Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)

2015-02-01 Thread Aron Xu 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock jessie-pu

libxml2 in Jessie has CVE-2014-3600 pending to be addressed and this
update includes the related regression fix as well.

Also, I would like to apply some more upstream memory related patches
from 2.9.2, mostly NULL checks, because there are quite a lot deeper
issues hiding in libxml2's code base and those fixes shall be deemed
beneficial to our support cycle.

Regards,
Aron Xu
diff -Nru libxml2-2.9.1+dfsg1/debian/changelog 
libxml2-2.9.1+dfsg1/debian/changelog
--- libxml2-2.9.1+dfsg1/debian/changelog2014-07-09 06:49:45.0 
+0800
+++ libxml2-2.9.1+dfsg1/debian/changelog2015-02-01 13:51:11.0 
+0800
@@ -1,3 +1,12 @@
+libxml2 (2.9.1+dfsg1-5) testing; urgency=medium
+
+  * Add pkg-config to B-D
+  * Use -O3 for normal builds
+  * Cherry-pick upstream memory related fixes
+- Including CVE-2014-3660 (Closes: #765722, #768089)
+
+ -- Aron Xu a...@debian.org  Sun, 01 Feb 2015 13:48:36 +0800
+
 libxml2 (2.9.1+dfsg1-4) unstable; urgency=low
 
   [ Christian Svensson ]
diff -Nru libxml2-2.9.1+dfsg1/debian/control libxml2-2.9.1+dfsg1/debian/control
--- libxml2-2.9.1+dfsg1/debian/control  2014-07-09 06:46:15.0 +0800
+++ libxml2-2.9.1+dfsg1/debian/control  2015-02-01 13:42:06.0 +0800
@@ -4,7 +4,7 @@
 Maintainer: Debian XML/SGML Group 
debian-xml-sgml-p...@lists.alioth.debian.org
 Uploaders: Aron Xu a...@debian.org, YunQiang Su wzss...@gmail.com
 Standards-Version: 3.9.5
-Build-Depends: debhelper (= 9), dh-autoreconf, autotools-dev,
+Build-Depends: debhelper (= 9), dh-autoreconf, autotools-dev, pkg-config,
  libpython-all-dev, libpython-all-dbg,
  python-all-dev:any (= 2.7.5-5~), python-all-dbg:any,
  zlib1g-dev | libz-dev, liblzma-dev
diff -Nru 
libxml2-2.9.1+dfsg1/debian/patches/0001-modify-xml2-config-and-pkgconfig-behaviour.patch
 
libxml2-2.9.1+dfsg1/debian/patches/0001-modify-xml2-config-and-pkgconfig-behaviour.patch
--- 
libxml2-2.9.1+dfsg1/debian/patches/0001-modify-xml2-config-and-pkgconfig-behaviour.patch
2014-07-09 05:31:33.0 +0800
+++ 
libxml2-2.9.1+dfsg1/debian/patches/0001-modify-xml2-config-and-pkgconfig-behaviour.patch
2015-02-01 13:50:27.0 +0800
@@ -3,11 +3,11 @@
 Subject: modify xml2-config and pkgconfig behaviour
 
 ---
- configure.in |2 +-
- libxml-2.0-uninstalled.pc.in |3 ++-
- libxml-2.0.pc.in |2 +-
- xml2-config.1|4 
- xml2-config.in   |   22 ++
+ configure.in |  2 +-
+ libxml-2.0-uninstalled.pc.in |  3 ++-
+ libxml-2.0.pc.in |  2 +-
+ xml2-config.1|  4 
+ xml2-config.in   | 22 ++
  5 files changed, 18 insertions(+), 15 deletions(-)
 
 diff --git a/configure.in b/configure.in
diff -Nru 
libxml2-2.9.1+dfsg1/debian/patches/0002-fix-python-multiarch-includes.patch 
libxml2-2.9.1+dfsg1/debian/patches/0002-fix-python-multiarch-includes.patch
--- libxml2-2.9.1+dfsg1/debian/patches/0002-fix-python-multiarch-includes.patch 
2014-07-09 06:46:15.0 +0800
+++ libxml2-2.9.1+dfsg1/debian/patches/0002-fix-python-multiarch-includes.patch 
2015-02-01 13:50:27.0 +0800
@@ -3,8 +3,8 @@
 Subject: fix python multiarch includes
 
 ---
- python/Makefile.am |2 +-
- python/Makefile.in |2 +-
+ python/Makefile.am | 2 +-
+ python/Makefile.in | 2 +-
  2 files changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/python/Makefile.am b/python/Makefile.am
diff -Nru 
libxml2-2.9.1+dfsg1/debian/patches/0003-Fix-an-error-in-xmlCleanupParser.patch 
libxml2-2.9.1+dfsg1/debian/patches/0003-Fix-an-error-in-xmlCleanupParser.patch
--- 
libxml2-2.9.1+dfsg1/debian/patches/0003-Fix-an-error-in-xmlCleanupParser.patch  
2014-07-09 06:46:15.0 +0800
+++ 
libxml2-2.9.1+dfsg1/debian/patches/0003-Fix-an-error-in-xmlCleanupParser.patch  
2015-02-01 13:50:27.0 +0800
@@ -8,7 +8,7 @@
 xmlResetLastError() but the later reallocate the global
 data freed by previous call. Just swap the two calls.
 ---
- parser.c |2 +-
+ parser.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/parser.c b/parser.c
diff -Nru 
libxml2-2.9.1+dfsg1/debian/patches/0004-Fix-missing-break-on-last-function-for-attributes.patch
 
libxml2-2.9.1+dfsg1/debian/patches/0004-Fix-missing-break-on-last-function-for-attributes.patch
--- 
libxml2-2.9.1+dfsg1/debian/patches/0004-Fix-missing-break-on-last-function-for-attributes.patch
 2014-07-09 06:46:15.0 +0800
+++ 
libxml2-2.9.1+dfsg1/debian/patches/0004-Fix-missing-break-on-last-function-for-attributes.patch
 2015-02-01 13:50:27.0 +0800
@@ -4,7 +4,7 @@
 
 pointed out by cppcheck
 ---
- python/libxml.c |1 +
+ python/libxml.c | 1 +
  1 file changed, 1 insertion(+)
 
 diff --git a/python/libxml.c b/python/libxml.c
diff -Nru

Processed: tagging 776767

2015-02-01 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

 tags 776767 + wontfix
Bug #776767 {Done: Jonathan Wiltshire j...@debian.org} [release.debian.org] 
unblock: volumeicon/0.4.6-2.2
Added tag(s) wontfix.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
776767: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776767
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/handler.s.c.14228014759633.transcr...@bugs.debian.org

Bug#776616: marked as done (unblock: fso stack)

2015-02-01 Thread Debian Bug Tracking System 
Your message dated Sun, 01 Feb 2015 10:24:06 +0100
with message-id 54cdf0b6.30...@thykier.net
and subject line Re: Bug#776616: unblock: fso stack
has caused the Debian Bug report #776616,
regarding unblock: fso stack
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
776616: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776616
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock packages:
 * fso-datad
 * fso-deviced
 * fso-frameworkd
 * fso-gsmd
 * fso-usaged
 * phonefsod

Reason:

security update regarding dbus configuration.

Debdiff:

I think it's pointless to include 6 almost identical debdiff files here.
The only change in each package is a new patch fixing the DBus
configuration. Here is the patch for fso-datad:

$ cat debian/patches/fix-dbus-permissions.patch
From: Sebastian Reichel s...@debian.org
Reported-By: Simon McVittie simon.mcvit...@collabora.co.uk
Last-Update: 2015-01-20
Description: Fix Security Problem in DBus Configuration
 Old configuration allows every local user to send arbitrary D-Bus
 messages to the path /org/freesmartphone/Framework on *any* D-Bus
 system service (rough HTTP analogy: send a POST to
 http://server/org/freesmartphone/Framework on any server).
Bug-CVE: https://security-tracker.debian.org/tracker/CVE-2014-8156

Index: fso-datad/data/fsodatad.conf
===
--- fso-datad.orig/data/fsodatad.conf
+++ fso-datad/data/fsodatad.conf
@@ -3,8 +3,7 @@
 busconfig
 policy context=default
 allow own=org.freesmartphone.odatad/
-allow send_path=/org/freesmartphone/Time/
-allow send_destination=org.freesmartphone.odatad/
+allow send_destination=org.freesmartphone.odatad 
send_path=/org/freesmartphone/Time/
 /policy
 policy context=default
 allow send_interface=org.freedesktop.DBus.Introspectable/

Commands:

unblock fso-datad/0.12.0-3
unblock fso-deviced/0.12.0-5
unblock fso-frameworkd/0.9.5.9+git20110512-5
unblock fso-gsmd/0.12.0-4
unblock fso-usaged/0.12.0-3
unblock phonefsod/0.1+git20121018-2
---End Message---
---BeginMessage---
On 2015-01-30 01:37, Sebastian Reichel wrote:
 Package: release.debian.org
 Severity: normal
 User: release.debian@packages.debian.org
 Usertags: unblock
 
 Please unblock packages:
  * fso-datad
  * fso-deviced
  * fso-frameworkd
  * fso-gsmd
  * fso-usaged
  * phonefsod
 
 Reason:
 
 security update regarding dbus configuration.
 

I have unblocked all of these, but I do have a few remarks on:

 [...]
 unblock fso-frameworkd/0.9.5.9+git20110512-5
 [...]
 

This package has a few changes that do not follow the described pattern:


+ policy context=default
+ allow own=org.freesmartphone.ogpsd/
+ allow own=org.freedesktop.Gypsy/
+-allow send_path=/org/freedesktop/Gypsy/
+ allow send_destination=org.freesmartphone.ogpsd/
+ allow send_destination=org.freedesktop.gypsy/
+ /policy



+ policy context=default
+ allow own=org.freesmartphone.odeviced/
+-allow send_path=//
+ allow send_destination=org.freesmartphone.odeviced/
+ /policy


I presumed these to be intended.

Thanks,
~Niels---End Message---

Bug#776009: marked as done (unblock: xymon/4.3.17-5)

2015-02-01 Thread Debian Bug Tracking System 
Your message dated Sun, 01 Feb 2015 10:08:57 +0100
with message-id 54cded29.80...@thykier.net
and subject line Re: Bug#776009: unblock: xymon/4.3.17-5
has caused the Debian Bug report #776009,
regarding unblock: xymon/4.3.17-5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
776009: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776009
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi,

several updates for xymon have accumulated since the last upload. We'd
like to have them in Jessie, so we are asking for approval of the
changes below.

Changelog:

diff -Nru xymon-4.3.17/debian/changelog xymon-4.3.17/debian/changelog
--- xymon-4.3.17/debian/changelog   2014-10-23 16:50:53.0 +0200
+++ xymon-4.3.17/debian/changelog   2015-01-22 17:37:30.0 +0100
@@ -1,3 +1,21 @@
+xymon (4.3.17-5) unstable; urgency=medium
+
+  [ Christoph Berg ]
+  * Restore the lost ROOTFS variable in xymonclient-linux.sh, and patch
+xymond/rrd/do_disk.c to ignore duplicate submissions for the / partition.
+(Closes: #767901)
+  * Fix buffer overrun in web/acknowledge.c (Closes: #776007)
+  * Debconf translations, thanks!
++ pt by Américo Monteiro (Closes: #767840)
++ fr by Jean-Pierre Giraud (Closes: #770168)
++ nl by Frans Spiesschaert (Closes: #771182)
+
+  [ Axel Beckert ]
+  * Fix aborting installation in cases where a hobbit user exists despite
+hobbit-client was not installed before. (LP: #1407498)
+
+ -- Christoph Berg christoph.b...@credativ.de  Thu, 22 Jan 2015 17:37:26 
+0100
+
 xymon (4.3.17-4) unstable; urgency=medium
 
   * Add debconf question to disable the automatic migration from hobbit to


The first patch is the buffer overrun from #776007:

diff -Nru xymon-4.3.17/debian/patches/acknowledge-malloc 
xymon-4.3.17/debian/patches/acknowledge-malloc
--- xymon-4.3.17/debian/patches/acknowledge-malloc  1970-01-01 
01:00:00.0 +0100
+++ xymon-4.3.17/debian/patches/acknowledge-malloc  2015-01-22 
16:49:28.0 +0100
@@ -0,0 +1,11 @@
+--- a/web/acknowledge.c
 b/web/acknowledge.c
+@@ -289,7 +289,7 @@ int main(int argc, char *argv[])
+   pcre *dummy;
+   char *re;
+ 
+-  re = (char *)malloc(8 + 
strlen(pagename));
++  re = (char *)malloc(8 + 
2*strlen(pagename));
+   sprintf(re, %s$|^%s/.+, pagename, 
pagename);
+   dummy = compileregex(re);
+   if (dummy) {

(This is probably exploitable, but the URL for this is only accessible
for authenticated admin users, so it's not a very bad security issue.)


