu.org/archive/html/jailkit-dev/2021-07/msg1.html [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] Debian bug: https://bugs.debian.org/991075 Upstream changes: https://cvs.savannah.nongnu.org/viewvc/jailkit/jailkit/py/jk_update.in?r1=1.16&r2=1.18&sortby=log Upstream contact: https://lists.nongnu.org/archive/html/jailkit-dev/2021-07/msg0.html unblock jailkit/2.21-4 diff -Nru jailkit-2.21/debian/changelog jailkit-2.21/debian/changelog --- jailkit-2.21/debian/changelog 2020-08-24 10:23:23.0 -0300 +++ jailkit-2.21/debian/changelog 2021-07-16 11:31:18.0 -0300 @@ -1,3 +1,13 @@ +jailkit (2.21-4) unstable; urgency=medium + + * debian/control: bumped Standards-Version to 4.5.1. + * debian/copyright: updated upstream and packaging copyright years. + * debian/patches/040_fix-crash-jk_update.patch: created to migrate two lines +from Python2 to 3, fixing Python3 compatibility and avoiding a crash when +updating the jail. (Closes: #991075) + + -- Joao Eriberto Mota Filho Fri, 16 Jul 2021 11:31:18 -0300 + jailkit (2.21-3) unstable; urgency=medium * debian/control: diff -Nru jailkit-2.21/debian/control jailkit-2.21/debian/control --- jailkit-2.21/debian/control 2020-08-24 10:23:23.0 -0300 +++ jailkit-2.21/debian/control 2021-07-16 11:31:18.0 -0300 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Joao Eriberto Mota Filho Build-Depends: debhelper-compat (= 13), dh-python, python3-all -Standards-Version: 4.5.0 +Standards-Version: 4.5.1 Rules-Requires-Root: no Homepage: https://olivier.sessink.nl/jailkit/ Vcs-Browser: https://salsa.debian.org/debian/jailkit diff -Nru jailkit-2.21/debian/copyright jailkit-2.21/debian/copyright --- jailkit-2.21/debian/copyright 2020-08-24 10:23:23.0 -0300 +++ jailkit-2.21/debian/copyright 2021-07-16 11:31:18.0 -0300 @@ -4,7 +4,7 @@ Source: https://olivier.sessink.nl/jailkit/ Files: * -Copyright: 2003-2019 Olivier Sessink +Copyright: 2003-2021 Olivier Sessink License: BSD-3-Clause Files: man/* @@ -23,7 +23,7 @@ License: LGPL-2+ Files: debian/* -Copyright: 2019-2020 Joao Eriberto Mota Filho +Copyright: 2019-2021 Joao Eriberto Mota Filho License: BSD-3-Clause License: BSD-3-Clause diff -Nru jailkit-2.21/debian/patches/040_fix-crash-jk_update.patch jailkit-2.21/debian/patches/040_fix-crash-jk_update.patch --- jailkit-2.21/debian/patches/040_fix-crash-jk_update.patch 1969-12-31 21:00:00.0 -0300 +++ jailkit-2.21/debian/patches/040_fix-crash-jk_update.patch 2021-07-16 11:31:18.0 -0300 @@ -0,0 +1,36 @@ +Description: Fix Python3 compatibility, avoiding a crash when updating jail +Author: Olivier Sessink +Bug-Debian: https://bugs.debian.org/991075 +Origin: https://cvs.savannah.nongnu.org/viewvc/jailkit/jailkit/py/jk_update.in?r1=1.16&r2=1.18 +Forwarded: not-needed +Last-Update: 2021-07-16 +Index: jailkit/py/jk_update.in +=== +--- jailkit.orig/py/jk_update.in jailkit/py/jk_update.in +@@ -1,6 +1,6 @@ + #!/usr/bin/python + # +-#Copyright (c) 2006, 2007, Olivier Sessink ++#Copyright (c) 2006, 2007, 2020, 2021 Olivier Sessink + #All rights reserved. + # + #Redistribution and use in source and binary forms, with or without +@@ -260,7 +260,7 @@ def main(): + tmp = jk_lib.config_get_option_as_list(cfg,configsection,'skips') + for entry in tmp: +
Bug#946906: autoremoval looking at Recommends field
Package: release.debian.org Severity: serious >From https://udd.debian.org/cgi-bin/autoremovals.cgi: forensics-all: buggy deps aircrack-ng, flagged for removal in 18 days >From https://tracker.debian.org/pkg/forensics-all: Version 3.12 of forensics-all is marked for autoremoval from testing on Sat 04 Jan 2020. It depends (transitively) on aircrack-ng, affected by #936113. You should try to prevent the removal by fixing these RC bugs. However, since version 3.11 aircrack-ng is a recommended package, not a dependency. From Sid: $ apt-cache depends forensics-all | grep aircrack Recommends: aircrack-ng Thanks in advance. Regards, Eriberto -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: unable to detect
Bug#929142: unblock: testssl.sh/2.9.5-7+dfsg1-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package testssl.sh.
The uploaded revision will fix the RC bug #928728, adding some install
dependencies.
I attached a debdiff.
Thanks a lot in advance.
Regards,
Eriberto
unblock testssl.sh/2.9.5-7+dfsg1-2
diff -Nru testssl.sh-2.9.5-7+dfsg1/debian/changelog
testssl.sh-2.9.5-7+dfsg1/debian/changelog
--- testssl.sh-2.9.5-7+dfsg1/debian/changelog 2019-01-27 19:25:45.0
-0200
+++ testssl.sh-2.9.5-7+dfsg1/debian/changelog 2019-05-17 20:38:36.0
-0300
@@ -1,3 +1,11 @@
+testssl.sh (2.9.5-7+dfsg1-2) unstable; urgency=medium
+
+ * Team upload.
