Bug#1073194: bookworm-pu: package lxc-templates/3.0.4.48.g4765da8-1+deb12u1

[Pierre-Elliott Bécue]

"Adam D. Barratt"  wrote on 17/06/2024 at 
19:08:00+0200:

> Control: tags -1 -moreinfo +confirmed
>> [snip]
>
> Thanks. Please go ahead.
>
> Regards,

Thanks, done!
-- 
PEB


signature.asc
Description: PGP signature

Bug#1073194: bookworm-pu: package lxc-templates/3.0.4.48.g4765da8-1+deb12u1

[Pierre-Elliott Bécue]

"Adam D. Barratt"  wrote on 16/06/2024 at 
13:55:09+0200:

> On Sun, 2024-06-16 at 13:00 +0200, Pierre-Elliott Bécue wrote:
>> Hey,
>> 
>> Jonathan Wiltshire  wrote on 15/06/2024 at
>> 23:34:32+0200:
>> 
>> > Control: tag -1 moreinfo
>> > 
>> > On Fri, Jun 14, 2024 at 11:53:38AM +0200, Pierre-Elliott Bécue
>> > wrote:
>> > > [ Reason ]
>> > > Two bugs within the lxc-debian template were spotted. Each one
>> > > prevents
>> > > using a custom mirror when generating a debian-based container
>> > > with the
>> > > lxc-debian template.
>> > > 
>> > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073130
>> > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073131
>> > 
>> > These need to be fixed in unstable before an upload to bookworm
>> > will be
>> > authorised.
>> 
>> I thought I marked it in my mail, but both these bugs are already
>> fixed in unstable and testing (the current upstream version in here
>> fixed these two bugs).
>> 
>
> The BTS doesn't know that. The version graphs on both show the unstable
> package as affected. And ticking a box in the p-u request doesn't
> change that. :-)
>
> This is specifically included on the list of criteria for updates to
> stable:
>
>* Bug meta-data - particularly affected versions - must be
>  up to date

My bad.

"fixed" tags added to both bugs.

> Regards,

Bests,
-- 
PEB


signature.asc
Description: PGP signature

Bug#1073194: bookworm-pu: package lxc-templates/3.0.4.48.g4765da8-1+deb12u1

[Pierre-Elliott Bécue]

Hey,

Jonathan Wiltshire  wrote on 15/06/2024 at 23:34:32+0200:

> Control: tag -1 moreinfo
>
> On Fri, Jun 14, 2024 at 11:53:38AM +0200, Pierre-Elliott Bécue wrote:
>> [ Reason ]
>> Two bugs within the lxc-debian template were spotted. Each one prevents
>> using a custom mirror when generating a debian-based container with the
>> lxc-debian template.
>> 
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073130
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073131
>
> These need to be fixed in unstable before an upload to bookworm will be
> authorised.

I thought I marked it in my mail, but both these bugs are already fixed
in unstable and testing (the current upstream version in here fixed
these two bugs).

Are you just issing a fixed-in tag on both bugs?

-- 
PEB


signature.asc
Description: PGP signature

Bug#1073194: bookworm-pu: package lxc-templates/3.0.4.48.g4765da8-1+deb12u1

[Pierre-Elliott Bécue]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: lxc-templa...@packages.debian.org
Control: affects -1 + src:lxc-templates

[ Reason ]
Two bugs within the lxc-debian template were spotted. Each one prevents
using a custom mirror when generating a debian-based container with the
lxc-debian template.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073130
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073131

[ Impact ]
These to bugs will force users to edit manually the lxc-debian
code.

[ Tests ]
shellcheck has been a good friend.

[ Risks ]
Trivial fixes

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

The changes are adding a missing coma in a getopt call and replacing a
DEBIAN_MIRROR variable by a MIRROR variable.
diff -Nru lxc-templates-3.0.4.48.g4765da8/debian/changelog 
lxc-templates-3.0.4.48.g4765da8/debian/changelog
--- lxc-templates-3.0.4.48.g4765da8/debian/changelog2022-05-24 
00:36:10.0 +0200
+++ lxc-templates-3.0.4.48.g4765da8/debian/changelog2024-06-14 
11:50:35.0 +0200
@@ -1,3 +1,11 @@
+lxc-templates (3.0.4.48.g4765da8-1+deb12u1) bookworm; urgency=medium
+
+  * d/p/0004-Fix-debian-mirror-issues-in-lxc-debian.in.patch:
+Fixes two issues with the mirror argument in lxc-debian
+(Closes: #1073130, #1073131)
+
+ -- Pierre-Elliott Bécue   Fri, 14 Jun 2024 11:50:35 +0200
+
 lxc-templates (3.0.4.48.g4765da8-1) unstable; urgency=medium
 
   * New upstream version 3.0.4.48.g4765da8
diff -Nru 
lxc-templates-3.0.4.48.g4765da8/debian/patches/0004-Fix-debian-mirror-issues-in-lxc-debian.in.patch
 
lxc-templates-3.0.4.48.g4765da8/debian/patches/0004-Fix-debian-mirror-issues-in-lxc-debian.in.patch
--- 
lxc-templates-3.0.4.48.g4765da8/debian/patches/0004-Fix-debian-mirror-issues-in-lxc-debian.in.patch
 1970-01-01 01:00:00.0 +0100
+++ 
lxc-templates-3.0.4.48.g4765da8/debian/patches/0004-Fix-debian-mirror-issues-in-lxc-debian.in.patch
 2024-06-14 11:50:22.0 +0200
@@ -0,0 +1,41 @@
+From: =?utf-8?q?Pierre-Elliott_B=C3=A9cue?= 
+Date: Thu, 13 Jun 2024 11:47:29 +0200
+Subject: Fix debian mirror issues in lxc-debian.in
+
+Forwarded: not-needed
+
+lxc-debian has a DEBIAN_MIRROR static variable pointing to an online
+mirror. The whole template uses a MIRROR variable that is defined by a
+--mirror option when the template is called in and defaults to
+DEBIAN_MIRROR otherwise. Sadly, two lines were not updates and still
+rely on DEBIAN_MIRROR. This prevents the template from working on
+non-internet-connected environments. This has been fixed upstream
+
+Also a typo in the getopt line makex the --mirror option non-usable,
+this is fixed.
+---
+ templates/lxc-debian.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/templates/lxc-debian.in b/templates/lxc-debian.in
+index a1292ff..7501a5a 100644
+--- a/templates/lxc-debian.in
 b/templates/lxc-debian.in
+@@ -754,7 +754,7 @@ EOF
+ return 0
+ }
+ 
+-options=$(getopt -o hp:n:a:r:cI:FS: -l 
arch:,auth-key:,clean,help,enable-non-free,mirror:keyring:,name:,packages:,path:,release:,rootfs:,security-mirror:,interpreter-path:,flush-cache
 -- "$@")
++options=$(getopt -o hp:n:a:r:cI:FS: -l 
arch:,auth-key:,clean,help,enable-non-free,mirror:,keyring:,name:,packages:,path:,release:,rootfs:,security-mirror:,interpreter-path:,flush-cache
 -- "$@")
+ if [ $? -ne 0 ]; then
+ usage "$(basename "$0")"
+ exit 1
+@@ -825,7 +825,7 @@ if [ "$arch" = "x86_64" ]; then
+ fi
+ 
+ 
+-testing_release_file=${DEBIAN_MIRROR}/dists/testing/main/binary-${arch}/Release
++testing_release_file=${MIRROR}/dists/testing/main/binary-${arch}/Release
+ if ! wget -q -O /dev/null "${testing_release_file}"; then
+   echo "${arch} does not look like a release architecture, trying debian 
ports"
+   # non-release architecture; assume debian-ports architecture
diff -Nru lxc-templates-3.0.4.48.g4765da8/debian/patches/series 
lxc-templates-3.0.4.48.g4765da8/debian/patches/series
--- lxc-templates-3.0.4.48.g4765da8/debian/patches/series   2022-05-24 
00:36:10.0 +0200
+++ lxc-templates-3.0.4.48.g4765da8/debian/patches/series   2024-06-14 
11:50:22.0 +0200
@@ -1,3 +1,4 @@
 0002-Add-references-to-mmdebstrap-and-some-documentation-.patch
 0003-Handle-properly-the-future-security-repositories.patch
 0004-Fixes-path-variable-in-some-templates.patch
+0004-Fix-debian-mirror-issues-in-lxc-debian.in.patch

Re: Coordinate response to xz-utils (DSA 5649-1)

[Pierre-Elliott Bécue]

Ansgar 🙀  wrote on 29/03/2024 at 23:59:38+0100:

> Hi,
>
> how should we react to the compromised xz-utils upload?
>
> Ubuntu is reverting their amd64 binaries to pre-Feb 25 and rebuilding
> stuff.
>
> On Debian side AFAIU currently amd64 buildds are paused and pending
> reinstall (plus rotation of key material, both OpenPGP and SSH).
>
> People are starting to investigate packages that have been built since
> the compromised xz-utils was uploaded, including packages built for
> stable suites using reproducible builds. Is there someone keeping track
> of this?
>
> Should we also reset the archive to some prior state and rebuilt
> packages like Ubuntu? Do we need to revert to an earlier date as
> vulnerable versions have been uploaded to experimental on 2024-02-01
> (but the earlier version might only have corrupted test files, not the
> payload enabler)? If so, which suites and which architectures? (This
> will likely take a while to prepare.)

Considering the payload enabler, I'd focus on amd64 arch and not touch
the archive for anything else.

> Do we need any other immediate actions?
>
> Should we use something other than mail to keep track of what we want
> to do? (Mail threads can become hard to keep track of after all.)

Not sure, but RT could serve this purpose I guess. Or, alternatively, a
(reasonably private) pad.

> (Let us please keep future improvements such as more isolated builds
> out of this particular discussion.)

-- 
PEB


signature.asc
Description: PGP signature

Bug#1064029: bookworm-pu: package mailman3/3.3.8-2~deb12u2

[Pierre-Elliott Bécue]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: mailm...@packages.debian.org
Control: affects -1 + src:mailman3

Hi,

Some bugs affecting mailman3 are found in bookworm. I fixed these in
unstable but forgot to do a stable-pu.

[ Reason ]
Bug #1040708 is about a change in the way sqlalchemy reads postgresql
URIs. Historically the prefix in this URI was postgres. Now it's
postgresql. Therefore the default config for mailman3 is broken under
bookworm.
Bug #1038953 is about tracking cron-daemon instead of cron to allow more
flexibility should one wish to use something else than cron. It was
supposed to be done for some time.

[ Impact ]
The first one will force users to fix the config if they wish to work
with postgresql.

[ Tests ]
Installed fixed version works fine.

[ Risks ]
Changes are trivial.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable
diff -Nru mailman3-3.3.8/debian/changelog mailman3-3.3.8/debian/changelog
--- mailman3-3.3.8/debian/changelog 2023-06-23 01:03:08.0 +0200
+++ mailman3-3.3.8/debian/changelog 2024-02-15 23:59:26.0 +0100
@@ -1,3 +1,11 @@
+mailman3 (3.3.8-2~deb12u2) bookworm; urgency=medium
+
+  * bookworm-pu of two fixes
+- s/postgres/postgresql/ in config files
+- Add replacement dependency on cron to cron-daemon
+
+ -- Pierre-Elliott Bécue   Thu, 15 Feb 2024 23:59:26 +0100
+
 mailman3 (3.3.8-2~deb12u1) bookworm; urgency=medium
 
   * Bookworm-pu of 4 bug fixes
diff -Nru mailman3-3.3.8/debian/contrib/mailman.cfg.sample 
mailman3-3.3.8/debian/contrib/mailman.cfg.sample
--- mailman3-3.3.8/debian/contrib/mailman.cfg.sample2023-06-23 
01:03:08.0 +0200
+++ mailman3-3.3.8/debian/contrib/mailman.cfg.sample2024-02-15 
23:59:26.0 +0100
@@ -170,7 +170,7 @@
 # 'configuration' substitutions.
 url: sqlite:///$DATA_DIR/mailman.db
 #url: 
mysql+pymysql://mailman3:mmpass@localhost/mailman3?charset=utf8&use_unicode=1
-#url: postgres://mailman3:mmpass@localhost/mailman3
+#url: postgresql://mailman3:mmpass@localhost/mailman3
 
 debug: no
 
diff -Nru mailman3-3.3.8/debian/control mailman3-3.3.8/debian/control
--- mailman3-3.3.8/debian/control   2023-06-23 01:03:08.0 +0200
+++ mailman3-3.3.8/debian/control   2024-02-15 23:59:26.0 +0100
@@ -44,7 +44,7 @@
 Architecture: all
 Depends: dbconfig-sqlite3 | dbconfig-pgsql | dbconfig-mysql | 
dbconfig-no-thanks,
  logrotate,
- cron,
+ cron | cron-daemon,
  python3-falcon (>> 1.0.0),
  python3-psycopg2 | python3-pymysql,
  ucf,
diff -Nru mailman3-3.3.8/debian/mailman3.postinst 
mailman3-3.3.8/debian/mailman3.postinst
--- mailman3-3.3.8/debian/mailman3.postinst 2023-06-23 01:03:08.0 
+0200
+++ mailman3-3.3.8/debian/mailman3.postinst 2024-02-15 23:59:26.0 
+0100
@@ -52,7 +52,7 @@
 pgsql)
 sed -i -e 's|^#\?\s*\(class: 
mailman\.database\.postgresql\.PostgreSQLDatabase\)$|\1|' \
 $mailmancfg_new
-sed -i -e "s|^#\?\s*url: postgres://.*$|url: 
postgres://$dbc_dbuser:$dbc_dbpass@$dbc_dbserver/$dbc_dbname|" \
+sed -i -e "s|^#\?\s*url: postgresql://.*$|url: 
postgresql://$dbc_dbuser:$dbc_dbpass@$dbc_dbserver/$dbc_dbname|" \
 $mailmancfg_new
 ;;
 mysql)

Bug#1060290: bullseye-pu: package django-mailman3/1.3.5-2

[Pierre-Elliott Bécue]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

Hello,

Some users brought to my attention that in bullseye, django-mailman3
doesn't scrub messages properly before passing them to any archiver, and
therefore some messages are not archived.

This PU patches django-mailman3 so that it processes messages having a
null-byte in their body properly.

[ Reason ]
The bug probably has existed all the time before the patch made upstream
there:
https://gitlab.com/mailman/django-mailman3/-/commit/5bc1f6e8ca4d95ea4e2be861821cb17f168f8d1b?merge_request_iid=121

[ Impact ]
Messages received by mailman3 might not be archived properly archived.

[ Tests ]
Tests were designed upstream, but require binary files to be added to
the code, which can't be done through a quilt patch, so I have not
included the tests.

