NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: postgresql-8.4_8.4.16-0squeeze1_amd64.changes
  ACCEPT
Processing changes file: postgresql-8.4_8.4.16-0squeeze1_armel.changes
  ACCEPT
Processing changes file: postgresql-8.4_8.4.16-0squeeze1_i386.changes
  ACCEPT
Processing changes file: postgresql-8.4_8.4.16-0squeeze1_ia64.changes
  ACCEPT
Processing changes file: postgresql-8.4_8.4.16-0squeeze1_kfreebsd-amd64.changes
  ACCEPT
Processing changes file: postgresql-8.4_8.4.16-0squeeze1_kfreebsd-i386.changes
  ACCEPT
Processing changes file: postgresql-8.4_8.4.16-0squeeze1_mips.changes
  ACCEPT
Processing changes file: postgresql-8.4_8.4.16-0squeeze1_mipsel.changes
  ACCEPT
Processing changes file: postgresql-8.4_8.4.16-0squeeze1_powerpc.changes
  ACCEPT
Processing changes file: postgresql-8.4_8.4.16-0squeeze1_s390.changes
  ACCEPT
Processing changes file: postgresql-8.4_8.4.16-0squeeze1_sparc.changes
  ACCEPT


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1u9mhh-0001xj...@franck.debian.org

Bug#701494: marked as done (nmu: xburst-tools_201206-1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 19:28:57 +
with message-id <1361647737.20752.30.ca...@jacala.jungle.funky-badger.org>
and subject line Re: Bug#701494: nmu: xburst-tools_201206-1
has caused the Debian Bug report #701494,
regarding nmu: xburst-tools_201206-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
701494: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701494
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

nmu xburst-tools_201206-1 . amd64 . -m "Rebuild in a clean Debian sid 
environment."

We still have eglibc 2.13 in sid ... so this was built in either
experimental or Ubuntu to produce

xburst-tools/amd64 unsatisfiable Depends: libc6 (>= 2.14)


Andreas
--- End Message ---
--- Begin Message ---
On Sat, 2013-02-23 at 20:20 +0100, Andreas Beckmann wrote:
> nmu xburst-tools_201206-1 . amd64 . -m "Rebuild in a clean Debian sid 
> environment."
> 
> We still have eglibc 2.13 in sid ... so this was built in either
> experimental or Ubuntu to produce
> 
> xburst-tools/amd64 unsatisfiable Depends: libc6 (>= 2.14)

Scheduled.

Regards,

Adam--- End Message ---

Bug#701494: nmu: xburst-tools_201206-1

[Andreas Beckmann]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

nmu xburst-tools_201206-1 . amd64 . -m "Rebuild in a clean Debian sid 
environment."

We still have eglibc 2.13 in sid ... so this was built in either
experimental or Ubuntu to produce

xburst-tools/amd64 unsatisfiable Depends: libc6 (>= 2.14)


Andreas


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20130223192036.30538.58775.report...@cake.ae.cs.uni-frankfurt.de

Re: Fixing "lucky 13" CVE-2013-0169 in gnutls28

[Andreas Metzler]

On 2013-02-23 Julien Cristau  wrote:
> The plan seems ok to me in general.

> On Sat, Feb 23, 2013 at 18:37:12 +0100, Andreas Metzler wrote:

>> +# workaround for guile testsuite failure.
>> +ifneq (,$(filter $(DEB_BUILD_ARCH),armel armhf mipsel))
>> +DEB_CONFIGURE_EXTRA_FLAGS += --disable-largefile
>> +endif
>> +

> Disabling lfs because of guile sounds fairly bad though, assuming this
> is what this does...

Hello,

it does set _FILE_OFFSET_BITS=32, to make sure that guile and gnutls-guile
have the same structure size. See 

for a little bit of backstory.

This sounds worse than it is, LFS is not really relevant for gnutls
itself, the files it accesses are generally < 1 MB. (See [1].) Also
gnutls used to be built with _FILE_OFFSET_BITS=32 automatically until
addition of some gnulib modules involuntarily enabled
_FILE_OFFSET_BITS=64.

Judging from the fact that 2.12.20 tarball does not include
largefile.m4 I guess the configure option is not necessary in 2.12.20.
- If you prefer to I can try without.

cu andreas

[1] http://lists.gnu.org/archive/html/bug-gnulib/2011-11/msg00084.html
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130223183314.gd3...@downhill.g.la

Re: Fixing "lucky 13" CVE-2013-0169 in gnutls28

[Julien Cristau]

The plan seems ok to me in general.

On Sat, Feb 23, 2013 at 18:37:12 +0100, Andreas Metzler wrote:

> +# workaround for guile testsuite failure.
> +ifneq (,$(filter $(DEB_BUILD_ARCH),armel armhf mipsel))
> + DEB_CONFIGURE_EXTRA_FLAGS += --disable-largefile
> +endif
> +

Disabling lfs because of guile sounds fairly bad though, assuming this
is what this does...

Cheers,
Julien


signature.asc
Description: Digital signature

Re: Fixing "lucky 13" CVE-2013-0169 in gnutls28

[Andreas Metzler]

On 2013-02-20 Dominique Dumont  wrote:
> Le dimanche 10 février 2013 16:26:40, Andreas Metzler a écrit :
 PS: My first idea was to simply pull gnutls28, providing guile-gnutls
 and gnutls-bin from gnutls26 again. However there is a reverse
 dependency (pan) on libgnutls28 in testing nowadays. Pan is not
 distributable currently http://bugs.debian.org/699892
 but that might still be fixed in time for the release.

> I've fixed the license bug by dropping SSL support from pan. pan no longer 
> depends on any libgnutls.

Hello,

the new pan upload should propagate to testing in a week.

Find attached a proposed patch to build both guile-gnutls and
gnutls-bin from gnutls26 instead of gnutls28 for wheezy. Would this be
acceptable for an unstable upload targeted for testing? Afterwards
gnutls28 could be pulled from wheezy.

cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
Warning: these package names were in the second list but not in the first:
--
gnutls-bin
guile-gnutls

[The following lists of changes regard files as different if they have
different names, permissions or owners.]

Files only in first set of .debs, found in package libgnutls26-dbg
--
-rwxr-xr-x  root/root   /usr/lib/i386-linux-gnu/libgnutls26/certtool
-rwxr-xr-x  root/root   /usr/lib/i386-linux-gnu/libgnutls26/gnutls-cli
-rwxr-xr-x  root/root   /usr/lib/i386-linux-gnu/libgnutls26/gnutls-cli-debug
-rwxr-xr-x  root/root   /usr/lib/i386-linux-gnu/libgnutls26/gnutls-serv
-rwxr-xr-x  root/root   /usr/lib/i386-linux-gnu/libgnutls26/p11tool
-rwxr-xr-x  root/root   /usr/lib/i386-linux-gnu/libgnutls26/psktool
-rwxr-xr-x  root/root   /usr/lib/i386-linux-gnu/libgnutls26/srptool

New files in second set of .debs, found in package gnutls-bin
-
-rw-r--r--  root/root   /usr/share/doc/gnutls-bin/AUTHORS.gz
-rw-r--r--  root/root   /usr/share/doc/gnutls-bin/NEWS.gz
-rw-r--r--  root/root   /usr/share/doc/gnutls-bin/README.gz
-rw-r--r--  root/root   /usr/share/doc/gnutls-bin/THANKS.gz
-rw-r--r--  root/root   /usr/share/doc/gnutls-bin/changelog.Debian.gz
-rw-r--r--  root/root   /usr/share/doc/gnutls-bin/changelog.gz
-rw-r--r--  root/root   /usr/share/doc/gnutls-bin/copyright
-rw-r--r--  root/root   /usr/share/doc/gnutls-bin/examples/certtool.cfg
-rw-r--r--  root/root   /usr/share/man/man1/certtool.1.gz
-rw-r--r--  root/root   /usr/share/man/man1/gnutls-cli-debug.1.gz
-rw-r--r--  root/root   /usr/share/man/man1/gnutls-cli.1.gz
-rw-r--r--  root/root   /usr/share/man/man1/gnutls-serv.1.gz
-rw-r--r--  root/root   /usr/share/man/man1/p11tool.1.gz
-rw-r--r--  root/root   /usr/share/man/man1/psktool.1.gz
-rw-r--r--  root/root   /usr/share/man/man1/srptool.1.gz
-rwxr-xr-x  root/root   /usr/bin/certtool
-rwxr-xr-x  root/root   /usr/bin/gnutls-cli
-rwxr-xr-x  root/root   /usr/bin/gnutls-cli-debug
-rwxr-xr-x  root/root   /usr/bin/gnutls-serv
-rwxr-xr-x  root/root   /usr/bin/p11tool
-rwxr-xr-x  root/root   /usr/bin/psktool
-rwxr-xr-x  root/root   /usr/bin/srptool

New files in second set of .debs, found in package guile-gnutls
---
-rw-r--r--  root/root   /usr/lib/i386-linux-gnu/libguile-gnutls-extra-v-1.so.0.0.0
-rw-r--r--  root/root   /usr/lib/i386-linux-gnu/libguile-gnutls-v-1.so.0.0.0
-rw-r--r--  root/root   /usr/share/doc/guile-gnutls/AUTHORS.gz
-rw-r--r--  root/root   /usr/share/doc/guile-gnutls/NEWS.gz
-rw-r--r--  root/root   /usr/share/doc/guile-gnutls/README.Debian
-rw-r--r--  root/root   /usr/share/doc/guile-gnutls/README.gz
-rw-r--r--  root/root   /usr/share/doc/guile-gnutls/THANKS.gz
-rw-r--r--  root/root   /usr/share/doc/guile-gnutls/changelog.Debian.gz
-rw-r--r--  root/root   /usr/share/doc/guile-gnutls/changelog.gz
-rw-r--r--  root/root   /usr/share/doc/guile-gnutls/copyright
-rw-r--r--  root/root   /usr/share/guile/site/gnutls.scm
-rw-r--r--  root/root   /usr/share/guile/site/gnutls/extra.scm
-rw-r--r--  root/root   /usr/share/lintian/overrides/guile-gnutls
lrwxrwxrwx  root/root   /usr/lib/i386-linux-gnu/libguile-gnutls-extra-v-1.so -> libguile-gnutls-extra-v-1.so.0.0.0
lrwxrwxrwx  root/root   /usr/lib/i386-linux-gnu/libguile-gnutls-extra-v-1.so.0 -> libguile-gnutls-extra-v-1.so.0.0.0
lrwxrwxrwx  root/root   /usr/lib/i386-linux-gnu/libguile-gnutls-v-1.so -> libguile-gnutls-v-1.so.0.0.0
lrwxrwxrwx  root/root   /usr/lib/i386-linux-gnu/libguile-gnutls-v-1.so.0 -> libguile-gnutls-v-1.so.0.0.0

New files in second set of .debs, found in package libgnutls26-dbg
--
-rw-r--r--  root/root   /usr/lib/debug/usr/bin/certtool
-rw-r--r--  root/root   /usr/lib/debug/usr/bin/gnutls-cli
-rw-r--r--  root/root   /usr/lib/debug/usr/bin/gnutls-cli-

Processed: Re: Bug#701476: unblock: nagios-nrpe/2.13-2

[Debian Bug Tracking System]

Processing control commands:

> reopen -1
Bug #701476 {Done: Niels Thykier } [release.debian.org] 
unblock: nagios-nrpe/2.13-2
Bug reopened
Ignoring request to alter fixed versions of bug #701476 to the same values 
previously set

-- 
701476: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701476
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/handler.s.b701476.13616385574238.transcr...@bugs.debian.org

Bug#701476: unblock: nagios-nrpe/2.13-2

[Niels Thykier]

Control: reopen -1

On 2013-02-23 17:45, Alexander Wirt wrote:
> Thijs Kinkhorst schrieb am Saturday, den 23. February 2013:
> 
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian@packages.debian.org
>> Usertags: unblock
>>
>> Dear release team,
>>
>> Please unblock package nagios-nrpe.
>>
>> The update is documentation only. It's done to address #547092: SSL support
>> is fundamentally broken in NRPE, which cannot be fixed easily (breaking
>> the protocol and hence compatibility with non-Debian npre hosts),
>>
>> The update changes the documentation to warn against using the option. This
>> downgrades the bug to an important functionality problem, but not RC since
>> NRPE is usable securely without SSL in many cases.
>>
>> unblock nagios-nrpe/2.13-2
> Hold on please :). We agreed on IRC earlier that morning to wait for the
> coming security update.
> 
> Thanks
> Alex
> 
> 

Alright, un-unblocked.

~Niels


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/5128f494.3080...@thykier.net

Bug#701476: unblock: nagios-nrpe/2.13-2

[Alexander Wirt]

Thijs Kinkhorst schrieb am Saturday, den 23. February 2013:

> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Dear release team,
> 
> Please unblock package nagios-nrpe.
> 
> The update is documentation only. It's done to address #547092: SSL support
> is fundamentally broken in NRPE, which cannot be fixed easily (breaking
> the protocol and hence compatibility with non-Debian npre hosts),
> 
> The update changes the documentation to warn against using the option. This
> downgrades the bug to an important functionality problem, but not RC since
> NRPE is usable securely without SSL in many cases.
> 
> unblock nagios-nrpe/2.13-2
Hold on please :). We agreed on IRC earlier that morning to wait for the
coming security update.

Thanks
Alex


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130223164533.gb24...@lisa.snow-crash.org

Bug#701476: marked as done (unblock: nagios-nrpe/2.13-2)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 17:11:32 +0100
with message-id <5128ea34.3000...@thykier.net>
and subject line Re: Bug#701476: unblock: nagios-nrpe/2.13-2
has caused the Debian Bug report #701476,
regarding unblock: nagios-nrpe/2.13-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
701476: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701476
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

Please unblock package nagios-nrpe.

The update is documentation only. It's done to address #547092: SSL support
is fundamentally broken in NRPE, which cannot be fixed easily (breaking
the protocol and hence compatibility with non-Debian npre hosts),

The update changes the documentation to warn against using the option. This
downgrades the bug to an important functionality problem, but not RC since
NRPE is usable securely without SSL in many cases.

unblock nagios-nrpe/2.13-2


Thanks,
Thijs
--- End Message ---
--- Begin Message ---
On 2013-02-23 16:59, Thijs Kinkhorst wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Dear release team,
> 
> Please unblock package nagios-nrpe.
> 
> The update is documentation only. It's done to address #547092: SSL support
> is fundamentally broken in NRPE, which cannot be fixed easily (breaking
> the protocol and hence compatibility with non-Debian npre hosts),
> 
> The update changes the documentation to warn against using the option. This
> downgrades the bug to an important functionality problem, but not RC since
> NRPE is usable securely without SSL in many cases.
> 
> unblock nagios-nrpe/2.13-2
> 
> 
> Thanks,
> Thijs
> 
> 

Unblocked, thanks.

~Niels--- End Message ---

Bug#701476: unblock: nagios-nrpe/2.13-2

[Thijs Kinkhorst]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

Please unblock package nagios-nrpe.

The update is documentation only. It's done to address #547092: SSL support
is fundamentally broken in NRPE, which cannot be fixed easily (breaking
the protocol and hence compatibility with non-Debian npre hosts),

The update changes the documentation to warn against using the option. This
downgrades the bug to an important functionality problem, but not RC since
NRPE is usable securely without SSL in many cases.

unblock nagios-nrpe/2.13-2


Thanks,
Thijs


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20130223155911.7129.91132.reportbug@localhost.localdomain

Bug#700872: marked as done (unblock: dh-make-drupal/1.3-1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 16:03:16 +
with message-id <1361635396.20752.28.ca...@jacala.jungle.funky-badger.org>
and subject line Re: Bug#700872: unblock: dh-make-drupal/1.3-1
has caused the Debian Bug report #700872,
regarding unblock: dh-make-drupal/1.3-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700872: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700872
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package dh-make-drupal

I received a bug report/pull request via GitHub¹ explaining that
drupal.org no longer serves requests lacking a User-Agent string. This
version fixes that problem and adds more descriptive error reporting,
and a very simple modification allowing it to be run in Squeeze
systems (debhelper >> 8.0.0 to >= 8.0.0).

¹ https://github.com/gwolf/dh-make-drupal/pull/2

Full diff between 1.2-1 and 1.3-1 follows.

diff --git a/changelog.txt b/changelog.txt
index 017964c..7294924 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -1,3 +1,11 @@
+1.3 (2013-02-18)
+ * Thanks to Stefan Kangas - This release is basically a pull request
+   of his work (https://github.com/gwolf/dh-make-drupal/pull/2)
+ * Provide a User-Agent to keep working despite drupal.org's new
+   restrictions
+ * Show the OpenURI::HTTPError exception reasons
+ * Fix the generated Build-Depends to work correctly on Squeeze
+
 1.2 (2012-08-13)
  * "Switch '-d' (Drupal version) was not accepting its needed argument.
Fixed, thanks  to Matthew Gabeler-Lee for the report
diff --git a/debian/changelog b/debian/changelog
index 66b44c7..dc3f979 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+dh-make-drupal (1.3-1) unstable; urgency=low
+
+  * Merging Stefan Kangas' pull request - Thanks!
+  * Provide a User-Agent to keep working despite drupal.org's new
+restrictions
+  * Show the OpenURI::HTTPError exception reasons
+  * Fix the generated Build-Depends to work correctly on Squeeze
+
+ -- Gunnar Wolf   Mon, 18 Feb 2013 12:07:02 -0600
+
 dh-make-drupal (1.2-1) unstable; urgency=low
 
   * Switch '-d' (Drupal version) was not accepting its needed argument -
diff --git a/dh-make-drupal b/dh-make-drupal
index b011b18..650e967 100755
--- a/dh-make-drupal
+++ b/dh-make-drupal
@@ -5,7 +5,7 @@
 #
 # Creates Debian packages from Drupal projects (modules, themes, translations).
 
-Version = '1.0'
+Version = '1.3'
 Author = 'Gunnar Wolf '
 Copyright = <' % [@maint_name, @maint_mail],
- 'Build-Depends: debhelper (>> 8.0.0)',
+ 'Build-Depends: debhelper (>= 8.0.0)',
  'Standards-Version: 3.9.3',
  'Homepage: %s' % @project.url,
  '',
@@ -648,9 +648,9 @@ module DrupalProject
   auth = self.new
 
   begin
-doc = Hpricot(open(url))
+doc = Hpricot(open(url, 'User-Agent' => "dh-make-drupal %s" % 
[Version]))
   rescue OpenURI::HTTPError
-raise IOError, "Could not open author information site at #{url}"
+raise IOError, "Could not open author information site at #{url}: " + 
$!
   end
   auth.info_url = url
   auth.name = doc.search('dd.profile-profile_full_name').inner_text
@@ -671,9 +671,9 @@ module DrupalProject
   Logger.instance.debug "Fetching project information from #{@url}"
 
   begin
-@html = Hpricot(open(@url))
+@html = Hpricot(open(@url, 'User-Agent' => "dh-make-drupal %s" % 
[Version]))
   rescue OpenURI::HTTPError
-raise IOError, "Could not open #{name} project website at #{@url}"
+raise IOError, "Could not open #{name} project website at #{@url}: " + 
$!
   end
 
   # Get the project description. Fetch only the first paragraph -
@@ -883,9 +883,10 @@ module DrupalProject
   raise Errno::EEXIST, "Destination filename for source tarball "+
 "(#{dest_file}) already exists. Cannot continue."
 end
-File.open(dest_file, 'w') {|f| f.write open(url).read}
+File.open(dest_file, 'w') {|f|
+  f.write open(url, 'User-Agent' => "dh-make-drupal %s" % 
[Version]).read}
   rescue OpenURI::HTTPError
-Logger.instance.error "Requested URI #{url} could not be retreived"
+Logger.instance.error "Requested URI #{url} could not be retreived: " 
+ $!
   end
 end
 


unblock dh-make-drupal/1.3-1

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd6

Bug#700928: marked as done (unblock: ruby-activeldap/1.2.4-3)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 15:59:59 +
with message-id <1361635199.20752.27.ca...@jacala.jungle.funky-badger.org>
and subject line Re: Bug#700928: unblock: ruby-activeldap/1.2.4-3
has caused the Debian Bug report #700928,
regarding unblock: ruby-activeldap/1.2.4-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700928: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700928
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal


Coin,

When the previous version was uploaded, it worked. Currently, the i18n 
code crash, which is probably due to changes in the Ruby/Rails i18n 
classes which happened last year. Depending on the combination of 
ruby-gettext/ruby-fastgettext installed on your system, it might not 
crash (probably when none are), but i'm not going into lenghty digging 
and patching. Nevertheless, po files (yes, not mo) are missing, and this 
is a packaging bug.


Thus, I made the package install those missing po files, and made 2 
tiny one-liner patches to fix the po path and a misnamed locale name. 
These are trivial fixes (see debdiff attached), so i do think it should 
be allowed in wheezy. It was found late (two days ago) because i was not 
actively using this lib these last few months and noone complained.


Command:
  unblock ruby-activeldap/1.2.4-3

Regards.

--
Marc Dequènesdiff -Nru ruby-activeldap-1.2.4/debian/changelog ruby-activeldap-1.2.4/debian/changelog
--- ruby-activeldap-1.2.4/debian/changelog	2012-06-30 18:12:40.0 +0200
+++ ruby-activeldap-1.2.4/debian/changelog	2013-02-18 01:57:33.0 +0100
@@ -1,3 +1,10 @@
+ruby-activeldap (1.2.4-3) unstable; urgency=low
+
+  * Fixed translation files not installed.
+  * Added patch to fix loading japanese translations.
+
+ -- Marc Dequènes (Duck)   Mon, 18 Feb 2013 00:30:42 +0100
+
 ruby-activeldap (1.2.4-2) unstable; urgency=low
 
   * Bump build dependency on gem2deb to >= 0.3.0~.
diff -Nru ruby-activeldap-1.2.4/debian/patches/gettext_misnamed_locale ruby-activeldap-1.2.4/debian/patches/gettext_misnamed_locale
--- ruby-activeldap-1.2.4/debian/patches/gettext_misnamed_locale	1970-01-01 01:00:00.0 +0100
+++ ruby-activeldap-1.2.4/debian/patches/gettext_misnamed_locale	2013-02-18 01:54:30.0 +0100
@@ -0,0 +1,13 @@
+Index: ruby-activeldap/lib/active_ldap/get_text_support.rb
+===
+--- ruby-activeldap.orig/lib/active_ldap/get_text_support.rb	2013-02-18 01:53:36.122949120 +0100
 ruby-activeldap/lib/active_ldap/get_text_support.rb	2013-02-18 01:54:26.370702741 +0100
+@@ -12,7 +12,7 @@
+   include(GetText::Translation)
+   po_dir = "/usr/share/ruby-activeldap/po"
+   GetText.add_text_domain('active-ldap', :path => po_dir, :type => :po)
+-  GetText.default_available_locales = ['en', 'jp']
++  GetText.default_available_locales = ['en', 'ja']
+   GetText.default_text_domain = "active-ldap"
+ end
+   end
diff -Nru ruby-activeldap-1.2.4/debian/patches/gettext_po_path ruby-activeldap-1.2.4/debian/patches/gettext_po_path
--- ruby-activeldap-1.2.4/debian/patches/gettext_po_path	1970-01-01 01:00:00.0 +0100
+++ ruby-activeldap-1.2.4/debian/patches/gettext_po_path	2013-02-18 01:44:19.0 +0100
@@ -0,0 +1,14 @@
+Index: ruby-activeldap/lib/active_ldap/get_text_support.rb
+===
+--- ruby-activeldap.orig/lib/active_ldap/get_text_support.rb	2013-02-18 00:29:52.0 +0100
 ruby-activeldap/lib/active_ldap/get_text_support.rb	2013-02-18 01:43:07.658020919 +0100
+@@ -10,8 +10,7 @@
+   def included(base)
+ base.class_eval do
+   include(GetText::Translation)
+-  po_dir = File.join(File.dirname(__FILE__), "..", "..", "po")
+-  po_dir = File.expand_path(po_dir)
++  po_dir = "/usr/share/ruby-activeldap/po"
+   GetText.add_text_domain('active-ldap', :path => po_dir, :type => :po)
+   GetText.default_available_locales = ['en', 'jp']
+   GetText.default_text_domain = "active-ldap"
diff -Nru ruby-activeldap-1.2.4/debian/patches/series ruby-activeldap-1.2.4/debian/patches/series
--- ruby-activeldap-1.2.4/debian/patches/series	2011-07-28 18:55:58.0 +0200
+++ ruby-activeldap-1.2.4/debian/patches/series	2013-02-18 01:54:10.0 +0100
@@ -1 +1,3 @@
 gem_sux
+gettext_po_path
+gettext_misnamed_locale
diff -Nru ruby-activeldap-1.2.4/

Bug#701006: marked as done (unblock: fonts-takao/003.02.01-7.1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 15:47:06 +
with message-id <1361634426.20752.26.ca...@jacala.jungle.funky-badger.org>
and subject line Re: Bug#701006: unblock: fonts-takao/003.02.01-7.1
has caused the Debian Bug report #701006,
regarding unblock: fonts-takao/003.02.01-7.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
701006: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701006
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package fonts-takao

fonts-takao dos not clean up obsolete ttf-japanese-*.tff alternatives on
upgrades from squeeze.

