Bug#869966: stretch-pu: package gosa-plugin-mailaddress/0.99.5-2+deb9u1

2017-08-01 Thread Mike Gabriel 

Hi Adam,

On  So 30 Jul 2017 23:49:13 CEST, Adam D. Barratt wrote:


Control: tags -1 + confirmed

On Fri, 2017-07-28 at 10:59 +0200, Mike Gabriel wrote:
Vincent Danjean spotted a flaw in gosa-plugin-mailaddress,  
recently, that relates to the

renaming of class constructor names as required with PHP 7.

The attached .debdiff fixes this issue for Debian stretch. Please  
accept the .debdiff as

a stretch-pu upload candidate.


+gosa-plugin-mailaddress (0.99.5-2+deb9u1) stretch-proposed-updates;  
urgency=medium


Ack. Package adapted this this.


The preferred changelog distribution is simply "stretch".

Please go ahead.


Uploaded just now.

Mike
--

mike gabriel aka sunweaver (Debian Developer)
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunwea...@debian.org, http://sunweavers.net



pgpDFevhnoaLv.pgp
Description: Digitale PGP-Signatur

Bug#870402: nmu: libvoikko_4.1-1

2017-08-01 Thread Andreas Beckmann 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

nmu libvoikko_4.1-1 . ANY . unstable . -m "Rebuild against libhfstospell9."

The transition tracker does not seem to pick up this transition (only
libvoikko is affected).


Andreas

Processed: reopening 868455, block 868455 with 869762

2017-08-01 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> reopen 868455
Bug #868455 {Done: Gianfranco Costamagna } 
[src:libbiod] libbiod: FTBFS with new ldc?
Bug reopened
Ignoring request to alter fixed versions of bug #868455 to the same values 
previously set
> block 868455 with 869762
Bug #868455 [src:libbiod] libbiod: FTBFS with new ldc?
868455 was not blocked by any bugs.
868455 was not blocking any bugs.
Added blocking bug(s) of 868455: 869762
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
868455: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868455
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#870376: jessie-pu: package sudo/1.8.10p3-1+deb8u5

2017-08-01 Thread Salvatore Bonaccorso 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hi

sudo in jessie ist still affected by CVE-2017-1000368. The issue IMHo
does not need a DSA, since with the previous fixes due to the /dev
traversal changes the issue was not anymore exploitable. Still it
would make sense IMHO to address it. Attached is the proposed debdiff.