[ Risks ]
The patch works properly. Should a bug arise due to the new code,
archiving would be broken.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Explicit replacement of nullbyte characters by '' in a message body when
scrubbing.
dpkg-source: avertissement: extraction d'un paquet source non signé 
(/home/peb/git/debian/mailman-team/django-mailman3/django-mailman3_1.3.5-2.dsc)
dpkg-source: avertissement: extraction d'un paquet source non signé 
(/home/peb/git/debian/mailman-team/django-mailman3/django-mailman3_1.3.5-2+deb11u1.dsc)
diff -Nru django-mailman3-1.3.5/debian/changelog 
django-mailman3-1.3.5/debian/changelog
--- django-mailman3-1.3.5/debian/changelog  2021-03-04 00:23:46.0 
+0100
+++ django-mailman3-1.3.5/debian/changelog  2024-01-08 22:32:29.0 
+0100
@@ -1,3 +1,10 @@
+django-mailman3 (1.3.5-2+deb11u1) bullseye; urgency=medium
+
+  * d/p/0001: Fix archiving issues due to nullbytes in message body
+(Closes: #1033256)
+
+ -- Pierre-Elliott Bécue   Mon, 08 Jan 2024 22:32:29 +0100
+
 django-mailman3 (1.3.5-2) unstable; urgency=medium
 
   * Compile django LC messages at build time
diff -Nru 
django-mailman3-1.3.5/debian/patches/0001-Scrubber-now-removes-null-bytes-from-the-scrubbed-me.patch
 
django-mailman3-1.3.5/debian/patches/0001-Scrubber-now-removes-null-bytes-from-the-scrubbed-me.patch
--- 
django-mailman3-1.3.5/debian/patches/0001-Scrubber-now-removes-null-bytes-from-the-scrubbed-me.patch
1970-01-01 01:00:00.0 +0100
+++ 
django-mailman3-1.3.5/debian/patches/0001-Scrubber-now-removes-null-bytes-from-the-scrubbed-me.patch
2024-01-08 22:32:29.0 +0100
@@ -0,0 +1,43 @@
+From: =?utf-8?q?Pierre-Elliott_B=C3=A9cue?= 
+Date: Mon, 8 Jan 2024 22:40:38 +0100
+Subject: Scrubber now removes null bytes from the scrubbed message body.
+
+---
+ README.rst   |   1 +
+ django_mailman3/lib/scrub.py |   5 -
+ 3 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/README.rst b/README.rst
+index 775b158..98264be 100644
+--- a/README.rst
 b/README.rst
+@@ -17,6 +17,7 @@ NEWS
+ * Add a new method get_django_user to return Django User model. (See !99)
+ * Add ``delete_archives`` field to ``mailinglist_deleted`` Signal.
+ * Replaced deprecated ``ugettexy_lazy`` with ``gettext_lazy``. (Closes #37)
++* Scrubber now removes null bytes from the scrubbed message body.
+ 
+ 
+ 1.3.4 (2020-06-05)
+diff --git a/django_mailman3/lib/scrub.py b/django_mailman3/lib/scrub.py
+index f35761b..2be66c9 100644
+--- a/django_mailman3/lib/scrub.py
 b/django_mailman3/lib/scrub.py
+@@ -248,6 +248,8 @@ class Scrubber():
+ next_part_match = NEXT_PART.search(result)
+ if next_part_match:
+ result = result[0:next_part_match.start(0)]
++# MAS Remove any null butes from the result.
++result = re.sub('\x00', '', result)
+ return result
+ 
+ def _get_text(self):
+@@ -276,6 +278,7 @@ class Scrubber():
+ if not part_content.endswith('\n'):
+ part_content += '\n'
+ text.append(part_content)
+-return '\n'.join(text)
++# MAS remove any null bytes from the text.
++return re.sub('\x00', '', '\n'.join(text))
+ else:
+ return self._get_text_one_part(self.msg)
diff -Nru django-mailman3-1.3.5/debian/patches/series 
django-mailman3-1.3.5/debian/patches/series
--- django-mailman3-1.3.5/debian/patches/series 1970-01-01 01:00:00.0 
+0100
+++ django-mailman3-1.3.5/debian/patches/series 2024-01-08 22:32:29.0 
+0100
@@ -0,0 +1 @@
+0001-Scrubber-now-removes-null-bytes-from-the-scrubbed-me.patch

Bug#1038906: bookworm-pu: package mailman3/3.3.8-1

[Pierre-Elliott Bécue]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu

Hi,

Multiple small bugs could have been fixed before the bookworm release,
but having been elsewhere in my mind, I let those slip.

I'd therefore like to submit this debdiff for a stable-pu.

The package with these fixes has been uploaded to unstable around 20
minutes ago.

[ Reason ]
Fixes bugs #1030156, #1032684, #1032080, with no codebase change, only
packaging changes.

[ Impact ]
The cron raises an error when it's called, which is annoying. Italian
and Romanian users would be sad pandas. The mariadb thing is a bit
harsher as any user using mailman3 with mariadb currently needs to fix
mailman3 after a reboot.

[ Tests ]
None, but I did deploy this version on my production server to check
that it works.

[ Risks ]
Changes are trivial

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Two languages translations for debconf templates
One cron removal
Systemd service dependencies fixup
And a gbp.conf branch update

Thanks! <3
diff -Nru mailman3-3.3.8/debian/changelog mailman3-3.3.8/debian/changelog
--- mailman3-3.3.8/debian/changelog 2023-01-29 12:41:29.0 +0100
+++ mailman3-3.3.8/debian/changelog 2023-06-23 01:03:08.0 +0200
@@ -1,3 +1,23 @@
+mailman3 (3.3.8-2~deb12u1) bookworm; urgency=medium
+
+  * Bookworm-pu of 4 bug fixes
+
+ -- Pierre-Elliott Bécue   Fri, 23 Jun 2023 01:03:08 +0200
+
+mailman3 (3.3.8-2) unstable; urgency=medium
+
+  * Drop an unneeded cron from mailman3
+  * Add an After=mariadb.service, Wants=mariadb.service in mailman3 service
+(this is harmless if mariadb is missing) (Closes: #1030156)
+
+  [ Remus-Gabriel Chelu ]
+  * Add Romanian translation for debconf templates (Closes: #1032684)
+
+  [ Ceppo ]
+  * Add Italian translation for debconf templates (Closes: #1032080)
+
+ -- Pierre-Elliott Bécue   Fri, 23 Jun 2023 00:49:01 +0200
+
 mailman3 (3.3.8-1) unstable; urgency=medium
 
   * New upstreeam release: 3.3.8
diff -Nru mailman3-3.3.8/debian/gbp.conf mailman3-3.3.8/debian/gbp.conf
--- mailman3-3.3.8/debian/gbp.conf  2023-01-29 11:46:07.0 +0100
+++ mailman3-3.3.8/debian/gbp.conf  2023-06-23 01:03:05.0 +0200
@@ -1,2 +1,3 @@
 [DEFAULT]
 pristine-tar = True
+debian-branch = debian/bookworm
diff -Nru mailman3-3.3.8/debian/mailman3.cron.d 
mailman3-3.3.8/debian/mailman3.cron.d
--- mailman3-3.3.8/debian/mailman3.cron.d   2023-01-29 11:46:07.0 
+0100
+++ mailman3-3.3.8/debian/mailman3.cron.d   2023-06-23 00:29:15.0 
+0200
@@ -8,6 +8,3 @@
 
 # At 12AM, send mail digests for lists that do periodic as well as threshold 
delivery
 0 12 * * *  list   if [ -x /usr/bin/mailman ]; then /usr/bin/mailman 
digests --periodic; fi
-
-# Every 15 minutes, gate messages from usenet to those lists which have the 
gateway configured
-*/15 * * * *   listif [ -x /usr/bin/mailman ]; then /usr/bin/mailman 
gatenews; fi
diff -Nru mailman3-3.3.8/debian/mailman3.service 
mailman3-3.3.8/debian/mailman3.service
--- mailman3-3.3.8/debian/mailman3.service  2023-01-29 11:46:07.0 
+0100
+++ mailman3-3.3.8/debian/mailman3.service  2023-06-23 00:44:46.0 
+0200
@@ -5,6 +5,8 @@
 Documentation=man:mailman(1)
 Documentation=https://mailman.readthedocs.io/
 ConditionPathExists=/etc/mailman3/mailman.cfg
+After=mariadb.service
+Wants=mariadb.service
 
 [Service]
 ExecStart=/usr/bin/mailman -C /etc/mailman3/mailman.cfg start --force
diff -Nru mailman3-3.3.8/debian/po/it.po mailman3-3.3.8/debian/po/it.po
--- mailman3-3.3.8/debian/po/it.po  1970-01-01 01:00:00.0 +0100
+++ mailman3-3.3.8/debian/po/it.po  2023-06-23 00:34:03.0 +0200
@@ -0,0 +1,73 @@
+# mailman3 po-debconf Italian translation
+# Copyright (C) 2023 mailman3's copyright holder
+# This file is distributed under the same license as the mailman3 package.
+# Ceppo , 2023.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: mailman3\n"
+"Report-Msgid-Bugs-To: mailm...@packages.debian.org\n"
+"POT-Creation-Date: 2018-03-15 10:57+0100\n"
+"PO-Revision-Date: 2023-02-09 00:00+\n"
+"Last-Translator: Ceppo \n"
+"Language-Team: Italian \n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: boolean
+#. Description
+#: ../templates:1001
+msgid "Add the HyperKitty configuration to mailman.cfg?"
+msgstr "Aggiungere la configurazione di HyperKitty a mailman.cfg?"
+
+#. Type: boolean
+#. Description
+#: ../templates:1001
+msgid ""
+"Mailman3 needs additional configuration in mailman.cfg in order to send &qu

Re: Debian 8.3 Jessie KEYEXPIRED 11645052400

[Pierre-Elliott Bécue]

Alan Homobono  wrote on 13/05/2023 at 
05:56:45+0200:

> Trying to upgrade Debian 8.3 Jessie to Debian 10.13 Buster, I continue 
> getting "KEYEXPIRED" error message after run apt-get update, even renewing
> expired keys:
>
> # apt-key list | grep -A 1 expired
> pub   1024D/5072E1F5 2003-02-03 [expired: 2022-02-16]
> uid  MySQL Release Engineering 
> 
> --
> pub   4096R/518E17E1 2013-08-17 [expired: 2021-08-15]
> uid  Jessie Stable Release Key 
> 
> --
> pub   4096R/65FFB764 2012-05-08 [expired: 2019-05-07]
> uid  Wheezy Stable Release Key 
> 
>
>
> # apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 5072E1F5 
> ; apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 518E17E1 
> ; apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 65FFB764
> Executing: gpg --ignore-time-conflict --no-options --no-default-keyring 
> --homedir /tmp/tmp.dux8x5wGCC --no-auto-check-trustdb --trust-model always 
> --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg 
> --keyring /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg 
> --keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver 
> hkp://keyserver.ubuntu.com:80 --recv-keys 5072E1F5
> gpg: requesting key 5072E1F5 from hkp server keyserver.ubuntu.com
> gpg: key 5072E1F5: "MySQL Release Engineering 
> " not changed
> gpg: Número total processado: 1
> gpg:  não modificados: 1
> Executing: gpg --ignore-time-conflict --no-options --no-default-keyring 
> --homedir /tmp/tmp.4zdbdTUejR --no-auto-check-trustdb --trust-model always 
> --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg 
> --keyring /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg 
> --keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver 
> hkp://keyserver.ubuntu.com:80 --recv-keys 518E17E1
> gpg: requesting key 518E17E1 from hkp server keyserver.ubuntu.com
> gpg: key 518E17E1: "Jessie Stable Release Key 
> " not changed
> gpg: Número total processado: 1
> gpg:  não modificados: 1
> Executing: gpg --ignore-time-conflict --no-options --no-default-keyring 
> --homedir /tmp/tmp.SxFd1nEp2W --no-auto-check-trustdb --trust-model always 
> --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg 
> --keyring /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg 
> --keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring 
> /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver 
> hkp://keyserver.ubuntu.com:80 --recv-keys 65FFB764
> gpg: requesting key 65FFB764 from hkp server keyserver.ubuntu.com
> gpg: key 65FFB764: "Wheezy Stable Release Key 
> " not changed
> gpg: Número total processado: 1
> gpg:  não modificados: 1
>
>
> # apt-get update
> ...
> Lendo listas de pacotes... Pronto
> W: Ocorreu um erro durante a verificação da assinatura. O repositório não 
> está actualizado e serão utilizados os ficheiros anterio

Re: Stop sending me email

[Pierre-Elliott Bécue]

nicolas baumann  wrote on 13/12/2022 at 07:43:07+0100:

> Please stop e-mails to me.
> Thanks.
>
> Envoyé à partir de Outlook pour iOS

Feel free to unregister from that list there:
https://lists.debian.org/debian-release/

Regards,
-- 
PEB

Re: Opinion on splitting official architecture (tiers)

[Pierre-Elliott Bécue]

Paul Gevers  wrote on 08/09/2022 at 22:35:35+0200:

> [[PGP Signed Part:No public key for 9C5C99EB05BD750A created at 
> 2022-09-08T22:35:35+0200 using RSA]]
> Hi,
>
> On 08-09-2022 22:14, Pierre-Elliott Bécue wrote:
>> Would tier II be exclusively composed of builders that are currently
>> supported by DSA?
>
> My current proposal is ONLY about splitting the current release
> architectures. And for the future, my idea for tier II (or Best
> Effort) would indeed be only DSA supported architectures.

I think that as long as it adds no extra work/builders to maintain, it
should be fine for DSA.

I'll let my teammates yell if I'm wrong.

Cheers!
-- 
PEB


signature.asc
Description: PGP signature

Re: Opinion on splitting official architecture (tiers)

[Pierre-Elliott Bécue]

Hi,

Paul Gevers  wrote on 08/09/2022 at 13:00:11+0200:

> [[PGP Signed Part:No public key for 9C5C99EB05BD750A created at 
> 2022-09-08T13:00:11+0200 using RSA]]
> Hi all,
>
> On 01-09-2022 14:18, Paul Gevers wrote:
>> Of course there are details to figure out and agree on, but before
>> diving into those I'd like to hear if you are open to support the
>> idea (hopefully even in time for bookworm) or if there are already
>> deep concerns (that would take long to resolve if at all).
>
> Although I wasn't expecting a big wave of enthousiasme from this
> audience, I was expecting at least some reply with concerns. Given
> that there hasn't been any reply, I don't know how you feel about
> this.
>
> To be able to proceed before the bookworm freeze, I'm going to assume
> that in general this split (that shouldn't really impact DSA and 
> ftp-master work [1]) is acceptable by you if there's no reply in two
> weeks. I'll work out more details after that.
>
> Paul
>
> [1] I predict it may even reduce the amount of architecture specific
> removal requests in unstable, where the porters have a chance to fix 
> broken packages.

Would tier II be exclusively composed of builders that are currently
supported by DSA?

Cheers!
-- 
PEB


signature.asc
Description: PGP signature

Re: Désabonnement

[Pierre-Elliott Bécue]

Florian LECUYER  wrote on 28/03/2022 at 21:23:33+0200:

> Bonjour
>
> Merci de retirer mon adresse mail de votre liste de distribution.
>
> Cordialement 

Pour vous désinscrire d'une liste debian.org, il suffit de vous rendre
sur sa page, (pour debian-release, c'est
https://lists.debian.org/debian-release/ ) de mettre votre courriel dans
le formulaire et de cliquer sur "unsubscribe".