  * fonts-takao-mincho.preinst: Fix OTF alternative cleanup.
  * ttf-takao-*.preinst: Unregister the ttf-japanese-*.ttf alternatives.
  * fonts-takao-*.preinst: Clean up the ttf-japanese-*.ttf alternatives set up
by ttf-takao-* in squeeze. This needs to be done in fonts-takao-* as well
since there is no guarantee that the transitional ttf-takao-* packages
were installed and did clean this up. Since new installations of
fonts-takao-* cannot be distinguished from "upgrades" from ttf-takao-*
this needs to be run on new installations, too.  (Closes: #700054)

Andreas

unblock fonts-takao/003.02.01-7.1
diffstat for fonts-takao-003.02.01 fonts-takao-003.02.01

 changelog  |   14 ++
 fonts-takao-gothic.preinst |8 ++--
 fonts-takao-mincho.preinst |   12 +++-
 ttf-takao-gothic.preinst   |   13 +
 ttf-takao-mincho.preinst   |   13 +
 5 files changed, 53 insertions(+), 7 deletions(-)

diff -Nru fonts-takao-003.02.01/debian/changelog fonts-takao-003.02.01/debian/changelog
--- fonts-takao-003.02.01/debian/changelog	2012-06-12 21:14:12.0 +0200
+++ fonts-takao-003.02.01/debian/changelog	2013-02-11 14:37:01.0 +0100
@@ -1,3 +1,17 @@
+fonts-takao (003.02.01-7.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * fonts-takao-mincho.preinst: Fix OTF alternative cleanup.
+  * ttf-takao-*.preinst: Unregister the ttf-japanese-*.ttf alternatives.
+  * fonts-takao-*.preinst: Clean up the ttf-japanese-*.ttf alternatives set up
+by ttf-takao-* in squeeze. This needs to be done in fonts-takao-* as well
+since there is no guarantee that the transitional ttf-takao-* packages
+were installed and did clean this up. Since new installations of
+fonts-takao-* cannot be distinguished from "upgrades" from ttf-takao-*
+this needs to be run on new installations, too.  (Closes: #700054)
+
+ -- Andreas Beckmann   Mon, 11 Feb 2013 14:36:53 +0100
+
 fonts-takao (003.02.01-7) unstable; urgency=low
 
   * debian/rules
diff -Nru fonts-takao-003.02.01/debian/fonts-takao-gothic.preinst fonts-takao-003.02.01/debian/fonts-takao-gothic.preinst
--- fonts-takao-003.02.01/debian/fonts-takao-gothic.preinst	2011-09-23 06:47:55.0 +0200
+++ fonts-takao-003.02.01/debian/fonts-takao-gothic.preinst	2013-02-11 14:37:20.0 +0100
@@ -7,9 +7,10 @@
 OLD_ALT_NAME="ttf-japanese-gothic"
 FONT_ENTRY_OTF="/usr/share/fonts/opentype/takao/TakaoPGothic.otf"
 
-CHECK_VERSION=003.02.01-5
+CHECK_VERSION=003.02.01-7.1
 FONT_ENTRY="/usr/share/fonts/truetype/takao/TakaoPGothic.ttf"
 
+
 check_broken_ttf_japanese_gothic()
 {
 update-alternatives --remove \
@@ -17,13 +18,16 @@
  $FONT_ENTRY_OTF
 }
 
+
 case "$1" in
 install|upgrade)
 	if [ -f $FONT_ENTRY_OTF ]; then
 	  check_broken_ttf_japanese_gothic
 	fi
 
-if dpkg --compare-versions "$2" lt-nl "$CHECK_VERSION"; then
+# do this on new installations, too, as these could be "upgrades"
+# from ttf-takao-gothic
+if dpkg --compare-versions "$2" lt "$CHECK_VERSION~"; then
   update-alternatives --remove $OLD_ALT_NAME.ttf $FONT_ENTRY
 fi
 
diff -Nru fonts-takao-003.02.01/debian/fonts-takao-mincho.preinst fonts-takao-003.02.01/debian/fonts-takao-mincho.preinst
--- fonts-takao-003.02.01/debian/fonts-takao-mincho.preinst	2011-09-23 06:47:55.0 +0200
+++ fonts-takao-003.02.01/debian/fonts-takao-mincho.preinst	2013-02-11 14:37:39.0 +0100
@@ -7,8 +7,8 @@
 OLD_ALT_NAME="ttf-japanese-mincho"
 FONT_ENTRY_OTF="/usr/share/fonts/opentype/takao/TakaoPMincho.otf"
 
-CHECK_VERSION=003.02.01-5
-FONT_ENTRY="/usr/share/fonts/opentype/takao/TakaoPMincho.ttf"
+CHECK_VERSION=003.02.01-7.1
+FONT_ENTRY="/usr/share/fonts/truetype/takao/TakaoPMincho.ttf"
 
 
 check_broken_ttf_japanese_mincho()
@@ -19,16 +19,18 @@
 }
 
 
-
 case "$1" in
 install|up

Bug#701474: marked as done (unblock: drupal7/7.14-2)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 15:41:09 +
with message-id <1361634069.20752.24.ca...@jacala.jungle.funky-badger.org>
and subject line Re: Bug#701474: unblock: drupal7/7.14-2
has caused the Debian Bug report #701474,
regarding unblock: drupal7/7.14-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
701474: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701474
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package drupal7

7.14-2 backports the patch between 7.19 and 7.20, which fixes one
DoS vulnerability in image derivatives generation:

http://drupal.org/SA-CORE-2013-002

Additionaly it removes a false warning for security issues fixed upstream
and integrated in Debian security patches:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700545

I'm including a debdiff against drupal7_7.14-1.3 currently in testing.

unblock drupal7/7.14-2

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

diff -Nru drupal7-7.14/debian/changelog drupal7-7.14/debian/changelog
--- drupal7-7.14/debian/changelog   2013-01-29 19:22:30.0 +0100
+++ drupal7-7.14/debian/changelog   2013-02-23 16:25:12.0 +0100
@@ -1,3 +1,18 @@
+drupal7 (7.14-2) unstable; urgency=high
+
+  [ Luigi Gangitano ]
+  * Urgency high due to security fixes
+
+  * Acknowledge NMUs from Gunnar Wolf
+
+  * Incorporated fix for DoS on image derivative generation
+(Ref: SA-CORE-2013-002, CVE-2013-0316) (Closes: #701165)
+
+  * Removed update warnings for Drupal core, since security fixes are provided
+by Debian updates. (Closes: #700545)
+
+ -- Luigi Gangitano   Sat, 23 Feb 2013 15:12:35 +0100
+
 drupal7 (7.14-1.3) unstable; urgency=low
 
   * Non-maintainer upload.
diff -Nru drupal7-7.14/debian/patches/70_SA-CORE-2013-002 
drupal7-7.14/debian/patches/70_SA-CORE-2013-002
--- drupal7-7.14/debian/patches/70_SA-CORE-2013-002 1970-01-01 
01:00:00.0 +0100
+++ drupal7-7.14/debian/patches/70_SA-CORE-2013-002 2013-02-23 
16:16:02.0 +0100
@@ -0,0 +1,440 @@
+Origin: backport (diff between 7.19 and 7.20)
+Forwarded: not-needed
+From: Luigi Gangitano 
+Last-Update: 2013-02-23
+Applied-Upstream: Yes
+Description: Fixes SA_CORE-2013-002 (DoS)
+ This patch is taken from the diff between 7.19 and 7.20, applying it
+ to the currently frozen version (7.14). For further details, the
+ advisory is in:
+ .
+ http://drupal.org/SA-CORE-2013-002
+
+--- a/modules/image/image.module
 b/modules/image/image.module
+@@ -30,11 +30,16 @@
+  */
+ define('IMAGE_STORAGE_MODULE', IMAGE_STORAGE_OVERRIDE | 
IMAGE_STORAGE_DEFAULT);
+ 
++/**
++ * The name of the query parameter for image derivative tokens.
++ */
++define('IMAGE_DERIVATIVE_TOKEN', 'itok');
++
+ // Load all Field module hooks for Image.
+ require_once DRUPAL_ROOT . '/modules/image/image.field.inc';
+ 
+ /**
+- * Implement of hook_help().
++ * Implements hook_help().
+  */
+ function image_help($path, $arg) {
+   switch ($path) {
+@@ -766,16 +771,24 @@
+  *   The image style
+  */
+ function image_style_deliver($style, $scheme) {
+-  // Check that the style is defined and the scheme is valid.
+-  if (!$style || !file_stream_wrapper_valid_scheme($scheme)) {
+-drupal_exit();
+-  }
+-
+   $args = func_get_args();
+   array_shift($args);
+   array_shift($args);
+   $target = implode('/', $args);
+ 
++  // Check that the style is defined, the scheme is valid, and the image
++  // derivative token is valid. (Sites which require image derivatives to be
++  // generated without a token can set the 'image_allow_insecure_derivatives'
++  // variable to TRUE to bypass the latter check, but this will increase the
++  // site's vulnerability to denial-of-service attacks.)
++  $valid = !empty($style) && file_stream_wrapper_valid_scheme($scheme);
++  if (!variable_get('image_allow_insecure_derivatives', FALSE)) {
++$valid = $valid && isset($_GET[IMAGE_DERIVATIVE_TOKEN]) && 
$_GET[IMAGE_DERIVATIVE_TOKEN] === image_style_path_token($style['name'], 
$scheme . '://' . $target);
++  }
++  if (!$valid) {
++return MENU_ACCESS_DENIED;
++  }
++
+   $image_uri = $scheme . '://' . $target;
+   $derivative_uri = image_style_path($style['name'], $image_uri);
+ 
+@@ -960,6 +973,10 @@
+  */
+ function image_style_url($style_na

Bug#701077: marked as done (unblock: vidalia/0.2.20-2)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 15:44:04 +
with message-id <1361634244.20752.25.ca...@jacala.jungle.funky-badger.org>
and subject line Re: Bug#701077: unblock: vidalia/0.2.20-2
has caused the Debian Bug report #701077,
regarding unblock: vidalia/0.2.20-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
701077: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701077
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package vidalia.

Compared to the version in Wheezy, 0.2.20-2 brings two selected upstream commits
cherry-picked to fix important usability issues (#699178 and #699179).

The upstream release I cherry-picked the commits from was out last July, and the
updated package has been in sid since 18 days with no reported regression, so it
looks like a relatively safe update for Wheezy.

unblock vidalia/0.2.20-2

Cheers!

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (990, 'testing'), (1, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.7-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru vidalia-0.2.20/debian/changelog vidalia-0.2.20/debian/changelog
--- vidalia-0.2.20/debian/changelog	2012-07-14 07:19:30.0 +0200
+++ vidalia-0.2.20/debian/changelog	2013-02-02 17:02:10.0 +0100
@@ -1,3 +1,15 @@
+vidalia (0.2.20-2) unstable; urgency=low
+
+  * New patches cherry-picked from upstream 0.2.21:
+- Fix-wrong-uptime-bandwidth-in-relay-list.patch (Closes: #699178)
+  This is upstream commit b3d4f7f with the changes/* file removed.
+- Populate-the-relay-list-at-startup.patch (Closes: #699179)
+  This is taken from upstream commit b00f51dc, but with the fix for
+  upstream Trac#6482 (that doesn't seem worth a freeze exception) and
+  the changes/* file removed.
+
+ -- intrigeri   Sat, 02 Feb 2013 17:02:01 +0100
+
 vidalia (0.2.20-1) unstable; urgency=low
 
   [ Ulises Vitulli ]
diff -Nru vidalia-0.2.20/debian/patches/Fix-wrong-uptime-bandwidth-in-relay-list.patch vidalia-0.2.20/debian/patches/Fix-wrong-uptime-bandwidth-in-relay-list.patch
--- vidalia-0.2.20/debian/patches/Fix-wrong-uptime-bandwidth-in-relay-list.patch	1970-01-01 01:00:00.0 +0100
+++ vidalia-0.2.20/debian/patches/Fix-wrong-uptime-bandwidth-in-relay-list.patch	2013-02-02 17:02:10.0 +0100
@@ -0,0 +1,52 @@
+From: intrigeri 
+Date: Mon, 28 Jan 2013 17:24:47 +0100
+Subject: Fix wrong uptime/bandwidth in relay list (Closes: #699178).
+
+This is upstream commit b3d4f7f with the changes/* file removed.
+---
+ src/torcontrol/RouterDescriptor.cpp  |7 ---
+ src/vidalia/network/RouterDescriptorView.cpp |8 +---
+ 2 files changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/src/torcontrol/RouterDescriptor.cpp b/src/torcontrol/RouterDescriptor.cpp
+index 26051c1..2c2b147 100644
+--- a/src/torcontrol/RouterDescriptor.cpp
 b/src/torcontrol/RouterDescriptor.cpp
+@@ -106,7 +106,8 @@ RouterDescriptor::appendRouterStatusInfo(const RouterStatus &rs)
+   _ip = rs.ipAddress();
+   _orPort = rs.orPort();
+   _dirPort = rs.dirPort();
+-  _avgBandwidth = rs.bandwidth();
+-  _burstBandwidth = rs.bandwidth();
+-  _observedBandwidth = rs.bandwidth();
++  _avgBandwidth = rs.bandwidth() * 1024;
++  _burstBandwidth = rs.bandwidth() * 1024;
++  _observedBandwidth = rs.bandwidth() * 1024;
++  _published = rs.published();
+ }
+diff --git a/src/vidalia/network/RouterDescriptorView.cpp b/src/vidalia/network/RouterDescriptorView.cpp
+index bb4b19d..8700612 100644
+--- a/src/vidalia/network/RouterDescriptorView.cpp
 b/src/vidalia/network/RouterDescriptorView.cpp
+@@ -106,7 +106,8 @@ RouterDescriptorView::display(QList rdlist)
+ 
+ /* Add the IP address and router platform information */
+ html.append(trow(tcol(b(tr("IP Address:"))) + tcol(rd.ip().toString(;
+-html.append(trow(tcol(b(tr("Platform:")))   + tcol(rd.platform(;
++if (!rd.platform().isEmpty())
++  html.append(trow(tcol(b(tr("Platform:")))   + tcol(rd.platform(;
+ 
+ /* If the router is online, then show the uptime and bandwidth stats. */
+ if (!rd.offline()) {
+@@ -121,8 +122,9 @@ RouterDescriptorView::display(QList rdlist)
+ }
+ 
+ /* Date the router was published */
+-html.append(trow(tcol(b(tr("Last Updated:")))  +
+- tcol(string_format_datetime(rd.published()) + " GMT")));
++if (!rd.p

Bug#701002: marked as done (nmu: fpgatools_0.0+201212-1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 15:37:01 +
with message-id <1361633821.20752.23.ca...@jacala.jungle.funky-badger.org>
and subject line Re: Bug#701002: nmu: fpgatools_0.0+201212-1
has caused the Debian Bug report #701002,
regarding nmu: fpgatools_0.0+201212-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
701002: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701002
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

nmu fpgatools_0.0+201212-1 . amd64 . -m "Rebuild in a clean Debian sid 
environment."

libfpga0/amd64 unsatisfiable Depends: libc6 (>= 2.14)

Once again a package built on Ubuntu (or experimental) was uploaded to
sid ...


Andreas
--- End Message ---
--- Begin Message ---
On Wed, 2013-02-20 at 11:11 +0100, Andreas Beckmann wrote:
> nmu fpgatools_0.0+201212-1 . amd64 . -m "Rebuild in a clean Debian sid 
> environment."
> 
> libfpga0/amd64 unsatisfiable Depends: libc6 (>= 2.14)

Scheduled.

Regards,

Adam--- End Message ---

Bug#701474: unblock: drupal7/7.14-2

[Luigi Gangitano]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package drupal7

7.14-2 backports the patch between 7.19 and 7.20, which fixes one
DoS vulnerability in image derivatives generation:

http://drupal.org/SA-CORE-2013-002

Additionaly it removes a false warning for security issues fixed upstream
and integrated in Debian security patches:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700545

I'm including a debdiff against drupal7_7.14-1.3 currently in testing.

unblock drupal7/7.14-2

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

diff -Nru drupal7-7.14/debian/changelog drupal7-7.14/debian/changelog
--- drupal7-7.14/debian/changelog   2013-01-29 19:22:30.0 +0100
+++ drupal7-7.14/debian/changelog   2013-02-23 16:25:12.0 +0100
@@ -1,3 +1,18 @@
+drupal7 (7.14-2) unstable; urgency=high
+
+  [ Luigi Gangitano ]
+  * Urgency high due to security fixes
+
+  * Acknowledge NMUs from Gunnar Wolf
+
+  * Incorporated fix for DoS on image derivative generation
+(Ref: SA-CORE-2013-002, CVE-2013-0316) (Closes: #701165)
+
+  * Removed update warnings for Drupal core, since security fixes are provided
+by Debian updates. (Closes: #700545)
+
+ -- Luigi Gangitano   Sat, 23 Feb 2013 15:12:35 +0100
+
 drupal7 (7.14-1.3) unstable; urgency=low
 
   * Non-maintainer upload.
diff -Nru drupal7-7.14/debian/patches/70_SA-CORE-2013-002 
drupal7-7.14/debian/patches/70_SA-CORE-2013-002
--- drupal7-7.14/debian/patches/70_SA-CORE-2013-002 1970-01-01 
01:00:00.0 +0100
+++ drupal7-7.14/debian/patches/70_SA-CORE-2013-002 2013-02-23 
16:16:02.0 +0100
@@ -0,0 +1,440 @@
+Origin: backport (diff between 7.19 and 7.20)
+Forwarded: not-needed
+From: Luigi Gangitano 
+Last-Update: 2013-02-23
+Applied-Upstream: Yes
+Description: Fixes SA_CORE-2013-002 (DoS)
+ This patch is taken from the diff between 7.19 and 7.20, applying it
+ to the currently frozen version (7.14). For further details, the
+ advisory is in:
+ .
+ http://drupal.org/SA-CORE-2013-002
+
+--- a/modules/image/image.module
 b/modules/image/image.module
+@@ -30,11 +30,16 @@
+  */
+ define('IMAGE_STORAGE_MODULE', IMAGE_STORAGE_OVERRIDE | 
IMAGE_STORAGE_DEFAULT);
+ 
++/**
++ * The name of the query parameter for image derivative tokens.
++ */
++define('IMAGE_DERIVATIVE_TOKEN', 'itok');
++
+ // Load all Field module hooks for Image.
+ require_once DRUPAL_ROOT . '/modules/image/image.field.inc';
+ 
+ /**
+- * Implement of hook_help().
++ * Implements hook_help().
+  */
+ function image_help($path, $arg) {
+   switch ($path) {
+@@ -766,16 +771,24 @@
+  *   The image style
+  */
+ function image_style_deliver($style, $scheme) {
+-  // Check that the style is defined and the scheme is valid.
+-  if (!$style || !file_stream_wrapper_valid_scheme($scheme)) {
+-drupal_exit();
+-  }
+-
+   $args = func_get_args();
+   array_shift($args);
+   array_shift($args);
+   $target = implode('/', $args);
+ 
++  // Check that the style is defined, the scheme is valid, and the image
++  // derivative token is valid. (Sites which require image derivatives to be
++  // generated without a token can set the 'image_allow_insecure_derivatives'
++  // variable to TRUE to bypass the latter check, but this will increase the
++  // site's vulnerability to denial-of-service attacks.)
++  $valid = !empty($style) && file_stream_wrapper_valid_scheme($scheme);
++  if (!variable_get('image_allow_insecure_derivatives', FALSE)) {
++$valid = $valid && isset($_GET[IMAGE_DERIVATIVE_TOKEN]) && 
$_GET[IMAGE_DERIVATIVE_TOKEN] === image_style_path_token($style['name'], 
$scheme . '://' . $target);
++  }
++  if (!$valid) {
++return MENU_ACCESS_DENIED;
++  }
++
+   $image_uri = $scheme . '://' . $target;
+   $derivative_uri = image_style_path($style['name'], $image_uri);
+ 
+@@ -960,6 +973,10 @@
+  */
+ function image_style_url($style_name, $path) {
+   $uri = image_style_path($style_name, $path);
++  // The token query is added even if the 'image_allow_insecure_derivatives'
++  // variable is TRUE, so that the emitted links remain valid if it is changed
++  // back to the default FALSE.
++  $token_query = array(IMAGE_DERIVATIVE_TOKEN => 
image_style_path_token($style_name, $path));
+ 
+   // If not using clean URLs, the image derivative callback is only available
+   // with the query string. If the file does not exist, use url() to ensure
+@@ -967,10 +984,33 @@
+   // actual file path, this avoids bootstrapping PHP once the files are built.
+   if (!variable_get('clean_url') && file_uri_scheme($uri) == 'public' && 
!file_exists($uri)) {
+ $directory_path = 
file_stream_wrapper_get_instance_by_uri($uri)->getDirectoryPath();
+-return url($directory_path . '/' .

Bug#700973: marked as done (unblock: trousers/0.3.9-3+wheezy1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 15:33:41 +
with message-id <1361633621.20752.22.ca...@jacala.jungle.funky-badger.org>
and subject line Re: Bug#700973: unblock: trousers/0.3.9-3+wheezy1
has caused the Debian Bug report #700973,
regarding unblock: trousers/0.3.9-3+wheezy1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700973: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700973
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package trousers

Upload 0.3.9-3+wheezy1 fixes a serious bug which causes installation of
trousers to fail in some cases, when the udev rules are not refreshed
when triggering the tpm device to setup the correct permissions.

Package in unstable is fixed. Debdiff for testing attached.

