NEW changes in stable-new
Processing changes file: cinnamon-settings-daemon_2.2.4.repack-7+deb8u1_arm64.changes ACCEPT Processing changes file: cinnamon-settings-daemon_2.2.4.repack-7+deb8u1_mips.changes ACCEPT
NEW changes in stable-new
Processing changes file: cinnamon-settings-daemon_2.2.4.repack-7+deb8u1_armel.changes ACCEPT Processing changes file: cinnamon-settings-daemon_2.2.4.repack-7+deb8u1_armhf.changes ACCEPT Processing changes file: cinnamon-settings-daemon_2.2.4.repack-7+deb8u1_mipsel.changes ACCEPT Processing changes file: cinnamon-settings-daemon_2.2.4.repack-7+deb8u1_s390x.changes ACCEPT
NEW changes in stable-new
Processing changes file: cinnamon-settings-daemon_2.2.4.repack-7+deb8u1_i386.changes ACCEPT Processing changes file: cinnamon-settings-daemon_2.2.4.repack-7+deb8u1_powerpc.changes ACCEPT
Bug#818104: Possible MBF: Packages depending on iceweasel but not firefox/firefox-esr
Le 18/03/2016 18:06, Josh Triplett a écrit : > I would suggest that Firefox addon packages should depend on "firefox | > firefox-esr" Most of those packages are mozilla-devscripts for the build and just need to be rebuilt to get fixed. Even if our infrastructure has all the needed tools to binNMU all of them as a proper transition, some limitations on the way arch:all binNMU are handled currently prevents us from having most of them already fixed, see #818104. What is currently needed if the arch:all binNMU doesn’t get fixed, is “just” to upload all of them. I’m currently dragged into doing that for hundred of PHP classes packages because of this no arch:all binNMU limitation, so I hope someone else from the Debian Mozilla Extension Maintainers could take the lead on it (new members are welcome ;). Regards David signature.asc Description: OpenPGP digital signature
Bug#818615: jessie-pu: package gtk+2.0
Control: tags -1 + moreinfo On Fri, 2016-03-18 at 19:33 +0100, Moritz Muehlenhoff wrote: > I'd like to fix a security issue in GTK, which doesn't really warrant > a DSA. Debdiff below, I've been running this on my jessie > workstation for a day now. > > Cheers, > Moritz > > diff -Nru gtk+2.0-2.24.25/debian/changelog gtk+2.0-2.24.25/debian/changelog > --- gtk+2.0-2.24.25/debian/changelog 2015-03-03 19:39:59.0 +0100 > +++ gtk+2.0-2.24.25/debian/changelog 2016-03-17 23:20:16.0 +0100 > @@ -1,3 +1,9 @@ > +gtk+2.0 (2.24.25-3+deb8u1) jessie; urgency=medium > + > + * CVE-2013-7447 (Closes: #799275) The Security Tracker suggests that this isn't fixed in the version of gtk+2.0 in unstable; is that correct? Regards, Adam
Re: Qt and OpenSSL transition metadata in relation to Mumble package
Emilio Pozuelo Monfort: > On 19/03/16 19:23, Chris Knadle wrote: >> Greetings. >> >> Executive summary: >> I'd like to know if there is metadata that can be added to the Qt4 and Qt5 >> packages (qt4-x11 and qtbase-opensource-src) which will indicate that they >> need to be binNMUed for OpenSSL transitions at nearly the same time that >> Mumble gets binNMUed. [...] >> Is this possible? > > There's no way to express that kind of relationship. Not unless you get into > complex territory which isn't really worth it in this case. Normally binNMUs > are scheduled at the same time, so in theory this shouldn't be such a big > issue. And it would only affect unstable users, only for a short amount of > time. Ehhh... okay. The last OpenSSL binNMU had an 11-day difference between Mumble getting rebuilt and qt4-x11 being rebuilt in Sid. That's a short time in release terms, but a long time in terms of users finding Mumble broken and waiting for it to be fixed. Either way I have my answer. Thank you very much. -- Chris -- Chris Knadle chris.kna...@coredump.us
Bug#784679: jessie-pu: package rdesktop/1.8.2-3+deb8u1
