Bug#803435: nmu: akonadi_15.08.2-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu akonadi_15.08.2-1 . ANY . experimental . -m "Rebuild against qtbase-abi-5-5-1." There is one package left in experimental still depending on qtbase-abi-5-4-2. Andreas
Bug#765639: Bug#802159: New OpenSSL upstream version
On Tue, 20 Oct 2015, Don Armstrong wrote: > If there's something specific that you'd like the CTTE to try to do > beyond what I've just reported now, let me know. Let me know if you'd like the CTTE to do something beyond what I've already done. -- Don Armstrong http://www.donarmstrong.com
Bug#803336: marked as done (RM: mopidy/1.1.1-1)
Your message dated Fri, 30 Oct 2015 23:16:33 +0100 with message-id <5633ec41.50...@debian.org> and subject line Re: Bug#803336: RM: mopidy/1.1.1-1 has caused the Debian Bug report #803336, regarding RM: mopidy/1.1.1-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 803336: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803336 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Hi, please remove mopidy as part of the gstreamer 0.10 removal. According to the PTS this should have been auto-removed, but some reason that didn't happen: Marked for autoremoval on 16 October: * The removal of mopidy will also cause the removal of (transitive) reverse dependencies: mopidy-alsamixer mopidy-beets mopidy-dirble mopidy-local-sqlite mopidy-mpris mopidy-scrobbler mopidy-tunein mopidy-youtube Cheers, Moritz --- End Message --- --- Begin Message --- On 30/10/15 19:07, Moritz Mühlenhoff wrote: > On Thu, Oct 29, 2015 at 08:48:27AM +, Julien Cristau wrote: >> On Wed, Oct 28, 2015 at 23:06:07 +0100, Moritz Muehlenhoff wrote: >> >>> Package: release.debian.org >>> Severity: normal >>> User: release.debian@packages.debian.org >>> Usertags: rm >>> >>> Hi, >>> please remove mopidy as part of the gstreamer 0.10 >>> removal. According to the PTS this should have been >>> auto-removed, but some reason that didn't happen: >>> >>> Marked for autoremoval on 16 October: >>> * The removal of mopidy will also cause the removal of >>> (transitive) reverse dependencies: mopidy-alsamixer >>> mopidy-beets mopidy-dirble mopidy-local-sqlite mopidy-mpris >>> mopidy-scrobbler mopidy-tunein mopidy-youtube >>> >> britney says: >> >> * amd64: mopidy-alsamixer, mopidy-beets, mopidy-dirble, >> mopidy-local-sqlite, mopidy-mpris, mopidy-scrobbler, mopidy-tunein, >> mopidy-youtube >> >> Those rdeps aren't marked for removal yet: > > Oh, I thought these were removed along rightaway automatically. > > Can we do that manually instead? mopidy is the last blocker for the > removal of further gst0.10-plugins and the 0.10 python bindings from > testing: > > remove mopidy-alsamixer/1.0.3-3 mopidy-beets/2.0.0-2 mopidy-dirble/1.1.2-2 > mopidy-local-sqlite/1.0.0-1 mopidy-mpris/1.3.1-1 mopidy-scrobbler/1.1.1-3 > mopidy-tunein/0.2.2-2 mopidy-youtube/2.0.0-2 > remove mopidy/1.1.1-1 You forgot mopidy-podcast-*. A few have been removed in this run, the rest (together with gst-python and -good) will go out tomorrow. I have also removed xfce4-mixer, FWIW. Cheers, Emilio--- End Message ---
Bug#796345: Status report on perl 5.22 transition readiness (30th Sept)
On Fri, 30 Oct 2015 21:00:21 +0100, Emilio Pozuelo Monfort wrote: > >> That'd only leave us with the apache bug. > > Ack, that's my impression as well. > What about libtest-refcount-perl ? Does it have to build-depend on the > RC-buggy > libdevel-findref-perl ? Nope its' optional. Fixed version uploaded; thanks for noticing! Cheers, gregor -- .''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06 : :' : Debian GNU/Linux user, admin, and developer - https://www.debian.org/ `. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe `- NP: Yoro-Kery Goro: Mory signature.asc Description: Digital Signature
NEW changes in stable-new
Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_amd64.changes ACCEPT Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_i386.changes ACCEPT Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_mips.changes ACCEPT Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_mipsel.changes ACCEPT
Bug#765639: Bug#802159: New OpenSSL upstream version