+ * debian/control: added dnsutils | ldnsutils, bsdmainutils
+and procps as dependencies. (Closes: #928728)
+
+ -- Joao Eriberto Mota Filho Fri, 17 May 2019 20:38:36
-0300
+
testssl.sh (2.9.5-7+dfsg1-1) unstable; urgency=medium
* Team upload
diff -Nru testssl.sh-2.9.5-7+dfsg1/debian/control
testssl.sh-2.9.5-7+dfsg1/debian/control
--- testssl.sh-2.9.5-7+dfsg1/debian/control 2019-01-27 19:25:21.0
-0200
+++ testssl.sh-2.9.5-7+dfsg1/debian/control 2019-05-17 20:38:36.0
-0300
@@ -14,7 +14,10 @@
Multi-Arch: foreign
Depends: ${misc:Depends},
${shlibs:Depends},
- openssl (>= 1)
+ bsdmainutils,
+ dnsutils | ldnsutils,
+ openssl (>= 1),
+ procps
Description: Command line tool to check TLS/SSL ciphers, protocols and
cryptographic flaws
testssl.sh is a free command line tool which checks a server's service
on any port for the support of TLS/SSL ciphers, protocols as well as
Bug#928960: unblock: forensics-all/3.7
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package forensics-all. The mdk4 was just removed from Depends field in debian/control because of bug #921694. I attached a debdiff. unblock forensics-all/3.7 Thanks in advance. Regards, Eriberto
Bug#924287: unblock: afflib/3.7.17-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package afflib. The afflib had a FTBFS because a library symbol. The symbol was removed and a little updated was made in package. This upload closed bug #923959. The current changelog is: afflib (3.7.17-5) unstable; urgency=medium * Using new DH level format. Consequently: - debian/compat: removed. - debian/control: changed from 'debhelper' to 'debhelper-compat' in Build-Depends field and bumped level to 12. * debian/control: bumped Standards-Version to 4.3.0. * debian/libafflib0v5.symbols: - Added a Build-Depends-Package field. - Removed a symbol to fix a FTBFS. Thanks to Santiago Vila . (Closes: #923959) -- Joao Eriberto Mota Filho Thu, 07 Mar 2019 14:59:10 -0300 I attached a debdiff. Thanks a lot in advance. Eriberto diff -Nru afflib-3.7.17/debian/changelog afflib-3.7.17/debian/changelog --- afflib-3.7.17/debian/changelog 2018-09-29 23:20:47.0 -0300 +++ afflib-3.7.17/debian/changelog 2019-03-07 14:59:10.0 -0300 @@ -1,3 +1,17 @@ +afflib (3.7.17-5) unstable; urgency=medium + + * Using new DH level format. Consequently: + - debian/compat: removed. + - debian/control: changed from 'debhelper' to 'debhelper-compat' in +Build-Depends field and bumped level to 12. + * debian/control: bumped Standards-Version to 4.3.0. + * debian/libafflib0v5.symbols: + - Added a Build-Depends-Package field. + - Removed a symbol to fix a FTBFS. Thanks to Santiago Vila +. (Closes: #923959) + + -- Joao Eriberto Mota Filho Thu, 07 Mar 2019 14:59:10 -0300 + afflib (3.7.17-4) unstable; urgency=medium * Upload to unstable. diff -Nru afflib-3.7.17/debian/compat afflib-3.7.17/debian/compat --- afflib-3.7.17/debian/compat 2018-09-27 21:08:53.0 -0300 +++ afflib-3.7.17/debian/compat 1969-12-31 21:00:00.0 -0300 @@ -1 +0,0 @@ -11 diff -Nru afflib-3.7.17/debian/control afflib-3.7.17/debian/control --- afflib-3.7.17/debian/control2018-09-27 21:08:53.0 -0300 +++ afflib-3.7.17/debian/control2019-03-07 14:59:10.0 -0300 @@ -3,14 +3,14 @@ Priority: optional Maintainer: Debian Security Tools Uploaders: Joao Eriberto Mota Filho -Build-Depends: debhelper (>= 11), +Build-Depends: debhelper-compat (= 12), chrpath, libcurl4-openssl-dev, libexpat1-dev, libfuse-dev [!hurd-i386], libssl-dev, zlib1g-dev -Standards-Version: 4.2.1 +Standards-Version: 4.3.0 Homepage: https://github.com/sshock/AFFLIBv3 Vcs-Browser: https://salsa.debian.org/pkg-security-team/afflib Vcs-Git: https://salsa.debian.org/pkg-security-team/afflib.git diff -Nru afflib-3.7.17/debian/libafflib0v5.symbols afflib-3.7.17/debian/libafflib0v5.symbols --- afflib-3.7.17/debian/libafflib0v5.symbols 2018-09-29 14:14:43.0 -0300 +++ afflib-3.7.17/debian/libafflib0v5.symbols 2019-03-07 14:59:10.0 -0300 @@ -1,4 +1,5 @@ libafflib.so.0 libafflib0v5 #MINVER# +* Build-Depends-Package: libafflib-dev IID_ICompressCoder2@Base 3.7.6 IID_ICompressCoder@Base 3.7.6 IID_ICompressFilter@Base 3.7.6 @@ -373,7 +374,6 @@ (optional)_ZNSt6vectorIPN2s36BucketESaIS2_EE19_M_emplace_back_auxIJS2_EEEvDpOT_@Base 3.7.17 _ZNSt6vectorIPN2s38ContentsESaIS2_EE17_M_realloc_insertIJS2_EEEvN9__gnu_cxx17__normal_iteratorIPS2_S4_EEDpOT_@Base 3.7.16 (optional)_ZNSt6vectorIPN2s38ContentsESaIS2_EE19_M_emplace_back_auxIJS2_EEEvDpOT_@Base 3.7.17 - _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE16_M_insert_uniqueIS5_EESt4pairISt17_Rb_tree_iteratorIS5_EbEOT_@Base 3.7.16 _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE8_M_eraseEPSt13_Rb_tree_nodeIS5_E@Base 3.7.16 _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_S5_ESt10_Select1stIS8_ESt4lessIS5_ESaIS8_EE14_M_insert_nodeEPSt18_Rb_tree_node_baseSG_PSt13_Rb_tree_nodeIS8_E@Base 3.7.16 _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_S5_ESt10_Select1stIS8_ESt4lessIS5_ESaIS8_EE24_M_get_insert_unique_posERS7_@Base 3.7.16
Bug#914081: stretch-pu: package jdupes/1.7-2
Em seg, 4 de fev de 2019 às 19:29, Adam D. Barratt escreveu: > > Control: tags -1 + confirmed > > On Mon, 2018-11-19 at 01:11 -0200, Joao Eriberto Mota Filho wrote: > > From the jdupes upstream: > > > > "All versions from 1.5.1 up to 1.7 have potentially serious bugs in > > the internal memory allocator which caused crashes on Debian ARM and > > macOS Sierra. These should be updated to a minimum of v1.8 if at all > > possible. > > > > If that isn't possible, the following commits improving/fixing the > > internal memory allocator should be patched into the old versions: > > Please go ahead; sorry for the delay. Hi Adam, Uploaded. Thanks! Regards, Eriberto
Bug#914081: stretch-pu: package jdupes/1.7-2
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
>From the jdupes upstream:
"All versions from 1.5.1 up to 1.7 have potentially serious bugs in the
internal memory allocator which caused crashes on Debian ARM and macOS
Sierra. These should be updated to a minimum of v1.8 if at all possible.
If that isn't possible, the following commits improving/fixing the internal
memory allocator should be patched into the old versions:
e2bebfdbadd0474a6b5f16f46ce1b48201d75150
78e06c3eb1f1cfdebf8ca555f5c699b69b3a9aad
1f2fe4a0c1bca7486cfc5aa84877246e90d1321a
1498a04e2ad5ba6cef6e94c5f64408d35670f7b8"
This upload will close #914078
Thanks in advance.
Regards,
Eriberto
diff -Nru jdupes-1.7/debian/changelog jdupes-1.7/debian/changelog
--- jdupes-1.7/debian/changelog 2017-02-06 22:19:51.0 -0200
+++ jdupes-1.7/debian/changelog 2018-11-19 00:10:16.0 -0200
@@ -1,3 +1,10 @@
+jdupes (1.7-2+deb9u1) stretch; urgency=medium
+
+ * debian/patches/20_fix-crash-arm.patch: add to fix a potential crash in
+ARM. Thanks to Jody Bruchon . (Closes: #914078)
+
+ -- Joao Eriberto Mota Filho Mon, 19 Nov 2018 00:10:16
-0200
+
jdupes (1.7-2) unstable; urgency=medium
* debian/patches/10_fix-segfault.patch: added to fix a segmentation fault in
diff -Nru jdupes-1.7/debian/patches/20_fix-crash-arm.patch
jdupes-1.7/debian/patches/20_fix-crash-arm.patch
--- jdupes-1.7/debian/patches/20_fix-crash-arm.patch1969-12-31
21:00:00.0 -0300
+++ jdupes-1.7/debian/patches/20_fix-crash-arm.patch2018-11-19
00:10:16.0 -0200
@@ -0,0 +1,250 @@
+Description: fix a potential crash in ARM.
+ From the jdupes upstream:
+
+ "All versions from 1.5.1 up to 1.7 have potentially serious bugs in the
+ internal memory allocator which caused crashes on Debian ARM and macOS
+ Sierra. These should be updated to a minimum of v1.8 if at all possible.