The next one is the #767901 issue that causes monitoring graphs for
the / partition (disk space and inodes) to be broken. The C part
accounts for the fact that the df output in the default
installations have / listed twice, and suppresses duplicate updates
for that partitions (which cause rrd to get confused).

The hard-to-read sh diff below merely restores the ROOTFS line that's
present in the upstream version of the original file, but got lost
during some patch update.

diff -Nru xymon-4.3.17/debian/patches/disk-no-duplicate-root 
xymon-4.3.17/debian/patches/disk-no-duplicate-root
--- xymon-4.3.17/debian/patches/disk-no-duplicate-root  1970-01-01 
01:00:00.0 +0100
+++ xymon-4.3.17/debian/patches/disk-no-duplicate-root  2015-01-21 
16:31:46.0 +0100
@@ -0,0 +1,30 @@
+--- a/xymond/rrd/do_disk.c
 b/xymond/rrd/do_disk.c
+@@ -20,6 +20,7 @@ int do_disk_rrd(char *hostname, char *te
+   static int ptnsetup = 0;
+   static pcre *inclpattern = NULL;
+   static pcre *exclpattern = NULL;
++  int seen_root_fs = 0;
+ 
+   if (strstr(msg, netapp.pl)) return do_netapp_disk_rrd(hostname, 
testname, classname, pagepaths, msg, tstamp);
+   if (strstr(msg, dbcheck.pl)) return 
do_dbcheck_tablespace_rrd(hostname, testname, classname, pagepaths, msg, 
tstamp);
+@@ -163,6 +164,19 @@ int do_disk_rrd(char *hostname, char *te
+ 
+   /* Check include/exclude patterns */
+   wanteddisk = 1;
++  /*
++   * On some systems, including the Debian Wheezy default setup,
++   * df shows two entries for / (one for rootfs, one for the
++   * real device). Skip the second one or else the rrd files
++   *

Bug#776732: marked as done (unblock: spamassassin/3.4.0-6)

2015-02-01 Thread Debian Bug Tracking System 
Your message dated Sun, 1 Feb 2015 12:21:37 +0100
with message-id 20150201112137.gc11...@lupin.home.powdarrmonkey.net
and subject line Re: Bug#776732: unblock: spamassassin/3.4.0-6
has caused the Debian Bug report #776732,
regarding unblock: spamassassin/3.4.0-6
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
776732: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776732
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package spamassassin. It includes an update to the
bundled rules to remove references to a DNS blacklist that is no longer
functional and is returning yes for all requests, significantly
raising the changes of false-positives. See
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774768 for details.

Debdiff is attached.

Thanks
noah

unblock spamassassin/3.4.0-6

-- System Information:
Debian Release: 7.8
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru spamassassin-3.4.0/debian/changelog spamassassin-3.4.0/debian/changelog
--- spamassassin-3.4.0/debian/changelog	2014-11-29 14:29:29.0 -0800
+++ spamassassin-3.4.0/debian/changelog	2015-01-31 11:07:51.0 -0800
@@ -1,3 +1,10 @@
+spamassassin (3.4.0-6) unstable; urgency=medium
+
+  * Remove references to ahbl.org DNSBL, which has ceased operation.
+(Closes: #774768)
+
+ -- Noah Meyerhans no...@debian.org  Sat, 31 Jan 2015 10:53:22 -0800
+
 spamassassin (3.4.0-5) unstable; urgency=medium
 
   * Import upstream fix for perl_version warnings (Closes: 771408)
diff -Nru spamassassin-3.4.0/debian/patches/bug_774768_disable_ahbl spamassassin-3.4.0/debian/patches/bug_774768_disable_ahbl
--- spamassassin-3.4.0/debian/patches/bug_774768_disable_ahbl	1969-12-31 16:00:00.0 -0800
+++ spamassassin-3.4.0/debian/patches/bug_774768_disable_ahbl	2015-01-31 11:07:51.0 -0800
@@ -0,0 +1,53 @@
+Index: spamassassin-3.4.0/pkgrules/20_dnsbl_tests.cf
+===
+--- spamassassin-3.4.0.orig/pkgrules/20_dnsbl_tests.cf
 spamassassin-3.4.0/pkgrules/20_dnsbl_tests.cf
+@@ -130,12 +130,6 @@ reuse  RCVD_IN_PBL
+ # ---
+ # Now, single zone BLs follow:
+ 
+-# another domain-based blacklist
+-header DNS_FROM_AHBL_RHSBL  eval:check_rbl_envfrom('ahbl', 'rhsbl.ahbl.org.')
+-describe DNS_FROM_AHBL_RHSBLEnvelope sender listed in dnsbl.ahbl.org
+-tflags DNS_FROM_AHBL_RHSBL  net
+-reuse  DNS_FROM_AHBL_RHSBL
+-
+ # ---
+ # NOTE: donation tests, see README file for details
+ 
+Index: spamassassin-3.4.0/pkgrules/30_text_de.cf
+===
+--- spamassassin-3.4.0.orig/pkgrules/30_text_de.cf
 spamassassin-3.4.0/pkgrules/30_text_de.cf
+@@ -88,7 +88,6 @@ lang de describe RCVD_IN_SORBS_ZOMBIE SO
+ lang de describe RCVD_IN_SORBS_DUL SORBS: Senderechner nur temporär mit Internet verbunden
+ lang de describe RCVD_IN_SBL Transportiert via Rechner in SBL-Liste (http://www.spamhaus.org/sbl/)
+ lang de describe RCVD_IN_XBL Transportiert via Rechner in XBL-Liste (http://www.spamhaus.org/xbl/)
+-lang de describe DNS_FROM_AHBL_RHSBL Absenderadresse in Liste von dnsbl.ahbl.org
+ lang de describe RCVD_IN_BL_SPAMCOP_NET Transportiert via Rechner in Liste von www.spamcop.net
+ lang de describe RCVD_IN_MAPS_RBL Transportiert via Rechner in Liste von http://www.mail-abuse.org/rbl/
+ lang de describe RCVD_IN_MAPS_DUL Transportiert via Rechner in Liste von http://www.mail-abuse.org/dul/
+Index: spamassassin-3.4.0/pkgrules/30_text_pt_br.cf
+===
+--- spamassassin-3.4.0.orig/pkgrules/30_text_pt_br.cf
 spamassassin-3.4.0/pkgrules/30_text_pt_br.cf
+@@ -110,7 +110,6 @@ lang pt_BR describe __RCVD_IN_ZEN Recebi
+ lang pt_BR describe RCVD_IN_SBL Recebida por um relay listado em Spamhaus SBL
+ lang pt_BR describe RCVD_IN_XBL Recebida por um relay listado em Spamhaus XBL
+ lang pt_BR describe RCVD_IN_PBL Recebida por um relay listado em Spamhaus PBL
+-lang pt_BR describe DNS_FROM_AHBL_RHSBL Envelope sender consta em dnsbl.ahbl.org
+ lang pt_BR describe RCVD_IN_BL_SPAMCOP_NET Recebida por um relay listado em bl.spamcop.net
+

Bug#776762: nmu: mariadb-10.0_10.0.16-1~exp2

2015-02-01 Thread Andreas Beckmann 
Package: release.debian.org
Severity: normal
Tags: experimental
User: release.debian@packages.debian.org
Usertags: binnmu

nmu mariadb-10.0_10.0.16-1~exp2 . amd64 . experimental . -m Rebuild in a clean 
environment.

The maintainer uploaded package depends on libthrift0, but I cannot
find a trace of this package.


Andreas


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20150201130453.9985.75959.report...@zam581.zam.kfa-juelich.de

Bug#776765: unblock: util-linux/2.25.2-4.2

2015-02-01 Thread Gaudenz Steinlin 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package util-linux

This fixes bug #773354. Sorry I forgot to close the bug report in the
changelog. Will do that manually.

The breaks is necessary because live-tools in wheezy is broken. It
misses a dependency on initramfs-tools. live-tools diverts
update-initramfs and calls the original update-initramfs from
initramfs-tools in it's version unconditionally, but without having a
dependency on initramfs-tools. This dependency was added in version
4.0~alpha17-1, thus fixing the underlying bug.

Recent versions of util-linux call update-initramfs in their postinst
and without the breaks the postinst may be called before live-tools is
updated and thus before initramfs-tools is unpacked. Then the postinst
fails.

Adding a breaks on the earlier versions of live-tools to util-linux
ensures the correct unpack order on upgrades and solves the problem.

unblock util-linux/2.25.2-4.2

-- System Information:
Debian Release: 8.0
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'testing'), (100, 
'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru util-linux-2.25.2/debian/changelog util-linux-2.25.2/debian/changelog
--- util-linux-2.25.2/debian/changelog	2015-01-17 17:17:42.0 +0100
+++ util-linux-2.25.2/debian/changelog	2015-02-01 13:19:10.0 +0100
@@ -1,3 +1,10 @@
+util-linux (2.25.2-4.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add Breaks: live-tools (4.0~alpha17-1)
+
+ -- Gaudenz Steinlin gaud...@debian.org  Sun, 01 Feb 2015 13:16:26 +0100
+
 util-linux (2.25.2-4.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru util-linux-2.25.2/debian/control util-linux-2.25.2/debian/control
--- util-linux-2.25.2/debian/control	2015-01-17 17:06:40.0 +0100
+++ util-linux-2.25.2/debian/control	2015-02-01 13:18:52.0 +0100
@@ -38,7 +38,7 @@
 Depends: initscripts, lsb-base (= 3.0-6), tzdata (=2006c-2), ${misc:Depends}
 Suggests: dosfstools, kbd | console-tools, util-linux-locales
 Replaces: bash-completion ( 1:2.1-3)
-Breaks: bash-completion ( 1:2.1-3)
+Breaks: bash-completion ( 1:2.1-3), live-tools ( 4.0~alpha17-1)
 Multi-Arch: foreign
 Description: Miscellaneous system utilities
  This package contains a number of important utilities, most of which

Bug#776767: marked as done (unblock: volumeicon/0.4.6-2.2)

2015-02-01 Thread Debian Bug Tracking System 
Your message dated Sun, 1 Feb 2015 15:32:29 +0100
with message-id 20150201143229.gf11...@lupin.home.powdarrmonkey.net
and subject line Re: Bug#776767: unblock: volumeicon/0.4.6-2.2
has caused the Debian Bug report #776767,
regarding unblock: volumeicon/0.4.6-2.2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
776767: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776767
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package volumeicon.

It fixes a few bugs which shouldn't be in jessie.

unblock volumeicon/0.4.6-2.2


thanks,

Mateusz

diff -Nru volumeicon-0.4.6/debian/changelog volumeicon-0.4.6/debian/changelog
--- volumeicon-0.4.6/debian/changelog   2014-05-06 20:41:27.0 +0200
+++ volumeicon-0.4.6/debian/changelog   2014-10-26 13:33:03.0 +0100
@@ -1,3 +1,16 @@
+volumeicon (0.4.6-2.2) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Add patch to replace x-terminal-emulator instead xterm - thanks to
+Luca Capello l...@pca.it for the patch. (Closes: #754231)
+  * Typo in Depends: xfce4-nofityd = xfce4-notifyd. (Closes: #758494)
+  * Add .desktop file. (Closes: #749324)
+  * Bump Debian standards to 3.9.6. (no changes needed)
+  * Use canoninal Vcs fields.
+  * Bump debhelper version to 9.
+
+ -- Mateusz Łukasik mat...@linuxmint.pl  Sun, 26 Oct 2014 13:32:59 +0100
+
 volumeicon (0.4.6-2.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru volumeicon-0.4.6/debian/control volumeicon-0.4.6/debian/control
--- volumeicon-0.4.6/debian/control 2014-05-06 20:34:30.0 +0200
+++ volumeicon-0.4.6/debian/control 2014-10-26 11:27:42.0 +0100
@@ -3,18 +3,18 @@
 Priority: optional
 Maintainer: Andrew Gainer gainer.and...@gmail.com
 Uploaders: Julien Valroff jul...@debian.org
-Build-Depends: debhelper (= 8.0.0~), autotools-dev,
+Build-Depends: debhelper (= 9), autotools-dev,
  libgtk2.0-dev, libasound2-dev, libnotify-dev
-Standards-Version: 3.9.3
+Standards-Version: 3.9.6
 Homepage: http://softwarebakery.com/maato/volumeicon.html
-Vcs-Git: git://git.debian.org/collab-maint/volumeicon.git
-Vcs-Browser: http://git.debian.org/?p=collab-maint/volumeicon.git;a=summary
+Vcs-Git: git://anonscm.debian.org/collab-maint/volumeicon.git
+Vcs-Browser: 
https://anonscm.debian.org/cgit/collab-maint/volumeicon.git;a=summary
 
