Bug#803435: nmu: akonadi_15.08.2-1

2015-10-30 Thread Andreas Beckmann 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

nmu akonadi_15.08.2-1 . ANY . experimental . -m "Rebuild against 
qtbase-abi-5-5-1."

There is one package left in experimental still depending on
qtbase-abi-5-4-2.


Andreas

Bug#765639: Bug#802159: New OpenSSL upstream version

2015-10-30 Thread Don Armstrong 
On Tue, 20 Oct 2015, Don Armstrong wrote:
> If there's something specific that you'd like the CTTE to try to do
> beyond what I've just reported now, let me know.

Let me know if you'd like the CTTE to do something beyond what I've
already done.

-- 
Don Armstrong  http://www.donarmstrong.com

Bug#803336: marked as done (RM: mopidy/1.1.1-1)

2015-10-30 Thread Debian Bug Tracking System 
Your message dated Fri, 30 Oct 2015 23:16:33 +0100
with message-id <5633ec41.50...@debian.org>
and subject line Re: Bug#803336: RM: mopidy/1.1.1-1
has caused the Debian Bug report #803336,
regarding RM: mopidy/1.1.1-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
803336: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803336
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

Hi,
please remove mopidy as part of the gstreamer 0.10
removal. According to the PTS this should have been
auto-removed, but some reason that didn't happen:

Marked for autoremoval on 16 October:
* The removal of mopidy will also cause the removal of
  (transitive) reverse dependencies: mopidy-alsamixer
  mopidy-beets mopidy-dirble mopidy-local-sqlite mopidy-mpris
  mopidy-scrobbler mopidy-tunein mopidy-youtube

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
On 30/10/15 19:07, Moritz Mühlenhoff wrote:
> On Thu, Oct 29, 2015 at 08:48:27AM +, Julien Cristau wrote:
>> On Wed, Oct 28, 2015 at 23:06:07 +0100, Moritz Muehlenhoff wrote:
>>
>>> Package: release.debian.org
>>> Severity: normal
>>> User: release.debian@packages.debian.org
>>> Usertags: rm
>>>
>>> Hi,
>>> please remove mopidy as part of the gstreamer 0.10
>>> removal. According to the PTS this should have been
>>> auto-removed, but some reason that didn't happen:
>>>
>>> Marked for autoremoval on 16 October:
>>> * The removal of mopidy will also cause the removal of
>>>   (transitive) reverse dependencies: mopidy-alsamixer
>>>   mopidy-beets mopidy-dirble mopidy-local-sqlite mopidy-mpris
>>>   mopidy-scrobbler mopidy-tunein mopidy-youtube
>>>
>> britney says:
>>
>> * amd64: mopidy-alsamixer, mopidy-beets, mopidy-dirble, 
>> mopidy-local-sqlite, mopidy-mpris, mopidy-scrobbler, mopidy-tunein, 
>> mopidy-youtube
>>
>> Those rdeps aren't marked for removal yet:
> 
> Oh, I thought these were removed along rightaway automatically.
> 
> Can we do that manually instead? mopidy is the last blocker for the
> removal of further gst0.10-plugins and the 0.10 python bindings from
> testing:
> 
> remove mopidy-alsamixer/1.0.3-3 mopidy-beets/2.0.0-2 mopidy-dirble/1.1.2-2 
> mopidy-local-sqlite/1.0.0-1 mopidy-mpris/1.3.1-1 mopidy-scrobbler/1.1.1-3 
> mopidy-tunein/0.2.2-2 mopidy-youtube/2.0.0-2
> remove mopidy/1.1.1-1

You forgot mopidy-podcast-*. A few have been removed in this run, the rest
(together with gst-python and -good) will go out tomorrow.

I have also removed xfce4-mixer, FWIW.

Cheers,
Emilio--- End Message ---

Bug#796345: Status report on perl 5.22 transition readiness (30th Sept)

2015-10-30 Thread gregor herrmann 
On Fri, 30 Oct 2015 21:00:21 +0100, Emilio Pozuelo Monfort wrote:

> >> That'd only leave us with the apache bug.
> > Ack, that's my impression as well.
> What about libtest-refcount-perl ? Does it have to build-depend on the 
> RC-buggy
> libdevel-findref-perl ?

Nope its' optional.
Fixed version uploaded; thanks for noticing!


Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer -  https://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Yoro-Kery Goro: Mory


signature.asc
Description: Digital Signature

NEW changes in stable-new

2015-10-30 Thread Debian FTP Masters 
Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_amd64.changes
  ACCEPT
Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_i386.changes
  ACCEPT
Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_mips.changes
  ACCEPT
Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_mipsel.changes
  ACCEPT

Bug#765639: Bug#802159: New OpenSSL upstream version

2015-10-30 Thread Kurt Roeckx 
On Fri, Oct 30, 2015 at 02:38:13PM -0700, Don Armstrong wrote:
> On Tue, 20 Oct 2015, Don Armstrong wrote:
> > If there's something specific that you'd like the CTTE to try to do
> > beyond what I've just reported now, let me know.
> 
> Let me know if you'd like the CTTE to do something beyond what I've
> already done.

I guess I would like to know what the options are.  The way I see
it:
- The release team makes a decision
- The release team asks someone else to make the decision
- Someone makes a policy of what is acceptable, not the current
  situtation where there don't seem to be any rules.
- The DPL removes that power from their delegation.
  (One can argue that the DPL didn't have the power to delegate
   that in the first place.)
- Start a GR to overrule the DPL's delegate.

