Bug#1073194: bookworm-pu: package lxc-templates/3.0.4.48.g4765da8-1+deb12u1
"Adam D. Barratt" wrote on 17/06/2024 at 19:08:00+0200: > Control: tags -1 -moreinfo +confirmed >> [snip] > > Thanks. Please go ahead. > > Regards, Thanks, done! -- PEB signature.asc Description: PGP signature
Bug#1073194: bookworm-pu: package lxc-templates/3.0.4.48.g4765da8-1+deb12u1
"Adam D. Barratt" wrote on 16/06/2024 at 13:55:09+0200: > On Sun, 2024-06-16 at 13:00 +0200, Pierre-Elliott Bécue wrote: >> Hey, >> >> Jonathan Wiltshire wrote on 15/06/2024 at >> 23:34:32+0200: >> >> > Control: tag -1 moreinfo >> > >> > On Fri, Jun 14, 2024 at 11:53:38AM +0200, Pierre-Elliott Bécue >> > wrote: >> > > [ Reason ] >> > > Two bugs within the lxc-debian template were spotted. Each one >> > > prevents >> > > using a custom mirror when generating a debian-based container >> > > with the >> > > lxc-debian template. >> > > >> > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073130 >> > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073131 >> > >> > These need to be fixed in unstable before an upload to bookworm >> > will be >> > authorised. >> >> I thought I marked it in my mail, but both these bugs are already >> fixed in unstable and testing (the current upstream version in here >> fixed these two bugs). >> > > The BTS doesn't know that. The version graphs on both show the unstable > package as affected. And ticking a box in the p-u request doesn't > change that. :-) > > This is specifically included on the list of criteria for updates to > stable: > >* Bug meta-data - particularly affected versions - must be > up to date My bad. "fixed" tags added to both bugs. > Regards, Bests, -- PEB signature.asc Description: PGP signature
Bug#1073194: bookworm-pu: package lxc-templates/3.0.4.48.g4765da8-1+deb12u1
Hey, Jonathan Wiltshire wrote on 15/06/2024 at 23:34:32+0200: > Control: tag -1 moreinfo > > On Fri, Jun 14, 2024 at 11:53:38AM +0200, Pierre-Elliott Bécue wrote: >> [ Reason ] >> Two bugs within the lxc-debian template were spotted. Each one prevents >> using a custom mirror when generating a debian-based container with the >> lxc-debian template. >> >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073130 >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073131 > > These need to be fixed in unstable before an upload to bookworm will be > authorised. I thought I marked it in my mail, but both these bugs are already fixed in unstable and testing (the current upstream version in here fixed these two bugs). Are you just issing a fixed-in tag on both bugs? -- PEB signature.asc Description: PGP signature
Bug#1073194: bookworm-pu: package lxc-templates/3.0.4.48.g4765da8-1+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: lxc-templa...@packages.debian.org Control: affects -1 + src:lxc-templates [ Reason ] Two bugs within the lxc-debian template were spotted. Each one prevents using a custom mirror when generating a debian-based container with the lxc-debian template. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073130 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073131 [ Impact ] These to bugs will force users to edit manually the lxc-debian code. [ Tests ] shellcheck has been a good friend. [ Risks ] Trivial fixes [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable The changes are adding a missing coma in a getopt call and replacing a DEBIAN_MIRROR variable by a MIRROR variable. diff -Nru lxc-templates-3.0.4.48.g4765da8/debian/changelog lxc-templates-3.0.4.48.g4765da8/debian/changelog --- lxc-templates-3.0.4.48.g4765da8/debian/changelog2022-05-24 00:36:10.0 +0200 +++ lxc-templates-3.0.4.48.g4765da8/debian/changelog2024-06-14 11:50:35.0 +0200 @@ -1,3 +1,11 @@ +lxc-templates (3.0.4.48.g4765da8-1+deb12u1) bookworm; urgency=medium + + * d/p/0004-Fix-debian-mirror-issues-in-lxc-debian.in.patch: +Fixes two issues with the mirror argument in lxc-debian +(Closes: #1073130, #1073131) + + -- Pierre-Elliott Bécue Fri, 14 Jun 2024 11:50:35 +0200 + lxc-templates (3.0.4.48.g4765da8-1) unstable; urgency=medium * New upstream version 3.0.4.48.g4765da8 diff -Nru lxc-templates-3.0.4.48.g4765da8/debian/patches/0004-Fix-debian-mirror-issues-in-lxc-debian.in.patch lxc-templates-3.0.4.48.g4765da8/debian/patches/0004-Fix-debian-mirror-issues-in-lxc-debian.in.patch --- lxc-templates-3.0.4.48.g4765da8/debian/patches/0004-Fix-debian-mirror-issues-in-lxc-debian.in.patch 1970-01-01 01:00:00.0 +0100 +++ lxc-templates-3.0.4.48.g4765da8/debian/patches/0004-Fix-debian-mirror-issues-in-lxc-debian.in.patch 2024-06-14 11:50:22.0 +0200 @@ -0,0 +1,41 @@ +From: =?utf-8?q?Pierre-Elliott_B=C3=A9cue?= +Date: Thu, 13 Jun 2024 11:47:29 +0200 +Subject: Fix debian mirror issues in lxc-debian.in + +Forwarded: not-needed + +lxc-debian has a DEBIAN_MIRROR static variable pointing to an online +mirror. The whole template uses a MIRROR variable that is defined by a +--mirror option when the template is called in and defaults to +DEBIAN_MIRROR otherwise. Sadly, two lines were not updates and still +rely on DEBIAN_MIRROR. This prevents the template from working on +non-internet-connected environments. This has been fixed upstream + +Also a typo in the getopt line makex the --mirror option non-usable, +this is fixed. +--- + templates/lxc-debian.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/templates/lxc-debian.in b/templates/lxc-debian.in +index a1292ff..7501a5a 100644 +--- a/templates/lxc-debian.in b/templates/lxc-debian.in +@@ -754,7 +754,7 @@ EOF + return 0 + } + +-options=$(getopt -o hp:n:a:r:cI:FS: -l arch:,auth-key:,clean,help,enable-non-free,mirror:keyring:,name:,packages:,path:,release:,rootfs:,security-mirror:,interpreter-path:,flush-cache -- "$@") ++options=$(getopt -o hp:n:a:r:cI:FS: -l arch:,auth-key:,clean,help,enable-non-free,mirror:,keyring:,name:,packages:,path:,release:,rootfs:,security-mirror:,interpreter-path:,flush-cache -- "$@") + if [ $? -ne 0 ]; then + usage "$(basename "$0")" + exit 1 +@@ -825,7 +825,7 @@ if [ "$arch" = "x86_64" ]; then + fi + + +-testing_release_file=${DEBIAN_MIRROR}/dists/testing/main/binary-${arch}/Release ++testing_release_file=${MIRROR}/dists/testing/main/binary-${arch}/Release + if ! wget -q -O /dev/null "${testing_release_file}"; then + echo "${arch} does not look like a release architecture, trying debian ports" + # non-release architecture; assume debian-ports architecture diff -Nru lxc-templates-3.0.4.48.g4765da8/debian/patches/series lxc-templates-3.0.4.48.g4765da8/debian/patches/series --- lxc-templates-3.0.4.48.g4765da8/debian/patches/series 2022-05-24 00:36:10.0 +0200 +++ lxc-templates-3.0.4.48.g4765da8/debian/patches/series 2024-06-14 11:50:22.0 +0200 @@ -1,3 +1,4 @@ 0002-Add-references-to-mmdebstrap-and-some-documentation-.patch 0003-Handle-properly-the-future-security-repositories.patch 0004-Fixes-path-variable-in-some-templates.patch +0004-Fix-debian-mirror-issues-in-lxc-debian.in.patch
Re: Coordinate response to xz-utils (DSA 5649-1)
Ansgar 🙀 wrote on 29/03/2024 at 23:59:38+0100: > Hi, > > how should we react to the compromised xz-utils upload? > > Ubuntu is reverting their amd64 binaries to pre-Feb 25 and rebuilding > stuff. > > On Debian side AFAIU currently amd64 buildds are paused and pending > reinstall (plus rotation of key material, both OpenPGP and SSH). > > People are starting to investigate packages that have been built since > the compromised xz-utils was uploaded, including packages built for > stable suites using reproducible builds. Is there someone keeping track > of this? > > Should we also reset the archive to some prior state and rebuilt > packages like Ubuntu? Do we need to revert to an earlier date as > vulnerable versions have been uploaded to experimental on 2024-02-01 > (but the earlier version might only have corrupted test files, not the > payload enabler)? If so, which suites and which architectures? (This > will likely take a while to prepare.) Considering the payload enabler, I'd focus on amd64 arch and not touch the archive for anything else. > Do we need any other immediate actions? > > Should we use something other than mail to keep track of what we want > to do? (Mail threads can become hard to keep track of after all.) Not sure, but RT could serve this purpose I guess. Or, alternatively, a (reasonably private) pad. > (Let us please keep future improvements such as more isolated builds > out of this particular discussion.) -- PEB signature.asc Description: PGP signature
Bug#1064029: bookworm-pu: package mailman3/3.3.8-2~deb12u2
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: mailm...@packages.debian.org Control: affects -1 + src:mailman3 Hi, Some bugs affecting mailman3 are found in bookworm. I fixed these in unstable but forgot to do a stable-pu. [ Reason ] Bug #1040708 is about a change in the way sqlalchemy reads postgresql URIs. Historically the prefix in this URI was postgres. Now it's postgresql. Therefore the default config for mailman3 is broken under bookworm. Bug #1038953 is about tracking cron-daemon instead of cron to allow more flexibility should one wish to use something else than cron. It was supposed to be done for some time. [ Impact ] The first one will force users to fix the config if they wish to work with postgresql. [ Tests ] Installed fixed version works fine. [ Risks ] Changes are trivial. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable diff -Nru mailman3-3.3.8/debian/changelog mailman3-3.3.8/debian/changelog --- mailman3-3.3.8/debian/changelog 2023-06-23 01:03:08.0 +0200 +++ mailman3-3.3.8/debian/changelog 2024-02-15 23:59:26.0 +0100 @@ -1,3 +1,11 @@ +mailman3 (3.3.8-2~deb12u2) bookworm; urgency=medium + + * bookworm-pu of two fixes +- s/postgres/postgresql/ in config files +- Add replacement dependency on cron to cron-daemon + + -- Pierre-Elliott Bécue Thu, 15 Feb 2024 23:59:26 +0100 + mailman3 (3.3.8-2~deb12u1) bookworm; urgency=medium * Bookworm-pu of 4 bug fixes diff -Nru mailman3-3.3.8/debian/contrib/mailman.cfg.sample mailman3-3.3.8/debian/contrib/mailman.cfg.sample --- mailman3-3.3.8/debian/contrib/mailman.cfg.sample2023-06-23 01:03:08.0 +0200 +++ mailman3-3.3.8/debian/contrib/mailman.cfg.sample2024-02-15 23:59:26.0 +0100 @@ -170,7 +170,7 @@ # 'configuration' substitutions. url: sqlite:///$DATA_DIR/mailman.db #url: mysql+pymysql://mailman3:mmpass@localhost/mailman3?charset=utf8&use_unicode=1 -#url: postgres://mailman3:mmpass@localhost/mailman3 +#url: postgresql://mailman3:mmpass@localhost/mailman3 debug: no diff -Nru mailman3-3.3.8/debian/control mailman3-3.3.8/debian/control --- mailman3-3.3.8/debian/control 2023-06-23 01:03:08.0 +0200 +++ mailman3-3.3.8/debian/control 2024-02-15 23:59:26.0 +0100 @@ -44,7 +44,7 @@ Architecture: all Depends: dbconfig-sqlite3 | dbconfig-pgsql | dbconfig-mysql | dbconfig-no-thanks, logrotate, - cron, + cron | cron-daemon, python3-falcon (>> 1.0.0), python3-psycopg2 | python3-pymysql, ucf, diff -Nru mailman3-3.3.8/debian/mailman3.postinst mailman3-3.3.8/debian/mailman3.postinst --- mailman3-3.3.8/debian/mailman3.postinst 2023-06-23 01:03:08.0 +0200 +++ mailman3-3.3.8/debian/mailman3.postinst 2024-02-15 23:59:26.0 +0100 @@ -52,7 +52,7 @@ pgsql) sed -i -e 's|^#\?\s*\(class: mailman\.database\.postgresql\.PostgreSQLDatabase\)$|\1|' \ $mailmancfg_new -sed -i -e "s|^#\?\s*url: postgres://.*$|url: postgres://$dbc_dbuser:$dbc_dbpass@$dbc_dbserver/$dbc_dbname|" \ +sed -i -e "s|^#\?\s*url: postgresql://.*$|url: postgresql://$dbc_dbuser:$dbc_dbpass@$dbc_dbserver/$dbc_dbname|" \ $mailmancfg_new ;; mysql)
Bug#1060290: bullseye-pu: package django-mailman3/1.3.5-2