On Fri, Oct 30, 2015 at 02:38:13PM -0700, Don Armstrong wrote: > On Tue, 20 Oct 2015, Don Armstrong wrote: > > If there's something specific that you'd like the CTTE to try to do > > beyond what I've just reported now, let me know. > > Let me know if you'd like the CTTE to do something beyond what I've > already done. I guess I would like to know what the options are. The way I see it: - The release team makes a decision - The release team asks someone else to make the decision - Someone makes a policy of what is acceptable, not the current situtation where there don't seem to be any rules. - The DPL removes that power from their delegation. (One can argue that the DPL didn't have the power to delegate that in the first place.) - Start a GR to overrule the DPL's delegate. And I guess I would like advise on how to proceed. Kurt
Bug#803435: nmu: akonadi_15.08.2-1
On 30/10/15 08:57, Andreas Beckmann wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: binnmu > > nmu akonadi_15.08.2-1 . ANY . experimental . -m "Rebuild against > qtbase-abi-5-5-1." > > There is one package left in experimental still depending on > qtbase-abi-5-4-2. Scheduled. Emilio
Bug#803362: jessie-pu: package exfat-utils/1.1.0-2+deb8u1
On Thu, Oct 29, 2015 at 06:28:39PM +, Julien Cristau wrote: Hi, > The more obvious way is to not change the source format and not add quilt. Ok I thought it would be a slightly better choice to avoid the old school big diff.gz but since I've it as git commits at my end I'm fine. So here's the changelog and the new debdiff: exfat-utils (1.1.0-2+deb8u1) jessie; urgency=medium . * Add the fix for https://github.com/relan/exfat/issues/5 found and reported by The Fuzzing Project. Check sector and cluster size. * Add the fix for https://github.com/relan/exfat/issues/6 found and reported by The Fuzzing Project. Detect infinite loop. Sven diff -u exfat-utils-1.1.0/debian/changelog exfat-utils-1.1.0/debian/changelog --- exfat-utils-1.1.0/debian/changelog +++ exfat-utils-1.1.0/debian/changelog @@ -1,3 +1,12 @@ +exfat-utils (1.1.0-2+deb8u1) jessie; urgency=medium + + * Add the fix for https://github.com/relan/exfat/issues/5 found +and reported by The Fuzzing Project. Check sector and cluster size. + * Add the fix for https://github.com/relan/exfat/issues/6 found +and reported by The Fuzzing Project. Detect infinite loop. + + -- Sven HoexterFri, 30 Oct 2015 10:28:28 +0100 + exfat-utils (1.1.0-2) unstable; urgency=low * Remove debian/watch - recent changes at Google code required diff -u exfat-utils-1.1.0/debian/gbp.conf exfat-utils-1.1.0/debian/gbp.conf --- exfat-utils-1.1.0/debian/gbp.conf +++ exfat-utils-1.1.0/debian/gbp.conf @@ -2,0 +3 @@ +debian-branch = jessie-updates only in patch2: unchanged: --- exfat-utils-1.1.0.orig/libexfat/mount.c +++ exfat-utils-1.1.0/libexfat/mount.c @@ -30,23 +30,32 @@ static uint64_t rootdir_size(const struct exfat* ef) { - uint64_t clusters = 0; + uint32_t clusters = 0; + uint32_t clusters_max = le32_to_cpu(ef->sb->cluster_count); cluster_t rootdir_cluster = le32_to_cpu(ef->sb->rootdir_cluster); - while (!CLUSTER_INVALID(rootdir_cluster)) + /* Iterate all clusters of the root directory to calculate its size. + It can't be contiguous because there is no flag to indicate this. */ + do { - clusters++; - /* root directory cannot be contiguous because there is no flag - to indicate this */ + if (clusters == clusters_max) /* infinite loop detected */ + { + exfat_error("root directory cannot occupy all %d clusters", + clusters); + return 0; + } + if (CLUSTER_INVALID(rootdir_cluster)) + { + exfat_error("bad cluster %#x while reading root directory", + rootdir_cluster); + return 0; + } rootdir_cluster = exfat_next_cluster(ef, ef->root, rootdir_cluster); + clusters++; } - if (rootdir_cluster != EXFAT_CLUSTER_END) - { - exfat_error("bad cluster %#x while reading root directory", -rootdir_cluster); - return 0; - } - return clusters * CLUSTER_SIZE(*ef->sb); + while (rootdir_cluster != EXFAT_CLUSTER_END); + + return (uint64_t) clusters * CLUSTER_SIZE(*ef->sb); } static const char* get_option(const char* options, const char* option_name) @@ -208,6 +217,23 @@ exfat_error("exFAT file system is not found"); return -EIO; } + /* sector cannot be smaller than 512 bytes */ + if (ef->sb->sector_bits < 9) + { + exfat_close(ef->dev); + exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits); + free(ef->sb); + return -EIO; + } + /* officially exFAT supports cluster size up to 32 MB */ + if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25) + { + exfat_close(ef->dev); + exfat_error("too big cluster size: 2^(%hhd+%hhd)", +ef->sb->sector_bits, ef->sb->spc_bits); + free(ef->sb); + return -EIO; + } ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb)); if (ef->zero_cluster == NULL) { @@ -242,16 +268,6 @@ free(ef->sb); return -EIO; } - /* officially exFAT supports cluster size up to 32 MB */ - if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25) - { - free(ef->zero_cluster); - exfat_close(ef->dev); - exfat_error("too big cluster size: 2^%d", -(int) ef->sb->sector_bits + (int) ef->sb->spc_bits); - free(ef->sb); - return -EIO; - } if (le64_to_cpu(ef->sb->sector_count) * SECTOR_SIZE(*ef->sb) > exfat_get_size(ef->dev)) {
