Bug#1011210: RM: android-platform-system-core/1:10.0.0+r36-10 -- ROM; NVIU
On Thu, May 19, 2022 at 3:49 AM Paul Gevers wrote: > > Hi Roger, > > On 18-05-2022 18:22, Roger Shimizu wrote: > > This ticket is a follow-up to #100 > > - https://bugs.debian.org/100 > > > > I marked this ticket with ROM and NVIU, because: > > - ROM: I'm member of android tools team > > - NVIU: src:android-platform-tools is actually new version of this > > src:android-platform-system-core package. In order to let > > android-platform-tools latest version migrating to testing > > successfully, we have to remove src:android-platform-tools from > > testing. > > Wouldn't it make more sense to remove it altogether then? I.e. shouldn't > we reassign this bug to ftp.debian.org? (Testing follows removal > automatically). Thanks for the hint, Paul! I didn‘t know there's "Testing follows removal automatically" rule, and just saw the wiki [1] says ftpmaster can only remove from sid & experimental. I guess we should choose "testing follows removal automatically". [1] https://wiki.debian.org/ftpmaster_Removals#Removals_from_testing.2C_stable_and_oldstable Cheers, Roger
Bug#1011210: RM: android-platform-system-core/1:10.0.0+r36-10 -- ROM; NVIU
This ticket is a follow-up to #100 - https://bugs.debian.org/100 I marked this ticket with ROM and NVIU, because: - ROM: I'm member of android tools team - NVIU: src:android-platform-tools is actually new version of this src:android-platform-system-core package. In order to let android-platform-tools latest version migrating to testing successfully, we have to remove src:android-platform-tools from testing. Thank you! Cheers, -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1
Bug#1011110: unblock: android-platform-tools/29.0.6-14
Dear Paul, Thanks for your kind help and check! I created a new ticket to remove android-platform-system-core from testing as you suggested. - https://bugs.debian.org/1011210 And there're a few comments below if you're interested ... On Wed, May 18, 2022 at 2:32 AM Paul Gevers wrote: > > Hi, > > On 17-05-2022 06:11, Roger Shimizu wrote: > > [ Other info ] > > Package android-platform-art and android-platform-frameworks-base should be > > migrated at the same time. > > > > unblock android-platform-tools/29.0.6-14 > > unblock android-platform-art/11.0.0+r48-3 > > unblock android-platform-frameworks-base/1:10.0.0+r36-5 > > Our migration software already figured that out [1]: > > Trying easy from autohinter: android-platform-art/11.0.0+r48-3 > android-platform-frameworks-base/1:10.0.0+r36-5 > android-platform-tools/29.0.6-14 > start: 24+0: a-1:a-22:a-0:a-0:i-0:m-0:m-0:p-0:s-1 > orig: 24+0: a-1:a-22:a-0:a-0:i-0:m-0:m-0:p-0:s-1 > Checking if changes enables cruft removal > recur: [] > android-platform-art,android-platform-frameworks-base,android-platform-tools > 41/0 > > [...] > > finish: > [android-platform-art,android-platform-frameworks-base,android-platform-tools] > endloop: 24+0: a-1:a-22:a-0:a-0:i-0:m-0:m-0:p-0:s-1 > now: 37+0: a-6:a-27:a-1:a-1:i-1:m-0:m-0:p-0:s-1 Yes, I also saw this log before, but I cannot understand the meaning. It's with too many abbv. words and expressions. It's better if there's a doc to explain these all. > * amd64: android-libadb, android-libadb-dev, > android-libnativebridge-dev, android-libnativeloader-dev, > android-tools-mkbootimg > * arm64: android-libadb, android-libadb-dev, > android-libnativebridge-dev, android-libnativeloader-dev, > android-tools-mkbootimg > * armel: android-libadb > * armhf: android-libadb > * i386: android-libadb > > So, upgrading those three source packages would make several packages > uninstallable. > > Here you can see an example of why: > https://qa.debian.org/dose/debcheck/unstable_main/1652763601/packages/android-libadb.html#720d4c2b1a6529f2af595048faf0e919 I think those uninstallable packages are simply obsoleted, since no other package depends on them. That's why I removed those packages from new d/control file of android-platform-tools (the new source package). > It took me a while, but the issue is that android-libbase is build by > two source packages: > android-platform-system-core/1:10.0.0+r36-10 > and > android-platform-tools/29.0.6-14 > > The rules file of android-platform-tools adds an extra epoch, so it wins > and the version of android-libbase comes from android-platform-tools at > version 1:29.0.6-14 as rmadison tells me. > > Which means that those packages in the update_output.txt can't be > installed (in unstable) because they have a strict versioned relation > that can't be fulfilled in unstable. Our migration software detects the > problem and prevents it from migrating to testing. I guess these issues should be resolved after bug#1011210 - https://bugs.debian.org/1011210 If not, just let me know, and I'll fix it. Thanks again! Cheers, -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1
Bug#1011210: RM: android-platform-system-core/1:10.0.0+r36-10
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Since src:android-platform-system-core is already replaced by src:android-platform-tools, please kindly help to remove src:android-platform-system-core from testing. For stable and eailer suits, we can still keep this package. Thank you!
Bug#1011110: unblock: android-platform-tools/29.0.6-14
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package android-platform-tools (Please provide enough (but not too much) information to help the release team to judge the request efficiently. E.g. by filling in the sections below.) [ Reason ] Previous issue such as #1010231 was already resolved, and now autopkgtest results are all fine: - https://qa.debian.org/excuses.php?package=android-platform-tools - https://qa.debian.org/excuses.php?package=android-platform-art - https://qa.debian.org/excuses.php?package=android-platform-frameworks-base Migration period already passed for a few days, but still cannot be migrated automatically, so I filed this ticket for help. [ Tests ] All 3 packages' autopkgtest got passed, and they run well on my enironment. [ Risks ] None so far. If there's issue, I'll fix it. [ Checklist ] [*] all changes are documented in the d/changelog [*] I reviewed all changes and I approve them [*] attach debdiff against the package in testing [ Other info ] Package android-platform-art and android-platform-frameworks-base should be migrated at the same time. unblock android-platform-tools/29.0.6-14 unblock android-platform-art/11.0.0+r48-3 unblock android-platform-frameworks-base/1:10.0.0+r36-5 Cheers, Roger
Re: chromium: Update to version 94.0.4606.61 (security-fixes)