+
+ If that isn't possible, the following commits improving/fixing the internal
+ memory allocator should be patched into the old versions:
+
+ e2bebfdbadd0474a6b5f16f46ce1b48201d75150
+ 78e06c3eb1f1cfdebf8ca555f5c699b69b3a9aad
+ 1f2fe4a0c1bca7486cfc5aa84877246e90d1321a
+ 1498a04e2ad5ba6cef6e94c5f64408d35670f7b8
+Author: Jody Bruchon
+Origin: upstream
+
https://github.com/jbruchon/jdupes/commit/e2bebfdbadd0474a6b5f16f46ce1b48201d75150.patch
+
https://github.com/jbruchon/jdupes/commit/78e06c3eb1f1cfdebf8ca555f5c699b69b3a9aad.patch
+
https://github.com/jbruchon/jdupes/commit/1f2fe4a0c1bca7486cfc5aa84877246e90d1321a.patch
+
https://github.com/jbruchon/jdupes/commit/1498a04e2ad5ba6cef6e94c5f64408d35670f7b8.patch
+Bug-Debian: https://bugs.debian.org/914078
+Last-Update: 2017-01-19
+--- jdupes-1.7.orig/jdupes.c
jdupes-1.7/jdupes.c
+@@ -501,18 +501,24 @@ extern int check_conditions(const file_t
+ }
+
+
+-/* Create a new traversal check object */
+-static int travdone_alloc(struct travdone **trav, const char * const restrict
dir)
++/* Create a new traversal check object and initialize its values */
++static struct travdone *travdone_alloc(const jdupes_ino_t inode, const dev_t
device)
+ {
+- *trav = string_malloc(sizeof(struct travdone));
+- if (*trav == NULL) {
++ struct travdone *trav;
++
++ LOUD(fprintf(stderr, "travdone_alloc(%jd, %jd)\n", (intmax_t)inode,
(intmax_t)device);)
++
++ trav = (struct travdone *)string_malloc(sizeof(struct travdone));
++ if (trav == NULL) {
+ LOUD(fprintf(stderr, "travdone_alloc: malloc returned NULL\n");)
+-return -1;
++return NULL;
+ }
+- (*trav)->left = NULL;
+- (*trav)->right = NULL;
+- if (getdirstats(dir, &((*trav)->inode), &((*trav)->device)) != 0) return -1;
+- return 0;
++ trav->left = NULL;
++ trav->right = NULL;
++ trav->inode = inode;
++ trav->device = device;
++ LOUD(fprintf(stderr, "travdone_alloc returned %p\n", (void *)trav);)
++ return trav;
+ }
+
+
+@@ -545,22 +551,23 @@ static void grokdir(const char * const r
+ LOUD(fprintf(stderr, "grokdir: scanning '%s' (order %d)\n", dir,
user_dir_count));
+
+ /* Double traversal prevention tree */
++ if (getdirstats(dir, &inode, &device) != 0) goto error_travdone;
+ if (travdone_head == NULL) {
+-if (travdone_alloc(&travdone_head, dir) != 0) goto error_travdone;
++travdone_head = travdone_alloc(inode, device);
++if (travdone_head == NULL) goto error_travdone;
+ } else {
+-if (getdirstats(dir, &inode, &device) != 0) goto error_travdone;
+ traverse = travdone_head;
+ while (1) {
+ /* Don't re-traverse directories we've already seen */
+ if (inode == traverse->inode && device == traverse->device) {
+ LOUD(fprintf(stderr, "already seen dir '%s', skipping\n", dir);)
+ return;
+- }
+- if (inode >= traverse->ino
Bug#861287: unblock: dcfldd/1.3.4.1-11
Hi Ivo, This change is important to allow users complete for paths/files via TAB, improving the functions. I already submitted similar a bug (#856820). Please, consider this change which will benefit all dcfldd users and not will compromisse the build. Thanks for your attention. Regards, Eriberto 2017-04-30 14:51 GMT-03:00 Ivo De Decker : > Hi, > > On Wed, Apr 26, 2017 at 10:21:13PM -0300, Joao Eriberto Mota Filho wrote: >> Please unblock package dcfldd. >> >> Some considerations: >> >> * The revision add Bash completion, closing #771678, and add a newline in >> final report. > > These changes don't seem to be in line with the freeze policy, so I'm closing > this request. > > https://release.debian.org/stretch/freeze_policy.html > > Cheers, > > Ivo >
Bug#861287: unblock: dcfldd/1.3.4.1-11
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package dcfldd. Some considerations: * The revision add Bash completion, closing #771678, and add a newline in final report. * The package was already uploaded to Sid and it builds correctly on all applicable architectures. * There is a debdiff attached. * The debian/changelog says: dcfldd (1.3.4.1-11) unstable; urgency=medium * Added a Bash completion scheme. (Closes: #771678) - Added bash-completion to Build-Depends field in debian/control. - Added the addon bash-completion to dh in debian/rules. - Created debian/bash_completion and debian/bash-completion files. * debian/patches/70_fix-total-message.patch: created to add a newline to generate a space between the final summary message and hashes. Thanks in advance. Regards, Eriberto
Bug#856820: unblock: forensics-extra/1.8
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package forensics-extra. Some considerations: * This is a meta-package. * The package was already uploaded to Sid and it builds correctly as all (architecture independent). * There is a debdiff attached. * The debian/changelog says: forensics-extra (1.8) unstable; urgency=medium * debian/control: moved clamav from Depends to Recommends field in forensics-extra package. Clamav installs freshclam which can use Internet to download several signatures and also can slow down the disks. It can be inconvenient when using small computers over limited links. Thanks in advance. Regards, Eriberto diff -Nru forensics-extra-1.7/debian/changelog forensics-extra-1.8/debian/changelog --- forensics-extra-1.7/debian/changelog2017-02-27 01:21:19.0 -0300 +++ forensics-extra-1.8/debian/changelog2017-03-05 00:11:31.0 -0300 @@ -1,3 +1,13 @@ +forensics-extra (1.8) unstable; urgency=medium + + * debian/control: moved clamav from Depends to Recommends field in +forensics-extra package. Clamav installs freshclam which can use +Internet to download several signatures and also can slow down the +disks. It can be inconvenient when using small computers over limited +links. + + -- Joao Eriberto Mota Filho Sun, 05 Mar 2017 00:11:31 -0300 + forensics-extra (1.7) unstable; urgency=medium * debian/control: moved wifite, affected by pyrit (see previous changelog), diff -Nru forensics-extra-1.7/debian/control forensics-extra-1.8/debian/control --- forensics-extra-1.7/debian/control 2017-02-27 01:21:19.0 -0300 +++ forensics-extra-1.8/debian/control 2017-03-05 00:11:31.0 -0300 @@ -11,7 +11,7 @@ Package: forensics-extra Architecture: all -Recommends: pyrit, wifite +Recommends: clamav, pyrit, wifite Depends: aircrack-ng, bfbtester, binutils, @@ -20,7 +20,6 @@ bzip2, cabextract, chntpw, - clamav, cmospwd, crunch, cryptmount,
Bug#856262: unblock: forensics-extra/1.7
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package forensics-extra. Some considerations: * This is a meta-package and it was unavailable to i386 arch because depends of pyrit. See here[1]. Consequently, wifite was affected too. The solution to make forensics-extra installable over i386 was move pyrit and wifite from Depends field to Recommends. [1] https://lists.debian.org/debian-mentors/2017/02/msg00180.html * The package was already uploaded to Sid and it builds correctly as all (architecture independent). * There is a debdiff attached. * The debian/changelog says: forensics-extra (1.7) unstable; urgency=medium * debian/control: moved wifite, affected by pyrit (see previous changelog), to Recommends field in forensics-extra package. -- Joao Eriberto Mota Filho Mon, 27 Feb 2017 01:21:19 -0300 forensics-extra (1.6) unstable; urgency=medium * debian/control: moved pyrit to Recommends field, in forensics-extra package, because it is not building over i386 arch. See: https://lists.debian.org/debian-mentors/2017/02/msg00180.html -- Joao Eriberto Mota Filho Sat, 25 Feb 2017 14:05:30 -0300 Thanks in advance. Regards, Eriberto diff -Nru forensics-extra-1.5/debian/changelog forensics-extra-1.7/debian/changelog --- forensics-extra-1.5/debian/changelog2017-01-24 16:50:24.0 -0200 +++ forensics-extra-1.7/debian/changelog2017-02-27 01:21:19.0 -0300 @@ -1,3 +1,18 @@ +forensics-extra (1.7) unstable; urgency=medium + + * debian/control: moved wifite, affected by pyrit (see previous changelog), +to Recommends field in forensics-extra package. + + -- Joao Eriberto Mota Filho Mon, 27 Feb 2017 01:21:19 -0300 + +forensics-extra (1.6) unstable; urgency=medium + + * debian/control: moved pyrit to Recommends field, in forensics-extra +package, because it is not building over i386 arch. See: +https://lists.debian.org/debian-mentors/2017/02/msg00180.html + + -- Joao Eriberto Mota Filho Sat, 25 Feb 2017 14:05:30 -0300 + forensics-extra (1.5) unstable; urgency=medium * Updated the copyright years. diff -Nru forensics-extra-1.5/debian/control forensics-extra-1.7/debian/control --- forensics-extra-1.5/debian/control 2017-01-24 16:50:24.0 -0200 +++ forensics-extra-1.7/debian/control 2017-02-27 01:21:19.0 -0300 @@ -11,6 +11,7 @@ Package: forensics-extra Architecture: all +Recommends: pyrit, wifite Depends: aircrack-ng, bfbtester, binutils, @@ -76,7 +77,6 @@ pev, polenum, poppler-utils, - pyrit, rarcrack, samdump2, sipcrack, @@ -121,7 +121,6 @@ wgaelic, wgerman-medical, whois, - wifite, wirish, witalian, wmanx,
Bug#854919: unblock: rephrase/0.2-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package rephrase.