But in the Debian BTS: #863897

Regards,
Salvatore
diff -Nru sudo-1.8.10p3/debian/changelog sudo-1.8.10p3/debian/changelog
--- sudo-1.8.10p3/debian/changelog  2017-05-28 13:25:43.0 +0200
+++ sudo-1.8.10p3/debian/changelog  2017-08-01 15:00:25.0 +0200
@@ -1,3 +1,10 @@
+sudo (1.8.10p3-1+deb8u5) jessie; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2017-1000368: Arbitrary terminal access (Closes: #863897)
+
+ -- Salvatore Bonaccorso   Tue, 01 Aug 2017 15:00:25 +0200
+
 sudo (1.8.10p3-1+deb8u4) jessie-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru sudo-1.8.10p3/debian/patches/CVE-2017-1000368.patch 
sudo-1.8.10p3/debian/patches/CVE-2017-1000368.patch
--- sudo-1.8.10p3/debian/patches/CVE-2017-1000368.patch 1970-01-01 
01:00:00.0 +0100
+++ sudo-1.8.10p3/debian/patches/CVE-2017-1000368.patch 2017-08-01 
15:00:25.0 +0200
@@ -0,0 +1,76 @@
+
+# HG changeset patch
+# User Todd C. Miller 
+# Date 1496243671 21600
+# Node ID 15a46f4007dde8e819dd2c70e670a529bbb9d312
+# Parent  6f3d9816541ba84055ae5aec6ff9d9523c2a96f3
+A command name may also contain newline characters so read
+/proc/self/stat until EOF.  It is not legal for /proc/self/stat to
+contain embedded NUL bytes so treat the file as corrupt if we see
+any.  With help from Qualys.
+
+This is not exploitable due to the /dev traversal changes in sudo
+1.8.20p1 (thanks Solar!).
+
+--- a/src/ttyname.c
 b/src/ttyname.c
+@@ -412,24 +412,36 @@ get_process_ttyname(void)
+ char *
+ get_process_ttyname(void)
+ {
+-char path[PATH_MAX], *line = NULL, *tty = NULL;
+-size_t linesize = 0;
+-ssize_t len;
+-FILE *fp;
++char path[PATH_MAX], *tty = NULL;
++char *cp, buf[1024];
++ssize_t nread;
++int fd;
+ debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL)
+ 
+-/* Try to determine the tty from tty_nr in /proc/pid/stat. */
+-snprintf(path, sizeof(path), "/proc/%u/stat", (unsigned int)getpid());
+-if ((fp = fopen(path, "r")) != NULL) {
+-  len = getline(, , fp);
+-  fclose(fp);
+-  if (len != -1) {
++/*
++ * Try to determine the tty from tty_nr in /proc/pid/stat.
++ * Ignore /proc/self/stat if it contains embedded NUL bytes.
++ */
++if ((fd = open(path, O_RDONLY | O_NOFOLLOW)) != -1) {
++cp = buf;
++while ((nread = read(fd, cp, buf + sizeof(buf) - cp)) != 0) {
++if (nread == -1) {
++if (errno == EAGAIN || errno == EINTR)
++continue;
++break;
++}
++cp += nread;
++if (cp >= buf + sizeof(buf))
++break;
++}
++if (nread == 0 && memchr(buf, '\0', cp - buf) == NULL) {
+ /*
+  * Field 7 is the tty dev (0 if no tty).
+- * Since the process name at field 2 "(comm)" may include spaces,
+- * start at the last ')' found.
++ * Since the process name at field 2 "(comm)" may include
++ * whitespace (including newlines), start at the last ')' found.
+  */
+-char *cp = strrchr(line, ')');
++*cp = '\0';
++cp = strrchr(buf, ')');
+ if (cp != NULL) {
+ char *ep = cp;
+ const char *errstr;
+@@ -453,7 +465,8 @@ get_process_ttyname(void)
+ }
+   }
+   }
+-  efree(line);
++if (fd != -1)
++close(fd);
+ }
+ 
+ debug_return_str(tty);
diff -Nru sudo-1.8.10p3/debian/patches/series 
sudo-1.8.10p3/debian/patches/series
--- sudo-1.8.10p3/debian/patches/series 2017-05-28 13:25:43.0 +0200
+++ sudo-1.8.10p3/debian/patches/series 2017-08-01 15:00:25.0 +0200
@@ -16,3 +16,4 @@
 CVE-2015-5602-6.patch
 CVE-2015-5602-7.patch
 CVE-2017-1000367.patch
+CVE-2017-1000368.patch

Bug#870336: Helping migration of camlp5, lablgtk2, etc.

2017-08-01 Thread Stéphane Glondu 
Package: release.debian.org
Severity: normal

Dear RT,

camlp5, lablgtk2 and other packages have been waiting for migration to
testing for a while. Their migration is essentially blocked by
hol-light and botch which FTBFS at the moment.

Here are hints to make things evolve (courtesy of comigrate):