Vous recevrez un mail à suivre pour confirmer votre désinscription, et
ensuite vous aurez la paix pour de bon.

(à réitérer pour chaque liste dont vous souhaitez vous désabonner)

-- 
PEB


signature.asc
Description: PGP signature

Bug#1004192: bullseye-pu: package django-allauth/0.44.0+ds-1

[Pierre-Elliott Bécue]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: lafo...@gnumonks.org

Hi,

Due to some changes in Python that upstream failed to take into account,
django-allauth 0.44.0+ds-1 fails to work with the OpenID auth method.
The fix in itself is a simple patch replacing the call to a now
nonexistent function of the base64 module by a call to another which
replaces it.

The debdiff is attached, and the fix already is in unstable and testing.

The other changes are the gbp.conf git-debian-branch variable and the
addition of a Forwarded: tag in two patches to make lintian happier.

Additional information:

[ Impact ]
Without this upload, openid auth mechanism can't work. In bullseye,
django-allauth is mostly used by mailman3, so the scope of impacted
users is mailman3 users.

[ Tests ]
There is no test covering the code, as upstream did not provide unit
tests or functional tests. I ran pyflakes3 on it.

[ Risks ]
Code change is trivial

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  - Except the gbp.conf change as it is not even a packaging change.
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Other info ]
Thanks for your work <3
diff -Nru django-allauth-0.44.0+ds/debian/changelog 
django-allauth-0.44.0+ds/debian/changelog
--- django-allauth-0.44.0+ds/debian/changelog   2021-01-18 02:25:56.0 
+0100
+++ django-allauth-0.44.0+ds/debian/changelog   2022-01-22 13:55:10.0 
+0100
@@ -1,3 +1,11 @@
+django-allauth (0.44.0+ds-1+deb11u1) bullseye; urgency=medium
+
+  * Import from 0.47.0-1 the patch to fix OpenID failures.
+(Closes: #1003069)
+  * Disable forwarding for two patches
+
+ -- Pierre-Elliott Bécue   Sat, 22 Jan 2022 13:55:10 +0100
+
 django-allauth (0.44.0+ds-1) unstable; urgency=medium
 
   [ Ondřej Nový ]
diff -Nru django-allauth-0.44.0+ds/debian/gbp.conf 
django-allauth-0.44.0+ds/debian/gbp.conf
--- django-allauth-0.44.0+ds/debian/gbp.conf2021-01-18 02:25:56.0 
+0100
+++ django-allauth-0.44.0+ds/debian/gbp.conf2022-01-22 13:51:42.0 
+0100
@@ -1,2 +1,3 @@
 [DEFAULT]
 pristine-tar = True
+debian-branch = debian/bullseye
diff -Nru 
django-allauth-0.44.0+ds/debian/patches/0001-Remove-all-privacy-breack-links-from-documentation.patch
 
django-allauth-0.44.0+ds/debian/patches/0001-Remove-all-privacy-breack-links-from-documentation.patch
--- 
django-allauth-0.44.0+ds/debian/patches/0001-Remove-all-privacy-breack-links-from-documentation.patch
   2021-01-18 02:25:56.0 +0100
+++ 
django-allauth-0.44.0+ds/debian/patches/0001-Remove-all-privacy-breack-links-from-documentation.patch
   2022-01-22 13:54:22.0 +0100
@@ -2,6 +2,8 @@
 Date: Tue, 12 Dec 2017 10:35:57 +0100
 Subject: Remove all privacy breack links from documentation
 
+Forwarded: not-needed
+
 ---
  README.rst | 22 --
  1 file changed, 22 deletions(-)
diff -Nru 
django-allauth-0.44.0+ds/debian/patches/0003-fix-openid-Use-decodebytes-instead-of-decodestring.patch
 
django-allauth-0.44.0+ds/debian/patches/0003-fix-openid-Use-decodebytes-instead-of-decodestring.patch
--- 
django-allauth-0.44.0+ds/debian/patches/0003-fix-openid-Use-decodebytes-instead-of-decodestring.patch
   1970-01-01 01:00:00.0 +0100
+++ 
django-allauth-0.44.0+ds/debian/patches/0003-fix-openid-Use-decodebytes-instead-of-decodestring.patch
   2022-01-22 13:55:01.0 +0100
@@ -0,0 +1,36 @@
+From: Karthikeyan Singaravelan 
+Date: Thu, 20 Jan 2022 00:25:36 +0100
+Subject: fix(openid): Use decodebytes instead of decodestring
+Applied-Upstream: 
https://github.com/pennersr/django-allauth/commit/425dc774fb5d032204b92f0870c3802202259ad3
+
+Co-authored-by: Raymond Penners 
+---
+ AUTHORS | 1 +
+ allauth/socialaccount/providers/openid/utils.py | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/AUTHORS b/AUTHORS
+index 4e2ffb6..3fd282b 100644
+--- a/AUTHORS
 b/AUTHORS
+@@ -90,6 +90,7 @@ Joshua Sorenson
+ Julen Ruiz Aizpuru
+ Justin Michalicek
+ Justin Pogrob
++Karthikeyan Singaravelan
+ Kevin Dice
+ Koichi Harakawa
+ Lee Semel
+diff --git a/allauth/socialaccount/providers/openid/utils.py 
b/allauth/socialaccount/providers/openid/utils.py
+index cf32213..bfd766c 100644
+--- a/allauth/socialaccount/providers/openid/utils.py
 b/allauth/socialaccount/providers/openid/utils.py
+@@ -102,7 +102,7 @@ class DBOpenIDStore(OIDStore):
+ for stored_assoc in stored_assocs:
+ assoc = OIDAssociation(
+ stored_assoc.handle,
+-base64.decodestring(stored_assoc.secret.encode("utf-8")),
++base64.decodebytes(stored_assoc.secret.encode("utf-8")),
+ stored_assoc.issued,
+ stored_assoc.lifetime,
+

Bug#985063: buster-pu: lxcfs/3.0.3-2+deb10u1

[Pierre-Elliott Bécue]

"Adam D. Barratt"  wrote on 04/12/2021 at 
18:42:19+0100:

> Control: tags -1 + confirmed
>
> On Fri, 2021-03-12 at 12:36 +0100, Pierre-Elliott Bécue wrote:
>> Please do tell me if I can upload lxcfs 3.0.3-2+deb10u1 to stable.
>> 
>> A canonical employee reported a swap accounting bug that could make a
>> container look like it uses all the host's swap. The fix being minor,
>> I've designed a patch I'd like to have uploaded to stable.
>> 
>
> oldstable now, but please go ahead, thanks.
>
> Regards,

Done, thanks!

Is there a tags I should add on this bug?

Cheers!
-- 
PEB


signature.asc
Description: PGP signature

Re: how to patch package rhonabwy before bullseye release?

[Pierre-Elliott Bécue]

Salut Nicolas,

Nicolas Mora  writes:

> Hello release team,
>
> I'm maintaining the package rhonaby [1] in the debian IoT tem, as well
> as being the upstream author.
>
> Recently, I've fixed two bugs in the library that I'd like to backport
> to the debian package in the bullseye release, I consider them to be 
> important bugfixes.
>
> Do I have to open a RC bug before pushing the package or can I just
> push a new package?
> Also, do I have to set the urgency higher than medium?
>
> Thanks in advance, sorry if my questions are dumb.
>
> /Nicolas
>
> [1] https://tracker.debian.org/pkg/rhonabwy

Have a look at [0].

We are in the hard freeze part. If your package has passing non-trivial
autopkgtest, it'll migrate from unstable to bullseye after 20 days
without an unblock request. It is expected that your changes are non big
and non-disruptive.

BUT, as the full freeze will probably start before the 20 days limit is
reached, I can't say how your package migration will be handled. I guess
it will be blocked. I would therefore recommend you confirm with a release
team member what to do, but I guess an unblock bug with the debdiff opened
right now could be a good idea and would probably allow your changes to be
part of bullseye if the release-team see it fit. :)

 1. Uploading to unstable for now is not a bad idea if the upload is
what you expect to see in testing
 2. The urgency field is ignored during the currents and future parts
of the freeze.

Cheers!
--
PEB

[0] https://release.debian.org/bullseye/freeze_policy.html


signature.asc
Description: PGP signature

Bug#989750: unblock: lxc/1:4.0.6-2

[Pierre-Elliott Bécue]

tags 989750 -moreinfo
thanks

Hi Sebastian,

Le mercredi 16 juin 2021 à 21:05:23+0200, Sebastian Ramacher a écrit :
> ACK, please go ahead and remove the moreinfo tag once the package is
> available in unstable.
> 
> Cheers

Uploaded, and ACCEPTED, I untag, although dak hasn't yet put it in the
archive. I hope it'sn fine with you.

Thanks and cheers!

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for principles than to live up to them.


signature.asc
Description: PGP signature

Bug#989750: unblock: lxc/1:4.0.6-2

[Pierre-Elliott Bécue]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package lxc

LXC 4.0.6-1 suffers from many issues that, in my opinion require an
update before the release of Bullseye to make our users more comfortable
using it.

 1. Running unprivileged containers until LXC4 was as simple as running
the same LXC commands as a non-root user or as root but with
containers config mapping subuids/subgids. Since systemd migrated to
pure CGroupv2 hierarchy, there is a need for either a systemd
service, or a call to systemd-run as a user. This makes the whole
less simple to use and understand for a user.

I included two scripts to wrap these systemd-run calls and make the
whole more usable. I linked their manpages to lxc-start and
lxc-attach as the arguments are passed to these commands.
 2. Consequentially, I wrote some more documentation in d/NEWS and
d/README.Debian to help our users understanding how to work with
unprivileged containers as soon as they will dist-upgrade.
 3. Historically, a lxc container had its /proc/sys/net writeable by
root when /proc was mounted with the "mixed" option in LXC
configuration. Upstream broke that and fixed it recently in a commit
in GitHub
https://github.com/lxc/lxc/commit/563ec46266b8967f0ee60e0032bbe66b3b37207c
I imported that patch as not having /proc/sys/net writeable will
break things for our users.
 4. In lxc-net configuration, we added a comment to allow users to honor
systemd's dnsmasq more easily if needed. As it's a comment, it has
no impact.

Almost all these changes are in debian/ directory and present no risk
for LXC to dysfunction at all. There is just the patch mentioned in 3
which is imported from upstream, and which changes the code. It has been
tested upstream and the code alteration is minimal.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

If you need any more intel, please do poke me!

I have not yet uploaded the changes to unstable, as I prefer waiting for
your feedback.

Thanks!

unblock lxc/1:4.0.6-2
diff -Nru lxc-4.0.6/debian/changelog lxc-4.0.6/debian/changelog
--- lxc-4.0.6/debian/changelog  2021-01-31 18:29:40.0 +0100
+++ lxc-4.0.6/debian/changelog  2021-06-11 21:43:41.0 +0200
@@ -1,3 +1,18 @@
+lxc (1:4.0.6-2) unstable; urgency=medium
+
+  * d/contrib/lxc-net: Add a commented dnsmasq reference for the users to be
+able to use this configuration if needed.
+  * d/contrib/bin/lxc-unpriv-{start,attach} helper scripts to make
+unprivileged containers easier to start manually
+  * d/README.Debian: Added some intel about how to handle properly
+unprivileged containers and systemd user sessions, and potential
+filesystem ACL issues/implications
+(Closes: #989317, 987293)
+  * d/p/0007: Makes the containers able to have /proc/sys/net rw
+(Closes: #981980)
+
+ -- Pierre-Elliott Bécue   Fri, 11 Jun 2021 21:43:41 +0200
+
 lxc (1:4.0.6-1) unstable; urgency=medium
 
   * New upstream version 4.0.6
diff -Nru lxc-4.0.6/debian/contrib/bin/lxc-unpriv-attach 
lxc-4.0.6/debian/contrib/bin/lxc-unpriv-attach
--- lxc-4.0.6/debian/contrib/bin/lxc-unpriv-attach  1970-01-01 
01:00:00.0 +0100
+++ lxc-4.0.6/debian/contrib/bin/lxc-unpriv-attach  2021-06-11 
21:25:58.0 +0200
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+if ! ps ux|grep "[s]ystemd --user" > /dev/null 2>&1; then
+echo "Can't start an unprivileged container on a pure CGroups v2 host 
without a systemd user session running."
+echo "If you are trying to get a non-interactive user to have unprivileged 
containers running, you need to"
+echo "enable lingering sessions for that user, via loginctl enable-linger 
${USER} as root."
+exit 1
+fi
+
+export XDG_RUNTIME_DIR="/run/user/$UID"
+export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus"
+
+/usr/bin/systemd-run --user --scope -p "Delegate=yes" /usr/bin/lxc-attach "$@"
diff -Nru lxc-4.0.6/debian/contrib/bin/lxc-unpriv-start 
lxc-4.0.6/debian/contrib/bin/lxc-unpriv-start
--- lxc-4.0.6/debian/contrib/bin/lxc-unpriv-start   1970-01-01 
01:00:00.0 +0100
+++ lxc-4.0.6/debian/contrib/bin/lxc-unpriv-start   2021-06-11 
21:25:42.0 +0200
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+if ! ps ux|grep "[s]ystemd --user" > /dev/null 2>&1; then
+echo "Can't start an unprivileged container on a pure CGroups v2 host 
without a systemd user session running."
+echo "If you are trying to get a non-interactive user to have unprivileged 
containers running, you need to"
+echo "enable lingering sessions for that user, via loginctl enable-linger 
${USER} as root."
+exi

Bug#985063: Acknowledgement (unblock: lxcfs/3.0.3-2+deb10u1)

[Pierre-Elliott Bécue]

usertags 985063 - unblock + pu
tags 985063 + buster
retitle 985063 buster-pu: lxcfs/3.0.3-2+deb10u1
thanks

Fixing my misqueuing.

Le vendredi 12 mars 2021 à 11:45:03+, Debian Bug Tracking System a écrit :
> Thank you for filing a new Bug report with Debian.
> 
> You can follow progress on this Bug here: 985063: 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985063.
> 
> This is an automatically generated reply to let you know your message
> has been received.
> 
> Your message is being forwarded to the package maintainers and other
> interested parties for their attention; they will reply in due course.
> 
> Your message has been sent to the package maintainer(s):
>  Debian Release Team 
> 
> If you wish to submit further information on this problem, please
> send it to 985...@bugs.debian.org.
> 
> Please do not send mail to ow...@bugs.debian.org unless you wish
> to report a problem with the Bug-tracking system.
> 
> -- 
> 985063: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985063
> Debian Bug Tracking System
> Contact ow...@bugs.debian.org with problems
> 

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.


signature.asc
Description: PGP signature

Bug#985063: unblock: lxcfs/3.0.3-2+deb10u1

[Pierre-Elliott Bécue]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team

Please do tell me if I can upload lxcfs 3.0.3-2+deb10u1 to stable.