Some considerations:
* The package was unusable. This revision fix the issue, doing an
unconditional call to gpg with "--pinentry-mode loopback", allowing
rephrase work with GPG2. It closes #853935, severity grave.
* The package was already uploaded to Sid and it builds correctly
on all applicable architectures.
* There is a debdiff attached.
* The debian/changelog says:
rephrase (0.2-2) unstable; urgency=medium
* Team upload.
* debian/control:
- Bumped Standards-Version to 3.9.8.
- Updated the Vcs-Git field to use https instead of git.
* debian/patches/02_minimal_gpg2_support.patch: added to unconditionally
call gpg with "--pinentry-mode loopback", allowing rephrase work with
GPG2. Thanks to Axel Beckert . (Closes: #853935)
Thanks in advance.
Regards,
Eriberto
diff -Nru rephrase-0.2/debian/changelog rephrase-0.2/debian/changelog
--- rephrase-0.2/debian/changelog 2015-07-14 12:02:55.0 -0300
+++ rephrase-0.2/debian/changelog 2017-02-05 18:53:54.0 -0200
@@ -1,3 +1,15 @@
+rephrase (0.2-2) unstable; urgency=medium
+
+ * Team upload.
+ * debian/control:
+ - Bumped Standards-Version to 3.9.8.
+ - Updated the Vcs-Git field to use https instead of git.
+ * debian/patches/02_minimal_gpg2_support.patch: added to unconditionally
+call gpg with "--pinentry-mode loopback", allowing rephrase work with
+GPG2. Thanks to Axel Beckert . (Closes: #853935)
+
+ -- Joao Eriberto Mota Filho Sun, 05 Feb 2017 18:53:54
-0200
+
rephrase (0.2-1) unstable; urgency=medium
* Team upload.
diff -Nru rephrase-0.2/debian/control rephrase-0.2/debian/control
--- rephrase-0.2/debian/control 2015-07-13 17:57:52.0 -0300
+++ rephrase-0.2/debian/control 2017-02-05 18:53:54.0 -0200
@@ -4,10 +4,10 @@
Maintainer: Debian Forensics
Uploaders: Tiago Bortoletto Vaz
Build-Depends: debhelper (>= 9)
-Standards-Version: 3.9.6
+Standards-Version: 3.9.8
Homepage: http://www.roguedaemon.net/rephrase/
Vcs-Browser: https://anonscm.debian.org/cgit/forensics/rephrase.git
-Vcs-Git: git://anonscm.debian.org/forensics/rephrase.git
+Vcs-Git: https://anonscm.debian.org/git/forensics/rephrase.git
Package: rephrase
Architecture: any
diff -Nru rephrase-0.2/debian/patches/02_minimal_gpg2_support.patch
rephrase-0.2/debian/patches/02_minimal_gpg2_support.patch
--- rephrase-0.2/debian/patches/02_minimal_gpg2_support.patch 1969-12-31
21:00:00.0 -0300
+++ rephrase-0.2/debian/patches/02_minimal_gpg2_support.patch 2017-02-05
18:53:54.0 -0200
@@ -0,0 +1,25 @@
+Description: Make rephrase working with gpg2
+Author: Axel Beckert after an idea by Daniel Kahn Gillmor
+Bug-Debian: https://bugs.debian.org/853935
+Last-Update: 2017-02-03
+Index: rephrase-0.2/rephrase.c
+===
+--- rephrase-0.2.orig/rephrase.c
rephrase-0.2/rephrase.c
+@@ -63,14 +63,14 @@ struct profile {
+ struct profile profiles[] = {
+ {
+ "--gpg-key",
+-{ GPG, "--default-key", "%1", "--passphrase-fd", "0", "--batch",
"--no-tty", "--dry-run", "--clearsign", "/dev/null", NULL },
++{ GPG, "--pinentry-mode", "loopback", "--default-key", "%1",
"--passphrase-fd", "0", "--batch", "--no-tty", "--dry-run", "--clearsign",
"/dev/null", NULL },
+ 1,
+ 0,
+ -1
+ },
+ {
+ "--gpg-symmetric",
+-{ GPG, "--passphrase-fd", "0", "--batch", "--no-tty", "--decrypt", "%1",
NULL },
++{ GPG, "--pinentry-mode", "loopback", "--passphrase-fd", "0", "--batch",
"--no-tty", "--decrypt", "%1", NULL },
+ 1,
+ 0,
+ -1
diff -Nru rephrase-0.2/debian/patches/series rephrase-0.2/debian/patches/series
--- rephrase-0.2/debian/patches/series 2015-07-13 17:42:25.0 -0300
+++ rephrase-0.2/debian/patches/series 2017-02-05 18:53:54.0 -0200
@@ -1 +1,2 @@
01_fix_bin_path.patch
+02_minimal_gpg2_support.patch
Bug#854465: unblock: jdupes/1.7-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package jdupes.
Some considerations:
* The revision fix a segment fault issue when jdupes is used in some
conditions. It will close #854427, severity important.
* The patch used to fix was generated by the upstream.
* The package was already uploaded to Sid and it builds correctly
on all applicable architectures.
* There is a debdiff attached.
* The debian/changelog says:
jdupes (1.7-2) unstable; urgency=medium
* debian/patches/10_fix-segfault.patch: added to fix a segmentation
fault in jdupes. (Closes: #854427)
Thanks in advance.
Regards,
Eriberto
diff -Nru jdupes-1.7/debian/changelog jdupes-1.7/debian/changelog
--- jdupes-1.7/debian/changelog 2017-01-03 17:30:04.0 -0200
+++ jdupes-1.7/debian/changelog 2017-02-06 22:19:51.0 -0200
@@ -1,3 +1,10 @@
+jdupes (1.7-2) unstable; urgency=medium
+
+ * debian/patches/10_fix-segfault.patch: added to fix a segmentation fault in
+jdupes. (Closes: #854427)
+
+ -- Joao Eriberto Mota Filho Mon, 06 Feb 2017 22:19:51
-0200
+
jdupes (1.7-1) unstable; urgency=medium
* New upstream release.