 Package: volumeicon-alsa
 Architecture: linux-any
 Depends: ${misc:Depends}, ${shlibs:Depends}
 Suggests: alsamixergui | aumix-gtk | kmix | gnome-alsamixer,
-  notify-osd | xfce4-nofityd | notification-daemon
+  notify-osd | xfce4-notifyd | notification-daemon
 Description: systray volume icon for alsa
  This is a lightweight volume control that sits in your systray. This
  version is compatible with ALSA.
diff -Nru volumeicon-0.4.6/debian/patches/002_replace-hardcoded-xterm.diff 
volumeicon-0.4.6/debian/patches/002_replace-hardcoded-xterm.diff
--- volumeicon-0.4.6/debian/patches/002_replace-hardcoded-xterm.diff
1970-01-01 01:00:00.0 +0100
+++ volumeicon-0.4.6/debian/patches/002_replace-hardcoded-xterm.diff
2014-10-26 10:57:02.0 +0100
@@ -0,0 +1,16 @@
+Description: Replace hardcoded xterm with x-terminal-emulator
+Bug-Debian: https://bugs.debian.org/754231
+Author: Luca Capello l...@pca.it
+Last-Update: 2014-07-08
+
+--- a/src/config.c
 b/src/config.c
+@@ -59,7 +59,7 @@
+ static void config_load_default()
+ {
+   if(!m_helper_program)
+-  config_set_helper(xterm -e 'alsamixer');
++  config_set_helper(x-terminal-emulator -e 'alsamixer');
+   if(!m_channel)
+   config_set_channel(NULL);
+   if(!m_card)
diff -Nru volumeicon-0.4.6/debian/patches/series 
volumeicon-0.4.6/debian/patches/series
--- volumeicon-0.4.6/debian/patches/series  2013-02-16 09:21:30.0 
+0100
+++ volumeicon-0.4.6/debian/patches/series  2014-10-26 10:56:21.0 
+0100
@@ -1 +1,2 @@
 001_remove-individual-glib-headers.diff
+002_replace-hardcoded-xterm.diff
diff -Nru volumeicon-0.4.6/debian/volumeicon.desktop 
volumeicon-0.4.6/debian/volumeicon.desktop
--- volumeicon-0.4.6/debian/volumeicon.desktop  1970-01-01 01:00:00.0 
+0100
+++ volumeicon-0.4.6/debian/volumeicon.desktop  2014-10-26 11:15:33.0 
+0100
@@ -0,0 +1,12 @@
+[Desktop Entry]
+Name=Volume Icon
+Name[fr]=Icône pour le contrôle du volume
+Comment=Lightweight volume control for the systray
+Comment[fr]=Simple contrôle du volume pour la barre d'état
+Icon=volume

Bug#774737: unblock: libjpeg9/1:9a-2

2015-02-01 Thread Niels Thykier 
On 2015-01-29 20:40, Bill Allombert wrote:
 On Thu, Jan 29, 2015 at 08:32:58PM +0100, Niels Thykier wrote:
 [...]
 I am still not convinced that this is sufficient to turn over the
 decision to only have one libjpeg implementation in Jessie.
 
 The two previous Debian releases had several libjpeg implementations.
 Why this change and why now ? I find rather unfair that I spend time packaging
 libjpeg9 to be told several month later than it would not be included in
 stable for some unspecified reason.
 
 Cheers,
 

If you disagree with this change then why did you not object to it when
you learned of it?  You have known at least since the 9th of August that
this was the case *and* it would affect your packages[1].

~Niels

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717076#240


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54cdf336.4010...@thykier.net

Bug#776616: unblock: fso stack

2015-02-01 Thread Sebastian Reichel 
On Sun, Feb 01, 2015 at 10:24:06AM +0100, Niels Thykier wrote:
 On 2015-01-30 01:37, Sebastian Reichel wrote:
  Package: release.debian.org
  Severity: normal
  User: release.debian@packages.debian.org
  Usertags: unblock
  
  Please unblock packages:
   * fso-datad
   * fso-deviced
   * fso-frameworkd
   * fso-gsmd
   * fso-usaged
   * phonefsod
  
  Reason:
  
  security update regarding dbus configuration.
  
 
 I have unblocked all of these,

Thanks.

 but I do have a few remarks on:
 
  [...]
  unblock fso-frameworkd/0.9.5.9+git20110512-5
  [...]
  
 
 This package has a few changes that do not follow the described pattern:

Ah right, I forgot to mention those. Basically upstream data looks a
bit different for those lines, so the patch pattern also changes.

The important part is to remove all individual standing send_path
policy rules, since they also are valid for other destinations,
which may not evaluate the path at all.

 
 + policy context=default
 + allow own=org.freesmartphone.ogpsd/
 + allow own=org.freedesktop.Gypsy/
 +-allow send_path=/org/freedesktop/Gypsy/
 + allow send_destination=org.freesmartphone.ogpsd/
 + allow send_destination=org.freedesktop.gypsy/
 + /policy
 

In this case I just dropped the send_path, since I was not
sure about upstreams exact motiviation. Since the additional
security gain for the send_path restriction is marginal
(send_destination is already unique and there is a very low
change of another service using the same destination in the
future) I dropped the rule instead of risking broken machines.

 
 + policy context=default
 + allow own=org.freesmartphone.odeviced/
 +-allow send_path=//
 + allow send_destination=org.freesmartphone.odeviced/
 + /policy
 

adding the send_path to the send_destination rule does not add
further restrictions = drop it.

 [...]

-- Sebastian


signature.asc
Description: Digital signature

Bug#776762: marked as done (nmu: mariadb-10.0_10.0.16-1~exp2)

2015-02-01 Thread Debian Bug Tracking System 
Your message dated Sun, 1 Feb 2015 15:10:07 +0100
with message-id 20150201141007.gd11...@lupin.home.powdarrmonkey.net
and subject line Re: Bug#776762: nmu: mariadb-10.0_10.0.16-1~exp2
has caused the Debian Bug report #776762,
regarding nmu: mariadb-10.0_10.0.16-1~exp2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
776762: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776762
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: release.debian.org
Severity: normal
Tags: experimental
User: release.debian@packages.debian.org
Usertags: binnmu

nmu mariadb-10.0_10.0.16-1~exp2 . amd64 . experimental . -m Rebuild in a clean 
environment.

The maintainer uploaded package depends on libthrift0, but I cannot
find a trace of this package.


Andreas
---End Message---
---BeginMessage---
On Sun, Feb 01, 2015 at 02:04:53PM +0100, Andreas Beckmann wrote:
 The maintainer uploaded package depends on libthrift0, but I cannot
 find a trace of this package.

Scheduled.

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51



signature.asc
Description: Digital signature
---End Message---

Bug#776759: marked as done (nmu: mia_2.2.3-1)

2015-02-01 Thread Debian Bug Tracking System 
Your message dated Sun, 1 Feb 2015 15:11:31 +0100
with message-id 20150201141131.ge11...@lupin.home.powdarrmonkey.net
and subject line Re: Bug#776759: nmu: mia_2.2.3-1
has caused the Debian Bug report #776759,
regarding nmu: mia_2.2.3-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
776759: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776759
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: release.debian.org
Severity: normal
Tags: experimental
User: release.debian@packages.debian.org
Usertags: binnmu

nmu mia_2.2.3-1 . amd64 . experimental . -m Rebuild against libjpeg62-turbo.

that package is uninstallable due to a Depends: libjpeg62

Andreas
---End Message---
---BeginMessage---
On Sun, Feb 01, 2015 at 01:14:59PM +0100, Andreas Beckmann wrote:
 nmu mia_2.2.3-1 . amd64 . experimental . -m Rebuild against libjpeg62-turbo.
 
 that package is uninstallable due to a Depends: libjpeg62

Scheduled.

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51



signature.asc
Description: Digital signature
---End Message---

Bug#776616: unblock: fso stack

2015-02-01 Thread Simon McVittie 
On Sun, 01 Feb 2015 at 11:31:58 +0100, Sebastian Reichel wrote:
 On Sun, Feb 01, 2015 at 10:24:06AM +0100, Niels Thykier wrote:
  This package has a few changes that do not follow the described pattern:
 
 Ah right, I forgot to mention those. Basically upstream data looks a
 bit different for those lines, so the patch pattern also changes.

I am an upstream and Debian D-Bus maintainer, and the reporter of
CVE-2014-8156. If Sebastian's changes for jessie match the ones for
wheezy that are attached to #776617, then I confirm that they are
reasonable patterns to address CVE-2014-8156.

I do not know enough about fso to know whether they will cause fso
to regress (disallowing more than they should) or whether they are
sufficient to make fso *itself* secure against malicious local users
(which is probably not a supported use-case anyway), but they do stop
fso from making *other things* insecure.

In particular, nothing seems to be allowed that was not already allowed.

Regards,
S


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/2015020055.ga22...@reptile.pseudorandom.co.uk

Bug#776759: nmu: mia_2.2.3-1

2015-02-01 Thread Andreas Beckmann 
Package: release.debian.org
Severity: normal
Tags: experimental
User: release.debian@packages.debian.org
Usertags: binnmu

nmu mia_2.2.3-1 . amd64 . experimental . -m Rebuild against libjpeg62-turbo.

that package is uninstallable due to a Depends: libjpeg62

Andreas


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20150201121459.1250.23236.report...@zam581.zam.kfa-juelich.de

Bug#776761: unblock: live-tools/4.0.2-1.1

2015-02-01 Thread Gaudenz Steinlin 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package live-tools

This fixes bug #774915. live-tools removes a diversion of
/usr/bin/uptime. The removal has to be done in postinst instead of
preinst because the new version of the package which no longer contains
live-tools version of uptime needs to be unpacked first. Otherwise
dpkg-divert errors out because it would overwrite the old version of
uptime still belonging to live-tools.

unblock live-tools/4.0.2-1.1

-- System Information:
Debian Release: 8.0
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'testing'), (100, 
'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru live-tools-4.0.2/debian/changelog live-tools-4.0.2/debian/changelog
--- live-tools-4.0.2/debian/changelog	2014-12-10 10:04:17.0 +0100
+++ live-tools-4.0.2/debian/changelog	2015-02-01 01:53:42.0 +0100
@@ -1,3 +1,10 @@
+live-tools (4.0.2-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Move removal of diversion to postinst (Closes: #774915)
+
+ -- Gaudenz Steinlin gaud...@debian.org  Sun, 01 Feb 2015 01:53:17 +0100
+
 live-tools (4.0.2-1) unstable; urgency=low
 
   * Removing left-over divertion on procps when upgrading from before
diff -Nru live-tools-4.0.2/debian/live-tools.postinst live-tools-4.0.2/debian/live-tools.postinst
--- live-tools-4.0.2/debian/live-tools.postinst	1970-01-01 01:00:00.0 +0100
+++ live-tools-4.0.2/debian/live-tools.postinst	2015-02-01 01:40:14.0 +0100
@@ -0,0 +1,14 @@
+#!/bin/sh
+set -e
+
+if [ $1 = configure ]
+then
+	# upgrade from live-tools  4.0.1
+	if dpkg-divert --package live-tools --list | grep -F /usr/bin/uptime.orig.procps
+	then
+		dpkg-divert --package live-tools --quiet --remove --rename --divert /usr/bin/uptime.orig.procps /usr/bin/uptime
+		dpkg-divert --package live-tools --quiet --remove --rename --divert /usr/share/man/man1/uptime.orig.procps.1.gz /usr/share/man/man1/uptime.1.gz
+	fi
+fi
+
+#DEBHELPER#
diff -Nru live-tools-4.0.2/debian/live-tools.preinst live-tools-4.0.2/debian/live-tools.preinst
--- live-tools-4.0.2/debian/live-tools.preinst	2014-12-10 10:04:17.0 +0100
+++ live-tools-4.0.2/debian/live-tools.preinst	2015-02-01 01:37:39.0 +0100
@@ -8,12 +8,6 @@
 		dpkg-divert --package live-tools --quiet --add --rename --divert /usr/sbin/update-initramfs.orig.initramfs-tools /usr/sbin/update-initramfs
 		dpkg-divert --package live-tools --quiet --add --rename --divert /usr/share/man/man8/update-initramfs.orig.initramfs-tools.8.gz /usr/share/man/man8/update-initramfs.8.gz
 
-		# upgrade from live-tools  4.0.1
-		if [ -e /usr/bin/uptime.orig.procps ]
-		then
-			dpkg-divert --package live-tools --quiet --remove --rename --divert /usr/bin/uptime.orig.procps /usr/bin/uptime
-			dpkg-divert --package live-tools --quiet --remove --rename --divert /usr/share/man/man1/uptime.orig.procps.1.gz /usr/share/man/man1/uptime.1.gz
-		fi
 		;;
 
 	abort-upgrade)

Bug#776767: unblock: volumeicon/0.4.6-2.2

2015-02-01 Thread Mateusz Łukasik 

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package volumeicon.