Bug#802382: marked as done (transition: qtbase-opensource-src)
Your message dated Fri, 30 Oct 2015 11:22:50 +0100 with message-id <563344fa.1000...@debian.org> and subject line Re: Bug#802382: transition: qtbase-opensource-src has caused the Debian Bug report #802382, regarding transition: qtbase-opensource-src to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 802382: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802382 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi RT! We are ready for another qtbase's private headers transition. As usual this is just private headers's stuff and everything is pushed to experimental. At the same time we will be removing src:qtenginio-opensource-src. It's only rdeps are all managed by us and should already be fixed in experimental. Thanks in advance! Ben file: title = "qtbase-opensource-src private headers"; is_affected = .depends ~ "qtbase5-private-dev"; is_good = .depends ~ "qtbase-abi-5-5-1"; is_bad = .depends ~ "qtbase-abi-5-4-2"; -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'buildd-unstable'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.2.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- On 19/10/15 21:51, Lisandro Damián Nicanor Pérez Meyer wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition > > > Hi RT! We are ready for another qtbase's private headers transition. > > As usual this is just private headers's stuff and everything is pushed to > experimental. > > At the same time we will be removing src:qtenginio-opensource-src. > It's only rdeps are all managed by us and should already be fixed in > experimental. > > Thanks in advance! This just went in: qtbase-opensource-src | 5.5.1+dfsg-5| testing | source Thanks for the good work getting things in shape! Cheers, Emilio--- End Message ---
Bug#802222: marked as done (transition: gdal)
Your message dated Fri, 30 Oct 2015 11:23:47 +0100 with message-id <56334533.70...@debian.org> and subject line Re: Bug#80: transition: gdal has caused the Debian Bug report #80, regarding transition: gdal to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 80: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=80 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition For the Debian GIS team I'd like to transition to the recently released GDAL 1.11.3 as soon as possible. GDAL 2.0.1 was released along with 1.11.3 but several reverse dependencies still need patches to support GDAL 2.0, as recently discussed on the debian-gis list: https://lists.debian.org/debian-gis/2015/10/msg00022.html gdal (1.11.3+dfsg-1~exp1) is ready in experimental for about a month now. Because of the problematic mix of C & C++ symbols provided by libgdal, as discussed in the previous transition (#756867), the virtual ABI package provided by libgdal1i has changed to libgdal.so.1-1.11.3. The ben file used to prepare this transition is attached. Despite only marking the packages relying on C++ symbols as bad, I think all affected reverse dependencies should be binNMUed as part of this transition. All reverse dependencies build successfully with gdal (1.11.3+dfsg-1~exp1) from experimental, except gazebo (5.0.1+dfsg-2.1) and mysql-workbench (6.3.4+dfsg-1) which FTBFS for unrelated reasons. They both fail to build with plain unstable too. libgdal-grass (1.11.2-1) doesn't need a binNMU, libgdal-grass (1.11.3-1) will be uploaded to unstable instead (after liblas & grass have been rebuilt). Transition: gdal libgdal1i (1.11.2+dfsg-3) -> libgdal1i (1.11.3+dfsg-1) libgdal.so.1-1.11.2 -> libgdal.so.1-1.11.3 The status of the most recent rebuilds is as follows. dans-gdal-scripts (0.23-4) OK fiona (1.6.2-1) OK gazebo(5.0.1+dfsg-2.1) FTBFS gmt (5.1.2+dfsg1-2)OK imposm(2.6.0+ds-2) OK libcitygml(2.0-1)OK liblas(1.8.0-5) OK libosmium (2.4.1-3) OK mapcache (1.4.0-4) OK mapnik(3.0.7+ds-4) OK mapserver (7.0.0-5) OK merkaartor(0.18.2-1) OK mysql-workbench (6.3.4+dfsg-1) FTBFS ncl (6.3.0-4~exp2) OK node-srs (0.4.8+dfsg-2) OK openscenegraph(3.2.1-7) OK osmium(0.0~20150428-7f23002-2) OK osrm (4.7.1-2) OK postgis (2.1.8+dfsg-4 / 2.2.0+dfsg-1~exp1) OK / OK pprepair (0.0~20150323-6284890-2) OK prepair (0.7-3)OK qlandkartegt (1.8.1+ds-2) OK qmapshack (1.3.1-1) OK rasterio (0.28.0-1) OK saga (2.2.1+dfsg-1) OK sumo (0.23.0+dfsg1-2) OK