And I guess I would like advise on how to proceed.


Kurt

Bug#803435: nmu: akonadi_15.08.2-1

2015-10-30 Thread Emilio Pozuelo Monfort 
On 30/10/15 08:57, Andreas Beckmann wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: binnmu
> 
> nmu akonadi_15.08.2-1 . ANY . experimental . -m "Rebuild against 
> qtbase-abi-5-5-1."
> 
> There is one package left in experimental still depending on
> qtbase-abi-5-4-2.

Scheduled.

Emilio

Bug#803362: jessie-pu: package exfat-utils/1.1.0-2+deb8u1

2015-10-30 Thread Sven Hoexter 
On Thu, Oct 29, 2015 at 06:28:39PM +, Julien Cristau wrote:

Hi,

> The more obvious way is to not change the source format and not add quilt.

Ok I thought it would be a slightly better choice to avoid the old school
big diff.gz but since I've it as git commits at my end I'm fine.

So here's the changelog and the new debdiff:


 exfat-utils (1.1.0-2+deb8u1) jessie; urgency=medium
 .
   * Add the fix for https://github.com/relan/exfat/issues/5 found
 and reported by The Fuzzing Project. Check sector and cluster size.
   * Add the fix for https://github.com/relan/exfat/issues/6 found
 and reported by The Fuzzing Project. Detect infinite loop.



Sven
diff -u exfat-utils-1.1.0/debian/changelog exfat-utils-1.1.0/debian/changelog
--- exfat-utils-1.1.0/debian/changelog
+++ exfat-utils-1.1.0/debian/changelog
@@ -1,3 +1,12 @@
+exfat-utils (1.1.0-2+deb8u1) jessie; urgency=medium
+
+  * Add the fix for https://github.com/relan/exfat/issues/5 found
+and reported by The Fuzzing Project. Check sector and cluster size.
+  * Add the fix for https://github.com/relan/exfat/issues/6 found
+and reported by The Fuzzing Project. Detect infinite loop. 
+
+ -- Sven Hoexter   Fri, 30 Oct 2015 10:28:28 +0100
+
 exfat-utils (1.1.0-2) unstable; urgency=low
 
   * Remove debian/watch - recent changes at Google code required
diff -u exfat-utils-1.1.0/debian/gbp.conf exfat-utils-1.1.0/debian/gbp.conf
--- exfat-utils-1.1.0/debian/gbp.conf
+++ exfat-utils-1.1.0/debian/gbp.conf
@@ -2,0 +3 @@
+debian-branch = jessie-updates
only in patch2:
unchanged:
--- exfat-utils-1.1.0.orig/libexfat/mount.c
+++ exfat-utils-1.1.0/libexfat/mount.c
@@ -30,23 +30,32 @@
 
 static uint64_t rootdir_size(const struct exfat* ef)
 {
-	uint64_t clusters = 0;
+	uint32_t clusters = 0;
+	uint32_t clusters_max = le32_to_cpu(ef->sb->cluster_count);
 	cluster_t rootdir_cluster = le32_to_cpu(ef->sb->rootdir_cluster);
 
-	while (!CLUSTER_INVALID(rootdir_cluster))
+	/* Iterate all clusters of the root directory to calculate its size.
+	   It can't be contiguous because there is no flag to indicate this. */
+	do
 	{
-		clusters++;
-		/* root directory cannot be contiguous because there is no flag
-		   to indicate this */
+		if (clusters == clusters_max) /* infinite loop detected */
+		{
+			exfat_error("root directory cannot occupy all %d clusters",
+	clusters);
+			return 0;
+		}
+		if (CLUSTER_INVALID(rootdir_cluster))
+		{
+			exfat_error("bad cluster %#x while reading root directory",
+	rootdir_cluster);
+			return 0;
+		}
 		rootdir_cluster = exfat_next_cluster(ef, ef->root, rootdir_cluster);
+		clusters++;
 	}
-	if (rootdir_cluster != EXFAT_CLUSTER_END)
-	{
-		exfat_error("bad cluster %#x while reading root directory",
-rootdir_cluster);
-		return 0;
-	}
-	return clusters * CLUSTER_SIZE(*ef->sb);
+	while (rootdir_cluster != EXFAT_CLUSTER_END);
+
+	return (uint64_t) clusters * CLUSTER_SIZE(*ef->sb);
 }
 
 static const char* get_option(const char* options, const char* option_name)
@@ -208,6 +217,23 @@
 		exfat_error("exFAT file system is not found");
 		return -EIO;
 	}
+	/* sector cannot be smaller than 512 bytes */
+	if (ef->sb->sector_bits < 9)
+	{
+		exfat_close(ef->dev);
+		exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits);
+		free(ef->sb);
+		return -EIO;
+	}
+	/* officially exFAT supports cluster size up to 32 MB */
+	if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
+	{
+		exfat_close(ef->dev);
+		exfat_error("too big cluster size: 2^(%hhd+%hhd)",
+ef->sb->sector_bits, ef->sb->spc_bits);
+		free(ef->sb);
+		return -EIO;
+	}
 	ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb));
 	if (ef->zero_cluster == NULL)
 	{
@@ -242,16 +268,6 @@
 		free(ef->sb);
 		return -EIO;
 	}
-	/* officially exFAT supports cluster size up to 32 MB */
-	if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
-	{
-		free(ef->zero_cluster);
-		exfat_close(ef->dev);
-		exfat_error("too big cluster size: 2^%d",
-(int) ef->sb->sector_bits + (int) ef->sb->spc_bits);
-		free(ef->sb);
-		return -EIO;
-	}
 	if (le64_to_cpu(ef->sb->sector_count) * SECTOR_SIZE(*ef->sb) >
 			exfat_get_size(ef->dev))
 	{