age-days 4 frama-c/20161101+silicon+dfsg-6
age-days 3 pxp/1.2.9-1
age-days 3 utop/1.19.3-2
easy aac-tactics/amd64/8.6.1-1 aac-tactics/arm64/8.6.1-1 
aac-tactics/armel/8.6.1-1 aac-tactics/armhf/8.6.1-1 aac-tactics/i386/8.6.1-1 
aac-tactics/mips/8.6.1-1 aac-tactics/mips64el/8.6.1-1 
aac-tactics/mipsel/8.6.1-1 aac-tactics/ppc64el/8.6.1-1 
aac-tactics/s390x/8.6.1-1 advi/mips/1.10.2-3 advi/mips64el/1.10.2-3 
advi/mipsel/1.10.2-3 advi/ppc64el/1.10.2-3 advi/s390x/1.10.2-3 
alt-ergo/mips/1.30-1 alt-ergo/mips64el/1.30-1 alt-ergo/mipsel/1.30-1 
alt-ergo/ppc64el/1.30-1 alt-ergo/s390x/1.30-1 ara/1.0.33 belenios/1.4+dfsg-2 
ben/0.7.7 -botch/0.21-3 cairo-ocaml/amd64/1:1.2.0-6 cairo-ocaml/arm64/1:1.2.0-6 
cairo-ocaml/armel/1:1.2.0-6 cairo-ocaml/armhf/1:1.2.0-6 
cairo-ocaml/i386/1:1.2.0-6 cairo-ocaml/mips/1:1.2.0-6 
cairo-ocaml/mips64el/1:1.2.0-6 cairo-ocaml/mipsel/1:1.2.0-6 
cairo-ocaml/ppc64el/1:1.2.0-6 cairo-ocaml/s390x/1:1.2.0-6 
camlimages/amd64/1:4.2.0-1.1 camlimages/arm64/1:4.2.0-1.1 
camlimages/armel/1:4.2.0-1.1 camlimages/armhf/1:4.2.0-1.1 
camlimages/i386/1:4.2.0-1.1 camlimages/mips/1:4.2.0-1.1 
camlimages/mips64el/1:4.2.0-1.1 camlimages/mipsel/1:4.2.0-1.1 
camlimages/ppc64el/1:4.2.0-1.1 camlimages/s390x/1:4.2.0-1.1 camlp5/7.01-1 
camomile/0.8.5-1 cduce/amd64/0.6.0-5 cduce/arm64/0.6.0-5 cduce/armel/0.6.0-5 
cduce/armhf/0.6.0-5 cduce/i386/0.6.0-5 coinst/mips/1.9.3-1 
coinst/mips64el/1.9.3-1 coinst/mipsel/1.9.3-1 coinst/ppc64el/1.9.3-1 
coinst/s390x/1.9.3-1 coq/amd64/8.6-4 coq/arm64/8.6-4 coq/armel/8.6-4 
coq/armhf/8.6-4 coq/i386/8.6-4 coq/mips/8.6-4 coq/mips64el/8.6-4 
coq/mipsel/8.6-4 coq/ppc64el/8.6-4 coq/s390x/8.6-4 cryptokit/1.11-1 
dose3/5.0.1-9 eliom/amd64/4.2-3 eliom/arm64/4.2-3 eliom/armel/4.2-3 
eliom/armhf/4.2-3 eliom/i386/4.2-3 eliom/mips/4.2-3 eliom/mips64el/4.2-3 
eliom/mipsel/4.2-3 eliom/ppc64el/4.2-3 eliom/s390x/4.2-3 
frama-c/20161101+silicon+dfsg-6 freetennis/mips/0.4.8-10 
freetennis/mips64el/0.4.8-10 freetennis/mipsel/0.4.8-10 
freetennis/ppc64el/0.4.8-10 freetennis/s390x/0.4.8-10 galax/amd64/1.1-15 
galax/arm64/1.1-15 galax/armel/1.1-15 galax/armhf/1.1-15 galax/i386/1.1-15 
galax/mips/1.1-15 galax/mips64el/1.1-15 galax/mipsel/1.1-15 
galax/ppc64el/1.1-15 galax/s390x/1.1-15 -hol-light/20170109-1 
lablgtk-extras/amd64/1.5-1 lablgtk-extras/arm64/1.5-1 
lablgtk-extras/armel/1.5-1 lablgtk-extras/armhf/1.5-1 lablgtk-extras/i386/1.5-1 