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu Hello, Some users brought to my attention that in bullseye, django-mailman3 doesn't scrub messages properly before passing them to any archiver, and therefore some messages are not archived. This PU patches django-mailman3 so that it processes messages having a null-byte in their body properly. [ Reason ] The bug probably has existed all the time before the patch made upstream there: https://gitlab.com/mailman/django-mailman3/-/commit/5bc1f6e8ca4d95ea4e2be861821cb17f168f8d1b?merge_request_iid=121 [ Impact ] Messages received by mailman3 might not be archived properly archived. [ Tests ] Tests were designed upstream, but require binary files to be added to the code, which can't be done through a quilt patch, so I have not included the tests. [ Risks ] The patch works properly. Should a bug arise due to the new code, archiving would be broken. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Explicit replacement of nullbyte characters by '' in a message body when scrubbing. dpkg-source: avertissement: extraction d'un paquet source non signé (/home/peb/git/debian/mailman-team/django-mailman3/django-mailman3_1.3.5-2.dsc) dpkg-source: avertissement: extraction d'un paquet source non signé (/home/peb/git/debian/mailman-team/django-mailman3/django-mailman3_1.3.5-2+deb11u1.dsc) diff -Nru django-mailman3-1.3.5/debian/changelog django-mailman3-1.3.5/debian/changelog --- django-mailman3-1.3.5/debian/changelog 2021-03-04 00:23:46.0 +0100 +++ django-mailman3-1.3.5/debian/changelog 2024-01-08 22:32:29.0 +0100 @@ -1,3 +1,10 @@ +django-mailman3 (1.3.5-2+deb11u1) bullseye; urgency=medium + + * d/p/0001: Fix archiving issues due to nullbytes in message body +(Closes: #1033256) + + -- Pierre-Elliott Bécue Mon, 08 Jan 2024 22:32:29 +0100 + django-mailman3 (1.3.5-2) unstable; urgency=medium * Compile django LC messages at build time diff -Nru django-mailman3-1.3.5/debian/patches/0001-Scrubber-now-removes-null-bytes-from-the-scrubbed-me.patch django-mailman3-1.3.5/debian/patches/0001-Scrubber-now-removes-null-bytes-from-the-scrubbed-me.patch --- django-mailman3-1.3.5/debian/patches/0001-Scrubber-now-removes-null-bytes-from-the-scrubbed-me.patch 1970-01-01 01:00:00.0 +0100 +++ django-mailman3-1.3.5/debian/patches/0001-Scrubber-now-removes-null-bytes-from-the-scrubbed-me.patch 2024-01-08 22:32:29.0 +0100 @@ -0,0 +1,43 @@ +From: =?utf-8?q?Pierre-Elliott_B=C3=A9cue?= +Date: Mon, 8 Jan 2024 22:40:38 +0100 +Subject: Scrubber now removes null bytes from the scrubbed message body. + +--- + README.rst | 1 + + django_mailman3/lib/scrub.py | 5 - + 3 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/README.rst b/README.rst +index 775b158..98264be 100644 +--- a/README.rst b/README.rst +@@ -17,6 +17,7 @@ NEWS + * Add a new method get_django_user to return Django User model. (See !99) + * Add ``delete_archives`` field to ``mailinglist_deleted`` Signal. + * Replaced deprecated ``ugettexy_lazy`` with ``gettext_lazy``. (Closes #37) ++* Scrubber now removes null bytes from the scrubbed message body. + + + 1.3.4 (2020-06-05) +diff --git a/django_mailman3/lib/scrub.py b/django_mailman3/lib/scrub.py +index f35761b..2be66c9 100644 +--- a/django_mailman3/lib/scrub.py b/django_mailman3/lib/scrub.py +@@ -248,6 +248,8 @@ class Scrubber(): + next_part_match = NEXT_PART.search(result) + if next_part_match: + result = result[0:next_part_match.start(0)] ++# MAS Remove any null butes from the result. ++result = re.sub('\x00', '', result) + return result + + def _get_text(self): +@@ -276,6 +278,7 @@ class Scrubber(): + if not part_content.endswith('\n'): + part_content += '\n' + text.append(part_content) +-return '\n'.join(text) ++# MAS remove any null bytes from the text. ++return re.sub('\x00', '', '\n'.join(text)) + else: + return self._get_text_one_part(self.msg) diff -Nru django-mailman3-1.3.5/debian/patches/series django-mailman3-1.3.5/debian/patches/series --- django-mailman3-1.3.5/debian/patches/series 1970-01-01 01:00:00.0 +0100 +++ django-mailman3-1.3.5/debian/patches/series 2024-01-08 22:32:29.0 +0100 @@ -0,0 +1 @@ +0001-Scrubber-now-removes-null-bytes-from-the-scrubbed-me.patch
Bug#1038906: bookworm-pu: package mailman3/3.3.8-1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu Hi, Multiple small bugs could have been fixed before the bookworm release, but having been elsewhere in my mind, I let those slip. I'd therefore like to submit this debdiff for a stable-pu. The package with these fixes has been uploaded to unstable around 20 minutes ago. [ Reason ] Fixes bugs #1030156, #1032684, #1032080, with no codebase change, only packaging changes. [ Impact ] The cron raises an error when it's called, which is annoying. Italian and Romanian users would be sad pandas. The mariadb thing is a bit harsher as any user using mailman3 with mariadb currently needs to fix mailman3 after a reboot. [ Tests ] None, but I did deploy this version on my production server to check that it works. [ Risks ] Changes are trivial [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Two languages translations for debconf templates One cron removal Systemd service dependencies fixup And a gbp.conf branch update Thanks! <3 diff -Nru mailman3-3.3.8/debian/changelog mailman3-3.3.8/debian/changelog --- mailman3-3.3.8/debian/changelog 2023-01-29 12:41:29.0 +0100 +++ mailman3-3.3.8/debian/changelog 2023-06-23 01:03:08.0 +0200 @@ -1,3 +1,23 @@ +mailman3 (3.3.8-2~deb12u1) bookworm; urgency=medium + + * Bookworm-pu of 4 bug fixes + + -- Pierre-Elliott Bécue Fri, 23 Jun 2023 01:03:08 +0200 + +mailman3 (3.3.8-2) unstable; urgency=medium + + * Drop an unneeded cron from mailman3 + * Add an After=mariadb.service, Wants=mariadb.service in mailman3 service +(this is harmless if mariadb is missing) (Closes: #1030156) + + [ Remus-Gabriel Chelu ] + * Add Romanian translation for debconf templates (Closes: #1032684) + + [ Ceppo ] + * Add Italian translation for debconf templates (Closes: #1032080) + + -- Pierre-Elliott Bécue Fri, 23 Jun 2023 00:49:01 +0200 + mailman3 (3.3.8-1) unstable; urgency=medium * New upstreeam release: 3.3.8 diff -Nru mailman3-3.3.8/debian/gbp.conf mailman3-3.3.8/debian/gbp.conf --- mailman3-3.3.8/debian/gbp.conf 2023-01-29 11:46:07.0 +0100 +++ mailman3-3.3.8/debian/gbp.conf 2023-06-23 01:03:05.0 +0200 @@ -1,2 +1,3 @@ [DEFAULT] pristine-tar = True +debian-branch = debian/bookworm diff -Nru mailman3-3.3.8/debian/mailman3.cron.d mailman3-3.3.8/debian/mailman3.cron.d --- mailman3-3.3.8/debian/mailman3.cron.d 2023-01-29 11:46:07.0 +0100 +++ mailman3-3.3.8/debian/mailman3.cron.d 2023-06-23 00:29:15.0 +0200 @@ -8,6 +8,3 @@ # At 12AM, send mail digests for lists that do periodic as well as threshold delivery 0 12 * * * list if [ -x /usr/bin/mailman ]; then /usr/bin/mailman digests --periodic; fi - -# Every 15 minutes, gate messages from usenet to those lists which have the gateway configured -*/15 * * * * listif [ -x /usr/bin/mailman ]; then /usr/bin/mailman gatenews; fi diff -Nru mailman3-3.3.8/debian/mailman3.service mailman3-3.3.8/debian/mailman3.service --- mailman3-3.3.8/debian/mailman3.service 2023-01-29 11:46:07.0 +0100 +++ mailman3-3.3.8/debian/mailman3.service 2023-06-23 00:44:46.0 +0200 @@ -5,6 +5,8 @@ Documentation=man:mailman(1) Documentation=https://mailman.readthedocs.io/ ConditionPathExists=/etc/mailman3/mailman.cfg +After=mariadb.service +Wants=mariadb.service [Service] ExecStart=/usr/bin/mailman -C /etc/mailman3/mailman.cfg start --force diff -Nru mailman3-3.3.8/debian/po/it.po mailman3-3.3.8/debian/po/it.po --- mailman3-3.3.8/debian/po/it.po 1970-01-01 01:00:00.0 +0100 +++ mailman3-3.3.8/debian/po/it.po 2023-06-23 00:34:03.0 +0200 @@ -0,0 +1,73 @@ +# mailman3 po-debconf Italian translation +# Copyright (C) 2023 mailman3's copyright holder +# This file is distributed under the same license as the mailman3 package. +# Ceppo , 2023. +# +msgid "" +msgstr "" +"Project-Id-Version: mailman3\n" +"Report-Msgid-Bugs-To: mailm...@packages.debian.org\n" +"POT-Creation-Date: 2018-03-15 10:57+0100\n" +"PO-Revision-Date: 2023-02-09 00:00+\n" +"Last-Translator: Ceppo \n" +"Language-Team: Italian \n" +"Language: it\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Add the HyperKitty configuration to mailman.cfg?" +msgstr "Aggiungere la configurazione di HyperKitty a mailman.cfg?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"Mailman3 needs additional configuration in mailman.cfg in order to send &qu
Re: Debian 8.3 Jessie KEYEXPIRED 11645052400
Alan Homobono wrote on 13/05/2023 at 05:56:45+0200: > Trying to upgrade Debian 8.3 Jessie to Debian 10.13 Buster, I continue > getting "KEYEXPIRED" error message after run apt-get update, even renewing > expired keys: > > # apt-key list | grep -A 1 expired > pub 1024D/5072E1F5 2003-02-03 [expired: 2022-02-16] > uid MySQL Release Engineering > > -- > pub 4096R/518E17E1 2013-08-17 [expired: 2021-08-15] > uid Jessie Stable Release Key > > -- > pub 4096R/65FFB764 2012-05-08 [expired: 2019-05-07] > uid Wheezy Stable Release Key > > > > # apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 5072E1F5 > ; apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 518E17E1 > ; apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 65FFB764 > Executing: gpg --ignore-time-conflict --no-options --no-default-keyring > --homedir /tmp/tmp.dux8x5wGCC --no-auto-check-trustdb --trust-model always > --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg > --keyring /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg > --keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver > hkp://keyserver.ubuntu.com:80 --recv-keys 5072E1F5 > gpg: requesting key 5072E1F5 from hkp server keyserver.ubuntu.com > gpg: key 5072E1F5: "MySQL Release Engineering > " not changed > gpg: Número total processado: 1 > gpg: não modificados: 1 > Executing: gpg --ignore-time-conflict --no-options --no-default-keyring > --homedir /tmp/tmp.4zdbdTUejR --no-auto-check-trustdb --trust-model always > --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg > --keyring /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg > --keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver > hkp://keyserver.ubuntu.com:80 --recv-keys 518E17E1 > gpg: requesting key 518E17E1 from hkp server keyserver.ubuntu.com > gpg: key 518E17E1: "Jessie Stable Release Key > " not changed > gpg: Número total processado: 1 > gpg: não modificados: 1 > Executing: gpg --ignore-time-conflict --no-options --no-default-keyring > --homedir /tmp/tmp.SxFd1nEp2W --no-auto-check-trustdb --trust-model always > --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg > --keyring /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg > --keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver > hkp://keyserver.ubuntu.com:80 --recv-keys 65FFB764 > gpg: requesting key 65FFB764 from hkp server keyserver.ubuntu.com > gpg: key 65FFB764: "Wheezy Stable Release Key > " not changed > gpg: Número total processado: 1 > gpg: não modificados: 1 > > > # apt-get update > ... > Lendo listas de pacotes... Pronto > W: Ocorreu um erro durante a verificação da assinatura. O repositório não > está actualizado e serão utilizados os ficheiros anterio
Re: Stop sending me email
nicolas baumann wrote on 13/12/2022 at 07:43:07+0100: > Please stop e-mails to me. > Thanks. > > Envoyé à partir de Outlook pour iOS Feel free to unregister from that list there: https://lists.debian.org/debian-release/ Regards, -- PEB
Re: Opinion on splitting official architecture (tiers)
Paul Gevers wrote on 08/09/2022 at 22:35:35+0200: > [[PGP Signed Part:No public key for 9C5C99EB05BD750A created at > 2022-09-08T22:35:35+0200 using RSA]] > Hi, > > On 08-09-2022 22:14, Pierre-Elliott Bécue wrote: >> Would tier II be exclusively composed of builders that are currently >> supported by DSA? > > My current proposal is ONLY about splitting the current release > architectures. And for the future, my idea for tier II (or Best > Effort) would indeed be only DSA supported architectures. I think that as long as it adds no extra work/builders to maintain, it should be fine for DSA. I'll let my teammates yell if I'm wrong. Cheers! -- PEB signature.asc Description: PGP signature
Re: Opinion on splitting official architecture (tiers)