diff -Nru jdupes-1.7/debian/patches/10_fix-segfault.patch
jdupes-1.7/debian/patches/10_fix-segfault.patch
--- jdupes-1.7/debian/patches/10_fix-segfault.patch 1969-12-31
21:00:00.0 -0300
+++ jdupes-1.7/debian/patches/10_fix-segfault.patch 2017-02-06
22:19:33.0 -0200
@@ -0,0 +1,147 @@
+Description: fix a major bug in string_malloc()'s free list functionality
+ (Closes: #854427)
+Author: Jody Bruchon
+Last-Update: 2017-01-19
+Index: jdupes-1.7/string_malloc.c
+===
+--- jdupes-1.7.orig/string_malloc.c
jdupes-1.7/string_malloc.c
+@@ -30,7 +30,7 @@
+ #endif
+
+ static void *sma_head = NULL;
+-static uintptr_t *sma_lastpage = NULL;
++static uintptr_t *sma_curpage = NULL;
+ static unsigned int sma_pages = 0;
+ static void *sma_freelist[SMA_MAX_FREE];
+ static int sma_freelist_cnt = 0;
+@@ -52,9 +52,9 @@ uintmax_t sma_free_tails = 0;
+ /* Scan the freed chunk list for a suitably sized object */
+ static inline void *scan_freelist(const size_t size)
+ {
+- size_t *min_p, *object;
++ size_t *object, *min_p;
+ size_t sz, min = 0;
+- int i, used = 0;
++ int i, used = 0, min_i = -1;
+
+ /* Don't bother scanning if the list is empty */
+ if (sma_freelist_cnt == 0) return NULL;
+@@ -74,9 +74,9 @@ static inline void *scan_freelist(const
+ /* Skip smaller objects */
+ if (sz < size) continue;
+ /* Object is big enough; record if it's the new minimum */
+- if (min == 0 || sz < min) {
++ if (min == 0 || sz <= min) {
+ min = sz;
+- min_p = object;
++ min_i = i;
+ /* Always stop scanning if exact sized object found */
+ if (sz == size) break;
+ }
+@@ -85,8 +85,9 @@ static inline void *scan_freelist(const
+ /* Enhancement TODO: split the free item if it's big enough */
+
+ /* Return smallest object found and delete from free list */
+- if (min != 0) {
+- sma_freelist[i] = NULL;
++ if (min_i != -1) {
++ min_p = sma_freelist[min_i];
++ sma_freelist[min_i] = NULL;
+ sma_freelist_cnt--;
+ min_p++;
+ return (void *)min_p;
+@@ -107,10 +108,10 @@ static inline void *string_malloc_page(v
+ *pageptr = (uintptr_t)NULL;
+
+ /* Link previous page to this page, if applicable */
+- if (sma_lastpage != NULL) *sma_lastpage = (uintptr_t)pageptr;
++ if (sma_curpage != NULL) *sma_curpage = (uintptr_t)pageptr;
+
+ /* Update last page pointers and total page counter */
+- sma_lastpage = pageptr;
++ sma_curpage = pageptr;
+ sma_pages++;
+
+ return (void *)pageptr;
+@@ -119,7 +120,7 @@ static inline void *string_malloc_page(v
+
+ void *string_malloc(size_t len)
+ {
+- const void * restrict page = (char *)sma_lastpage;
++ const void * restrict page = (char *)sma_curpage;
+ static size_t *address;
+
+ /* Calling with no actual length is invalid */
+@@ -130,8 +131,6 @@ void *string_malloc(size_t len)
+ len &= ~(sizeof(uintptr_t) - 1);
+ len += sizeof(uintptr_t);
+ }
+- /* Make room for size prefix */
+- len += sizeof(size_t);
+
+ /* Pass-through allocations larger than maximum object size to malloc()
*/
+ if (len > (SMA_PAGE_SIZE - sizeof(uintptr_t) - sizeof(size_t))) {
+@@ -151,7 +150,7 @@ void *string_malloc(size_t len)
+ for (int i = 0; i < SMA_MAX_FREE; i++) sma_freelist[i] = NULL;
+ /* Allocate fir
Bug#845474: jessie-pu: package sniffit/0.3.7.beta-17
2016-12-10 19:48 GMT-02:00 Adam D. Barratt : > Control: tags -1 + confirmed > > On Wed, 2016-11-23 at 17:32 -0200, Joao Eriberto Mota Filho wrote: >> This update will fix CVE-2014-5439: Root shell on Sniffit[1]. The issue is >> already fixed in Sid (since 0.3.7.beta-20, without a bug) and in upstream. >> >> [1] >> http://hmarco.org/bugs/CVE-2014-5439-sniffit_0.3.7-stack-buffer-overflow.html > > Please go ahead. Uploaded. Thanks! Eriberto
Bug#845474: jessie-pu: package sniffit/0.3.7.beta-17
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
Hi,
This update will fix CVE-2014-5439: Root shell on Sniffit[1]. The issue is
already fixed in Sid (since 0.3.7.beta-20, without a bug) and in upstream.
[1]
http://hmarco.org/bugs/CVE-2014-5439-sniffit_0.3.7-stack-buffer-overflow.html
Thanks a lot in advance.
Regards,
Eriberto
diff -Nru sniffit-0.3.7.beta/debian/changelog sniffit-0.3.7.beta/debian/changelog
--- sniffit-0.3.7.beta/debian/changelog 2012-08-21 19:51:44.0 -0300
+++ sniffit-0.3.7.beta/debian/changelog 2016-11-23 17:05:14.0 -0200
@@ -1,3 +1,9 @@
+sniffit (0.3.7.beta-17+deb8u1) jessie; urgency=medium
+
+ * Added a patch to fix CVE-2014-5439 (Root shell on Sniffit).
+
+ -- Joao Eriberto Mota Filho Wed, 23 Nov 2016 16:57:34 -0200
+
sniffit (0.3.7.beta-17) unstable; urgency=low
* Acknowledge NMU.
diff -Nru sniffit-0.3.7.beta/debian/patches/fix-CVE-2014-5439.patch sniffit-0.3.7.beta/debian/patches/fix-CVE-2014-5439.patch
--- sniffit-0.3.7.beta/debian/patches/fix-CVE-2014-5439.patch 1969-12-31 21:00:00.0 -0300
+++ sniffit-0.3.7.beta/debian/patches/fix-CVE-2014-5439.patch 2016-11-23 17:11:18.0 -0200
@@ -0,0 +1,33 @@
+Description: fix CVE-2014-5439 - Root shell on Sniffit.
+Author: Hector Marco < hma...@hmarco.or>
+Ismael Ripoll
+Last-Update: 2014-07-??
+Origin: http://hmarco.org/bugs/CVE-2014-5439-sniffit_0.3.7-stack-buffer-overflow.html
+Index: sniffit-0.3.7.beta/sn_cfgfile.c
+===
+--- sniffit-0.3.7.beta.orig/sn_cfgfile.c
sniffit-0.3.7.beta/sn_cfgfile.c
+@@ -119,6 +119,11 @@ char *clean_string (char *string)
+ char help[20];
+ int i, j;
+
++if(strlen(string) >= 20){
++ fprintf(stderr, "Error: String too long [%s]\n", string);
++ exit(-1);
++}
++
+ j=0;
+ for(i=0;i= 20){
++ fprintf(stderr, "Error: String too long [%s]\n", string);
++ exit(-1);
++}
++
+ j=0;
+ for(i=0;i
Bug#801551: jessie-pu: package stress/1.0.1-1
Hi Adam, Sorry for my delay and thanks for your help. I marked stress as fixed in 1.0.4-1 (unstable). What is the next step? Regards, Eriberto 2015-10-21 16:08 GMT-02:00 Adam D. Barratt : > On Wed, 2015-10-21 at 13:54 -0200, Eriberto wrote: >> Hi Adam, >> >> The problem is not happening in any buildds now. > > That doesn't actually answer the question of whether it's fixed or just > not currently happening to trigger. > >> As an additional information, in 1.0.4-1 revision I migrated the >> debian/rules to reduced format (dh $@) and I am using autoreconf. > > There's a reasonable chance that the combination of those two changes > has removed the issue, however. > > In which case, you need to fix up the version metadata on #799717 - both > because we're unlikely to accept the package for stable while the BTS > still says unstable is buggy and because otherwise the package will get > auto-removed from testing in a couple of weeks time. > > Regards, > > Adam >
Bug#803590: RM: core-network/4.7-2
I agree. Thanks! Eriberto 2015-10-31 13:47 GMT-02:00 Salvatore Bonaccorso : > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: rm > > Hi Stable Release managers, > > Joao Eriberto Mota Filho (maintainer of core-network) is > X-Debbug-CC'ed. > > If the core-network daemon is started, then #799756 explains > core-network allows privilege escalation through the > core-network-daemon. > > https://github.com/coreemu/core/issues/75 > http://pf.itd.nrl.navy.mil/pipermail/core-users/2015-October/001872.html > http://pf.itd.nrl.navy.mil/pipermail/core-users/2015-August/001837.html > > Please remove core-network in the next jessie point release. > > Regards, > Salvatore
Bug#801551: jessie-pu: package stress/1.0.1-1
Hi Adam, The problem is not happening in any buildds now. As an additional information, in 1.0.4-1 revision I migrated the debian/rules to reduced format (dh $@) and I am using autoreconf. Thanks! Regards, Eriberto 2015-10-20 17:14 GMT-02:00 Adam D. Barratt : > Control: tags -1 + moreinfo > > On Sun, 2015-10-11 at 20:59 -0300, Joao Eriberto Mota Filho wrote: >> I would like to ask for acceptance of the jessie-pu based in attached >> debdiff. >> This upload will close a 'serious' bug present in Jessie. >> >> The changelog is: >> >> -- >> stress (1.0.1-1+deb8u1) jessie; urgency=medium >> >> * debian/rules: avoid to install info/dir.gz file. (Closes: #799717) > > Is this actually fixed in sid, or just happening not to trigger on any > buildds there currently? If the former, how? > > Regards, > > Adam >