Thanks,
Pierre

unblock trousers/0.3.9-3+wheezy1
diff -Nru trousers-0.3.9/debian/changelog trousers-0.3.9/debian/changelog
--- trousers-0.3.9/debian/changelog	2012-07-05 20:56:17.0 +0200
+++ trousers-0.3.9/debian/changelog	2013-02-19 22:56:59.0 +0100
@@ -1,3 +1,10 @@
+trousers (0.3.9-3+wheezy1) stable-proposed-updates; urgency=low
+
+  * Reload udev rules before triggering event during postinst
+(Closes: #581505)
+
+ -- Pierre Chifflier   Mon, 18 Feb 2013 17:29:21 +0100
+
 trousers (0.3.9-3) unstable; urgency=low
 
   * Fix regression introduced in previous patch, preventing removal
diff -Nru trousers-0.3.9/debian/trousers.postinst trousers-0.3.9/debian/trousers.postinst
--- trousers-0.3.9/debian/trousers.postinst	2012-07-04 21:46:07.0 +0200
+++ trousers-0.3.9/debian/trousers.postinst	2013-02-18 17:31:52.0 +0100
@@ -16,8 +16,10 @@
 		chmod 0700 /var/lib/tpm
 
 		# ask udev to check for new udev rules (and fix device permissions)
-		[ -x /etc/init.d/udev ] && pidof udevd > /dev/null \
-			&& udevadm trigger --sysname-match="tpm[0-9]*"
+		if [ -x /etc/init.d/udev ] && pidof udevd > /dev/null; then
+			udevadm control --reload-rules
+			udevadm trigger --sysname-match="tpm[0-9]*"
+		fi
 		;;
 
 	abort-upgrade|abort-remove|abort-deconfigure)
--- End Message ---
--- Begin Message ---
On Thu, 2013-02-21 at 23:55 +0100, Pierre Chifflier wrote:
> On Thu, Feb 21, 2013 at 08:33:16PM +, Adam D. Barratt wrote:
> > On Tue, 2013-02-19 at 23:21 +0100, Pierre Chifflier wrote:
> > > Upload 0.3.9-3+wheezy1 fixes a serious bug which causes installation of
> > > trousers to fail in some cases, when the udev rules are not refreshed
> > > when triggering the tpm device to setup the correct permissions.
> > 
> > If it's a serious bug, why is it only "severity: normal"?
[...]
> The bug prevents the installation of the package in some case, so should
> be marked serious imho. Shall I raise the severity ?

Reading through the bug log, I'm undecided between important serious.
The former wouldn't really qualify for a t-p-u, but unblocked in any
case.

> > (For future reference, it's appreciated if you file the unblock bug as
> > the first step in the process, not the last.)
> > 
> 
> Sorry about this, I thought the packages (especially for unstable) had
> to be uploaded before filling the unblock request (so I can join the
> real debdiff).

For unstable, that's correct. For t-p-u we prefer an initial review of
the diff.

Regards,

Adam--- End Message ---

Bug#701472: marked as done (unblock: ruby-defaults/1:1.9.3)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 15:23:42 +
with message-id <1361633022.20752.19.ca...@jacala.jungle.funky-badger.org>
and subject line Re: Bug#701472: unblock: ruby-defaults/1:1.9.3
has caused the Debian Bug report #701472,
regarding unblock: ruby-defaults/1:1.9.3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
701472: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701472
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ruby-defaults

This version fixes an RC bug that breaks upgrades from squeeze when
apt-listbugs is installed.

the debdiff against the package in testing is attached

unblock ruby-defaults/1:1.9.3

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.utf8, LC_CTYPE=pt_BR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- 
Antonio Terceiro 
diff -Nru ruby-defaults-4.9/debian/changelog ruby-defaults-1.9.3/debian/changelog
--- ruby-defaults-4.9/debian/changelog	2012-06-03 14:55:52.0 -0300
+++ ruby-defaults-1.9.3/debian/changelog	2013-02-23 10:49:24.0 -0300
@@ -1,3 +1,10 @@
+ruby-defaults (1:1.9.3) unstable; urgency=low
+
+  * declare Breaks: apt-listbugs (<< 0.1.6) in ruby package to avoid breaking
+squeeze/wheezy upgrades when apt-listbugs is installed (Closes: 700671).
+
+ -- Antonio Terceiro   Sat, 23 Feb 2013 10:45:13 -0300
+
 ruby-defaults (4.9) unstable; urgency=low
 
   [ Shawn Landden ]
diff -Nru ruby-defaults-4.9/debian/control ruby-defaults-1.9.3/debian/control
--- ruby-defaults-4.9/debian/control	2012-05-27 22:01:09.0 -0300
+++ ruby-defaults-1.9.3/debian/control	2013-02-23 10:37:06.0 -0300
@@ -14,6 +14,7 @@
 Depends: ruby1.9.1 (>= 1.9.3.194-1), ${misc:Depends}
 Suggests: ri, ruby-dev
 Conflicts: irb, rdoc
+Breaks: apt-listbugs (<< 0.1.6)
 Replaces: irb, rdoc
 Provides: irb, rdoc
 Description: Interpreter of object-oriented scripting language Ruby (default version)


signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
On Sat, 2013-02-23 at 12:03 -0300, Antonio Terceiro wrote:
> Please unblock package ruby-defaults
> 
> This version fixes an RC bug that breaks upgrades from squeeze when
> apt-listbugs is installed.

Unblocked; thanks.

Regards,

Adam--- End Message ---

Bug#701473: marked as done (unblock: ruby1.9.1/1.9.3.194-8)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 15:22:45 +
with message-id <1361632965.20752.18.ca...@jacala.jungle.funky-badger.org>
and subject line Re: Bug#701473: unblock: ruby1.9.1/1.9.3.194-8
has caused the Debian Bug report #701473,
regarding unblock: ruby1.9.1/1.9.3.194-8
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
701473: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701473
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ruby1.9.1

This release fixes a RC bug that breaks upgrades from squeeze when
apt-listbugs and ruby1.9.1 are installed before the upgrade.

the debdiff against the package in testing is attached

unblock ruby1.9.1/1.9.3.194-8

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.utf8, LC_CTYPE=pt_BR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- 
Antonio Terceiro 
diff -Nru ruby1.9.1-1.9.3.194/debian/changelog ruby1.9.1-1.9.3.194/debian/changelog
--- ruby1.9.1-1.9.3.194/debian/changelog	2013-02-13 12:30:04.0 -0300
+++ ruby1.9.1-1.9.3.194/debian/changelog	2013-02-23 11:29:56.0 -0300
@@ -1,3 +1,10 @@
+ruby1.9.1 (1.9.3.194-8) unstable; urgency=low
+
+  * ruby1.9.1: add Breaks: apt-listbugs (<< 0.1.6) to avoid breaking the
+squeeze->wheezy upgrades (Closes: #701466).
+
+ -- Antonio Terceiro   Sat, 23 Feb 2013 09:21:27 -0300
+
 ruby1.9.1 (1.9.3.194-7) unstable; urgency=high
 
   * debian/patches/CVE-2013-0269.patch: fix possible denial of service and
diff -Nru ruby1.9.1-1.9.3.194/debian/control ruby1.9.1-1.9.3.194/debian/control
--- ruby1.9.1-1.9.3.194/debian/control	2013-02-13 07:20:34.0 -0300
+++ ruby1.9.1-1.9.3.194/debian/control	2013-02-23 09:25:58.0 -0300
@@ -14,6 +14,7 @@
 Depends: libruby1.9.1 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}
 Suggests: ruby1.9.1-examples, ri1.9.1, graphviz, ruby1.9.1-dev, ruby-switch
 Conflicts: rdoc1.9.1 (<< 1.9.1.378-2~), irb1.9.1 (<< 1.9.1.378-2~), rubygems1.9.1, ri1.9.1 (<< 1.9.2.180-3~), ruby (<= 4.5), ri (<= 4.5)
+Breaks: apt-listbugs (<< 0.1.6)
 Replaces: rdoc1.9.1, irb1.9.1, rubygems1.9.1
 Provides: rdoc1.9.1, irb1.9.1, rubygems1.9.1, ruby-interpreter
 Description: Interpreter of object-oriented scripting language Ruby


signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
On Sat, 2013-02-23 at 12:08 -0300, Antonio Terceiro wrote:
> Please unblock package ruby1.9.1
> 
> This release fixes a RC bug that breaks upgrades from squeeze when
> apt-listbugs and ruby1.9.1 are installed before the upgrade.

Unblocked; thanks.

Regards,

Adam--- End Message ---

Bug#701473: unblock: ruby1.9.1/1.9.3.194-8

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ruby1.9.1

This release fixes a RC bug that breaks upgrades from squeeze when
apt-listbugs and ruby1.9.1 are installed before the upgrade.

the debdiff against the package in testing is attached

unblock ruby1.9.1/1.9.3.194-8

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.utf8, LC_CTYPE=pt_BR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- 
Antonio Terceiro 
diff -Nru ruby1.9.1-1.9.3.194/debian/changelog ruby1.9.1-1.9.3.194/debian/changelog
--- ruby1.9.1-1.9.3.194/debian/changelog	2013-02-13 12:30:04.0 -0300
+++ ruby1.9.1-1.9.3.194/debian/changelog	2013-02-23 11:29:56.0 -0300
@@ -1,3 +1,10 @@
+ruby1.9.1 (1.9.3.194-8) unstable; urgency=low
+
+  * ruby1.9.1: add Breaks: apt-listbugs (<< 0.1.6) to avoid breaking the
+squeeze->wheezy upgrades (Closes: #701466).
+
+ -- Antonio Terceiro   Sat, 23 Feb 2013 09:21:27 -0300
+
 ruby1.9.1 (1.9.3.194-7) unstable; urgency=high
 
   * debian/patches/CVE-2013-0269.patch: fix possible denial of service and
diff -Nru ruby1.9.1-1.9.3.194/debian/control ruby1.9.1-1.9.3.194/debian/control
--- ruby1.9.1-1.9.3.194/debian/control	2013-02-13 07:20:34.0 -0300
+++ ruby1.9.1-1.9.3.194/debian/control	2013-02-23 09:25:58.0 -0300
@@ -14,6 +14,7 @@
 Depends: libruby1.9.1 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}
 Suggests: ruby1.9.1-examples, ri1.9.1, graphviz, ruby1.9.1-dev, ruby-switch
 Conflicts: rdoc1.9.1 (<< 1.9.1.378-2~), irb1.9.1 (<< 1.9.1.378-2~), rubygems1.9.1, ri1.9.1 (<< 1.9.2.180-3~), ruby (<= 4.5), ri (<= 4.5)
+Breaks: apt-listbugs (<< 0.1.6)
 Replaces: rdoc1.9.1, irb1.9.1, rubygems1.9.1
 Provides: rdoc1.9.1, irb1.9.1, rubygems1.9.1, ruby-interpreter
 Description: Interpreter of object-oriented scripting language Ruby


signature.asc
Description: Digital signature

Bug#701472: unblock: ruby-defaults/1:1.9.3

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ruby-defaults

This version fixes an RC bug that breaks upgrades from squeeze when
apt-listbugs is installed.

the debdiff against the package in testing is attached

unblock ruby-defaults/1:1.9.3

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.utf8, LC_CTYPE=pt_BR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- 
Antonio Terceiro 
diff -Nru ruby-defaults-4.9/debian/changelog ruby-defaults-1.9.3/debian/changelog
--- ruby-defaults-4.9/debian/changelog	2012-06-03 14:55:52.0 -0300
+++ ruby-defaults-1.9.3/debian/changelog	2013-02-23 10:49:24.0 -0300
@@ -1,3 +1,10 @@
+ruby-defaults (1:1.9.3) unstable; urgency=low
+
+  * declare Breaks: apt-listbugs (<< 0.1.6) in ruby package to avoid breaking
+squeeze/wheezy upgrades when apt-listbugs is installed (Closes: 700671).
+
+ -- Antonio Terceiro   Sat, 23 Feb 2013 10:45:13 -0300
+
 ruby-defaults (4.9) unstable; urgency=low
 
   [ Shawn Landden ]
diff -Nru ruby-defaults-4.9/debian/control ruby-defaults-1.9.3/debian/control
--- ruby-defaults-4.9/debian/control	2012-05-27 22:01:09.0 -0300
+++ ruby-defaults-1.9.3/debian/control	2013-02-23 10:37:06.0 -0300
@@ -14,6 +14,7 @@
 Depends: ruby1.9.1 (>= 1.9.3.194-1), ${misc:Depends}
 Suggests: ri, ruby-dev
 Conflicts: irb, rdoc
+Breaks: apt-listbugs (<< 0.1.6)
 Replaces: irb, rdoc
 Provides: irb, rdoc
 Description: Interpreter of object-oriented scripting language Ruby (default version)


signature.asc
Description: Digital signature

Bug#700150: RM: flickcurl/1.22-1

[Kumar Appaiah]

On Sat, Feb 23, 2013 at 01:14:08PM +, Adam D. Barratt wrote:
> Both bugs were fixed. darktable already entered testing and rawstudio
> should do so in the next britney run. I've added the requested removal
> hint for flickcurl.

Thank you for handling these, Adam. And thanks for the proactive bug
reports, Ivo.

Kumar
-- 
Kumar Appaiah


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20130223133326.ga30...@bluemoon.alumni.iitm.ac.in

Re: Allow pyrad 1.2-1+deb7u1 into wheezy

[Adam D. Barratt]

On Sun, 2013-02-17 at 13:59 +, Jonathan Wiltshire wrote:
> On Sun, Feb 17, 2013 at 08:06:36AM +0100, Salvatore Bonaccorso wrote:
> > Assuming there will be also either a DSA or a pu for pyrad, how should
> > that be versioned? Traditionally for Squeeze it was +squeeze1, but:
[...]
> Once 1.2-1+deb7u1 reaches wheezy (next 24 hours) we will be able to use
> 1.2-1+deb6u1 for any hypothetical DSA to slot in between squeeze and
> wheezy.

Well, there's a 1.2.1+deb6u1 in p-u-NEW. I can't find a p-u request for
it though...

Regards,

Adam


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/1361626438.20752.17.ca...@jacala.jungle.funky-badger.org

Bug#700707: marked as done (unblock: lintian/2.5.10.4)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 14:26:06 +0100
with message-id <20130223132606.gp5...@radis.cristau.org>
and subject line Re: Bug#700707: unblock: lintian/2.5.10.4
has caused the Debian Bug report #700707,
regarding unblock: lintian/2.5.10.4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700707: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700707
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi,

Please consider unblocking lintian/2.5.10.4, it includes the following
changes:

lintian (2.5.10.4) unstable; urgency=low

  * checks/init.d:
+ [NT] Fix regression where Lintian would not properly match
  init.d passed to update-rc.d.  Thanks to Michael Meskes for
  reporting.  (Closes: #698602)

  * lib/Lintian/Collect/Package.pm:
+ [NT] Ensure the "root" entry of indices do not contain itself.
  (Closes: #695866)
  * lib/Lintian/Util.pm:
+ [NT] Reject partially signed Deb822 files.  Most Deb822 files
  are not signed at all; but those that are should be completely
  covered by a signature.  (Closes: #696230)
+ [ADB] Fix a typo in the matching of expected delimiters for some
  signed messages; thanks Samuel Bronson.


I have attached a filtered debdiff (one without the test suite
changes).

 diffstat for lintian-2.5.10.3 lintian-2.5.10.4 (minus the test suite)

 checks/init.d |   13 +
 debian/changelog  |   19 ++
 frontend/lintian  |8 +
 lib/Lintian/Collect/Package.pm|6 
 lib/Lintian/Util.pm   |  152 --
 [...]

The changes to Lintian::Util appear large at first, but the majority
of them are comments.

unblock lintian/2.5.10.4

Thanks for considering it,
~Niels
diffstat for lintian-2.5.10.3 lintian-2.5.10.4

 checks/init.d |   13 +
 debian/changelog  |   19 ++
 frontend/lintian  |8 +
 lib/Lintian/Collect/Package.pm|6 
 lib/Lintian/Util.pm   |  152 --
 t/scripts/Lintian/Util/data/pgp-eof-missing-sign  |5 
 t/scripts/Lintian/Util/data/pgp-leading-unsigned  |   14 ++
 t/scripts/Lintian/Util/data/pgp-malformed-header  |   11 +
 t/scripts/Lintian/Util/data/pgp-no-end-pgp-header |7 +
 t/scripts/Lintian/Util/data/pgp-sig-before-start  |7 +
 t/scripts/Lintian/Util/data/pgp-trailing-unsigned |   14 ++
 t/scripts/Lintian/Util/data/pgp-two-signatures|   16 ++
 t/scripts/Lintian/Util/data/pgp-two-signed-msgs   |   19 ++
 t/scripts/Lintian/Util/data/pgp-unexpected-header |6 
 t/scripts/Lintian/Util/dctrl-parser.t |   52 +++
 15 files changed, 334 insertions(+), 15 deletions(-)

diff -Nru lintian-2.5.10.3/checks/init.d lintian-2.5.10.4/checks/init.d
--- lintian-2.5.10.3/checks/init.d	2012-12-11 19:03:17.0 +0100
+++ lintian-2.5.10.4/checks/init.d	2013-02-16 13:25:08.0 +0100
@@ -61,6 +61,11 @@
 );
 
 our $VIRTUAL_FACILITIES = Lintian::Data->new('init.d/virtual_facilities');
+# Regex to match names of init.d scripts; it is a bit more lax than
+# package names (e.g. allows "_").  We do not allow it to start with a
+# "dash" to avoid confusing it with a command-line option (also,
+# update-rc.d does not allow this).
+our $INITD_NAME_REGEX = qr/[\w\.\+][\w\-\.\+]*/;
 
 sub run {
 
@@ -88,7 +93,7 @@
 next if /$exclude_r/o;
 s/\#.*$//o;
 next unless /^(?:.+;|^\s*system[\s\(\']+)?\s*update-rc\.d\s+
-(?:$opts_r)*($PKGNAME_REGEX)\s+($action_r)/xo;
+(?:$opts_r)*($INITD_NAME_REGEX)\s+($action_r)/xo;
 my ($name,$opt) = ($1,$2);
 next if $opt eq 'remove';
 if ($initd_postinst{$name}++ == 1) {
@@ -108,7 +113,7 @@
 next if /$exclude_r/o;
 s/\#.*$//o;
 next unless m/update-rc\.d \s+
-   (?:$opts_r)*($PKGNAME_REGEX) \s+
+   (?:$opts_r)*($INITD_NAME_REGEX) \s+
($action_r)/ox;
 my ($name,$opt) = ($1,$2);
 next if $opt eq 'remove';
@@ -122,7 +127,7 @@
 while () {
 next if /$exclude_r/o;
 s/\#.*$//o;
-next unless m/update-rc\.d\s+($opts_r)*($PKGNAME_REGEX)/o;
+next unless m/update-rc\.d\s+($opts_r)*($INITD_NAME_REGEX)/o;
 if ($initd_postrm{$2}++ == 1) {
   

Bug#700150: marked as done (RM: flickcurl/1.22-1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 13:14:08 +
with message-id <1361625248.20752.15.ca...@jacala.jungle.funky-badger.org>
and subject line Re: Bug#700150: RM: flickcurl/1.22-1
has caused the Debian Bug report #700150,
regarding RM: flickcurl/1.22-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700150: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700150
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

Hi.

As mentioned in #700050, the package version in testing is unusable
without changing the authentication method. The changes seem too
involved to backport, so I'd request that wheezy be shipped without
flickcurl.

Thanks.

Kumar

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.3.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
On Mon, 2013-02-11 at 16:14 +0100, Ivo De Decker wrote:
> On Sat, Feb 09, 2013 at 08:54:20AM -0600, Kumar Appaiah wrote:
> > > Checking reverse dependencies...
> > > # Broken Depends:
> > > darktable: darktable [amd64 i386 kfreebsd-amd64 kfreebsd-i386]
> > > rawstudio: rawstudio
> > > 
> > > # Broken Build-Depends:
> > > darktable: libflickcurl-dev
> > > rawstudio: libflickcurl-dev
[...]
> > Could you please advise me on what to do in this case, given that
> > darktable and rawstudio are fairly popular packages?
> 
> I filed bugs (with patches) against both packages, to have the
> (build-)dependency on flickcurl removed:

Both bugs were fixed. darktable already entered testing and rawstudio
should do so in the next britney run. I've added the requested removal
hint for flickcurl.

Regards,

Adam--- End Message ---

Bug#700925: marked as done (unblock: rawstudio/2.0-1.1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 13:59:44 +0100
with message-id <20130223125944.go5...@radis.cristau.org>
and subject line Re: Bug#700925: unblock: rawstudio/2.0-1.1
has caused the Debian Bug report #700925,
regarding unblock: rawstudio/2.0-1.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700925: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700925
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock rawstudio to drop the dependency on libflickcurl, which 
is the last piece in the removal puzzle for that package.


Thanks,

--
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

 i have six years of solaris sysadmin experience, from
8->10. i am well qualified to say it is made from bonghits
layered on top of bonghits
--- End Message ---
--- Begin Message ---
On Tue, Feb 19, 2013 at 11:56:29 +, Jonathan Wiltshire wrote:

> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock rawstudio to drop the dependency on libflickcurl,
> which is the last piece in the removal puzzle for that package.
> 
Done (and bumped urgency to medium).

Cheers,
Julien


signature.asc
Description: Digital signature
--- End Message ---

Processed: closing 629329, closing 700864

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> # Included in today's point release
> close 629329 6.0.7
Bug #629329 [release.debian.org] pu: package sphinx/0.6.6-3+squeeze1
There is no source info for the package 'release.debian.org' at version '6.0.7' 
with architecture ''
Unable to make a source version for version '6.0.7'
Marked as fixed in versions 6.0.7.
Bug #629329 [release.debian.org] pu: package sphinx/0.6.6-3+squeeze1
Marked Bug as done
> close 700864 6.0.7
Bug #700864 [release.debian.org] pu: package dbus-glib/0.88-2.1+squeeze1
There is no source info for the package 'release.debian.org' at version '6.0.7' 
with architecture ''
Unable to make a source version for version '6.0.7'
Marked as fixed in versions 6.0.7.
Bug #700864 [release.debian.org] pu: package dbus-glib/0.88-2.1+squeeze1
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
629329: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629329
700864: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700864
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/handler.s.c.136162322510091.transcr...@bugs.debian.org

Bug#701187: unblock: iso-codes/3.41-1

[Tobias Quathamer]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package iso-codes

The ISO 3166 standard has recently (beginning of February) incorporated
an important change ("State of Palestine" instead of "Palestinian
Territory, Occupied"). Therefore, the package iso-codes has been updated
and has accumulated quite a lot of translation updates for this change.

Quoting Christian Perrier:

> Hello Tobias,
>
> I'd suggest we release iso-codes targeted at wheezy. The "Palestine"
> change is a quite important one and we really want to have this in
> wheezy particularly for the installer.
>
> I think that this update would be accepted by the release team.