Bug#802382: marked as done (transition: qtbase-opensource-src)

2015-10-30 Thread Debian Bug Tracking System 
Your message dated Fri, 30 Oct 2015 11:22:50 +0100
with message-id <563344fa.1000...@debian.org>
and subject line Re: Bug#802382: transition: qtbase-opensource-src
has caused the Debian Bug report #802382,
regarding transition: qtbase-opensource-src
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
802382: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802382
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition


Hi RT! We are ready for another qtbase's private headers transition.

As usual this is just private headers's stuff and everything is pushed to
experimental.

At the same time we will be removing src:qtenginio-opensource-src.
It's only rdeps are all managed by us and should already be fixed in
experimental.

Thanks in advance!

Ben file:

title = "qtbase-opensource-src private headers";
is_affected = .depends ~ "qtbase5-private-dev";
is_good = .depends ~ "qtbase-abi-5-5-1";
is_bad = .depends ~ "qtbase-abi-5-4-2";


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'buildd-unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
On 19/10/15 21:51, Lisandro Damián Nicanor Pérez Meyer wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> 
> 
> Hi RT! We are ready for another qtbase's private headers transition.
> 
> As usual this is just private headers's stuff and everything is pushed to
> experimental.
> 
> At the same time we will be removing src:qtenginio-opensource-src.
> It's only rdeps are all managed by us and should already be fixed in
> experimental.
> 
> Thanks in advance!

This just went in:

qtbase-opensource-src | 5.5.1+dfsg-5| testing  | source

Thanks for the good work getting things in shape!

Cheers,
Emilio--- End Message ---

Bug#802222: marked as done (transition: gdal)

2015-10-30 Thread Debian Bug Tracking System 
Your message dated Fri, 30 Oct 2015 11:23:47 +0100
with message-id <56334533.70...@debian.org>
and subject line Re: Bug#80: transition: gdal
has caused the Debian Bug report #80,
regarding transition: gdal
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
80: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=80
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

For the Debian GIS team I'd like to transition to the recently released
GDAL 1.11.3 as soon as possible.

GDAL 2.0.1 was released along with 1.11.3 but several reverse dependencies
still need patches to support GDAL 2.0, as recently discussed on the
debian-gis list: https://lists.debian.org/debian-gis/2015/10/msg00022.html

gdal (1.11.3+dfsg-1~exp1) is ready in experimental for about a month
now.

Because of the problematic mix of C & C++ symbols provided by libgdal,
as discussed in the previous transition (#756867), the virtual ABI package
provided by libgdal1i has changed to libgdal.so.1-1.11.3.

The ben file used to prepare this transition is attached.

Despite only marking the packages relying on C++ symbols as bad, I think
all affected reverse dependencies should be binNMUed as part of this
transition.

All reverse dependencies build successfully with gdal (1.11.3+dfsg-1~exp1)
from experimental, except gazebo (5.0.1+dfsg-2.1) and
mysql-workbench (6.3.4+dfsg-1) which FTBFS for unrelated reasons. They
both fail to build with plain unstable too.

libgdal-grass (1.11.2-1) doesn't need a binNMU, libgdal-grass (1.11.3-1)
will be uploaded to unstable instead (after liblas & grass have been
rebuilt).


Transition: gdal

 libgdal1i (1.11.2+dfsg-3) -> libgdal1i (1.11.3+dfsg-1)
 libgdal.so.1-1.11.2   -> libgdal.so.1-1.11.3

The status of the most recent rebuilds is as follows.

 dans-gdal-scripts (0.23-4)   OK
 fiona (1.6.2-1)  OK
 gazebo(5.0.1+dfsg-2.1)   FTBFS
 gmt   (5.1.2+dfsg1-2)OK
 imposm(2.6.0+ds-2)   OK
 libcitygml(2.0-1)OK
 liblas(1.8.0-5)  OK
 libosmium (2.4.1-3)  OK
 mapcache  (1.4.0-4)  OK
 mapnik(3.0.7+ds-4)   OK
 mapserver (7.0.0-5)  OK
 merkaartor(0.18.2-1) OK
 mysql-workbench   (6.3.4+dfsg-1) FTBFS
 ncl   (6.3.0-4~exp2) OK
 node-srs  (0.4.8+dfsg-2) OK
 openscenegraph(3.2.1-7)  OK
 osmium(0.0~20150428-7f23002-2)   OK
 osrm  (4.7.1-2)  OK
 postgis   (2.1.8+dfsg-4 / 2.2.0+dfsg-1~exp1) OK / OK
 pprepair  (0.0~20150323-6284890-2)   OK
 prepair   (0.7-3)OK
 qlandkartegt  (1.8.1+ds-2)   OK
 qmapshack (1.3.1-1)  OK
 rasterio  (0.28.0-1) OK
 saga  (2.2.1+dfsg-1) OK
 sumo  (0.23.0+dfsg1-2)   OK
 thuban(1.2.2-8)  OK
 vtk6  (6.2.0+dfsg1-4)OK
 xastir(2.0.6-4)  OK