It fixes a few bugs which shouldn't be in jessie.

unblock volumeicon/0.4.6-2.2


thanks,

Mateusz

diff -Nru volumeicon-0.4.6/debian/changelog volumeicon-0.4.6/debian/changelog
--- volumeicon-0.4.6/debian/changelog   2014-05-06 20:41:27.0 +0200
+++ volumeicon-0.4.6/debian/changelog   2014-10-26 13:33:03.0 +0100
@@ -1,3 +1,16 @@
+volumeicon (0.4.6-2.2) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Add patch to replace x-terminal-emulator instead xterm - thanks to
+Luca Capello l...@pca.it for the patch. (Closes: #754231)
+  * Typo in Depends: xfce4-nofityd = xfce4-notifyd. (Closes: #758494)
+  * Add .desktop file. (Closes: #749324)
+  * Bump Debian standards to 3.9.6. (no changes needed)
+  * Use canoninal Vcs fields.
+  * Bump debhelper version to 9.
+
+ -- Mateusz Łukasik mat...@linuxmint.pl  Sun, 26 Oct 2014 13:32:59 +0100
+
 volumeicon (0.4.6-2.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru volumeicon-0.4.6/debian/control volumeicon-0.4.6/debian/control
--- volumeicon-0.4.6/debian/control 2014-05-06 20:34:30.0 +0200
+++ volumeicon-0.4.6/debian/control 2014-10-26 11:27:42.0 +0100
@@ -3,18 +3,18 @@
 Priority: optional
 Maintainer: Andrew Gainer gainer.and...@gmail.com
 Uploaders: Julien Valroff jul...@debian.org
-Build-Depends: debhelper (= 8.0.0~), autotools-dev,
+Build-Depends: debhelper (= 9), autotools-dev,
  libgtk2.0-dev, libasound2-dev, libnotify-dev
-Standards-Version: 3.9.3
+Standards-Version: 3.9.6
 Homepage: http://softwarebakery.com/maato/volumeicon.html
-Vcs-Git: git://git.debian.org/collab-maint/volumeicon.git
-Vcs-Browser: http://git.debian.org/?p=collab-maint/volumeicon.git;a=summary
+Vcs-Git: git://anonscm.debian.org/collab-maint/volumeicon.git
+Vcs-Browser: 
https://anonscm.debian.org/cgit/collab-maint/volumeicon.git;a=summary
 
 Package: volumeicon-alsa
 Architecture: linux-any
 Depends: ${misc:Depends}, ${shlibs:Depends}
 Suggests: alsamixergui | aumix-gtk | kmix | gnome-alsamixer,
-  notify-osd | xfce4-nofityd | notification-daemon
+  notify-osd | xfce4-notifyd | notification-daemon
 Description: systray volume icon for alsa
  This is a lightweight volume control that sits in your systray. This
  version is compatible with ALSA.
diff -Nru volumeicon-0.4.6/debian/patches/002_replace-hardcoded-xterm.diff 
volumeicon-0.4.6/debian/patches/002_replace-hardcoded-xterm.diff
--- volumeicon-0.4.6/debian/patches/002_replace-hardcoded-xterm.diff
1970-01-01 01:00:00.0 +0100
+++ volumeicon-0.4.6/debian/patches/002_replace-hardcoded-xterm.diff
2014-10-26 10:57:02.0 +0100
@@ -0,0 +1,16 @@
+Description: Replace hardcoded xterm with x-terminal-emulator
+Bug-Debian: https://bugs.debian.org/754231
+Author: Luca Capello l...@pca.it
+Last-Update: 2014-07-08
+
+--- a/src/config.c
 b/src/config.c
+@@ -59,7 +59,7 @@
+ static void config_load_default()
+ {
+   if(!m_helper_program)
+-  config_set_helper(xterm -e 'alsamixer');
++  config_set_helper(x-terminal-emulator -e 'alsamixer');
+   if(!m_channel)
+   config_set_channel(NULL);
+   if(!m_card)
diff -Nru volumeicon-0.4.6/debian/patches/series 
volumeicon-0.4.6/debian/patches/series
--- volumeicon-0.4.6/debian/patches/series  2013-02-16 09:21:30.0 
+0100
+++ volumeicon-0.4.6/debian/patches/series  2014-10-26 10:56:21.0 
+0100
@@ -1 +1,2 @@
 001_remove-individual-glib-headers.diff
+002_replace-hardcoded-xterm.diff
diff -Nru volumeicon-0.4.6/debian/volumeicon.desktop 
volumeicon-0.4.6/debian/volumeicon.desktop
--- volumeicon-0.4.6/debian/volumeicon.desktop  1970-01-01 01:00:00.0 
+0100
+++ volumeicon-0.4.6/debian/volumeicon.desktop  2014-10-26 11:15:33.0 
+0100
@@ -0,0 +1,12 @@
+[Desktop Entry]
+Name=Volume Icon
+Name[fr]=Icône pour le contrôle du volume
+Comment=Lightweight volume control for the systray
+Comment[fr]=Simple contrôle du volume pour la barre d'état
+Icon=volume
+Exec=volumeicon
+Terminal=false
+Type=Application
+StartupNotify=false
+Categories=AudioVideo;
+Keywords=audio;sound;mixer;music;
diff -Nru volumeicon-0.4.6/debian/volumeicon.install 
volumeicon-0.4.6/debian/volumeicon.install
--- volumeicon-0.4.6/debian/volumeicon.install  1970-01-01 01:00:00.0 
+0100
+++ volumeicon-0.4.6/debian/volumeicon.install  2014-10-26 11:14:41.0 
+0100
@@ -0,0 +1 @@
+debian/volumeicon.desktop usr/share/applications

Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)

2015-02-01 Thread Aron Xu 
On Sun, Feb 1, 2015 at 4:24 PM, Aron Xu a...@debian.org wrote:

 libxml2 in Jessie has CVE-2014-3600 pending to be addressed

This should be CVE-2014-3660.

Regards,
Aron


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CAMr=8w7n09xn9bjpz6uxujjghclkajhi4uyj9mi7haqf07g...@mail.gmail.com

Bug#776695: marked as done (unblock: tomcat6/6.0.41-3)

2015-02-01 Thread Debian Bug Tracking System 
Your message dated Sun, 01 Feb 2015 10:12:13 +0100
with message-id 54cdeded.1010...@thykier.net
and subject line Re: Bug#776695: unblock: tomcat6/6.0.41-3
has caused the Debian Bug report #776695,
regarding unblock: tomcat6/6.0.41-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
776695: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776695
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package tomcat6. This update removes the tomcat6 server
but preserves the Servlet API which is still used as a build dependency.
Jessie already has Tomcat 7  8 and we don't want to support 3 versions
of Tomcat in Jessie.

Thank you

unblock tomcat6/6.0.41-3
---End Message---
---BeginMessage---
On 2015-01-31 10:57, Emmanuel Bourg wrote:
 Package: release.debian.org
 Severity: normal
 User: release.debian@packages.debian.org
 Usertags: unblock
 
 Please unblock package tomcat6. This update removes the tomcat6 server
 but preserves the Servlet API which is still used as a build dependency.
 Jessie already has Tomcat 7  8 and we don't want to support 3 versions
 of Tomcat in Jessie.
 
 Thank you
 
 unblock tomcat6/6.0.41-3
 
 

Unblocked, thanks. :)

~Niels---End Message---

Bug#776639: marked as done (unblock: rbenv/0.4.0+debian1-3)

2015-02-01 Thread Debian Bug Tracking System 
Your message dated Sun, 1 Feb 2015 11:16:55 +0100
with message-id 20150201101655.ga23...@ugent.be
and subject line Re: Bug#776639: unblock: rbenv/0.4.0+debian1-3
has caused the Debian Bug report #776639,
regarding unblock: rbenv/0.4.0+debian1-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
776639: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776639
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package rbenv

This is documentation update to remove mentions of a feature that is no
longer supported in jessie.

the debdiff against the package in testing is attached.

unblock rbenv/0.4.0+debian1-3

-- System Information:
Debian Release: 8.0
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (500, 'testing'), 
(1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
Antonio Terceiro terce...@debian.org
diff -Nru rbenv-0.4.0+debian1/debian/changelog rbenv-0.4.0+debian1/debian/changelog
--- rbenv-0.4.0+debian1/debian/changelog	2014-02-26 16:26:53.0 -0300
+++ rbenv-0.4.0+debian1/debian/changelog	2015-01-29 17:48:35.0 -0200
@@ -1,3 +1,10 @@
+rbenv (0.4.0+debian1-3) unstable; urgency=medium
+
+  * debian/copyright: remove mention to rbenv-alternatives/
+  * manpage: remove mention of rbenv-alternatives
+
+ -- Antonio Terceiro terce...@debian.org  Thu, 29 Jan 2015 17:48:33 -0200
+
 rbenv (0.4.0+debian1-2) unstable; urgency=medium
 
   * Remove rbenv-alternatives plugin. The Ruby maintainers do not plan to
diff -Nru rbenv-0.4.0+debian1/debian/copyright rbenv-0.4.0+debian1/debian/copyright
--- rbenv-0.4.0+debian1/debian/copyright	2014-02-26 13:09:33.0 -0300
+++ rbenv-0.4.0+debian1/debian/copyright	2015-01-29 17:48:35.0 -0200
@@ -6,10 +6,6 @@
 Copyright: Copyright (c) 2011 Sam Stephenson
 License: MIT
 
-Files: rbenv-alternatives/*
-Copyright: Copyright © 2011 Antonio Terceiro terce...@debian.org
-License: MIT
-
 Files: debian/*
 Copyright: Copyright © 2011 Antonio Terceiro terce...@debian.org
 License: MIT
diff -Nru rbenv-0.4.0+debian1/debian/rbenv.pod rbenv-0.4.0+debian1/debian/rbenv.pod
--- rbenv-0.4.0+debian1/debian/rbenv.pod	2014-02-26 13:09:33.0 -0300
+++ rbenv-0.4.0+debian1/debian/rbenv.pod	2015-01-29 17:48:35.0 -0200
@@ -10,21 +10,19 @@
   $ echo 'eval $(rbenv init -)'  ~/.bashrc
   # restart your shell after this
 
-Make the Ruby interpreters installed through APT and configured with the
-alternatives system to rbenv:
+Install different Ruby interpreters (requires the Iruby-install
+package):
 
-  $ rbenv alternatives
-  Added 1.8.7-debian
-  Added 1.9.2-debian
+  $ rbenv install 1.9.2-p290
 
 Switch between different Ruby interpreters:
 
-  $ rbenv global 1.9.2-debian
+  $ rbenv global 1.9.2-p290
   $ ruby -v
   ruby 1.9.2p290 (2011-07-09 revision 32553) [x86_64-linux]
-  $ rbenv global 1.8.7-debian
+  $ rbenv global system
   $ ruby -v
-  ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]
+  ruby [whatever version of Ruby Debian provides by default]
 
 The original rbenv README with a more comprehensive documentation,
 including all of the available commands, is available at


signature.asc
Description: Digital signature
---End Message---
---BeginMessage---
Hi,

On Fri, Jan 30, 2015 at 09:44:42AM -0200, Antonio Terceiro wrote:
 Please unblock package rbenv

Unblocked.

Cheers,

Ivo---End Message---

Bug#776657: marked as done (unblock: redmine/3.0~20140825-4)

2015-02-01 Thread Debian Bug Tracking System 
Your message dated Sun, 1 Feb 2015 11:18:34 +0100
with message-id 20150201101834.gb23...@ugent.be
and subject line Re: Bug#776657: unblock: redmine/3.0~20140825-4
has caused the Debian Bug report #776657,
regarding unblock: redmine/3.0~20140825-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
776657: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776657
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package redmine

This version includes a documentation update, and changes to
debian/tests/* which add a new DEP-8 test case, but have no impact
whatsoever on the produced binary packages.