The debdiff from unstable against testing is attached to the original
bug report (#701187). It is awfully large (1.5MB, therefore stripped
from this message), but there are only changes to the XML source
files, the corresponding .pot files and (of course) the translation
updates. I've attached the output of the following command, removing the
translation changes:

debdiff iso-codes_3.40-1.dsc iso-codes_3.41-1.dsc | filterdiff -x "*.po"

unblock iso-codes/3.41-1

Regards,
Tobias
diff -Nru iso-codes-3.40/ChangeLog iso-codes-3.41/ChangeLog
--- iso-codes-3.40/ChangeLog	2012-11-01 13:47:44.0 +0100
+++ iso-codes-3.41/ChangeLog	2013-02-22 14:14:12.0 +0100
@@ -1,3 +1,100 @@
+iso-codes 3.41
+--
+Tobias Quathamer 
+Fri, 22 Feb 2013
+
+  [ ISO 3166 ]
+  * Update ISO-3166 after publication of ISO-3166 maintenance agency
+Newsletter VI-14 dated 2013-02-06:
+- Change name for the State of Palestine
+
+  [ ISO 639-2 ]
+  * Update to 2012-11-21 (addition of zgh)
+
+  [ ISO 639-2 translations ]
+  * French by Christian Perrier
+  * German by Tobias Quathamer
+
+  [ ISO 3166 translations ]
+  * Turkish (Atila KOÇ). Closes: #693791
+  * Norwegian Bokmaal by Hans Fredrik Nordhaug (TP)
+  * Danish by Joe Hansen (TP)
+  * Dutch by Freek de Kruijf (TP)
+  * Indonesian (Mahyuddin Susanto). Closes: #695663
+  * Portuguese by Miguel Figueiredo. Closes: #698391
+  * Interlingua by Nik Kalach (TP)
+  * Kazakh by Baurzhan Muftakhidinov.  Closes: #700379
+  * Norwegian Nynorsk by Haavard Korsvoll. Closes: #700400
+  * Hindi by Kumar Appaiah. Closes: #700417
+  * German by Tobias Quathamer
+  * French by Christian Perrier
+  * Vietnamese by Hoang Nguyen
+  * Persian by حجتاله.
+  * Khmer by Khoem Sokhem.
+  * Indonesian by Mahyuddin Susanto.
+  * Brazilian Portuguese by Leonardo Ferreira Fontenelle.
+  * Thai by Theppitak Karoonboonyanan
+  * Greek by Nick Andrik. Closes: #700440
+  * Basque by Iñaki Larrañaga Murgoitio. Closes: #700460
+  * Gujarati by Kartik Mistry. Closes: #700478
+  * Slovak by Ivan Masar
+  * Portuguese by Miguel Figueiredo. Closes: #700451
+  * Uyghur by Sahran.
+  * Icelandic by Sveinn í Felli.
+  * Spanish by Lenin Zamir Flores Rossmann.
+  * Estonian by Tõivo Leedjärv. Closes: #700519
+  * Lithuanian by Rimas Kudelis. Closes: #700698
+  * Italian by Milo Casagrande.
+  * Czech by Miroslav Kure.
+  * Turkish by Atila KOÇ. Closes: #701066
+  * Latvian by Rihards PriedItis (TP)
+  * Chinese (traditional) by Wei-Lun Chao (TP)
+  * Icelandic by Sveinn í Felli (TP)
+  * Interlingua by Nik Kalach (TP)
+
+  [ ISO 639-3 translations ]
+  * German by Hendrik Knackstedt
+  * Ukrainian by Yuri Chornoivan (TP)
+  * Italian by Milo Casagrande (TP)
+  * Dutch by Freek de Kruijf (TP)
+  * Bulgarian by Roumen Petrov (TP)
+
+  [ ISO 639 translations ]
+  * German by Hendrik Knackstedt
+  * Ukrainian by Yuri Chornoivan (TP)
+  * Polish by Jakub Bogusz (TP)
+  * Belarusian by Ihar Hrachyshka (TP)
+  * Russian by Yuri Kozlov (TP)
+  * Italian by Milo Casagrande (TP)
+  * Bulgarian by Roumen Petrov (TP)
+  * Czech by Miroslav Kure
+  * Latvian by Rihards PriedItis (TP)
+  * Chinese (traditional) by Wei-Lun Chao (TP)
+  * Icelandic by Sveinn í Felli (TP)
+
+  [ ISO 15924 translations ]
+  * Ukrainian by Yuri Chornoivan (TP)
+  * Polish by Jakub Bogusz (TP)
+  * Russian by Yuri Kozlov (TP)
+  * Italian by Milo Casagrande (TP)
+  * Danish by Joe Hansen (TP)
+  * Dutch by Freek de Kruijf (TP)
+  * Esperanto by Felipe Castro (TP)
+  * Latvian by Rihards PriedItis (TP)
+  * Icelandic by Sveinn í Felli (TP)
+
+  [ ISO 4217 translations ]
+  * Croatian by Tomislav Krznar (TP)
+  * Fix encoding for Mongolian. Closes: #695680
+Thanks to Jakub Wilk
+  * Chinese (traditional) by Wei-Lun Chao (TP)
+
+  [ ISO 3166-2 translations ]
+  * Danish by Joe Hansen (TP)
+  * Dutch by Freek de Kruijf (TP)
+  * Thai by Theppitak Karoonboonyanan
+
+
 iso-codes 3.40
 --
 Tobias Quathamer 
@@ -18,7 +115,7 @@
 common practice (the Bangla/Bengali issue)
   * Use "Bangla" as common name for Bengali
 Closes: LP#991002
-
+
   [ ISO 15924 translations ]
   * French by Christian Perrier (who just has to
 copy/paste from the standard, lucky bastard!)
diff -Nru iso-codes-3.40/c

Bug#700724: marked as done (pu: package ttf-ipafont/00203-16+squeeze1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #700724,
regarding pu: package ttf-ipafont/00203-16+squeeze1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700724: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700724
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Hi,

ttf-ipafont does not correctly handle the alternatives:
* ttf-ipafont-{gothic,mincho}.postinst registers them
* ttf-ipafont.prerm unregisters them
(that it probably an oversight when the package was split)

This leads to the following errors if ttf-ipafont is installed, removed
and installed again:

0m16.5s ERROR: FAIL: After purging files have disappeared:
  /etc/alternatives/ttf-japanese-gothic.ttf -> 
/usr/share/fonts/truetype/ipafont/ipag.ttfnot owned
  /etc/alternatives/ttf-japanese-mincho.ttf -> 
/usr/share/fonts/truetype/ipafont/ipam.ttfnot owned
  /usr/share/fonts/truetype/ttf-japanese-gothic.ttf -> 
/etc/alternatives/ttf-japanese-gothic.ttf not owned
  /usr/share/fonts/truetype/ttf-japanese-mincho.ttf -> 
/etc/alternatives/ttf-japanese-mincho.ttf not owned

And I actually had forgotten to file a bug about this until a few minutes
ago :-)

The attached patch fixes this by moving the unregistration to the
respective prerm while keeping all the ancient cleanup code in the
ttf-ipafont package.

Andreas
diffstat for ttf-ipafont-00203 ttf-ipafont-00203

 changelog|9 +
 ttf-ipafont-gothic.prerm |   11 +++
 ttf-ipafont-mincho.prerm |   11 +++
 ttf-ipafont.prerm|3 ---
 4 files changed, 31 insertions(+), 3 deletions(-)

diff -Nru ttf-ipafont-00203/debian/changelog ttf-ipafont-00203/debian/changelog
--- ttf-ipafont-00203/debian/changelog	2010-07-21 17:47:51.0 +0200
+++ ttf-ipafont-00203/debian/changelog	2013-02-16 17:54:41.0 +0100
@@ -1,3 +1,12 @@
+ttf-ipafont (00203-16+squeeze1) stable; urgency=low
+
+  * Non-maintainer upload.
+  * ttf-ipafont.prerm: Move removal of the current alternatives to
+ttf-ipafont-{gothic,mincho}.prerm as their postinst creates them.
+(Closes: 700722)
+
+ -- Andreas Beckmann   Sat, 16 Feb 2013 17:54:34 +0100
+
 ttf-ipafont (00203-16) unstable; urgency=low
 
   * debian/control
diff -Nru ttf-ipafont-00203/debian/ttf-ipafont-gothic.prerm ttf-ipafont-00203/debian/ttf-ipafont-gothic.prerm
--- ttf-ipafont-00203/debian/ttf-ipafont-gothic.prerm	1970-01-01 01:00:00.0 +0100
+++ ttf-ipafont-00203/debian/ttf-ipafont-gothic.prerm	2013-02-16 17:24:12.0 +0100
@@ -0,0 +1,11 @@
+#!/bin/sh
+set -e
+
+ALT_GOTHIC_NAME="ttf-japanese-gothic"
+GOTHIC_FONT_ENTRY="/usr/share/fonts/truetype/ipafont/ipag.ttf"
+
+if [ "$1" = "remove" ]; then
+update-alternatives --remove $ALT_GOTHIC_NAME.ttf $GOTHIC_FONT_ENTRY
+fi
+
+#DEBHELPER#
diff -Nru ttf-ipafont-00203/debian/ttf-ipafont-mincho.prerm ttf-ipafont-00203/debian/ttf-ipafont-mincho.prerm
--- ttf-ipafont-00203/debian/ttf-ipafont-mincho.prerm	1970-01-01 01:00:00.0 +0100
+++ ttf-ipafont-00203/debian/ttf-ipafont-mincho.prerm	2013-02-16 17:24:20.0 +0100
@@ -0,0 +1,11 @@
+#!/bin/sh
+set -e
+
+ALT_MINCHO_NAME="ttf-japanese-mincho"
+MINCHO_FONT_ENTRY="/usr/share/fonts/truetype/ipafont/ipam.ttf"
+
+if [ "$1" = "remove" ]; then
+update-alternatives --remove $ALT_MINCHO_NAME.ttf $MINCHO_FONT_ENTRY
+fi
+
+#DEBHELPER#
diff -Nru ttf-ipafont-00203/debian/ttf-ipafont.prerm ttf-ipafont-00203/debian/ttf-ipafont.prerm
--- ttf-ipafont-00203/debian/ttf-ipafont.prerm	2009-12-12 08:43:44.0 +0100
+++ ttf-ipafont-00203/debian/ttf-ipafont.prerm	2013-02-16 17:24:40.0 +0100
@@ -39,9 +39,6 @@
   rm /usr/share/fonts/truetype/$ALT_MINCHO_NAME
 fi
 
-update-alternatives --remove $ALT_GOTHIC_NAME.ttf $GOTHIC_FONT_ENTRY
-update-alternatives --remove $ALT_MINCHO_NAME.ttf $MINCHO_FONT_ENTRY
-
 ;;
 
 failed-upgrade)
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#700735: marked as done (pu: package perl/5.10.1-17squeeze5)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #700735,
regarding pu: package perl/5.10.1-17squeeze5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700735: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700735
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

A security update deemed not serious enough for a DSA, as discussed at
. The security has requested this be
fixed in stable. The attached patch does so; please may I upload?

Thanks,
Dominic.
diff --git a/debian/changelog b/debian/changelog
index bc6d714..1f28a9b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+perl (5.10.1-17squeeze5) stable; urgency=low
+
+  * [SECURITY] CVE-2012-6329: Fix misparsing of maketext strings which
+could allow arbitrary code execution from untrusted maketext templates
+(Closes: #695224)
+
+ -- Dominic Hargreaves   Sat, 16 Feb 2013 19:00:31 +
+
 perl (5.10.1-17squeeze4) stable-security; urgency=low
 
   * [SECURITY] CVE-2012-5195: fix a heap buffer overrun with
diff --git a/debian/patches/fixes/maketext-code-execution.diff b/debian/patches/fixes/maketext-code-execution.diff
new file mode 100644
index 000..2d09ad7
--- /dev/null
+++ b/debian/patches/fixes/maketext-code-execution.diff
@@ -0,0 +1,66 @@
+From: Brian Carlson 
+Subject: Fix misparsing of maketext strings.
+
+Case 61251: This commit fixes a misparse of maketext strings that could
+lead to arbitrary code execution.  Basically, maketext was compiling
+bracket notation into functions, but neglected to escape backslashes
+inside the content or die on fully-qualified method names when
+generating the code.  This change escapes all such backslashes and dies
+when a method name with a colon or apostrophe is specified.
+
+Backported to 5.10.1 by Dominic Hargreaves.
+
+Bug-Debian: http://bugs.debian.org/695224
+Origin: http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8
+Patch-Name: fixes/maketext-code-execution.diff
+
+diff --git a/lib/Locale/Maketext/Guts.pm b/lib/Locale/Maketext/Guts.pm
+index 9af292c..0a3bacf 100644
+--- a/lib/Locale/Maketext/Guts.pm
 b/lib/Locale/Maketext/Guts.pm
+@@ -140,21 +140,9 @@ sub _compile {
+ # 0-length method name means to just interpolate:
+ push @code, ' (';
+ }
+-elsif($m =~ /^\w+(?:\:\:\w+)*$/s
+-and $m !~ m/(?:^|\:)\d/s
+-# exclude starting a (sub)package or symbol with a digit
++elsif($m =~ /^\w+$/s
++# exclude anything fancy, especially fully-qualified module names
+ ) {
+-# Yes, it even supports the demented (and undocumented?)
+-#  $obj->Foo::bar(...) syntax.
+-$target->_die_pointing(
+-$_[1], q{Can't use "SUPER::" in a bracket-group method},
+-2 + length($c[-1])
+-)
+-if $m =~ m/^SUPER::/s;
+-# Because for SUPER:: to work, we'd have to compile this into
+-#  the right package, and that seems just not worth the bother,
+-#  unless someone convinces me otherwise.
+-
+ push @code, ' $_[0]->' . $m . '(';
+ }
+ else {
+@@ -208,7 +196,9 @@ sub _compile {
+ elsif(substr($1,0,1) ne '~') {
+ # it's stuff not containing "~" or "[" or "]"
+ # i.e., a literal blob
+-$c[-1] .= $1;
++my $text = $1;
++$text =~ s/\\//g;
++$c[-1] .= $text;
+ 
+ }
+ elsif($1 eq '~~') { # "~~"
+@@ -246,7 +236,9 @@ sub _compile {
+ else {
+ # It's a "~X" where X is not a special character.
+ # Consider it a literal ~ and X.
+-$c[-1] .= $1;
++my $text = $1;
++$text =~ s/\\//g;
++$c[-1] .= $text;
+ }
+ }
+ }
diff --git a/debian/patches/patchlevel b/debian/patches/patchlevel
index 2a998f0..aab8c52 10064

Bug#700672: marked as done (pu: package libzorpll/3.3.0.12-4+squeeze1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #700672,
regarding pu: package libzorpll/3.3.0.12-4+squeeze1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700672: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700672
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Hi,

there is an upgrade issue from lenny to squeeze due to a file conflict
between libzorp2-dev (existed in lenny only) and libzorpll-dev:

  Preparing to replace libzorpll-dev 3.0.6.4.2+nmu1 (using 
.../libzorpll-dev_3.3.0.12-4_amd64.deb) ...
  Unpacking replacement libzorpll-dev ...
  dpkg: error processing 
/var/cache/apt/archives/libzorpll-dev_3.3.0.12-4_amd64.deb (--unpack):
   trying to overwrite '/usr/include/zorp/streamblob.h', which is also in 
package libzorp2-dev 3.0.8-0.5

An unversioned Breaks/Replaces should fix this, libzorp2-dev is not
used as a virtual package.


Andreas
diffstat for libzorpll_3.3.0.12-4 libzorpll_3.3.0.12-4+squeeze1

 changelog |8 
 control   |2 ++
 2 files changed, 10 insertions(+)

diff -u libzorpll-3.3.0.12/debian/changelog libzorpll-3.3.0.12/debian/changelog
--- libzorpll-3.3.0.12/debian/changelog
+++ libzorpll-3.3.0.12/debian/changelog
@@ -1,3 +1,11 @@
+libzorpll (3.3.0.12-4+squeeze1) UNRELEASED; urgency=low
+
+  * Non-maintainer upload.
+  * libzorpll-dev: Add Breaks/Replaces: libzorp2-dev. In lenny libzorp2-dev
+was shipping /usr/include/zorp/streamblob.h.  (Closes: #693984)
+
+ -- Andreas Beckmann   Fri, 15 Feb 2013 23:46:18 +0100
+
 libzorpll (3.3.0.12-4) unstable; urgency=low
 
   * Fixed process.c compilation error when libcap is not
diff -u libzorpll-3.3.0.12/debian/control libzorpll-3.3.0.12/debian/control
--- libzorpll-3.3.0.12/debian/control
+++ libzorpll-3.3.0.12/debian/control
@@ -23,6 +23,8 @@
 Section: libdevel
 Architecture: any
 Depends: libzorpll3.3-0 (= ${binary:Version}), ${misc:Depends}, libglib2.0-dev, libcap-dev [linux-any], libssl-dev
+Breaks: libzorp2-dev
+Replaces: libzorp2-dev
 Description: Low level library functions for Zorp, development files
  Zorp is a new generation firewall. It is essentially a transparent proxy
  firewall, with strict protocol analyzing proxies, a modular architecture,
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#700675: marked as done (pu: package fusionforge/5.0.2-5+squeeze1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #700675,
regarding pu: package fusionforge/5.0.2-5+squeeze1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700675: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700675
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Hi,

there is an upgrade issue from lenny to squeeze:

  Preparing to replace gforge-web-apache2 4.7~rc2-7lenny3 (using 
.../gforge-web-apache2_5.0.2-5_all.deb) ...
  Unpacking replacement gforge-web-apache2 ...
  dpkg: error processing 
/var/cache/apt/archives/gforge-web-apache2_5.0.2-5_all.deb (--unpack):
   trying to overwrite '/usr/share/gforge/www/include/vote_function.php', which 
is also in package gforge-common 4.7~rc2-7lenny3

that should be fixable by adding to gforge-web-apache2
  Breaks/Replaces: gforge-common (<< 4.8)

(verified in snapshot.d.o that the move happened there).


Andreas
diffstat for fusionforge_5.0.2-5 fusionforge_5.0.2-5+squeeze1

 debian/control |2 ++
 fusionforge-5.0.2/debian/changelog |9 +
 2 files changed, 11 insertions(+)

diff -u fusionforge-5.0.2/debian/changelog fusionforge-5.0.2/debian/changelog
--- fusionforge-5.0.2/debian/changelog
+++ fusionforge-5.0.2/debian/changelog
@@ -1,3 +1,12 @@
+fusionforge (5.0.2-5+squeeze1) stable; urgency=low
+
+  * Non-maintainer upload.
+  * gforge-web-apache2: Add Breaks/Replaces: gforge-common (<< 4.8).
+Avoid a file conflict during upgrades from lenny due to files being moved
+around between packages.  (Closes: #696369)
+
+ -- Andreas Beckmann   Sat, 16 Feb 2013 01:03:46 +0100
+
 fusionforge (5.0.2-5) unstable; urgency=low
 
   * Stop trying to copy libcap into chroot, since it's not used by PAM
only in patch2:
unchanged:
--- fusionforge-5.0.2.orig/debian/control
+++ fusionforge-5.0.2/debian/control
@@ -88,6 +88,8 @@
 Recommends: libphp-jpgraph, locales | locales-all
 Provides: gforge-web
 Conflicts: gforge-web
+Breaks: gforge-common (<< 4.8)
+Replaces: gforge-common (<< 4.8)
 Description: collaborative development tool - web part (using Apache)
  FusionForge provides many tools to aid collaboration in a
  development project, such as bug-tracking, task management,
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#700568: marked as done (pu: package poppler/0.12.4-1.2+squeeze1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #700568,
regarding pu: package poppler/0.12.4-1.2+squeeze1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700568: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700568
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I would like to upload a squeeze update for poppler, fixing three CVEs
(which were deemed minor, hence with no dsa), and a crasher bug and a
memory handling issue recently fixed in unstable (and wheezy).

The changes are:
* fix CVE-2010-0206:
  - patch straight from upstream
* fix CVE-2010-0207:
  - patch from upstream adapted to be API-/ABI-compatible, even though
the functions were private
* fix CVE-2010-4653
  - patch from upstream adapted to include Object.h instead of
goo/GooLikely.h (non-existent in poppler 0.12.x)
- fix GooString::insert (#693817)
  - backport the fix
- fix two uninitialized vars in PSOutputDev (#699421)
  - backport the fix

I also added myself as uploader, as I did many months ago.

Let me know whether the proposed change seem okay, and I can upload to
stable.

Thanks,
-- 
Pino
diff -u poppler-0.12.4/debian/changelog poppler-0.12.4/debian/changelog
--- poppler-0.12.4/debian/changelog
+++ poppler-0.12.4/debian/changelog
@@ -1,3 +1,19 @@
+poppler (0.12.4-1.2+squeeze1) stable; urgency=low
+
+  * Add myself as uploader.
+  * Fix CVE-2010-0206.
+  * Fix CVE-2010-0207; patch adapted to be API-/ABI-compatible.
+  * Fix CVE-2010-4653; patch adapted to include object.h instead
+of goo/GooLikely.h (non-existent in poppler 0.12.x).
+  * Backport upstream commits 7ba15d11e56175601104d125d5e4a47619c224bf and
+55940e989701eb9118015e30f4f48eb654fa34c4 to fix GooString::insert;
+patch upstream_fix-GooString-insert.diff. (Closes: #693817)
+  * Correctly initialize PSOutputDev::fontFileNameLen and
+PSOutputDev::psFileNames; patch psoutputdev-initialize-vars.diff.
+(Closes: #699421)
+
+ -- Pino Toscano   Thu, 14 Feb 2013 13:05:25 +0100
+
 poppler (0.12.4-1.2) unstable; urgency=medium
 
   * Non-maintainer upload by the Security Team
diff -u poppler-0.12.4/debian/control poppler-0.12.4/debian/control
--- poppler-0.12.4/debian/control
+++ poppler-0.12.4/debian/control
@@ -4,7 +4,8 @@
 Maintainer: Loic Minier 
 Uploaders: Josselin Mouette ,
Dave Beckett ,
-   Ross Burton 
+   Ross Burton ,
+   Pino Toscano 
 Build-Depends: cdbs (>= 0.4.52),
debhelper (>= 5),
quilt,
diff -u poppler-0.12.4/debian/patches/series poppler-0.12.4/debian/patches/series
--- poppler-0.12.4/debian/patches/series
+++ poppler-0.12.4/debian/patches/series
@@ -4 +4,6 @@
-04_security.patch
\ No newline at end of file
+04_security.patch
+05_CVE-2010-0206.patch
+06_CVE-2010-0207.patch
+07_CVE-2010-4653.patch
+upstream_fix-GooString-insert.diff
+psoutputdev-initialize-vars.diff
only in patch2:
unchanged:
--- poppler-0.12.4.orig/debian/patches/psoutputdev-initialize-vars.diff
+++ poppler-0.12.4/debian/patches/psoutputdev-initialize-vars.diff
@@ -0,0 +1,41 @@
+Author: Pino Toscano 
+Description: initialize PSOutputDev::fontFileNameLen and PSOutputDev::psFileNames
+ Avoid crashing in ~PSOutputDev when the PSOutputDev instance is not "ok".
+Applied-Upstream: not-needed
+Last-Update: 2013-01-31
+Bug-Debian: http://bugs.debian.org/699421
+
+--- a/poppler/PSOutputDev.cc
 b/poppler/PSOutputDev.cc
+@@ -1012,6 +1012,7 @@ PSOutputDev::PSOutputDev(const char *fil
+   fontIDs = NULL;
+   fontFileIDs = NULL;
+   fontFileNames = NULL;
++  fontFileNameLen = 0;
+   font8Info = NULL;
+   font16Enc = NULL;
+   imgIDs = NULL;
+@@ -1022,6 +1023,7 @@ PSOutputDev::PSOutputDev(const char *fil
+   haveTextClip = gFalse;
+   haveCSPattern = gFalse;
+   t3String = NULL;
++  psFileNames = NULL;
+ 
+   forceRasterize = forceRasterizeA;
+ 
+@@ -1077,6 +1079,7 @@ PSOutputDev::PSOutputDev(PSOutputFunc ou
+   fontIDs = NULL;
+   fontFileIDs = NULL;
+   fontFileNames = NULL;
++  fontFileNameLen = 0;
+   font8Info = NULL;
+   font16Enc = NULL;
+   imgIDs = NULL;
+@@ -1087,6 +1090,7 @@ PSOutputDev::PSOutputDev(PSOutputFunc ou
+   haveTextClip = gFalse;
+   haveCSPattern = gFalse;
+   t3String = NULL;
++  psFileNames = NULL;
+ 
+   forceRasterize = forceRasterizeA;
+ 
only in patch2:
unchanged:
--- poppler-0.12.4.orig

Bug#700563: marked as done (pu: package fglrx-driver/10-9-3squeeze1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #700563,
regarding pu: package fglrx-driver/10-9-3squeeze1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700563: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700563
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I'd like to fix some upgrade issues from lenny w.r.t. to the diversion
handling in the non-free fglrx driver packages. #696155
- fglrx-glx-ia32 currently fails to upgrade at all
- fglrx-driver fails to clean up an old diversion (but that failure is
  ignored), which could lead to a missing xorg module

  * fglrx-glx{,-ia32}.preinst: Create diversions on upgrades, too.
  * fglrx-driver.preinst: Move removal of old libdri.so diversion to postinst.
The fglrx-driver package in lenny shipped the diverted file, so on
upgrades from lenny this still exists at the time the preinst is run.
  * fglrx-glx-ia32.postinst: Remove obsolete diversions in /emul/ia32-linux
created by the packages in lenny.

