Bug#855595: unblock: atheme-services/7.2.9

2017-02-23 Thread Niels Thykier 
Control: tags -1 confirmed

Antoine Beaupre:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package atheme-services
> 
> There is a security issue that was fixed in the upstream 7.2.8 package
> (#855588), which introduced a new security issue, which was fixed in
> the 7.2.9 package.
> 
> [...]
> 
> Attached is the debdiff against 7.2.7-1 (stretch/sid).
> 
> unblock atheme-services/7.2.9
> 
> [...]

Please go ahead with this, thanks.

~Niels

Bug#855595: unblock: atheme-services/7.2.9

2017-02-20 Thread Antoine Beaupre 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package atheme-services

There is a security issue that was fixed in the upstream 7.2.8 package
(#855588), which introduced a new security issue, which was fixed in
the 7.2.9 package.

7.2.8, unfortunately, includes unrelated changes, most notably:

  * email templates: Fix leading whitespace
  * atheme.conf.example: better highlight the pbkdf2v2 crypto module
  * pbkdf2v2: make digest and rounds configurable at runtime
  * memoserv: let user know (on identify and /away) when their inbox is full
  * memoserv: unregister hooks when unloading

Those are small convenience fixes, some of those that will make the
program cryptographically stronger for the lifetime of stretch. Others
are pure bugfixes...

I think it is worth shipping the latest upstream at this point, since
those changes are small. They also factor in two patches that I had to
include in the 7.2.7-1 upload to fix builds with OpenSSL 1.1, so it
actually reduces our difference with upstream.

Attached is the debdiff against 7.2.7-1 (stretch/sid).

unblock atheme-services/7.2.9

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: armhf

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru atheme-services-7.2.7/configure atheme-services-7.2.9/configure
--- atheme-services-7.2.7/configure 2016-10-08 12:58:57.0 -0400
+++ atheme-services-7.2.9/configure 2017-02-12 10:02:49.0 -0500
@@ -1,8 +1,8 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for atheme 7.2.7.
+# Generated by GNU Autoconf 2.69 for atheme 7.2.9.
 #
-# Report bugs to .
+# Report bugs to .
 #
 #
 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -267,7 +267,7 @@
 $as_echo "$0: be upgraded to zsh 4.3.4 or later."
   else
 $as_echo "$0: Please tell bug-autoc...@gnu.org and
-$0: https://github.com/atheme/atheme/issues about your
+$0: https://github.com/atheme/atheme/issues/ about your
 $0: system, including any error possibly output before this
 $0: message. Then install a modern shell, or manually run
 $0: the script under such a shell if you do have one."
@@ -580,9 +580,9 @@
 # Identity of this package.
 PACKAGE_NAME='atheme'
 PACKAGE_TARNAME='atheme'
-PACKAGE_VERSION='7.2.7'
-PACKAGE_STRING='atheme 7.2.7'
-PACKAGE_BUGREPORT='https://github.com/atheme/atheme/issues'
+PACKAGE_VERSION='7.2.9'
+PACKAGE_STRING='atheme 7.2.9'
+PACKAGE_BUGREPORT='https://github.com/atheme/atheme/issues/'
 PACKAGE_URL=''
 
 ac_default_prefix=~/atheme
@@ -1341,7 +1341,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures atheme 7.2.7 to adapt to many kinds of systems.
+\`configure' configures atheme 7.2.9 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1406,7 +1406,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
- short | recursive ) echo "Configuration of atheme 7.2.7:";;
+ short | recursive ) echo "Configuration of atheme 7.2.9:";;
esac
   cat <<\_ACEOF
 
@@ -1466,7 +1466,7 @@
 Use these variables to override the choices made by `configure' or to help
 it to find libraries and programs with nonstandard names/locations.
 
-Report bugs to .
+Report bugs to .
 _ACEOF
 ac_status=$?
 fi
@@ -1529,7 +1529,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-atheme configure 7.2.7
+atheme configure 7.2.9
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1688,9 +1688,9 @@
 $as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" 
>&2;}
 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the 
compiler's result" >&5
 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
-( $as_echo "## -- ##
-## Report this to https://github.com/atheme/atheme/issues ##
-## -- ##"
+( $as_echo "## --- ##
+## Report this to https://github.com/atheme/atheme/issues/ ##
+## --- ##"
  ) | sed "s/^/$as_me: WARNING: /" >&2
 ;;
 esac
@@ -2038,7 +2038,7 @@
 This file contains any messages produced by compilers while
 running configure, to