The diff against the version currently in testing is attached.

unblock redmine/3.0~20140825-4

-- System Information:
Debian Release: 8.0
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (500, 'testing'), 
(1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
Antonio Terceiro terce...@debian.org
diff --git a/debian/changelog b/debian/changelog
index f36fe0c..6bad6fb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+redmine (3.0~20140825-4) unstable; urgency=medium
+
+  * debian/doc/examples/apache2-passenger-alias.conf: updated example
+configuration for Passenger setups under a sub-uri (e.g. /redmine) so that
+it actually works.
+  * debian/tests/* also test apache2-passenger-alias case.
+
+ -- Antonio Terceiro terce...@debian.org  Fri, 30 Jan 2015 14:04:38 -0200
+
 redmine (3.0~20140825-3) unstable; urgency=medium
 
   * debian/patches/avoid-crash-on-issues.diff: apply upstream patch to avoid
diff --git a/debian/doc/examples/apache2-passenger-alias.conf b/debian/doc/examples/apache2-passenger-alias.conf
index 91b7bab..3911794 100644
--- a/debian/doc/examples/apache2-passenger-alias.conf
+++ b/debian/doc/examples/apache2-passenger-alias.conf
@@ -10,6 +10,10 @@
 # apache2 serves public files
 Alias /redmine/plugin_assets/ /var/cache/redmine/default/plugin_assets/
 Alias /redmine /usr/share/redmine/public
+Location /redmine
+PassengerBaseURI /redmine
+PassengerAppRoot /usr/share/redmine
+/Location
 Directory /usr/share/redmine/public
 Allow from all
 Options -MultiViews
diff --git a/debian/tests/control b/debian/tests/control
index 1e94396..a0aaddf 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -1,11 +1,15 @@
-Test-Command: debian/tests/smoke-test sqlite3
+Test-Command: debian/tests/smoke-test sqlite3 apache2-passenger-host /
 Depends: redmine-sqlite, redmine, apache2, libapache2-mod-passenger, curl
 Restrictions: needs-root
 
-Test-Command: debian/tests/smoke-test postgresql
+Test-Command: debian/tests/smoke-test postgresql apache2-passenger-host /
 Depends: postgresql, redmine-pgsql, redmine, apache2, libapache2-mod-passenger, curl
 Restrictions: needs-root
 
-Test-Command: debian/tests/smoke-test mysql2
+Test-Command: debian/tests/smoke-test mysql2 apache2-passenger-host /
 Depends: mysql-server, redmine-mysql, redmine, apache2, libapache2-mod-passenger, curl
 Restrictions: needs-root
+
+Test-Command: debian/tests/smoke-test sqlite3 apache2-passenger-alias /redmine
+Depends: redmine-sqlite, redmine, apache2, libapache2-mod-passenger, curl
+Restrictions: needs-root
diff --git a/debian/tests/smoke-test b/debian/tests/smoke-test
index 1110061..2e9e8e4 100755
--- a/debian/tests/smoke-test
+++ b/debian/tests/smoke-test
@@ -1,30 +1,18 @@
 #!/bin/sh
 
 dbadapter=${1:-sqlite3}
-webserver=${2:-apache2-passenger}
+setup=${2:-apache2-passenger-host}
+uri=${3:-/}
 
 exec 21
 set -eux
 
 grep adapter:[[:space:]]*$dbadapter /etc/redmine/default/database.yml
 
-setup_apache2() {
-  sed -e '/VirtualHost/ a ServerName localhost' /usr/share/doc/redmine/examples/$webserver-host.conf  /etc/apache2/sites-enabled/redmine.conf
-  service apache2 restart
-}
+a2enmod rewrite
 
-case $webserver in
-  apache2)
-a2enmod rewrite
-setup_apache2
-;;
-  apache2-passenger)
-setup_apache2
-;;
-  *)
-set +x
-echo Testing under $webserver not supported yet
-exit 1
-esac
+sed -e '/VirtualHost/ a ServerName localhost' /usr/share/doc/redmine/examples/${setup}.conf  /etc/apache2/sites-enabled/redmine.conf
 
-curl -s http://localhost/ | grep

NEW changes in stable-new

2015-02-01 Thread Debian FTP Masters 
Processing changes file: tzdata_2015a-0wheezy1_amd64.changes
  ACCEPT


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/e1yhwgp-0007ap...@franck.debian.org

Processed: Re: Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)

2015-02-01 Thread Debian Bug Tracking System 
Processing control commands:

 tags -1 + moreinfo
Bug #776748 [release.debian.org] (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 
(via t-p-u)
Added tag(s) moreinfo.

-- 
776748: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776748
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/handler.s.b776748.142281081126509.transcr...@bugs.debian.org

Bug#776777: marked as done (unblock: libdatetime-timezone-perl/1:1.75-2+2015a)

2015-02-01 Thread Debian Bug Tracking System 
Your message dated Sun, 01 Feb 2015 17:18:27 +
with message-id 1422811107.14650.7.ca...@adam-barratt.org.uk
and subject line Re: Bug#776777: unblock: 
libdatetime-timezone-perl/1:1.75-2+2015a
has caused the Debian Bug report #776777,
regarding unblock: libdatetime-timezone-perl/1:1.75-2+2015a
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
776777: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776777
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Please unblock package libdatetime-timezone-perl.

1:1.75-2+2015a includes the update to Olson db 2015a, as usual as a
quilt patch which only touches the .pm files containing the timezone
information.

I'm attaching a manually stripped down debdiff.

Changelog:

libdatetime-timezone-perl (1:1.75-2+2015a) unstable; urgency=high

  * Update to Olson database version 2015a.
Add patch debian/patches/olson-2015a, which updates the timezone *.pm
files, using upstream's tools/parse_olson script.
  * Set urgency to high.
A change for America/Cancun becomes effective today.

 -- gregor herrmann gre...@debian.org  Sun, 01 Feb 2015 17:15:22 +0100

Thanks,
gregor


unblock libdatetime-timezone-perl/1:1.75-2+2015a

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQJ8BAEBCgBmBQJUzlPVXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREMUUxMzE2RTkzQTc2MEE4MTA0RDg1RkFC
QjNBNjgwMTg2NDlBQTA2AAoJELs6aAGGSaoG7iMQAL3OnxT+TVuqiOWydbWMv20n
RFrNp1FqkVbC4ezSVG5DZwkByPtKSfWK4fjN8eoxhXQ72PpUla7FB1+V1J1w0/ma
WBCu7GUJ6YwQRCi2Wj9GwME8qjxyihfyqbgW0vz6QQBoBunIhRhnsJuWlylWdKYo
vGLAhhYd6tFqJ4iW6daYTXp48SvThviDPZihECXYb8YGjPnFSA3UJZ3yJD5I4goD
UgT38FzgCvuIAXPdOTG2SSn/LtcYf7VJToQr+Jn6qVNlqG9GH4fOK9zPIf7qzTiT
PIzok1sr3NS8lFg3GN9WbQ8S3tsRrFY6NFFZcOdwfuiQmWsgn5NE9/yiMCxSUnXG
DrBXI1SePPhBv88P5Gu19/nN1gVkreLTpTrEoLYvqw77yMEvL6sz5mVfoBp0Z40M
e/rKFGprsOJbECs9Ejz5ptxA30Aplm96mj1E2/j+OStabcDTghHhk16c/xUdY9qv
FG3EqcdYUXUbnAYhKQOEHA3QTFenPPNcj1yhdz2ArgY1naRztCunxFiV2oqln9rY
ILqP+v063cd1HXAwO83cN9wrwgqSYHw/y0/GIo/vCmy0+EHs87fPUIko3DQn1Dap
WQ/GVEmTsKm9VWVMrXBUpCCYoxkj8A2q3ZTKu2zjN+qJEraDMAIlbQp0G9Ticqtd
XKMnGc5meSa53+d2Rt5z
=5FOC
-END PGP SIGNATURE-
diff -Nru libdatetime-timezone-perl-1.75/debian/changelog libdatetime-timezone-perl-1.75/debian/changelog
--- libdatetime-timezone-perl-1.75/debian/changelog	2014-11-13 15:18:56.0 +0100
+++ libdatetime-timezone-perl-1.75/debian/changelog	2015-02-01 17:17:15.0 +0100
@@ -1,3 +1,13 @@
+libdatetime-timezone-perl (1:1.75-2+2015a) unstable; urgency=high
+
+  * Update to Olson database version 2015a.
+Add patch debian/patches/olson-2015a, which updates the timezone *.pm
+files, using upstream's tools/parse_olson script.
+  * Set urgency to high.
+A change for America/Cancun becomes effective today.
+
+ -- gregor herrmann gre...@debian.org  Sun, 01 Feb 2015 17:15:22 +0100
+
 libdatetime-timezone-perl (1:1.75-2+2014j) unstable; urgency=high
 
   * Update to Olson database version 2014j.
diff -Nru libdatetime-timezone-perl-1.75/debian/patches/olson-2015a libdatetime-timezone-perl-1.75/debian/patches/olson-2015a
--- libdatetime-timezone-perl-1.75/debian/patches/olson-2015a	1970-01-01 01:00:00.0 +0100
+++ libdatetime-timezone-perl-1.75/debian/patches/olson-2015a	2015-02-01 17:17:15.0 +0100
@@ -0,0 +1,16039 @@
+Description: update to olson db 2015a
+Origin: vendor
+Author: gregor herrmann gre...@debian.org
+Last-Update: 2015-02-01
+
+--- a/lib/DateTime/TimeZone/Africa/Abidjan.pm
 b/lib/DateTime/TimeZone/Africa/Abidjan.pm
+@@ -3,7 +3,7 @@
+ # DateTime::TimeZone module distribution in the tools/ directory
+ 
+ #
+-# Generated from debian/tzdata/africa.  Olson data version 2014j
++# Generated from debian/tzdata/africa.  Olson data version 2015a
+ #
+ # Do not edit this file directly.
+ #
+@@ -39,11 +39,11 @@
+ ],
+ ];
+ 
+-sub olson_version { '2014j' }
++sub olson_version { '2015a' }
+ 
+ sub has_dst_changes { 0 }
+ 
+-sub _max_year { 2024 }
++sub _max_year { 2025 }
+ 
+ sub _new_instance
+ {
+--- a/lib/DateTime/TimeZone/America/Cancun.pm
 b/lib/DateTime/TimeZone/America/Cancun.pm
+@@ -3,7 +3,7 @@
+ # DateTime::TimeZone module distribution in the tools/ directory
+ 
+ #
+-# Generated from debian/tzdata/northamerica.  Olson data version 2014j
++# Generated from debian/tzdata/northamerica.  Olson data version 2015a
+ #
+ # Do not edit this file directly.
+ #
+@@ -390,283 +390,35 @@
+ ],
+ [
+

Processed: Re: Bug#776734: pu: package spamassassin/3.3.2-5+deb7u3

2015-02-01 Thread Debian Bug Tracking System 
Processing control commands:

 tags -1 + confirmed wheezy
Bug #776734 [release.debian.org] pu: package spamassassin/3.3.2-5+deb7u3
Added tag(s) wheezy and confirmed.

-- 
776734: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776734
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/handler.s.b776734.142281122031449.transcr...@bugs.debian.org

Bug#776733: marked as done (unblock: libsndfile/1.0.25-9.1)

2015-02-01 Thread Debian Bug Tracking System 
Your message dated Sun, 01 Feb 2015 17:21:20 +
with message-id 1422811280.14650.9.ca...@adam-barratt.org.uk
and subject line Re: Bug#776733: unblock: libsndfile/1.0.25-9.1
has caused the Debian Bug report #776733,
regarding unblock: libsndfile/1.0.25-9.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
776733: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776733
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please consider unblocking libsndfile.  It fixes buffer overrun issues
(bug #774162).

unblock libsndfile/1.0.25-9.1
diff -Nru libsndfile-1.0.25/debian/changelog libsndfile-1.0.25/debian/changelog
--- libsndfile-1.0.25/debian/changelog	2014-01-29 19:43:08.0 +
+++ libsndfile-1.0.25/debian/changelog	2015-01-06 01:19:30.0 +
@@ -1,3 +1,10 @@
+libsndfile (1.0.25-9.1) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix CVE-2014-9496: buffer overread issues (closes: #774162).
+
+ -- Michael Gilbert mgilb...@debian.org  Sun, 04 Jan 2015 20:38:25 +
+
 libsndfile (1.0.25-9) unstable; urgency=low
 
   * debian/rules: Switch from autotools-dev to dh-autoreconf.
diff -Nru libsndfile-1.0.25/debian/patches/CVE-2014-9496.patch libsndfile-1.0.25/debian/patches/CVE-2014-9496.patch
--- libsndfile-1.0.25/debian/patches/CVE-2014-9496.patch	1970-01-01 00:00:00.0 +
+++ libsndfile-1.0.25/debian/patches/CVE-2014-9496.patch	2015-01-06 01:19:50.0 +
@@ -0,0 +1,31 @@
+description: fix buffer overread issues
+origin: https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378
+
+--- a/src/sd2.c
 b/src/sd2.c
+@@ -513,6 +513,11 @@ sd2_parse_rsrc_fork (SF_PRIVATE *psf)
+ 
+ 	rsrc.type_offset = rsrc.map_offset + 30 ;
+ 
++	if (rsrc.map_offset + 28  rsrc.rsrc_len)
++	{   psf_log_printf (psf, Bad map offset.\n) ;
++		goto parse_rsrc_fork_cleanup ;
++		} ;
++
+ 	rsrc.type_count = read_rsrc_short (rsrc, rsrc.map_offset + 28) + 1 ;
+ 	if (rsrc.type_count  1)
+ 	{	psf_log_printf (psf, Bad type count.\n) ;
+@@ -529,7 +534,12 @@ sd2_parse_rsrc_fork (SF_PRIVATE *psf)
+ 
+ 	rsrc.str_index = -1 ;
+ 	for (k = 0 ; k  rsrc.type_count ; k ++)
+-	{	marker = read_rsrc_marker (rsrc, rsrc.type_offset + k * 8) ;
++	{   if (rsrc.type_offset + k * 8  rsrc.rsrc_len)
++		{   psf_log_printf (psf, Bad rsrc marker.\n) ;
++			goto parse_rsrc_fork_cleanup ;
++			} ;
++
++		marker = read_rsrc_marker (rsrc, rsrc.type_offset + k * 8) ;
+ 
+ 		if (marker == STR_MARKER)
+ 		{	rsrc.str_index = k ;
diff -Nru libsndfile-1.0.25/debian/patches/series libsndfile-1.0.25/debian/patches/series
--- libsndfile-1.0.25/debian/patches/series	2014-01-29 19:43:08.0 +
+++ libsndfile-1.0.25/debian/patches/series	2015-01-06 01:19:14.0 +
@@ -1,2 +1,3 @@
 00lossy_comp_test-overflow.diff
 01_sd2_rsrc_segfault.diff
+CVE-2014-9496.patch
---End Message---
---BeginMessage---
On Sat, 2015-01-31 at 16:48 -0500, Michael Gilbert wrote:
 Please consider unblocking libsndfile.  It fixes buffer overrun issues
 (bug #774162).