Bug#801551: jessie-pu: package stress/1.0.1-1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi, I would like to ask for acceptance of the jessie-pu based in attached debdiff. This upload will close a 'serious' bug present in Jessie. The changelog is: -- stress (1.0.1-1+deb8u1) jessie; urgency=medium * debian/rules: avoid to install info/dir.gz file. (Closes: #799717) -- Joao Eriberto Mota Filho Sun, 11 Oct 2015 20:20:51 -0300 -- Thanks a lot in advance. Regards, Eriberto -- System Information: Debian Release: 8.2 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -u stress-1.0.1/debian/changelog stress-1.0.1/debian/changelog --- stress-1.0.1/debian/changelog +++ stress-1.0.1/debian/changelog @@ -1,3 +1,9 @@ +stress (1.0.1-1+deb8u1) jessie; urgency=medium + + * debian/rules: avoid to install info/dir.gz file. (Closes: #799717) + + -- Joao Eriberto Mota Filho Sun, 11 Oct 2015 20:20:51 -0300 + stress (1.0.1-1) unstable; urgency=low * Move to latest upstream version; closes: #541007 diff -u stress-1.0.1/debian/rules stress-1.0.1/debian/rules --- stress-1.0.1/debian/rules +++ stress-1.0.1/debian/rules @@ -51,7 +51,7 @@ # Add here commands to install the package into debian/stress. $(MAKE) install prefix=$(CURDIR)/debian/stress/usr - + rm -f $(CURDIR)/debian/stress/usr/share/info/dir.gz # Build architecture-independent files here. binary-indep: build install
Bug#771909: unblock: yowsup/0.0~git20140314.938cf1-3
Hi Jonathan, Thanks for your reply and sorry for my delay. I don't have more arguments. I only think that yowsup is a important package. But I will accept your decision. Happy Holidays for you! Cheers, Eriberto 2014-12-17 17:42 GMT-02:00 Jonathan Wiltshire : > Control: tag 773005 jessie-will-remove > Control: tag -1 moreinfo > > On Fri, Dec 12, 2014 at 10:00:32PM -0200, Eriberto Mota wrote: >> Hi Jonathan, >> >> Initially, thanks a lot for your attention. I filed the bug #773005 now. Do >> you need that I do anything more? > > No; I've fixed up the versions and tags for you. > >> Please, consider this package in Jessie. I think that a WhatsApp >> communication is very important and useful to a modern operational system. I >> feel that you liked this package and idea. > > To clarify: I'm not looking favourably on this package. > > I really do think this is better removed from Jessie. The difference > between the versions is huge and invasive, and we're just not at that stage > any longer. > > It's not clear what the future of Whatsapp will be, and we don't want to be > patching up the API again in a point release (or even removing entirely). > > I'm sorry, and I realise you'll be disappointed, but this is really isn't > a good fit for Jessie. I intend to remove it in a few days, unless I can be > convinced otherwise. > > Thanks, > > -- > Jonathan Wiltshire j...@debian.org > Debian Developer http://people.debian.org/~jmw > > 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 > -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAP+dXJcvRQsNLOiRvO4df7VTy10QC9KM=jqahspwke0901n...@mail.gmail.com
Bug#771909: unblock: yowsup/0.0~git20140314.938cf1-3
Hi Jonathan, Initially, thanks a lot for your attention. I filed the bug #773005 now. Do you need that I do anything more? Please, consider this package in Jessie. I think that a WhatsApp communication is very important and useful to a modern operational system. I feel that you liked this package and idea. I tested the whole package after applying the patches and I am using this patched version in my network (~ 400 clients). I have been kept contact with the upstream via yowsup to improve the tests. The '-3' revision is fine. The most important: this package doesn't afect other packages in Jessie. I'm hoping to get a good news from you. Have a good night. Cheers, Eriberto 2014-12-12 19:31 GMT-02:00 Jonathan Wiltshire : > > I'd be lying if I said I was enthusiastic about this. It's an > overwhelmingly big patch for a leaf package that's new in Jessie. At the > moment I'm tending more towards removing yowsup from testing. > > If nothing else, you need to file an RC bug against it with correct > versions so that the situation is properly represented. > > -- > Jonathan Wiltshire j...@debian.org > Debian Developer http://people.debian.org/~jmw > > 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 > pgpMZUjmIDueg.pgp Description: PGP signature
Bug#771909: unblock: yowsup/0.0~git20140314.938cf1-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package yowsup. Yowsup is a cross platform Python library that provides communication across WhatsApp network. In Debian, the source yowsup generates a library and a command line client. The library is the base for any new application and the client is useful for scripts and applications as Zabbix and Pidgin. Currently, this is the only way to use WhatsApp in Debian. Recently (November 2014), the WhatsApp changed its protocol to implement the famous "double blue check", photo transfer when contacting a person and other features. To support it, the authentication method was changed and this new method is mandatory now. So, the old versions of the WhatsApp and the current version of the youwsup in testing (revision -1) don't work anymore. In other words, the version in testing is RC, because no longer register a new user number nor authenticate a registered number. The upstream provided new versions and a "legacy" version[1]. So, based in legacy version and with support from the upstream, I added patches to fix each file (as needed) in current yowsup package in Debian. [1] https://github.com/tgalal/yowsup/tree/legacy The debian/changelog since the current version in testing: yowsup (0.0~git20140314.938cf1-3) unstable; urgency=medium * Upload to unstable. * Added some patches, provided by the upstream (thanks to Tarek Galal), to make the program compliant with the WhatsApp version 2.11.432 (or later), released at November 2014. This version changed several things in WhatsApp, including the authentication process. The patches added are necessary to provide the connection and basic activities only. The list of patches: - add-missing-variable - add-PictureClient - add-the-tokenmap - add-whatsapp-auth-v2 - update-bintreenode - update-connection-manager - update-protocoltreenode - update-the-interface-messages - update-user-agent - yowsup-cli (updated only; already in Debian) * debian/watch: updated. Now, the upstream is using tags in GitHub. -- Joao Eriberto Mota Filho Tue, 02 Dec 2014 22:51:22 -0200 yowsup (0.0~git20140314.938cf1-2) experimental; urgency=medium * debian/control: - Added dh-python to Build-Depends field. - Updated Standards-Version to 3.9.6. * debian/watch: added a fake site to explain about the current status of the original upstream homepage. -- Joao Eriberto Mota Filho Tue, 18 Nov 2014 09:00:10 -0200 Note that there are changes from experimental but these changes are in "documentation level" or are basic procedures to satisfy the Lintian and its don't offer any impact in unstable/testing. I am available for any clarification. Thanks a lot in advance. Regards, Eriberto unblock yowsup/0.0~git20140314.938cf1-3 -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru yowsup-0.0~git20140314.938cf1/debian/changelog yowsup-0.0~git20140314.938cf1/debian/changelog --- yowsup-0.0~git20140314.938cf1/debian/changelog 2014-07-30 00:09:25.0 -0300 +++ yowsup-0.0~git20140314.938cf1/debian/changelog 2014-12-02 23:11:47.0 -0200 @@ -1,3 +1,36 @@ +yowsup (0.0~git20140314.938cf1-3) unstable; urgency=medium + + * Upload to unstable. + * Added some patches, provided by the upstream (thanks to Tarek Galal), + to make the program compliant with the WhatsApp version 2.11.432 + (or later), released at November 2014. This version changed several + things in WhatsApp, including the authentication process. The + patches added are necessary to provide the connection and basic + activities only. The list of patches: + - add-missing-variable + - add-PictureClient + - add-the-tokenmap + - add-whatsapp-auth-v2 + - update-bintreenode + - update-connection-manager + - update-protocoltreenode + - update-the-interface-messages + - update-user-agent + - yowsup-cli (updated only; already in Debian) + * debian/watch: updated. Now, the upstream is using tags in GitHub. + + -- Joao Eriberto Mota Filho Tue, 02 Dec 2014 22:51:22 -0200 + +yowsup (0.0~git20140314.938cf1-2) experimental; urgency=medium + + * debian/control: + - Added dh-python to Build-Depends field. + - Updated Standards-Version to 3.9.6. + * debian/watch: added a fake site to explain about the current + status of the original upstream homepage. + + -- Joao Eriberto Mota Filho Tue, 18 Nov 2014 09:00:10 -0200 + yowsup (0.0~git20140