A canonical employee reported a swap accounting bug that could make a
container look like it uses all the host's swap. The fix being minor,
I've designed a patch I'd like to have uploaded to stable.

The upload is not done yet, as I'd rather wait for your opinion.

The bug is already fixed in testing, as this patch has also been included in
lxcfs 4.

Thanks in advance!

diff -Nru lxcfs-3.0.3/debian/changelog lxcfs-3.0.3/debian/changelog
--- lxcfs-3.0.3/debian/changelog2018-12-09 22:06:41.0 +0100
+++ lxcfs-3.0.3/debian/changelog2021-03-12 12:17:23.0 +0100
@@ -1,3 +1,11 @@
+lxcfs (3.0.3-2+deb10u1) buster; urgency=medium
+
+  [ Kellen Renshaw ]
+  * d/p/0001 : Fix a misreport of swap being fully used due to a computation
+error (Closes: #955499)
+
+ -- Pierre-Elliott Bécue   Fri, 12 Mar 2021 12:17:23 +0100
+
 lxcfs (3.0.3-2) unstable; urgency=medium
 
   * Add a call to dpkg-maintscript-helper rm_conffile to handle properly the
diff -Nru lxcfs-3.0.3/debian/gbp.conf lxcfs-3.0.3/debian/gbp.conf
--- lxcfs-3.0.3/debian/gbp.conf 2018-12-09 22:06:41.0 +0100
+++ lxcfs-3.0.3/debian/gbp.conf 2021-03-12 12:17:23.0 +0100
@@ -1,2 +1,3 @@
 [DEFAULT]
 pristine-tar = True
+debian-branch=debian/buster
diff -Nru 
lxcfs-3.0.3/debian/patches/0001-bindings-Adjusts-the-logic-for-calculating-SwapFree-.patch
 
lxcfs-3.0.3/debian/patches/0001-bindings-Adjusts-the-logic-for-calculating-SwapFree-.patch
--- 
lxcfs-3.0.3/debian/patches/0001-bindings-Adjusts-the-logic-for-calculating-SwapFree-.patch
  1970-01-01 01:00:00.0 +0100
+++ 
lxcfs-3.0.3/debian/patches/0001-bindings-Adjusts-the-logic-for-calculating-SwapFree-.patch
  2021-03-12 12:17:05.0 +0100
@@ -0,0 +1,26 @@
+From: Kellen Renshaw 
+Date: Fri, 12 Mar 2021 12:16:47 +0100
+Subject: =?utf-8?q?bindings=3A_Adjusts_the_logic_for_calculating_SwapFree_t?=
+ =?utf-8?q?o_better_handle=E2=80=A6?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+… conditions where swap usage is reported to be <0.
+---
+ bindings.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bindings.c b/bindings.c
+index 5858c6d..fc89789 100644
+--- a/bindings.c
 b/bindings.c
+@@ -3186,7 +3186,7 @@ static int proc_meminfo_read(char *buf, size_t size, 
off_t offset,
+   printme = lbuf;
+   } else if (startswith(line, "SwapFree:") && memswlimit > 0 && 
memswusage > 0) {
+   unsigned long swaptotal = memswlimit,
+-  swapusage = memswusage - memusage,
++  swapusage = memusage > memswusage ? 0 : 
memswusage - memusage,
+   swapfree = swapusage < swaptotal ? 
swaptotal - swapusage : 0;
+   snprintf(lbuf, 100, "SwapFree:   %8lu kB\n", 
swapfree);
+   printme = lbuf;
diff -Nru lxcfs-3.0.3/debian/patches/series lxcfs-3.0.3/debian/patches/series
--- lxcfs-3.0.3/debian/patches/series   1970-01-01 01:00:00.0 +0100
+++ lxcfs-3.0.3/debian/patches/series   2021-03-12 12:17:05.0 +0100
@@ -0,0 +1 @@
+0001-bindings-Adjusts-the-logic-for-calculating-SwapFree-.patch

unblock lxcfs/3.0.3-2+deb10u1

-- System Information:
Debian Release: 10.8
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-10-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_USER
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to fr_FR.UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to fr_FR.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#985062: unblock: lxc-templates/3.0.4-5

[Pierre-Elliott Bécue]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

Please unblock package lxc-templates from unstable to testing.

lxc-templates 3.0.4-5, which has just been accepted in unstable, fixes 3 bugs
that will be beneficial for the stability of the package in bullseye. I should
clearly state that none of these bugs are release critical.

The first bug is to add a Suggest to qemu-user-static.
The second is to add a missing Recommend that made lxc-debian template not
working since a patch I made in October.
The third and last is to fix some errors in some templates that could lead to
catastrophic rm in case of sigint spawned while installing a container for some
distributions (arch, centos, ...). It contains the patch 0004, which is the
reason this debdiff has some lines

Please don't hesitate if you need more intel. 

Here is the debdiff:

diff -Nru lxc-templates-3.0.4/debian/changelog 
lxc-templates-3.0.4/debian/changelog
--- lxc-templates-3.0.4/debian/changelog2020-10-17 22:42:34.0 
+0200
+++ lxc-templates-3.0.4/debian/changelog2021-03-12 11:53:24.0 
+0100
@@ -1,3 +1,18 @@
+lxc-templates (3.0.4-5) unstable; urgency=medium
+
+  [ Gianfranco Costamagna ]
+  * d/control:
+- Add Suggests: qemu-user-static (Closes: #973345)
+
+  [ Pierre-Elliott Bécue ]
+  * d/control:
+- Add distro-info to the Recommends of lxc-templates (Closes: #974569)
+- Bump Standards-Version to 4.5.1
+  * d/p/0004: fix path variable in some templates to avoid catastrophic rm
+(Closes: #839843)
+
+ -- Pierre-Elliott Bécue   Fri, 12 Mar 2021 11:53:24 +0100
+
 lxc-templates (3.0.4-4) unstable; urgency=medium
 
   * d/patches/0002: Update lxc.debian template to document alternatives to the
diff -Nru lxc-templates-3.0.4/debian/control lxc-templates-3.0.4/debian/control
--- lxc-templates-3.0.4/debian/control  2020-10-17 22:42:34.0 +0200
+++ lxc-templates-3.0.4/debian/control  2021-03-12 11:53:22.0 +0100
@@ -4,7 +4,7 @@
 Maintainer: pkg-lxc 
 Uploaders: Pierre-Elliott Bécue 
 Build-Depends: debhelper-compat (= 13)
-Standards-Version: 4.5.0
+Standards-Version: 4.5.1
 Homepage: https://linuxcontainers.org/
 Vcs-Git: https://salsa.debian.org/lxc-team/lxc-templates.git
 Vcs-Browser: https://salsa.debian.org/lxc-team/lxc-templates
@@ -17,11 +17,13 @@
 busybox-static,
 cloud-image-utils | cloud-utils,
 debootstrap | cdebootstrap,
+distro-info,
 mmdebstrap,
 openssl,
 rsync,
 uuid-runtime,
 xz-utils
+Suggests: qemu-user-static
 Description: Linux Containers userspace tools (templates)
  Containers are insulated areas inside a system, which have their own namespace
  for filesystem, network, PID, IPC, CPU and memory allocation and which can be
diff -Nru 
lxc-templates-3.0.4/debian/patches/0004-Fixes-path-variable-in-some-templates.patch
 
lxc-templates-3.0.4/debian/patches/0004-Fixes-path-variable-in-some-templates.patch
--- 
lxc-templates-3.0.4/debian/patches/0004-Fixes-path-variable-in-some-templates.patch
 1970-01-01 01:00:00.0 +0100
+++ 
lxc-templates-3.0.4/debian/patches/0004-Fixes-path-variable-in-some-templates.patch
 2021-03-12 11:50:28.0 +0100
@@ -0,0 +1,180 @@
+From: =?utf-8?q?Pierre-Elliott_B=C3=A9cue?= 
+Date: Fri, 12 Mar 2021 11:50:00 +0100
+Subject: Fixes path variable in some templates
+
+The behaviour of the path variable is somewhat inconsistent with a
+relevant way of generating containers. path now points to a directory,
+where ${path}/${name} will be created and handle the new container's
+config/rootfs
+---
+ templates/lxc-archlinux.in | 8 +---
+ templates/lxc-centos.in| 6 --
+ templates/lxc-fedora-legacy.in | 8 +---
+ templates/lxc-fedora.in| 8 +---
+ templates/lxc-pld.in   | 7 +--
+ templates/lxc-voidlinux.in | 8 +++-
+ 6 files changed, 31 insertions(+), 14 deletions(-)
+
+diff --git a/templates/lxc-archlinux.in b/templates/lxc-archlinux.in
+index f8d4ba0..afa2f11 100644
+--- a/templates/lxc-archlinux.in
 b/templates/lxc-archlinux.in
+@@ -206,8 +206,8 @@ usage:
+ Mandatory args:
+   -n,--name   container name, used to as an identifier for that 
container from now on
+ Optional args:
+-  -p,--path   path to where the container rootfs will be created 
(${default_path})
+-  --rootfspath for actual container rootfs, 
(${default_path}/rootfs)
++  -p,--path   path the directory where the container directory will 
be created (${default_path})
++  --rootfspath for actual container rootfs, 
(${default_path}/{container_name}/rootfs)
+   -P,--packages   preinstall additional packages, comma-separated list
+   -e,--enable_units   enable systemd services, comma-separated list
+   -d,--disable_units  disable systemd services, comma-separated list
+@@ -256,9 +25

Bug#962059: buster-pu: package python-markdown2/2.3.7-2

[Pierre-Elliott Bécue]

Le mardi 02 juin 2020 à 20:46:16+0200, Salvatore Bonaccorso a écrit :
> Hi
> 
> [disclaimer, not part of the SRM so this is purely
> informational/commenting]
> 
> On Tue, Jun 02, 2020 at 08:30:45PM +0200, Pierre-Elliott Bécue wrote:
> > +python-markdown2 (2.3.7-2+deb10u1) buster; urgency=medium
> > +
> > +  * Add d/p/0001 To fix CVE-2020-11888, thanks to Gareth Simpson
> 
> As you can close a bug with multiple versions you might add as well
> the bug closure for #959445 as well here so once the fix enters buster
> the BTS will update the fixed versions accordingly.

Thanks! Here's the adapted debdiff!

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.
diff -Nru python-markdown2-2.3.7/debian/changelog python-markdown2-2.3.7/debian/changelog
--- python-markdown2-2.3.7/debian/changelog	2019-02-02 18:27:36.0 +0100
+++ python-markdown2-2.3.7/debian/changelog	2020-06-02 20:23:22.0 +0200
@@ -1,3 +1,11 @@
+python-markdown2 (2.3.7-2+deb10u1) buster; urgency=medium
+
+  * Add d/p/0001 To fix CVE-2020-11888, thanks to Gareth Simpson
+Closes: #959445
+  * Add a d/gbp.conf file to ease-up gbp's mind
+
+ -- Pierre-Elliott Bécue   Tue, 02 Jun 2020 20:23:22 +0200
+
 python-markdown2 (2.3.7-2) unstable; urgency=medium
 
   * Team upload
diff -Nru python-markdown2-2.3.7/debian/gbp.conf python-markdown2-2.3.7/debian/gbp.conf
--- python-markdown2-2.3.7/debian/gbp.conf	1970-01-01 01:00:00.0 +0100
+++ python-markdown2-2.3.7/debian/gbp.conf	2020-06-02 20:23:22.0 +0200
@@ -0,0 +1,3 @@
+[DEFAULT]
+pristine-tar = True
+debian-branch = debian/buster
diff -Nru python-markdown2-2.3.7/debian/patches/0001-Incomplete-tags-with-punctuation-after-as-part-of-th.patch python-markdown2-2.3.7/debian/patches/0001-Incomplete-tags-with-punctuation-after-as-part-of-th.patch
--- python-markdown2-2.3.7/debian/patches/0001-Incomplete-tags-with-punctuation-after-as-part-of-th.patch	1970-01-01 01:00:00.0 +0100
+++ python-markdown2-2.3.7/debian/patches/0001-Incomplete-tags-with-punctuation-after-as-part-of-th.patch	2020-06-02 20:23:22.0 +0200
@@ -0,0 +1,73 @@
+From: Gareth Simpson 
+Date: Tue, 2 Jun 2020 20:14:30 +0200
+Subject: Incomplete tags with punctuation after as part of the tag name are a
+ source of XSS
+Bug: https://github.com/trentm/python-markdown2/issues/348
+
+Fixes CVE-2020-11888.
+
+python-markdown2 through 2.3.8 allows XSS because element names are
+mishandled unless a \w+ match succeeds. For example, an attack might use
+elementname@ or elementname- with an onclick attribute.
+---
+ lib/markdown2.py   | 9 ++---
+ test/tm-cases/issue348_incomplete_tag.html | 1 +
+ test/tm-cases/issue348_incomplete_tag.opts | 1 +
+ test/tm-cases/issue348_incomplete_tag.text | 1 +
+ 4 files changed, 9 insertions(+), 3 deletions(-)
+ create mode 100644 test/tm-cases/issue348_incomplete_tag.html
+ create mode 100644 test/tm-cases/issue348_incomplete_tag.opts
+ create mode 100644 test/tm-cases/issue348_incomplete_tag.text
+
+diff --git a/lib/markdown2.py b/lib/markdown2.py
+index 16672f5..bd9fe0c 100755
+--- a/lib/markdown2.py
 b/lib/markdown2.py
+@@ -1772,7 +1772,7 @@ class Markdown(object):
+ lexer_name = lexer_name[3:].strip()
+ codeblock = rest.lstrip("\n")   # Remove lexer declaration line.
+ formatter_opts = self.extras['code-color'] or {}
+-
++
+ # Use pygments only if not using the highlightjs-lang extra
+ if lexer_name and "highlightjs-lang" not in self.extras:
+ def unhash_code(codeblock):
+@@ -2134,12 +2134,15 @@ class Markdown(object):
+ text = self._naked_gt_re.sub('>', text)
+ return text
+ 
+-_incomplete_tags_re = re.compile("<(/?\w+[\s/]+?)")
++_incomplete_tags_re = re.compile("<(/?\w+?(?!\w).+?[\s/]+?)")
+ 
+ def _encode_incomplete_tags(self, text):
+ if self.safe_mode not in ("replace", "escape"):
+ return text
+-
++
++if text.endswith(">"):
++return text  # this is not an incomplete tag, this is a link in the form <http://x.y.z>
++
+ return self._incomplete_tags_re.sub("<\\1", text)
+ 
+ def _encode_backslash_escapes(self, text):
+diff --git a/test/tm-cases/issue348_incomplete_tag.html b/test/tm-cases/issue348_incomplete_tag.html
+new file mode 100644
+index 000..46059cc
+--- /dev/null
 b/test/tm-cases/issue348_incomplete_tag.html
+@@ -0,0 +1 @@
++<lol@/ //id="pwn"//onclick="alert(1)"//abc
+diff --git a/test/tm-cases/issue348_incomplete_tag.opts b/test/tm-cases/issue348_incomplete_tag.opts
+new file mode 100644
+index 000..ad487c0
+--- /dev/null
 b/test/tm-ca

Bug#962059: buster-pu: package python-markdown2/2.3.7-2

[Pierre-Elliott Bécue]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Dear Release Managers,

I'd like to have python-markdown2 updated in Buster, due to a CVE:
CVE-2020-11888.