Hi, Paul Gevers wrote on 08/09/2022 at 13:00:11+0200: > [[PGP Signed Part:No public key for 9C5C99EB05BD750A created at > 2022-09-08T13:00:11+0200 using RSA]] > Hi all, > > On 01-09-2022 14:18, Paul Gevers wrote: >> Of course there are details to figure out and agree on, but before >> diving into those I'd like to hear if you are open to support the >> idea (hopefully even in time for bookworm) or if there are already >> deep concerns (that would take long to resolve if at all). > > Although I wasn't expecting a big wave of enthousiasme from this > audience, I was expecting at least some reply with concerns. Given > that there hasn't been any reply, I don't know how you feel about > this. > > To be able to proceed before the bookworm freeze, I'm going to assume > that in general this split (that shouldn't really impact DSA and > ftp-master work [1]) is acceptable by you if there's no reply in two > weeks. I'll work out more details after that. > > Paul > > [1] I predict it may even reduce the amount of architecture specific > removal requests in unstable, where the porters have a chance to fix > broken packages. Would tier II be exclusively composed of builders that are currently supported by DSA? Cheers! -- PEB signature.asc Description: PGP signature
Re: Désabonnement
Florian LECUYER wrote on 28/03/2022 at 21:23:33+0200: > Bonjour > > Merci de retirer mon adresse mail de votre liste de distribution. > > Cordialement Pour vous désinscrire d'une liste debian.org, il suffit de vous rendre sur sa page, (pour debian-release, c'est https://lists.debian.org/debian-release/ ) de mettre votre courriel dans le formulaire et de cliquer sur "unsubscribe". Vous recevrez un mail à suivre pour confirmer votre désinscription, et ensuite vous aurez la paix pour de bon. (à réitérer pour chaque liste dont vous souhaitez vous désabonner) -- PEB signature.asc Description: PGP signature
Bug#1004192: bullseye-pu: package django-allauth/0.44.0+ds-1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: lafo...@gnumonks.org Hi, Due to some changes in Python that upstream failed to take into account, django-allauth 0.44.0+ds-1 fails to work with the OpenID auth method. The fix in itself is a simple patch replacing the call to a now nonexistent function of the base64 module by a call to another which replaces it. The debdiff is attached, and the fix already is in unstable and testing. The other changes are the gbp.conf git-debian-branch variable and the addition of a Forwarded: tag in two patches to make lintian happier. Additional information: [ Impact ] Without this upload, openid auth mechanism can't work. In bullseye, django-allauth is mostly used by mailman3, so the scope of impacted users is mailman3 users. [ Tests ] There is no test covering the code, as upstream did not provide unit tests or functional tests. I ran pyflakes3 on it. [ Risks ] Code change is trivial [ Checklist ] [x] *all* changes are documented in the d/changelog - Except the gbp.conf change as it is not even a packaging change. [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Other info ] Thanks for your work <3 diff -Nru django-allauth-0.44.0+ds/debian/changelog django-allauth-0.44.0+ds/debian/changelog --- django-allauth-0.44.0+ds/debian/changelog 2021-01-18 02:25:56.0 +0100 +++ django-allauth-0.44.0+ds/debian/changelog 2022-01-22 13:55:10.0 +0100 @@ -1,3 +1,11 @@ +django-allauth (0.44.0+ds-1+deb11u1) bullseye; urgency=medium + + * Import from 0.47.0-1 the patch to fix OpenID failures. +(Closes: #1003069) + * Disable forwarding for two patches + + -- Pierre-Elliott Bécue Sat, 22 Jan 2022 13:55:10 +0100 + django-allauth (0.44.0+ds-1) unstable; urgency=medium [ Ondřej Nový ] diff -Nru django-allauth-0.44.0+ds/debian/gbp.conf django-allauth-0.44.0+ds/debian/gbp.conf --- django-allauth-0.44.0+ds/debian/gbp.conf2021-01-18 02:25:56.0 +0100 +++ django-allauth-0.44.0+ds/debian/gbp.conf2022-01-22 13:51:42.0 +0100 @@ -1,2 +1,3 @@ [DEFAULT] pristine-tar = True +debian-branch = debian/bullseye diff -Nru django-allauth-0.44.0+ds/debian/patches/0001-Remove-all-privacy-breack-links-from-documentation.patch django-allauth-0.44.0+ds/debian/patches/0001-Remove-all-privacy-breack-links-from-documentation.patch --- django-allauth-0.44.0+ds/debian/patches/0001-Remove-all-privacy-breack-links-from-documentation.patch 2021-01-18 02:25:56.0 +0100 +++ django-allauth-0.44.0+ds/debian/patches/0001-Remove-all-privacy-breack-links-from-documentation.patch 2022-01-22 13:54:22.0 +0100 @@ -2,6 +2,8 @@ Date: Tue, 12 Dec 2017 10:35:57 +0100 Subject: Remove all privacy breack links from documentation +Forwarded: not-needed + --- README.rst | 22 -- 1 file changed, 22 deletions(-) diff -Nru django-allauth-0.44.0+ds/debian/patches/0003-fix-openid-Use-decodebytes-instead-of-decodestring.patch django-allauth-0.44.0+ds/debian/patches/0003-fix-openid-Use-decodebytes-instead-of-decodestring.patch --- django-allauth-0.44.0+ds/debian/patches/0003-fix-openid-Use-decodebytes-instead-of-decodestring.patch 1970-01-01 01:00:00.0 +0100 +++ django-allauth-0.44.0+ds/debian/patches/0003-fix-openid-Use-decodebytes-instead-of-decodestring.patch 2022-01-22 13:55:01.0 +0100 @@ -0,0 +1,36 @@ +From: Karthikeyan Singaravelan +Date: Thu, 20 Jan 2022 00:25:36 +0100 +Subject: fix(openid): Use decodebytes instead of decodestring +Applied-Upstream: https://github.com/pennersr/django-allauth/commit/425dc774fb5d032204b92f0870c3802202259ad3 + +Co-authored-by: Raymond Penners +--- + AUTHORS | 1 + + allauth/socialaccount/providers/openid/utils.py | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/AUTHORS b/AUTHORS +index 4e2ffb6..3fd282b 100644 +--- a/AUTHORS b/AUTHORS +@@ -90,6 +90,7 @@ Joshua Sorenson + Julen Ruiz Aizpuru + Justin Michalicek + Justin Pogrob ++Karthikeyan Singaravelan + Kevin Dice + Koichi Harakawa + Lee Semel +diff --git a/allauth/socialaccount/providers/openid/utils.py b/allauth/socialaccount/providers/openid/utils.py +index cf32213..bfd766c 100644 +--- a/allauth/socialaccount/providers/openid/utils.py b/allauth/socialaccount/providers/openid/utils.py +@@ -102,7 +102,7 @@ class DBOpenIDStore(OIDStore): + for stored_assoc in stored_assocs: + assoc = OIDAssociation( + stored_assoc.handle, +-base64.decodestring(stored_assoc.secret.encode("utf-8")), ++base64.decodebytes(stored_assoc.secret.encode("utf-8")), + stored_assoc.issued, + stored_assoc.lifetime, +
Bug#985063: buster-pu: lxcfs/3.0.3-2+deb10u1
"Adam D. Barratt" wrote on 04/12/2021 at 18:42:19+0100: > Control: tags -1 + confirmed > > On Fri, 2021-03-12 at 12:36 +0100, Pierre-Elliott Bécue wrote: >> Please do tell me if I can upload lxcfs 3.0.3-2+deb10u1 to stable. >> >> A canonical employee reported a swap accounting bug that could make a >> container look like it uses all the host's swap. The fix being minor, >> I've designed a patch I'd like to have uploaded to stable. >> > > oldstable now, but please go ahead, thanks. > > Regards, Done, thanks! Is there a tags I should add on this bug? Cheers! -- PEB signature.asc Description: PGP signature
Re: how to patch package rhonabwy before bullseye release?
Salut Nicolas, Nicolas Mora writes: > Hello release team, > > I'm maintaining the package rhonaby [1] in the debian IoT tem, as well > as being the upstream author. > > Recently, I've fixed two bugs in the library that I'd like to backport > to the debian package in the bullseye release, I consider them to be > important bugfixes. > > Do I have to open a RC bug before pushing the package or can I just > push a new package? > Also, do I have to set the urgency higher than medium? > > Thanks in advance, sorry if my questions are dumb. > > /Nicolas > > [1] https://tracker.debian.org/pkg/rhonabwy Have a look at [0]. We are in the hard freeze part. If your package has passing non-trivial autopkgtest, it'll migrate from unstable to bullseye after 20 days without an unblock request. It is expected that your changes are non big and non-disruptive. BUT, as the full freeze will probably start before the 20 days limit is reached, I can't say how your package migration will be handled. I guess it will be blocked. I would therefore recommend you confirm with a release team member what to do, but I guess an unblock bug with the debdiff opened right now could be a good idea and would probably allow your changes to be part of bullseye if the release-team see it fit. :) 1. Uploading to unstable for now is not a bad idea if the upload is what you expect to see in testing 2. The urgency field is ignored during the currents and future parts of the freeze. Cheers! -- PEB [0] https://release.debian.org/bullseye/freeze_policy.html signature.asc Description: PGP signature
Bug#989750: unblock: lxc/1:4.0.6-2
tags 989750 -moreinfo thanks Hi Sebastian, Le mercredi 16 juin 2021 à 21:05:23+0200, Sebastian Ramacher a écrit : > ACK, please go ahead and remove the moreinfo tag once the package is > available in unstable. > > Cheers Uploaded, and ACCEPTED, I untag, although dak hasn't yet put it in the archive. I hope it'sn fine with you. Thanks and cheers! -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for principles than to live up to them. signature.asc Description: PGP signature
Bug#989750: unblock: lxc/1:4.0.6-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package lxc LXC 4.0.6-1 suffers from many issues that, in my opinion require an update before the release of Bullseye to make our users more comfortable using it. 1. Running unprivileged containers until LXC4 was as simple as running the same LXC commands as a non-root user or as root but with containers config mapping subuids/subgids. Since systemd migrated to pure CGroupv2 hierarchy, there is a need for either a systemd service, or a call to systemd-run as a user. This makes the whole less simple to use and understand for a user. I included two scripts to wrap these systemd-run calls and make the whole more usable. I linked their manpages to lxc-start and lxc-attach as the arguments are passed to these commands. 2. Consequentially, I wrote some more documentation in d/NEWS and d/README.Debian to help our users understanding how to work with unprivileged containers as soon as they will dist-upgrade. 3. Historically, a lxc container had its /proc/sys/net writeable by root when /proc was mounted with the "mixed" option in LXC configuration. Upstream broke that and fixed it recently in a commit in GitHub https://github.com/lxc/lxc/commit/563ec46266b8967f0ee60e0032bbe66b3b37207c I imported that patch as not having /proc/sys/net writeable will break things for our users. 4. In lxc-net configuration, we added a comment to allow users to honor systemd's dnsmasq more easily if needed. As it's a comment, it has no impact. Almost all these changes are in debian/ directory and present no risk for LXC to dysfunction at all. There is just the patch mentioned in 3 which is imported from upstream, and which changes the code. It has been tested upstream and the code alteration is minimal. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing If you need any more intel, please do poke me! I have not yet uploaded the changes to unstable, as I prefer waiting for your feedback. Thanks! unblock lxc/1:4.0.6-2 diff -Nru lxc-4.0.6/debian/changelog lxc-4.0.6/debian/changelog --- lxc-4.0.6/debian/changelog 2021-01-31 18:29:40.0 +0100 +++ lxc-4.0.6/debian/changelog 2021-06-11 21:43:41.0 +0200 @@ -1,3 +1,18 @@ +lxc (1:4.0.6-2) unstable; urgency=medium + + * d/contrib/lxc-net: Add a commented dnsmasq reference for the users to be +able to use this configuration if needed. + * d/contrib/bin/lxc-unpriv-{start,attach} helper scripts to make +unprivileged containers easier to start manually + * d/README.Debian: Added some intel about how to handle properly +unprivileged containers and systemd user sessions, and potential +filesystem ACL issues/implications +(Closes: #989317, 987293) + * d/p/0007: Makes the containers able to have /proc/sys/net rw +(Closes: #981980) + + -- Pierre-Elliott Bécue Fri, 11 Jun 2021 21:43:41 +0200 + lxc (1:4.0.6-1) unstable; urgency=medium * New upstream version 4.0.6 diff -Nru lxc-4.0.6/debian/contrib/bin/lxc-unpriv-attach lxc-4.0.6/debian/contrib/bin/lxc-unpriv-attach --- lxc-4.0.6/debian/contrib/bin/lxc-unpriv-attach 1970-01-01 01:00:00.0 +0100 +++ lxc-4.0.6/debian/contrib/bin/lxc-unpriv-attach 2021-06-11 21:25:58.0 +0200 @@ -0,0 +1,13 @@ +#!/bin/bash + +if ! ps ux|grep "[s]ystemd --user" > /dev/null 2>&1; then +echo "Can't start an unprivileged container on a pure CGroups v2 host without a systemd user session running." +echo "If you are trying to get a non-interactive user to have unprivileged containers running, you need to" +echo "enable lingering sessions for that user, via loginctl enable-linger ${USER} as root." +exit 1 +fi + +export XDG_RUNTIME_DIR="/run/user/$UID" +export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus" + +/usr/bin/systemd-run --user --scope -p "Delegate=yes" /usr/bin/lxc-attach "$@" diff -Nru lxc-4.0.6/debian/contrib/bin/lxc-unpriv-start lxc-4.0.6/debian/contrib/bin/lxc-unpriv-start --- lxc-4.0.6/debian/contrib/bin/lxc-unpriv-start 1970-01-01 01:00:00.0 +0100 +++ lxc-4.0.6/debian/contrib/bin/lxc-unpriv-start 2021-06-11 21:25:42.0 +0200 @@ -0,0 +1,13 @@ +#!/bin/bash + +if ! ps ux|grep "[s]ystemd --user" > /dev/null 2>&1; then +echo "Can't start an unprivileged container on a pure CGroups v2 host without a systemd user session running." +echo "If you are trying to get a non-interactive user to have unprivileged containers running, you need to" +echo "enable lingering sessions for that user, via loginctl enable-linger ${USER} as root." +exi