On Sat, Feb 12, 2022 at 2:12 AM Andres Salomon wrote: > > On 2/11/22 06:18, Roger Shimizu wrote: > > > Dear Andres, > > > > Thanks for your work for chromium! > > > > On Mon, Jan 3, 2022 at 7:33 PM Andres Salomon wrote: > >>>> I saw > >>>> https://salsa.debian.org/dilinger/chromium/-/commit/5c05f430e192961527ec9a64bbaa64401dc14d95 > >>>> , but buster now also includes LLVM/clang 11 (it was introduced to > >>>> support a more recent Rust toolchain needed for Firefox), so you > >>>> might be reduce complexity here further: > >>>> https://tracker.debian.org/pkg/llvm-toolchain-11 > >>>> > >>>> It's in buster-proposed-updates since there hasn't been a point > >>>> release since, but for the purposes of buster-security builds, it > >>>> doesn't matter (they chroots have been modified to includen > >>>> buster-proposed-updates temporarily): > >>> Ah, very helpful, thanks! I'll give buster a try (just created > >>> the 'v96-buster' branch). Between that and various backports, I think > >>> we might be in good shape. > >> Unfortunately it needs a newer nodejs than what's in buster, so I'll go > >> back to focusing on bullseye & sid for now. :( > > I tried to backport bullseye's v97 to buster, but error below occured. > > I also tired the v96-buster branch from your salsa git repo, and got > > similar error. > > > > So this is the error you mentioned above that buster's nodejs package > > is too old for chromium? > > Is it possible to use embed nodejs to workaround this issue? > > > > I also guess this might be related to incompatible between system's > > nodejs and embed rollup binary. > > Is it possible to add a patch to replace with system's rollup? > > > > Error from buster-backports pbuilder for bullseye's chromium v97: > > > > FAILED: > > gen/third_party/devtools-frontend/src/front_end/panels/timeline/components/components.js > > python3 ../../third_party/node/node.py > > ../../third_party/devtools-frontend/src/node_modules/rollup/dist/bin/rollup > > --silent --config > > ../../third_party/devtools-frontend/src/scripts/build/rollup.config.js > > --input > > gen/third_party/devtools-frontend/src/front_end/panels/timeline/components/components.prebundle.js > > --file > > gen/third_party/devtools-frontend/src/front_end/panels/timeline/components/components.js > > --configDCHECK > > Traceback (most recent call last): > >File "../../third_party/node/node.py", line 36, in > > RunNode(sys.argv[1:]) > >File "../../third_party/node/node.py", line 31, in RunNode > > raise RuntimeError('%s failed: %s' % (cmd, stderr)) > > RuntimeError: ['/usr/bin/nodejs', > > '../../third_party/devtools-frontend/src/node_modules/rollup/dist/bin/rollup', > > '--silent', '--config', > > '../../third_party/devtools-frontend/src/scripts/build/rollup.config.js', > > '--input', > > 'gen/third_party/devtools-frontend/src/front_end/panels/timeline/components/components.prebundle.js', > > '--file', > > 'gen/third_party/devtools-frontend/src/front_end/panels/timeline/components/components.js', > > '--configDCHECK'] failed: b'[!] (plugin minify-html-template-literals) > > TypeError: result.matchAll is not a > > function\ngen/third_party/devtools-frontend/src/front_end/panels/timeline/components/WebVitalsTimeline.js\nTypeError: > > result.matchAll is not a function\nat Object.minifyHTML > > (/build/chromium-97.0.4692.99/third_party/devtools-frontend/src/node_modules/minify-html-literals/src/strategy.ts:145:41)\n > > at Object.minifyHTML > > (/build/chromium-97.0.4692.99/third_party/devtools-frontend/src/scripts/build/rollup.config.js:80:37)\n > > at templates.forEach.template > > (/build/chromium-97.0.4692.99/third_party/devtools-frontend/src/node_modules/minify-html-literals/src/minifyHTMLLiterals.ts:322:24)\n > > at Array.forEach ()\nat Object.minifyHTMLLiterals > > (/build/chromium-97.0.4692.99/third_party/devtools-frontend/src/node_modules/minify-html-literals/src/minifyHTMLLiterals.ts:297:13)\n > > at Object.transform > > (/build/chromium-97.0.4692.99/third_party/devtools-frontend/src/node_modules/rollup-plugin-minify-html-template-literals/dist/index.js:15:47)\n > > at Promise.resolve.then > > (/build/chromium-97.0.4692.99/third_party/devtools-frontend/src/node_modules/rollup/dist/shared/rollup.js:20218:25)\n\n' > > > > > > Cheers, > > > > Yes, that's the error
Re: chromium: Update to version 94.0.4606.61 (security-fixes)
Dear Andres, Thanks for your work for chromium! On Mon, Jan 3, 2022 at 7:33 PM Andres Salomon wrote: > > > I saw > > > https://salsa.debian.org/dilinger/chromium/-/commit/5c05f430e192961527ec9a64bbaa64401dc14d95 > > > , but buster now also includes LLVM/clang 11 (it was introduced to > > > support a more recent Rust toolchain needed for Firefox), so you > > > might be reduce complexity here further: > > > https://tracker.debian.org/pkg/llvm-toolchain-11 > > > > > > It's in buster-proposed-updates since there hasn't been a point > > > release since, but for the purposes of buster-security builds, it > > > doesn't matter (they chroots have been modified to includen > > > buster-proposed-updates temporarily): > > > > Ah, very helpful, thanks! I'll give buster a try (just created > > the 'v96-buster' branch). Between that and various backports, I think > > we might be in good shape. > > Unfortunately it needs a newer nodejs than what's in buster, so I'll go > back to focusing on bullseye & sid for now. :( I tried to backport bullseye's v97 to buster, but error below occured. I also tired the v96-buster branch from your salsa git repo, and got similar error. So this is the error you mentioned above that buster's nodejs package is too old for chromium? Is it possible to use embed nodejs to workaround this issue? I also guess this might be related to incompatible between system's nodejs and embed rollup binary. Is it possible to add a patch to replace with system's rollup? Error from buster-backports pbuilder for bullseye's chromium v97: FAILED: gen/third_party/devtools-frontend/src/front_end/panels/timeline/components/components.js python3 ../../third_party/node/node.py ../../third_party/devtools-frontend/src/node_modules/rollup/dist/bin/rollup --silent --config ../../third_party/devtools-frontend/src/scripts/build/rollup.config.js --input gen/third_party/devtools-frontend/src/front_end/panels/timeline/components/components.prebundle.js --file gen/third_party/devtools-frontend/src/front_end/panels/timeline/components/components.js --configDCHECK Traceback (most recent call last): File "../../third_party/node/node.py", line 36, in RunNode(sys.argv[1:]) File "../../third_party/node/node.py", line 31, in RunNode raise RuntimeError('%s failed: %s' % (cmd, stderr)) RuntimeError: ['/usr/bin/nodejs', '../../third_party/devtools-frontend/src/node_modules/rollup/dist/bin/rollup', '--silent', '--config', '../../third_party/devtools-frontend/src/scripts/build/rollup.config.js', '--input', 'gen/third_party/devtools-frontend/src/front_end/panels/timeline/components/components.prebundle.js', '--file', 'gen/third_party/devtools-frontend/src/front_end/panels/timeline/components/components.js', '--configDCHECK'] failed: b'[!] (plugin minify-html-template-literals) TypeError: result.matchAll is not a function\ngen/third_party/devtools-frontend/src/front_end/panels/timeline/components/WebVitalsTimeline.js\nTypeError: result.matchAll is not a function\nat Object.minifyHTML (/build/chromium-97.0.4692.99/third_party/devtools-frontend/src/node_modules/minify-html-literals/src/strategy.ts:145:41)\n at Object.minifyHTML (/build/chromium-97.0.4692.99/third_party/devtools-frontend/src/scripts/build/rollup.config.js:80:37)\n at templates.forEach.template (/build/chromium-97.0.4692.99/third_party/devtools-frontend/src/node_modules/minify-html-literals/src/minifyHTMLLiterals.ts:322:24)\n at Array.forEach ()\nat Object.minifyHTMLLiterals (/build/chromium-97.0.4692.99/third_party/devtools-frontend/src/node_modules/minify-html-literals/src/minifyHTMLLiterals.ts:297:13)\n at Object.transform (/build/chromium-97.0.4692.99/third_party/devtools-frontend/src/node_modules/rollup-plugin-minify-html-template-literals/dist/index.js:15:47)\n at Promise.resolve.then (/build/chromium-97.0.4692.99/third_party/devtools-frontend/src/node_modules/rollup/dist/shared/rollup.js:20218:25)\n\n' Cheers, -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1