I attached a debdiff with the bug report, and the update is the
simple adding of debian/patches/0001.

I've also added a gbp.conf to have gbp stop complaining when I don't
give it the proper branch to build, this addition doesn't change the
binary packages.

Note that I've uploaded python-markdown2 2.3.9-1 to unstable 15 minutes
ago. It ships the CVE fix, and should be visible in the archive soon.

Thanks a lot for your work! :)

-- System Information:
Debian Release: 10.4
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-8-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_USER
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to fr_FR.UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to fr_FR.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru python-markdown2-2.3.7/debian/changelog 
python-markdown2-2.3.7/debian/changelog
--- python-markdown2-2.3.7/debian/changelog 2019-02-02 18:27:36.0 
+0100
+++ python-markdown2-2.3.7/debian/changelog 2020-06-02 20:23:22.0 
+0200
@@ -1,3 +1,10 @@
+python-markdown2 (2.3.7-2+deb10u1) buster; urgency=medium
+
+  * Add d/p/0001 To fix CVE-2020-11888, thanks to Gareth Simpson
+  * Add a d/gbp.conf file to ease-up gbp's mind
+
+ -- Pierre-Elliott Bécue   Tue, 02 Jun 2020 20:23:22 +0200
+
 python-markdown2 (2.3.7-2) unstable; urgency=medium
 
   * Team upload
diff -Nru python-markdown2-2.3.7/debian/gbp.conf 
python-markdown2-2.3.7/debian/gbp.conf
--- python-markdown2-2.3.7/debian/gbp.conf  1970-01-01 01:00:00.0 
+0100
+++ python-markdown2-2.3.7/debian/gbp.conf  2020-06-02 20:23:18.0 
+0200
@@ -0,0 +1,3 @@
+[DEFAULT]
+pristine-tar = True
+debian-branch = debian/buster
diff -Nru 
python-markdown2-2.3.7/debian/patches/0001-Incomplete-tags-with-punctuation-after-as-part-of-th.patch
 
python-markdown2-2.3.7/debian/patches/0001-Incomplete-tags-with-punctuation-after-as-part-of-th.patch
--- 
python-markdown2-2.3.7/debian/patches/0001-Incomplete-tags-with-punctuation-after-as-part-of-th.patch
   1970-01-01 01:00:00.0 +0100
+++ 
python-markdown2-2.3.7/debian/patches/0001-Incomplete-tags-with-punctuation-after-as-part-of-th.patch
   2020-06-02 20:22:52.0 +0200
@@ -0,0 +1,73 @@
+From: Gareth Simpson 
+Date: Tue, 2 Jun 2020 20:14:30 +0200
+Subject: Incomplete tags with punctuation after as part of the tag name are a
+ source of XSS
+Bug: https://github.com/trentm/python-markdown2/issues/348
+
+Fixes CVE-2020-11888.
+
+python-markdown2 through 2.3.8 allows XSS because element names are
+mishandled unless a \w+ match succeeds. For example, an attack might use
+elementname@ or elementname- with an onclick attribute.
+---
+ lib/markdown2.py   | 9 ++---
+ test/tm-cases/issue348_incomplete_tag.html | 1 +
+ test/tm-cases/issue348_incomplete_tag.opts | 1 +
+ test/tm-cases/issue348_incomplete_tag.text | 1 +
+ 4 files changed, 9 insertions(+), 3 deletions(-)
+ create mode 100644 test/tm-cases/issue348_incomplete_tag.html
+ create mode 100644 test/tm-cases/issue348_incomplete_tag.opts
+ create mode 100644 test/tm-cases/issue348_incomplete_tag.text
+
+diff --git a/lib/markdown2.py b/lib/markdown2.py
+index 16672f5..bd9fe0c 100755
+--- a/lib/markdown2.py
 b/lib/markdown2.py
+@@ -1772,7 +1772,7 @@ class Markdown(object):
+ lexer_name = lexer_name[3:].strip()
+ codeblock = rest.lstrip("\n")   # Remove lexer declaration 
line.
+ formatter_opts = self.extras['code-color'] or {}
+-
++
+ # Use pygments only if not using the highlightjs-lang extra
+ if lexer_name and "highlightjs-lang" not in self.extras:
+ def unhash_code(codeblock):
+@@ -2134,12 +2134,15 @@ class Markdown(object):
+ text = self._naked_gt_re.sub('>', text)
+ return text
+ 
+-_incomplete_tags_re = re.compile("<(/?\w+[\s/]+?)")
++_incomplete_tags_re = re.compile("<(/?\w+?(?!\w).+?[\s/]+?)")
+ 
+ def _encode_incomplete_tags(self, text):
+ if self.safe_mode not in ("replace", "escape"):
+ return text
+-
++
++if text.endswith(">"):
++return text  # this is not an incomplete tag, this is a link in 
the form <http://x.y.z>
++
+ return self._incomplete_tags_re.sub("<\\1", text)
+ 
+ def _encode_backslash_escapes(self, text):
+diff --git a/test/tm-cases/issu

Bug#960806: buster-pu: package policyd-rate-limit/1.0.0-1

[Pierre-Elliott Bécue]

Le lundi 18 mai 2020 à 14:32:24+0100, Adam D. Barratt a écrit :
> On Mon, 2020-05-18 at 14:13 +0100, Adam D. Barratt wrote:
> > That appears to have dropped a number of entries from the changelog
> > for the unstable upload it's based on, which is a little confusing to
> > say the least.
> > 
> > If you're dropping changes for the backport, then the unstable
> > changelog stanza should be exactly as it was for the upload to
> > unstable, and any changes that weren't included should be itemised in
> > the changelog for the stable upload, if they're sufficiently
> > relevant.
> 
> As an alternative suggestion, rather than trying to backport the upload
> to unstable and reverting a bunch of the changes in the process, it
> might be easier to start from the current stable package and simply
> apply the changes required to resolve:
> 
> +- Fixes issues in accounting due to socket reuse (Closes: #960792)
> +- Fixes undeclared variable issue
> 
> assuming those are as simple and isolated as I suspect from looking
> through the diff.

Would the attached diff be fine?

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.
diff -Nru policyd-rate-limit-1.0.0/debian/changelog policyd-rate-limit-1.0.1.1/debian/changelog
--- policyd-rate-limit-1.0.0/debian/changelog	2018-12-11 09:57:37.0 +0100
+++ policyd-rate-limit-1.0.1.1/debian/changelog	2020-05-18 19:09:03.0 +0200
@@ -1,3 +1,13 @@
+policyd-rate-limit (1.0.1.1-0+deb10u1) buster; urgency=medium
+
+  * Team upload
+  * New upstream release 1.0.1.1
+- Fixes issues in accounting due to socket reuse (Closes: #960792)
+- Fixes undeclared variable issue
+  * Updated upstream's signing key
+
+ -- Pierre-Elliott Bécue   Mon, 18 May 2020 19:09:03 +0200
+
 policyd-rate-limit (1.0.0-1) unstable; urgency=medium
 
   * Team upload
diff -Nru policyd-rate-limit-1.0.0/debian/upstream/signing-key.asc policyd-rate-limit-1.0.1.1/debian/upstream/signing-key.asc
--- policyd-rate-limit-1.0.0/debian/upstream/signing-key.asc	2018-12-11 09:57:37.0 +0100
+++ policyd-rate-limit-1.0.1.1/debian/upstream/signing-key.asc	2020-05-18 14:17:01.0 +0200
@@ -1,5 +1,4 @@
 -BEGIN PGP PUBLIC KEY BLOCK-
-Version: GnuPG v1
 
 mQINBEzFtS8BEADHXXvwn2k5xtlld1Lt5+abQJFdmeKB9EOP7qZEkCoBINPWb8Tx
 6L8xFU51GQpzMB0BnFnD4SelJggxqKv0bAd6glmU63AZSzpodVvDGGLzj4zOwWyZ
@@ -12,1163 +11,289 @@
 fm8NtP8LdTGAXvAGa3Pid04s8G0phSC2/oG2TAaGRseN5KRwD7T93PH2IYj5/GMm
 T48WWpZwEjD7b0fSwW4HPosu29fbZCqDmiEflQiZlw8KBJlUTXIPH0oU7ykUwy0c
 ++Gf0L85IHHbvmV3cvqyCcAXD0dwTdXWUS4EUn9aozwPGS+rsiJ9NUnH+QARAQAB
-tCdWYWxlbnRpbiBTYW1pciA8c2FtaXIudmFsZW50aW5AZnJlZS5mcj6JAj0EEwEK
-ACcCGyMCHgECF4AFCwkIBwMFFQoJCAsFFgIDAQAFAlfIOzUFCQtRoAYACgkQyGrS
-qkHCt2vJUA/9Hr/1zQGspeQpQNU0pnSksgrutQ4qlVB6BYWZ6RWqMrPmY2mgxDtB
-4G7HkDRsIdJdA8rWRvBU6aFd0LSMvAkUkEfU4xwdfQG8Mmaoy6EfTsPrYcAXFMph
-clWMtdX8kaDGcywZkLlmo2I4ZG2Jrpp3Z8oi6mG4kuBm6lvU2Q+NDdfkoP7bTLTo
-tv6jVYvWNaLeR5zjT9ICaozvHvYjkNS2zty4Perz8TH7T+rjYU7BTY1q8+yN4hUI
-fdCOfN25bFCKZ9b+ncnYlhPlkz5MV6ulNjjU1d9iIDwR1jiDuY/klfMDCqzS762n
-odM7+ukd+C0+sFdjqnYoEMXGYQpPGqeIF46il8nKjQgVcdOri8cFRBvJmLVMwu+k
-ICKYN7ajZyjNBfRLuO76oKw5oKekR6wWF7e28sxfl38nmcZTk2LF+HHPycBFk+QR
-wQewjk4zXEQ1qug6yVwV4CkDcN+NtGvN+XWUtPf1RlsvzhFaTu+SBTLXBg2LfUFf
-9OgeuXYJFJ5lS94DAt5I1OUGw2Ttod/AzGTKhGMFJ3MLfcIiyxVRc6O3FF2QDjgK
-uTgOBGITrUesi0OAkfv0quotBGDgwXxgKtk1w5b8Q/o3/N5ocOAwdlz/yo/uF4J5
-D4tkwAgxE57RDFVjOzy45Zi4obVx8C6wiT1ZwfmVwwxAKg0ltmQTX4y0OVZhbGVu
-dGluIFNhbWlyIDx2YWxlbnRpbi5zYW1pckBldHUudW5pdi1wYXJpcy1kaWRlcm90
-LmZyPokCHwQwAQIACQUCUkWZEAIdIAAKCRDIatKqQcK3a3HyD/9mOMdm0Uq2ZqId
-I5bkbOPj1KdiWVKFTG0n8MygGHslRSB6SLGh2bTPiCs4dRpOvWxkvK1KOI/jEldq
-FUln3SGcckaOznIn/+WiZ1HWd9W2lem/kgb0dUvnxnmSLJ5I8LeTlHR8FwpN9YbQ
-xxQpNw+fCwHfqsnolAngA5DCWAIkqQnu/PGbja6JGNeb0METOZzUp226Q9tsB+QE
-CNszu61GcCrE7L8JYHlIe4g72NZqgMJLX6zY3sc7MnhZ5J6wNpulS3tRBUh52br1
-bBunggb6VhUQyFn62UxIEmfbjPMr9M6CzJTVyl6v/LAPXCxy+sKq0ra9AxrlF0CV
-fVG0W3XQHqi+alEdzXFc1S9LYdnNxpp71jWlCjZEJ3QfVg2g4oR4TxnTwEpEW8G+
-9R9DxVJhK65XoMEm72xkAqv7taPRBmYimyvMPnETaIldv1/dCpXuUcdimkaGHp2T
-phtjAEF3Aj+XvvKIAsXclbFl7K8I7P9PqU2s6G0thV+P0uHtotJ51cbb/yQjMQNa
-bK5AME4djrULfGGhc4T1yRasZwMPasr3CRiy4bedzumXH5qfrIkl+HWSpmorz8ch
-cOT3Y7gxYwiESBFIr+JaXsAcqBpBLwEih8EnRkqCkBPxqnww9Hi3D7UcN/FokesB
-RldSLx4IM8Lm/yl0Pm3Brr95KAPH77Q1VmFsZW50aW4gU2FtaXIgPHZhbGVudGlu
-LnNhbWlyQGRwdGluZm8uZW5zLWNhY2hhbi5mcj6JAj0EEwEKACcCGyMCHgECF4AF
-CwkIBwMFFQoJCAsFFgIDAQAFAlfIOzYFCQtRoAYACgkQyGrSqkHCt2vGpQ/+Ky+d
-ZW6J5KsOCC/HkHNXT0dB2WuVUfjhPJbZVyBGATWdxFpxql+JM7ccTL6bxan/5X6k
-PqaHzlOOp2g6qBomOaVYowI/64KMyRJXelx2iy5BUbttXGWOAm9GojszWAX+ori9
-tiMjgGlQfNE31HPHj2wl4Doh/sPQj6bU9H2R17zrSCXlRPcGN7S3Z0Q/zPc/NM0G
-7xIyu94+Awf/fpnaxyDlcA0p4VnSbj1aV+7yjGiSzURi3QlHCykHAdADvyUAZEtE
-qTcEU+tgmgvwVmUbHRujS/nrSN731mlsJELDMI96OlFPS7+bKL/cO+JjlWxXzVrP
-f5heIIRLyB6V7lzzziOuZKY0Z

Bug#960806: buster-pu: package policyd-rate-limit/1.0.0-1

[Pierre-Elliott Bécue]

Le dimanche 17 mai 2020 à 22:27:52+0100, Adam D. Barratt a écrit :
> Control: tags -1 + moreinfo
> 
> On Sat, 2020-05-16 at 22:39 +0200, Pierre-Elliott Bécue wrote:
> > Policyd rate limit in buster is RC-buggy due to a bug described
> > here[0].
> > Minor release 1.0.1 fixes the issue, and, consequently, I uploaded it
> > in unstable minutes ago.
> > 
> > I prepared a debdiff for Buster. Note that the upstream release is
> > 1.0.1.1 because upstream released signing with an inappropriate GPG
> > key.
> 
> +policyd-rate-limit (1.0.1.1-1+deb10u1) buster; urgency=medium
> 
> The version needs to be lower than the package in unstable, so 1.0.1.1-
> 1~deb10u1

Arf, my bad, I forgot that again.

> -Build-Depends: debhelper (>= 11~),
> +Build-Depends: debhelper-compat (= 11),
> 
> As a general note, that's not particularly great for a stable update,
> even though it's effectively a no-op (because it's not part of
> resolving the issues). As part of a backport I wouldn't request not
> including it though.

Dropped.