Bug#985063: Acknowledgement (unblock: lxcfs/3.0.3-2+deb10u1)
usertags 985063 - unblock + pu tags 985063 + buster retitle 985063 buster-pu: lxcfs/3.0.3-2+deb10u1 thanks Fixing my misqueuing. Le vendredi 12 mars 2021 à 11:45:03+, Debian Bug Tracking System a écrit : > Thank you for filing a new Bug report with Debian. > > You can follow progress on this Bug here: 985063: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985063. > > This is an automatically generated reply to let you know your message > has been received. > > Your message is being forwarded to the package maintainers and other > interested parties for their attention; they will reply in due course. > > Your message has been sent to the package maintainer(s): > Debian Release Team > > If you wish to submit further information on this problem, please > send it to 985...@bugs.debian.org. > > Please do not send mail to ow...@bugs.debian.org unless you wish > to report a problem with the Bug-tracking system. > > -- > 985063: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985063 > Debian Bug Tracking System > Contact ow...@bugs.debian.org with problems > -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for one's principles than to live up to them. signature.asc Description: PGP signature
Bug#985063: unblock: lxcfs/3.0.3-2+deb10u1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release team Please do tell me if I can upload lxcfs 3.0.3-2+deb10u1 to stable. A canonical employee reported a swap accounting bug that could make a container look like it uses all the host's swap. The fix being minor, I've designed a patch I'd like to have uploaded to stable. The upload is not done yet, as I'd rather wait for your opinion. The bug is already fixed in testing, as this patch has also been included in lxcfs 4. Thanks in advance! diff -Nru lxcfs-3.0.3/debian/changelog lxcfs-3.0.3/debian/changelog --- lxcfs-3.0.3/debian/changelog2018-12-09 22:06:41.0 +0100 +++ lxcfs-3.0.3/debian/changelog2021-03-12 12:17:23.0 +0100 @@ -1,3 +1,11 @@ +lxcfs (3.0.3-2+deb10u1) buster; urgency=medium + + [ Kellen Renshaw ] + * d/p/0001 : Fix a misreport of swap being fully used due to a computation +error (Closes: #955499) + + -- Pierre-Elliott Bécue Fri, 12 Mar 2021 12:17:23 +0100 + lxcfs (3.0.3-2) unstable; urgency=medium * Add a call to dpkg-maintscript-helper rm_conffile to handle properly the diff -Nru lxcfs-3.0.3/debian/gbp.conf lxcfs-3.0.3/debian/gbp.conf --- lxcfs-3.0.3/debian/gbp.conf 2018-12-09 22:06:41.0 +0100 +++ lxcfs-3.0.3/debian/gbp.conf 2021-03-12 12:17:23.0 +0100 @@ -1,2 +1,3 @@ [DEFAULT] pristine-tar = True +debian-branch=debian/buster diff -Nru lxcfs-3.0.3/debian/patches/0001-bindings-Adjusts-the-logic-for-calculating-SwapFree-.patch lxcfs-3.0.3/debian/patches/0001-bindings-Adjusts-the-logic-for-calculating-SwapFree-.patch --- lxcfs-3.0.3/debian/patches/0001-bindings-Adjusts-the-logic-for-calculating-SwapFree-.patch 1970-01-01 01:00:00.0 +0100 +++ lxcfs-3.0.3/debian/patches/0001-bindings-Adjusts-the-logic-for-calculating-SwapFree-.patch 2021-03-12 12:17:05.0 +0100 @@ -0,0 +1,26 @@ +From: Kellen Renshaw +Date: Fri, 12 Mar 2021 12:16:47 +0100 +Subject: =?utf-8?q?bindings=3A_Adjusts_the_logic_for_calculating_SwapFree_t?= + =?utf-8?q?o_better_handle=E2=80=A6?= +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +… conditions where swap usage is reported to be <0. +--- + bindings.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bindings.c b/bindings.c +index 5858c6d..fc89789 100644 +--- a/bindings.c b/bindings.c +@@ -3186,7 +3186,7 @@ static int proc_meminfo_read(char *buf, size_t size, off_t offset, + printme = lbuf; + } else if (startswith(line, "SwapFree:") && memswlimit > 0 && memswusage > 0) { + unsigned long swaptotal = memswlimit, +- swapusage = memswusage - memusage, ++ swapusage = memusage > memswusage ? 0 : memswusage - memusage, + swapfree = swapusage < swaptotal ? swaptotal - swapusage : 0; + snprintf(lbuf, 100, "SwapFree: %8lu kB\n", swapfree); + printme = lbuf; diff -Nru lxcfs-3.0.3/debian/patches/series lxcfs-3.0.3/debian/patches/series --- lxcfs-3.0.3/debian/patches/series 1970-01-01 01:00:00.0 +0100 +++ lxcfs-3.0.3/debian/patches/series 2021-03-12 12:17:05.0 +0100 @@ -0,0 +1 @@ +0001-bindings-Adjusts-the-logic-for-calculating-SwapFree-.patch unblock lxcfs/3.0.3-2+deb10u1 -- System Information: Debian Release: 10.8 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-10-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_USER Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#985062: unblock: lxc-templates/3.0.4-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release team, Please unblock package lxc-templates from unstable to testing. lxc-templates 3.0.4-5, which has just been accepted in unstable, fixes 3 bugs that will be beneficial for the stability of the package in bullseye. I should clearly state that none of these bugs are release critical. The first bug is to add a Suggest to qemu-user-static. The second is to add a missing Recommend that made lxc-debian template not working since a patch I made in October. The third and last is to fix some errors in some templates that could lead to catastrophic rm in case of sigint spawned while installing a container for some distributions (arch, centos, ...). It contains the patch 0004, which is the reason this debdiff has some lines Please don't hesitate if you need more intel. Here is the debdiff: diff -Nru lxc-templates-3.0.4/debian/changelog lxc-templates-3.0.4/debian/changelog --- lxc-templates-3.0.4/debian/changelog2020-10-17 22:42:34.0 +0200 +++ lxc-templates-3.0.4/debian/changelog2021-03-12 11:53:24.0 +0100 @@ -1,3 +1,18 @@ +lxc-templates (3.0.4-5) unstable; urgency=medium + + [ Gianfranco Costamagna ] + * d/control: +- Add Suggests: qemu-user-static (Closes: #973345) + + [ Pierre-Elliott Bécue ] + * d/control: +- Add distro-info to the Recommends of lxc-templates (Closes: #974569) +- Bump Standards-Version to 4.5.1 + * d/p/0004: fix path variable in some templates to avoid catastrophic rm +(Closes: #839843) + + -- Pierre-Elliott Bécue Fri, 12 Mar 2021 11:53:24 +0100 + lxc-templates (3.0.4-4) unstable; urgency=medium * d/patches/0002: Update lxc.debian template to document alternatives to the diff -Nru lxc-templates-3.0.4/debian/control lxc-templates-3.0.4/debian/control --- lxc-templates-3.0.4/debian/control 2020-10-17 22:42:34.0 +0200 +++ lxc-templates-3.0.4/debian/control 2021-03-12 11:53:22.0 +0100 @@ -4,7 +4,7 @@ Maintainer: pkg-lxc Uploaders: Pierre-Elliott Bécue Build-Depends: debhelper-compat (= 13) -Standards-Version: 4.5.0 +Standards-Version: 4.5.1 Homepage: https://linuxcontainers.org/ Vcs-Git: https://salsa.debian.org/lxc-team/lxc-templates.git Vcs-Browser: https://salsa.debian.org/lxc-team/lxc-templates @@ -17,11 +17,13 @@ busybox-static, cloud-image-utils | cloud-utils, debootstrap | cdebootstrap, +distro-info, mmdebstrap, openssl, rsync, uuid-runtime, xz-utils +Suggests: qemu-user-static Description: Linux Containers userspace tools (templates) Containers are insulated areas inside a system, which have their own namespace for filesystem, network, PID, IPC, CPU and memory allocation and which can be diff -Nru lxc-templates-3.0.4/debian/patches/0004-Fixes-path-variable-in-some-templates.patch lxc-templates-3.0.4/debian/patches/0004-Fixes-path-variable-in-some-templates.patch --- lxc-templates-3.0.4/debian/patches/0004-Fixes-path-variable-in-some-templates.patch 1970-01-01 01:00:00.0 +0100 +++ lxc-templates-3.0.4/debian/patches/0004-Fixes-path-variable-in-some-templates.patch 2021-03-12 11:50:28.0 +0100 @@ -0,0 +1,180 @@ +From: =?utf-8?q?Pierre-Elliott_B=C3=A9cue?= +Date: Fri, 12 Mar 2021 11:50:00 +0100 +Subject: Fixes path variable in some templates + +The behaviour of the path variable is somewhat inconsistent with a +relevant way of generating containers. path now points to a directory, +where ${path}/${name} will be created and handle the new container's +config/rootfs +--- + templates/lxc-archlinux.in | 8 +--- + templates/lxc-centos.in| 6 -- + templates/lxc-fedora-legacy.in | 8 +--- + templates/lxc-fedora.in| 8 +--- + templates/lxc-pld.in | 7 +-- + templates/lxc-voidlinux.in | 8 +++- + 6 files changed, 31 insertions(+), 14 deletions(-) + +diff --git a/templates/lxc-archlinux.in b/templates/lxc-archlinux.in +index f8d4ba0..afa2f11 100644 +--- a/templates/lxc-archlinux.in b/templates/lxc-archlinux.in +@@ -206,8 +206,8 @@ usage: + Mandatory args: + -n,--name container name, used to as an identifier for that container from now on + Optional args: +- -p,--path path to where the container rootfs will be created (${default_path}) +- --rootfspath for actual container rootfs, (${default_path}/rootfs) ++ -p,--path path the directory where the container directory will be created (${default_path}) ++ --rootfspath for actual container rootfs, (${default_path}/{container_name}/rootfs) + -P,--packages preinstall additional packages, comma-separated list + -e,--enable_units enable systemd services, comma-separated list + -d,--disable_units disable systemd services, comma-separated list +@@ -256,9 +25
Bug#962059: buster-pu: package python-markdown2/2.3.7-2