 grass (7.0.1-2)  OK
 osgearth  (2.5.0+dfsg-7 / 2.7.0+dfsg-1~exp4) OK / OK
 osmcoastline  (2.1.1-1)  OK
 pktools   (2.6.4-3)  OK
 pyosmium  (2.4.1-2)  OK

 libgdal-grass (1.11.2-1 / 1.11.3-1)  FTBFS / OK
 qgis  (2.8.3+dfsg-3) OK
--- End Message ---
--- Begin Message ---
On 22/10/15 23:39, Emilio Pozuelo Monfort wrote:
> On 22/10/15 01:48, Sebastiaan Couwenberg wrote:
>> On 22-10-15 00:26, Emilio Pozuelo Monfort wrote:
>>> On 21/10/15 21:30, Sebastiaan Couwenberg wrote:
 On 21-10-15 21:19, Emilio Pozuelo Monfort wrote:
> On 18/10/15 16:38, Bas Couwenberg wrote:
>> Despite only marking the packages relying on C++ symbols as bad, I think
>> all affected reverse dependencies should be binNMUed as part of this
>> transition.
>
> Why is that?

 Mostly to be better safe than sorry.

> If

Bug#803467: jessie-pu: package redis/2:2.8.17-1+deb8u1

2015-10-30 Thread Chris Lamb 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I'd like update redis in stable to fix an issue when running under
systemd (#803233). Most documentation on the internet assumes that this
should Just Work and it is a little more secure than using /tmp or a TCP
port, etc.

Tested debdiff:

  diff --git a/debian/changelog b/debian/changelog
  index d8fa3ff..f736d1d 100644
  --- a/debian/changelog
  +++ b/debian/changelog
  @@ -1,3 +1,11 @@
  +redis (2:2.8.17-1+deb8u2) stable; urgency=medium
  +
  +  * Backport debian/redis-server.tmpfile from unstable so that a
  valid runtime
  +directory is created when running under systemd. This ensures
  that there is
  +a secure and sensible location for the UNIX socket. (Closes:
  #803233)
  +
  + -- Chris Lamb   Fri, 30 Oct 2015 11:31:58 +
  +
   redis (2:2.8.17-1+deb8u1) jessie-security; urgency=high
   
 * Fix Lua sandbox bypass by disabling Lua bytecode loading
  diff --git a/debian/redis-server.tmpfile b/debian/redis-server.tmpfile
  new file mode 100644
  index 000..740e1ae
  --- /dev/null
  +++ b/debian/redis-server.tmpfile
  @@ -0,0 +1 @@
  +d /run/redis 2775 redis redis -


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#796345: Status report on perl 5.22 transition readiness (30th Sept)

2015-10-30 Thread Emilio Pozuelo Monfort 
So of the blockers:

#787912 - can be removed together with its one rdep, not a blocker
#787499 - can be removed together with its one rdep, not a blocker

#787493 - libapache-mod-perl: blocker

#787446 - libdevel-findref-perl: has one rdep and one build-rdep:

Checking reverse dependencies...
# Broken Depends:
libtest-bdd-cucumber-perl: libtest-bdd-cucumber-perl

# Broken Build-Depends:
libtest-bdd-cucumber-perl: libdevel-findref-perl
libtest-refcount-perl: libdevel-findref-perl (>= 1.430)

libtest-bdd-cucumber-perl has no rdeps and could be removed.

libtest-refcount-perl has lots of rdeps. However it doesn't depend on
libdevel-findref-perl. Is the build-dependency necessary? If not, then #787446
wouldn't be a blocker.

That'd only leave us with the apache bug.

Cheers,
Emilio

Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2

2015-10-30 Thread Alessandro Ghedini 
On Thu, Oct 29, 2015 at 07:52:23pm +, luca wrote:
> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian@packages.debian.org
> Usertags: pu
> 
> Dear release team,
> 
> We would like to update libvdpau in jessie to address a segmentation fault in 
> a
> particular use case.
> 
> 0.8-3+deb8u1 was uploaded through jessie-security with an upstream fix for 3
> security bugs: CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 (see
> https://bugs.debian.org/797895).
> 
> The upstream patch unfortunately introduced a regression when running with
> DRI_PRIME=1, as reported by a user in https://bugs.debian.org/802625 and
> upstream has committed a fix for it.
> 
> We already uploaded a fixed version to unstable, and now we would like to
> backport it to jessie as well. The debdiff follows. I have verified that it
> fixes the problem on a vanilla jessie amd64 installation.
> 
> Thank you!
> 
> Kind regards,
> Luca Boccassi
> 
> 
> diff -Nru libvdpau-0.8/debian/changelog libvdpau-0.8/debian/changelog
> --- libvdpau-0.8/debian/changelog   2015-09-05 13:14:50.0 +0100
> +++ libvdpau-0.8/debian/changelog   2015-10-29 19:30:28.0 +
> @@ -1,3 +1,10 @@
> +libvdpau (0.8-3+deb8u2) jessie; urgency=medium

The diff looks good, could you change the target to jessie-security and upload
to security-master?

Also, do you plan to prepare an update for wheezy-security as well?