thuban(1.2.2-8) OK vtk6 (6.2.0+dfsg1-4)OK xastir(2.0.6-4) OK grass (7.0.1-2) OK osgearth (2.5.0+dfsg-7 / 2.7.0+dfsg-1~exp4) OK / OK osmcoastline (2.1.1-1) OK pktools (2.6.4-3) OK pyosmium (2.4.1-2) OK libgdal-grass (1.11.2-1 / 1.11.3-1) FTBFS / OK qgis (2.8.3+dfsg-3) OK --- End Message --- --- Begin Message --- On 22/10/15 23:39, Emilio Pozuelo Monfort wrote: > On 22/10/15 01:48, Sebastiaan Couwenberg wrote: >> On 22-10-15 00:26, Emilio Pozuelo Monfort wrote: >>> On 21/10/15 21:30, Sebastiaan Couwenberg wrote: On 21-10-15 21:19, Emilio Pozuelo Monfort wrote: > On 18/10/15 16:38, Bas Couwenberg wrote: >> Despite only marking the packages relying on C++ symbols as bad, I think >> all affected reverse dependencies should be binNMUed as part of this >> transition. > > Why is that? Mostly to be better safe than sorry. > If
Bug#803467: jessie-pu: package redis/2:2.8.17-1+deb8u1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi, I'd like update redis in stable to fix an issue when running under systemd (#803233). Most documentation on the internet assumes that this should Just Work and it is a little more secure than using /tmp or a TCP port, etc. Tested debdiff: diff --git a/debian/changelog b/debian/changelog index d8fa3ff..f736d1d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +redis (2:2.8.17-1+deb8u2) stable; urgency=medium + + * Backport debian/redis-server.tmpfile from unstable so that a valid runtime +directory is created when running under systemd. This ensures that there is +a secure and sensible location for the UNIX socket. (Closes: #803233) + + -- Chris LambFri, 30 Oct 2015 11:31:58 + + redis (2:2.8.17-1+deb8u1) jessie-security; urgency=high * Fix Lua sandbox bypass by disabling Lua bytecode loading diff --git a/debian/redis-server.tmpfile b/debian/redis-server.tmpfile new file mode 100644 index 000..740e1ae --- /dev/null +++ b/debian/redis-server.tmpfile @@ -0,0 +1 @@ +d /run/redis 2775 redis redis - Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#796345: Status report on perl 5.22 transition readiness (30th Sept)
So of the blockers: #787912 - can be removed together with its one rdep, not a blocker #787499 - can be removed together with its one rdep, not a blocker #787493 - libapache-mod-perl: blocker #787446 - libdevel-findref-perl: has one rdep and one build-rdep: Checking reverse dependencies... # Broken Depends: libtest-bdd-cucumber-perl: libtest-bdd-cucumber-perl # Broken Build-Depends: libtest-bdd-cucumber-perl: libdevel-findref-perl libtest-refcount-perl: libdevel-findref-perl (>= 1.430) libtest-bdd-cucumber-perl has no rdeps and could be removed. libtest-refcount-perl has lots of rdeps. However it doesn't depend on libdevel-findref-perl. Is the build-dependency necessary? If not, then #787446 wouldn't be a blocker. That'd only leave us with the apache bug. Cheers, Emilio
Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2
On Thu, Oct 29, 2015 at 07:52:23pm +, luca wrote: > Package: release.debian.org > Severity: normal > Tags: jessie > User: release.debian@packages.debian.org > Usertags: pu > > Dear release team, > > We would like to update libvdpau in jessie to address a segmentation fault in > a > particular use case. > > 0.8-3+deb8u1 was uploaded through jessie-security with an upstream fix for 3 > security bugs: CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 (see > https://bugs.debian.org/797895). > > The upstream patch unfortunately introduced a regression when running with > DRI_PRIME=1, as reported by a user in https://bugs.debian.org/802625 and > upstream has committed a fix for it. > > We already uploaded a fixed version to unstable, and now we would like to > backport it to jessie as well. The debdiff follows. I have verified that it > fixes the problem on a vanilla jessie amd64 installation. > > Thank you! > > Kind regards, > Luca Boccassi > > > diff -Nru libvdpau-0.8/debian/changelog libvdpau-0.8/debian/changelog > --- libvdpau-0.8/debian/changelog 2015-09-05 13:14:50.0 +0100 > +++ libvdpau-0.8/debian/changelog 2015-10-29 19:30:28.0 + > @@ -1,3 +1,10 @@ > +libvdpau (0.8-3+deb8u2) jessie; urgency=medium The diff looks good, could you change the target to jessie-security and upload to security-master? Also, do you plan to prepare an update for wheezy-security as well? Cheers signature.asc Description: PGP signature
Bug#796345: Status report on perl 5.22 transition readiness (30th Sept)