The diversion handling (and cleanup of the historic mess) has been
greatly overhauled for wheezy (src:glx-alternatives), so there are
no fixes that could be directly cherry-picked from wheezy's packages.

For the versioning I won't add a '+' to ensure the fglrx-source package
will continue to work nicely.

Package passes install test in squeeze and lenny->squeeze upgrade test.


Andreas
diffstat for fglrx-driver-10-9 fglrx-driver-10-9

 changelog   |   12 
 fglrx-driver.postinst   |4 
 fglrx-driver.preinst|4 
 fglrx-glx-ia32.postinst |3 +++
 fglrx-glx-ia32.preinst  |2 +-
 fglrx-glx.preinst   |2 +-
 6 files changed, 21 insertions(+), 6 deletions(-)

diff -Nru fglrx-driver-10-9/debian/changelog fglrx-driver-10-9/debian/changelog
--- fglrx-driver-10-9/debian/changelog	2010-09-25 10:39:47.0 +0200
+++ fglrx-driver-10-9/debian/changelog	2013-02-14 11:05:44.0 +0100
@@ -1,3 +1,15 @@
+fglrx-driver (1:10-9-3squeeze1) stable; urgency=low
+
+  * Fix upgrades from lenny:  (Closes: #696155)
+  * fglrx-glx{,-ia32}.preinst: Create diversions on upgrades, too.
+  * fglrx-driver.preinst: Move removal of old libdri.so diversion to postinst.
+The fglrx-driver package in lenny shipped the diverted file, so on
+upgrades from lenny this still exists at the time the preinst is run.
+  * fglrx-glx-ia32.postinst: Remove obsolete diversions in /emul/ia32-linux
+created by the packages in lenny.
+
+ -- Andreas Beckmann   Thu, 14 Feb 2013 05:01:43 +0100
+
 fglrx-driver (1:10-9-3) unstable; urgency=high
 
   * Avoid attempting to build dkms modules for virtual linux-image packages
diff -Nru fglrx-driver-10-9/debian/fglrx-driver.postinst fglrx-driver-10-9/debian/fglrx-driver.postinst
--- fglrx-driver-10-9/debian/fglrx-driver.postinst	2010-09-25 10:39:48.0 +0200
+++ fglrx-driver-10-9/debian/fglrx-driver.postinst	2013-02-14 05:08:19.0 +0100
@@ -31,6 +31,10 @@
 			mv_conffile /etc/fglrxrc   /etc/ati/fglrxrc
 			mv_conffile /etc/fglrxprofiles.csv /etc/ati/fglrxprofiles.csv
 		fi
+		# Delete old diversion.
+		if [ -f /usr/lib/fglrx/diversions/libdri.so ] ; then
+			dpkg-divert --package fglrx-driver --rename --remove /usr/lib/xorg/modules/extensions/libdri.so || true
+		fi
 		# Update /etc/default/fglrx-driver based on debconf.
 		if [ -f /etc/default/fglrx-driver ] ; then
 			db_get fglrx-driver/acpi_switch
diff -Nru fglrx-driver-10-9/debian/fglrx-driver.preinst fglrx-driver-10-9/debian/fglrx-driver.preinst
--- fglrx-driver-10-9/debian/fglrx-driver.preinst	2010-09-25 10:39:48.0 +0200
+++ fglrx-driver-10-9/debian/fglrx-driver.preinst	2013-02-14 05:08:22.0 +0100
@@ -34,10 +34,6 @@
 		# Add new diversions.
 		mkdir -p /usr/lib/fglrx/diversions
 		dpkg-divert --package fglrx-driver --divert /usr/lib/fglrx/diversions/libglx.so --rename /usr/lib/xorg/modules/extensions/libglx.so
-		# Delete old diversion.
-		if [ -f /usr/lib/fglrx/diversions/libdri.so ] ; then
-			dpkg-divert --package fglrx-driver --rename --remove /usr/lib/xorg/modules/extensions/libdri.so || true
-		fi
 ;;
 esac
 
diff -Nru fglrx-driver-10-9/debian/fglrx-glx-ia32.postinst fglrx-driver-10-9/debian/fglrx-glx-ia32.postinst
--- fglrx-driver-10-9/debian/fglrx-glx-ia32.postinst	2010-09-25 10:39:48.00

Bug#700528: marked as done (pu: package bugzilla/3.6.2.0-4.6)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #700528,
regarding pu: package bugzilla/3.6.2.0-4.6
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700528: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700528
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Hi,

bugzilla cannot be installed out of the box because it is missing URI.pm
(in liburi-perl). Adding the dependency is a trivial fix.

  * bugzilla3: Add Depends: liburi-perl. URI.pm is used during package
configuration.  (Closes: #646837)

I'm not changing the numbering scheme which already had several
NMU-versioned uploads to stable or stable-security.

Andreas
diffstat for bugzilla-3.6.2.0 bugzilla-3.6.2.0

 changelog |8 
 control   |1 +
 2 files changed, 9 insertions(+)

diff -Nru bugzilla-3.6.2.0/debian/changelog bugzilla-3.6.2.0/debian/changelog
--- bugzilla-3.6.2.0/debian/changelog	2012-01-23 00:34:06.0 +0100
+++ bugzilla-3.6.2.0/debian/changelog	2013-02-13 23:19:54.0 +0100
@@ -1,3 +1,11 @@
+bugzilla (3.6.2.0-4.6) stable; urgency=low
+
+  * Non-maintainer upload.
+  * bugzilla3: Add Depends: liburi-perl. URI.pm is used during package
+configuration.  (Closes: #646837)
+
+ -- Andreas Beckmann   Wed, 13 Feb 2013 23:19:54 +0100
+
 bugzilla (3.6.2.0-4.5) stable; urgency=low
 
   * Non-maintainer upload.
diff -Nru bugzilla-3.6.2.0/debian/control bugzilla-3.6.2.0/debian/control
--- bugzilla-3.6.2.0/debian/control	2010-10-14 10:50:56.0 +0200
+++ bugzilla-3.6.2.0/debian/control	2013-02-13 23:19:45.0 +0100
@@ -23,6 +23,7 @@
  libemail-mime-perl (>= 1.901) | libemail-mime-creator-perl,
  libcgi-pm-perl (>= 3.33),
  libdbd-mysql-perl (>= 1.56-2) | libdbd-pg-perl, 
+ liburi-perl,
  apache2 | httpd,
  exim4 | mail-transport-agent,
  ucf (>= 0.08), patch, dbconfig-common (>= 1.8.27),
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#700523: marked as done (pu: package nautilus/2.30.1-2squeeze2)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #700523,
regarding pu: package nautilus/2.30.1-2squeeze2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700523: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700523
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Hi,

while rerunning piuparts upgrade tests from lenny to squeeze I noticed
an error dist-upgrading with nautilus-share installed (#698775).

Further analysis shows that this is a problem in lenny's apt (and thus
unfixable there), but we can break the dependency chain that makes apt
loop between holding back and upgrading some packages by adding another
Breaks: in a higher scoring library package.

  * libnautilus-extension1: Add Breaks: samba-common (<< 2:3.5) to fix an
upgrade path from lenny involving nautilus-share where lenny's apt would
fail with "Error, pkgProblemResolver::Resolve generated breaks, this may
be caused by held packages.".  (Closes: #698775)

The Breaks does not have side effects:
 samba-common | 2:3.5.6~dfsg-3squeeze8 | squeeze   | all
 samba-common | 2:3.5.6~dfsg-3squeeze9 | squeeze-p-u   | all
 samba-common | 2:3.5.6~dfsg-3squeeze9 | squeeze-security  | all

I verified with piuparts that this solves the upgrade issue.

Of course this bug is not applicable to wheezy (direct lenny->wheezy
is an unsupported upgrade path) and therefore does not need to be
fixed there (I haven't even tried to reproduce it there).


Andreas
diffstat for nautilus_2.30.1-2squeeze1 nautilus_2.30.1-2squeeze2

 changelog  |   10 ++
 control|1 +
 control.in |1 +
 3 files changed, 12 insertions(+)

diff -u nautilus-2.30.1/debian/control nautilus-2.30.1/debian/control
--- nautilus-2.30.1/debian/control
+++ nautilus-2.30.1/debian/control
@@ -118,6 +118,7 @@
 nautilus-gksu (<< 2.0.2-2+b1),
 nautilus-actions (<< 1.4.1-1+b1),
 nautilus-share (<< 0.7.2-4+b1),
+samba-common (<< 2:3.5),
 seahorse-plugins (<< 2.24.1-3+b1)
 Replaces: libnautilus2-2
 Description: libraries for nautilus components - runtime version
diff -u nautilus-2.30.1/debian/changelog nautilus-2.30.1/debian/changelog
--- nautilus-2.30.1/debian/changelog
+++ nautilus-2.30.1/debian/changelog
@@ -1,3 +1,13 @@
+nautilus (2.30.1-2squeeze2) stable; urgency=low
+
+  * Non-maintainer upload.
+  * libnautilus-extension1: Add Breaks: samba-common (<< 2:3.5) to fix an
+upgrade path from lenny involving nautilus-share where lenny's apt would
+fail with "Error, pkgProblemResolver::Resolve generated breaks, this may
+be caused by held packages.".  (Closes: #698775)
+
+ -- Andreas Beckmann   Wed, 13 Feb 2013 21:47:49 +0100
+
 nautilus (2.30.1-2squeeze1) stable; urgency=low
 
   * 15_nautilus_file_peek_crash.patch: stolen from upstream git. Fix a 
diff -u nautilus-2.30.1/debian/control.in nautilus-2.30.1/debian/control.in
--- nautilus-2.30.1/debian/control.in
+++ nautilus-2.30.1/debian/control.in
@@ -113,6 +113,7 @@
 nautilus-gksu (<< 2.0.2-2+b1),
 nautilus-actions (<< 1.4.1-1+b1),
 nautilus-share (<< 0.7.2-4+b1),
+samba-common (<< 2:3.5),
 seahorse-plugins (<< 2.24.1-3+b1)
 Replaces: libnautilus2-2
 Description: libraries for nautilus components - runtime version
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#700393: marked as done (pu: package sdic/2.1.3-19+squeeze1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #700393,
regarding pu: package sdic/2.1.3-19+squeeze1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700393: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700393
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I'd like to cherry-pick one trivial fix from wheezy
(introduced in 2.1.3-21):

  * sdic-gene95: Move bzip2 suggestion to Depends. (closes: #675321)

sdic-gene95/squeeze fails to install if bunzip2 is missing:

  Setting up sdic-gene95 (2.1.3-19) ...
  You need /bin/bunzip2.
  dpkg: error processing sdic-gene95 (--configure):
   subprocess installed post-installation script returned error exit status 1

Getting this fixed in squeeze-pu will simplify future archive-wide
install and upgrade tests.

Andreas
diffstat for sdic_2.1.3-19 sdic_2.1.3-19+squeeze1

 changelog |7 +++
 control   |4 ++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff -u sdic-2.1.3/debian/control sdic-2.1.3/debian/control
--- sdic-2.1.3/debian/control
+++ sdic-2.1.3/debian/control
@@ -15,9 +15,9 @@
 
 Package: sdic-gene95
 Architecture: all
-Depends: ${misc:Depends}, ${perl:Depends}, wget, nkf, netcat-traditional | netcat
+Depends: ${misc:Depends}, ${perl:Depends}, wget, nkf, netcat-traditional | netcat, bzip2
 Recommends: sdic, sufary
-Suggests: bzip2, kakasi
+Suggests: kakasi
 Description: installer for GENE95 dictionaries for sdic
  This package installs the GENE95 English-Japanese
  dictionary for use with sdic.
diff -u sdic-2.1.3/debian/changelog sdic-2.1.3/debian/changelog
--- sdic-2.1.3/debian/changelog
+++ sdic-2.1.3/debian/changelog
@@ -1,3 +1,10 @@
+sdic (2.1.3-19+squeeze1) stable; urgency=low
+
+  * Non-maintainer upload.
+  * sdic-gene95: Move bzip2 suggestion to Depends. (closes: #675321)
+
+ -- Andreas Beckmann   Tue, 12 Feb 2013 11:20:00 +0100
+
 sdic (2.1.3-19) unstable; urgency=low
 
   * Fix bashism in debian/rules
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#700367: marked as done (pu: package unbound/1.4.6-1+squeeze3)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #700367,
regarding pu: package unbound/1.4.6-1+squeeze3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700367: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700367
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

hi,

i'd like to upload unbound 1.4.6-1+squeeze3 to stable to fix #697351.
since the release of squeeze D.ROOT-SERVERS.NET has had its IPv4 address
changed, and an IPv6 address added.  (i believe there is precedent for
an updated package in stable to update DNS root server hints in [0].)

the debdiff is attached.

[0] 
http://packages.debian.org/changelogs/pool/main/b/bind9/current/changelog#version1:9.3.4-2etch2

-- 
Robert Edmonds
edmo...@debian.org
diff -u unbound-1.4.6/debian/changelog unbound-1.4.6/debian/changelog
--- unbound-1.4.6/debian/changelog
+++ unbound-1.4.6/debian/changelog
@@ -1,3 +1,9 @@
+unbound (1.4.6-1+squeeze3) stable; urgency=low
+
+  * Update IP address hints for D.ROOT-SERVERS.NET.
+
+ -- Robert S. Edmonds   Mon, 11 Feb 2013 21:52:49 -0500
+
 unbound (1.4.6-1+squeeze2) squeeze-security; urgency=high
 
   * Apply patch from upstream to fix DNSSEC-related crashes
diff -u unbound-1.4.6/debian/patches/series unbound-1.4.6/debian/patches/series
--- unbound-1.4.6/debian/patches/series
+++ unbound-1.4.6/debian/patches/series
@@ -4,0 +5 @@
+40_D_root
only in patch2:
unchanged:
--- unbound-1.4.6.orig/debian/patches/40_D_root
+++ unbound-1.4.6/debian/patches/40_D_root
@@ -0,0 +1,34 @@
+From 32f138fdd0ed569c324a6c4f1f7d6a796407f4bd Mon Sep 17 00:00:00 2001
+From: "Robert S. Edmonds" 
+Date: Mon, 11 Feb 2013 21:49:08 -0500
+Subject: [PATCH] iterator/iter_hints.c: update hint addresses for
+ D.ROOT-SERVERS.NET
+
+---
+ iterator/iter_hints.c |3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/iterator/iter_hints.c b/iterator/iter_hints.c
+index d896d68..38c1fb9 100644
+--- a/iterator/iter_hints.c
 b/iterator/iter_hints.c
+@@ -119,7 +119,7 @@ compile_time_root_prime(struct regional* r, int do_ip4, 
int do_ip6)
+   if(!ah(dp, r, "A.ROOT-SERVERS.NET.", "198.41.0.4")) return 0;
+   if(!ah(dp, r, "B.ROOT-SERVERS.NET.", "192.228.79.201")) return 0;
+   if(!ah(dp, r, "C.ROOT-SERVERS.NET.", "192.33.4.12"))return 0;
+-  if(!ah(dp, r, "D.ROOT-SERVERS.NET.", "128.8.10.90"))return 0;
++  if(!ah(dp, r, "D.ROOT-SERVERS.NET.", "199.7.91.13"))return 0;
+   if(!ah(dp, r, "E.ROOT-SERVERS.NET.", "192.203.230.10")) return 0;
+   if(!ah(dp, r, "F.ROOT-SERVERS.NET.", "192.5.5.241"))return 0;
+   if(!ah(dp, r, "G.ROOT-SERVERS.NET.", "192.112.36.4"))   return 0;
+@@ -132,6 +132,7 @@ compile_time_root_prime(struct regional* r, int do_ip4, 
int do_ip6)
+   }
+   if(do_ip6) {
+   if(!ah(dp, r, "A.ROOT-SERVERS.NET.", "2001:503:ba3e::2:30")) return 0;
++  if(!ah(dp, r, "D.ROOT-SERVERS.NET.", "2001:500:2d::d")) return 0;
+   if(!ah(dp, r, "F.ROOT-SERVERS.NET.", "2001:500:2f::f")) return 0;
+   if(!ah(dp, r, "H.ROOT-SERVERS.NET.", "2001:500:1::803f:235")) return 0;
+   if(!ah(dp, r, "I.ROOT-SERVERS.NET.", "2001:7fe::53")) return 0;
+-- 
+1.7.10.4
+


signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#700401: marked as done (pu: package gmime2.2/2.2.25-2+squeeze1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #700401,
regarding pu: package gmime2.2/2.2.25-2+squeeze1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700401: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700401
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I'd like to get a small update into squeeze-pu to fix an upgrade problem
from lenny. All that is needed is adding a Conflicts on a package that
was removed after lenny (and is also not provided as a virtual package):

  * libgmime-2.0-2a: Add Conflicts: libgmime2.2-cil to ensure the obsolete
package from lenny that is incompatible with mono-gac/squeeze gets removed
on upgrades.  (Closes: #696375)

(libgmime2.2-cil was previously built from src:gmime2.2)

Upgrades from lenny to squeeze with libgmime2.2-cil installed currently
fail with:

  Setting up mono-gac (2.6.7-5.1) ...
  * Installing 1 assembly from libglib2.0-cil into Mono
  * Installing 1 assembly from libgmime2.2-cil into Mono
  E: installing Assembly /usr/lib/cli/gmime-sharp-2.2/gmime-sharp.dll failed
  E: Installation of libgmime2.2-cil with /usr/share/cli-common/runtimes.d/mono 
failed
  dpkg: error processing mono-gac (--configure):

My proposed change may not work for all partial upgrade corner cases
(that would probably require adding the conflict to mono-gac), but I
verified that it works fine on apt-get dist-upgrade.

That fix is not applicable to wheezy or sid as we don't support direct
upgrades from lenny to squeeze+x and I do not see a way to build a valid
(as in "all installed packages are configured, all dependencies are
satisfied, nothing is broken") squeeze system with the ancient
libgmime2.2-cil/lenny still installed that could be upgraded to wheezy.


Andreas
diffstat for gmime2.2_2.2.25-2 gmime2.2_2.2.25-2+squeeze1

 changelog  |9 +
 control|2 +-
 control.in |2 +-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff -u gmime2.2-2.2.25/debian/changelog gmime2.2-2.2.25/debian/changelog
--- gmime2.2-2.2.25/debian/changelog
+++ gmime2.2-2.2.25/debian/changelog
@@ -1,3 +1,12 @@
+gmime2.2 (2.2.25-2+squeeze1) stable; urgency=low
+
+  * Non-maintainer upload.
+  * libgmime-2.0-2a: Add Conflicts: libgmime2.2-cil to ensure the obsolete
+package from lenny that is incompatible with mono-gac/squeeze gets removed
+on upgrades.  (Closes: #696375)
+
+ -- Andreas Beckmann   Tue, 12 Feb 2013 12:18:25 +0100
+
 gmime2.2 (2.2.25-2) unstable; urgency=low
 
   * Drop libgmime2.2a-cil.
diff -u gmime2.2-2.2.25/debian/control gmime2.2-2.2.25/debian/control
--- gmime2.2-2.2.25/debian/control
+++ gmime2.2-2.2.25/debian/control
@@ -46,7 +46,7 @@
 Package: libgmime-2.0-2a
 Architecture: any
 Depends: ${shlibs:Depends}
-Conflicts: libgmime2, libgmime2.1, libgmime-2.0-2 (<= 2.2.18-1)
+Conflicts: libgmime2, libgmime2.1, libgmime-2.0-2 (<= 2.2.18-1), libgmime2.2-cil
 Replaces: libgmime2, libgmime2.1, libgmime-2.0-2 (<= 2.2.18-1)
 Description: MIME library
  GMime is a set of utilities for parsing and creating messages using
diff -u gmime2.2-2.2.25/debian/control.in gmime2.2-2.2.25/debian/control.in
--- gmime2.2-2.2.25/debian/control.in
+++ gmime2.2-2.2.25/debian/control.in
@@ -41,7 +41,7 @@
 Package: libgmime-2.0-2a
 Architecture: any
 Depends: ${shlibs:Depends}
-Conflicts: libgmime2, libgmime2.1, libgmime-2.0-2 (<= 2.2.18-1)
+Conflicts: libgmime2, libgmime2.1, libgmime-2.0-2 (<= 2.2.18-1), libgmime2.2-cil
 Replaces: libgmime2, libgmime2.1, libgmime-2.0-2 (<= 2.2.18-1)
 Description: MIME library
  GMime is a set of utilities for parsing and creating messages using
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#700277: marked as done (pu: package kfreebsd-8/8.1+dfsg-8+squeeze4)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #700277,
regarding pu: package kfreebsd-8/8.1+dfsg-8+squeeze4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700277: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700277
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: debian-...@lists.debian.org

Dear Release Team,

Please would it possible to fix #694096 / CVE-2012-4576 via
stable-proposed-updates.  It affects the linux.ko kernel module which is
shipped but not normally loaded/used.  This was already fixed in testing
via sid, and without a DSA.

A debdiff is attached of the changes staged in the glibc-bsd packaging
SVN;  I would ask a DD on the team to upload this if approved.

Thank you.

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: kfreebsd-amd64 (x86_64)

Kernel: kFreeBSD 9.0-2-amd64-xenhvm
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u kfreebsd-8-8.1+dfsg/debian/changelog 
kfreebsd-8-8.1+dfsg/debian/changelog
--- kfreebsd-8-8.1+dfsg/debian/changelog
+++ kfreebsd-8-8.1+dfsg/debian/changelog
@@ -1,3 +1,12 @@
+kfreebsd-8 (8.1+dfsg-8+squeeze4) stable-proposed-updates; urgency=low
+
+  [ Steven Chamberlain ]
+  * Apply patch for SA-12:08 / CVE-2012-4576:
+memory access without proper validation in linux compat system
+(Closes: #694096)
+
+ -- GNU/kFreeBSD Maintainers   Sun, 10 Feb 2013 
19:30:43 +
+
 kfreebsd-8 (8.1+dfsg-8+squeeze3) stable-security; urgency=medium
 
   [ Steven Chamberlain ]
diff -u kfreebsd-8-8.1+dfsg/debian/patches/series 
kfreebsd-8-8.1+dfsg/debian/patches/series
--- kfreebsd-8-8.1+dfsg/debian/patches/series
+++ kfreebsd-8-8.1+dfsg/debian/patches/series
@@ -44,0 +45 @@
+SA-12_08.linux.patch
only in patch2:
unchanged:
--- kfreebsd-8-8.1+dfsg.orig/debian/patches/SA-12_08.linux.patch
+++ kfreebsd-8-8.1+dfsg/debian/patches/SA-12_08.linux.patch
@@ -0,0 +1,16 @@
+Index: kfreebsd-8-8.1+dfsg/sys/compat/linux/linux_ioctl.c
+===
+--- kfreebsd-8-8.1+dfsg.orig/sys/compat/linux/linux_ioctl.c2009-09-17 
12:03:37.0 +0100
 kfreebsd-8-8.1+dfsg/sys/compat/linux/linux_ioctl.c 2013-02-10 
19:26:12.136388557 +
+@@ -2228,8 +2228,9 @@
+ 
+   ifc.ifc_len = valid_len; 
+   sbuf_finish(sb);
+-  memcpy(PTRIN(ifc.ifc_buf), sbuf_data(sb), ifc.ifc_len);
+-  error = copyout(&ifc, uifc, sizeof(ifc));
++  error = copyout(sbuf_data(sb), PTRIN(ifc.ifc_buf), ifc.ifc_len);
++  if (error == 0)
++  error = copyout(&ifc, uifc, sizeof(ifc));
+   sbuf_delete(sb);
+   CURVNET_RESTORE();
+ 
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#700251: marked as done (pu: package libproc-processtable-perl/0.45-1+squeeze1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #700251,
regarding pu: package libproc-processtable-perl/0.45-1+squeeze1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700251: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700251
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Hi

I prepared a patch for libproc-processtable-perl (the same as for the
upload to unstable) to fix #650500: CVE-2011-4363, to fix unsafe use
of temporary file. There is no DSA for this.

 https://security-tracker.debian.org/tracker/CVE-2011-4363
 
The debdiff contains a debian/gbp.conf (if needed I can remove it).
This was added to ease the work in the pkg-perl git repos on that
branch.