Le mardi 02 juin 2020 à 20:46:16+0200, Salvatore Bonaccorso a écrit : > Hi > > [disclaimer, not part of the SRM so this is purely > informational/commenting] > > On Tue, Jun 02, 2020 at 08:30:45PM +0200, Pierre-Elliott Bécue wrote: > > +python-markdown2 (2.3.7-2+deb10u1) buster; urgency=medium > > + > > + * Add d/p/0001 To fix CVE-2020-11888, thanks to Gareth Simpson > > As you can close a bug with multiple versions you might add as well > the bug closure for #959445 as well here so once the fix enters buster > the BTS will update the fixed versions accordingly. Thanks! Here's the adapted debdiff! -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for one's principles than to live up to them. diff -Nru python-markdown2-2.3.7/debian/changelog python-markdown2-2.3.7/debian/changelog --- python-markdown2-2.3.7/debian/changelog 2019-02-02 18:27:36.0 +0100 +++ python-markdown2-2.3.7/debian/changelog 2020-06-02 20:23:22.0 +0200 @@ -1,3 +1,11 @@ +python-markdown2 (2.3.7-2+deb10u1) buster; urgency=medium + + * Add d/p/0001 To fix CVE-2020-11888, thanks to Gareth Simpson +Closes: #959445 + * Add a d/gbp.conf file to ease-up gbp's mind + + -- Pierre-Elliott Bécue Tue, 02 Jun 2020 20:23:22 +0200 + python-markdown2 (2.3.7-2) unstable; urgency=medium * Team upload diff -Nru python-markdown2-2.3.7/debian/gbp.conf python-markdown2-2.3.7/debian/gbp.conf --- python-markdown2-2.3.7/debian/gbp.conf 1970-01-01 01:00:00.0 +0100 +++ python-markdown2-2.3.7/debian/gbp.conf 2020-06-02 20:23:22.0 +0200 @@ -0,0 +1,3 @@ +[DEFAULT] +pristine-tar = True +debian-branch = debian/buster diff -Nru python-markdown2-2.3.7/debian/patches/0001-Incomplete-tags-with-punctuation-after-as-part-of-th.patch python-markdown2-2.3.7/debian/patches/0001-Incomplete-tags-with-punctuation-after-as-part-of-th.patch --- python-markdown2-2.3.7/debian/patches/0001-Incomplete-tags-with-punctuation-after-as-part-of-th.patch 1970-01-01 01:00:00.0 +0100 +++ python-markdown2-2.3.7/debian/patches/0001-Incomplete-tags-with-punctuation-after-as-part-of-th.patch 2020-06-02 20:23:22.0 +0200 @@ -0,0 +1,73 @@ +From: Gareth Simpson +Date: Tue, 2 Jun 2020 20:14:30 +0200 +Subject: Incomplete tags with punctuation after as part of the tag name are a + source of XSS +Bug: https://github.com/trentm/python-markdown2/issues/348 + +Fixes CVE-2020-11888. + +python-markdown2 through 2.3.8 allows XSS because element names are +mishandled unless a \w+ match succeeds. For example, an attack might use +elementname@ or elementname- with an onclick attribute. +--- + lib/markdown2.py | 9 ++--- + test/tm-cases/issue348_incomplete_tag.html | 1 + + test/tm-cases/issue348_incomplete_tag.opts | 1 + + test/tm-cases/issue348_incomplete_tag.text | 1 + + 4 files changed, 9 insertions(+), 3 deletions(-) + create mode 100644 test/tm-cases/issue348_incomplete_tag.html + create mode 100644 test/tm-cases/issue348_incomplete_tag.opts + create mode 100644 test/tm-cases/issue348_incomplete_tag.text + +diff --git a/lib/markdown2.py b/lib/markdown2.py +index 16672f5..bd9fe0c 100755 +--- a/lib/markdown2.py b/lib/markdown2.py +@@ -1772,7 +1772,7 @@ class Markdown(object): + lexer_name = lexer_name[3:].strip() + codeblock = rest.lstrip("\n") # Remove lexer declaration line. + formatter_opts = self.extras['code-color'] or {} +- ++ + # Use pygments only if not using the highlightjs-lang extra + if lexer_name and "highlightjs-lang" not in self.extras: + def unhash_code(codeblock): +@@ -2134,12 +2134,15 @@ class Markdown(object): + text = self._naked_gt_re.sub('>', text) + return text + +-_incomplete_tags_re = re.compile("<(/?\w+[\s/]+?)") ++_incomplete_tags_re = re.compile("<(/?\w+?(?!\w).+?[\s/]+?)") + + def _encode_incomplete_tags(self, text): + if self.safe_mode not in ("replace", "escape"): + return text +- ++ ++if text.endswith(">"): ++return text # this is not an incomplete tag, this is a link in the form <http://x.y.z> ++ + return self._incomplete_tags_re.sub("<\\1", text) + + def _encode_backslash_escapes(self, text): +diff --git a/test/tm-cases/issue348_incomplete_tag.html b/test/tm-cases/issue348_incomplete_tag.html +new file mode 100644 +index 000..46059cc +--- /dev/null b/test/tm-cases/issue348_incomplete_tag.html +@@ -0,0 +1 @@ ++<lol@/ //id="pwn"//onclick="alert(1)"//abc +diff --git a/test/tm-cases/issue348_incomplete_tag.opts b/test/tm-cases/issue348_incomplete_tag.opts +new file mode 100644 +index 000..ad487c0 +--- /dev/null b/test/tm-ca
Bug#962059: buster-pu: package python-markdown2/2.3.7-2
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Dear Release Managers, I'd like to have python-markdown2 updated in Buster, due to a CVE: CVE-2020-11888. I attached a debdiff with the bug report, and the update is the simple adding of debian/patches/0001. I've also added a gbp.conf to have gbp stop complaining when I don't give it the proper branch to build, this addition doesn't change the binary packages. Note that I've uploaded python-markdown2 2.3.9-1 to unstable 15 minutes ago. It ships the CVE fix, and should be visible in the archive soon. Thanks a lot for your work! :) -- System Information: Debian Release: 10.4 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-8-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_USER Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff -Nru python-markdown2-2.3.7/debian/changelog python-markdown2-2.3.7/debian/changelog --- python-markdown2-2.3.7/debian/changelog 2019-02-02 18:27:36.0 +0100 +++ python-markdown2-2.3.7/debian/changelog 2020-06-02 20:23:22.0 +0200 @@ -1,3 +1,10 @@ +python-markdown2 (2.3.7-2+deb10u1) buster; urgency=medium + + * Add d/p/0001 To fix CVE-2020-11888, thanks to Gareth Simpson + * Add a d/gbp.conf file to ease-up gbp's mind + + -- Pierre-Elliott Bécue Tue, 02 Jun 2020 20:23:22 +0200 + python-markdown2 (2.3.7-2) unstable; urgency=medium * Team upload diff -Nru python-markdown2-2.3.7/debian/gbp.conf python-markdown2-2.3.7/debian/gbp.conf --- python-markdown2-2.3.7/debian/gbp.conf 1970-01-01 01:00:00.0 +0100 +++ python-markdown2-2.3.7/debian/gbp.conf 2020-06-02 20:23:18.0 +0200 @@ -0,0 +1,3 @@ +[DEFAULT] +pristine-tar = True +debian-branch = debian/buster diff -Nru python-markdown2-2.3.7/debian/patches/0001-Incomplete-tags-with-punctuation-after-as-part-of-th.patch python-markdown2-2.3.7/debian/patches/0001-Incomplete-tags-with-punctuation-after-as-part-of-th.patch --- python-markdown2-2.3.7/debian/patches/0001-Incomplete-tags-with-punctuation-after-as-part-of-th.patch 1970-01-01 01:00:00.0 +0100 +++ python-markdown2-2.3.7/debian/patches/0001-Incomplete-tags-with-punctuation-after-as-part-of-th.patch 2020-06-02 20:22:52.0 +0200 @@ -0,0 +1,73 @@ +From: Gareth Simpson +Date: Tue, 2 Jun 2020 20:14:30 +0200 +Subject: Incomplete tags with punctuation after as part of the tag name are a + source of XSS +Bug: https://github.com/trentm/python-markdown2/issues/348 + +Fixes CVE-2020-11888. + +python-markdown2 through 2.3.8 allows XSS because element names are +mishandled unless a \w+ match succeeds. For example, an attack might use +elementname@ or elementname- with an onclick attribute. +--- + lib/markdown2.py | 9 ++--- + test/tm-cases/issue348_incomplete_tag.html | 1 + + test/tm-cases/issue348_incomplete_tag.opts | 1 + + test/tm-cases/issue348_incomplete_tag.text | 1 + + 4 files changed, 9 insertions(+), 3 deletions(-) + create mode 100644 test/tm-cases/issue348_incomplete_tag.html + create mode 100644 test/tm-cases/issue348_incomplete_tag.opts + create mode 100644 test/tm-cases/issue348_incomplete_tag.text + +diff --git a/lib/markdown2.py b/lib/markdown2.py +index 16672f5..bd9fe0c 100755 +--- a/lib/markdown2.py b/lib/markdown2.py +@@ -1772,7 +1772,7 @@ class Markdown(object): + lexer_name = lexer_name[3:].strip() + codeblock = rest.lstrip("\n") # Remove lexer declaration line. + formatter_opts = self.extras['code-color'] or {} +- ++ + # Use pygments only if not using the highlightjs-lang extra + if lexer_name and "highlightjs-lang" not in self.extras: + def unhash_code(codeblock): +@@ -2134,12 +2134,15 @@ class Markdown(object): + text = self._naked_gt_re.sub('>', text) + return text + +-_incomplete_tags_re = re.compile("<(/?\w+[\s/]+?)") ++_incomplete_tags_re = re.compile("<(/?\w+?(?!\w).+?[\s/]+?)") + + def _encode_incomplete_tags(self, text): + if self.safe_mode not in ("replace", "escape"): + return text +- ++ ++if text.endswith(">"): ++return text # this is not an incomplete tag, this is a link in the form <http://x.y.z> ++ + return self._incomplete_tags_re.sub("<\\1", text) + + def _encode_backslash_escapes(self, text): +diff --git a/test/tm-cases/issu
Bug#960806: buster-pu: package policyd-rate-limit/1.0.0-1
Le lundi 18 mai 2020 à 14:32:24+0100, Adam D. Barratt a écrit : > On Mon, 2020-05-18 at 14:13 +0100, Adam D. Barratt wrote: > > That appears to have dropped a number of entries from the changelog > > for the unstable upload it's based on, which is a little confusing to > > say the least. > > > > If you're dropping changes for the backport, then the unstable > > changelog stanza should be exactly as it was for the upload to > > unstable, and any changes that weren't included should be itemised in > > the changelog for the stable upload, if they're sufficiently > > relevant. > > As an alternative suggestion, rather than trying to backport the upload > to unstable and reverting a bunch of the changes in the process, it > might be easier to start from the current stable package and simply > apply the changes required to resolve: > > +- Fixes issues in accounting due to socket reuse (Closes: #960792) > +- Fixes undeclared variable issue > > assuming those are as simple and isolated as I suspect from looking > through the diff. Would the attached diff be fine? -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for one's principles than to live up to them. diff -Nru policyd-rate-limit-1.0.0/debian/changelog policyd-rate-limit-1.0.1.1/debian/changelog --- policyd-rate-limit-1.0.0/debian/changelog 2018-12-11 09:57:37.0 +0100 +++ policyd-rate-limit-1.0.1.1/debian/changelog 2020-05-18 19:09:03.0 +0200 @@ -1,3 +1,13 @@ +policyd-rate-limit (1.0.1.1-0+deb10u1) buster; urgency=medium + + * Team upload + * New upstream release 1.0.1.1 +- Fixes issues in accounting due to socket reuse (Closes: #960792) +- Fixes undeclared variable issue + * Updated upstream's signing key + + -- Pierre-Elliott Bécue Mon, 18 May 2020 19:09:03 +0200 + policyd-rate-limit (1.0.0-1) unstable; urgency=medium * Team upload diff -Nru policyd-rate-limit-1.0.0/debian/upstream/signing-key.asc policyd-rate-limit-1.0.1.1/debian/upstream/signing-key.asc --- policyd-rate-limit-1.0.0/debian/upstream/signing-key.asc 2018-12-11 09:57:37.0 +0100 +++ policyd-rate-limit-1.0.1.1/debian/upstream/signing-key.asc 2020-05-18 14:17:01.0 +0200 @@ -1,5 +1,4 @@ -BEGIN PGP PUBLIC KEY BLOCK- -Version: GnuPG v1 mQINBEzFtS8BEADHXXvwn2k5xtlld1Lt5+abQJFdmeKB9EOP7qZEkCoBINPWb8Tx 6L8xFU51GQpzMB0BnFnD4SelJggxqKv0bAd6glmU63AZSzpodVvDGGLzj4zOwWyZ @@ -12,1163 +11,289 @@ fm8NtP8LdTGAXvAGa3Pid04s8G0phSC2/oG2TAaGRseN5KRwD7T93PH2IYj5/GMm T48WWpZwEjD7b0fSwW4HPosu29fbZCqDmiEflQiZlw8KBJlUTXIPH0oU7ykUwy0c ++Gf0L85IHHbvmV3cvqyCcAXD0dwTdXWUS4EUn9aozwPGS+rsiJ9NUnH+QARAQAB -tCdWYWxlbnRpbiBTYW1pciA8c2FtaXIudmFsZW50aW5AZnJlZS5mcj6JAj0EEwEK -ACcCGyMCHgECF4AFCwkIBwMFFQoJCAsFFgIDAQAFAlfIOzUFCQtRoAYACgkQyGrS -qkHCt2vJUA/9Hr/1zQGspeQpQNU0pnSksgrutQ4qlVB6BYWZ6RWqMrPmY2mgxDtB -4G7HkDRsIdJdA8rWRvBU6aFd0LSMvAkUkEfU4xwdfQG8Mmaoy6EfTsPrYcAXFMph -clWMtdX8kaDGcywZkLlmo2I4ZG2Jrpp3Z8oi6mG4kuBm6lvU2Q+NDdfkoP7bTLTo -tv6jVYvWNaLeR5zjT9ICaozvHvYjkNS2zty4Perz8TH7T+rjYU7BTY1q8+yN4hUI -fdCOfN25bFCKZ9b+ncnYlhPlkz5MV6ulNjjU1d9iIDwR1jiDuY/klfMDCqzS762n -odM7+ukd+C0+sFdjqnYoEMXGYQpPGqeIF46il8nKjQgVcdOri8cFRBvJmLVMwu+k -ICKYN7ajZyjNBfRLuO76oKw5oKekR6wWF7e28sxfl38nmcZTk2LF+HHPycBFk+QR -wQewjk4zXEQ1qug6yVwV4CkDcN+NtGvN+XWUtPf1RlsvzhFaTu+SBTLXBg2LfUFf -9OgeuXYJFJ5lS94DAt5I1OUGw2Ttod/AzGTKhGMFJ3MLfcIiyxVRc6O3FF2QDjgK -uTgOBGITrUesi0OAkfv0quotBGDgwXxgKtk1w5b8Q/o3/N5ocOAwdlz/yo/uF4J5 -D4tkwAgxE57RDFVjOzy45Zi4obVx8C6wiT1ZwfmVwwxAKg0ltmQTX4y0OVZhbGVu -dGluIFNhbWlyIDx2YWxlbnRpbi5zYW1pckBldHUudW5pdi1wYXJpcy1kaWRlcm90 -LmZyPokCHwQwAQIACQUCUkWZEAIdIAAKCRDIatKqQcK3a3HyD/9mOMdm0Uq2ZqId -I5bkbOPj1KdiWVKFTG0n8MygGHslRSB6SLGh2bTPiCs4dRpOvWxkvK1KOI/jEldq -FUln3SGcckaOznIn/+WiZ1HWd9W2lem/kgb0dUvnxnmSLJ5I8LeTlHR8FwpN9YbQ -xxQpNw+fCwHfqsnolAngA5DCWAIkqQnu/PGbja6JGNeb0METOZzUp226Q9tsB+QE -CNszu61GcCrE7L8JYHlIe4g72NZqgMJLX6zY3sc7MnhZ5J6wNpulS3tRBUh52br1 -bBunggb6VhUQyFn62UxIEmfbjPMr9M6CzJTVyl6v/LAPXCxy+sKq0ra9AxrlF0CV -fVG0W3XQHqi+alEdzXFc1S9LYdnNxpp71jWlCjZEJ3QfVg2g4oR4TxnTwEpEW8G+ -9R9DxVJhK65XoMEm72xkAqv7taPRBmYimyvMPnETaIldv1/dCpXuUcdimkaGHp2T -phtjAEF3Aj+XvvKIAsXclbFl7K8I7P9PqU2s6G0thV+P0uHtotJ51cbb/yQjMQNa -bK5AME4djrULfGGhc4T1yRasZwMPasr3CRiy4bedzumXH5qfrIkl+HWSpmorz8ch -cOT3Y7gxYwiESBFIr+JaXsAcqBpBLwEih8EnRkqCkBPxqnww9Hi3D7UcN/FokesB -RldSLx4IM8Lm/yl0Pm3Brr95KAPH77Q1VmFsZW50aW4gU2FtaXIgPHZhbGVudGlu -LnNhbWlyQGRwdGluZm8uZW5zLWNhY2hhbi5mcj6JAj0EEwEKACcCGyMCHgECF4AF -CwkIBwMFFQoJCAsFFgIDAQAFAlfIOzYFCQtRoAYACgkQyGrSqkHCt2vGpQ/+Ky+d -ZW6J5KsOCC/HkHNXT0dB2WuVUfjhPJbZVyBGATWdxFpxql+JM7ccTL6bxan/5X6k -PqaHzlOOp2g6qBomOaVYowI/64KMyRJXelx2iy5BUbttXGWOAm9GojszWAX+ori9 -tiMjgGlQfNE31HPHj2wl4Doh/sPQj6bU9H2R17zrSCXlRPcGN7S3Z0Q/zPc/NM0G -7xIyu94+Awf/fpnaxyDlcA0p4VnSbj1aV+7yjGiSzURi3QlHCykHAdADvyUAZEtE -qTcEU+tgmgvwVmUbHRujS/nrSN731mlsJELDMI96OlFPS7+bKL/cO+JjlWxXzVrP -f5heIIRLyB6V7lzzziOuZKY0Z
Bug#960806: buster-pu: package policyd-rate-limit/1.0.0-1