Cheers


signature.asc
Description: PGP signature

Bug#796345: Status report on perl 5.22 transition readiness (30th Sept)

2015-10-30 Thread intrigeri 
Hi,

Emilio Pozuelo Monfort wrote (30 Oct 2015 13:34:21 GMT) :
> #787446 - libdevel-findref-perl: has one rdep and one build-rdep:

> Checking reverse dependencies...
> # Broken Depends:
> libtest-bdd-cucumber-perl: libtest-bdd-cucumber-perl

> # Broken Build-Depends:
> libtest-bdd-cucumber-perl: libdevel-findref-perl

Thanks fot the heads up.

Devel::FindRef is optional since Test::BDD::Cucumber 0.36 ⇒ I've just
pushed changes to Vcs-Git that drop the hard {build,run}time
dependencies. Lots of Tails -specific code is tested with
Test::BDD::Cucumber, so I'll try to keep it in the archive.

Cheers,
-- 
intrigeri

Bug#803467: jessie-pu: package redis/2:2.8.17-1+deb8u1

2015-10-30 Thread Adam D. Barratt 
Control: tags -1 + confirmed

On Fri, 2015-10-30 at 11:49 +, Chris Lamb wrote:
> I'd like update redis in stable to fix an issue when running under
> systemd (#803233). Most documentation on the internet assumes that this
> should Just Work and it is a little more secure than using /tmp or a TCP
> port, etc.
[...]
>   +  * Backport debian/redis-server.tmpfile from unstable so that a
>   valid runtime
>   +directory is created when running under systemd. This ensures
>   that there is
>   +a secure and sensible location for the UNIX socket. (Closes:
>   #803233)

Please go ahead; thanks.

Regards,

Adam

Processed: Re: Bug#803467: jessie-pu: package redis/2:2.8.17-1+deb8u1

2015-10-30 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + confirmed
Bug #803467 [release.debian.org] jessie-pu: package redis/2:2.8.17-1+deb8u1
Added tag(s) confirmed.

-- 
803467: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803467
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#796345: Status report on perl 5.22 transition readiness (30th Sept)

2015-10-30 Thread Emilio Pozuelo Monfort 
On 01/10/15 02:22, Emilio Pozuelo Monfort wrote:
> I want to finish python 3.5 and ruby 2.2. After that, it could happen at any
> time I think (I have to look if the packages affected by the libstdc++
> transition have been renamed).

Doesn't look like there are any remaining conflicts with the libstdc++6
transition, so that shouldn't be a blocker.

Cheers,
Emilio

Processed: Re: Bug#803362: jessie-pu: package exfat-utils/1.1.0-2+deb8u1

2015-10-30 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + confirmed
Bug #803362 [release.debian.org] jessie-pu: package exfat-utils/1.1.0-2+deb8u1
Added tag(s) confirmed.

-- 
803362: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803362
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#803362: jessie-pu: package exfat-utils/1.1.0-2+deb8u1

2015-10-30 Thread Adam D. Barratt 
Control: tags -1 + confirmed

On Fri, 2015-10-30 at 10:59 +0100, Sven Hoexter wrote:
> On Thu, Oct 29, 2015 at 06:28:39PM +, Julien Cristau wrote:
> 
> Hi,
> 
> > The more obvious way is to not change the source format and not add quilt.
> 
> Ok I thought it would be a slightly better choice to avoid the old school
> big diff.gz but since I've it as git commits at my end I'm fine.

There's different opinions as to which approach is better, but the
current SRMs tend towards direct patching being the safer approach for
an update in stable.

Some packages in this situation take a hybrid approach where a patches
directory is maintained in the source package as a record of the changes
made, but the actual changes are directly applied to the source. This
does make the diff a little larger, but it depends on what works best
for the maintainer.

[I also note with a little amusement that the version of exfat-utils in
wheezy appears to have been the only revision of the package ever to
have had an explicit patch system (not counting the change to "3.0
(quilt)".]

> So here's the changelog and the new debdiff:
> 
> 
>  exfat-utils (1.1.0-2+deb8u1) jessie; urgency=medium
>  .
>* Add the fix for https://github.com/relan/exfat/issues/5 found
>  and reported by The Fuzzing Project. Check sector and cluster size.
>* Add the fix for https://github.com/relan/exfat/issues/6 found
>  and reported by The Fuzzing Project. Detect infinite loop.

Please go ahead; thanks.

Regards,

Adam

Bug#803490: jessie-pu: package pdns/3.4.1-4+deb8u4

2015-10-30 Thread Christian Hofstaedtler 
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: jessie
Severity: normal

Dear Release Team,

there's a bug affecting pdns in stable (jessie): #798773

Upgrading -to- the jessie version from wheezy works fine, but
subsequent upgrades in jessie fail if users don't strip the config
file of comments.

This is quite bad for security updates, so please consider the
attached debdiff.

(Fixed in sid.)