Bug#991892: unblock: repo/2.15.4-6
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package repo [ Reason ] * Cherry-pick upstream patch to make manpages system independent, which shows no CPU cores of build system. * Remove local patch to generate manpages. * d/tests: Add test command on new '--use-superproject' option. * d/control: Add run_test dependencies to Build-Depends field. * d/rules: Enable to run "run_test" script as dh_auto_test. [ Impact ] Only manpages, autopkgtest, and dh_auto_test tests are affected. [ Tests ] All tests passed, including new appended tests. [ Risks ] It's low risk because: * This package is in contrib, and with no reverse dependency. * The changes are limited, only affect manpages and tests. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing (include/attach the debdiff against the package in testing) unblock repo/2.15.4-6 debdiff_repo.patch.xz Description: application/xz
Bug#988627: unblock: broadcom-sta/6.30.223.271-16.1
control: tags -1 -moreinfo Dear Paul, Thanks for your checking! On Thu, May 27, 2021 at 5:50 PM Paul Gevers wrote: > > Control: tags -1 moreinfo > > Hi, > > On 17-05-2021 02:12, Ben Hutchings wrote: > > Please unblock package broadcom-sta > > > > [ Reason ] > > Fix the unusable broadcom-sta-source package. > > > > [ Impact ] > > It is not possible to build a package using module-assistant and the > > version of broadcom-sta-source in bullseye. However, dkms and > > broadcom-sta-dkms can be used as an alternative. > > > > [ Tests ] > > Only the build processes are being changed. I tested that: > > - broadcom-sta can be built from source > > - module-assistant can build a module package from broadcom-sta-source > > for the current kernel version in bullseye (5.10.0-6-amd64) > > - the resulting binary module package looks like a module package > > built from broadcom-sta-source in buster, modulo version changes > > * I wonder, broadcom-sta has seen quite some uploads the last couple of > years and debhelper is even in oldstable newer than the version > mentioned. How were all these uploads possible? I think "some uploads" means uploading "src:broadcom-sta", which states debhelper version in debian/control. And debian/control is not updated in this unblock request. The source updated in this upload is: debian/control.modules.in which is not used for upload, and will be explained below. > * What is/was the behavior of debhelper if the compat level was not > specified? In the freeze we don't want debhelper compat bumps unless the > package is proven to have no delta regardless of the old-vs-new level. The issue resolved in this upload is: after installing broadcom-sta-source, when user try to build their own deb files by using tool module-assistant, the deb build would fail. The user built deb is not for upload to debian archive, but for private use only. Personally I don't install and use broadcom-sta-source, so I didn't notice this issue for years. I hope things get clear now. Thank you! Cheers, -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1
Bug#988627: unblock: broadcom-sta/6.30.223.271-16.1
> control: retitle -1 unblock: broadcom-sta/6.30.223.271-17 > > unblock broadcom-sta/6.30.223.271-17 ping. I'm asking because this package is marked as autoremoval from testing on June 8th. Is there any concern regarding to the unblocking? Thank you! Cheers, -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1
Bug#988083: unblock: micro-evtd/3.4-6
control: tags -1 -moreinfo On Thu, May 20, 2021 at 4:57 AM Paul Gevers wrote: > > Control: tags -1 moreinfo > > Hi Ryan, > > On 06-05-2021 07:33, Ryan Tandy wrote: > > #988119: the daemon creates its pid and status files with mode 666, > > start-stop-daemon doesn't like that and refuses to stop the daemon. > > > > I don't know what the appropriate severity is for that one. If it's RC I > > can make another upload to fix it. > > I suggest a new upload to fix that issue. But if it's no regression, > maybe we can have the current version migrate first. Yes, #988119 is not a regression issue. I think it's better to let current version migrate first. Current version doesn't have any feature change, so it's quite safe. For #988119 I need some time to fix, and test to confirm it's safe to deliver to bullseye. Thanks for your understanding! Cheers, -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1
Bug#988627: unblock: broadcom-sta/6.30.223.271-16.1
control: retitle -1 unblock: broadcom-sta/6.30.223.271-17 On Mon, May 17, 2021 at 9:15 AM Ben Hutchings wrote: > > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > X-Debbugs-Cc: bl...@debian.org, clac...@easter-eggs.com, r...@debian.org > > Please unblock package broadcom-sta > > [ Reason ] > Fix the unusable broadcom-sta-source package. > > [ Impact ] > It is not possible to build a package using module-assistant and the > version of broadcom-sta-source in bullseye. However, dkms and > broadcom-sta-dkms can be used as an alternative. > > [ Tests ] > Only the build processes are being changed. I tested that: > - broadcom-sta can be built from source > - module-assistant can build a module package from broadcom-sta-source > for the current kernel version in bullseye (5.10.0-6-amd64) > - the resulting binary module package looks like a module package > built from broadcom-sta-source in buster, modulo version changes > > [ Risks ] > This seems like a low-risk change. > > [ Checklist ] > [X] all changes are documented in the d/changelog > [X] I reviewed all changes and I approve them > [X] attach debdiff against the package in testing > > [ Other info ] Sorry I have to re-upload, because this is non-free and won't get built on buildd. I re-uploaded with binary, with no actual code change since 6.30.223.271-16.1 unblock broadcom-sta/6.30.223.271-17 -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1 diff -Nru broadcom-sta-6.30.223.271/debian/changelog broadcom-sta-6.30.223.271/debian/changelog --- broadcom-sta-6.30.223.271/debian/changelog 2021-05-04 18:11:49.0 +0900 +++ broadcom-sta-6.30.223.271/debian/changelog 2021-05-17 19:39:19.0 +0900 @@ -1,3 +1,21 @@ +broadcom-sta (6.30.223.271-17) unstable; urgency=medium + + * Re-upload with binary since this is non-free and won't get built +on buildd. + + -- Roger Shimizu Mon, 17 May 2021 19:39:19 +0900 + +broadcom-sta (6.30.223.271-16.1) unstable; urgency=medium + + * Non-maintainer upload + * debian/control.modules.in: +- Declare debhelper compat level through a build-dependency + (Closes: #988562) + * debian/rules: +- Fix copying of Debian files in install-source rule + + -- Ben Hutchings Mon, 17 May 2021 01:06:42 +0200 + broadcom-sta (6.30.223.271-16) unstable; urgency=medium * Upload to unstable. diff -Nru broadcom-sta-6.30.223.271/debian/control.modules.in broadcom-sta-6.30.223.271/debian/control.modules.in --- broadcom-sta-6.30.223.271/debian/control.modules.in 2021-05-04 18:11:49.0 +0900 +++ broadcom-sta-6.30.223.271/debian/control.modules.in 2021-05-17 19:39:19.0 +0900 @@ -2,7 +2,7 @@ Section: non-free/kernel Priority: optional Maintainer: Cyril Lacoux -Build-Depends: debhelper (>= 8) +Build-Depends: debhelper-compat (= 12) Standards-Version: 3.9.4 Homepage: http://www.broadcom.com/support/802.11/linux_sta.php diff -Nru broadcom-sta-6.30.223.271/debian/rules broadcom-sta-6.30.223.271/debian/rules --- broadcom-sta-6.30.223.271/debian/rules 2021-05-04 18:11:49.0 +0900 +++ broadcom-sta-6.30.223.271/debian/rules 2021-05-17 19:39:19.0 +0900 @@ -45,8 +45,8 @@ # Copy Debian files install -D -m 0755 debian/rules.modules $(source_debdir)/rules - for file in changelog compat control control.modules.in copyright; do \ - install -m 644 debian/$$file $(source_debdir); \ + for file in changelog control control.modules.in copyright; do \ + install -m 644 debian/$$file $(source_debdir) || exit; \ done # Make suitable tarball for module-assisant and kernel-package
Bug#988048: unblock: broadcom-sta/6.30.223.271-16
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package broadcom-sta [ the reason for the unblock ] It fixes a serious bug #987159 that txpower cannot get/set correctly, with some other fixes. The patches are in experimental for a while and confirmed working without regression. [ the debdiff against the package in testing is attached ] debdiff_broadcom-sta.txt.xz Description: application/xz
Bug#987762: unblock: adjtimex/1.29-11
On Thu, Apr 29, 2021 at 3:39 PM Roger Shimizu wrote: > > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock package adjtimex I checked autoremovals [1], seems the package will be removed before it get the chance to migrate if unblock is permitted. [1] https://udd.debian.org/cgi-bin/autoremovals.cgi adjtimex: flagged for removal in 14.9 days Because the severity of the ticket was just raised from important to serious yesterday, it looks strange to me that the autoremoval period is so short, and shorter than the migration period. Is there any way to keep this package for bullseye? Thank you! Cheers, -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1
Bug#987762: unblock: adjtimex/1.29-11
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package adjtimex [ the reason for the unblock ] It fixes a series bug #944867 that cannot work with latest ntpdate command. The patch is just to add an additional argument in ntpdate command line, confirmed to work. So the risk is quite limited. [ the debdiff against the package in testing is attached ] diff -Nru adjtimex-1.29/debian/changelog adjtimex-1.29/debian/changelog --- adjtimex-1.29/debian/changelog 2018-07-25 19:29:50.0 +0900 +++ adjtimex-1.29/debian/changelog 2021-04-28 00:11:49.0 +0900 @@ -1,3 +1,14 @@ +adjtimex (1.29-11) unstable; urgency=medium + + * debian/patches: +- Add patch to fix ntpdate command (Closes: #944867). + * debian/control: +- Use my debian email. +- Move Vcs-* to salsa. +- Add Rules-Requires-Root: no + + -- Roger Shimizu Wed, 28 Apr 2021 00:11:49 +0900 + adjtimex (1.29-10) unstable; urgency=medium * debian/patches: diff -Nru adjtimex-1.29/debian/control adjtimex-1.29/debian/control --- adjtimex-1.29/debian/control2018-07-24 18:50:56.0 +0900 +++ adjtimex-1.29/debian/control2021-04-28 00:11:49.0 +0900 @@ -1,14 +1,15 @@ Source: adjtimex Section: admin Priority: optional -Maintainer: Roger Shimizu +Maintainer: Roger Shimizu Build-Depends: debhelper (>= 10), po-debconf Standards-Version: 3.9.8 +Rules-Requires-Root: no Homepage: http://metalab.unc.edu/pub/Linux/system/admin/time -Vcs-Git: https://github.com/rogers0/adjtimex.git -Vcs-Browser: https://github.com/rogers0/adjtimex +Vcs-Git: https://salsa.debian.org/debian/adjtimex.git +Vcs-Browser: https://salsa.debian.org/debian/adjtimex Package: adjtimex Architecture: linux-any diff -Nru adjtimex-1.29/debian/patches/11-Fix-ntpdate-command.patch adjtimex-1.29/debian/patches/11-Fix-ntpdate-command.patch --- adjtimex-1.29/debian/patches/11-Fix-ntpdate-command.patch 1970-01-01 09:00:00.0 +0900 +++ adjtimex-1.29/debian/patches/11-Fix-ntpdate-command.patch 2021-04-28 00:11:49.0 +0900 @@ -0,0 +1,25 @@ +From: Roger Shimizu +Date: Mon, 26 Apr 2021 02:49:16 +0900 +Subject: Fix ntpdate command + +Add option "-p4" to ntpdate command due to: +* http://bugs.debian.org/987625 + +Closes: #944867 +--- + adjtimex.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/adjtimex.c b/adjtimex.c +index 692b722..7699fe5 100644 +--- a/adjtimex.c b/adjtimex.c +@@ -1424,7 +1424,7 @@ static void log_times() + failntpdate("cannot find ntpdate"); + + found_ntpdate: +- sprintf(command, "%s -q -d %.32s ", paths[i], timeserver); ++ sprintf(command, "%s -q -p4 -d %.32s ", paths[i], timeserver); + ifile = popen(command, "r"); + + if (ifile == NULL) diff -Nru adjtimex-1.29/debian/patches/series adjtimex-1.29/debian/patches/series --- adjtimex-1.29/debian/patches/series 2018-07-25 19:29:50.0 +0900 +++ adjtimex-1.29/debian/patches/series 2021-04-28 00:11:49.0 +0900 @@ -8,3 +8,4 @@ 08-FTCBFS-uses-the-build-architecture-compiler.patch 09-adjtimex.8-Some-fixes-to-the-manual.patch 10-STA_NANO-confuses-adjtimex-8.patch +11-Fix-ntpdate-command.patch
Re: armel/armhf arch qualification for buster: call for DSA, Security, toolchain concernsj
Dear armel/armhf shakeholders, I talked to a few people about keeping armel in buster, during 1st and 2nd day in debcamp. Seems the blocker is just the buildd server hardware, and memory size it has. On Fri, Jun 29, 2018 at 7:04 PM, W. Martin Borgert wrote: > > Quoting Uwe Kleine-König : >> >> If the concerns are mostly about the hardware not being rackable, there >> is a rackable NAS by Netgear: >> >> >> https://www.netgear.com/business/products/storage/readynas/RN2120.aspx#tab-techspecs > > This seems to be out of stock and discontinued, unfortunately. This is still available in amazon: - https://www.amazon.com/dp/B00MQK14KC > Anyway, I'm relatively sure, that I can convince my boss to sponsor/donate > both armel and armhf hardware for Debian, if that is of any help. Or arm64 > used in "32 bits mode". I think DSA team prefers armel or armhf real hardware (not just developing boards). So it'll be super great if you (or your boss) can kindly sponsor some armel/armhf hardwares that support to install 4GB memory. Thanks! Cheers, -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1