Le dimanche 17 mai 2020 à 22:27:52+0100, Adam D. Barratt a écrit : > Control: tags -1 + moreinfo > > On Sat, 2020-05-16 at 22:39 +0200, Pierre-Elliott Bécue wrote: > > Policyd rate limit in buster is RC-buggy due to a bug described > > here[0]. > > Minor release 1.0.1 fixes the issue, and, consequently, I uploaded it > > in unstable minutes ago. > > > > I prepared a debdiff for Buster. Note that the upstream release is > > 1.0.1.1 because upstream released signing with an inappropriate GPG > > key. > > +policyd-rate-limit (1.0.1.1-1+deb10u1) buster; urgency=medium > > The version needs to be lower than the package in unstable, so 1.0.1.1- > 1~deb10u1 Arf, my bad, I forgot that again. > -Build-Depends: debhelper (>= 11~), > +Build-Depends: debhelper-compat (= 11), > > As a general note, that's not particularly great for a stable update, > even though it's effectively a no-op (because it's not part of > resolving the issues). As part of a backport I wouldn't request not > including it though. Dropped. > -raise ValueError("connection closed") > +raise PolicydConnectionClosed() > [...] > -except Exception as error: > +except PolicydConnectionClosed: > +if config.debug: > +sys.stderr.write("Connection closed\n") > > Does anything rely on the specific strings being output here? It's debug output. Although anyone could decide to use this output to handle some things, it's not supposed to be. Here is a new diff. -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for one's principles than to live up to them. diff -Nru policyd-rate-limit-1.0.0/debian/changelog policyd-rate-limit-1.0.1.1/debian/changelog --- policyd-rate-limit-1.0.0/debian/changelog 2018-12-11 09:57:37.0 +0100 +++ policyd-rate-limit-1.0.1.1/debian/changelog 2020-05-18 14:17:48.0 +0200 @@ -1,3 +1,22 @@ +policyd-rate-limit (1.0.1.1-1~deb10u1) buster; urgency=medium + + * Team upload + * Rebuild for Buster + + -- Pierre-Elliott Bécue Mon, 18 May 2020 14:17:48 +0200 + +policyd-rate-limit (1.0.1.1-1) unstable; urgency=medium + + * Team upload + + [ Pierre-Elliott Bécue ] + * New upstream release 1.0.1.1 +- Fixes issues in accounting due to socket reuse (Closes: #960792) +- Fixes undeclared variable issue + * Updated upstream's signing key + + -- Pierre-Elliott Bécue Sat, 16 May 2020 19:47:04 +0200 + policyd-rate-limit (1.0.0-1) unstable; urgency=medium * Team upload diff -Nru policyd-rate-limit-1.0.0/debian/upstream/signing-key.asc policyd-rate-limit-1.0.1.1/debian/upstream/signing-key.asc --- policyd-rate-limit-1.0.0/debian/upstream/signing-key.asc 2018-12-11 09:57:37.0 +0100 +++ policyd-rate-limit-1.0.1.1/debian/upstream/signing-key.asc 2020-05-18 14:17:01.0 +0200 @@ -1,5 +1,4 @@ -BEGIN PGP PUBLIC KEY BLOCK- -Version: GnuPG v1 mQINBEzFtS8BEADHXXvwn2k5xtlld1Lt5+abQJFdmeKB9EOP7qZEkCoBINPWb8Tx 6L8xFU51GQpzMB0BnFnD4SelJggxqKv0bAd6glmU63AZSzpodVvDGGLzj4zOwWyZ @@ -12,1163 +11,289 @@ fm8NtP8LdTGAXvAGa3Pid04s8G0phSC2/oG2TAaGRseN5KRwD7T93PH2IYj5/GMm T48WWpZwEjD7b0fSwW4HPosu29fbZCqDmiEflQiZlw8KBJlUTXIPH0oU7ykUwy0c ++Gf0L85IHHbvmV3cvqyCcAXD0dwTdXWUS4EUn9aozwPGS+rsiJ9NUnH+QARAQAB -tCdWYWxlbnRpbiBTYW1pciA8c2FtaXIudmFsZW50aW5AZnJlZS5mcj6JAj0EEwEK -ACcCGyMCHgECF4AFCwkIBwMFFQoJCAsFFgIDAQAFAlfIOzUFCQtRoAYACgkQyGrS -qkHCt2vJUA/9Hr/1zQGspeQpQNU0pnSksgrutQ4qlVB6BYWZ6RWqMrPmY2mgxDtB -4G7HkDRsIdJdA8rWRvBU6aFd0LSMvAkUkEfU4xwdfQG8Mmaoy6EfTsPrYcAXFMph -clWMtdX8kaDGcywZkLlmo2I4ZG2Jrpp3Z8oi6mG4kuBm6lvU2Q+NDdfkoP7bTLTo -tv6jVYvWNaLeR5zjT9ICaozvHvYjkNS2zty4Perz8TH7T+rjYU7BTY1q8+yN4hUI -fdCOfN25bFCKZ9b+ncnYlhPlkz5MV6ulNjjU1d9iIDwR1jiDuY/klfMDCqzS762n -odM7+ukd+C0+sFdjqnYoEMXGYQpPGqeIF46il8nKjQgVcdOri8cFRBvJmLVMwu+k -ICKYN7ajZyjNBfRLuO76oKw5oKekR6wWF7e28sxfl38nmcZTk2LF+HHPycBFk+QR -wQewjk4zXEQ1qug6yVwV4CkDcN+NtGvN+XWUtPf1RlsvzhFaTu+SBTLXBg2LfUFf -9OgeuXYJFJ5lS94DAt5I1OUGw2Ttod/AzGTKhGMFJ3MLfcIiyxVRc6O3FF2QDjgK -uTgOBGITrUesi0OAkfv0quotBGDgwXxgKtk1w5b8Q/o3/N5ocOAwdlz/yo/uF4J5 -D4tkwAgxE57RDFVjOzy45Zi4obVx8C6wiT1ZwfmVwwxAKg0ltmQTX4y0OVZhbGVu -dGluIFNhbWlyIDx2YWxlbnRpbi5zYW1pckBldHUudW5pdi1wYXJpcy1kaWRlcm90 -LmZyPokCHwQwAQIACQUCUkWZEAIdIAAKCRDIatKqQcK3a3HyD/9mOMdm0Uq2ZqId -I5bkbOPj1KdiWVKFTG0n8MygGHslRSB6SLGh2bTPiCs4dRpOvWxkvK1KOI/jEldq -FUln3SGcckaOznIn/+WiZ1HWd9W2lem/kgb0dUvnxnmSLJ5I8LeTlHR8FwpN9YbQ -xxQpNw+fCwHfqsnolAngA5DCWAIkqQnu/PGbja6JGNeb0METOZzUp226Q9tsB+QE -CNszu61GcCrE7L8JYHlIe4g72NZqgMJLX6zY3sc7MnhZ5J6wNpulS3tRBUh52br1 -bBunggb6VhUQyFn62UxIEmfbjPMr9M6CzJTVyl6v/LAPXCxy+sKq0ra9AxrlF0CV -fVG0W3XQHqi+alEdzXFc1S9LYdnNxpp71jWlCjZEJ3QfVg2g4oR4TxnTwEpEW8G+ -9R9DxVJhK65XoMEm72xkAqv7taPRBmYimyvMPnETaIldv1/dCpXuUcdimkaGHp2T -phtjAEF3Aj+XvvKIAsXclb
Bug#960806: buster-pu: package policyd-rate-limit/1.0.0-1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Dear release managers, Policyd rate limit in buster is RC-buggy due to a bug described here[0]. Minor release 1.0.1 fixes the issue, and, consequently, I uploaded it in unstable minutes ago. I prepared a debdiff for Buster. Note that the upstream release is 1.0.1.1 because upstream released signing with an inappropriate GPG key. I decided to stick with upstream version. Please tell me if that debdiff would seem acceptable to you. Thanks a lot! :) [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960792 -- System Information: Debian Release: 10.3 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-8-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_USER Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff -Nru policyd-rate-limit-1.0.0/debian/changelog policyd-rate-limit-1.0.1.1/debian/changelog --- policyd-rate-limit-1.0.0/debian/changelog 2018-12-11 09:57:37.0 +0100 +++ policyd-rate-limit-1.0.1.1/debian/changelog 2020-05-16 19:58:16.0 +0200 @@ -1,3 +1,25 @@ +policyd-rate-limit (1.0.1.1-1+deb10u1) buster; urgency=medium + + * Team upload + * Rebuild for Buster + + -- Pierre-Elliott Bécue Sat, 16 May 2020 19:58:16 +0200 + +policyd-rate-limit (1.0.1.1-1) unstable; urgency=medium + + * Team upload + + [ Ondřej Nový ] + * Use debhelper-compat instead of debian/compat. + + [ Pierre-Elliott Bécue ] + * New upstream release 1.0.1.1 +- Fixes issues in accounting due to socket reuse (Closes: #960792) +- Fixes undeclared variable issue + * Updated upstream's signing key + + -- Pierre-Elliott Bécue Sat, 16 May 2020 19:47:04 +0200 + policyd-rate-limit (1.0.0-1) unstable; urgency=medium * Team upload diff -Nru policyd-rate-limit-1.0.0/debian/compat policyd-rate-limit-1.0.1.1/debian/compat --- policyd-rate-limit-1.0.0/debian/compat 2018-12-11 09:57:37.0 +0100 +++ policyd-rate-limit-1.0.1.1/debian/compat1970-01-01 01:00:00.0 +0100 @@ -1 +0,0 @@ -11 diff -Nru policyd-rate-limit-1.0.0/debian/control policyd-rate-limit-1.0.1.1/debian/control --- policyd-rate-limit-1.0.0/debian/control 2018-12-11 09:57:37.0 +0100 +++ policyd-rate-limit-1.0.1.1/debian/control 2020-05-16 19:58:16.0 +0200 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Python Applications Packaging Team Uploaders: Valentin Samir -Build-Depends: debhelper (>= 11~), +Build-Depends: debhelper-compat (= 11), dh-python, python3, python3-setuptools, diff -Nru policyd-rate-limit-1.0.0/debian/upstream/signing-key.asc policyd-rate-limit-1.0.1.1/debian/upstream/signing-key.asc --- policyd-rate-limit-1.0.0/debian/upstream/signing-key.asc2018-12-11 09:57:37.0 +0100 +++ policyd-rate-limit-1.0.1.1/debian/upstream/signing-key.asc 2020-05-16 19:35:35.0 +0200 @@ -1,5 +1,4 @@ -BEGIN PGP PUBLIC KEY BLOCK- -Version: GnuPG v1 mQINBEzFtS8BEADHXXvwn2k5xtlld1Lt5+abQJFdmeKB9EOP7qZEkCoBINPWb8Tx 6L8xFU51GQpzMB0BnFnD4SelJggxqKv0bAd6glmU63AZSzpodVvDGGLzj4zOwWyZ @@ -12,1163 +11,289 @@ fm8NtP8LdTGAXvAGa3Pid04s8G0phSC2/oG2TAaGRseN5KRwD7T93PH2IYj5/GMm T48WWpZwEjD7b0fSwW4HPosu29fbZCqDmiEflQiZlw8KBJlUTXIPH0oU7ykUwy0c ++Gf0L85IHHbvmV3cvqyCcAXD0dwTdXWUS4EUn9aozwPGS+rsiJ9NUnH+QARAQAB -tCdWYWxlbnRpbiBTYW1pciA8c2FtaXIudmFsZW50aW5AZnJlZS5mcj6JAj0EEwEK -ACcCGyMCHgECF4AFCwkIBwMFFQoJCAsFFgIDAQAFAlfIOzUFCQtRoAYACgkQyGrS -qkHCt2vJUA/9Hr/1zQGspeQpQNU0pnSksgrutQ4qlVB6BYWZ6RWqMrPmY2mgxDtB -4G7HkDRsIdJdA8rWRvBU6aFd0LSMvAkUkEfU4xwdfQG8Mmaoy6EfTsPrYcAXFMph -clWMtdX8kaDGcywZkLlmo2I4ZG2Jrpp3Z8oi6mG4kuBm6lvU2Q+NDdfkoP7bTLTo -tv6jVYvWNaLeR5zjT9ICaozvHvYjkNS2zty4Perz8TH7T+rjYU7BTY1q8+yN4hUI -fdCOfN25bFCKZ9b+ncnYlhPlkz5MV6ulNjjU1d9iIDwR1jiDuY/klfMDCqzS762n -odM7+ukd+C0+sFdjqnYoEMXGYQpPGqeIF46il8nKjQgVcdOri8cFRBvJmLVMwu+k -ICKYN7ajZyjNBfRLuO76oKw5oKekR6wWF7e28sxfl38nmcZTk2LF+HHPycBFk+QR -wQewjk4zXEQ1qug6yVwV4CkDcN+NtGvN+XWUtPf1RlsvzhFaTu+SBTLXBg2LfUFf -9OgeuXYJFJ5lS94DAt5I1OUGw2Ttod/AzGTKhGMFJ3MLfcIiyxVRc6O3FF2QDjgK -uTgOBGITrUesi0OAkfv0quotBGDgwXxgKtk1w5b8Q/o3/N5ocOAwdlz/yo/uF4J5 -D4tkwAgxE57RDFVjOzy45Zi4obVx8C6wiT1ZwfmVwwxAKg0ltmQTX4y0OVZhbGVu -dGluIFNhbWlyIDx2YWxlbnRpbi5zYW1pckBldHUudW5pdi1wYXJpcy1kaWRlcm90 -LmZyPokCHwQwAQIACQUCUkWZEAIdIAAKCRDIatKqQcK3a3HyD/9mOMdm0Uq2ZqId -I5bkbOPj1KdiWVKFTG0n8MygGHslRSB6SLGh2bTPiCs4dRpOvWxkvK1KOI/jEldq -FUln3SGcckaOznIn/+WiZ1HWd9W2lem/kgb0dUvnxnmSLJ5I8LeTlHR8FwpN9YbQ -xxQpNw+fCwHfqsnolAngA5DCWAIkqQnu/PGbja6JGNeb0METOZzUp226Q9tsB+QE -CNszu61GcCrE7L8JYHlIe4g72NZqgMJLX6zY3sc7MnhZ5J6wNpulS3tRBUh52br1 -bBunggb6Vh
Bug#958173: buster-pu: package lxc-templates/3.0.3-1
Le mardi 21 avril 2020 à 21:21:28+0200, Andreas Beckmann a écrit : > > Stripping all useless commits, here is the Debdiff I get. > > > > Note that the version isn't 3.0.4-3~deb10u1 as 3.0.4-3 contains only > > packaging changes that I didn't include. > > > > Should you wish me to release 3.0.4-3~deb10u1, we would have to make an > > empty changelog for 3.0.4-3 over which I could do the changelog entry to > > release into buster. > > A version generally used in this case would be 3.0.4-0+deb10u1 with the > changelog entries squashed together. It's no longer a plain "rebuild", > but a new upstream release + selected cherry-picked bugfixes without > inappropriate packaging changes. > (mariadb and postgresql are prominent users of this scheme.) Thanks, here is a debdiff that should fit then. -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for one's principles than to live up to them. diff -Nru lxc-templates-3.0.3/configure lxc-templates-3.0.4/configure --- lxc-templates-3.0.3/configure 2018-11-23 01:48:22.0 +0100 +++ lxc-templates-3.0.4/configure 2019-06-22 00:57:26.0 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for lxc-templates 3.0.3. +# Generated by GNU Autoconf 2.69 for lxc-templates 3.0.4. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -577,8 +577,8 @@ # Identity of this package. PACKAGE_NAME='lxc-templates' PACKAGE_TARNAME='lxc-templates' -PACKAGE_VERSION='3.0.3' -PACKAGE_STRING='lxc-templates 3.0.3' +PACKAGE_VERSION='3.0.4' +PACKAGE_STRING='lxc-templates 3.0.4' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1321,7 +1321,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures lxc-templates 3.0.3 to adapt to many kinds of systems. +\`configure' configures lxc-templates 3.0.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1392,7 +1392,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of lxc-templates 3.0.3:";; + short | recursive ) echo "Configuration of lxc-templates 3.0.4:";; esac cat <<\_ACEOF @@ -1500,7 +1500,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -lxc-templates configure 3.0.3 +lxc-templates configure 3.0.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1752,7 +1752,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by lxc-templates $as_me 3.0.3, which was +It was created by lxc-templates $as_me 3.0.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2615,7 +2615,7 @@ # Define the identity of the package. PACKAGE='lxc-templates' - VERSION='3.0.3' + VERSION='3.0.4' cat >>confdefs.h <<_ACEOF @@ -6134,7 +6134,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by lxc-templates $as_me 3.0.3, which was +This file was extended by lxc-templates $as_me 3.0.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES= $CONFIG_FILES @@ -6195,7 +6195,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/&/g'`" ac_cs_version="\\ -lxc-templates config.status 3.0.3 +lxc-templates config.status 3.0.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -Nru lxc-templates-3.0.3/configure.ac lxc-templates-3.0.4/configure.ac --- lxc-templates-3.0.3/configure.ac2018-11-23 01:48:17.0 +0100 +++ lxc-templates-3.0.4/configure.ac2019-06-22 00:57:21.0 +0200 @@ -1,7 +1,7 @@ # -*- Autoconf -*- # Process this file with autoconf to produce a configure script. -AC_INIT([lxc-templates], [3.0.3]) +AC_INIT([lxc-templates], [3.0.4]) AM_INIT_AUTOMAKE # We need pkg-config diff -Nru lxc-templates-3.0.3/debian/changelog lxc-templates-3.0.4/debian/changelog --- lxc-templates-3.0.3/debian/changelog2018-12-04 08:47:01.0 +0100 +++ lxc-templates-3.0.4/debian/changelog2020-04-21 21:54:06.0 +0200 @@ -1,3 +1,12 @@ +lxc-templates (3.0