Many thanks,
-- 
 ,''`.  Christian Hofstaedtler 
: :' :  Debian Developer
`. `'   7D1A CFFA D9E0 806C 9C4C  D392 5C13 D6DB 9305 2E03
  `-
diff -Nru pdns-3.4.1/debian/changelog pdns-3.4.1/debian/changelog
--- pdns-3.4.1/debian/changelog 2015-08-26 11:02:28.0 +
+++ pdns-3.4.1/debian/changelog 2015-10-30 14:35:13.0 +
@@ -1,3 +1,14 @@
+pdns (3.4.1-4+deb8u4) jessie; urgency=medium
+
+  * Fix upgrades with default configuration.
+The postinst script used to do a "grep include" on pdns.conf, which
+in older versions would work (mostly), because the default config
+only had a single "include=" entry. Now this is no longer true,
+so remove that. Also, changing the include directory would have
+never worked. (Closes: #798773)
+
+ -- Christian Hofstaedtler   Fri, 30 Oct 2015 14:34:36 +
+
 pdns (3.4.1-4+deb8u3) jessie-security; urgency=high
 
   * Security update: apply patches for CVE-2015-5230
diff -Nru pdns-3.4.1/debian/pdns-server.postinst 
pdns-3.4.1/debian/pdns-server.postinst
--- pdns-3.4.1/debian/pdns-server.postinst  2015-07-08 09:30:11.0 
+
+++ pdns-3.4.1/debian/pdns-server.postinst  2015-10-30 14:35:13.0 
+
@@ -16,12 +16,7 @@
 
 PDNSCONF=/etc/powerdns/pdns.conf
 PDNSDEFAULT=/etc/default/pdns
-if [ -e $PDNSCONF ]; then
-  PDNSDIR=`cat $PDNSCONF | grep include | awk -F '=' '{print $2}'`
-fi
-if [ -z "$PDNSDIR" ]; then
-  PDNSDIR=/etc/powerdns/pdns.d
-fi
+PDNSDIR=/etc/powerdns/pdns.d
 PDNSLOCAL=$PDNSDIR/pdns.local.conf
 
 # Temporary files
@@ -121,7 +116,7 @@
   [ -d $PDNSDIR ] && chmod 0755 $PDNSDIR
   [ -e $PDNSDEFAULT ] && chmod 0644 $PDNSDEFAULT
 fi
-
+
 # If we still have the default config, make sure bindbackend.conf exists
 PDNSBIND="/etc/powerdns/pdns.d/pdns.simplebind.conf"
 PDNSBINDBACKENDCONF="/etc/powerdns/bindbackend.conf"

Processed: Re: Bug#801892: jessie-pu: package nvidia-graphics-drivers-legacy-304xx/304.128-1

2015-10-30 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + confirmed
Bug #801892 [release.debian.org] jessie-pu: package 
nvidia-graphics-drivers-legacy-304xx/304.128-1
Added tag(s) confirmed.

-- 
801892: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801892
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2

2015-10-30 Thread Luca Boccassi 
On Fri, 2015-10-30 at 14:32 +0100, Alessandro Ghedini wrote:
> On Thu, Oct 29, 2015 at 07:52:23pm +, luca wrote:
> > Package: release.debian.org
> > Severity: normal
> > Tags: jessie
> > User: release.debian@packages.debian.org
> > Usertags: pu
> > 
> > Dear release team,
> > 
> > We would like to update libvdpau in jessie to address a segmentation fault 
> > in a
> > particular use case.
> > 
> > 0.8-3+deb8u1 was uploaded through jessie-security with an upstream fix for 3
> > security bugs: CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 (see
> > https://bugs.debian.org/797895).
> > 
> > The upstream patch unfortunately introduced a regression when running with
> > DRI_PRIME=1, as reported by a user in https://bugs.debian.org/802625 and
> > upstream has committed a fix for it.
> > 
> > We already uploaded a fixed version to unstable, and now we would like to
> > backport it to jessie as well. The debdiff follows. I have verified that it
> > fixes the problem on a vanilla jessie amd64 installation.
> > 
> > Thank you!
> > 
> > Kind regards,
> > Luca Boccassi
> > 
> > 
> > diff -Nru libvdpau-0.8/debian/changelog libvdpau-0.8/debian/changelog
> > --- libvdpau-0.8/debian/changelog   2015-09-05 13:14:50.0 +0100
> > +++ libvdpau-0.8/debian/changelog   2015-10-29 19:30:28.0 +
> > @@ -1,3 +1,10 @@
> > +libvdpau (0.8-3+deb8u2) jessie; urgency=medium
> 
> The diff looks good, could you change the target to jessie-security and upload
> to security-master?

Committed in git, but I'll have to ask Andreas to upload as I lack the
supercow powers :-)

Andreas, the new version is tested and ready in the jessie branch in git
[1], could you please upload to security-master when you have time?
Thanks!

> Also, do you plan to prepare an update for wheezy-security as well?

I'll have access to a wheezy guinea pig machine on Monday, so if the
regression is present there as well I'll test a patched version and
reply back here.

Kind regards,
Luca Boccassi

[1] https://anonscm.debian.org/cgit/pkg-nvidia/libvdpau.git/log/?h=jessie


signature.asc
Description: This is a digitally signed message part

Bug#803362: jessie-pu: package exfat-utils/1.1.0-2+deb8u1

2015-10-30 Thread Sven Hoexter 
On Fri, Oct 30, 2015 at 02:22:45PM +, Adam D. Barratt wrote:

Hi,

> [I also note with a little amusement that the version of exfat-utils in
> wheezy appears to have been the only revision of the package ever to
> have had an explicit patch system (not counting the change to "3.0
> (quilt)".]

I added and droped it whenever patching was required or not. Turned out
to be a pain in the ass so that I now moved on to 3.0(quilt).


> Please go ahead; thanks.

Uploaded for jessie. This ack was only for jessie and we handle the wheezy
upload in the other bug, right?