Re: Arch qualification for buster: call for DSA, Security, toolchain concernsj
On Fri, Jun 29, 2018 at 10:04 PM, Uwe Kleine-König wrote: > Hello Julien, > > On 06/29/2018 11:23 AM, Julien Cristau wrote: >>> If the concerns are mostly about the hardware not being rackable, there >>> is a rackable NAS by Netgear: >>> >>> >>> https://www.netgear.com/business/products/storage/readynas/RN2120.aspx#tab-techspecs >>> >>> with an armhf cpu. Not sure if cpu speed (1.2 GHz) and available RAM (2 >>> GiB) are good enough. The machine can run mainline Linux[1]. I think >>> U-Boot doesn't support this machine in mainline though. >>> >> Rackable, while good, is only part of it. The main part is remote >> management. I'm not seeing any mention of ipmi or anything like that in >> the datasheet? > > you can access the serial console, but I don't think there is built-in > support for something IPMI-like. > >> 2G is also way too little memory these days for a new buildd. > > Then the machine is out, the amount of RAM isn't upgradable. I don't think 2GB is not enough for 32-bit machine. I see armel is already not a candidate for buster [0]. So it seems we can discuss armhf, but no armel at all. I don't agree with this idea. And I think we should treat armel and armhf equally. Both armel and armhf are working fine are millions of boards and embedded devices, and have stable quality [1]. They deserve the support from a community driven distro. [0] https://release.debian.org/buster/arch_qualify.html [1] https://lists.debian.org/debian-arm/2017/11/msg00061.html Cheers, -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1
Bug#884571: RM: torbrowser-launcher/0.1.9-1+deb8u3
[ CC pkg-privacy-maintainers list for the record ] On Sun, Dec 17, 2017 at 1:59 PM, Roger Shimizu <rogershim...@gmail.com> wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: rm > > The old version of torbrowser-launcher cannot work properly anymore, > because it uses the embedded old key. > That's also the reason why it also missed the stretch release [0]. > > People want to use it in oldstable(jessie) should consider sloppy > backports [1]. > > So please kindly help to remove torbrowser-launcher/0.1.9-1+deb8u3. > Thank you! > > [0] https://bugs.debian.org/861744 > [1] https://wiki.debian.org/TorBrowser#Debian_8_.22Jessie.22 -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1
Bug#884573: RM: torbrowser-launcher/0.2.6-2~bpo8+1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm The old version of torbrowser-launcher cannot work properly anymore, because it uses the embedded old key. That's also the reason why it also missed the stretch release [0]. People want to use it in stable(jessie) should consider sloppy backports [1]. So please kindly help to remove torbrowser-launcher/0.2.6-2~bpo8+1. Thank you! [0] https://bugs.debian.org/861744 [1] https://wiki.debian.org/TorBrowser#Debian_8_.22Jessie.22 Cheers, -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1
Bug#884571: RM: torbrowser-launcher/0.1.9-1+deb8u3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm The old version of torbrowser-launcher cannot work properly anymore, because it uses the embedded old key. That's also the reason why it also missed the stretch release [0]. People want to use it in oldstable(jessie) should consider sloppy backports [1]. So please kindly help to remove torbrowser-launcher/0.1.9-1+deb8u3. Thank you! [0] https://bugs.debian.org/861744 [1] https://wiki.debian.org/TorBrowser#Debian_8_.22Jessie.22 Cheers, -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1
Bug#863400: unblock: packer/0.10.2+dfsg-6
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package packer After previous release, upstream added three more commit to handle ABI change of golang-golang-x-crypto-dev. One was not relevant to debian release, because the files to patch were removed in DFSG repack. So I backport another two commits and here's the release. Enclosed is the debdiff against the package in testing. Thanks! unblock packer/0.10.2+dfsg-6 diff -Nru packer-0.10.2+dfsg/debian/changelog packer-0.10.2+dfsg/debian/changelog --- packer-0.10.2+dfsg/debian/changelog 2017-05-15 00:51:19.0 +0900 +++ packer-0.10.2+dfsg/debian/changelog 2017-05-26 09:08:48.0 +0900 @@ -1,3 +1,11 @@ +packer (0.10.2+dfsg-6) unstable; urgency=medium + + * deb/patches: +- Backport two more patches to handle ABI change of + golang-golang-x-crypto-dev (Closes: #861282). + + -- Roger Shimizu <rogershim...@gmail.com> Fri, 26 May 2017 09:08:48 +0900 + packer (0.10.2+dfsg-5) unstable; urgency=medium * Team upload. diff -Nru packer-0.10.2+dfsg/debian/patches/series packer-0.10.2+dfsg/debian/patches/series --- packer-0.10.2+dfsg/debian/patches/series2017-05-15 00:47:25.0 +0900 +++ packer-0.10.2+dfsg/debian/patches/series2017-05-24 00:45:27.0 +0900 @@ -1,2 +1,4 @@ fix-tails-import-path.patch handle-ABI-change-of-golang-golang-x-crypto-dev.patch +update-ssh-client-usage-for-new-crypto-ssh-version.patch +Specify-InsecureIgnoreHostKey-for-HostKeyCallback.patch diff -Nru packer-0.10.2+dfsg/debian/patches/Specify-InsecureIgnoreHostKey-for-HostKeyCallback.patch packer-0.10.2+dfsg/debian/patches/Specify-InsecureIgnoreHostKey-for-HostKeyCallback.patch --- packer-0.10.2+dfsg/debian/patches/Specify-InsecureIgnoreHostKey-for-HostKeyCallback.patch 1970-01-01 09:00:00.0 +0900 +++ packer-0.10.2+dfsg/debian/patches/Specify-InsecureIgnoreHostKey-for-HostKeyCallback.patch 2017-05-24 00:44:04.0 +0900 @@ -0,0 +1,93 @@ +From: JD Friedrikson <yo...@decompo.site> +Date: Sat, 20 May 2017 16:17:04 -0400 +Subject: Specify InsecureIgnoreHostKey for HostKeyCallback + +[A recent breaking change upstream in Golang's crypto +library](https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991) +has broken SSH connectivity for a few builders: + +``` +==> qemu: Waiting for SSH to become available... +2017/05/20 16:23:58 ui: ==> qemu: Waiting for SSH to become available... +2017/05/20 16:23:58 packer: 2017/05/20 16:23:58 [INFO] Attempting SSH connection... +2017/05/20 16:23:58 packer: 2017/05/20 16:23:58 reconnecting to TCP connection for SSH +2017/05/20 16:23:58 packer: 2017/05/20 16:23:58 handshaking with SSH +2017/05/20 16:23:58 packer: 2017/05/20 16:23:58 handshake error: ssh: must specify HostKeyCallback +2017/05/20 16:23:58 packer: 2017/05/20 16:23:58 [DEBUG] SSH handshake err: ssh: must specify HostKeyCallback +2017/05/20 16:24:05 packer: 2017/05/20 16:24:05 [INFO] Attempting SSH connection... +2017/05/20 16:24:05 packer: 2017/05/20 16:24:05 reconnecting to TCP connection for SSH +2017/05/20 16:24:05 packer: 2017/05/20 16:24:05 handshaking with SSH +2017/05/20 16:24:05 packer: 2017/05/20 16:24:05 handshake error: ssh: must specify HostKeyCallback +2017/05/20 16:24:05 packer: 2017/05/20 16:24:05 [DEBUG] SSH handshake err: ssh: must specify HostKeyCallback +``` + +Specifying HostKeyCallback as insecure should make things work again +and would make