Bug#769668: Bug#770239: RFS: digikam/4:2.6.0-1+deb7u1 [RC][NMU]
tags 769668 pending thanks Hi all, I uploaded the NMU for digikam, made by Jean-Michel, with 10-day delay. Thanks. Regards, Eriberto 2014-11-27 11:37 GMT-02:00 Jean-Michel Nirgal Vourgère : > The fix has reached Jessie[1], and wheezy-pu is ok for the Release Team[2]. > > You can upload without restriction, straight or with a delayed/2.[3] > > This is a simple 2 line change, easy to re-re-review. Compilation time > is above 30 minutes however. > > [1] https://packages.qa.debian.org/d/digikam/news/20141124T163915Z.html > [2] https://bugs.debian.org/769668 > [3] > https://www.debian.org/doc/manuals/developers-reference/pkgs.html#nmu-guidelines > -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAP+dXJcPypA_LMOict+dEUk1UJc3FPDT3rFdCypL=�xcx...@mail.gmail.com
Bug#771332: unblock: volatility/2.4-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package volatility. The current version in testing recommends a package that no longer exists in Debian (volatility-profiles, please see #766895). The differences between 2.4-1 (testing) and 2.4-4 (unstable) are documentation and the Recommends field. See the changelog since 2.4-1: volatility (2.4-4) unstable; urgency=medium * Upload to unstable. * debian/control: removed the Recommends field because volatility-profiles no longer exists in unstable/testing (see #766895). -- Joao Eriberto Mota Filho Thu, 27 Nov 2014 23:17:36 -0200 volatility (2.4-3) experimental; urgency=medium * debian/copyright: added a new upstream site. See below. * debian/watch: The Volatility Project replied me a recent email message and the development site (GitHub) now uses tags. Thanks a lot to Jamie Levy (gleeda). -- Joao Eriberto Mota Filho Thu, 20 Nov 2014 19:09:46 -0200 volatility (2.4-2) experimental; urgency=medium * debian/watch: added a fake site to explain about the current status of the original upstream homepage. -- Joao Eriberto Mota Filho Tue, 18 Nov 2014 08:45:16 -0200 Thanks in advance. Regards, Eriberto unblock volatility/2.4-4 -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores) Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru volatility-2.4/debian/changelog volatility-2.4/debian/changelog --- volatility-2.4/debian/changelog 2014-10-26 15:28:49.0 -0200 +++ volatility-2.4/debian/changelog 2014-11-27 23:22:19.0 -0200 @@ -1,3 +1,27 @@ +volatility (2.4-4) unstable; urgency=medium + + * Upload to unstable. + * debian/control: removed the Recommends field because volatility-profiles + no longer exists in unstable/testing (see #766895). + + -- Joao Eriberto Mota Filho Thu, 27 Nov 2014 23:17:36 -0200 + +volatility (2.4-3) experimental; urgency=medium + + * debian/copyright: added a new upstream site. See below. + * debian/watch: The Volatility Project replied me a recent email + message and the development site (GitHub) now uses tags. + Thanks a lot to Jamie Levy (gleeda). + + -- Joao Eriberto Mota Filho Thu, 20 Nov 2014 19:09:46 -0200 + +volatility (2.4-2) experimental; urgency=medium + + * debian/watch: added a fake site to explain about the current + status of the original upstream homepage. + + -- Joao Eriberto Mota Filho Tue, 18 Nov 2014 08:45:16 -0200 + volatility (2.4-1) unstable; urgency=medium * New upstream release. diff -Nru volatility-2.4/debian/control volatility-2.4/debian/control --- volatility-2.4/debian/control 2014-10-26 15:27:42.0 -0200 +++ volatility-2.4/debian/control 2014-11-27 23:23:16.0 -0200 @@ -22,7 +22,6 @@ python-tz, python-yara, volatility-tools (>= 2.4-1) -Recommends: volatility-profiles Description: advanced memory forensics framework The Volatility Framework is a completely open collection of tools for the extraction of digital artifacts from volatile memory (RAM) samples. diff -Nru volatility-2.4/debian/copyright volatility-2.4/debian/copyright --- volatility-2.4/debian/copyright 2014-10-25 23:44:15.0 -0200 +++ volatility-2.4/debian/copyright 2014-11-20 19:14:05.0 -0200 @@ -1,6 +1,7 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: volatility -Source: http://www.volatilityfoundation.org +Source: http://www.volatilityfoundation.org or +https://github.com/volatilityfoundation/volatility Files: * Copyright: 2004 Commonwealth of Australia diff -Nru volatility-2.4/debian/watch volatility-2.4/debian/watch --- volatility-2.4/debian/watch 2014-10-26 00:15:37.0 -0200 +++ volatility-2.4/debian/watch 2014-11-20 19:15:24.0 -0200 @@ -1,5 +1,2 @@ version=3 -# https://code.google.com/p/volatility/downloads/list .*name=volatility-(\d\S+)\.tar\.(?:bz2|gz|xz).* -# -# The new upstream site (http://www.volatilityfoundation.org) is using resources anti-monitoring. -# I will ask to the upstream to solve this in a next release. +https://github.com/volatilityfoundation/volatility/releases .*/archive/v?(\d\S+)\.tar\.(?:bz2|gz|xz)
Re: Doubt about a package
Sorry, I will elaborate my question. My two upload to experimental fixes the d/watch only. So, I think that it must be ignored because the release team will not agree with these changes. What is the way to ignore experimental and upload the fix to unstable? I have 2.4-1 in unstable and 2.4-[23] in experimental. Or must I consider d/watch too? Thanks in advanced. Cheers, Eriberto volatility (2.4-3) experimental; urgency=medium * debian/copyright: added a new upstream site. See below. * debian/watch: The Volatility Project replied me a recent email message and the development site (GitHub) now uses tags. Thanks a lot to Jamie Levy (gleeda). -- Joao Eriberto Mota Filho Thu, 20 Nov 2014 19:09:46 -0200 volatility (2.4-2) experimental; urgency=medium * debian/watch: added a fake site to explain about the current status of the original upstream homepage. -- Joao Eriberto Mota Filho Tue, 18 Nov 2014 08:45:16 -0200 2014-11-27 14:06 GMT-02:00 Niels Thykier : > On 2014-11-27 11:53, Eriberto Mota wrote: >> Thanks Niels. >> >> I have a doubt about how to proceed to do it. >> >> I have the version 2.4-1 in unstable and 2.4-3 in experimental. Must I >> change only the issue in unstable version and upload as 2.4-4? >> >> Regards, >> >> Eriberto >> >> >> [...] > > Yes. > > If you believe the changes from -2 and -3 might be worth it, you would > have to file a pre-approval unblock request against release.debian.org > with the full (source) debdiff between 2.4-1 (the version in testing) > and your desired version. > > ~Niels > > > -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAP+dXJfftoGv0xaJab4qbCxhnCg7xGj6kN=z2jz0ng3syvg...@mail.gmail.com
Re: Doubt about a package
Thanks Niels. I have a doubt about how to proceed to do it. I have the version 2.4-1 in unstable and 2.4-3 in experimental. Must I change only the issue in unstable version and upload as 2.4-4? Regards, Eriberto 2014-11-27 4:32 GMT-02:00 Niels Thykier : > On 2014-11-26 01:37, Eriberto Mota wrote: >> Hi, >> >> The package volatility is in testing and recommends volatility-profiles, >> that no longer exist in Debian. >> >> I would like to ask if I can/need change this package. >> >> Regards, >> >> Eriberto >> >> > > Iff its the only change (besides the changelog update), then it should > not be an issue. Please upload the package and file an unblock bug > request against the release.debian.org package. > > ~Niels > > -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAP+dXJd9rLsa_=cnq6ociurydt7udjofd6mashitm3bpwye...@mail.gmail.com
Doubt about a package
Hi, The package volatility is in testing and recommends volatility-profiles, that no longer exist in Debian. I would like to ask if I can/need change this package. Regards, Eriberto pgpwbX9sOPZZG.pgp Description: PGP signature