> -raise ValueError("connection closed")
> +raise PolicydConnectionClosed()
> [...]
> -except Exception as error:
> +except PolicydConnectionClosed:
> +if config.debug:
> +sys.stderr.write("Connection closed\n")
> 
> Does anything rely on the specific strings being output here?

It's debug output. Although anyone could decide to use this output to
handle some things, it's not supposed to be.

Here is a new diff.

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.
diff -Nru policyd-rate-limit-1.0.0/debian/changelog policyd-rate-limit-1.0.1.1/debian/changelog
--- policyd-rate-limit-1.0.0/debian/changelog	2018-12-11 09:57:37.0 +0100
+++ policyd-rate-limit-1.0.1.1/debian/changelog	2020-05-18 14:17:48.0 +0200
@@ -1,3 +1,22 @@
+policyd-rate-limit (1.0.1.1-1~deb10u1) buster; urgency=medium
+
+  * Team upload
+  * Rebuild for Buster
+
+ -- Pierre-Elliott Bécue   Mon, 18 May 2020 14:17:48 +0200
+
+policyd-rate-limit (1.0.1.1-1) unstable; urgency=medium
+
+  * Team upload
+
+  [ Pierre-Elliott Bécue ]
+  * New upstream release 1.0.1.1
+- Fixes issues in accounting due to socket reuse (Closes: #960792)
+- Fixes undeclared variable issue
+  * Updated upstream's signing key
+
+ -- Pierre-Elliott Bécue   Sat, 16 May 2020 19:47:04 +0200
+
 policyd-rate-limit (1.0.0-1) unstable; urgency=medium
 
   * Team upload
diff -Nru policyd-rate-limit-1.0.0/debian/upstream/signing-key.asc policyd-rate-limit-1.0.1.1/debian/upstream/signing-key.asc
--- policyd-rate-limit-1.0.0/debian/upstream/signing-key.asc	2018-12-11 09:57:37.0 +0100
+++ policyd-rate-limit-1.0.1.1/debian/upstream/signing-key.asc	2020-05-18 14:17:01.0 +0200
@@ -1,5 +1,4 @@
 -BEGIN PGP PUBLIC KEY BLOCK-
-Version: GnuPG v1
 
 mQINBEzFtS8BEADHXXvwn2k5xtlld1Lt5+abQJFdmeKB9EOP7qZEkCoBINPWb8Tx
 6L8xFU51GQpzMB0BnFnD4SelJggxqKv0bAd6glmU63AZSzpodVvDGGLzj4zOwWyZ
@@ -12,1163 +11,289 @@
 fm8NtP8LdTGAXvAGa3Pid04s8G0phSC2/oG2TAaGRseN5KRwD7T93PH2IYj5/GMm
 T48WWpZwEjD7b0fSwW4HPosu29fbZCqDmiEflQiZlw8KBJlUTXIPH0oU7ykUwy0c
 ++Gf0L85IHHbvmV3cvqyCcAXD0dwTdXWUS4EUn9aozwPGS+rsiJ9NUnH+QARAQAB
-tCdWYWxlbnRpbiBTYW1pciA8c2FtaXIudmFsZW50aW5AZnJlZS5mcj6JAj0EEwEK
-ACcCGyMCHgECF4AFCwkIBwMFFQoJCAsFFgIDAQAFAlfIOzUFCQtRoAYACgkQyGrS
-qkHCt2vJUA/9Hr/1zQGspeQpQNU0pnSksgrutQ4qlVB6BYWZ6RWqMrPmY2mgxDtB
-4G7HkDRsIdJdA8rWRvBU6aFd0LSMvAkUkEfU4xwdfQG8Mmaoy6EfTsPrYcAXFMph
-clWMtdX8kaDGcywZkLlmo2I4ZG2Jrpp3Z8oi6mG4kuBm6lvU2Q+NDdfkoP7bTLTo
-tv6jVYvWNaLeR5zjT9ICaozvHvYjkNS2zty4Perz8TH7T+rjYU7BTY1q8+yN4hUI
-fdCOfN25bFCKZ9b+ncnYlhPlkz5MV6ulNjjU1d9iIDwR1jiDuY/klfMDCqzS762n
-odM7+ukd+C0+sFdjqnYoEMXGYQpPGqeIF46il8nKjQgVcdOri8cFRBvJmLVMwu+k
-ICKYN7ajZyjNBfRLuO76oKw5oKekR6wWF7e28sxfl38nmcZTk2LF+HHPycBFk+QR
-wQewjk4zXEQ1qug6yVwV4CkDcN+NtGvN+XWUtPf1RlsvzhFaTu+SBTLXBg2LfUFf
-9OgeuXYJFJ5lS94DAt5I1OUGw2Ttod/AzGTKhGMFJ3MLfcIiyxVRc6O3FF2QDjgK
-uTgOBGITrUesi0OAkfv0quotBGDgwXxgKtk1w5b8Q/o3/N5ocOAwdlz/yo/uF4J5
-D4tkwAgxE57RDFVjOzy45Zi4obVx8C6wiT1ZwfmVwwxAKg0ltmQTX4y0OVZhbGVu
-dGluIFNhbWlyIDx2YWxlbnRpbi5zYW1pckBldHUudW5pdi1wYXJpcy1kaWRlcm90
-LmZyPokCHwQwAQIACQUCUkWZEAIdIAAKCRDIatKqQcK3a3HyD/9mOMdm0Uq2ZqId
-I5bkbOPj1KdiWVKFTG0n8MygGHslRSB6SLGh2bTPiCs4dRpOvWxkvK1KOI/jEldq
-FUln3SGcckaOznIn/+WiZ1HWd9W2lem/kgb0dUvnxnmSLJ5I8LeTlHR8FwpN9YbQ
-xxQpNw+fCwHfqsnolAngA5DCWAIkqQnu/PGbja6JGNeb0METOZzUp226Q9tsB+QE
-CNszu61GcCrE7L8JYHlIe4g72NZqgMJLX6zY3sc7MnhZ5J6wNpulS3tRBUh52br1
-bBunggb6VhUQyFn62UxIEmfbjPMr9M6CzJTVyl6v/LAPXCxy+sKq0ra9AxrlF0CV
-fVG0W3XQHqi+alEdzXFc1S9LYdnNxpp71jWlCjZEJ3QfVg2g4oR4TxnTwEpEW8G+
-9R9DxVJhK65XoMEm72xkAqv7taPRBmYimyvMPnETaIldv1/dCpXuUcdimkaGHp2T
-phtjAEF3Aj+XvvKIAsXclb

Bug#960806: buster-pu: package policyd-rate-limit/1.0.0-1

[Pierre-Elliott Bécue]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Dear release managers,

Policyd rate limit in buster is RC-buggy due to a bug described here[0].
Minor release 1.0.1 fixes the issue, and, consequently, I uploaded it in
unstable minutes ago.

I prepared a debdiff for Buster. Note that the upstream release is
1.0.1.1 because upstream released signing with an inappropriate GPG key.
I decided to stick with upstream version.

Please tell me if that debdiff would seem acceptable to you.

Thanks a lot! :)

[0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960792

-- System Information:
Debian Release: 10.3
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-8-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_USER
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to fr_FR.UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to fr_FR.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru policyd-rate-limit-1.0.0/debian/changelog 
policyd-rate-limit-1.0.1.1/debian/changelog
--- policyd-rate-limit-1.0.0/debian/changelog   2018-12-11 09:57:37.0 
+0100
+++ policyd-rate-limit-1.0.1.1/debian/changelog 2020-05-16 19:58:16.0 
+0200
@@ -1,3 +1,25 @@
+policyd-rate-limit (1.0.1.1-1+deb10u1) buster; urgency=medium
+
+  * Team upload
+  * Rebuild for Buster
+
+ -- Pierre-Elliott Bécue   Sat, 16 May 2020 19:58:16 +0200
+
+policyd-rate-limit (1.0.1.1-1) unstable; urgency=medium
+
+  * Team upload
+
+  [ Ondřej Nový ]
+  * Use debhelper-compat instead of debian/compat.
+
+  [ Pierre-Elliott Bécue ]
+  * New upstream release 1.0.1.1
+- Fixes issues in accounting due to socket reuse (Closes: #960792)
+- Fixes undeclared variable issue
+  * Updated upstream's signing key
+
+ -- Pierre-Elliott Bécue   Sat, 16 May 2020 19:47:04 +0200
+
 policyd-rate-limit (1.0.0-1) unstable; urgency=medium
 
   * Team upload
diff -Nru policyd-rate-limit-1.0.0/debian/compat 
policyd-rate-limit-1.0.1.1/debian/compat
--- policyd-rate-limit-1.0.0/debian/compat  2018-12-11 09:57:37.0 
+0100
+++ policyd-rate-limit-1.0.1.1/debian/compat1970-01-01 01:00:00.0 
+0100
@@ -1 +0,0 @@
-11
diff -Nru policyd-rate-limit-1.0.0/debian/control 
policyd-rate-limit-1.0.1.1/debian/control
--- policyd-rate-limit-1.0.0/debian/control 2018-12-11 09:57:37.0 
+0100
+++ policyd-rate-limit-1.0.1.1/debian/control   2020-05-16 19:58:16.0 
+0200
@@ -3,7 +3,7 @@
 Priority: optional
 Maintainer: Python Applications Packaging Team 

 Uploaders: Valentin Samir 
-Build-Depends: debhelper (>= 11~),
+Build-Depends: debhelper-compat (= 11),
dh-python,
python3,
python3-setuptools,
diff -Nru policyd-rate-limit-1.0.0/debian/upstream/signing-key.asc 
policyd-rate-limit-1.0.1.1/debian/upstream/signing-key.asc
--- policyd-rate-limit-1.0.0/debian/upstream/signing-key.asc2018-12-11 
09:57:37.0 +0100
+++ policyd-rate-limit-1.0.1.1/debian/upstream/signing-key.asc  2020-05-16 
19:35:35.0 +0200
@@ -1,5 +1,4 @@
 -BEGIN PGP PUBLIC KEY BLOCK-
-Version: GnuPG v1
 
 mQINBEzFtS8BEADHXXvwn2k5xtlld1Lt5+abQJFdmeKB9EOP7qZEkCoBINPWb8Tx
 6L8xFU51GQpzMB0BnFnD4SelJggxqKv0bAd6glmU63AZSzpodVvDGGLzj4zOwWyZ
@@ -12,1163 +11,289 @@
 fm8NtP8LdTGAXvAGa3Pid04s8G0phSC2/oG2TAaGRseN5KRwD7T93PH2IYj5/GMm
 T48WWpZwEjD7b0fSwW4HPosu29fbZCqDmiEflQiZlw8KBJlUTXIPH0oU7ykUwy0c
 ++Gf0L85IHHbvmV3cvqyCcAXD0dwTdXWUS4EUn9aozwPGS+rsiJ9NUnH+QARAQAB
-tCdWYWxlbnRpbiBTYW1pciA8c2FtaXIudmFsZW50aW5AZnJlZS5mcj6JAj0EEwEK
-ACcCGyMCHgECF4AFCwkIBwMFFQoJCAsFFgIDAQAFAlfIOzUFCQtRoAYACgkQyGrS
-qkHCt2vJUA/9Hr/1zQGspeQpQNU0pnSksgrutQ4qlVB6BYWZ6RWqMrPmY2mgxDtB
-4G7HkDRsIdJdA8rWRvBU6aFd0LSMvAkUkEfU4xwdfQG8Mmaoy6EfTsPrYcAXFMph
-clWMtdX8kaDGcywZkLlmo2I4ZG2Jrpp3Z8oi6mG4kuBm6lvU2Q+NDdfkoP7bTLTo
-tv6jVYvWNaLeR5zjT9ICaozvHvYjkNS2zty4Perz8TH7T+rjYU7BTY1q8+yN4hUI
-fdCOfN25bFCKZ9b+ncnYlhPlkz5MV6ulNjjU1d9iIDwR1jiDuY/klfMDCqzS762n
-odM7+ukd+C0+sFdjqnYoEMXGYQpPGqeIF46il8nKjQgVcdOri8cFRBvJmLVMwu+k
-ICKYN7ajZyjNBfRLuO76oKw5oKekR6wWF7e28sxfl38nmcZTk2LF+HHPycBFk+QR
-wQewjk4zXEQ1qug6yVwV4CkDcN+NtGvN+XWUtPf1RlsvzhFaTu+SBTLXBg2LfUFf
-9OgeuXYJFJ5lS94DAt5I1OUGw2Ttod/AzGTKhGMFJ3MLfcIiyxVRc6O3FF2QDjgK
-uTgOBGITrUesi0OAkfv0quotBGDgwXxgKtk1w5b8Q/o3/N5ocOAwdlz/yo/uF4J5
-D4tkwAgxE57RDFVjOzy45Zi4obVx8C6wiT1ZwfmVwwxAKg0ltmQTX4y0OVZhbGVu
-dGluIFNhbWlyIDx2YWxlbnRpbi5zYW1pckBldHUudW5pdi1wYXJpcy1kaWRlcm90
-LmZyPokCHwQwAQIACQUCUkWZEAIdIAAKCRDIatKqQcK3a3HyD/9mOMdm0Uq2ZqId
-I5bkbOPj1KdiWVKFTG0n8MygGHslRSB6SLGh2bTPiCs4dRpOvWxkvK1KOI/jEldq
-FUln3SGcckaOznIn/+WiZ1HWd9W2lem/kgb0dUvnxnmSLJ5I8LeTlHR8FwpN9YbQ
-xxQpNw+fCwHfqsnolAngA5DCWAIkqQnu/PGbja6JGNeb0METOZzUp226Q9tsB+QE
-CNszu61GcCrE7L8JYHlIe4g72NZqgMJLX6zY3sc7MnhZ5J6wNpulS3tRBUh52br1
-bBunggb6Vh

Bug#958173: buster-pu: package lxc-templates/3.0.3-1

[Pierre-Elliott Bécue]

Le mardi 21 avril 2020 à 21:21:28+0200, Andreas Beckmann a écrit :
> > Stripping all useless commits, here is the Debdiff I get.
> > 
> > Note that the version isn't 3.0.4-3~deb10u1 as 3.0.4-3 contains only
> > packaging changes that I didn't include.
> > 
> > Should you wish me to release 3.0.4-3~deb10u1, we would have to make an
> > empty changelog for 3.0.4-3 over which I could do the changelog entry to
> > release into buster.
> 
> A version generally used in this case would be 3.0.4-0+deb10u1 with the
> changelog entries squashed together. It's no longer a plain "rebuild",
> but a new upstream release + selected cherry-picked bugfixes without
> inappropriate packaging changes.
> (mariadb and postgresql are prominent users of this scheme.)

Thanks, here is a debdiff that should fit then.