sense for packer's use case. + +[cherry-picked a0052fdb687f80ac07e67d7a0f39dcf3a66e32dd with modification] +--- + builder/null/ssh.go | 1 + + builder/qemu/ssh.go | 5 +++-- + builder/virtualbox/common/ssh.go | 5 +++-- + builder/vmware/common/ssh.go | 5 +++-- + 4 files changed, 10 insertions(+), 6 deletions(-) + +diff --git a/builder/null/ssh.go b/builder/null/ssh.go +index 483390e..80623f8 100644 +--- a/builder/null/ssh.go b/builder/null/ssh.go +@@ -50,6 +50,7 @@ func SSHConfig(username string, password string, privateKeyFile string) func(mul + gossh.KeyboardInteractive( + ssh.PasswordKeyboardInteractive(password)), + }, ++ HostKeyCallback: gossh.InsecureIgnoreHostKey(), + }, nil + } + } +diff --git a/builder/qemu/ssh.go b/builder/qemu/ssh.go +index 498d3fb..63e7e76 100644 +--- a/builder/qemu/ssh.go b/builder/qemu/ssh.go +@@ -35,7 +35,8 @@ func sshConfig(state multistep.StateBag) (*gossh.ClientConfig, error) { + } + + return { +- User: config.Comm.SSHUsername, +- Auth: auth, ++ User:config.Comm.SSHUsername, ++ Auth:auth, ++ HostKeyCallback: gossh.InsecureIgnoreHostKey(), + }, nil + } +diff --git a/builder/virtualbo
Bug#862565: unblock: packer/0.10.2+dfsg-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package packer This release add a patch to handle ABI change of golang-golang-x-crypto-dev, which result FTBFS in all ARCHs. After the patch, build is fixed. Enclosed is the debdiff against the package in testing. Thanks! unblock packer/0.10.2+dfsg-5 diff -Nru packer-0.10.2+dfsg/debian/changelog packer-0.10.2+dfsg/debian/changelog --- packer-0.10.2+dfsg/debian/changelog 2017-04-05 15:18:59.0 +0900 +++ packer-0.10.2+dfsg/debian/changelog 2017-05-15 00:51:19.0 +0900 @@ -1,3 +1,15 @@ +packer (0.10.2+dfsg-5) unstable; urgency=medium + + * Team upload. + * deb/patches: ++ Add patch to handle ABI change of golang-golang-x-crypto-dev, + due to CVE security fix. (Closes: #861282) + * deb/control: ++ Bump up version of golang-golang-x-crypto-dev in Build-Depends + and Depends. + + -- Roger Shimizu <rogershim...@gmail.com> Mon, 15 May 2017 00:51:19 +0900 + packer (0.10.2+dfsg-4) unstable; urgency=medium * deb/rules: disable a flaky test in packer/rpc/mux_broker_test.go diff -Nru packer-0.10.2+dfsg/debian/control packer-0.10.2+dfsg/debian/control --- packer-0.10.2+dfsg/debian/control 2016-11-16 02:14:02.0 +0900 +++ packer-0.10.2+dfsg/debian/control 2017-05-15 00:34:39.0 +0900 @@ -36,7 +36,7 @@ golang-github-pkg-sftp-dev, golang-github-rackspace-gophercloud-dev (>= 1.0.0+git20160416.884.c54bbac~), golang-github-ugorji-go-codec-dev, - golang-golang-x-crypto-dev, + golang-golang-x-crypto-dev (>= 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782), golang-golang-x-oauth2-dev (>= 0.0~git20161103.0.36bc617-2), golang-golang-x-oauth2-google-dev, golang-google-api-dev (>= 0.0~git20160408~), @@ -84,7 +84,7 @@ golang-github-pkg-sftp-dev, golang-github-rackspace-gophercloud-dev (>= 1.0.0+git20160416.884.c54bbac~), golang-github-ugorji-go-codec-dev, - golang-golang-x-crypto-dev, + golang-golang-x-crypto-dev (>= 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782), golang-golang-x-oauth2-dev (>= 0.0~git20161103.0.36bc617-2), golang-golang-x-oauth2-google-dev, golang-google-api-dev (>= 0.0~git20160408~), diff -Nru packer-0.10.2+dfsg/debian/patches/handle-ABI-change-of-golang-golang-x-crypto-dev.patch packer-0.10.2+dfsg/debian/patches/handle-ABI-change-of-golang-golang-x-crypto-dev.patch --- packer-0.10.2+dfsg/debian/patches/handle-ABI-change-of-golang-golang-x-crypto-dev.patch 1970-01-01 09:00:00.0 +0900 +++ packer-0.10.2+dfsg/debian/patches/handle-ABI-change-of-golang-golang-x-crypto-dev.patch 2017-05-15 00:46:25.0 +0900 @@ -0,0 +1,42 @@ +From: Roger Shimizu <rogershim...@gmail.com> +Date: Sun, 14 May 2017 23:54:04 +0900 +Subject: handle ABI change of golang-golang-x-crypto-dev + +That ABI change was due to CVE security fix + +Fix is picked from upstream of golang-golang-x-crypto-dev: + https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991 + +Closes: #861282 +--- + communicator/ssh/communicator_test.go | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/communicator/ssh/communicator_test.go b/communicator/ssh/communicator_test.go +index b0bc035..7010800 100644 +--- a/communicator/ssh/communicator_test.go b/communicator/ssh/communicator_test.go +@@ -132,6 +132,7 @@ func TestNew_Invalid(t *testing.T) { + Auth: []ssh.AuthMethod{ + ssh.Password("i-am-invalid"), + }, ++ HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } + + address := newMockLineServer(t) +@@ -160,6 +161,7 @@ func TestStart(t *testing.T) { + Auth: []ssh.AuthMethod{ + ssh.Password("pass"), + }, ++ HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } + + address := newMockLineServer(t) +@@ -195,6 +197,7 @@ func TestHandshakeTimeout(t *testing.T) { + Auth: []ssh.AuthMethod{ + ssh.Password("pass"), + }, ++ HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } + + address := newMockBrokenServer(t) diff -Nru packer-0.10.2+dfsg/debian/patches/series packer-0.10.2+dfsg/debian/patches/series --- packer-0.10.2+dfsg/debian/patches/series2016-11-16 01:25:20.0 +0900 +++ packer-0.10.2+dfsg/debian/patches/series2017-05-15 00:47:25.0 +0900 @@ -1 +1,2 @@ fix-tails-import-path.patch +handle-ABI-change-of-golang-golang-x-crypto-dev.patch
Bug#861953: unblock: runc/0.1.1+dfsg1-3
control: tag 861953 -moreinfo On Mon, 8 May 2017 08:40:52 +0900 Roger Shimizu <rogershim...@gmail.com> wrote: > What's your opinion? I proposed two plans. Either is fine to me. Please kindly help to decide, so as to avoid a few packages get removed in stretch. Thank you! Cheers, -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1 pgpd_RS4DiwNh.pgp Description: PGP signature
Bug#862108: unblock: golang-github-seccomp-libseccomp-golang/0.0~git20150813.0.1b506fc-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package golang-github-seccomp-libseccomp-golang to fix 32-bit platform FTBFS bug #860618. Enclosed is the debdiff against the package in testing. Thank you! unblock golang-github-seccomp-libseccomp-golang/0.0~git20150813.0.1b506fc-2 diff -Nru golang-github-seccomp-libseccomp-golang-0.0~git20150813.0.1b506fc/debian/changelog golang-github-seccomp-libseccomp-golang-0.0~git20150813.0.1b506fc/debian/changelog --- golang-github-seccomp-libseccomp-golang-0.0~git20150813.0.1b506fc/debian/changelog 2016-03-07 08:40:37.0 +0900 +++ golang-github-seccomp-libseccomp-golang-0.0~git20150813.0.1b506fc/debian/changelog 2017-05-06 12:09:57.0 +0900 @@ -1,3 +1,18 @@ +golang-github-seccomp-libseccomp-golang (0.0~git20150813.0.1b506fc-2) unstable; urgency=medium + + * Team upload. + + [ Paul Tagliamonte ] + * Use a secure transport for the Vcs-Git and Vcs-Browser URL + + [ Roger Shimizu ] + * debian/patches: +- Add a patch to fix FTBFS on 32-bit platforms. + Thanks to upstream author Matthew Heon <matthew.h...@gmail.com> + (Closes: #860618). + + -- Roger Shimizu <rogershim...