Hi, Emilio Pozuelo Monfort wrote (30 Oct 2015 13:34:21 GMT) : > #787446 - libdevel-findref-perl: has one rdep and one build-rdep: > Checking reverse dependencies... > # Broken Depends: > libtest-bdd-cucumber-perl: libtest-bdd-cucumber-perl > # Broken Build-Depends: > libtest-bdd-cucumber-perl: libdevel-findref-perl Thanks fot the heads up. Devel::FindRef is optional since Test::BDD::Cucumber 0.36 ⇒ I've just pushed changes to Vcs-Git that drop the hard {build,run}time dependencies. Lots of Tails -specific code is tested with Test::BDD::Cucumber, so I'll try to keep it in the archive. Cheers, -- intrigeri
Bug#803467: jessie-pu: package redis/2:2.8.17-1+deb8u1
Control: tags -1 + confirmed On Fri, 2015-10-30 at 11:49 +, Chris Lamb wrote: > I'd like update redis in stable to fix an issue when running under > systemd (#803233). Most documentation on the internet assumes that this > should Just Work and it is a little more secure than using /tmp or a TCP > port, etc. [...] > + * Backport debian/redis-server.tmpfile from unstable so that a > valid runtime > +directory is created when running under systemd. This ensures > that there is > +a secure and sensible location for the UNIX socket. (Closes: > #803233) Please go ahead; thanks. Regards, Adam
Processed: Re: Bug#803467: jessie-pu: package redis/2:2.8.17-1+deb8u1
Processing control commands: > tags -1 + confirmed Bug #803467 [release.debian.org] jessie-pu: package redis/2:2.8.17-1+deb8u1 Added tag(s) confirmed. -- 803467: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803467 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#796345: Status report on perl 5.22 transition readiness (30th Sept)
On 01/10/15 02:22, Emilio Pozuelo Monfort wrote: > I want to finish python 3.5 and ruby 2.2. After that, it could happen at any > time I think (I have to look if the packages affected by the libstdc++ > transition have been renamed). Doesn't look like there are any remaining conflicts with the libstdc++6 transition, so that shouldn't be a blocker. Cheers, Emilio
Processed: Re: Bug#803362: jessie-pu: package exfat-utils/1.1.0-2+deb8u1
Processing control commands: > tags -1 + confirmed Bug #803362 [release.debian.org] jessie-pu: package exfat-utils/1.1.0-2+deb8u1 Added tag(s) confirmed. -- 803362: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803362 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#803362: jessie-pu: package exfat-utils/1.1.0-2+deb8u1
Control: tags -1 + confirmed On Fri, 2015-10-30 at 10:59 +0100, Sven Hoexter wrote: > On Thu, Oct 29, 2015 at 06:28:39PM +, Julien Cristau wrote: > > Hi, > > > The more obvious way is to not change the source format and not add quilt. > > Ok I thought it would be a slightly better choice to avoid the old school > big diff.gz but since I've it as git commits at my end I'm fine. There's different opinions as to which approach is better, but the current SRMs tend towards direct patching being the safer approach for an update in stable. Some packages in this situation take a hybrid approach where a patches directory is maintained in the source package as a record of the changes made, but the actual changes are directly applied to the source. This does make the diff a little larger, but it depends on what works best for the maintainer. [I also note with a little amusement that the version of exfat-utils in wheezy appears to have been the only revision of the package ever to have had an explicit patch system (not counting the change to "3.0 (quilt)".] > So here's the changelog and the new debdiff: > > > exfat-utils (1.1.0-2+deb8u1) jessie; urgency=medium > . >* Add the fix for https://github.com/relan/exfat/issues/5 found > and reported by The Fuzzing Project. Check sector and cluster size. >* Add the fix for https://github.com/relan/exfat/issues/6 found > and reported by The Fuzzing Project. Detect infinite loop. Please go ahead; thanks. Regards, Adam
Bug#803490: jessie-pu: package pdns/3.4.1-4+deb8u4
Package: release.debian.org User: release.debian@packages.debian.org Usertags: pu Tags: jessie Severity: normal Dear Release Team, there's a bug affecting pdns in stable (jessie): #798773 Upgrading -to- the jessie version from wheezy works fine, but subsequent upgrades in jessie fail if users don't strip the config file of comments. This is quite bad for security updates, so please consider the attached debdiff. (Fixed in sid.) Many thanks, -- ,''`. Christian Hofstaedtler: :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `- diff -Nru pdns-3.4.1/debian/changelog pdns-3.4.1/debian/changelog --- pdns-3.4.1/debian/changelog 2015-08-26 11:02:28.0 + +++ pdns-3.4.1/debian/changelog 2015-10-30 14:35:13.0 + @@ -1,3 +1,14 @@ +pdns (3.4.1-4+deb8u4) jessie; urgency=medium + + * Fix upgrades with default configuration. +The postinst script used to do a "grep include" on pdns.conf, which +in older versions would work (mostly), because the default config +only had a single "include=" entry. Now this is no longer true, +so remove that. Also, changing the include directory would have +never worked. (Closes: #798773) + + -- Christian Hofstaedtler Fri, 30 Oct 2015 14:34:36 + + pdns (3.4.1-4+deb8u3) jessie-security; urgency=high * Security update: apply patches for CVE-2015-5230 diff -Nru pdns-3.4.1/debian/pdns-server.postinst pdns-3.4.1/debian/pdns-server.postinst --- pdns-3.4.1/debian/pdns-server.postinst 2015-07-08 09:30:11.0 + +++ pdns-3.4.1/debian/pdns-server.postinst 2015-10-30 14:35:13.0 + @@ -16,12 +16,7 @@ PDNSCONF=/etc/powerdns/pdns.conf PDNSDEFAULT=/etc/default/pdns -if [ -e $PDNSCONF ]; then - PDNSDIR=`cat $PDNSCONF | grep include | awk -F '=' '{print $2}'` -fi -if [ -z "$PDNSDIR" ]; then - PDNSDIR=/etc/powerdns/pdns.d -fi +PDNSDIR=/etc/powerdns/pdns.d PDNSLOCAL=$PDNSDIR/pdns.local.conf # Temporary files @@ -121,7 +116,7 @@ [ -d $PDNSDIR ] && chmod 0755 $PDNSDIR [ -e $PDNSDEFAULT ] && chmod 0644 $PDNSDEFAULT fi - + # If we still have the default config, make sure bindbackend.conf exists PDNSBIND="/etc/powerdns/pdns.d/pdns.simplebind.conf" PDNSBINDBACKENDCONF="/etc/powerdns/bindbackend.conf"
Processed: Re: Bug#801892: jessie-pu: package nvidia-graphics-drivers-legacy-304xx/304.128-1
Processing control commands: > tags -1 + confirmed Bug #801892 [release.debian.org] jessie-pu: package nvidia-graphics-drivers-legacy-304xx/304.128-1 Added tag(s) confirmed. -- 801892: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801892 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2
On Fri, 2015-10-30 at 14:32 +0100, Alessandro Ghedini wrote: > On Thu, Oct 29, 2015 at 07:52:23pm +, luca wrote: > > Package: release.debian.org > > Severity: normal > > Tags: jessie > > User: release.debian@packages.debian.org > > Usertags: pu > > > > Dear release team, > > > > We would like to update libvdpau in jessie to address a segmentation fault > > in a > > particular use case. > > > > 0.8-3+deb8u1 was uploaded through jessie-security with an upstream fix for 3 > > security bugs: CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 (see > > https://bugs.debian.org/797895). > > > > The upstream patch unfortunately introduced a regression when running with > > DRI_PRIME=1, as reported by a user in https://bugs.debian.org/802625 and > > upstream has committed a fix for it. > > > > We already uploaded a fixed version to unstable, and now we would like to > > backport it to jessie as well. The debdiff follows. I have verified that it > > fixes the problem on a vanilla jessie amd64 installation. > > > > Thank you! > > > > Kind regards, > > Luca Boccassi > > > > > > diff -Nru libvdpau-0.8/debian/changelog libvdpau-0.8/debian/changelog > > --- libvdpau-0.8/debian/changelog 2015-09-05 13:14:50.0 +0100 > > +++ libvdpau-0.8/debian/changelog 2015-10-29 19:30:28.0 + > > @@ -1,3 +1,10 @@ > > +libvdpau (0.8-3+deb8u2) jessie; urgency=medium > > The diff looks good, could you change the target to jessie-security and upload > to security-master? Committed in git, but I'll have to ask Andreas to upload as I lack the supercow powers :-) Andreas, the new version is tested and ready in the jessie branch in git [1], could you please upload to security-master when you have time? Thanks! > Also, do you plan to prepare an update for wheezy-security as well? I'll have access to a wheezy guinea pig machine on Monday, so if the regression is present there as well I'll test a patched version and reply back here. Kind regards, Luca Boccassi [1] https://anonscm.debian.org/cgit/pkg-nvidia/libvdpau.git/log/?h=jessie signature.asc Description: This is a digitally signed message part
Bug#803362: jessie-pu: package exfat-utils/1.1.0-2+deb8u1
On Fri, Oct 30, 2015 at 02:22:45PM +, Adam D. Barratt wrote: Hi, > [I also note with a little amusement that the version of exfat-utils in > wheezy appears to have been the only revision of the package ever to > have had an explicit patch system (not counting the change to "3.0 > (quilt)".] I added and droped it whenever patching was required or not. Turned out to be a pain in the ass so that I now moved on to 3.0(quilt). > Please go ahead; thanks. Uploaded for jessie. This ack was only for jessie and we handle the wheezy upload in the other bug, right? Sven
Bug#801892: jessie-pu: package nvidia-graphics-drivers-legacy-304xx/304.128-1