Do the changes look ok for an upload via stable-proposed-updates for
stable? The fix did not yet migrate to testing (I had just uploaded
the fix to unstable). So it would be same ok to wait for that before
proceeding.

Regards,
Salvatore
diff -u libproc-processtable-perl-0.45/debian/changelog libproc-processtable-perl-0.45/debian/changelog
--- libproc-processtable-perl-0.45/debian/changelog
+++ libproc-processtable-perl-0.45/debian/changelog
@@ -1,3 +1,10 @@
+libproc-processtable-perl (0.45-1+squeeze1) stable; urgency=low
+
+  * Team upload.
+  * [SECURITY] CVE-2011-4363: Fix unsafe temporary file usage (Closes: #650500)
+
+ -- Salvatore Bonaccorso   Sun, 10 Feb 2013 16:16:41 +0100
+
 libproc-processtable-perl (0.45-1) unstable; urgency=low
 
   * New upstream release.
only in patch2:
unchanged:
--- libproc-processtable-perl-0.45.orig/ProcessTable.pm
+++ libproc-processtable-perl-0.45/ProcessTable.pm
@@ -4,6 +4,7 @@
 
 use strict;
 use Carp;
+use Fcntl;
 use vars qw($VERSION @ISA @EXPORT @EXPORT_OK $AUTOLOAD);
 
 require Exporter;
@@ -109,7 +110,11 @@
 $self->_get_tty_list;
 my $old_umask = umask;
 umask 022;
-Storable::store(\%Proc::ProcessTable::TTYDEVS, $TTYDEVSFILE);
+
+sysopen( my $ttydevs_fh, $TTYDEVSFILE, O_WRONLY | O_EXCL | O_CREAT )
+or die "$TTYDEVSFILE was created by other process";
+Storable::store_fd( \%Proc::ProcessTable::TTYDEVS, $ttydevs_fh );
+close $ttydevs_fh;
 umask $old_umask;
   }
 }
only in patch2:
unchanged:
--- libproc-processtable-perl-0.45.orig/debian/gbp.conf
+++ libproc-processtable-perl-0.45/debian/gbp.conf
@@ -0,0 +1,2 @@
+[DEFAULT]
+debian-branch = squeeze
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#700079: marked as done (pu: package dtach/0.8-2)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #700079,
regarding pu: package dtach/0.8-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700079: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700079
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu


Dear RMs,

Please accept this stable upload for #625302

CVE-2012-3368 random text sent on window close

The patch is the same as in 0.8-2.1:

[2012-07-07] dtach 0.8-2.1 MIGRATED to testing (Britney)

Thanks,

Stefan

-- System Information:
Debian Release: 6.0.6
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-xen-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
diff -u dtach-0.8/debian/changelog dtach-0.8/debian/changelog
--- dtach-0.8/debian/changelog
+++ dtach-0.8/debian/changelog
@@ -1,3 +1,9 @@
+dtach (0.8-2+squeeze1) stable; urgency=low
+
+  * Fix CVE-2012-3368: properly handle close request (Closes: #625302).
+
+ -- Stefan Völkel   Thu, 07 Feb 2013 17:04:48 +0100
+
 dtach (0.8-2) unstable; urgency=low
 
   * Updated to Policy version 3.8.1
only in patch2:
unchanged:
--- dtach-0.8.orig/attach.c
+++ dtach-0.8/attach.c
@@ -237,12 +237,16 @@
 		/* stdin activity */
 		if (n > 0 && FD_ISSET(0, &readfds))
 		{
+			ssize_t l;
+
 			pkt.type = MSG_PUSH;
 			memset(pkt.u.buf, 0, sizeof(pkt.u.buf));
-			pkt.len = read(0, pkt.u.buf, sizeof(pkt.u.buf));
+			l = read(0, pkt.u.buf, sizeof(pkt.u.buf));
 
-			if (pkt.len <= 0)
+			if (l <= 0)
 exit(1);
+
+			pkt.len = l;
 			process_kbd(s, &pkt);
 			n--;
 		}
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#699696: marked as done (pu: package libpam-shield/0.9.2-3.2)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #699696,
regarding pu: package libpam-shield/0.9.2-3.2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
699696: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699696
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
X-Debbugs-CC: j...@debian.org
User: release.debian@packages.debian.org
Usertags: pu
Severity: normal

Release team--

I would like to request an update to the libpam-shield package in
squeeze. Attached is a debdiff fixing bug 658830. This bug prevents
the package from working at all in its default configuration. Since
this package is intended to provide a security function, Jonathan
Wiltshire has suggested an update in stable [0] and has offered to
sponsor the upload if the change is accepted. Candidate CVE is
CVE-2012-2350 [1].

The diff is a minimal change for this bug only. It is identical to
0.9.2-3.3 in testing, with the exception of targeting stable.

Thanks.

[0] http://prsc.debian.net/tracker/658830/
[1] https://security-tracker.debian.org/tracker/CVE-2012-2350


pam-shield_0.9.2-3.2-to-3.3+squeeze1.debdiff
Description: Binary data
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#699228: marked as done (pu: package snack/2.2.10-dfsg1-9+squeeze1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #699228,
regarding pu: package snack/2.2.10-dfsg1-9+squeeze1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
699228: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699228
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Hi!

I'd like to upload snack/2.2.10-dfsg1-9+squeeze1 which fixes CVE-2012-6303 to
stable. The original bug is
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695614
It was fixed in unstable and testing via NMU. This proposed upload includes
the same patch (attached).

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.5-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Index: debian/patches/CVE-2012-6303.patch
===
--- debian/patches/CVE-2012-6303.patch	(revision 0)
+++ debian/patches/CVE-2012-6303.patch	(revision 0)
@@ -0,0 +1,18 @@
+--- snack-2.2.10-dfsg1/generic/jkSoundFile.c	2005-12-14 12:29:38.0 +0100
 snack-2.2.10-dfsg1+karcher/generic/jkSoundFile.c	2013-01-02 00:29:56.836287036 +0100
+@@ -1796,7 +1796,14 @@
+ GetHeaderBytes(Sound *s, Tcl_Interp *interp, Tcl_Channel ch, char *buf, 
+ 	   int len)
+ {
+-  int rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead);
++  int rlen;
++
++  if (len > max(CHANNEL_HEADER_BUFFER, HEADBUF)){
++Tcl_AppendResult(interp, "Excessive header size", NULL);
++return TCL_ERROR;
++  }
++
++  rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead);
+ 
+   if (rlen < len - s->firstNRead){
+ Tcl_AppendResult(interp, "Failed reading header bytes", NULL);
Index: debian/patches/series
===
--- debian/patches/series	(revision 979)
+++ debian/patches/series	(working copy)
@@ -1,2 +1,3 @@
 alsa.patch
 glibc2.10.patch
+CVE-2012-6303.patch
Index: debian/changelog
===
--- debian/changelog	(revision 979)
+++ debian/changelog	(working copy)
@@ -1,3 +1,9 @@
+snack (2.2.10-dfsg1-9+squeeze1) stable; urgency=low
+
+  * Included patch by Michael Karcher to fix CVE-2012-6303.
+
+ -- Sergei Golovan   Thu, 29 Oct 2009 21:58:50 +0300
+
 snack (2.2.10-dfsg1-9) unstable; urgency=low
 
   * Added patch which makes snack build with glibc 2.10 (closes: #548641).
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#700163: marked as done (pu: package openssh/1:5.5p1-6+squeeze3)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #700163,
regarding pu: package openssh/1:5.5p1-6+squeeze3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700163: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700163
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

I'd like to upload to stable to fix #700102.  (Actually I've already
uploaded this because I forgot I was supposed to ask first - whoops - so
it's in a queue somewhere already.)  This is a DoS fix, but since a
member of the security team (CCed) reported it and requested an upload
to stable, I assume they don't think it's worth issuing a DSA.

Here's the diff.

diff -Nru openssh-5.5p1/debian/changelog openssh-5.5p1/debian/changelog
--- openssh-5.5p1/debian/changelog  2012-02-20 15:18:05.0 +
+++ openssh-5.5p1/debian/changelog  2013-02-08 21:39:18.0 +
@@ -1,3 +1,10 @@
+openssh (1:5.5p1-6+squeeze3) stable; urgency=low
+
+  * CVE-2010-5107: Improve DoS resistance by changing default of MaxStartups
+to 10:30:100 (closes: #700102).
+
+ -- Colin Watson   Fri, 08 Feb 2013 21:39:15 +
+
 openssh (1:5.5p1-6+squeeze2) stable; urgency=high
 
   * CVE-2012-0814: Don't send the actual forced command in a debug message,
diff -Nru openssh-5.5p1/debian/patches/max-startups-default.patch 
openssh-5.5p1/debian/patches/max-startups-default.patch
--- openssh-5.5p1/debian/patches/max-startups-default.patch 1970-01-01 
01:00:00.0 +0100
+++ openssh-5.5p1/debian/patches/max-startups-default.patch 2013-02-08 
21:36:08.0 +
@@ -0,0 +1,57 @@
+Description: Change default of MaxStartups to 10:30:100
+ This causes sshd to start doing random early drop at 10 connections up to
+ 100 connections.  This will make it harder to DoS as CPUs have come a long
+ way since the original value was set back in 2000.
+Author: Darren Tucker
+Origin: 
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234
+Origin: 
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156
+Origin: 
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89
+Bug-Debian: http://bugs.debian.org/700102
+Forwarded: not-needed
+Last-Update: 2013-02-08
+
+Index: b/servconf.c
+===
+--- a/servconf.c
 b/servconf.c
+@@ -249,11 +249,11 @@
+   if (options->gateway_ports == -1)
+   options->gateway_ports = 0;
+   if (options->max_startups == -1)
+-  options->max_startups = 10;
++  options->max_startups = 100;
+   if (options->max_startups_rate == -1)
+-  options->max_startups_rate = 100;   /* 100% */
++  options->max_startups_rate = 30;/* 30% */
+   if (options->max_startups_begin == -1)
+-  options->max_startups_begin = options->max_startups;
++  options->max_startups_begin = 10;
+   if (options->max_authtries == -1)
+   options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
+   if (options->max_sessions == -1)
+Index: b/sshd_config
+===
+--- a/sshd_config
 b/sshd_config
+@@ -102,7 +102,7 @@
+ #ClientAliveCountMax 3
+ #UseDNS yes
+ #PidFile /var/run/sshd.pid
+-#MaxStartups 10
++#MaxStartups 10:30:100
+ #PermitTunnel no
+ #ChrootDirectory none
+ 
+Index: b/sshd_config.5
+===
+--- a/sshd_config.5
 b/sshd_config.5
+@@ -672,7 +672,7 @@
+ Additional connections will be dropped until authentication succeeds or the
+ .Cm LoginGraceTime
+ expires for a connection.
+-The default is 10.
++The default is 10:30:100.
+ .Pp
+ Alternatively, random early drop can be enabled by specifying
+ the three colon separated values
diff -Nru openssh-5.5p1/debian/patches/series 
openssh-5.5p1/debian/patches/series
--- openssh-5.5p1/debian/patches/series 2012-02-20 02:22:06.0 +
+++ openssh-5.5p1/debian/patches/series 2013-02-08 21:36:03.0 +
@@ -29,6 +29,7 @@
 
 # Security fixes
 forced-command-debug-security.patch
+max-startups-default.patch
 
 # Versioning
 package-versioning.patch

Thanks,

-- 
Colin Watson   [cjwat..

Bug#698621: marked as done (pu: package swath/0.4.0-4)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #698621,
regarding pu: package swath/0.4.0-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
698621: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698621
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

swath has got a trivial security fix, addressing Bug #698189, which the
security team considers trivial enough to upload to stable-proposed-updates.
(See the quoted conversation below.)

The prepared upload can be found here:

  http://linux.thai.net/~thep/debs/swath-squeeze/swath_0.4.0-4+squeeze1.dsc

The debdiff is also attached for your review.


On Mon, Jan 21, 2013 at 4:14 PM, Yves-Alexis Perez  wrote:
> On lun., 2013-01-21 at 15:56 +0700, Theppitak Karoonboonyanan wrote:
>> Dear security team,
>>
>> I have been reported a potential buffer overflow vulnerability in
>> swath,
>> which allows shell injection via long command-line argument:
>>
>>   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698189
>>
>> The exploit is not known yet, but the report is already public
>> (in the bug log).
>>
>> Both stable (0.4.0-4) and testing/unstable (0.4.3-2) versions are
>> affected.
>>
>> For testing/unstable, the fix has been uploaded (0.4.3-3).
>> For stable, I have prepared the deb for your review here:
>>
>>   http://linux.thai.net/~thep/debs/swath-squeeze/swath_0.4.0-4
>> +squeeze1.dsc
>>
>> The debdiff is also attached.
>
> Thanks for the report. It doesn't look bad enough to warrant a DSA imho.
> Can you please ask release team for a stable upload? I'll contact
> oss-sec to have a CVE assigned.
>
> Regards,
> --
> Yves-Alexis


-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=th_TH.utf8, LC_CTYPE=th_TH.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru swath-0.4.0/debian/changelog swath-0.4.0/debian/changelog
--- swath-0.4.0/debian/changelog2010-01-14 15:24:18.0 +0700
+++ swath-0.4.0/debian/changelog2013-01-21 16:26:19.0 +0700
@@ -1,3 +1,11 @@
+swath (0.4.0-4+squeeze1) stable; urgency=high
+
+  * debian/patches/01_buffer-overflow.patch: backport patch from upstream
+to fix potential buffer overflow in Mule mode.
+Thanks Dominik Maier for the report. (Closes: #698189)
+
+ -- Theppitak Karoonboonyanan   Mon, 21 Jan 2013 15:03:30 
+0700
+
 swath (0.4.0-4) unstable; urgency=low
 
   * debian/rules: Fix failure to build twice in a row:
diff -Nru swath-0.4.0/debian/patches/01_buffer-overflow.patch 
swath-0.4.0/debian/patches/01_buffer-overflow.patch
--- swath-0.4.0/debian/patches/01_buffer-overflow.patch 1970-01-01 
07:00:00.0 +0700
+++ swath-0.4.0/debian/patches/01_buffer-overflow.patch 2013-01-21 
16:26:19.0 +0700
@@ -0,0 +1,22 @@
+Author: Theppitak Karoonboonyanan 
+Description: Fix potential buffer overflow
+Origin: backport, 
http://linux.thai.net/websvn/wsvn/software.swath/trunk?op=revision&rev=238&peg=238
+Bug-Debian: http://bugs.debian.org/698189
+
+Index: swath/src/wordseg.cpp
+===
+--- swath.orig/src/wordseg.cpp 2013-01-21 13:19:24.261886743 +0700
 swath/src/wordseg.cpp  2013-01-21 13:20:31.693890376 +0700
+@@ -253,11 +253,7 @@
+ }
+ delete FltX;
+   }else{
+-char stopstr[20];
+-if (muleMode)
+-  strcpy(stopstr,wbr);
+-else
+-  stopstr[0]='\0';
++const char *stopstr = muleMode ? wbr : "";
+ for (;;) { // read until end of file.
+   if (mode == 0) printf("Input : ");
+   for (i = 0; ((c = fgetc(tmpin)) != '\n')
diff -Nru swath-0.4.0/debian/patches/series swath-0.4.0/debian/patches/series
--- swath-0.4.0/debian/patches/series   1970-01-01 07:00:00.0 +0700
+++ swath-0.4.0/debian/patches/series   2013-01-21 16:26:19.0 +0700
@@ -0,0 +1 @@
+01_buffer-overflow.patch
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#699552: marked as done (pu: package maradns/1.4.03-1.1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #699552,
regarding pu: package maradns/1.4.03-1.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
699552: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699552
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Dear RMs,

Please accept this stable upload to fix #665012
(CVE-2012-1570: maradns deleted domain record cache persistance flaw). It is
an NMU as part of the PRSC effort.

The patch comes from upstream and is a direct copy of the original fix in
unstable.

 maradns-1.4.03/debian/changelog |8 
 server/recursive.c  |8 ++--
 2 files changed, 14 insertions(+), 2 deletions(-)

Thanks.

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u maradns-1.4.03/debian/changelog maradns-1.4.03/debian/changelog
--- maradns-1.4.03/debian/changelog
+++ maradns-1.4.03/debian/changelog
@@ -1,3 +1,11 @@
+maradns (1.4.03-1.1+squeeze1) stable; urgency=low
+
+  * Non-maintainer upload.
+  * Backport fix from upstream for CVE-2012-1570 (deleted domain record
+cache persistence flaw). Closes: #665012
+
+ -- Jonathan Wiltshire   Fri, 01 Feb 2013 16:31:00 +
+
 maradns (1.4.03-1.1) unstable; urgency=high
 
   * Non-maintainer upload by the Security Team
only in patch2:
unchanged:
--- maradns-1.4.03.orig/server/recursive.c
+++ maradns-1.4.03/server/recursive.c
@@ -1370,6 +1370,10 @@
 ttl = js_readuint32(server_reply,offset);
 if(ttl == JS_ERROR)
 return JS_ERROR;
+if(ttl < 20)
+ttl = 20;
+if(ttl > 86400) /* One day; Ghost domain fix */
+ttl = 86400;
 offset += 4;
 /* Get the rdlength of the SOA record */
 rdlength = js_readuint16(server_reply,offset);
@@ -2019,8 +2023,8 @@
problems that Franky reported */
 if(ttl < 20)
 ttl = 20;
-if(ttl > 63072000) /* Two years */
-ttl = 63072000;
+if(ttl > 86400) /* One day; Ghost domain fix */
+ttl = 86400;
 /* If this is a CNAME answer then we don't store it for over
  * 15 minutes */
 if(ttl > 900 && cname_original_record != 0)
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#697563: marked as done (pu: package swi-prolog/5.10.1-1+b1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #697563,
regarding pu: package swi-prolog/5.10.1-1+b1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
697563: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697563
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

The version of swi-prolog in squeeze has two unfixed minor security
vulnerabilities, buffer overflows CVE-2012-6089 and CVE-2012-6090,
bug #697416. The security team decided that there will be no DSA for
those issues. It was proposed to fix those issues via stable updates.

The proposed debdiff is attached. The new version adds two patches
taken from RedHat bugzilla (one refreshed) and changes the Maintainer
field in debian/control.

Regards,
Eugeniy Meshcheryakov

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.7-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=uk_UA.UTF-8, LC_CTYPE=uk_UA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru swi-prolog-5.10.1/debian/changelog swi-prolog-5.10.1/debian/changelog
--- swi-prolog-5.10.1/debian/changelog	2010-08-02 07:01:49.0 +0200
+++ swi-prolog-5.10.1/debian/changelog	2013-01-07 00:07:27.0 +0100
@@ -1,3 +1,14 @@
+swi-prolog (5.10.1-2) stable; urgency=low
+
+  * Update Maintainer field in debian/control 
+  * New patches (taken from RedHat bugzilla, closes: #697416):
+- CVE-2012-6089.diff - fix for CVE-2012-6089 - possible buffer overrun in
+  path canonisation code 
+- CVE-2012-6090.diff - fix for CVE-2012-6090 - Possible buffer overflows
+  when expanding file-names with long paths 
+
+ -- Євгеній Мещеряков   Mon, 07 Jan 2013 00:02:00 +0100
+
 swi-prolog (5.10.1-1) unstable; urgency=low
 
   * New upstream release.
diff -Nru swi-prolog-5.10.1/debian/control swi-prolog-5.10.1/debian/control
--- swi-prolog-5.10.1/debian/control	2010-08-02 07:01:49.0 +0200
+++ swi-prolog-5.10.1/debian/control	2013-01-07 00:07:27.0 +0100
@@ -1,7 +1,7 @@
 Source: swi-prolog
 Section: interpreters
 Priority: optional
-Maintainer: Chris Lamb 
+Maintainer: Євгеній Мещеряков 
 Build-Depends: debhelper (>= 5), autoconf, autotools-dev, libncurses5-dev, libreadline-dev, libgmp3-dev, libjpeg-dev, libx11-dev, libxpm-dev, libxt-dev, x11proto-core-dev, chrpath, unixodbc-dev, openjdk-6-jdk [alpha amd64 armel i386 ia64 mips mipsel powerpc s390 sparc], libxft-dev, libxext-dev, libice-dev, libxinerama-dev
 Standards-Version: 3.9.1
 Vcs-Git: git://git.chris-lamb.co.uk/debian/pkg-swi-prolog.git
diff -Nru swi-prolog-5.10.1/debian/patches/CVE-2012-6089.diff swi-prolog-5.10.1/debian/patches/CVE-2012-6089.diff
--- swi-prolog-5.10.1/debian/patches/CVE-2012-6089.diff	1970-01-01 01:00:00.0 +0100
+++ swi-prolog-5.10.1/debian/patches/CVE-2012-6089.diff	2013-01-07 00:07:27.0 +0100
@@ -0,0 +1,90 @@
+From 6149f39ada50f7ebc6b0cb7756490a0fea967bd1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= 
+Date: Fri, 4 Jan 2013 13:33:11 +0100
+Subject: [PATCH 1/2] Fix CVE-2012-6089
+
+Upstream fix ported to 5.10.2:
+
+From a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c Mon Sep 17 00:00:00 2001
+From: Jan Wielemaker 
+Date: Sun, 16 Dec 2012 18:13:17 +0100
+Subject: [PATCH] FIXED: Possible buffer overrun in patch canonisation code.
+
+Pushes pointers on an automatic array without checking for overflow.
+Can be used for DoS attacks.  Will be extremely hard to make it execute
+arbitrary code.
+---
+ src/pl-buffer.h |  2 ++
+ src/pl-os.c | 19 +++
+ 2 files changed, 13 insertions(+), 8 deletions(-)
+
+--- a/src/pl-buffer.h
 b/src/pl-buffer.h
+@@ -79,6 +79,8 @@
+   sizeof((b)->static_buffer))
+ #define emptyBuffer(b)   ((b)->top  = (b)->base)
+ #define isEmptyBuffer(b) ((b)->top == (b)->base)
++#define popBuffer(b,type) \
++	((b)->top -= sizeof(type), *(type*)(b)->top)
+ 
+ #define discardBuffer(b) \
+ 	do \
+--- a/src/pl-os.c
 b/src/pl-os.c
+@@ -1078,8 +1078,7 @@
+ char *
+ canoniseFileName(char *path)
+ { char *out = path, *in = path, *start = path;
+-  char *osave[100];
+-  int  osavep = 0;
++  tmp_buffer saveb;
+ 
+ #ifdef O_HASDRIVES			/* C: */
+   if ( in[1] == ':' && isLetter(in[0]) )
+@@ -1107,7 +1

Bug#697798: marked as done (pu: package bind9/1:9.7.3.dfsg-1~squeeze9)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #697798,
regarding pu: package bind9/1:9.7.3.dfsg-1~squeeze9
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
697798: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697798
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

d.root-servers.net changed IP addresses 2013-01-03, the old IP will go
away in "about 6 months".

lamont
=
diff --git a/debian/changelog b/debian/changelog
index 13f278e..2ef9801 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+bind9 (1:9.7.3.dfsg-1~squeeze9) squeeze-proposed-updates; urgency=low
+
+  * Update db.root with new IP for D.root-servers.net.  Closes: #697352
+
+ -- LaMont Jones   Tue, 08 Jan 2013 07:07:02 -0700
+
 bind9 (1:9.7.3.dfsg-1~squeeze8) squeeze-security; urgency=high
 
   * Apply patch extracted from 9.7.6-P4 to fix CVE-2012-5166
diff --git a/debian/db.root b/debian/db.root
index d081faa..6c19741 100644
--- a/debian/db.root
+++ b/debian/db.root
@@ -9,8 +9,8 @@
 ;   on server   FTP.INTERNIC.NET
 ;   -OR-RS.INTERNIC.NET
 ;
-;   last update:Jun 17, 2010
-;   related version of root zone:   2010061700
+;   last update:Jan 3, 2013
+;   related version of root zone:   2013010300
 ;
 ; formerly NS.INTERNIC.NET
 ;
@@ -31,7 +31,8 @@ C.ROOT-SERVERS.NET.  360  A 192.33.4.12
 ; FORMERLY TERP.UMD.EDU
 ;
 .360  NSD.ROOT-SERVERS.NET.
-D.ROOT-SERVERS.NET.  360  A 128.8.10.90
+D.ROOT-SERVERS.NET.  360  A 199.7.91.13
+D.ROOT-SERVERS.NET. 360    2001:500:2D::D
 ;
 ; FORMERLY NS.NASA.GOV
 ;
=


-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#697434: marked as done (pu: package gzip/1.3.12-9+deb6u0)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #697434,
regarding pu: package gzip/1.3.12-9+deb6u0
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
697434: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697434
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

I would like to upload a patched version of gzip to fix #627121
(grave; use of memcpy with overlapping memory regions).