Unblocked.

Regards,

Adam---End Message---

Processed (with 1 errors): Re: Bug#776781: wheezy-pu: package libdatetime-timezone-perl/1:1.58-1+2015a

2015-02-01 Thread Debian Bug Tracking System 
Processing control commands:

 tags -1 + confimred
Unknown tag/s: confimred.
Recognized are: patch wontfix moreinfo unreproducible fixed potato woody sid 
help security upstream pending sarge sarge-ignore experimental d-i confirmed 
ipv6 lfs fixed-in-experimental fixed-upstream l10n newcomer etch etch-ignore 
lenny lenny-ignore squeeze squeeze-ignore wheezy wheezy-ignore jessie 
jessie-ignore stretch stretch-ignore buster buster-ignore.

Bug #776781 [release.debian.org] wheezy-pu: package 
libdatetime-timezone-perl/1:1.58-1+2015a
Requested to add no tags; doing nothing.

-- 
776781: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776781
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/handler.s.b776781.142281090327363.transcr...@bugs.debian.org

Bug#776734: pu: package spamassassin/3.3.2-5+deb7u3

2015-02-01 Thread Adam D. Barratt 
Control: tags -1 + confirmed wheezy

On Sat, 2015-01-31 at 17:07 -0500, Noah Meyerhans wrote:
 The ruleset bundled with the spamassassin packages in stable contains a
 reference to a DNS blacklist that is no longer in operation and is
 answering yes to all queries. This has the effect of elevating a
 message's spam score and increasing the risk of false positives.

Please go ahead.

Regards,

Adam


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1422811212.14650.8.ca...@adam-barratt.org.uk

Bug#776781: wheezy-pu: package libdatetime-timezone-perl/1:1.58-1+2015a

2015-02-01 Thread gregor herrmann 
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian@packages.debian.org
Usertags: pu

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I think we might want to get a new libdatetime-timezone-perl into
wheezy, since there are chances to America/Cancun, effective today;
either into the next point release or into stable-updates.

I've prepared 1:1.58-1+2015a in git, which as usual adds the changes
to the Olson db 2015a as a quilt patch. I'm attaching a manually
tripped down debdiff.

Changelog:

libdatetime-timezone-perl (1:1.58-1+2015a) UNRELEASED; urgency=medium

  * Update to version 2015a of the Olson database.

 -- gregor herrmann gre...@debian.org  Sun, 01 Feb 2015 17:36:15 +0100



Thanks in advance,
gregor

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQJ8BAEBCgBmBQJUzlniXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREMUUxMzE2RTkzQTc2MEE4MTA0RDg1RkFC
QjNBNjgwMTg2NDlBQTA2AAoJELs6aAGGSaoGvGAQALD7MUy4vGmrQDXgZQeGESMt
HBKAppGjT2t7BYaxdjTI8hIrhGkQw/AtWx9jfqmLmaOizqBgn6ESyVsYmJwU606l
WD1PFGzu9A7zodb7wsaedSa5TpuD7NYqHnZWVXRkZjwVCzAI3V+1/fjNRTAziRWg
/23aysLAsJ0FAGT4YNmqWGyu4LWnkevu6JaB4XfoKqa8iCcHSeEJgc7Tz0GmwOge
3phE9nMpdhJEh3VlozPCwbA/U+5glBsR0GQO5bWwdL/o8vB6xVRsPdoUAuZJUTt4
3TIWGN+7DapT5FF5y7FFw6JUEQM03svWpFgFXfKmoXhKm43Mt/wnHx6UvEq3huHN
zGjgdsCbIYWvjsLgjVpLqvLHTUig7p5BohJ1keQ7vnbneTVR4RgdoUm/E72Aw0eq
N8t6+wJBY5fEV2k4ZfztdtPpwPofR/etR51PoHW3GOiVq5oi2ZuYk6wZ8ObWZ4RU
V52SQyD2jkwb8FiZn3qTcAnrphCXWD+505voQb2swO8qRPHN/tHx5XiSB3IJMibN
rBhLfl0wMXArqOqvWJqvAKLkAa+2zjgHKztnTAWlEUh7ZkgjO5HGL3NbCaknfQHD
q4SqG3I1iNMk4PN14sxsDwOX30Nag0pYfqA9zUOAsD672u6h1nv1GiFqNfDrlb53
RYYfA0G+JZ/1d8/tGJDO
=v1qZ
-END PGP SIGNATURE-
diff -Nru libdatetime-timezone-perl-1.58/debian/changelog libdatetime-timezone-perl-1.58/debian/changelog
--- libdatetime-timezone-perl-1.58/debian/changelog	2015-01-01 18:42:57.0 +0100
+++ libdatetime-timezone-perl-1.58/debian/changelog	2015-02-01 17:36:44.0 +0100
@@ -1,3 +1,9 @@
+libdatetime-timezone-perl (1:1.58-1+2015a) UNRELEASED; urgency=medium
+
+  * Update to version 2015a of the Olson database.
+
+ -- gregor herrmann gre...@debian.org  Sun, 01 Feb 2015 17:36:15 +0100
+
 libdatetime-timezone-perl (1:1.58-1+2014j) stable-proposed-updates; urgency=medium
 
   * Update to version(s 2014i and) 2014j of the Olson database.
diff -Nru libdatetime-timezone-perl-1.58/debian/patches/olson-2015a libdatetime-timezone-perl-1.58/debian/patches/olson-2015a
--- libdatetime-timezone-perl-1.58/debian/patches/olson-2015a	1970-01-01 01:00:00.0 +0100
+++ libdatetime-timezone-perl-1.58/debian/patches/olson-2015a	2015-02-01 17:36:44.0 +0100
@@ -0,0 +1,11772 @@
+--- a/lib/DateTime/TimeZone/Africa/Abidjan.pm
 b/lib/DateTime/TimeZone/Africa/Abidjan.pm
+@@ -3,7 +3,7 @@
+ # DateTime::TimeZone module distribution in the tools/ directory
+ 
+ #
+-# Generated from debian/tzdata/africa.  Olson data version 2014j
++# Generated from debian/tzdata/africa.  Olson data version 2015a
+ #
+ # Do not edit this file directly.
+ #
+@@ -42,7 +42,7 @@
+ ],
+ ];
+ 
+-sub olson_version { '2014j' }
++sub olson_version { '2015a' }
+ 
+ sub has_dst_changes { 0 }
+ 
+--- a/lib/DateTime/TimeZone/America/Cancun.pm
 b/lib/DateTime/TimeZone/America/Cancun.pm
+@@ -3,7 +3,7 @@
+ # DateTime::TimeZone module distribution in the tools/ directory
+ 
+ #
+-# Generated from debian/tzdata/northamerica.  Olson data version 2014j
++# Generated from debian/tzdata/northamerica.  Olson data version 2015a
+ #
+ # Do not edit this file directly.
+ #
+@@ -393,225 +393,27 @@
+ ],
+ [
+ 6354999, #utc_start 2014-10-26 07:00:00 (Sun)
+-63563904000, #  utc_end 2015-04-05 08:00:00 (Sun)
++63558460800, #  utc_end 2015-02-01 08:00:00 (Sun)
+ 63549968400, #  local_start 2014-10-26 01:00:00 (Sun)
+-63563882400, #local_end 2015-04-05 02:00:00 (Sun)
++63558439200, #local_end 2015-02-01 02:00:00 (Sun)
+ -21600,
+ 0,
+ 'CST',
+ ],
+ [
+-63563904000, #utc_start 2015-04-05 08:00:00 (Sun)
+-63581439600, #  utc_end 2015-10-25 07:00:00 (Sun)
+-63563886000, #  local_start 2015-04-05 03:00:00 (Sun)
+-63581421600, #local_end 2015-10-25 02:00:00 (Sun)
++63558460800, #utc_start 2015-02-01 08:00:00 (Sun)
++DateTime::TimeZone::INFINITY, #  utc_end
++63558442800, #  local_start 2015-02-01 03:00:00 (Sun)
++DateTime::TimeZone::INFINITY, #local_end
+ -18000,
+-1,
+-'CDT',
+-],
+-[
+-63581439600, #utc_start 2015-10-25 07:00:00 (Sun)
+-63595353600, #  utc_end 2016-04-03 08:00:00 (Sun)
+-63581418000, #  local_start 2015-10-25 01:00:00 (Sun)
+-63595332000, #local_end 2016-04-03 02:00:00 (Sun)
+--21600,
+-0,
+-'CST',
+-],
+-[
+-63595353600, #utc_start 2016-04-03 08:00:00 (Sun)
+-63613494000, #  utc_end 2016-10-30 07:00:00 (Sun)
+-63595335600, #  local_start 2016-04-03 03:00:00 (Sun)
+-63613476000, #local_end 2016-10-30 02:00:00 (Sun)
+--18000,
+-1,
+-'CDT',
+-],
+-[

Bug#776723: unblock: winetricks/0.0+20141009+svn1208-2 (pre-approval)

2015-02-01 Thread Adam D. Barratt 
Control: tags -1 + confirmed moreinfo

On Sat, 2015-01-31 at 13:52 -0500, Joseph Bisch wrote:
 Hi, I am requesting an unblock with pre-approval. If granted, my sponsor
 will upload the new version of winetricks.
 
 This version of winetricks would fix a serious bug (#775439) which
 prevents the Visual C++ 2013 Runtime Libraries from being installed due
 to a sha1sum mismatch. I am specifically requesting an unblock for this
 sha1sum mismatch, because the Visual C++ Runtime Libraries are used by many
 programs that users may want to run using wine.

Please go ahead, and remove the moreinfo tag once the package has been
accepted.

Regards,

Adam


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1422811428.14650.10.ca...@adam-barratt.org.uk

Processed: Re: Bug#776723: unblock: winetricks/0.0+20141009+svn1208-2 (pre-approval)

2015-02-01 Thread Debian Bug Tracking System 
Processing control commands:

 tags -1 + confirmed moreinfo
Bug #776723 [release.debian.org] unblock: winetricks/0.0+20141009+svn1208-2 
(pre-approval)
Added tag(s) confirmed and moreinfo.

-- 
776723: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776723
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/handler.s.b776723.14228114351317.transcr...@bugs.debian.org

Bug#776787: unblock: intel-microcode/3.20150121.1

2015-02-01 Thread Henrique de Moraes Holschuh 
Package: release.debian.org
Severity: important
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package intel-microcode

Intel botched a microcode update in the 20150107 release, currently in
Debian jessie (testing).  This broken microcode update causes core hangs
and boot issues on boxes with Intel Xeon E5v3 processors (Debian
bug #776431).

Updated packages were uploaded to Debian unstable a few days ago which
fix the grave issue with the Xeon E5v3 microcode, as well as a very
minor shell scripting issue found by ShellCheck.  This upload was done
by Paul Tagliamonte (also a Debian Developer) as I was unable to do it
in a short timeframe due to an unfortunate hardware issue on my Debian
build box.

The new upstream microcode release (20150121) fixed the broken microcode
update by reverting that specific microcode to an older release that had
been previously distributed (in upstream 20140913).  This older (known
good) release of the Xeon E5v3 microcode was in Debian unstable/testing
for four months, without any reported issues.  The known-good microcode
is currently in Debian stable.

There were no other changes to the upstream microcode data file, just
the revert of the problematic microcode update.

Other Haswell-E based Intel processors with family 6, model 63, stepping
2 (such as hexa/octa-core Core i7 desktop parts) might also be affected
by the broken microcode update, so it could hit desktop users as well,
not just servers and workstations.