Bug#767082: unblock: exifprobe/2.0.1-3
Hi, Thanks for your reply. Yes, I updated the whole package. However, this solves 4 bugs and several warnings. I put all changes in d/copyright[1] (you will can see the changes and bugs). The patch provided by bug #597123 is essential to a proper functioning of the exifgrep command, provided by exifprobe. Thanks! Regards, Eriberto [1] http://metadata.ftp-master.debian.org/changelogs/main/e/exifprobe/unstable_changelog 2014-10-28 15:51 GMT-02:00 Adam D. Barratt : > Control: tags -1 + moreinfo > > On 2014-10-28 11:00, Joao Eriberto Mota Filho wrote: >> >> Please unblock package exifprobe. >> >> The package was orphan and I did a QA upload on 2014-08-24. Yesterday >> I adopted (under the Forensics Team) and uploaded the package to Sid. >> I Solved all bugs (4 bugs) and Lintian warnings (15 messages). The >> changelog is here[1]. >> >> The package is useful in forensics activities, is clean and working >> fine. I believe that is a good idea have this package in Jessie and >> I need a reduction of the migration time to 8 days. > > > Looking at the diff, the changes all appear to be tidy-up or packaging > changes (e.g. source format 3.0, copyright 1.0). What actual problems with > the package currently in jessie does this update solve? > > Regards, > > Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAP+dXJd-bFn1uGQpQj_cKmWKprPPZCM=zjcu3c4ghijfksr...@mail.gmail.com
Bug#767082: unblock: exifprobe/2.0.1-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package exifprobe. The package was orphan and I did a QA upload on 2014-08-24. Yesterday I adopted (under the Forensics Team) and uploaded the package to Sid. I Solved all bugs (4 bugs) and Lintian warnings (15 messages). The changelog is here[1]. The package is useful in forensics activities, is clean and working fine. I believe that is a good idea have this package in Jessie and I need a reduction of the migration time to 8 days. This will be my last request of reduction. I no need this for other packages. Thanks in advance. Regards, Eriberto unblock exifprobe/2.0.1-3 [1] http://metadata.ftp-master.debian.org/changelogs/main/e/exifprobe/unstable_changelog -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141028110045.26150.85733.report...@libra.gabcmt.eb.mil.br
Bug#767021: unblock: volatility/2.4-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock the package volatility. This package is very important for forensics activities, allowing a full memory analysis. The current version, that adds support to Windows 8 memory dumps (and others) was released in end of August. This is a complex program and I spent time doing several tests and talking with the developers. Another point is that I needed to submit a new dependency, distorm3, to NEW and it was accepted on 2014-10-19 (I sent to NEW in 2014-09-20). I delayed the packaging because the upstream changed his site (from GitHub to another place[1]) and I had no information about this change and a new version via watch file. I uploaded the final package yesterday (Sunday) and I need one day only to get it in testing. So, please, reduce the migration time to 5 days. The package is fully tested, clean and working fine. The changelog can be viewed here[2]. Thanks a lot in advance. Regards, Eriberto [1] http://www.volatilityfoundation.org [2] http://metadata.ftp-master.debian.org/changelogs/main/v/volatility/unstable_changelog unblock volatility/2.4-1 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141027185740.17486.80724.report...@libra.gabcmt.eb.mil.br
Bug#740477: RM: hlbr/1.7.2-2; removed from unstable, critical bugs
Thanks. 2014-03-02 14:34 GMT-03:00 Adam D. Barratt : > Control: clone -1 -2 > Control: tags -1 + wheezy > Control: tags -2 + squeeze > > On Sun, 2014-03-02 at 02:58 -0300, Joao Eriberto Mota Filho wrote: >> The project was abandoned and the software has several bugs. It should not be >> used on current networks (upstream recommendation)[1]. >> >> The package was already removed from unstable/testing. I am asking for >> removal >> from oldstable/stable. Thanks. > > In that case, you need two separate bugs; fixing. > > Regards, > > Adam > -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cap+dxjfrdz3w5mnoqkaey3qla3pin_bxhb2q+ayzfiaqxe8...@mail.gmail.com
Bug#740478: RM: hlbrw/0.2.4-1; removed from unstable, useless
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm This package is a specific tool for hlbr, that has an removal request (please, see #740477). This package was already removed from unstable/testing. I am asking for removal from oldstable/stable. Thanks. Regards, Eriberto -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140302060719.26195.48024.report...@canopus.eriberto.pro.br
Bug#740477: RM: hlbr/1.7.2-2; removed from unstable, critical bugs
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm The project was abandoned and the software has several bugs. It should not be used on current networks (upstream recommendation)[1]. The package was already removed from unstable/testing. I am asking for removal from oldstable/stable. Thanks. PS: I am an upstream of the HLBR. Regards, Eriberto [1] http://hlbr.sourceforge.net/index.html.en -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140302055851.26108.37939.report...@canopus.eriberto.pro.br
Bug#730708: RM: iceweasel-linky/stable -- ROM; licensing issues
Package: ftp.debian.org Severity: normal The package is a dummy transitional package to linky, that was removed from unstable because a missing licensing information. Please, see #729673 and #730707. Regards, Eriberto -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131128132711.28219.44277.report...@libra.gabcmt.eb.mil.br
Bug#730707: RM: linky/stable -- ROM; Missing licensing information
Package: ftp.debian.org Severity: normal lynky was removed from unstable because a missing licensing information. Please, see #729673. Thanks, Eriberto -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131128130853.27965.61730.report...@libra.gabcmt.eb.mil.br
Bug#587983: nmu: hapm_0.7
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Trying to solve a dependence rebuilding it to kfreebsd-i386 arch. nmu hapm_0.7 . kfreebsd-i386 . -m "Trying to solve a dependence." -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686-bigmem (SMP w/2 CPU cores) Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100703150253.20143.19899.report...@canopus.casa
Re: Package HLBR to Lenny
Thanks a lot! 2008/12/4 Adeodato Simó <[EMAIL PROTECTED]>: > Please reupload hlbr 1.6-2 to testing-proposed-updates as 1.6-2~lenny1. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package HLBR to Lenny
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I am the HLBR maintainer. I asked the liberation of the package to migrate to Lenny. The package was unlocked but depends of the pcre3 to migrate from Sid to Lenny. I would like to know how to proceed to have my package in Testing. Must I repackage it with an old pcre version (the pcre version alive in Lenny)? Thanks in advance. Regards, Eriberto - Brazil -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: http://getfiregpg.org iEYEARECAAYFAkkzJA8ACgkQUIiEG4xFwcx4BACfYN1crkWDDNzv5sm+f6ms6iMb buoAn3vnRFxwOo/v2GeIM3giLDoUtIFI =Cy6W -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
HLBR package: update needed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all! I am HLBR package maintainer. HLBR is an IPS (Intrusion Prevention System). Recently, my sponsor (Faw) made the upload of the 1.6-2 revision. This revision fixed a typo in manpage and a mistake in an attack rule. I don't made changes in program or package structure. Then, this package will work as well as before. The rule actualization is very important to the well working of the program. Please, consider to update my package in Lenny. Thanks in advance. Best regards, Eriberto - Brazil -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: http://getfiregpg.org iEYEARECAAYFAkkcX4MACgkQUIiEG4xFwczSSACaAgo6MA1E8FtoT7bygArAqAXN cJ0AniHCg/fA98K/tRNBBeeeSk3NKdWv =CSJp -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