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.
diff -Nru lxc-templates-3.0.3/configure lxc-templates-3.0.4/configure
--- lxc-templates-3.0.3/configure   2018-11-23 01:48:22.0 +0100
+++ lxc-templates-3.0.4/configure   2019-06-22 00:57:26.0 +0200
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for lxc-templates 3.0.3.
+# Generated by GNU Autoconf 2.69 for lxc-templates 3.0.4.
 #
 #
 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -577,8 +577,8 @@
 # Identity of this package.
 PACKAGE_NAME='lxc-templates'
 PACKAGE_TARNAME='lxc-templates'
-PACKAGE_VERSION='3.0.3'
-PACKAGE_STRING='lxc-templates 3.0.3'
+PACKAGE_VERSION='3.0.4'
+PACKAGE_STRING='lxc-templates 3.0.4'
 PACKAGE_BUGREPORT=''
 PACKAGE_URL=''
 
@@ -1321,7 +1321,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures lxc-templates 3.0.3 to adapt to many kinds of systems.
+\`configure' configures lxc-templates 3.0.4 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1392,7 +1392,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
- short | recursive ) echo "Configuration of lxc-templates 3.0.3:";;
+ short | recursive ) echo "Configuration of lxc-templates 3.0.4:";;
esac
   cat <<\_ACEOF
 
@@ -1500,7 +1500,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-lxc-templates configure 3.0.3
+lxc-templates configure 3.0.4
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1752,7 +1752,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by lxc-templates $as_me 3.0.3, which was
+It was created by lxc-templates $as_me 3.0.4, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2615,7 +2615,7 @@
 
 # Define the identity of the package.
  PACKAGE='lxc-templates'
- VERSION='3.0.3'
+ VERSION='3.0.4'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -6134,7 +6134,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by lxc-templates $as_me 3.0.3, which was
+This file was extended by lxc-templates $as_me 3.0.4, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES= $CONFIG_FILES
@@ -6195,7 +6195,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; 
s/[\\""\`\$]/&/g'`"
 ac_cs_version="\\
-lxc-templates config.status 3.0.3
+lxc-templates config.status 3.0.4
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -Nru lxc-templates-3.0.3/configure.ac lxc-templates-3.0.4/configure.ac
--- lxc-templates-3.0.3/configure.ac2018-11-23 01:48:17.0 +0100
+++ lxc-templates-3.0.4/configure.ac2019-06-22 00:57:21.0 +0200
@@ -1,7 +1,7 @@
 #   -*- Autoconf -*-
 # Process this file with autoconf to produce a configure script.
 
-AC_INIT([lxc-templates], [3.0.3])
+AC_INIT([lxc-templates], [3.0.4])
 AM_INIT_AUTOMAKE
 
 # We need pkg-config
diff -Nru lxc-templates-3.0.3/debian/changelog 
lxc-templates-3.0.4/debian/changelog
--- lxc-templates-3.0.3/debian/changelog2018-12-04 08:47:01.0 
+0100
+++ lxc-templates-3.0.4/debian/changelog2020-04-21 21:54:06.0 
+0200
@@ -1,3 +1,12 @@
+lxc-templates (3.0

Bug#958173: buster-pu: package lxc-templates/3.0.3-1

[Pierre-Elliott Bécue]

Le dimanche 19 avril 2020 à 16:22:57+0200, Pierre-Elliott Bécue a écrit :
> [snip]

Dear Adam,

Stripping all useless commits, here is the Debdiff I get.

Note that the version isn't 3.0.4-3~deb10u1 as 3.0.4-3 contains only
packaging changes that I didn't include.

Should you wish me to release 3.0.4-3~deb10u1, we would have to make an
empty changelog for 3.0.4-3 over which I could do the changelog entry to
release into buster.

Cheers!

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.
diff -Nru lxc-templates-3.0.3/configure lxc-templates-3.0.4/configure
--- lxc-templates-3.0.3/configure   2018-11-23 01:48:22.0 +0100
+++ lxc-templates-3.0.4/configure   2019-06-22 00:57:26.0 +0200
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for lxc-templates 3.0.3.
+# Generated by GNU Autoconf 2.69 for lxc-templates 3.0.4.
 #
 #
 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -577,8 +577,8 @@
 # Identity of this package.
 PACKAGE_NAME='lxc-templates'
 PACKAGE_TARNAME='lxc-templates'
-PACKAGE_VERSION='3.0.3'
-PACKAGE_STRING='lxc-templates 3.0.3'
+PACKAGE_VERSION='3.0.4'
+PACKAGE_STRING='lxc-templates 3.0.4'
 PACKAGE_BUGREPORT=''
 PACKAGE_URL=''
 
@@ -1321,7 +1321,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures lxc-templates 3.0.3 to adapt to many kinds of systems.
+\`configure' configures lxc-templates 3.0.4 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1392,7 +1392,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
- short | recursive ) echo "Configuration of lxc-templates 3.0.3:";;
+ short | recursive ) echo "Configuration of lxc-templates 3.0.4:";;
esac
   cat <<\_ACEOF
 
@@ -1500,7 +1500,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-lxc-templates configure 3.0.3
+lxc-templates configure 3.0.4
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1752,7 +1752,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by lxc-templates $as_me 3.0.3, which was
+It was created by lxc-templates $as_me 3.0.4, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2615,7 +2615,7 @@
 
 # Define the identity of the package.
  PACKAGE='lxc-templates'
- VERSION='3.0.3'
+ VERSION='3.0.4'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -6134,7 +6134,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by lxc-templates $as_me 3.0.3, which was
+This file was extended by lxc-templates $as_me 3.0.4, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES= $CONFIG_FILES
@@ -6195,7 +6195,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; 
s/[\\""\`\$]/&/g'`"
 ac_cs_version="\\
-lxc-templates config.status 3.0.3
+lxc-templates config.status 3.0.4
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -Nru lxc-templates-3.0.3/configure.ac lxc-templates-3.0.4/configure.ac
--- lxc-templates-3.0.3/configure.ac2018-11-23 01:48:17.0 +0100
+++ lxc-templates-3.0.4/configure.ac2019-06-22 00:57:21.0 +0200
@@ -1,7 +1,7 @@
 #   -*- Autoconf -*-
 # Process this file with autoconf to produce a configure script.
 
-AC_INIT([lxc-templates], [3.0.3])
+AC_INIT([lxc-templates], [3.0.4])
 AM_INIT_AUTOMAKE
 
 # We need pkg-config
diff -Nru lxc-templates-3.0.3/debian/changelog 
lxc-templates-3.0.4/debian/changelog
--- lxc-templates-3.0.3/debian/changelog2018-12-04 08:47:01.0 
+0100
+++ lxc-templates-3.0.4/debian/changelog2020-04-19 18:13:31.0 
+0200
@@ -1,3 +1,23 @@
+lxc-templates (3.0.4-2+deb10u1) buster; urgency=medium
+
+  * Rebuild for Buster
+
+ -- Pierre-Elliott Bécue   Sun, 19 Apr 2020 18:13:31 +0200
+
+lxc-templates (3.0.4-2) unstable; urgency=medium
+
+  * d/p/0001: [lxc-debian] Handle languages that are only UTF-8 encoded
+(Closes: #950840)
+
+ -- Pierre-Elliott Bécue   Sun, 19 Apr 2020 18:12:58 +0200
+
+lxc-templates (3.0.4-1) unstable; urgency=medium
+
+  * New upstream release 3.0.4
+  * d/lxc-te

Bug#958173: buster-pu: package lxc-templates/3.0.3-1

[Pierre-Elliott Bécue]

Le dimanche 19 avril 2020 à 12:02:44+0100, Adam D. Barratt a écrit :
> Control: tags -1 + moreinfo
> 
> On Sun, 2020-04-19 at 12:32 +0200, Pierre-Elliott Bécue wrote:
> > I'd like to ask you for your approval to upload lxc-templates
> > 3.0.4-3+deb10u1 over lxc-templates 3.0.3-1, in Buster.
> 
> Assuming that we'd be happy with that, you've uploaded 3.0.4-3 to
> unstable, so any stable update needs to be _lower_. For a backport of
> 3.0.4-3, the conventional version number would be 3.0.4-3~deb10u1.
> 
> Your proposed changelog also makes no mention of the stable upload,
> only those to unstable.

Sorry, here is the appropriate debdiff. I fixed the version number
issue.

> > The reasons for this upload are:
> > 
> >  * New upstream release of lxc-templates 3.0.4 fixing small bugs in
> >lxc-plamo and lxc-slackware templates. In lxc-plamo, the goal was
> > to
> >default to https for uploads and to ensure that the downloads work
> >properly in regards to apparent changes on the download
> > architecture.
> >For lxc-slackware, the changes are the inclusion of two packages
> > at
> >the bootstraping of the containers.
> >  * RC bug #950840 fix in the lxc-debian template, through a patch I
> > made.
> >This bug was preventing a normal behaviour of containers
> > bootstrapped
> >with a locale set to a locale which exists only in UTF-8.
> > 
> > I attached the debdiff of the changes, which are quite small.
> 
> They also include a fair number of packaging changes, such as changes
> of debhelper level, which aren't generally considered for stable
> updates. (In some circumstances they /might/ be OK, if a binary debdiff
> between the current stable packages and the proposed package built on
> stable - bearing in mind the earlier comments - shows no changes.)

I could remove these changes if needed, although it'll mean divergence
between the current unstable package and the stable one. I'm fine with
that, but I heard it's preferred to have them being consistent.

On the binary side of things, there is a new file:
usr/share/lintian/overrides/lxc-templates as an override has been added
to 3.0.4-1. The other observable changes, using diffoscope are those I
mentioned earlier.

I hope this gives you enough intel, I'm available if you need more of if
you wish me to reduce the set of changes.

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.
diff -Nru lxc-templates-3.0.3/configure lxc-templates-3.0.4/configure
--- lxc-templates-3.0.3/configure   2018-11-23 01:48:22.0 +0100
+++ lxc-templates-3.0.4/configure   2019-06-22 00:57:26.0 +0200
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for lxc-templates 3.0.3.
+# Generated by GNU Autoconf 2.69 for lxc-templates 3.0.4.
 #
 #
 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -577,8 +577,8 @@
 # Identity of this package.
 PACKAGE_NAME='lxc-templates'
 PACKAGE_TARNAME='lxc-templates'
-PACKAGE_VERSION='3.0.3'
-PACKAGE_STRING='lxc-templates 3.0.3'
+PACKAGE_VERSION='3.0.4'
+PACKAGE_STRING='lxc-templates 3.0.4'
 PACKAGE_BUGREPORT=''
 PACKAGE_URL=''
 
@@ -1321,7 +1321,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures lxc-templates 3.0.3 to adapt to many kinds of systems.
+\`configure' configures lxc-templates 3.0.4 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1392,7 +1392,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
- short | recursive ) echo "Configuration of lxc-templates 3.0.3:";;
+ short | recursive ) echo "Configuration of lxc-templates 3.0.4:";;
esac
   cat <<\_ACEOF
 
@@ -1500,7 +1500,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-lxc-templates configure 3.0.3
+lxc-templates configure 3.0.4
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1752,7 +1752,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by lxc-templates $as_me 3.0.3, which was
+It was created by lxc-templates $as_me 3.0.4, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2615,7 +2615,7 @@
 
 # Define the identity of the package.
  PACKAGE='lxc-templates'

Bug#958173: buster-pu: package lxc-templates/3.0.3-1

[Pierre-Elliott Bécue]

uot;"\`\$]/&/g'`"
 ac_cs_version="\\
-lxc-templates config.status 3.0.3
+lxc-templates config.status 3.0.4
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -Nru lxc-templates-3.0.3/configure.ac lxc-templates-3.0.4/configure.ac
--- lxc-templates-3.0.3/configure.ac2018-11-23 01:48:17.0 +0100
+++ lxc-templates-3.0.4/configure.ac2019-06-22 00:57:21.0 +0200
@@ -1,7 +1,7 @@
 #   -*- Autoconf -*-
 # Process this file with autoconf to produce a configure script.
 
-AC_INIT([lxc-templates], [3.0.3])
+AC_INIT([lxc-templates], [3.0.4])
 AM_INIT_AUTOMAKE
 
 # We need pkg-config
diff -Nru lxc-templates-3.0.3/debian/changelog 
lxc-templates-3.0.4/debian/changelog
--- lxc-templates-3.0.3/debian/changelog    2018-12-04 08:47:01.0 
+0100
+++ lxc-templates-3.0.4/debian/changelog2020-04-19 11:59:35.0 
+0200
@@ -1,3 +1,30 @@
+lxc-templates (3.0.4-3) unstable; urgency=medium
+
+  [ Debian Janitor ]
+  * Drop unnecessary dependency on dh-autoreconf.
+  * Rely on pre-initialized dpkg-architecture variables.
+
+ -- Pierre-Elliott Bécue   Sun, 19 Apr 2020 11:59:35 +0200
+
+lxc-templates (3.0.4-2) unstable; urgency=medium
+
+  * d/p/0001: [lxc-debian] Handle languages that are only UTF-8 encoded
+(Closes: #950840)
+  * Bump Standards-Version to 4.5.0
+  * Set Rules-Requires-Root to no
+
+ -- Pierre-Elliott Bécue   Wed, 15 Apr 2020 17:02:34 +0200
+
+lxc-templates (3.0.4-1) unstable; urgency=medium
+
+  * New upstream release 3.0.4
+  * d/control:
+- Bump Standards-Version to 4.4.0
+- Use debhelper-compat instead of debian/compat (and raise level to 12)
+  * d/lxc-templates.lintian-overrides: Disable warning for access to dpkg DB
+
+ -- Pierre-Elliott Bécue   Tue, 20 Aug 2019 13:49:53 +0200
+
 lxc-templates (3.0.3-1) unstable; urgency=medium
 
   * d/control:
diff -Nru lxc-templates-3.0.3/debian/compat lxc-templates-3.0.4/debian/compat
--- lxc-templates-3.0.3/debian/compat   2018-12-04 08:47:01.0 +0100
+++ lxc-templates-3.0.4/debian/compat   1970-01-01 01:00:00.0 +0100
@@ -1 +0,0 @@
-11
diff -Nru lxc-templates-3.0.3/debian/control lxc-templates-3.0.4/debian/control
--- lxc-templates-3.0.3/debian/control  2018-12-04 08:47:01.0 +0100
+++ lxc-templates-3.0.4/debian/control  2020-04-15 17:03:56.0 +0200
@@ -3,11 +3,12 @@
 Priority: optional
 Maintainer: pkg-lxc 
 Uploaders: Pierre-Elliott Bécue 
-Build-Depends: debhelper (>= 11~)
-Standards-Version: 4.2.1
+Build-Depends: debhelper-compat (= 12)
+Standards-Version: 4.5.0
 Homepage: https://linuxcontainers.org/
 Vcs-Git: https://salsa.debian.org/lxc-team/lxc-templates.git
 Vcs-Browser: https://salsa.debian.org/lxc-team/lxc-templates
+Rules-Requires-Root: no
 