Sven

Bug#801892: jessie-pu: package nvidia-graphics-drivers-legacy-304xx/304.128-1

2015-10-30 Thread Adam D. Barratt 
Control: tags -1 + confirmed

On Thu, 2015-10-15 at 19:17 +0200, Andreas Beckmann wrote:
> this is the next update in the series for fixing CVE-2015-5950.
> 
> The diff is essentially the same as in nvidia-graphics-drivers 304.128-1
> (wheezy) and nvidia-graphics-drivers 340.93-0+deb8u1 (jessie) merged
> into the legacy package.

Please go ahead.

Regards,

Adam

Processed: block 789077 with 791846 791848 803489 791847

2015-10-30 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> block 789077 with 791846 791848 803489 791847
Bug #789077 [release.debian.org] transition: ruby2.2
789077 was not blocked by any bugs.
789077 was not blocking any bugs.
Added blocking bug(s) of 789077: 803489, 791847, 791848, and 791846
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
789077: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789077
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#800881: jessie-pu: package nvidia-graphics-drivers/340.93-0+deb8u1

2015-10-30 Thread Adam D. Barratt 
Control: tags -1 + pending

On Thu, 2015-10-15 at 19:29 +0200, Andreas Beckmann wrote:
> On 2015-10-10 21:01, Adam D. Barratt wrote:
> > On Sun, 2015-10-04 at 16:53 +0200, Andreas Beckmann wrote:
> >> Second PU request for fixing CVE-2015-5950.
> 
> > Please go ahead.
> 
> Uploaded, with an updated bug-script from sid and an updated pci id list
> for nvidia-detect to know a few more models that will be supported by
> jessie-backports (soon)

Flagged for acceptance.

Regards,

Adam

Processed: Re: Bug#800881: jessie-pu: package nvidia-graphics-drivers/340.93-0+deb8u1

2015-10-30 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + pending
Bug #800881 [release.debian.org] jessie-pu: package 
nvidia-graphics-drivers/340.93-0+deb8u1
Added tag(s) pending.

-- 
800881: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800881
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#800877: wheezy-pu: package nvidia-graphics-drivers/304.128-1

2015-10-30 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + pending
Bug #800877 [release.debian.org] wheezy-pu: package 
nvidia-graphics-drivers/304.128-1
Added tag(s) pending.

-- 
800877: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800877
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#800877: wheezy-pu: package nvidia-graphics-drivers/304.128-1

2015-10-30 Thread Adam D. Barratt 
Control: tags -1 + pending

On Thu, 2015-10-15 at 19:21 +0200, Andreas Beckmann wrote:
> On 2015-10-10 20:57, Adam D. Barratt wrote:
> > On Sun, 2015-10-04 at 15:35 +0200, Andreas Beckmann wrote:
> >> CVE-2015-5950 in the non-free nvidia-graphics-drivers shall be fixed via
> >> PU, there won't be a DSA for this.
> > 
> > Please go ahead.
> 
> Uploaded, including an updated bug-script from sid to collect more
> information.

Flagged for acceptance.

Regards,

Adam

NEW changes in oldstable-new

2015-10-30 Thread Debian FTP Masters 
Processing changes file: nvidia-graphics-drivers_304.128-1_amd64.changes
  ACCEPT

NEW changes in stable-new

2015-10-30 Thread Debian FTP Masters 
Processing changes file: nvidia-graphics-drivers_340.93-0+deb8u1_source.changes
  ACCEPT

Processed: Re: Bug#803387: wheezy-pu: package exfat-utils/0.9.7-2+deb7u1

2015-10-30 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + confirmed
Bug #803387 [release.debian.org] wheezy-pu: package exfat-utils/0.9.7-2+deb7u1
Added tag(s) confirmed.

-- 
803387: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803387
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#803387: wheezy-pu: package exfat-utils/0.9.7-2+deb7u1

2015-10-30 Thread Adam D. Barratt 
Control: tags -1 + confirmed

On Thu, 2015-10-29 at 15:26 +0100, Sven Hoexter wrote:
> exfat-utils (0.9.7-2+deb7u1) wheezy; urgency=medium
> 
>   * Add d/patches/check-sector-and-cluster-size. Fix for
> https://github.com/relan/exfat/issues/5 found and reported by
> The Fuzzing Project.
>   * Add d/patches/detect-infinite-loop. Fix for
> https://github.com/relan/exfat/issues/6 found and reported by
> The Fuzzing Project.

Please go ahead.

Regards,

Adam

Bug#803493: nmu: ns3_3.22+dfsg-1

2015-10-30 Thread Aron Xu 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

nmu ns3_3.22+dfsg-1 . ALL . unstable . -m "Rebuild for libstdc++ transition"

It was found that there's package in the archive makes use of ns3 when
the binary is present, but no dependency is declared[1]. To avoid such
problem please binNMU ns3 on all architectures.

Thanks,
Aron

[1]https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791219#21

NEW changes in stable-new

2015-10-30 Thread Debian FTP Masters 
Processing changes file: nvidia-graphics-drivers_340.93-0+deb8u1_amd64.changes
  ACCEPT
Processing changes file: nvidia-graphics-drivers_340.93-0+deb8u1_armhf.changes
  ACCEPT
Processing changes file: nvidia-graphics-drivers_340.93-0+deb8u1_i386.changes
  ACCEPT
Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_arm64.changes
  ACCEPT
Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_armel.changes
  ACCEPT
Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_armhf.changes
  ACCEPT
Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_powerpc.changes
  ACCEPT
Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_ppc64el.changes
  ACCEPT
Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_s390x.changes
  ACCEPT

NEW changes in oldstable-new

2015-10-30 Thread Debian FTP Masters 
Processing changes file: nvidia-graphics-drivers_304.128-1_i386.changes
  ACCEPT

Bug#801095: jessie-pu: package uqm/0.6.2.dfsg-9.1~deb8u1

2015-10-30 Thread Adam D. Barratt 
Control: tags -1 + pending

On Sat, 2015-10-10 at 19:56 +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Tue, 2015-10-06 at 11:35 +0200, Andreas Beckmann wrote:
> > uqm FTBFS in jessie due to a missing -lm (#792920).
> 
> Please go ahead.