Control: tags -1 + confirmed On Thu, 2015-10-15 at 19:17 +0200, Andreas Beckmann wrote: > this is the next update in the series for fixing CVE-2015-5950. > > The diff is essentially the same as in nvidia-graphics-drivers 304.128-1 > (wheezy) and nvidia-graphics-drivers 340.93-0+deb8u1 (jessie) merged > into the legacy package. Please go ahead. Regards, Adam
Processed: block 789077 with 791846 791848 803489 791847
Processing commands for cont...@bugs.debian.org: > block 789077 with 791846 791848 803489 791847 Bug #789077 [release.debian.org] transition: ruby2.2 789077 was not blocked by any bugs. 789077 was not blocking any bugs. Added blocking bug(s) of 789077: 803489, 791847, 791848, and 791846 > thanks Stopping processing here. Please contact me if you need assistance. -- 789077: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789077 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#800881: jessie-pu: package nvidia-graphics-drivers/340.93-0+deb8u1
Control: tags -1 + pending On Thu, 2015-10-15 at 19:29 +0200, Andreas Beckmann wrote: > On 2015-10-10 21:01, Adam D. Barratt wrote: > > On Sun, 2015-10-04 at 16:53 +0200, Andreas Beckmann wrote: > >> Second PU request for fixing CVE-2015-5950. > > > Please go ahead. > > Uploaded, with an updated bug-script from sid and an updated pci id list > for nvidia-detect to know a few more models that will be supported by > jessie-backports (soon) Flagged for acceptance. Regards, Adam
Processed: Re: Bug#800881: jessie-pu: package nvidia-graphics-drivers/340.93-0+deb8u1
Processing control commands: > tags -1 + pending Bug #800881 [release.debian.org] jessie-pu: package nvidia-graphics-drivers/340.93-0+deb8u1 Added tag(s) pending. -- 800881: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800881 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#800877: wheezy-pu: package nvidia-graphics-drivers/304.128-1
Processing control commands: > tags -1 + pending Bug #800877 [release.debian.org] wheezy-pu: package nvidia-graphics-drivers/304.128-1 Added tag(s) pending. -- 800877: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800877 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#800877: wheezy-pu: package nvidia-graphics-drivers/304.128-1
Control: tags -1 + pending On Thu, 2015-10-15 at 19:21 +0200, Andreas Beckmann wrote: > On 2015-10-10 20:57, Adam D. Barratt wrote: > > On Sun, 2015-10-04 at 15:35 +0200, Andreas Beckmann wrote: > >> CVE-2015-5950 in the non-free nvidia-graphics-drivers shall be fixed via > >> PU, there won't be a DSA for this. > > > > Please go ahead. > > Uploaded, including an updated bug-script from sid to collect more > information. Flagged for acceptance. Regards, Adam
NEW changes in oldstable-new
Processing changes file: nvidia-graphics-drivers_304.128-1_amd64.changes ACCEPT
NEW changes in stable-new
Processing changes file: nvidia-graphics-drivers_340.93-0+deb8u1_source.changes ACCEPT
Processed: Re: Bug#803387: wheezy-pu: package exfat-utils/0.9.7-2+deb7u1
Processing control commands: > tags -1 + confirmed Bug #803387 [release.debian.org] wheezy-pu: package exfat-utils/0.9.7-2+deb7u1 Added tag(s) confirmed. -- 803387: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803387 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#803387: wheezy-pu: package exfat-utils/0.9.7-2+deb7u1
Control: tags -1 + confirmed On Thu, 2015-10-29 at 15:26 +0100, Sven Hoexter wrote: > exfat-utils (0.9.7-2+deb7u1) wheezy; urgency=medium > > * Add d/patches/check-sector-and-cluster-size. Fix for > https://github.com/relan/exfat/issues/5 found and reported by > The Fuzzing Project. > * Add d/patches/detect-infinite-loop. Fix for > https://github.com/relan/exfat/issues/6 found and reported by > The Fuzzing Project. Please go ahead. Regards, Adam
Bug#803493: nmu: ns3_3.22+dfsg-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu ns3_3.22+dfsg-1 . ALL . unstable . -m "Rebuild for libstdc++ transition" It was found that there's package in the archive makes use of ns3 when the binary is present, but no dependency is declared[1]. To avoid such problem please binNMU ns3 on all architectures. Thanks, Aron [1]https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791219#21
NEW changes in stable-new