This package update fixes Debian bug #776431 (severity grave).

diffstat:
 changelog  |6 
 debian/changelog   |   18 
 debian/initramfs.hook  |2 
 microcode-20150107.dat |41591 -
 microcode-20150121.dat |41591 +
 5 files changed, 41615 insertions(+), 41593 deletions(-)

Abridged debdiff attached (with the upstream microcode data file changes
removed, for clarity).

Thank you.


unblock intel-microcode/3.20150121.1

-- 
  One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie. -- The Silicon Valley Tarot
  Henrique Holschuh
diff -Nru intel-microcode-3.20150107.1/changelog intel-microcode-3.20150121.1/changelog
--- intel-microcode-3.20150107.1/changelog	2015-01-17 23:58:43.0 -0200
+++ intel-microcode-3.20150121.1/changelog	2015-01-29 20:57:13.0 -0200
@@ -1,8 +1,12 @@
+2015-01-21:
+  * Downgraded microcodes (to a previously shipped revision):
+sig 0x000306f2, pf mask 0x6f, 2014-09-03, rev 0x0029, size 28672
+
 2015-01-07:
   * New Microcodes:
 sig 0x000306d4, pf mask 0xc0, 2014-12-05, rev 0x0018, size 14336
 
-  * Updated Microcodes:
+  * Updated Microcodes (this update is known to cause issues):
 sig 0x000306f2, pf mask 0x6f, 2014-11-21, rev 0x002d, size 28672
 
 2014-09-13:
diff -Nru intel-microcode-3.20150107.1/debian/changelog intel-microcode-3.20150121.1/debian/changelog
--- intel-microcode-3.20150107.1/debian/changelog	2015-01-18 00:30:13.0 -0200
+++ intel-microcode-3.20150121.1/debian/changelog	2015-01-29 20:57:19.0 -0200
@@ -1,3 +1,21 @@
+intel-microcode (3.20150121.1) unstable; urgency=critical
+
+  * New upstream microcode data file 20150121
+* Downgraded microcodes (to a previously shipped revision):
+  sig 0x000306f2, pf mask 0x6f, 2014-09-03, rev 0x0029, size 28672
+* The microcode downgrade fixes a very nasty regression on Xeon E5v3
+  processors (closes: #776431)
+  * critical urgency: the broken sig 0x306f2, rev 0x2b microcode shipped
+in release 20150107 caused CPU core hangs and Linux boot failures.
+The upstream fix was to downgrade it to the same microcode revision
+that was shipped in release 20140913
+  * source: remove superseded upstream data file: 20150107.
+  * initramfs.hook: do not mix arrays and lists.
+Avoid echo foo $@, use echo foo $* instead.  This is unlikely
+to be expĺoitable, but it makes ShellCheck happier.
+
+ -- Henrique de Moraes Holschuh h...@debian.org  Wed, 28 Jan 2015 20:03:20 -0200
+
 intel-microcode (3.20150107.1) unstable; urgency=high
 
   * New upstream microcode data file 20150107
diff -Nru intel-microcode-3.20150107.1/debian/initramfs.hook intel-microcode-3.20150121.1/debian/initramfs.hook
--- intel-microcode-3.20150107.1/debian/initramfs.hook	2015-01-17 23:58:33.0 -0200
+++ intel-microcode-3.20150121.1/debian/initramfs.hook	2015-01-29 20:57:13.0 -0200
@@ -29,7 +29,7 @@
 verbose()
 {
 	if [ ${verbose} = y ] ; then
-		echo intel-microcode: $@
+		echo intel-microcode: $*
 	fi
 	:
 }
diff -Nru intel-microcode-3.20150107.1/microcode-20150107.dat intel-microcode-3.20150121.1/microcode-20150107.dat
diff -Nru intel-microcode-3.20150107.1/microcode-20150121.dat intel-microcode-3.20150121.1/microcode-20150121.dat

Bug#776021: unblock: cryptsetup/2:1.6.6-5

2015-02-01 Thread Jonas Meurer 
Hi again,

Am 29.01.2015 um 22:51 schrieb Jonas Meurer:
 Hi,
 
 Am 29.01.2015 um 19:26 schrieb Cyril Brulebois:
 Niels Thykier ni...@thykier.net (2015-01-29):
 Ack from RT, adding KiBi to CC for a d-i ack.


 Why isn't the BTS updated with the information contained in the unblock
 request? It'd be very helpful to avoid having incorrect or insufficient
 information in the BTS, if at all to avoid wasted efforts…
 
 I'm sorry for that. As I tried to explain in the unblock request,
 bugreport #773456 was not exactly about the critical problem I
 introduced with 2:1.6.6-4. But I should have opened an RC bug myself
 before doing the upload to make this more clear to you. I apologize for
 not doing that. Now it's clear to me that this would be the correct way
 to go, especially in that phase of release freeze - and that I would
 have saved some hassle on your side that way.
 
 Since we have this:
   cryptsetup-udeb: /lib/cryptsetup/cryptdisks.functions

 I'm going to ask whether anyone has tested this new cryptsetup in a d-i
 context to make sure the fix isn't triggering more fun elsewhere…

 Failing at least basic testing, I'm not exactly excited with a quick
 migration to testing.
 
 It's a one-line fix for the init scripts. cryptdisks.functions is
 sourced by the init scripts and by crypdisks_st{art,op}, it's not used
 anywhere else. I cannot imagine any interference with debian-installer.
 Actually the only relevant change is that the precheck for a
 ubuntu-specific upstart initscript changed from
 invoke-rc.d --quiet cryptdisks-udev status  ...
 to
 [ -x /sbin/status ]  ...
 
 The one-character change following in the grep regex is only relevant to
 upstart-based ubuntu systems anyway.
 
 But if you want me to, I could do basic testing. I guess that testing
 the daily-built images from sid would be the right thing in that case?

I did some d-i testing today and for me everything worked as expected. I
used the d-i images from
http://cdimage.debian.org/cdimage/daily-builds/sid_d-i/current/amd64/iso-cd/
which uses cryptsetup 2:1.6.6-5 udebs.

Cheers,
 jonas


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54ce6ff8.90...@freesources.org

Bug#776781: wheezy-pu: package libdatetime-timezone-perl/1:1.58-1+2015a

2015-02-01 Thread Adam D. Barratt 
Control: tags -1 + confimred

On Sun, 2015-02-01 at 17:52 +0100, gregor herrmann wrote:
 I think we might want to get a new libdatetime-timezone-perl into
 wheezy, since there are chances to America/Cancun, effective today;
 either into the next point release or into stable-updates.

Indeed, I had pondered that when the tzdata upload was mentioned earlier
today.

Please go ahead, thanks.

Regards,

Adam


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1422810895.14650.6.ca...@adam-barratt.org.uk

Bug#776777: unblock: libdatetime-timezone-perl/1:1.75-2+2015a

2015-02-01 Thread gregor herrmann 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Please unblock package libdatetime-timezone-perl.

1:1.75-2+2015a includes the update to Olson db 2015a, as usual as a
quilt patch which only touches the .pm files containing the timezone
information.

I'm attaching a manually stripped down debdiff.

Changelog:

libdatetime-timezone-perl (1:1.75-2+2015a) unstable; urgency=high

  * Update to Olson database version 2015a.
Add patch debian/patches/olson-2015a, which updates the timezone *.pm
files, using upstream's tools/parse_olson script.
  * Set urgency to high.
A change for America/Cancun becomes effective today.

 -- gregor herrmann gre...@debian.org  Sun, 01 Feb 2015 17:15:22 +0100

Thanks,
gregor


unblock libdatetime-timezone-perl/1:1.75-2+2015a

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQJ8BAEBCgBmBQJUzlPVXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREMUUxMzE2RTkzQTc2MEE4MTA0RDg1RkFC
QjNBNjgwMTg2NDlBQTA2AAoJELs6aAGGSaoG7iMQAL3OnxT+TVuqiOWydbWMv20n
RFrNp1FqkVbC4ezSVG5DZwkByPtKSfWK4fjN8eoxhXQ72PpUla7FB1+V1J1w0/ma
WBCu7GUJ6YwQRCi2Wj9GwME8qjxyihfyqbgW0vz6QQBoBunIhRhnsJuWlylWdKYo
vGLAhhYd6tFqJ4iW6daYTXp48SvThviDPZihECXYb8YGjPnFSA3UJZ3yJD5I4goD
UgT38FzgCvuIAXPdOTG2SSn/LtcYf7VJToQr+Jn6qVNlqG9GH4fOK9zPIf7qzTiT
PIzok1sr3NS8lFg3GN9WbQ8S3tsRrFY6NFFZcOdwfuiQmWsgn5NE9/yiMCxSUnXG
DrBXI1SePPhBv88P5Gu19/nN1gVkreLTpTrEoLYvqw77yMEvL6sz5mVfoBp0Z40M
e/rKFGprsOJbECs9Ejz5ptxA30Aplm96mj1E2/j+OStabcDTghHhk16c/xUdY9qv
FG3EqcdYUXUbnAYhKQOEHA3QTFenPPNcj1yhdz2ArgY1naRztCunxFiV2oqln9rY
ILqP+v063cd1HXAwO83cN9wrwgqSYHw/y0/GIo/vCmy0+EHs87fPUIko3DQn1Dap
WQ/GVEmTsKm9VWVMrXBUpCCYoxkj8A2q3ZTKu2zjN+qJEraDMAIlbQp0G9Ticqtd
XKMnGc5meSa53+d2Rt5z
=5FOC
-END PGP SIGNATURE-
diff -Nru libdatetime-timezone-perl-1.75/debian/changelog libdatetime-timezone-perl-1.75/debian/changelog
--- libdatetime-timezone-perl-1.75/debian/changelog	2014-11-13 15:18:56.0 +0100
+++ libdatetime-timezone-perl-1.75/debian/changelog	2015-02-01 17:17:15.0 +0100
@@ -1,3 +1,13 @@
+libdatetime-timezone-perl (1:1.75-2+2015a) unstable; urgency=high
+
+  * Update to Olson database version 2015a.
+Add patch debian/patches/olson-2015a, which updates the timezone *.pm
+files, using upstream's tools/parse_olson script.
+  * Set urgency to high.
+A change for America/Cancun becomes effective today.
+
+ -- gregor herrmann gre...@debian.org  Sun, 01 Feb 2015 17:15:22 +0100
+
 libdatetime-timezone-perl (1:1.75-2+2014j) unstable; urgency=high
 
   * Update to Olson database version 2014j.
diff -Nru libdatetime-timezone-perl-1.75/debian/patches/olson-2015a libdatetime-timezone-perl-1.75/debian/patches/olson-2015a
--- libdatetime-timezone-perl-1.75/debian/patches/olson-2015a	1970-01-01 01:00:00.0 +0100
+++ libdatetime-timezone-perl-1.75/debian/patches/olson-2015a	2015-02-01 17:17:15.0 +0100
@@ -0,0 +1,16039 @@
+Description: update to olson db 2015a
+Origin: vendor
+Author: gregor herrmann gre...@debian.org
+Last-Update: 2015-02-01
+
+--- a/lib/DateTime/TimeZone/Africa/Abidjan.pm
 b/lib/DateTime/TimeZone/Africa/Abidjan.pm
+@@ -3,7 +3,7 @@
+ # DateTime::TimeZone module distribution in the tools/ directory
+ 
+ #
+-# Generated from debian/tzdata/africa.  Olson data version 2014j
++# Generated from debian/tzdata/africa.  Olson data version 2015a
+ #
+ # Do not edit this file directly.
+ #
+@@ -39,11 +39,11 @@
+ ],
+ ];
+ 
+-sub olson_version { '2014j' }
++sub olson_version { '2015a' }
+ 
+ sub has_dst_changes { 0 }
+ 
+-sub _max_year { 2024 }
++sub _max_year { 2025 }
+ 
+ sub _new_instance
+ {
+--- a/lib/DateTime/TimeZone/America/Cancun.pm
 b/lib/DateTime/TimeZone/America/Cancun.pm
+@@ -3,7 +3,7 @@
+ # DateTime::TimeZone module distribution in the tools/ directory
+ 
+ #
+-# Generated from debian/tzdata/northamerica.  Olson data version 2014j
++# Generated from debian/tzdata/northamerica.  Olson data version 2015a
+ #
+ # Do not edit this file directly.
+ #
+@@ -390,283 +390,35 @@
+ ],
+ [
+ 6354999, #utc_start 2014-10-26 07:00:00 (Sun)
+-63563904000, #  utc_end 2015-04-05 08:00:00 (Sun)
++63558460800, #  utc_end 2015-02-01 08:00:00 (Sun)
+ 63549968400, #  local_start 2014-10-26 01:00:00 (Sun)
+-63563882400, #local_end 2015-04-05 02:00:00 (Sun)
++63558439200, #local_end 2015-02-01 02:00:00 (Sun)
+ -21600,
+ 0,
+ 'CST',
+ ],
+ [
+-63563904000, #utc_start 2015-04-05 08:00:00 (Sun)
+-63581439600, #  utc_end 2015-10-25 07:00:00 (Sun)
+-63563886000, #  local_start 2015-04-05 03:00:00 (Sun)
+-63581421600, #local_end 2015-10-25 02:00:00 (Sun)
++63558460800, #utc_start 2015-02-01 08:00:00 (Sun)
++DateTime::TimeZone::INFINITY, #  utc_end
++63558442800, #  local_start 2015-02-01 03:00:00 (Sun)
++DateTime::TimeZone::INFINITY, #local_end
+ -18000,
+-1,
+-'CDT',
+-],
+-[
+-63581439600, #utc_start 2015-10-25

Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)

2015-02-01 Thread Adam D. Barratt 
Control: tags -1 + moreinfo

On Sun, 2015-02-01 at 16:24 +0800, Aron Xu wrote:
 Package: release.debian.org
 Severity: normal
 User: release.debian@packages.debian.org
 Usertags: unblock jessie-pu

The -pu tags are for stable updates, rather than tpu.

 libxml2 in Jessie has CVE-2014-3600 pending to be addressed and this
 update includes the related regression fix as well.
 