Bug#958173: buster-pu: package lxc-templates/3.0.3-1
Le dimanche 19 avril 2020 à 16:22:57+0200, Pierre-Elliott Bécue a écrit : > [snip] Dear Adam, Stripping all useless commits, here is the Debdiff I get. Note that the version isn't 3.0.4-3~deb10u1 as 3.0.4-3 contains only packaging changes that I didn't include. Should you wish me to release 3.0.4-3~deb10u1, we would have to make an empty changelog for 3.0.4-3 over which I could do the changelog entry to release into buster. Cheers! -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for one's principles than to live up to them. diff -Nru lxc-templates-3.0.3/configure lxc-templates-3.0.4/configure --- lxc-templates-3.0.3/configure 2018-11-23 01:48:22.0 +0100 +++ lxc-templates-3.0.4/configure 2019-06-22 00:57:26.0 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for lxc-templates 3.0.3. +# Generated by GNU Autoconf 2.69 for lxc-templates 3.0.4. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -577,8 +577,8 @@ # Identity of this package. PACKAGE_NAME='lxc-templates' PACKAGE_TARNAME='lxc-templates' -PACKAGE_VERSION='3.0.3' -PACKAGE_STRING='lxc-templates 3.0.3' +PACKAGE_VERSION='3.0.4' +PACKAGE_STRING='lxc-templates 3.0.4' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1321,7 +1321,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures lxc-templates 3.0.3 to adapt to many kinds of systems. +\`configure' configures lxc-templates 3.0.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1392,7 +1392,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of lxc-templates 3.0.3:";; + short | recursive ) echo "Configuration of lxc-templates 3.0.4:";; esac cat <<\_ACEOF @@ -1500,7 +1500,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -lxc-templates configure 3.0.3 +lxc-templates configure 3.0.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1752,7 +1752,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by lxc-templates $as_me 3.0.3, which was +It was created by lxc-templates $as_me 3.0.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2615,7 +2615,7 @@ # Define the identity of the package. PACKAGE='lxc-templates' - VERSION='3.0.3' + VERSION='3.0.4' cat >>confdefs.h <<_ACEOF @@ -6134,7 +6134,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by lxc-templates $as_me 3.0.3, which was +This file was extended by lxc-templates $as_me 3.0.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES= $CONFIG_FILES @@ -6195,7 +6195,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/&/g'`" ac_cs_version="\\ -lxc-templates config.status 3.0.3 +lxc-templates config.status 3.0.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -Nru lxc-templates-3.0.3/configure.ac lxc-templates-3.0.4/configure.ac --- lxc-templates-3.0.3/configure.ac2018-11-23 01:48:17.0 +0100 +++ lxc-templates-3.0.4/configure.ac2019-06-22 00:57:21.0 +0200 @@ -1,7 +1,7 @@ # -*- Autoconf -*- # Process this file with autoconf to produce a configure script. -AC_INIT([lxc-templates], [3.0.3]) +AC_INIT([lxc-templates], [3.0.4]) AM_INIT_AUTOMAKE # We need pkg-config diff -Nru lxc-templates-3.0.3/debian/changelog lxc-templates-3.0.4/debian/changelog --- lxc-templates-3.0.3/debian/changelog2018-12-04 08:47:01.0 +0100 +++ lxc-templates-3.0.4/debian/changelog2020-04-19 18:13:31.0 +0200 @@ -1,3 +1,23 @@ +lxc-templates (3.0.4-2+deb10u1) buster; urgency=medium + + * Rebuild for Buster + + -- Pierre-Elliott Bécue Sun, 19 Apr 2020 18:13:31 +0200 + +lxc-templates (3.0.4-2) unstable; urgency=medium + + * d/p/0001: [lxc-debian] Handle languages that are only UTF-8 encoded +(Closes: #950840) + + -- Pierre-Elliott Bécue Sun, 19 Apr 2020 18:12:58 +0200 + +lxc-templates (3.0.4-1) unstable; urgency=medium + + * New upstream release 3.0.4 + * d/lxc-te
Bug#958173: buster-pu: package lxc-templates/3.0.3-1
Le dimanche 19 avril 2020 à 12:02:44+0100, Adam D. Barratt a écrit : > Control: tags -1 + moreinfo > > On Sun, 2020-04-19 at 12:32 +0200, Pierre-Elliott Bécue wrote: > > I'd like to ask you for your approval to upload lxc-templates > > 3.0.4-3+deb10u1 over lxc-templates 3.0.3-1, in Buster. > > Assuming that we'd be happy with that, you've uploaded 3.0.4-3 to > unstable, so any stable update needs to be _lower_. For a backport of > 3.0.4-3, the conventional version number would be 3.0.4-3~deb10u1. > > Your proposed changelog also makes no mention of the stable upload, > only those to unstable. Sorry, here is the appropriate debdiff. I fixed the version number issue. > > The reasons for this upload are: > > > > * New upstream release of lxc-templates 3.0.4 fixing small bugs in > >lxc-plamo and lxc-slackware templates. In lxc-plamo, the goal was > > to > >default to https for uploads and to ensure that the downloads work > >properly in regards to apparent changes on the download > > architecture. > >For lxc-slackware, the changes are the inclusion of two packages > > at > >the bootstraping of the containers. > > * RC bug #950840 fix in the lxc-debian template, through a patch I > > made. > >This bug was preventing a normal behaviour of containers > > bootstrapped > >with a locale set to a locale which exists only in UTF-8. > > > > I attached the debdiff of the changes, which are quite small. > > They also include a fair number of packaging changes, such as changes > of debhelper level, which aren't generally considered for stable > updates. (In some circumstances they /might/ be OK, if a binary debdiff > between the current stable packages and the proposed package built on > stable - bearing in mind the earlier comments - shows no changes.) I could remove these changes if needed, although it'll mean divergence between the current unstable package and the stable one. I'm fine with that, but I heard it's preferred to have them being consistent. On the binary side of things, there is a new file: usr/share/lintian/overrides/lxc-templates as an override has been added to 3.0.4-1. The other observable changes, using diffoscope are those I mentioned earlier. I hope this gives you enough intel, I'm available if you need more of if you wish me to reduce the set of changes. -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for one's principles than to live up to them. diff -Nru lxc-templates-3.0.3/configure lxc-templates-3.0.4/configure --- lxc-templates-3.0.3/configure 2018-11-23 01:48:22.0 +0100 +++ lxc-templates-3.0.4/configure 2019-06-22 00:57:26.0 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for lxc-templates 3.0.3. +# Generated by GNU Autoconf 2.69 for lxc-templates 3.0.4. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -577,8 +577,8 @@ # Identity of this package. PACKAGE_NAME='lxc-templates' PACKAGE_TARNAME='lxc-templates' -PACKAGE_VERSION='3.0.3' -PACKAGE_STRING='lxc-templates 3.0.3' +PACKAGE_VERSION='3.0.4' +PACKAGE_STRING='lxc-templates 3.0.4' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1321,7 +1321,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures lxc-templates 3.0.3 to adapt to many kinds of systems. +\`configure' configures lxc-templates 3.0.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1392,7 +1392,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of lxc-templates 3.0.3:";; + short | recursive ) echo "Configuration of lxc-templates 3.0.4:";; esac cat <<\_ACEOF @@ -1500,7 +1500,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -lxc-templates configure 3.0.3 +lxc-templates configure 3.0.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1752,7 +1752,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by lxc-templates $as_me 3.0.3, which was +It was created by lxc-templates $as_me 3.0.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2615,7 +2615,7 @@ # Define the identity of the package. PACKAGE='lxc-templates'
Bug#958173: buster-pu: package lxc-templates/3.0.3-1
uot;"\`\$]/&/g'`" ac_cs_version="\\ -lxc-templates config.status 3.0.3 +lxc-templates config.status 3.0.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -Nru lxc-templates-3.0.3/configure.ac lxc-templates-3.0.4/configure.ac --- lxc-templates-3.0.3/configure.ac2018-11-23 01:48:17.0 +0100 +++ lxc-templates-3.0.4/configure.ac2019-06-22 00:57:21.0 +0200 @@ -1,7 +1,7 @@ # -*- Autoconf -*- # Process this file with autoconf to produce a configure script. -AC_INIT([lxc-templates], [3.0.3]) +AC_INIT([lxc-templates], [3.0.4]) AM_INIT_AUTOMAKE # We need pkg-config diff -Nru lxc-templates-3.0.3/debian/changelog lxc-templates-3.0.4/debian/changelog --- lxc-templates-3.0.3/debian/changelog 2018-12-04 08:47:01.0 +0100 +++ lxc-templates-3.0.4/debian/changelog2020-04-19 11:59:35.0 +0200 @@ -1,3 +1,30 @@ +lxc-templates (3.0.4-3) unstable; urgency=medium + + [ Debian Janitor ] + * Drop unnecessary dependency on dh-autoreconf. + * Rely on pre-initialized dpkg-architecture variables. + + -- Pierre-Elliott Bécue Sun, 19 Apr 2020 11:59:35 +0200 + +lxc-templates (3.0.4-2) unstable; urgency=medium + + * d/p/0001: [lxc-debian] Handle languages that are only UTF-8 encoded +(Closes: #950840) + * Bump Standards-Version to 4.5.0 + * Set Rules-Requires-Root to no + + -- Pierre-Elliott Bécue Wed, 15 Apr 2020 17:02:34 +0200 + +lxc-templates (3.0.4-1) unstable; urgency=medium + + * New upstream release 3.0.4 + * d/control: +- Bump Standards-Version to 4.4.0 +- Use debhelper-compat instead of debian/compat (and raise level to 12) + * d/lxc-templates.lintian-overrides: Disable warning for access to dpkg DB + + -- Pierre-Elliott Bécue Tue, 20 Aug 2019 13:49:53 +0200 + lxc-templates (3.0.3-1) unstable; urgency=medium * d/control: diff -Nru lxc-templates-3.0.3/debian/compat lxc-templates-3.0.4/debian/compat --- lxc-templates-3.0.3/debian/compat 2018-12-04 08:47:01.0 +0100 +++ lxc-templates-3.0.4/debian/compat 1970-01-01 01:00:00.0 +0100 @@ -1 +0,0 @@ -11 diff -Nru lxc-templates-3.0.3/debian/control lxc-templates-3.0.4/debian/control --- lxc-templates-3.0.3/debian/control 2018-12-04 08:47:01.0 +0100 +++ lxc-templates-3.0.4/debian/control 2020-04-15 17:03:56.0 +0200 @@ -3,11 +3,12 @@ Priority: optional Maintainer: pkg-lxc Uploaders: Pierre-Elliott Bécue -Build-Depends: debhelper (>= 11~) -Standards-Version: 4.2.1 +Build-Depends: debhelper-compat (= 12) +Standards-Version: 4.5.0 Homepage: https://linuxcontainers.org/ Vcs-Git: https://salsa.debian.org/lxc-team/lxc-templates.git Vcs-Browser: https://salsa.debian.org/lxc-team/lxc-templates +Rules-Requires-Root: no Package: lxc-templates Architecture: linux-any diff -Nru lxc-templates-3.0.3/debian/lxc-templates.lintian-overrides lxc-templates-3.0.4/debian/lxc-templates.lintian-overrides --- lxc-templates-3.0.3/debian/lxc-templates.lintian-overrides 1970-01-01 01:00:00.0 +0100 +++ lxc-templates-3.0.4/debian/lxc-templates.lintian-overrides 2019-08-20 13:49:43.0 +0200 @@ -0,0 +1,3 @@ +# Done in the newly installed container for generating SSH keys. Not the cleanest way, but working and not dangerous. +lxc-templates: uses-dpkg-database-directly usr/share/lxc/templates/lxc-debian +lxc-templates: uses-dpkg-database-directly usr/share/lxc/templates/lxc-ubuntu diff -Nru lxc-templates-3.0.3/debian/patches/0001-lxc-debian-Handle-languages-that-are-only-UTF-8-enco.patch lxc-templates-3.0.4/debian/patches/0001-lxc-debian-Handle-languages-that-are-only-UTF-8-enco.patch --- lxc-templates-3.0.3/debian/patches/0001-lxc-debian-Handle-languages-that-are-only-UTF-8-enco.patch 1970-01-01 01:00:00.0 +0100 +++ lxc-templates-3.0.4/debian/patches/0001-lxc-debian-Handle-languages-that-are-only-UTF-8-enco.patch 2020-04-15 17:03:12.0 +0200 @@ -0,0 +1,22 @@ +From: =?utf-8?q?Pierre-Elliott_B=C3=A9cue?= +Date: Wed, 15 Apr 2020 16:55:15 +0200 +Subject: [lxc-debian] Handle languages that are only UTF-8 encoded + +--- + templates/lxc-debian.in | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/templates/lxc-debian.in b/templates/lxc-debian.in +index 4388478..f6b9f2c 100644 +--- a/templates/lxc-debian.in b/templates/lxc-debian.in +@@ -129,7 +129,8 @@ EOF + chroot "$rootfs" locale-gen en_US.UTF-8 UTF-8 + chroot "$rootfs" update-locale LANG=en_US.UTF-8 + else +-encoding=$(echo "$LANG" | cut -d. -f2) ++encoding=$(locale charmap) ++[ -z "${encoding}" ] && encoding="UTF-8" + chroot "$rootfs" sed -e "s/^# \(${LANG} ${encoding}\)/\1/" \ + -i /etc/locale.gen 2> /dev/null + cat >> "$rootfs/etc/locale.gen" << EOF diff -Nru