lablgtk-extras/mips/1.5-1 lablgtk-extras/mips64el/1.5-1 
lablgtk-extras/mipsel/1.5-1 lablgtk-extras/ppc64el/1.5-1 
lablgtk-extras/s390x/1.5-1 lablgtk2/2.18.5+dfsg-1 lablgtkmathview/amd64/0.7.8-6 
lablgtkmathview/arm64/0.7.8-6 lablgtkmathview/armel/0.7.8-6 
lablgtkmathview/armhf/0.7.8-6 lablgtkmathview/i386/0.7.8-6 
lablgtkmathview/mips/0.7.8-6 lablgtkmathview/mips64el/0.7.8-6 
lablgtkmathview/mipsel/0.7.8-6 lablgtkmathview/ppc64el/0.7.8-6 
lablgtkmathview/s390x/0.7.8-6 laby/0.6.4-2 lambda-term/1.10.1-2 
ledit/amd64/2.03-5 ledit/arm64/2.03-5 ledit/armel/2.03-5 ledit/armhf/2.03-5 
ledit/i386/2.03-5 ledit/mips/2.03-5 ledit/mips64el/2.03-5 ledit/mipsel/2.03-5 
ledit/ppc64el/2.03-5 ledit/s390x/2.03-5 liquidsoap/mips/1.1.1-7.2 
liquidsoap/mips64el/1.1.1-7.2 liquidsoap/mipsel/1.1.1-7.2 
liquidsoap/ppc64el/1.1.1-7.2 liquidsoap/s390x/1.1.1-7.2 lwt/2.5.2-2 
monotone-viz/mips/1.0.2-4 monotone-viz/mips64el/1.0.2-4 
monotone-viz/mipsel/1.0.2-4 monotone-viz/ppc64el/1.0.2-4 
monotone-viz/s390x/1.0.2-4 nurpawiki/amd64/1.2.3-10 nurpawiki/arm64/1.2.3-10 
nurpawiki/armel/1.2.3-10 nurpawiki/armhf/1.2.3-10 nurpawiki/i386/1.2.3-10 
nurpawiki/mips/1.2.3-10 nurpawiki/mips64el/1.2.3-10 nurpawiki/mipsel/1.2.3-10 
nurpawiki/ppc64el/1.2.3-10 nurpawiki/s390x/1.2.3-10 ocaml-fileutils/0.5.2-1 
ocaml-gettext/0.3.7-1 ocaml-http/amd64/0.1.5-1 ocaml-http/arm64/0.1.5-1 
ocaml-http/armel/0.1.5-1 ocaml-http/armhf/0.1.5-1 ocaml-http/i386/0.1.5-1 
ocaml-lastfm/amd64/0.3.0-4 ocaml-lastfm/arm64/0.3.0-4 
ocaml-lastfm/armel/0.3.0-4 ocaml-lastfm/armhf/0.3.0-4 ocaml-lastfm/i386/0.3.0-4 
ocaml-mm/0.3.0-1 ocaml-ssl/0.5.3-1 ocamlbricks/amd64/0.90+bzr400-2 
ocamlbricks/arm64/0.90+bzr400-2 ocamlbricks/armel/0.90+bzr400-2 
ocamlbricks/armhf/0.90+bzr400-2 ocamlbricks/i386/0.90+bzr400-2 
ocamlbricks/mips/0.90+bzr400-2 ocamlbricks/mips64el/0.90+bzr400-2 
ocamlbricks/mipsel/0.90+bzr400-2 ocamlbricks/ppc64el/0.90+bzr400-2 
ocamlbricks/s390x/0.90+bzr400-2 ocamldap/amd64/2.1.8-10 ocamldap/arm64/2.1.8-10 
ocamldap/armel/2.1.8-10 ocamldap/armhf/2.1.8-10 ocamldap/i386/2.1.8-10 
ocamldap/mips/2.1.8-10 ocamldap/mips64el/2.1.8-10 ocamldap/mipsel/2.1.8-10 
ocamldap/ppc64el/2.1.8-10 ocamldap/s390x/2.1.8-10 ocamlgraph/amd64/1.8.6-1 
ocamlgraph/arm64/1.8.6-1 ocamlgraph/armel/1.8.6-1 ocamlgraph/armhf/1.8.6-1 
ocamlgraph/i386/1.8.6-1