 Also, I would like to apply some more upstream memory related patches
 from 2.9.2, mostly NULL checks, because there are quite a lot deeper
 issues hiding in libxml2's code base and those fixes shall be deemed
 beneficial to our support cycle.

The changes to patches that haven't materially changed are quite noisy,
given the amount of actual changes.

+libxml2 (2.9.1+dfsg1-5) testing; urgency=medium
+
+  * Add pkg-config to B-D
+  * Use -O3 for normal builds

Could you expand on the rationale for introducing those now?
Particularly as neither appears to be mentioned in the changelogs for
the uploads to unstable.

Regards,

Adam


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1422810803.14650.5.ca...@adam-barratt.org.uk

Bug#776721: unblock: lftp/4.6.0-1+deb8u1

2015-02-01 Thread Adam D. Barratt 
Control: tags -1 + moreinfo

On Sat, 2015-01-31 at 19:36 +0100, Noël Köthe wrote:
 Please unblock package lftp
 
 lftp in jessie/testing accepts adds ssh host keys (fish/sftp) hardcoded.
 This is fixed by the upstream patch.

As far as I can see, that patch is not yet in unstable. In general,
where an issue affects both unstable and testing, it should be fixed in
unstable first and then in testing, either directly or via t-p-u; new
fixes should not be initially added directly via t-p-u.

Please remove the moreinfo tag once the upload to unstable has
occurred.

Regards,

Adam


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1422811935.14650.14.ca...@adam-barratt.org.uk

Processed: tagging 776781

2015-02-01 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

 tags 776781 + confirmed
Bug #776781 [release.debian.org] wheezy-pu: package 
libdatetime-timezone-perl/1:1.58-1+2015a
Added tag(s) confirmed.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
776781: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776781
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/handler.s.c.14228119757527.transcr...@bugs.debian.org

Processed: Re: Bug#776721: unblock: lftp/4.6.0-1+deb8u1

2015-02-01 Thread Debian Bug Tracking System 
Processing control commands:

 tags -1 + moreinfo
Bug #776721 [release.debian.org] unblock: lftp/4.6.0-1+deb8u1
Added tag(s) moreinfo.

-- 
776721: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776721
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/handler.s.b776721.14228119437313.transcr...@bugs.debian.org

Bug#776799: unblock: systemd/215-11

2015-02-01 Thread Martin Pitt 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

systemd 215-11 hit unstable three days ago with some important/safe
fixes. So far there have been no regression reports.

I attach the full debdiff between 215-10 and -11, but as usual I also
link to the individual commits on anonscm.  Note that there are zero
changes for udev and hence the udebs (for d-i).

Annotated changelog:

|   [ Martin Pitt ]
|   * escape-beef-up-new-systemd-escape-tool.patch: Avoid creating a danling
| symlink, to work around regression in recent patch (see #776257).

That's an RC bug in patch, but easily worked around in systemd, so
that we can actually upload new versions until it gets fixed. patch
still needs to be fixed properly to unbreak glibc and a bunch of other
affected packages, of course.

http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=492416

Sorry for the typo in the changelog! (Fixed in git).

|   * Order ifup@.service and networking.service after network-pre.target.
| (Closes: #766938)

network-pre.target in Debian's shipped units only occurs in one
package [1]; so this will make no practical difference on most systems,
but will make ifup@.service actually behave according to documentation
and fix pyroman's startup order to really start the firewall before
bringing up network interfaces.

http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=b29acf

[1] http://codesearch.debian.net/results/network-pre.target

|   * Tone down Network interface NamePolicy= disabled on kernel commandline,
| ignoring info message to debug, as we expect this while we disable
| net.ifnames by default. (Closes: #762101, LP: #1411992)

Confusing, and trivial.

http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=9cc4d0745

|   * logind: handle closing sessions over daemon restarts. (Closes: #759515,
| LP: #1415104)

This is admittedly a bit intrusive, but still relatively
straightforward; I'm happy to answer further questions about it. I've
heard this error (also on Ubuntu) from a lot of users by now, and it
essentially breaks your running desktop sessions on installing package
upgrades so I'd really like to fix this for Jessie. I have tested it
fairly thoroughly.

If you object or have doubts, I'm ok with backing this out again in
-12.

http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=37ce19d

|   * logind: Fix sd_eviocrevoke ioctl call, to make forced input device release
| after log out actually work.

This is quite an obvious fix of the ioctl; calling this security is
a stretch as we don't really use this feature in Debian yet. But it's
an interesting thing if you have a multi-seat system and use Wayland
instead of X.

Again, if you object I'd be okay with backing this out if you object.

http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=2d0f077

|   * debian/patches/series: Move upstreamed patches into the appropriate
| section.

No actual run-time effect, this just clarifies the status of our
patches.

http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=0d5964

|   [ Michael Biebl ]
|   * Make sure we run debian-fixup.service after /var has been mounted if /var
| is on a separate partition. Otherwise we might end up creating the
| /var/lock and /var/run symlink in the underlying root filesystem.
| (Closes: #768644)

http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=a09ebde9

Trivial and obvious fix; that bug can break your system pretty badly
if you hit the race.

Thanks for considering!

Martin

unblock systemd/215-11

-- 
Martin Pitt| http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)


signature.asc
Description: Digital signature

Bug#773796: wheezy-pu: package mercurial/2.2.2-4

2015-02-01 Thread Javi Merino 
On Fri, Jan 02, 2015 at 08:49:31PM +, Adam D. Barratt wrote:
 Control: tags -1 +confirmed -moreinfo
 
 On Tue, 2014-12-23 at 15:24 +, Adam D. Barratt wrote:
  On 2014-12-23 14:55, Javi Merino wrote:
   On Tue, Dec 23, 2014 at 01:20:10PM +, Adam D. Barratt wrote:
   The patches look okay, but it appears that this hasn't been fixed in
   unstable yet. Is that correct? If so then we generally prefer to get
   unstable fixed first, so that the changes can get some testing there.
   
   That's correct, I'm preparing an upload for jessie.  If I upload the
   same fix to unstable, it would be unblocked?
  
  I'd be inclined to do so assuming it was in the near future, yes. Please 
  file a separate unblock bug for that.
 
 That happened now, so please feel free to go ahead with the p-u upload
 (bearing in mind that the window for getting fixes in to the 7.8 point
 release closes during this weekend).

Sorry, it fell through the cracks.  I've uploaded it now, better late
than never.

Cheers,
Javi


signature.asc
Description: Digital signature

Bug#774737: unblock: libjpeg9/1:9a-2

2015-02-01 Thread Bill Allombert 
On Fri, Jan 23, 2015 at 08:02:38AM +0100, Niels Thykier wrote:
 I am afraid I do not see how removing libjpeg9 from testing is
 inconsistent with the tech-ctte decision. 

You need to reread the full decision in context.

 The very first item of their
 resolution text states that:
 
  1. [...] The release team does not want to have more than one libjpeg
 implementation.

This is in the Whereas part, not in the Therefore. Thus this is what the
release team want, but not necessarily what the TC has decided.

 Then further down, they follow up with:
 
 10. The Technical Committee resolves that libjpeg-turbo should
 become the libjpeg implementation in Debian, [...]

And this is the case now. However the TC did not say all other libjpeg
implementations need to be removed from testing.
Indeed wheezy includes both libjpeg6b and libjpeg8 so there is a 
precedent for that. At the very least it is customary to provide old
libraries in the next release as part of the oldlibs section.

Then the TC gives a detailed view fo what should happens:

12. Implementing the decision in 10 above will require removing
Provides: libjpeg-dev from libjpeg8, since such a virtual
package must be provided by only one real package at a time.
Therefore the Provides should be removed from the libjpeg8
package - in accordance with the transition plan -
notwithstanding the libjpeg8 maintainer's preference that
libjpeg8 should remain as the default libjpeg.  This change
should be made by the libjpeg8 maintainer; if the change is not
made within a reasonable time it should be done in an NMU by the
libjpeg-turbo maintainer.

This is an unambiguous statement that they only intent the Provides:
libjpeg-dev of libjpeg8 to be removed and not the whole package, otherwise
they would have stated it directly (in particular since removing libjpeg8
automatically remove the Provides making it a non-issue).
The text shows they anticipate the existence of multiple 'real libjpeg*-dev
packages' but only one providing libjpeg-dev.

And in any case, the release team never communicated to me their intent to
remove libjpeg6b, libjpeg8 and libjpeg9 from jessie. I only learned about
it in January from the archive notification. And so far no rationale has been
given.

Cheers,
-- 
Bill. ballo...@debian.org

Imagine a large red swirl here. 


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150201230435.GA4545@yellowpig

Bug#776803: unblock: nova/2014.1.3-10

2015-02-01 Thread Thomas Goirand 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi,

This is a one liner fix so that the administrative credential of Neutron inside
nova.conf are really applied correctly. The issue was that the function taking
care of it was never called. Debdiff attached.

Please unblock nova/2014.1.3-10.

Cheers,

Thomas Goirand (zigo)
diff -Nru nova-2014.1.3/debian/changelog nova-2014.1.3/debian/changelog
--- nova-2014.1.3/debian/changelog	2015-01-08 16:07:07.0 +
+++ nova-2014.1.3/debian/changelog	2015-02-01 16:04:06.0 +
@@ -1,3 +1,10 @@
+nova (2014.1.3-10) unstable; urgency=medium
+
+  * Now calling read_neutron_config() in the postinst, for some reason, it was
+never called.
+
+ -- Thomas Goirand z...@debian.org  Sun, 01 Feb 2015 17:03:39 +0100
+
 nova (2014.1.3-9) unstable; urgency=medium
 
   * Rebuilt with openstack-pkg-tools (= 22~): starts daemons on first install.
diff -Nru nova-2014.1.3/debian/nova-common.postinst.in nova-2014.1.3/debian/nova-common.postinst.in
--- nova-2014.1.3/debian/nova-common.postinst.in	2015-01-08 16:07:07.0 +
+++ nova-2014.1.3/debian/nova-common.postinst.in	2015-02-01 16:04:06.0 +
@@ -81,6 +81,8 @@
 	manage_nova_my_ip_field
 	manage_keystone_auth_fields
 
+	read_neutron_config
+
 	# Needed, because in some cases, it's owned by root:root,
 	# which makes the nova-manage db sync fail.
 	touch /var/log/nova/nova-manage.log

Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)

2015-02-01 Thread Aron Xu 
On Mon, Feb 2, 2015 at 1:13 AM, Adam D. Barratt
a...@adam-barratt.org.uk wrote:
 Control: tags -1 + moreinfo

 On Sun, 2015-02-01 at 16:24 +0800, Aron Xu wrote:
 Package: release.debian.org
 Severity: normal
 User: release.debian@packages.debian.org
 Usertags: unblock jessie-pu

 The -pu tags are for stable updates, rather than tpu.


I see, thanks.

 libxml2 in Jessie has CVE-2014-3600 pending to be addressed and this
 update includes the related regression fix as well.

 Also, I would like to apply some more upstream memory related patches
 from 2.9.2, mostly NULL checks, because there are quite a lot deeper
 issues hiding in libxml2's code base and those fixes shall be deemed
 beneficial to our support cycle.

 The changes to patches that haven't materially changed are quite noisy,
 given the amount of actual changes.

 +libxml2 (2.9.1+dfsg1-5) testing; urgency=medium
 +
 +  * Add pkg-config to B-D
 +  * Use -O3 for normal builds

 Could you expand on the rationale for introducing those now?
 Particularly as neither appears to be mentioned in the changelogs for
 the uploads to unstable.

These are directly picked from the 2.9.2 upload, which stuck for RC
bug. At that time the change was quite big (major release) so those
aren't documented in very detail but are in the git for quite some
time.

Regards,
Aron


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CAMr=8w5JspY+O=+ov3lo18aqe759zkjmk0mcgumoh0pdc-2...@mail.gmail.com