This bug was fixed in gzip/1.4-1 by upstream changes; looking at the
upstream ChangeLog[1], only a single file (inflate.c) was affected[2].

I have attached the relevant source debdiff.

~Niels

[1] 
http://git.gag.com/?p=debian/gzip;a=blobdiff;f=ChangeLog;h=f1f25ab210301c783ce32d17c1457a7550d909f3;hp=6b61a98984c0a578fd0224f1f3b8b2c5ffe1e26a;hb=a2016c1de6e4884f6c8ed5cc498f3bf821c25ca4;hpb=c7e61475680fa226bd9b8bdd469cd66914e630f5

[2] The last chunck of:
http://git.gag.com/?p=debian/gzip;a=blobdiff;f=inflate.c;h=75353e2d72b50f0fb48d51a5ef6498d324dbf901;hp=b72c187ee38315c604b236357bee2d33f030f299;hb=a2016c1de6e4884f6c8ed5cc498f3bf821c25ca4;hpb=c7e61475680fa226bd9b8bdd469cd66914e630f5
diff -u gzip-1.3.12/inflate.c gzip-1.3.12/inflate.c
--- gzip-1.3.12/inflate.c
+++ gzip-1.3.12/inflate.c
@@ -595,7 +595,8 @@
   do {
 n -= (e = (e = WSIZE - ((d &= WSIZE-1) > w ? d : w)) > n ? n : e);
 #if !defined(NOMEMCPY) && !defined(DEBUG)
-if (w - d >= e) /* (this test assumes unsigned comparison) */
+unsigned int delta = w > d ? w - d : d - w;
+if (delta >= e)
 {
   memcpy(slide + w, slide + d, e);
   w += e;
diff -u gzip-1.3.12/debian/changelog gzip-1.3.12/debian/changelog
--- gzip-1.3.12/debian/changelog
+++ gzip-1.3.12/debian/changelog
@@ -1,3 +1,11 @@
+gzip (1.3.12-9+deb6u0) UNRELEASED; urgency=low
+
+  * Non-maintainer upload to stable.
+  * Backport upstream patch to avoid using memcpy on overlapping
+memory regions.  (Closes: #627121)
+
+ -- Niels Thykier   Sat, 05 Jan 2013 11:31:24 +0100
+
 gzip (1.3.12-9) unstable; urgency=high
 
   * fix applied for CVE-2010-0001 which identified an integer underflow when 
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#696158: marked as done (pu: package mediawiki/1:1.15.5-2squeeze5)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #696158,
regarding pu: package mediawiki/1:1.15.5-2squeeze5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
696158: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696158
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: release.debian.org
Severity: normal
X-Debbugs-CC: Dominik George , 
pkg-mediawiki-de...@lists.alioth.debian.org

User: release.debian@packages.debian.org
Usertags: pu

Hi,

This is the companion upload for 1:1.19.3-1 recently in Wheezy, to fix 
security bugs. Debdiff attached.


The security team have stated that they do not want to do a DSA.

Thanks,

--
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

 i have six years of solaris sysadmin experience, from
8->10. i am well qualified to say it is made from bonghits
layered on top of bonghits
diff -Nru mediawiki-1.15.5/debian/changelog mediawiki-1.15.5/debian/changelog
--- mediawiki-1.15.5/debian/changelog   2012-01-21 21:08:01.0 +
+++ mediawiki-1.15.5/debian/changelog   2012-12-16 17:54:27.0 +
@@ -1,3 +1,12 @@
+mediawiki (1:1.15.5-2squeeze5) stable; urgency=low
+
+  [ Dominik George ]
+  * Security fixes from upstream (Closes: #694998):
+- CVE-2012-5391 - Prevent session fixation in Special:UserLogin
+- Prevent linker regex from exceeding backtrack limit
+
+ -- Jonathan Wiltshire   Sun, 16 Dec 2012 17:53:38 +
+
 mediawiki (1:1.15.5-2squeeze4) stable; urgency=low
 
   * Disable CVE-2011-4360.patch, it causes ugly error messages in certain
diff -Nru mediawiki-1.15.5/debian/patches/CVE-2012-5391.patch 
mediawiki-1.15.5/debian/patches/CVE-2012-5391.patch
--- mediawiki-1.15.5/debian/patches/CVE-2012-5391.patch 1970-01-01 
01:00:00.0 +0100
+++ mediawiki-1.15.5/debian/patches/CVE-2012-5391.patch 2012-12-16 
15:34:48.0 +
@@ -0,0 +1,33 @@
+Description: Prevent session fixation in Special:UserLogin (CVE-2012-5391)
+ Sessions id's in the default MediaWiki authentication are not refreshed on
+ login or logout. An attacker can use this to impersonate a user.
+Author: Chris Steipp 
+Origin: upstream, https://gerrit.wikimedia.org/r/#/c/36079/
+Bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=40995
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694998
+Reviewed-by: Dominik George 
+--- a/includes/specials/SpecialUserlogin.php
 b/includes/specials/SpecialUserlogin.php
+@@ -591,6 +591,8 @@
+   global $wgLang, $wgRequest;
+   $code = $wgRequest->getVal( 'uselang', 
$wgUser->getOption( 'language' ) );
+   $wgLang = Language::factory( $code );
++// Reset SessionID on Successful 
login (bug 40995)
++$this->renewSessionId();
+   return $this->successfulLogin();
+   } else {
+   return $this->cookieRedirectCheck( 
'login' );
+@@ -1062,6 +1064,13 @@
+   $wgRequest->setSessionData( 'wsCreateaccountToken', null );
+   }
+ 
++/**
++ * Renew the user's session id
++ */
++private function renewSessionId() {
++session_regenerate_id( false );
++}
++
+   /**
+* @private
+*/
diff -Nru mediawiki-1.15.5/debian/patches/pcre-linker-backtrack.patch 
mediawiki-1.15.5/debian/patches/pcre-linker-backtrack.patch
--- mediawiki-1.15.5/debian/patches/pcre-linker-backtrack.patch 1970-01-01 
01:00:00.0 +0100
+++ mediawiki-1.15.5/debian/patches/pcre-linker-backtrack.patch 2012-12-16 
16:40:44.0 +
@@ -0,0 +1,48 @@
+Description: Prevent linker regex from exceeding PCRE backtrack limit
+Author: Chris Steipp 
+Origin: upstream
+Bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=41400
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694998
+Reviewed-by: Dominik George 
+--- a/includes/Linker.php
 b/includes/Linker.php
+@@ -1297,7 +1297,18 @@
+*/
+   public function formatLinksInComment( $comment ) {
+   return preg_replace_callback(

Bug#696735: marked as done (pu: package xen/4.0.1-5.5 -> -5.6 (fix for Xen clock bug: #599161))

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #696735,
regarding pu: package xen/4.0.1-5.5 -> -5.6 (fix for Xen clock bug: #599161)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
696735: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696735
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

I have prepared an update for Xen for Stable, with the previous agreement
of Guido, who takes care of Xen updates in Debian Stable (Waldi doesn't
seem to care about Debian stable). The debdiff is here:
http://archive.gplhost.com/debian/pool/squeeze/main/x/xen/xen_4.0.1-5.6.debdiff

This fixes #599161 which is a 2 years lasting entry in our BTS.

I also attached it to this mail for a quicker reference. All built binaries
and sources are also available on this Debian (source) repository.

Let me explain shortly what the problem is (or was, since I have the fix).
If you don't care, or have no time, you may skip the explanations, which
aren't that important (after all, the fix is only 3 lines of ASM...).

--- comments start ---
Root of the problem:
My understanding is that due to compiler optimization the assembly code
that was inlined in Xen was wrong in the case of a double call, leading
to the Xen guests having an offset with the clock in the Xen dom0. See
patch descroption for more info.

Not working solution:
Setting-up the ntp daemon in the domU is unfortunately useless in Squeeze,
because the only available clock source is "Xen" and there is no support
for "independent wallclock". So, after the ntp daemon starts, it may
simply crash, and sooner or later, the domU clock gets back to its
original offset (which wasn't really predictable from server to server,
but seemed to be consistent after rebooting dom0 and domU).

Rebooting a Xen server dom0 and all domUs doesn't fix it either.
Surprisingly, all domUs get back to their original clock offsets.

Tests I did:
I have installed the built binaries in my test server (the one which
hosts the guest OS on which I was always uploading to SID, with the
clock being 10 minutes early in that domU...), and as far as I can
tell, the issue is gone on this server. I haven't upgraded all of
GPLHost servers with this patch, but so far, it's working well, and
also fixes the issues in various servers which had the problem.

Finaly:
So, at the end, the only way to fix this (very long lasting) but is to
apply the upstream patch which shows in the debdiff attached to this bug.

As you may imagine, having a correct "virtualized hardware clock source"
is overly important for any Xen user. So I believe this patch is very
important.
--- comments end ---

Please let me know if you accept that I upload this into
squeeze-proposed-updates.

Cheers,

Thomas Goirand (zigo)
diff -Nru xen-4.0.1/debian/changelog xen-4.0.1/debian/changelog
--- xen-4.0.1/debian/changelog	2012-12-06 15:50:48.0 +
+++ xen-4.0.1/debian/changelog	2012-12-26 13:49:06.0 +
@@ -1,3 +1,13 @@
+xen (4.0.1-5.6) stable-proposed-updates; urgency=low
+
+  * Non-maintainer upload, previously discussed with Guido.
+  * Fixes Xen clock long standing issue, eg: fix scale_delta() inline assembly,
+  causing domU offset and possibly leading to crashes (Closes: #599161). Thanks
+  to Ian Campbell  for forwarding the patch to the Debian
+  BTS, and Jan Beulich  for working on an upstream patch.
+
+ -- Thomas Goirand   Wed, 26 Dec 2012 13:18:34 +
+
 xen (4.0.1-5.5) stable-security; urgency=high
 
   * Apply fix for Xen Security Advisory 5 (CVE-2011-3131)
diff -Nru xen-4.0.1/debian/control.md5sum xen-4.0.1/debian/control.md5sum
--- xen-4.0.1/debian/control.md5sum	2012-12-06 15:54:45.0 +
+++ xen-4.0.1/debian/control.md5sum	2012-12-26 13:50:53.0 +
@@ -1,4 +1,4 @@
-468e1c871ad35052319caa1f5d159124  debian/changelog
+ec687758337647fba126272a85e6ab09  debian/changelog
 24f2598a23e30264aea4a983d5d19eec  debian/bin/gencontrol.py
 ee1ccd7bf0932a81ca221cab08347614  debian/templates/control.hypervisor.in
 e4335ab10e217a12328cdf123473ed37  debian/templates/control.main.in
diff -Nru xen-4.0.1/debian/patches/series xen-4.0.1/debian/patches/series
--- xen-4.0.1/debian/patches/series	2012-12-06 15:47:19.0 +
+++ xen-4.0.1/debian/patches/series	2012-12-26 13:26:09.0 +
@@ -87,3 +87,5 @@
 CVE-2012-5

Bug#696778: marked as done (pu: package portmidi/1:184-2)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #696778,
regarding pu: package portmidi/1:184-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
696778: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696778
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Hi,

after having fixed #695842 in unstable (BTW, thanks for the 
unblock!) I'be glad to see the same bug fixed in Squeeze too.

I'm attaching a debdiff, thanks for considering.

Regards,

-- 
Alessio Treglia  | www.alessiotreglia.com
Debian Developer | ales...@debian.org
Ubuntu Core Developer| quadris...@ubuntu.com
0416 0004 A827 6E40 BB98 90FB E8A4 8AE5 311D 765A
diff -u portmidi-184/debian/changelog portmidi-184/debian/changelog
--- portmidi-184/debian/changelog
+++ portmidi-184/debian/changelog
@@ -1,3 +1,16 @@
+portmidi (1:184-2+squeeze0.1) stable; urgency=low
+
+  * Non-maintainer upload.
+  * debian/patches/11-pmlinuxalsa.patch:
+- Avoid SIGSEGV when it receives data for devices which
+  might have already been closed. (Closes: #695842)
+- Fix some other pointer issues:
+  + alsa_in_close() didn't clear midi-descriptor.
+  + Some other uses of midi->descriptor didn't do NULL-check of
+the pointer.
+
+ -- Alessio Treglia   Thu, 27 Dec 2012 02:03:12 +
+
 portmidi (1:184-2) unstable; urgency=low
 
   * Add -lpthread to ALSALIB (closes: #556070) 
diff -u portmidi-184/debian/patches/series portmidi-184/debian/patches/series
--- portmidi-184/debian/patches/series
+++ portmidi-184/debian/patches/series
@@ -8,0 +9 @@
+11-pmlinuxalsa.patch
only in patch2:
unchanged:
--- portmidi-184.orig/debian/patches/11-pmlinuxalsa.patch
+++ portmidi-184/debian/patches/11-pmlinuxalsa.patch
@@ -0,0 +1,70 @@
+Subject: Prevent SIGSEGV on handling events for already closed devices.
+Bug: http://sourceforge.net/apps/trac/portmedia/ticket/3
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695842
+Bug-Ubuntu: https://launchpad.net/bugs/1073484
+Applied-Upstream: yes
+---
+ pm_linux/pmlinuxalsa.c |   10 ++
+ 1 file changed, 10 insertions(+)
+
+--- portmidi-184.orig/pm_linux/pmlinuxalsa.c
 portmidi-184/pm_linux/pmlinuxalsa.c
+@@ -193,6 +193,7 @@ static PmError alsa_write_byte(PmInterna
+ snd_seq_event_t ev;
+ int err;
+ 
++if (!desc) return pmBadPtr;
+ snd_seq_ev_clear(&ev);
+ if (snd_midi_event_encode_byte(desc->parser, byte, &ev) == 1) {
+ snd_seq_ev_set_dest(&ev, desc->client, desc->port);
+@@ -339,6 +340,7 @@ static PmError alsa_in_close(PmInternal
+ pm_hosterror = snd_seq_delete_port(seq, desc->this_port);
+ }
+ alsa_unuse_queue();
++midi->descriptor = NULL;
+ pm_free(desc);
+ if (pm_hosterror) {
+ get_alsa_error_text(pm_hosterror_text, PM_HOST_ERROR_MSG_LEN, 
+@@ -433,6 +435,7 @@ static PmError alsa_write(PmInternal *mi
+ static PmError alsa_write_flush(PmInternal *midi, PmTimestamp timestamp)
+ {
+ alsa_descriptor_type desc = (alsa_descriptor_type) midi->descriptor;
++if (!desc) return pmBadPtr;
+ VERBOSE printf("snd_seq_drain_output: 0x%x\n", (unsigned int) seq);
+ desc->error = snd_seq_drain_output(seq);
+ if (desc->error < 0) return pmHostError;
+@@ -448,6 +451,7 @@ static PmError alsa_write_short(PmIntern
+ PmMessage msg = event->message;
+ int i;
+ alsa_descriptor_type desc = (alsa_descriptor_type) midi->descriptor;
++if (!desc) return pmBadPtr;
+ for (i = 0; i < bytes; i++) {
+ unsigned char byte = msg;
+ VERBOSE printf("sending 0x%x\n", byte);
+@@ -481,6 +485,10 @@ static void handle_event(snd_seq_event_t
+ {
+ int device_id = ev->dest.port;
+ PmInternal *midi = descriptors[device_id].internalDescriptor;
++/* The device we received events for might have been closed before we
++   processed them. */
++if (!midi)
++return;
+ PmEvent pm_ev;
+ PmTimeProcPtr time_proc = midi->time_proc;
+ PmTimestamp timestamp;
+@@ -650,6 +658,7 @@ static PmError alsa_poll(PmInternal *mid
+ static unsigned int alsa_has_host_error(PmInternal *midi)
+ {
+ alsa_descriptor_type desc = (alsa_descriptor_type) midi->descriptor;
++if (!desc) return 0;
+ return desc->error;
+ }
+ 
+@@ -657,6 +666,7 @@ static unsigned int alsa_has_host_error(
+ static void alsa_ge

Bug#696065: marked as done (pu: package openldap/2.4.23-7.3)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #696065,
regarding pu: package openldap/2.4.23-7.3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
696065: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696065
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I've uploaded an NMU of openldap to DELAYED/7, targetted at stable, to
deal with #665199 (slapd in unstable can't read the data files from
slapd in stable, because the libdb version changed). The fix is to dump
the database in prerm (when upgrading) rather than preinst, so that the
slapcat version which can actually read the database is actually still
on the system. I've tested this in a chroot by installing the package
and upgrading it to the version in wheezy, and that was successful.

It would be good if this could be allowed into stable before the
release, so that upgrades for people using openldap will not fail.

I'll file a separate bug to get the release notes updated as well.

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=nl_BE.UTF-8, LC_CTYPE=nl_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#695956: marked as done (pu: package flashplugin-nonfree/1:2.8.2+squeeze1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #695956,
regarding pu: package flashplugin-nonfree/1:2.8.2+squeeze1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
695956: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695956
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: squeeze

Please consider updating flashplugin-nonfree in squeeze for fixing a security
bug.  Diff attached.  A prepared package is here :
http://people.debian.org/~bartm/flashplugin-nonfree/stable/

diff -ruN ../orig/flashplugin-nonfree-2.8.2/debian/changelog ./debian/changelog
--- ../orig/flashplugin-nonfree-2.8.2/debian/changelog	2010-09-17 21:04:37.0 +0200
+++ ./debian/changelog	2012-12-14 19:05:13.0 +0100
@@ -1,3 +1,11 @@
+flashplugin-nonfree (1:2.8.2+squeeze1) stable; urgency=low
+
+  * update-flashplugin-nonfree: Added use of "gpg --verify" to notice files
+without signature.  Thanks to Ansgar Burchardt for reporting the security
+issue (via private e-mail on 13 Dec 2012).
+
+ -- Bart Martens   Fri, 14 Dec 2012 19:03:40 +0100
+
 flashplugin-nonfree (1:2.8.2) unstable; urgency=low
 
   * Removed "64 bit player temporarily not supported".  Closes: #586273.
diff -ruN ../orig/flashplugin-nonfree-2.8.2/update-flashplugin-nonfree ./update-flashplugin-nonfree
--- ../orig/flashplugin-nonfree-2.8.2/update-flashplugin-nonfree	2010-09-17 20:42:15.0 +0200
+++ ./update-flashplugin-nonfree	2012-12-14 19:06:17.0 +0100
@@ -164,6 +164,8 @@
 		gpg -q --homedir "." --import /usr/lib/flashplugin-nonfree/pubkey.asc > /dev/null 2>&1 \
 			|| die_hard_with_a_cleanup "gpg failed to import /usr/lib/flashplugin-nonfree/pubkey.asc"
 		[ "$verbose" != "yes" ] || echo "verifying PGP $downloadfile ..."
+		gpg -q --homedir "." --verify $downloadfile 2> /dev/null \
+			|| die_hard_with_a_cleanup "gpg rejected signature of $downloadurl"
 		gpg -q --homedir "." < $downloadfile > checksums.txt 2> /dev/null \
 			|| die_hard_with_a_cleanup "gpg rejected signature of $downloadurl"
 
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#695642: marked as done (pu: package magpierss/0.72-8+squeeze2)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #695642,
regarding pu: package magpierss/0.72-8+squeeze2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
695642: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695642
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Tags: squeeze
User: release.debian@packages.debian.org
Usertags: pu


Hi!

Please unblock package magpierss, it fix #694052.
Attached you will find a debdiff.


Cheers.