Bug#927759: unblock: lxc/1:3.1.0+really3.0.3-8
Le lundi 22 avril 2019 à 21:40:31+0200, Pierre-Elliott Bécue a écrit : > Subject: unblock: lxc/1:3.1.0+really3.0.3-8 > Package: release.debian.org > User: release.debian@packages.debian.org > Usertags: unblock > Severity: normal > X-Debbugs-Cc: pkg-lxc-de...@lists.alioth.debian.org > > Dear release team, > > Please unblock package lxc 1:3.1.0+really3.0.3-8 from unstable to > testing. > > This release fixes the important bug 925899[0] and introduces a little > more documentation regarding unprivileged containers which behave differently > from the privileged ones. > > As the changes made in -7 release were not actually appropriate (I sed a > dependency on apparmor, which is quite strong), I had to do another > release to revert some of these. The whole diff is attached and remains > quite decent. > > Thanks a lot for considering. :) > > unblock lxc/1:3.1.0+really3.0.3-8 > > [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925899 > > -- System Information: > Debian Release: buster/sid > APT prefers testing > APT policy: (990, 'testing'), (500, 'unstable') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores) > Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: > LC_ALL set to fr_FR.UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: > LC_ALL set to fr_FR.UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled *grmbl* forgotten attachment *grmbl* -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for one's principles than to live up to them. diff -Nru lxc-3.1.0+really3.0.3/debian/changelog lxc-3.1.0+really3.0.3/debian/changelog --- lxc-3.1.0+really3.0.3/debian/changelog 2019-03-09 15:49:21.0 +0100 +++ lxc-3.1.0+really3.0.3/debian/changelog 2019-04-14 15:46:47.0 +0200 @@ -1,3 +1,24 @@ +lxc (1:3.1.0+really3.0.3-8) unstable; urgency=medium + + * d/control: +- bin:lxc sets AppArmor as a Recommend instead of a Dependency + * d/README.Debian: +- Update the documentation to explain how to manage containers not + starting if AppArmor is missing. + + -- Pierre-Elliott Bécue Sun, 14 Apr 2019 15:46:47 +0200 + +lxc (1:3.1.0+really3.0.3-7) unstable; urgency=medium + + * d/ccontrol: +- Add a dependency to AppArmor for lxc package as the default.conf file + includes an AppArmor profile. + * d/{NEWS,README.Debian}: +- Add appropriate documentation for unprivileged containers + (Closes: #925899) + + -- Pierre-Elliott Bécue Tue, 09 Apr 2019 02:03:05 +0200 + lxc (1:3.1.0+really3.0.3-6) unstable; urgency=medium * d/patches/0005: Tweaks the 0004 patch for CVE-2019-5736 (Closes: #923932) diff -Nru lxc-3.1.0+really3.0.3/debian/control lxc-3.1.0+really3.0.3/debian/control --- lxc-3.1.0+really3.0.3/debian/control 2019-01-10 23:26:17.0 +0100 +++ lxc-3.1.0+really3.0.3/debian/control 2019-04-14 15:27:01.0 +0200 @@ -33,7 +33,8 @@ ${misc:Depends}, ${shlibs:Depends}, lsb-base (>= 3.0-6) -Recommends: bridge-utils, +Recommends: apparmor, +bridge-utils, debootstrap, dirmngr, dnsmasq-base, @@ -46,7 +47,7 @@ openssl, rsync, uidmap -Suggests: apparmor, btrfs-progs, lvm2, python3-lxc +Suggests: btrfs-progs, lvm2, python3-lxc Description: Linux Containers userspace tools Containers are insulated areas inside a system, which have their own namespace for filesystem, network, PID, IPC, CPU and memory allocation and which can be diff -Nru lxc-3.1.0+really3.0.3/debian/NEWS lxc-3.1.0+really3.0.3/debian/NEWS --- lxc-3.1.0+really3.0.3/debian/NEWS 2019-03-09 15:49:19.0 +0100 +++ lxc-3.1.0+really3.0.3/debian/NEWS 2019-04-09 02:02:51.0 +0200 @@ -6,7 +6,7 @@ lxc-update-config is available to update automatically your configuration files. An automatic update is possible and offered by debconf during the upgrade of lxc version < 3.0.2 to lxc version >= - 3.0.2. Mind that this update will only work for priviledged containers + 3.0.2. Mind that this update will only work for privileged containers with configurations present in /var/lib/lxc/*/config and any other container will not be updated. 2. AppArmor support in Debian has increased, thus preventing some systemd @@ -20,7 +20,13 @@ These parameters are provided in the `/etc/lxc/default.conf` file shipped with LXC 3. Hence, any newly created container will have these - parameters set properly, execpt if you alter the forementionned file. + parameters set properly, except if you alter the aforementioned file. + + WARNING: Note that with these parameters, unprivileged conta
Bug#927759: unblock: lxc/1:3.1.0+really3.0.3-8
Subject: unblock: lxc/1:3.1.0+really3.0.3-8 Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Severity: normal X-Debbugs-Cc: pkg-lxc-de...@lists.alioth.debian.org Dear release team, Please unblock package lxc 1:3.1.0+really3.0.3-8 from unstable to testing. This release fixes the important bug 925899[0] and introduces a little more documentation regarding unprivileged containers which behave differently from the privileged ones. As the changes made in -7 release were not actually appropriate (I sed a dependency on apparmor, which is quite strong), I had to do another release to revert some of these. The whole diff is attached and remains quite decent. Thanks a lot for considering. :) unblock lxc/1:3.1.0+really3.0.3-8 [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925899 -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for one's principles than to live up to them. signature.asc Description: PGP signature
Bug#924427: unblock: lxc/1:3.1.0+really3.0.3-4
Le mardi 12 mars 2019 à 22:25:53+0100, Pierre-Elliott Bécue a écrit : > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Dear Release Managers, > > I'd llike to ask you to please unblock package lxc version > 1:3.1.0+really3.0.3-6 currently lying in unstable, so it replaces lxc > version 1:3.1.0+really3.0.3-4 currently in testing. > > Indeed, Antonio Terceiro did an upload for 1:3.1.0+really3.0.3-5 in > unstable on March the 2nd, with changes regarding Debconf translation in > Dutch (see bug #923328 [0]) and another change to fix an issue I > introduced in the provided `/etc/lxc/default.conf` file, which made it > not usable without a fix by the end user. (see bug #923395 [1]) > > Although these changes should have reached testing before the freeze, I > realized that changes I've made for 1:3.1.0+really3.0.3-4 to fix a CVE > introduced some anomalies due to upstream patch not being enough (see > bug #923932 [2]), and that I forgot to update debian/NEWS with proper > instructions regarding the breaking changes from LXC2 to 3. (explain the > reason for the unblock here) > > Hence I did a 1:3.1.0+really3.0.3-6 upload in unstable to include these > changes, and it reset the counter for -5. > > Attached is a debdiff between testing and unstable. > > Thanks a lot for considering such an unblock. > > With best regards, Sorry for forgetting: [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923328 [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923395 [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923932 -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for one's principles than to live up to them. signature.asc Description: PGP signature
Bug#924427: unblock: lxc/1:3.1.0+really3.0.3-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear Release Managers, I'd llike to ask you to please unblock package lxc version 1:3.1.0+really3.0.3-6 currently lying in unstable, so it replaces lxc version 1:3.1.0+really3.0.3-4 currently in testing. Indeed, Antonio Terceiro did an upload for 1:3.1.0+really3.0.3-5 in unstable on March the 2nd, with changes regarding Debconf translation in Dutch (see bug #923328 [0]) and another change to fix an issue I introduced in the provided `/etc/lxc/default.conf` file, which made it not usable without a fix by the end user. (see bug #923395 [1]) Although these changes should have reached testing before the freeze, I realized that changes I've made for 1:3.1.0+really3.0.3-4 to fix a CVE introduced some anomalies due to upstream patch not being enough (see bug #923932 [2]), and that I forgot to update debian/NEWS with proper instructions regarding the breaking changes from LXC2 to 3. (explain the reason for the unblock here) Hence I did a 1:3.1.0+really3.0.3-6 upload in unstable to include these changes, and it reset the counter for -5. Attached is a debdiff between testing and unstable. Thanks a lot for considering such an unblock. With best regards, unblock lxc/1:3.1.0+really3.0.3-4 -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff -Nru lxc-3.1.0+really3.0.3/debian/changelog lxc-3.1.0+really3.0.3/debian/changelog --- lxc-3.1.0+really3.0.3/debian/changelog 2019-02-16 16:21:41.0 +0100 +++ lxc-3.1.0+really3.0.3/debian/changelog 2019-03-09 15:49:21.0 +0100 @@ -1,3 +1,22 @@ +lxc (1:3.1.0+really3.0.3-6) unstable; urgency=medium + + * d/patches/0005: Tweaks the 0004 patch for CVE-2019-5736 (Closes: #923932) + * d/NEWS: summary of the important changes since LXC2. + + -- Pierre-Elliott Bécue Sat, 09 Mar 2019 15:49:21 +0100 + +lxc (1:3.1.0+really3.0.3-5) unstable; urgency=medium + + [ Christian Kastner ] + * /etc/default/lxc.conf Change back to lxc.net.0.type +(Closes: #923395) + + [ Frans Spiesschaert ] + * debian/po/nl.po: Add Dutch translation of debconf messages +(Closes: #923328) + + -- Antonio Terceiro Sat, 02 Mar 2019 12:33:08 -0300 + lxc (1:3.1.0+really3.0.3-4) unstable; urgency=medium [ Lev Lamberov ] diff -Nru lxc-3.1.0+really3.0.3/debian/contrib/default.conf lxc-3.1.0+really3.0.3/debian/contrib/default.conf --- lxc-3.1.0+really3.0.3/debian/contrib/default.conf 2019-02-11 22:59:58.0 +0100 +++ lxc-3.1.0+really3.0.3/debian/contrib/default.conf 2019-03-09 12:54:41.0 +0100 @@ -1,3 +1,3 @@ -lxc.net.type = empty +lxc.net.0.type = empty lxc.apparmor.profile = generated lxc.apparmor.allow_nesting = 1 diff -Nru lxc-3.1.0+really3.0.3/debian/liblxc1.symbols lxc-3.1.0+really3.0.3/debian/liblxc1.symbols --- lxc-3.1.0+really3.0.3/debian/liblxc1.symbols2019-02-16 16:21:29.0 +0100 +++ lxc-3.1.0+really3.0.3/debian/liblxc1.symbols2019-03-09 12:54:41.0 +0100 @@ -381,6 +381,7 @@ lxc_remove_nic_by_idx@Base 1:3.0.2 lxc_requests_empty_network@Base 1:3.0.2 lxc_restore_phys_nics_to_netns@Base 1:3.0.2 + lxc_rexec@Base 1:3.0.3 lxc_ringbuf_create@Base 1:3.0.2 lxc_ringbuf_move_read_addr@Base 1:3.0.2 lxc_ringbuf_read@Base 1:3.0.2 diff -Nru lxc-3.1.0+really3.0.3/debian/NEWS lxc-3.1.0+really3.0.3/debian/NEWS --- lxc-3.1.0+really3.0.3/debian/NEWS 2018-12-22 22:49:44.0 +0100 +++ lxc-3.1.0+really3.0.3/debian/NEWS 2019-03-09 15:49:19.0 +0100 @@ -1,3 +1,35 @@ +lxc (1:3.1.0+really3.0.3-6) unstable; urgency=medium + + LXC 3 got some significant changes from LXC 2. + + 1. The configuration files use different variables. A userland script + lxc-update-config is available to update automatically your + configuration files. An automatic update is possible and offered by + debconf during the upgrade of lxc version < 3.0.2 to lxc version >= + 3.0.2. Mind that this update will only work for priviledged containers + with configurations present in /var/lib/lxc/*/config and any other + container will not be updated. + 2. AppArmor support in Debian has increased, thus preventing some systemd + isolation features to work in LXC 3.0.X. Debian has backported some + patches from LXC 3.1 that, along with some configurations in a + container, will allow systemd isolation features to work. + + The required configuration parameters are the ones which follow: +