 Package: lxc-templates
 Architecture: linux-any
diff -Nru lxc-templates-3.0.3/debian/lxc-templates.lintian-overrides 
lxc-templates-3.0.4/debian/lxc-templates.lintian-overrides
--- lxc-templates-3.0.3/debian/lxc-templates.lintian-overrides  1970-01-01 
01:00:00.0 +0100
+++ lxc-templates-3.0.4/debian/lxc-templates.lintian-overrides  2019-08-20 
13:49:43.0 +0200
@@ -0,0 +1,3 @@
+# Done in the newly installed container for generating SSH keys. Not the 
cleanest way, but working and not dangerous.
+lxc-templates: uses-dpkg-database-directly usr/share/lxc/templates/lxc-debian
+lxc-templates: uses-dpkg-database-directly usr/share/lxc/templates/lxc-ubuntu
diff -Nru 
lxc-templates-3.0.3/debian/patches/0001-lxc-debian-Handle-languages-that-are-only-UTF-8-enco.patch
 
lxc-templates-3.0.4/debian/patches/0001-lxc-debian-Handle-languages-that-are-only-UTF-8-enco.patch
--- 
lxc-templates-3.0.3/debian/patches/0001-lxc-debian-Handle-languages-that-are-only-UTF-8-enco.patch
  1970-01-01 01:00:00.0 +0100
+++ 
lxc-templates-3.0.4/debian/patches/0001-lxc-debian-Handle-languages-that-are-only-UTF-8-enco.patch
  2020-04-15 17:03:12.0 +0200
@@ -0,0 +1,22 @@
+From: =?utf-8?q?Pierre-Elliott_B=C3=A9cue?= 
+Date: Wed, 15 Apr 2020 16:55:15 +0200
+Subject: [lxc-debian] Handle languages that are only UTF-8 encoded
+
+---
+ templates/lxc-debian.in | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/templates/lxc-debian.in b/templates/lxc-debian.in
+index 4388478..f6b9f2c 100644
+--- a/templates/lxc-debian.in
 b/templates/lxc-debian.in
+@@ -129,7 +129,8 @@ EOF
+ chroot "$rootfs" locale-gen en_US.UTF-8 UTF-8
+ chroot "$rootfs" update-locale LANG=en_US.UTF-8
+ else
+-encoding=$(echo "$LANG" | cut -d. -f2)
++encoding=$(locale charmap)
++[ -z "${encoding}" ] && encoding="UTF-8"
+ chroot "$rootfs" sed -e "s/^# \(${LANG} ${encoding}\)/\1/" \
+ -i /etc/locale.gen 2> /dev/null
+ cat >> "$rootfs/etc/locale.gen" << EOF
diff -Nru 

Bug#927759: unblock: lxc/1:3.1.0+really3.0.3-8

[Pierre-Elliott Bécue]

Le lundi 22 avril 2019 à 21:40:31+0200, Pierre-Elliott Bécue a écrit :
> Subject: unblock: lxc/1:3.1.0+really3.0.3-8
> Package: release.debian.org
> User: release.debian@packages.debian.org
> Usertags: unblock
> Severity: normal
> X-Debbugs-Cc: pkg-lxc-de...@lists.alioth.debian.org
> 
> Dear release team,
> 
> Please unblock package lxc 1:3.1.0+really3.0.3-8 from unstable to
> testing.
> 
> This release fixes the important bug 925899[0] and introduces a little
> more documentation regarding unprivileged containers which behave differently
> from the privileged ones.
> 
> As the changes made in -7 release were not actually appropriate (I sed a
> dependency on apparmor, which is quite strong), I had to do another
> release to revert some of these. The whole diff is attached and remains
> quite decent.
> 
> Thanks a lot for considering. :)
> 
> unblock lxc/1:3.1.0+really3.0.3-8
> 
> [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925899
> 
> -- System Information:
> Debian Release: buster/sid
>   APT prefers testing
>   APT policy: (990, 'testing'), (500, 'unstable')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores)
> Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: 
> LC_ALL set to fr_FR.UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: 
> LC_ALL set to fr_FR.UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled

*grmbl* forgotten attachment *grmbl*

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.
diff -Nru lxc-3.1.0+really3.0.3/debian/changelog lxc-3.1.0+really3.0.3/debian/changelog
--- lxc-3.1.0+really3.0.3/debian/changelog	2019-03-09 15:49:21.0 +0100
+++ lxc-3.1.0+really3.0.3/debian/changelog	2019-04-14 15:46:47.0 +0200
@@ -1,3 +1,24 @@
+lxc (1:3.1.0+really3.0.3-8) unstable; urgency=medium
+
+  * d/control:
+- bin:lxc sets AppArmor as a Recommend instead of a Dependency
+  * d/README.Debian:
+- Update the documentation to explain how to manage containers not
+  starting if AppArmor is missing.
+
+ -- Pierre-Elliott Bécue   Sun, 14 Apr 2019 15:46:47 +0200
+
+lxc (1:3.1.0+really3.0.3-7) unstable; urgency=medium
+
+  * d/ccontrol:
+- Add a dependency to AppArmor for lxc package as the default.conf file
+  includes an AppArmor profile.
+  * d/{NEWS,README.Debian}:
+- Add appropriate documentation for unprivileged containers
+  (Closes: #925899)
+
+ -- Pierre-Elliott Bécue   Tue, 09 Apr 2019 02:03:05 +0200
+
 lxc (1:3.1.0+really3.0.3-6) unstable; urgency=medium
 
   * d/patches/0005: Tweaks the 0004 patch for CVE-2019-5736 (Closes: #923932)
diff -Nru lxc-3.1.0+really3.0.3/debian/control lxc-3.1.0+really3.0.3/debian/control
--- lxc-3.1.0+really3.0.3/debian/control	2019-01-10 23:26:17.0 +0100
+++ lxc-3.1.0+really3.0.3/debian/control	2019-04-14 15:27:01.0 +0200
@@ -33,7 +33,8 @@
  ${misc:Depends},
  ${shlibs:Depends},
  lsb-base (>= 3.0-6)
-Recommends: bridge-utils,
+Recommends: apparmor,
+bridge-utils,
 debootstrap,
 dirmngr,
 dnsmasq-base,
@@ -46,7 +47,7 @@
 openssl,
 rsync,
 uidmap
-Suggests: apparmor, btrfs-progs, lvm2, python3-lxc
+Suggests: btrfs-progs, lvm2, python3-lxc
 Description: Linux Containers userspace tools
  Containers are insulated areas inside a system, which have their own namespace
  for filesystem, network, PID, IPC, CPU and memory allocation and which can be
diff -Nru lxc-3.1.0+really3.0.3/debian/NEWS lxc-3.1.0+really3.0.3/debian/NEWS
--- lxc-3.1.0+really3.0.3/debian/NEWS	2019-03-09 15:49:19.0 +0100
+++ lxc-3.1.0+really3.0.3/debian/NEWS	2019-04-09 02:02:51.0 +0200
@@ -6,7 +6,7 @@
   lxc-update-config is available to update automatically your
   configuration files. An automatic update is possible and offered by
   debconf during the upgrade of lxc version < 3.0.2 to lxc version >=
-  3.0.2. Mind that this update will only work for priviledged containers
+  3.0.2. Mind that this update will only work for privileged containers
   with configurations present in /var/lib/lxc/*/config and any other
   container will not be updated.
2. AppArmor support in Debian has increased, thus preventing some systemd
@@ -20,7 +20,13 @@
 
   These parameters are provided in the `/etc/lxc/default.conf` file
   shipped with LXC 3. Hence, any newly created container will have these
-  parameters set properly, execpt if you alter the forementionned file.
+  parameters set properly, except if you alter the aforementioned file.
+
+  WARNING: Note that with these parameters, unprivileged conta

Bug#927759: unblock: lxc/1:3.1.0+really3.0.3-8

[Pierre-Elliott Bécue]

Subject: unblock: lxc/1:3.1.0+really3.0.3-8
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
X-Debbugs-Cc: pkg-lxc-de...@lists.alioth.debian.org

Dear release team,

Please unblock package lxc 1:3.1.0+really3.0.3-8 from unstable to
testing.

This release fixes the important bug 925899[0] and introduces a little
more documentation regarding unprivileged containers which behave differently
from the privileged ones.

As the changes made in -7 release were not actually appropriate (I sed a
dependency on apparmor, which is quite strong), I had to do another
release to revert some of these. The whole diff is attached and remains
quite decent.

Thanks a lot for considering. :)

unblock lxc/1:3.1.0+really3.0.3-8

[0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925899

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to fr_FR.UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to fr_FR.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.


signature.asc
Description: PGP signature

Bug#924427: unblock: lxc/1:3.1.0+really3.0.3-4

[Pierre-Elliott Bécue]

Le mardi 12 mars 2019 à 22:25:53+0100, Pierre-Elliott Bécue a écrit :
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Dear Release Managers,
> 
> I'd llike to ask you to please unblock package lxc version
> 1:3.1.0+really3.0.3-6 currently lying in unstable, so it replaces lxc
> version 1:3.1.0+really3.0.3-4 currently in testing.
> 
> Indeed, Antonio Terceiro did an upload for 1:3.1.0+really3.0.3-5 in
> unstable on March the 2nd, with changes regarding Debconf translation in
> Dutch (see bug #923328 [0]) and another change to fix an issue I
> introduced in the provided `/etc/lxc/default.conf` file, which made it
> not usable without a fix by the end user. (see bug #923395 [1])
> 
> Although these changes should have reached testing before the freeze, I
> realized that changes I've made for 1:3.1.0+really3.0.3-4 to fix a CVE
> introduced some anomalies due to upstream patch not being enough (see
> bug #923932 [2]), and that I forgot to update debian/NEWS with proper
> instructions regarding the breaking changes from LXC2 to 3. (explain the
> reason for the unblock here)
> 
> Hence I did a 1:3.1.0+really3.0.3-6 upload in unstable to include these
> changes, and it reset the counter for -5.
> 
> Attached is a debdiff between testing and unstable.
> 
> Thanks a lot for considering such an unblock.
> 
> With best regards,

Sorry for forgetting:

[0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923328
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923395
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923932

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.


signature.asc
Description: PGP signature

Bug#924427: unblock: lxc/1:3.1.0+really3.0.3-4

[Pierre-Elliott Bécue]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear Release Managers,

I'd llike to ask you to please unblock package lxc version
1:3.1.0+really3.0.3-6 currently lying in unstable, so it replaces lxc
version 1:3.1.0+really3.0.3-4 currently in testing.

Indeed, Antonio Terceiro did an upload for 1:3.1.0+really3.0.3-5 in
unstable on March the 2nd, with changes regarding Debconf translation in
Dutch (see bug #923328 [0]) and another change to fix an issue I
introduced in the provided `/etc/lxc/default.conf` file, which made it
not usable without a fix by the end user. (see bug #923395 [1])

Although these changes should have reached testing before the freeze, I
realized that changes I've made for 1:3.1.0+really3.0.3-4 to fix a CVE
introduced some anomalies due to upstream patch not being enough (see
bug #923932 [2]), and that I forgot to update debian/NEWS with proper
instructions regarding the breaking changes from LXC2 to 3. (explain the
reason for the unblock here)

Hence I did a 1:3.1.0+really3.0.3-6 upload in unstable to include these
changes, and it reset the counter for -5.

Attached is a debdiff between testing and unstable.

Thanks a lot for considering such an unblock.

With best regards,

unblock lxc/1:3.1.0+really3.0.3-4

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to fr_FR.UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to fr_FR.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru lxc-3.1.0+really3.0.3/debian/changelog 
lxc-3.1.0+really3.0.3/debian/changelog
--- lxc-3.1.0+really3.0.3/debian/changelog  2019-02-16 16:21:41.0 
+0100
+++ lxc-3.1.0+really3.0.3/debian/changelog  2019-03-09 15:49:21.0 
+0100
@@ -1,3 +1,22 @@
+lxc (1:3.1.0+really3.0.3-6) unstable; urgency=medium
+
+  * d/patches/0005: Tweaks the 0004 patch for CVE-2019-5736 (Closes: #923932)
+  * d/NEWS: summary of the important changes since LXC2.
+
+ -- Pierre-Elliott Bécue   Sat, 09 Mar 2019 15:49:21 +0100
+
+lxc (1:3.1.0+really3.0.3-5) unstable; urgency=medium
+
+  [ Christian Kastner ]
+  * /etc/default/lxc.conf Change back to lxc.net.0.type
+(Closes: #923395)
+
+  [ Frans Spiesschaert ]
+  * debian/po/nl.po: Add Dutch translation of debconf messages
+(Closes: #923328)
+
+ -- Antonio Terceiro   Sat, 02 Mar 2019 12:33:08 -0300
+
 lxc (1:3.1.0+really3.0.3-4) unstable; urgency=medium
 
   [ Lev Lamberov ]
diff -Nru lxc-3.1.0+really3.0.3/debian/contrib/default.conf 
lxc-3.1.0+really3.0.3/debian/contrib/default.conf
--- lxc-3.1.0+really3.0.3/debian/contrib/default.conf   2019-02-11 
22:59:58.0 +0100
+++ lxc-3.1.0+really3.0.3/debian/contrib/default.conf   2019-03-09 
12:54:41.0 +0100
@@ -1,3 +1,3 @@
-lxc.net.type = empty
+lxc.net.0.type = empty
 lxc.apparmor.profile = generated
 lxc.apparmor.allow_nesting = 1
diff -Nru lxc-3.1.0+really3.0.3/debian/liblxc1.symbols 
lxc-3.1.0+really3.0.3/debian/liblxc1.symbols
--- lxc-3.1.0+really3.0.3/debian/liblxc1.symbols2019-02-16 
16:21:29.0 +0100
+++ lxc-3.1.0+really3.0.3/debian/liblxc1.symbols2019-03-09 
12:54:41.0 +0100
@@ -381,6 +381,7 @@
  lxc_remove_nic_by_idx@Base 1:3.0.2
  lxc_requests_empty_network@Base 1:3.0.2
  lxc_restore_phys_nics_to_netns@Base 1:3.0.2
+ lxc_rexec@Base 1:3.0.3
  lxc_ringbuf_create@Base 1:3.0.2
  lxc_ringbuf_move_read_addr@Base 1:3.0.2
  lxc_ringbuf_read@Base 1:3.0.2
diff -Nru lxc-3.1.0+really3.0.3/debian/NEWS lxc-3.1.0+really3.0.3/debian/NEWS
--- lxc-3.1.0+really3.0.3/debian/NEWS   2018-12-22 22:49:44.0 +0100
+++ lxc-3.1.0+really3.0.3/debian/NEWS   2019-03-09 15:49:19.0 +0100
@@ -1,3 +1,35 @@
+lxc (1:3.1.0+really3.0.3-6) unstable; urgency=medium
+
+  LXC 3 got some significant changes from LXC 2.
+
+   1. The configuration files use different variables. A userland script
+  lxc-update-config is available to update automatically your
+  configuration files. An automatic update is possible and offered by
+  debconf during the upgrade of lxc version < 3.0.2 to lxc version >=
+  3.0.2. Mind that this update will only work for priviledged containers
+  with configurations present in /var/lib/lxc/*/config and any other
+  container will not be updated.
+   2. AppArmor support in Debian has increased, thus preventing some systemd
+  isolation features to work in LXC 3.0.X. Debian has backported some
+  patches from LXC 3.1 that, along with some configurations in a
+  container, will allow systemd isolation features to work.
+
+  The required configuration parameters are the ones which follow:
+