Uploaded and flagged for acceptance.

Regards,

Adam

Bug#796345: Status report on perl 5.22 transition readiness (30th Sept)

2015-10-30 Thread gregor herrmann 
On Fri, 30 Oct 2015 14:34:21 +0100, Emilio Pozuelo Monfort wrote:

> #787493 - libapache-mod-perl: blocker

There's recent work on a patch in the upstream bug:
https://rt.cpan.org/Public/Bug/Display.html?id=101962

I'm optimistic this will be sorted out soon.
 
> That'd only leave us with the apache bug.

Ack, that's my impression as well.


Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer -  https://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Rolling Stones


signature.asc
Description: Digital Signature

NEW changes in stable-new

2015-10-30 Thread Debian FTP Masters 
Processing changes file: phpmyadmin_4.2.12-2+deb8u1_amd64.changes
  ACCEPT
Processing changes file: uqm_0.6.2.dfsg-9.1~deb8u1_source.changes
  ACCEPT
Processing changes file: virtualbox_4.3.32-dfsg-1+deb8u2_amd64.changes
  ACCEPT
Processing changes file: virtualbox_4.3.32-dfsg-1+deb8u2_i386.changes
  ACCEPT
Processing changes file: wordpress_4.1+dfsg-1+deb8u6_amd64.changes
  ACCEPT

NEW changes in oldstable-new

2015-10-30 Thread Debian FTP Masters 
Processing changes file: phpmyadmin_3.4.11.1-2+deb7u2_amd64.changes
  ACCEPT
Processing changes file: virtualbox_4.1.42-dfsg-1+deb7u1_amd64.changes
  ACCEPT
Processing changes file: virtualbox_4.1.42-dfsg-1+deb7u1_i386.changes
  ACCEPT
Processing changes file: wordpress_3.6.1+dfsg-1~deb7u8_amd64.changes
  ACCEPT

Processed: Re: Bug#801095: jessie-pu: package uqm/0.6.2.dfsg-9.1~deb8u1

2015-10-30 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + pending
Bug #801095 [release.debian.org] jessie-pu: package uqm/0.6.2.dfsg-9.1~deb8u1
Added tag(s) pending.

-- 
801095: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801095
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#803336: RM: mopidy/1.1.1-1

2015-10-30 Thread Moritz Mühlenhoff 
On Thu, Oct 29, 2015 at 08:48:27AM +, Julien Cristau wrote:
> On Wed, Oct 28, 2015 at 23:06:07 +0100, Moritz Muehlenhoff wrote:
> 
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: rm
> > 
> > Hi,
> > please remove mopidy as part of the gstreamer 0.10
> > removal. According to the PTS this should have been
> > auto-removed, but some reason that didn't happen:
> > 
> > Marked for autoremoval on 16 October:
> > * The removal of mopidy will also cause the removal of
> >   (transitive) reverse dependencies: mopidy-alsamixer
> >   mopidy-beets mopidy-dirble mopidy-local-sqlite mopidy-mpris
> >   mopidy-scrobbler mopidy-tunein mopidy-youtube
> > 
> britney says:
> 
> * amd64: mopidy-alsamixer, mopidy-beets, mopidy-dirble, 
> mopidy-local-sqlite, mopidy-mpris, mopidy-scrobbler, mopidy-tunein, 
> mopidy-youtube
> 
> Those rdeps aren't marked for removal yet:

Oh, I thought these were removed along rightaway automatically.

Can we do that manually instead? mopidy is the last blocker for the
removal of further gst0.10-plugins and the 0.10 python bindings from
testing:

remove mopidy-alsamixer/1.0.3-3 mopidy-beets/2.0.0-2 mopidy-dirble/1.1.2-2 
mopidy-local-sqlite/1.0.0-1 mopidy-mpris/1.3.1-1 mopidy-scrobbler/1.1.1-3 
mopidy-tunein/0.2.2-2 mopidy-youtube/2.0.0-2
remove mopidy/1.1.1-1

Cheers,
Moritz

Bug#796345: Status report on perl 5.22 transition readiness (30th Sept)

2015-10-30 Thread Emilio Pozuelo Monfort 
On 30/10/15 18:59, gregor herrmann wrote:
> On Fri, 30 Oct 2015 14:34:21 +0100, Emilio Pozuelo Monfort wrote:
> 
>> #787493 - libapache-mod-perl: blocker
> 
> There's recent work on a patch in the upstream bug:
> https://rt.cpan.org/Public/Bug/Display.html?id=101962

Yeah I saw that.

> I'm optimistic this will be sorted out soon.

Cool.

>> That'd only leave us with the apache bug.
> 
> Ack, that's my impression as well.

What about libtest-refcount-perl ? Does it have to build-depend on the RC-buggy
libdevel-findref-perl ?

Cheers,
Emilio