Processing changes file: nvidia-graphics-drivers_340.93-0+deb8u1_amd64.changes ACCEPT Processing changes file: nvidia-graphics-drivers_340.93-0+deb8u1_armhf.changes ACCEPT Processing changes file: nvidia-graphics-drivers_340.93-0+deb8u1_i386.changes ACCEPT Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_arm64.changes ACCEPT Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_armel.changes ACCEPT Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_armhf.changes ACCEPT Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_powerpc.changes ACCEPT Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_ppc64el.changes ACCEPT Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_s390x.changes ACCEPT
NEW changes in oldstable-new
Processing changes file: nvidia-graphics-drivers_304.128-1_i386.changes ACCEPT
Bug#801095: jessie-pu: package uqm/0.6.2.dfsg-9.1~deb8u1
Control: tags -1 + pending On Sat, 2015-10-10 at 19:56 +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Tue, 2015-10-06 at 11:35 +0200, Andreas Beckmann wrote: > > uqm FTBFS in jessie due to a missing -lm (#792920). > > Please go ahead. Uploaded and flagged for acceptance. Regards, Adam
Bug#796345: Status report on perl 5.22 transition readiness (30th Sept)
On Fri, 30 Oct 2015 14:34:21 +0100, Emilio Pozuelo Monfort wrote: > #787493 - libapache-mod-perl: blocker There's recent work on a patch in the upstream bug: https://rt.cpan.org/Public/Bug/Display.html?id=101962 I'm optimistic this will be sorted out soon. > That'd only leave us with the apache bug. Ack, that's my impression as well. Cheers, gregor -- .''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06 : :' : Debian GNU/Linux user, admin, and developer - https://www.debian.org/ `. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe `- NP: Rolling Stones signature.asc Description: Digital Signature
NEW changes in stable-new
Processing changes file: phpmyadmin_4.2.12-2+deb8u1_amd64.changes ACCEPT Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_source.changes ACCEPT Processing changes file: virtualbox_4.3.32-dfsg-1+deb8u2_amd64.changes ACCEPT Processing changes file: virtualbox_4.3.32-dfsg-1+deb8u2_i386.changes ACCEPT Processing changes file: wordpress_4.1+dfsg-1+deb8u6_amd64.changes ACCEPT
NEW changes in oldstable-new
Processing changes file: phpmyadmin_3.4.11.1-2+deb7u2_amd64.changes ACCEPT Processing changes file: virtualbox_4.1.42-dfsg-1+deb7u1_amd64.changes ACCEPT Processing changes file: virtualbox_4.1.42-dfsg-1+deb7u1_i386.changes ACCEPT Processing changes file: wordpress_3.6.1+dfsg-1~deb7u8_amd64.changes ACCEPT
Processed: Re: Bug#801095: jessie-pu: package uqm/0.6.2.dfsg-9.1~deb8u1
Processing control commands: > tags -1 + pending Bug #801095 [release.debian.org] jessie-pu: package uqm/0.6.2.dfsg-9.1~deb8u1 Added tag(s) pending. -- 801095: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801095 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#803336: RM: mopidy/1.1.1-1
On Thu, Oct 29, 2015 at 08:48:27AM +, Julien Cristau wrote: > On Wed, Oct 28, 2015 at 23:06:07 +0100, Moritz Muehlenhoff wrote: > > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: rm > > > > Hi, > > please remove mopidy as part of the gstreamer 0.10 > > removal. According to the PTS this should have been > > auto-removed, but some reason that didn't happen: > > > > Marked for autoremoval on 16 October: > > * The removal of mopidy will also cause the removal of > > (transitive) reverse dependencies: mopidy-alsamixer > > mopidy-beets mopidy-dirble mopidy-local-sqlite mopidy-mpris > > mopidy-scrobbler mopidy-tunein mopidy-youtube > > > britney says: > > * amd64: mopidy-alsamixer, mopidy-beets, mopidy-dirble, > mopidy-local-sqlite, mopidy-mpris, mopidy-scrobbler, mopidy-tunein, > mopidy-youtube > > Those rdeps aren't marked for removal yet: Oh, I thought these were removed along rightaway automatically. Can we do that manually instead? mopidy is the last blocker for the removal of further gst0.10-plugins and the 0.10 python bindings from testing: remove mopidy-alsamixer/1.0.3-3 mopidy-beets/2.0.0-2 mopidy-dirble/1.1.2-2 mopidy-local-sqlite/1.0.0-1 mopidy-mpris/1.3.1-1 mopidy-scrobbler/1.1.1-3 mopidy-tunein/0.2.2-2 mopidy-youtube/2.0.0-2 remove mopidy/1.1.1-1 Cheers, Moritz
Bug#796345: Status report on perl 5.22 transition readiness (30th Sept)
On 30/10/15 18:59, gregor herrmann wrote: > On Fri, 30 Oct 2015 14:34:21 +0100, Emilio Pozuelo Monfort wrote: > >> #787493 - libapache-mod-perl: blocker > > There's recent work on a patch in the upstream bug: > https://rt.cpan.org/Public/Bug/Display.html?id=101962 Yeah I saw that. > I'm optimistic this will be sorted out soon. Cool. >> That'd only leave us with the apache bug. > > Ack, that's my impression as well. What about libtest-refcount-perl ? Does it have to build-depend on the RC-buggy libdevel-findref-perl ? Cheers, Emilio