@gmail.com> Sat, 06 May 2017 12:09:57 +0900 + golang-github-seccomp-libseccomp-golang (0.0~git20150813.0.1b506fc-1) unstable; urgency=medium * Initial release (Closes: #816977). diff -Nru golang-github-seccomp-libseccomp-golang-0.0~git20150813.0.1b506fc/debian/control golang-github-seccomp-libseccomp-golang-0.0~git20150813.0.1b506fc/debian/control --- golang-github-seccomp-libseccomp-golang-0.0~git20150813.0.1b506fc/debian/control 2016-03-07 08:06:03.0 +0900 +++ golang-github-seccomp-libseccomp-golang-0.0~git20150813.0.1b506fc/debian/control 2017-05-06 12:09:57.0 +0900 @@ -2,7 +2,7 @@ Section: devel Priority: extra Maintainer: Debian Go Packaging Team <pkg-go-maintain...@lists.alioth.debian.org> -Uploaders: Dmitry Smirnov <only...@debian.org> +Uploaders: Dmitry Smirnov <only...@debian.org>, Tim Potter <t...@hpe.com> Build-Depends: debhelper (>= 9), dh-golang, golang-go @@ -10,7 +10,7 @@ Standards-Version: 3.9.7 Homepage: https://github.com/seccomp/libseccomp-golang Vcs-Browser: https://anonscm.debian.org/cgit/pkg-go/packages/golang-github-seccomp-libseccomp-golang.git -Vcs-Git: git://anonscm.debian.org/pkg-go/packages/golang-github-seccomp-libseccomp-golang.git +Vcs-Git: https://anonscm.debian.org/git/pkg-go/packages/golang-github-seccomp-libseccomp-golang.git XS-Go-Import-Path: github.com/seccomp/libseccomp-golang Package: golang-github-seccomp-libseccomp-golang-dev diff -Nru golang-github-seccomp-libseccomp-golang-0.0~git20150813.0.1b506fc/debian/patches/0001-Fix-unit-test-failures-on-32-bit-systems.patch golang-github-seccomp-libseccomp-golang-0.0~git20150813.0.1b506fc/debian/patches/0001-Fix-unit-test-failures-on-32-bit-systems.patch --- golang-github-seccomp-libseccomp-golang-0.0~git20150813.0.1b506fc/debian/patches/0001-Fix-unit-test-failures-on-32-bit-systems.patch 1970-01-01 09:00:00.0 +0900 +++ golang-github-seccomp-libseccomp-golang-0.0~git20150813.0.1b506fc/debian/patches/0001-Fix-unit-test-failures-on-32-bit-systems.patch 2017-05-06 12:09:57.0 +0900 @@ -0,0 +1,53 @@ +From: Matthew Heon <matthew.h...@gmail.com> +Date: Fri, 5 May 2017 08:44:47 -0400 +Subject: Fix unit test failures on 32-bit systems + +Add the setreuid32 syscall to the test filter as well as setreuid. +On most 64-bit systems the syscall does not exist, but this should +be handled by libseccomp, and actually slightly increases test +coverage. + +Signed-off-by: Matthew Heon <matthew.h...@gmail.com> +--- + seccomp_test.go | 14 +- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/seccomp_test.go b/seccomp_test.go +index b3a49d2..a068507 100644 +--- a/seccomp_test.go b/seccomp_test.go +@@ -413,6 +413,11 @@ func TestRuleAddAndLoad(t *testing.T) { + t.Errorf("Error getting syscall number of setreuid: %s", err) + } + ++ call3, err := GetSyscallFromName("setreuid32") ++ if err != nil { ++ t.Errorf("Error getting syscall number of setreuid32: %s", err) ++ } ++ + uid := syscall.Getuid() + euid := syscall.Geteuid() + +@@ -438,6 +443,11 @@ func TestRuleAddAndLoad(t *testing.T) { + t.Errorf("Error adding conditional rule: %s", err) + } + ++ err = filter1.AddRuleConditional(call3, ActErrno.SetReturnCode(0x3), conditions) ++ if err != nil { ++ t.Errorf("Error adding second conditional rule: %s", err) ++ } ++ + err = filter1.Load() + if err != nil { + t.Errorf("Error loading filter: %s", err) +@@ -451,7 +461,9 @@ func TestRul
Bug#861953: unblock: runc/0.1.1+dfsg1-3
[ CC: original Bug #858250 ] On Sun, 07 May 2017 21:02:00 + Niels Thykier <ni...@thykier.net> wrote: > Roger Shimizu: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: unblock > > > > Please unblock package runc > > > > Since there's already a newer package in unstable, I guess it's > > necessary to use "testing-proposed-updates" > > > > Here I'm fixing #858250, which is FTBFS RC issue. > > > Hi Roger, > > Thanks for working on fixing #858250 for stretch. :) > > Before there is an upload to testing-proposed-updates, the original bug > should be resolved in unstable first. That means that #858250 should be > closed in unstable first. > > On a related note, the Debian Bug Tracker can determine which suites are > affected by looking at found + fixed versions, so there is no need to > have two bugs for this (which is why I have merged #861966 back into > #858250). #858250 is not easy to fix for unstable, since there's already newer version runc/1.0.0~rc2+git20161109.131.5137186-2, with newer version of Build-Depends golang-github-opencontainers-specs/1.0.0~rc2+git20160926.38.1c7c27d-1. As stated by #858250, runc is FTBFS with golang-github-opencontainers-specs/1.0.0~rc2+git20160926.38.1c7c27d-1. So my original plan was just patch d/control to limit the version of Build-Depends. Since you say it should fix unstable first, then stretch or t-p-u, now I think we may just leave runc/0.1.1+dfsg1-2 (current in stretch) as it is in stretch. Because it builds OK (without FTBFS) for stretch. The #858250 FTBFS only occurs on unstable. What's your opinion? Cheers, -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1 pgpE_Tcy57F41.pgp Description: PGP signature
Bug#861953: unblock: runc/0.1.1+dfsg1-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package runc Since there's already a newer package in unstable, I guess it's necessary to use "testing-proposed-updates" Here I'm fixing #858250, which is FTBFS RC issue. As I test, it's not related to golang-github-urfave-cli, but only need to fix the version of golang-github-opencontainers-specs, 1.0.0~rc1, the version in stretch. Without the patch, unstable targeting build will install golang-github-opencontainers-specs 1.0.0~rc2, and final fail to build. I try to build by command: DIST=stretch git-pbuilder create gbp buildpackage --git-ignore-branch --git-pristine-tar --git-pbuilder --git-dist=stretch I'm not DD yet, so I uploaded the package to mentors. https://mentors.debian.net/package/runc Please help to: - confirm it's OK to target "testing-proposed-updates" - help to sponsor the upload from mentors (if not, I'll file a RFS to mentors list) Enclosed is the debdiff against the package in testing. unblock runc/0.1.1+dfsg1-3 Cheers, -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1 diff -Nru runc-0.1.1+dfsg1/debian/changelog runc-0.1.1+dfsg1/debian/changelog --- runc-0.1.1+dfsg1/debian/changelog 2017-02-02 00:17:54.0 +0900 +++ runc-0.1.1+dfsg1/debian/changelog 2017-05-06 19:57:12.0 +0900 @@ -1,3 +1,15 @@ +runc (0.1.1+dfsg1-3) testing-proposed-updates; urgency=medium + + * Team upload. + * debian/control: +- Add Build-Depends: +golang-github-opencontainers-specs-dev (<< 1.0.0~rc2) + Since golang-github-opencontainers-specs-dev in sid is 1.0.0~rc2 + Which has FTBFS issue. We need to use the fixed version in + stretch, which is 1.0.0~rc1. (Closes: #858250) + + -- Roger Shimizu <rogershim...@gmail.com> Sat, 06 May 2017 19:57:12 +0900 + runc (0.1.1+dfsg1-2) unstable; urgency=medium * Team upload. diff -Nru runc-0.1.1+dfsg1/debian/control runc-0.1.1+dfsg1/debian/control --- runc-0.1.1+dfsg1/debian/control 2016-11-30 07:18:25.0 +0900 +++ runc-0.1.1+dfsg1/debian/control 2017-05-06 19:57:12.0 +0900 @@ -14,6 +14,7 @@ golang-github-coreos-go-systemd-dev, golang-github-docker-go-units-dev, golang-github-opencontainers-specs-dev (>= 1.0.0~), +golang-github-opencontainers-specs-dev (<< 1.0.0~rc2), golang-github-seccomp-libseccomp-golang-dev, golang-github-vishvananda-netlink-dev, golang-go,