-- 
Marcelo Jorge Vieira
xmpp:me...@jabber-br.org
http://metaldot.alucinados.com
diff -u magpierss-0.72/debian/control magpierss-0.72/debian/control
--- magpierss-0.72/debian/control
+++ magpierss-0.72/debian/control
@@ -11,8 +11,8 @@
 
 Package: libphp-magpierss
 Architecture: all
-Conflicts: magpierss (<= 0.72-5)
-Replaces: magpierss (<= 0.72-5)
+Conflicts: magpierss (<< 0.72-6)
+Replaces: magpierss (<< 0.72-6)
 Depends:  ${misc:Depends}, php5 | php5-cli, libphp-snoopy
 Description: provides an XML-based RSS parser in PHP
  MagpieRSS is an XML-based RSS parser in PHP.  It attempts to be "PHP-like",
diff -u magpierss-0.72/debian/changelog magpierss-0.72/debian/changelog
--- magpierss-0.72/debian/changelog
+++ magpierss-0.72/debian/changelog
@@ -1,3 +1,9 @@
+magpierss (0.72-8+squeeze2) stable-proposed-updates; urgency=high
+
+  * Fails to upgrade from 'lenny' (Closes: #694052)
+
+ -- Marcelo Jorge Vieira (metal)   Sat, 08 Dec 2012 13:47:28 -0200
+
 magpierss (0.72-8+squeeze1) stable-proposed-updates; urgency=low
 
   * Fixing CVE-2011-0740 (Closes: #611940)


signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#694329: marked as done (pu: package xnecview/1.35-5.2)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #694329,
regarding pu: package xnecview/1.35-5.2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
694329: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694329
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I've uploaded xnecview/1.35-5.2 to fix the old RC bug 621392, which I 
previously already fixed for newer releases.
The debdiff against the version in stable:

diff -u xnecview-1.35/debian/changelog xnecview-1.35/debian/changelog
--- xnecview-1.35/debian/changelog
+++ xnecview-1.35/debian/changelog
@@ -1,3 +1,13 @@
+xnecview (1.35-5.2) stable; urgency=low
+
+  * Non-maintainer upload.
+  * Take my own patch from 1.35-7.1.
+  * R0 is already taken as a register name on armel, rename xnecview's
+constant to DEFFAULTR0.
+Closes: #621392
+
+ -- Evgeni Golov   Sun, 25 Nov 2012 11:47:11 +0100
+
 xnecview (1.35-5.1) unstable; urgency=low
 
   * Non-maintainer upload.
only in patch2:
unchanged:
--- xnecview-1.35.orig/freqplot.c
+++ xnecview-1.35/freqplot.c
@@ -28,7 +28,7 @@
 int plot2_z2=0;  /* show the phi(z)/abs(z) graph? */
 int plot2_dir=0; /* show the direction-of-maximum-gain graph? */
 
-double r0=R0;/* reference impedance for SWR calculation */
+double r0=DEFAULTR0;/* reference impedance for SWR calculation */
 
 
 
only in patch2:
unchanged:
--- xnecview-1.35.orig/config.h
+++ xnecview-1.35/config.h
@@ -57,6 +57,6 @@
 #define XFONT "6x10"   /* font for text in the on-screen drawing */
 #define PSFONT "helvetica" /* font for postscript output (size is derived by 
scaling the X font) */
 
-#define R0  50.0   /* default reference impedance for SWR calculation 
*/
+#define DEFAULTR0  50.0/* default reference impedance for SWR calculation 
*/
 
 #define Polthr (M_SQRT2-1)  /* threshold of axial ratio used in 
polarization-colouring */

Regards
Evgeni

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#691142: marked as done (pu: package moodle/1.9.9.dfsg2-2.1+squeeze4)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #691142,
regarding pu: package moodle/1.9.9.dfsg2-2.1+squeeze4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
691142: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691142
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Hi dear Release Team,

upon ping from Jonathan Wiltshire on #682203, here I am with a proposed stable
update for moodle. The changelog entry would be: 

moodle (1.9.9.dfsg2-2.1+squeeze4) stable; urgency=low

  * Minor security updates.
  * Backporting security fixes from MOODLE_19_STABLE:
- CVE-2012-1155 - MSA-12-0013: database activity module entries exporting
  does not respect separate groups (Closes: #668411).
- CVE-2012-2362 - MSA-12-0033: XSS bug in blog/index.php in IE.
- CVE-2012-2363 - MSA-12-0034: Stored SQL Injection in calendar.
- CVE-2012-2367 - MSA-12-0038: Calendar New Entry still shows and works
  for roles preventing calendar entry. (Closes: #674163)

debdiff and separate patches are attached; they are cherry-picks + quilt
refresh'es of upstream patches in the MOODLE_19_STABLE branch.

FYI, I started to backport the fix for CVE-2012-3398, but I'm not sure it'll
lead to an upload as the fix is quite invasive and doesn't apply cleanly on
the 1.9.9 codebase. Help welcome.

Cheers,

OdyX
diff -Nru moodle-1.9.9.dfsg2/debian/changelog moodle-1.9.9.dfsg2/debian/changelog
--- moodle-1.9.9.dfsg2/debian/changelog	2012-02-29 20:45:39.0 +0100
+++ moodle-1.9.9.dfsg2/debian/changelog	2012-10-22 08:10:11.0 +0200
@@ -1,3 +1,16 @@
+moodle (1.9.9.dfsg2-2.1+squeeze4) stable; urgency=low
+
+  * Minor security updates.
+  * Backporting security fixes from MOODLE_19_STABLE:
+- CVE-2012-1155 - MSA-12-0013: database activity module entries exporting
+  does not respect separate groups (Closes: #668411).
+- CVE-2012-2362 - MSA-12-0033: XSS bug in blog/index.php in IE.
+- CVE-2012-2363 - MSA-12-0034: Stored SQL Injection in calendar.
+- CVE-2012-2367 - MSA-12-0038: Calendar New Entry still shows and works
+  for roles preventing calendar entry. (Closes: #674163)
+
+ -- Didier Raboud   Sun, 21 Oct 2012 14:16:11 +0200
+
 moodle (1.9.9.dfsg2-2.1+squeeze3) stable-security; urgency=low
 
   * Security update based on unstable:
diff -Nru moodle-1.9.9.dfsg2/debian/patches/MSA-12-0013 moodle-1.9.9.dfsg2/debian/patches/MSA-12-0013
--- moodle-1.9.9.dfsg2/debian/patches/MSA-12-0013	1970-01-01 01:00:00.0 +0100
+++ moodle-1.9.9.dfsg2/debian/patches/MSA-12-0013	2012-10-21 14:34:54.0 +0200
@@ -0,0 +1,45 @@
+commit 312ada2856cfb79d03ac6effe11dd750f2aa67f0
+Author: Adrian Greeve 
+Date:   Tue Jan 31 12:09:30 2012 +0800
+
+MDL-25185 - data - Allowing data from the database to be exported according to group roles.
+
+diff --git a/mod/data/export.php b/mod/data/export.php
+index 6ac914e..edea566 100644
+--- a/mod/data/export.php
 b/mod/data/export.php
+@@ -60,6 +60,7 @@ if($mform->is_cancelled()) {
+ print_header_simple($data->name, '', $nav,
+ '', '', true, update_module_button($cm->id, $course->id, get_string('modulename', 'data')),
+ navmenu($course, $cm), '', '');
++groups_print_activity_menu($cm, "$CFG->wwwroot/mod/data/export.php?d=$d");
+ print_heading(format_string($data->name));
+ 
+ // these are for the tab display
+@@ -83,13 +84,25 @@ foreach($fields as $key => $field) {
+ $exportdata[0][] = $field->field->name;
+ }
+ }
++$groupid = groups_get_activity_group($cm);
+ 
+ $datarecords = get_records('data_records', 'dataid', $data->id);
+ ksort($datarecords);
+ $line = 1;
+ foreach($datarecords as $record) {
+ // get content indexed by fieldid
+-if( $content = get_records('data_content', 'recordid', $record->id, 'fieldid', 'fieldid, content, content1, content2, content3, content4') ) {
++if($groupid) {
++$select = "SELECT c.fieldid, c.content, c.content1, c.content2, c.content3, c.content4 
++FROM {$CFG->prefix}data_content c, {$CFG->prefix}data_records r 
++WHERE c.recordid = $record->id  
++AND r.id = c.recordid 
++AND r.groupid = $groupid";
++} else {
++$select = "SELECT fieldid, content, content1, content2, content3, content4 
++FROM {$CFG->prefix}

Bug#691885: marked as done (pu: package libbusiness-onlinepayment-ippay-perl/0.05~02-2+squeeze1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #691885,
regarding pu: package libbusiness-onlinepayment-ippay-perl/0.05~02-2+squeeze1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
691885: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691885
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

We'd like to update libbusiness-onlinepayment-ippay-perl in squeeze
because of #691723: change gateway server name and path.

I've prepared an update for 0.05~02-2 that includes the backported
changes (kindly provided by Ivan Kohler). Debdiff attached.

Please advise on how to proceed.


Thanks,
gregor

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQkBF4AAoJELs6aAGGSaoGGkQP/2h2FwdcqdO1Y4y6FvMT6S0x
U3MI7q8wjTQuBLYE2BfnCKMmkJ9a+hNmvizCYK9IEtqxpVO5OCO+AM7rBn9xI+8Y
7sHpQYCUJdNiT6/xTWyIbmoi+60Wvs5lDVcmJp5eOkS3mYOuCOQWpEfWfgiFeOp3
Ok/Lh8l7ZzLiKDLHi89hPXV3N+TERnrofIFt8/svKAHUl8GMcwWNmXAyNwdXix4G
fKex0VqGhiymCosOYjpeKfNxqNJxNCoGkaFmdNHs0UeIx+NAIEEurE87Mk64Y8Lz
fHVc77TlehXvpdtrQcZOTrnxbnTIwc1idS1UBnnVGPPCZyYZc36qGQNZY8hzb7lX
lTJm4fhFFkxhEZ2BRvHl3jwdSIi5dP9YZNMv1lhtW58imW0ELuf295hUtSWDvcer
4wpaCCbU++YHPh4fMZS3asKNbZJFsce7lTApCciiFvJ6LV3KO0Iy2f3UU7jcoO9T
D0iOM62TAHrxsArkIQ2vYtBpEIeUC3UAoYMlSfJsLnXEQR3doR/ItLNv7TbLFsXh
DN2ThRp/ipSESbDBQWTbecXqKNvg105Bs5Uo6AzRjjYxa9yBwXyEOimXp4W49NBA
I6Fgd0si2+2huCbgBYVt/NBVxLpTvCBZodrHYxjH9iYOIJjT2sRPcSv77EO8vaGa
jhU02DvrdFuyPiEJH91p
=PYqe
-END PGP SIGNATURE-
diff -u libbusiness-onlinepayment-ippay-perl-0.05~02/debian/changelog libbusiness-onlinepayment-ippay-perl-0.05~02/debian/changelog
--- libbusiness-onlinepayment-ippay-perl-0.05~02/debian/changelog
+++ libbusiness-onlinepayment-ippay-perl-0.05~02/debian/changelog
@@ -1,3 +1,11 @@
+libbusiness-onlinepayment-ippay-perl (0.05~02-2+squeeze1) stable-proposed-updates; urgency=low
+
+  * Team upload.
+  * Backport changes to IPPay gateway's server name and path. Thanks to
+Ivan Kohler for preparing the backport. (Closes: #691723)
+
+ -- gregor herrmann   Tue, 30 Oct 2012 18:31:33 +0100
+
 libbusiness-onlinepayment-ippay-perl (0.05~02-2) unstable; urgency=low
 
   * Take over for the Debian Perl Group
only in patch2:
unchanged:
--- libbusiness-onlinepayment-ippay-perl-0.05~02.orig/IPPay.pm
+++ libbusiness-onlinepayment-ippay-perl-0.05~02/IPPay.pm
@@ -45,9 +45,9 @@
 my %opts = @_;
 
 # standard B::OP methods/data
-$self->server('gateway17.jetpay.com') unless $self->server;
+$self->server('gtwy.ippay.com') unless $self->server;
 $self->port('443') unless $self->port;
-$self->path('/jetpay') unless $self->path;
+$self->path('/ippay') unless $self->path;
 
 $self->build_subs(qw( order_number avs_code cvv2_response
   response_page response_code response_headers
@@ -209,16 +209,13 @@
   foreach ( keys ( %{($self->{_defaults})} ) ) {
 $content{$_} = $self->{_defaults}->{$_} unless exists($content{$_});
   }
+  if ($self->test_transaction()) {
+$content{'login'} = 'TESTTERMINAL';
+  }
   $self->content(%content);
 
   $self->required_fields(@required_fields);
 
-  if ($self->test_transaction()) {
-$self->server('test1.jetpay.com');
-$self->port('443');
-$self->path('/jetpay');
-  }
-
   my $transaction_id = $content{'order_number'};
   unless ($transaction_id) {
 my ($page, $server_response, %headers) = $self->https_get('dummy' => 1);
@@ -381,7 +378,7 @@
 if (  exists($response->{ActionCode}) && !exists($response->{ErrMsg})) {
   $self->error_message($response->{ResponseText});
 }else{
-  $self->error_message($response->{Errmsg});
+  $self->error_message($response->{ErrMsg});
 }
 #  }else{
 #$self->error_message("Server Failed");
@@ -567,6 +564,9 @@
 
 =head1 COMPATIBILITY
 
+Debian version 0.05~02-2+squeeze1 (upstream version 0.07) changes the server name and
+path for IPPay's late 2012 update.
+
 Business::OnlinePayment::IPPay uses IPPay XML Product Specifications version
 1.1.2.
 
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#689602: marked as done (pu: package dbus/1.2.24-4+squeeze2)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #689602,
regarding pu: package dbus/1.2.24-4+squeeze2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
689602: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689602
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

CVE-2012-3524 (#689070) is a local root privilege escalation vulnerability
when setuid-root applications use libdbus without first sanitizing their
caller-supplied environment via a whitelist. Applications thought to be
exploitable include Xorg via the setuid /usr/bin/X if using libhal (so for us,
kFreeBSD but not Linux), and perhaps su/sudo if libpam-systemd or
libpam-ck-connector is used. I wasn't able to exploit libpam-ck-connector
under a squeeze VM, but perhaps I'm doing it wrong.

D-Bus upstream consensus is that it is an application bug to use any
non-trivial library in a setuid application without first clearing the
caller-supplied environment; but having said that, hardening libdbus
against applications with this bug seems wise.

When I asked for security team feedback on #689070, they requested that I
send this to stable via s-p-u.

This is basically the same as the t-p-u option in #689148, but with the
patches adjusted for the older libdbus in stable.

May I upload? I have source+i386 ready to go; proposed debdiff attached.

Regards,
S

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'unstable'), (500, 
'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diffstat for dbus-1.2.24 dbus-1.2.24

 changelog   |   12 
 patches/0001-CVE-2012-3524-Don-t-access-environment-variables-or-.patch |  213 ++
 patches/0002-hardening-Ensure-_dbus_check_setuid-is-initialized-t.patch |   36 +
 patches/0003-hardening-Remove-activation-helper-handling-for-DBUS.patch |   57 ++
 patches/0004-activation-helper-Ensure-DBUS_STARTER_ADDRESS-is-set.patch |   66 +++
 patches/series  |4 
 6 files changed, 388 insertions(+)

diff -Nru dbus-1.2.24/debian/changelog dbus-1.2.24/debian/changelog
--- dbus-1.2.24/debian/changelog	2011-06-14 20:09:38.0 +0100
+++ dbus-1.2.24/debian/changelog	2012-10-04 08:47:17.0 +0100
@@ -1,3 +1,15 @@
+dbus (1.2.24-4+squeeze2) stable; urgency=low
+
+  * CVE-2012-3524: apply patches from upstream 1.6.6 to avoid arbitrary
+code execution in setuid/setgid binaries that incorrectly use libdbus
+without first sanitizing the environment variables inherited from
+their less-privileged caller (Closes: #689070).
+- As per upstream 1.6.8, do not check filesystem capabilities for now,
+  only setuid/setgid, fixing regressions in certain configurations of
+  gnome-keyring
+
+ -- Simon McVittie   Thu, 04 Oct 2012 08:47:10 +0100
+
 dbus (1.2.24-4+squeeze1) stable; urgency=low
 
   * Update Vcs-* control fields to reflect the move to git
diff -Nru dbus-1.2.24/debian/patches/0001-CVE-2012-3524-Don-t-access-environment-variables-or-.patch dbus-1.2.24/debian/patches/0001-CVE-2012-3524-Don-t-access-environment-variables-or-.patch
--- dbus-1.2.24/debian/patches/0001-CVE-2012-3524-Don-t-access-environment-variables-or-.patch	1970-01-01 01:00:00.0 +0100
+++ dbus-1.2.24/debian/patches/0001-CVE-2012-3524-Don-t-access-environment-variables-or-.patch	2012-10-04 08:47:17.0 +0100
@@ -0,0 +1,213 @@
+From: Colin Walters 
+Date: Wed, 22 Aug 2012 10:03:34 -0400
+Subject: [PATCH 1/5] CVE-2012-3524: Don't access environment variables or run
+ dbus-launch when setuid
+
+This matches a corresponding change in GLib.  See
+glib/gutils.c:g_check_setuid().
+
+Some programs attempt to use libdbus when setuid; notably the X.org
+server is shipped in such a configuration. libdbus never had an
+explicit policy about its use in setuid programs.
+
+I'm not sure whether we should advertise such support.  However, given
+that there are real-world programs that do this currently, we can make
+them safer with not too much eff

Bug#690552: marked as done (pu: package clive/2.2.13-5+squeeze5)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #690552,
regarding pu: package clive/2.2.13-5+squeeze5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
690552: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690552
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I prepared an update for clive. It adapts clive to changes on youtube.com; the
problem and patch are basically the same as #688972 in libquvi-scripts.

Ansgar
diff -Nru clive-2.2.13/debian/changelog clive-2.2.13/debian/changelog
--- clive-2.2.13/debian/changelog	2012-01-28 10:42:30.0 +
+++ clive-2.2.13/debian/changelog	2012-10-15 13:15:48.0 +
@@ -1,3 +1,10 @@
+clive (2.2.13-5+squeeze5) squeeze; urgency=low
+
+  * Adapt for youtube.com changes.
++ new patch: 688972-youtube.diff
+
+ -- Ansgar Burchardt   Mon, 15 Oct 2012 13:15:16 +
+
 clive (2.2.13-5+squeeze4) stable; urgency=low
 
   * Adapt for youtube.com changes. (Closes: #645025)
diff -Nru clive-2.2.13/debian/patches/688972-youtube.diff clive-2.2.13/debian/patches/688972-youtube.diff
--- clive-2.2.13/debian/patches/688972-youtube.diff	1970-01-01 00:00:00.0 +
+++ clive-2.2.13/debian/patches/688972-youtube.diff	2012-10-15 13:14:49.0 +
@@ -0,0 +1,16 @@
+From: Ansgar Burchardt 
+Subject: backport patch for #688972 from libquvi-scripts to clive
+Bug-Debian: http://bugs.debian.org/688972
+
+--- clive-2.2.13.orig/lib/clive/Host/Youtube.pm
 clive-2.2.13/lib/clive/Host/Youtube.pm
+@@ -52,6 +52,9 @@ sub parsePage {
+ 	}
+ 	my $id = $map{itag};
+ 	my $url = $map{url};
++	if (exists $map{sig}) {
++		$url .= '&signature=' . $map{sig};
++	}
+ $best   = $url unless $best;
+ $h{$id} = $url;
+ }
diff -Nru clive-2.2.13/debian/patches/series clive-2.2.13/debian/patches/series
--- clive-2.2.13/debian/patches/series	2012-01-28 10:33:11.0 +
+++ clive-2.2.13/debian/patches/series	2012-10-15 13:13:12.0 +
@@ -6,3 +6,4 @@
 liveleak-fix-from-2.2.25.patch
 636612-youtube.diff
 645025-youtube.diff
+688972-youtube.diff
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#690951: marked as done (pu: package clamav/0.97.6+dfsg-1~squeeze1)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 11:56:55 +
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #690951,
regarding pu: package clamav/0.97.6+dfsg-1~squeeze1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
690951: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690951
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

This is a relatively small, non-security release, but it does include an
increased functionality level, so 0.97.5 will no longer be able to process all
virus signatures.  An updated clamav is important for all the usual reasons
having to do with the bad guys not standing still.
--- End Message ---
--- Begin Message ---
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam--- End Message ---

Bug#699235: marked as done (RM: elmerfem -- RoM; licensing problems)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 10:11:28 +
with message-id 
and subject line Bug#699235: Removed package(s) from stable
has caused the Debian Bug report #699235,
regarding RM: elmerfem -- RoM; licensing problems
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
699235: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699235
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ftp.debian.org
Severity: normal

Hi,

Package elmerfem version 5.5.0.svn.4499.dfsg-1 in Squeeze has two serious bugs:
[#687954] elmer: non-free files in source tarball
[#698527] elmer: executable ElmerGUI.real links with both GPL-licensed and
  GPL-incompatible libraries

Bug [#687954] was fixed in Wheezy and I prepared package to 
stable-proposed-updates
[#698088]. But after receiving bug report [#698527] I think that package should 
be
removed from stable.

Package in unstable could be fixed. So do not delete it from testing please.

Best regards,
Boris
--- End Message ---
--- Begin Message ---
We believe that the bug you reported is now fixed; the following
package(s) have been removed from stable:

 elmer | 5.5.0.svn.4499.dfsg-1 | amd64, i386, ia64, kfreebsd-amd64, 
kfreebsd-i386, mips, mipsel, powerpc, s390, sparc
elmer-common | 5.5.0.svn.4499.dfsg-1 | all
  elmerfem | 5.5.0.svn.4499.dfsg-1 | source
libelmer-dev | 5.5.0.svn.4499.dfsg-1 | amd64, i386, ia64, kfreebsd-amd64, 
kfreebsd-i386, mips, mipsel, powerpc, s390, sparc
libelmersolver-6.0 | 5.5.0.svn.4499.dfsg-1 | amd64, i386, ia64, kfreebsd-amd64, 
kfreebsd-i386, mips, mipsel, powerpc, s390, sparc

--- Reason ---
RoM; licensing problems
--

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive and will not propagate to any mirrors (ftp.debian.org
included) until the next dinstall run at the earliest.

Packages are usually not removed from testing by hand. Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems. The release team can force a removal from testing if it is
really needed, please contact them if this should be the case.

Bugs which have been reported against this package are not automatically
removed from the Bug Tracking System.  Please check all open bugs and
close them or re-assign them to another package if the removed package
was superseded by another one.

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 699...@bugs.debian.org.

The full log for this bug can be viewed at http://bugs.debian.org/699235

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@debian.org.

Debian distribution maintenance software
pp.
Archive Administrator (the ftpmaster behind the curtain)--- End Message ---

Bug#701232: pu: package xorg-server/2:1.7.7-15

[Julien Cristau]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I'm considering the following patch for a stable update.  Background is
that qt wants to stop making their shm segments 0777, but since they
don't handle errors correctly and the X server isn't able to get the
client uid on kfreebsd (which it needs to in order to prevent users from
snooping on each other's memory, being setuid root), makes things break
down (#700530).  On FreeBSD, libc has a getpeereid function to do that
job, which on kfreebsd is available through libbsd, so this patch makes
us use that.

Cheers,
Julien

From: Julien Cristau 
Date: Sat, 23 Feb 2013 10:34:21 +0100
Subject: [PATCH] Link against -lbsd on kfreebsd

It gives us access to getpeereid() and makes MIT-SHM work with
non-world-accessible segments.  See Debian bug#700530.
---
 debian/changelog |7 +++
 debian/rules |4 +++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 4d8d03c..137c032 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+xorg-server (2:1.7.7-15) UNRELEASED; urgency=low
+
+  * Link against -lbsd on kfreebsd to get access to getpeereid() and make
+MIT-SHM work with non-world-accessible segments.
+
+ -- Julien Cristau   Sat, 23 Feb 2013 10:13:16 +0100
+
 xorg-server (2:1.7.7-14) squeeze; urgency=low
 
   * GLX: add missing input sanitization (CVE-2010-4818).  Also fix a couple
diff --git a/debian/rules b/debian/rules
index 52c0094..51d271a 100755
--- a/debian/rules
+++ b/debian/rules
@@ -64,6 +64,7 @@ ifeq ($(DEB_HOST_ARCH_OS), linux)
config_backend += --enable-config-udev --disable-config-hal
 else ifeq ($(DEB_HOST_ARCH_OS), kfreebsd)
config_backend += --disable-config-udev --enable-config-hal
+   libs = LIBS=-lbsd
 else # hurd
config_backend += --disable-config-udev --disable-config-hal
 endif
@@ -112,7 +113,8 @@ confflags += \
 --disable-xwin \
 --disable-xsdl \
 --disable-xfake \
---disable-install-setuid
+--disable-install-setuid \
+$(libs)
 
 confflags_main = \

--with-default-font-path="/usr/share/fonts/X11/misc,/usr/share/fonts/X11/cyrillic,/usr/share/fonts/X11/100dpi/:unscaled,/usr/share/fonts/X11/75dpi/:unscaled,/usr/share/fonts/X11/Type1,/usr/share/fonts/X11/100dpi,/usr/share/fonts/X11/75dpi,/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType,built-ins"
 \


signature.asc
Description: Digital signature