Bug#861610: unblock: shadowsocks-libev/2.6.3+ds-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package shadowsocks-libev This release includes a few fixes from upstream: - Fix manpage docs. - Update ACL list (remove one line). - Two patches to fix out of bound access issue. Enclosed is the debdiff from 2.6.3+ds-2 (in testing) to 2.6.3+ds-3 (in sid). unblock shadowsocks-libev/2.6.3+ds-3 Thanks and looking forward to the stretch release ahead! Cheers, -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1 diff -Nru shadowsocks-libev-2.6.3+ds/debian/changelog shadowsocks-libev-2.6.3+ds/debian/changelog --- shadowsocks-libev-2.6.3+ds/debian/changelog 2017-04-04 21:48:26.0 +0900 +++ shadowsocks-libev-2.6.3+ds/debian/changelog 2017-04-20 22:44:32.0 +0900 @@ -1,3 +1,14 @@ +shadowsocks-libev (2.6.3+ds-3) unstable; urgency=medium + + * debian/patches: +- Backport a few patches from upstream: + + Fix Upstream BTS#1210 (again): +Update doc (manpages) to fix typos. Thanks to Simon Shi. + + Update ACL list, Upstream BTS#1394. + + Fix two potential out of bound access, Upstream BTS#1465. + + -- Roger Shimizu <rogershim...@gmail.com> Thu, 20 Apr 2017 22:44:32 +0900 + shadowsocks-libev (2.6.3+ds-2) unstable; urgency=medium * debian/patches: diff -Nru shadowsocks-libev-2.6.3+ds/debian/patches/backport/0010-Fix-typo-1210.patch shadowsocks-libev-2.6.3+ds/debian/patches/backport/0010-Fix-typo-1210.patch --- shadowsocks-libev-2.6.3+ds/debian/patches/backport/0010-Fix-typo-1210.patch 2017-04-04 21:48:26.0 +0900 +++ shadowsocks-libev-2.6.3+ds/debian/patches/backport/0010-Fix-typo-1210.patch 2017-04-20 22:02:31.0 +0900 @@ -7,11 +7,14 @@ * Update ss-redir.asciidoc * Update ss-server.asciidoc + +* Update ss-tunnel.asciidoc --- doc/ss-local.asciidoc | 4 ++-- doc/ss-redir.asciidoc | 2 +- doc/ss-server.asciidoc | 4 ++-- - 3 files changed, 5 insertions(+), 5 deletions(-) + doc/ss-tunnel.asciidoc | 4 ++-- + 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/ss-local.asciidoc b/doc/ss-local.asciidoc index a1f2b0f..468d67e 100644 @@ -57,5 +60,21 @@ - [--plugin ] [--plugin_opts <plugin_options] + [--plugin ] [--plugin_opts ] + DESCRIPTION + --- +diff --git a/doc/ss-tunnel.asciidoc b/doc/ss-tunnel.asciidoc +index ffd6ed8..754707f 100644 +--- a/doc/ss-tunnel.asciidoc b/doc/ss-tunnel.asciidoc +@@ -12,9 +12,9 @@ SYNOPSIS + [-s ] [-p ] [-l ] + [-k ] [-m ] [-f ] + [-t ] [-c ] [-i ] +- [-b ] [-a ] [-n ] ++ [-b ] [-a ] [-n ] + [-L addr:port] [--mtu ] +- [--plugin ] [--plugin_opts <plugin_options] ++ [--plugin ] [--plugin_opts ] + DESCRIPTION --- diff -Nru shadowsocks-libev-2.6.3+ds/debian/patches/backport/0011-Update-gfwlist.acl.patch shadowsocks-libev-2.6.3+ds/debian/patches/backport/0011-Update-gfwlist.acl.patch --- shadowsocks-libev-2.6.3+ds/debian/patches/backport/0011-Update-gfwlist.acl.patch 1970-01-01 09:00:00.0 +0900 +++ shadowsocks-libev-2.6.3+ds/debian/patches/backport/0011-Update-gfwlist.acl.patch 2017-04-20 22:02:31.0 +0900 @@ -0,0 +1,21 @@ +From: Heiybb <hf.hei...@gmail.com> +Date: Thu, 23 Mar 2017 11:19:12 +0800 +Subject: Update gfwlist.acl + +V2EX has already registered an ICP license and can be visited normally in CHINA +--- + acl/gfwlist.acl | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/acl/gfwlist.acl b/acl/gfwlist.acl +index d732ae4..03b32bb 100644 +--- a/acl/gfwlist.acl b/acl/gfwlist.acl +@@ -398,7 +398,6 @@ + (^|\.)zynamics\.com$ + (^|\.)kat\.cr$ + (^|\.)naughtyamerica\.com$ +-(^|\.)v2ex\.com$ + (^|\.)0to255\.com$ + (^|\.)100ke\.org$ + (^|\.)1000giri\.net$ diff -Nru shadowsocks-libev-2.6.3+ds/debian/patches/backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch shadowsocks-libev-2.6.3+ds/debian/patches/backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch --- shadowsocks-libev-2.6.3+ds/debian/patches/backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch 1970-01-01 09:00:00.0 +0900 +++ shadowsocks-libev-2.6.3+ds/debian/patches/backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch 2017-04-20 22:02:31.0 +0900 @@ -0,0 +1,22 @@ +From: Max Lv <max.c...@gmail.com> +Date: Wed, 19 Apr 2017 12:16:41 +0800 +Subject: Fix a potential out of bound access. #1465 + +--- + src/server.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/server.c b/src/server.c +index 588fb46..e868504 100644 +--- a/src/server.c b/src/server.c +@@ -1129,8 +1129,7 @@ server_resolve_cb(struct sockaddr *addr, void *data) + + // XXX: should handle buffer carefully + if (server->buf->len > 0) { +-memcpy(remote->buf->data, server->buf->data + server->buf->idx, +- server->buf->len); ++memcpy(remote->buf->data,
Re: Porter roll call for Debian Stretch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 17 Aug 2016 22:05:06 +0200 ni...@thykier.net wrote: > Like last release, we are doing a roll call for porters of all release > architectures. If you are an active porter behind one of the [release > architectures] for the entire lifetime of Debian Stretch (est. end of > 2020), please respond with a signed email containing the following > before Friday, the 9th of September: > Hi, I am an active porter for the following architectures and I intend to continue this for the lifetime of the Stretch release (est. end of 2020): For armel, I - submit device-tree patch to upstream (linux kernel), and backport to debian kernel to get more devices supported - support new device for d-i and flash-kernel package - test most packages on this architecture - run Debian stable / testing / unstable system on port that I use regularly - triage arch-specific bugs - fix arch-related bugs - triage d-i bugs - test d-i regularly - fix d-i bugs/issues I am a DM. Altough I enabled -fPIE/-pie for most of my maintaining packages, I'm not sure / I don't have enough knowledge whether it's able to be applied to all packages. Since all other ARM porters seem agree on this, I believe it definitely deserves a try to enable this hardening on stretch. Cheers, - -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1 -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXzEFiAAoJEKR4aw2nAzSoAekP/j4eNf0jKvmArPlPbhA7XkBk /5u9Un4qOHBNcSMAU5YVLHkpnT1CX/C08W+/ctGbB9AnnRwyn8X0uailjedZ13jK oZYW/kUSwWiPmOkRTeNgFepzuKL+TNsAGgjHOY4ZbzYKC+h9C0UNWwyA77L3GUep 3HA9eTrtxMAAvJPNN4AhOjMeCI3qXIZ+wLKjhT+u/OUETWly8MolBw8PUjjwW6yy Va7ciRMQf8KL149+Pa/tYFaENoAOV6//3M2QkJyaGbfxJp3xiFFcrlw+kw6J4RyH vNIewz78nZwN88Y7JWa2EdBVcJr0897REXpDPXK/OpzlWw0R0xqB86jtmHfc+rQJ IiNGt5Uc4Y3mD04O6AEDDJFJnEQ/QLi8OR8/TuxHiBJ6JTv0m67KsJVgdFqeRnlz wJqcIQAzTF1iixVXjreVqW6P/+pGNHDbh9APfUz+UV97sZ4tD2BV1K1Rgk7cPDCn zcpVhkQRy5PzLmK315vb8h9juFDDS/18yzmXwGMnmIhv4+8GBJIQLm5gvk9NuEbw V/hBC42+fqX6RzGCoV3M8V+A6aLSpG/BcIAQOx8ewVfzMHIFSJmYParCHKXdiX+z WB8UBt2xCHuzg98jxU80UwR492X9WvKeb6xA8dKqOW22XzsLxaQTe+SLSaGQ7er2 cpuhCpYFDKj/TL6UE2f9 =Vckg -END PGP SIGNATURE-