Control: tags -1 + pending On Mon, 2016-03-14 at 21:16 +0100, László Böszörményi wrote: > On Mon, Mar 14, 2016 at 7:29 PM, Julien Cristauwrote: > > On Mon, Mar 14, 2016 at 14:30:43 +0100, László Böszörményi wrote: > >> It's fallen through the cracks. :-( If it's still allowed, I'd like > >> to upload it. > >> > > Sure. > Thanks, uploaded. Flagged for acceptance. Regards, Adam
Bug#818615: jessie-pu: package gtk+2.0
Package: release.debian.org Severity: normal Hi, I'd like to fix a security issue in GTK, which doesn't really warrant a DSA. Debdiff below, I've been running this on my jessie workstation for a day now. Cheers, Moritz diff -Nru gtk+2.0-2.24.25/debian/changelog gtk+2.0-2.24.25/debian/changelog --- gtk+2.0-2.24.25/debian/changelog2015-03-03 19:39:59.0 +0100 +++ gtk+2.0-2.24.25/debian/changelog2016-03-17 23:20:16.0 +0100 @@ -1,3 +1,9 @@ +gtk+2.0 (2.24.25-3+deb8u1) jessie; urgency=medium + + * CVE-2013-7447 (Closes: #799275) + + -- Moritz M�hlenhoffThu, 17 Mar 2016 00:17:18 +0100 + gtk+2.0 (2.24.25-3) unstable; urgency=medium * 0002-gdk-Fix-GdkWindowFilter-internal-refcounting.patch diff -Nru gtk+2.0-2.24.25/debian/patches/099_CVE-2013-7447.patch gtk+2.0-2.24.25/debian/patches/099_CVE-2013-7447.patch --- gtk+2.0-2.24.25/debian/patches/099_CVE-2013-7447.patch 1970-01-01 01:00:00.0 +0100 +++ gtk+2.0-2.24.25/debian/patches/099_CVE-2013-7447.patch 2016-03-17 23:15:42.0 +0100 @@ -0,0 +1,30 @@ +From 894b1ae76a32720f4bb3d39cf460402e3ce331d6 Mon Sep 17 00:00:00 2001 +From: Matthias Clasen +Date: Sat, 29 Jun 2013 22:06:54 -0400 +Subject: Avoid integer overflow + +Use g_malloc_n in gdk_cairo_set_source_pixbuf when allocating +a large block of memory, to avoid integer overflow. + +Pointed out by Bert Massop in +https://bugzilla.gnome.org/show_bug.cgi?id=703220 +--- + gdk/gdkcairo.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gdk/gdkcairo.c b/gdk/gdkcairo.c +index 19bed04..2e1d8dc 100644 +--- a/gdk/gdkcairo.c b/gdk/gdkcairo.c +@@ -213,7 +213,7 @@ gdk_cairo_set_source_pixbuf (cairo_t *cr, + format = CAIRO_FORMAT_ARGB32; + + cairo_stride = cairo_format_stride_for_width (format, width); +- cairo_pixels = g_malloc (height * cairo_stride); ++ cairo_pixels = g_malloc_n (height, cairo_stride); + surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels, + format, + width, height, cairo_stride); +-- +cgit v0.12 + diff -Nru gtk+2.0-2.24.25/debian/patches/series gtk+2.0-2.24.25/debian/patches/series --- gtk+2.0-2.24.25/debian/patches/series 2015-03-03 19:36:04.0 +0100 +++ gtk+2.0-2.24.25/debian/patches/series 2016-03-17 23:17:03.0 +0100 @@ -14,3 +14,4 @@ 061_use_pdf_as_default_printing_standard.patch 065_gir_set_packages.patch 098_multiarch_module_path.patch +099_CVE-2013-7447.patch
Bug#818532: jessie-pu: package libdatetime-timezone-perl/1.75-2+2016b
Control: tags -1 + confirmed On Thu, 2016-03-17 at 20:47 +0100, gregor herrmann wrote: > I've prepared an update for libdatetime-timezone-perl in jessie with > the data from the Olson db 2016b. As usual, the only change is a > quilt patch which adjusts the pm files containing the timezone data. > (Plus a typo fix in the changelog this time.) Please go ahead. Regards, Adam
Bug#818483: marked as done (nmu: haskell-network-protocol-xmpp_0.4.8-2)
Your message dated Fri, 18 Mar 2016 11:12:04 +0100 with message-id <56ebd474.4090...@debian.org> and subject line Re: Bug#818483: nmu: haskell-network-protocol-xmpp_0.4.8-2 has caused the Debian Bug report #818483, regarding nmu: haskell-network-protocol-xmpp_0.4.8-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 818483: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818483 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, in order to fix #814055 and #813078, and prevent auto-removal of git-annex in testing, without waiting for the current Haskell transition, I believe it should help to binNMU haskell-network-protocol-xmpp in testing: nmu haskell-network-protocol-xmpp_0.4.8-2 . ANY . stretch . -m "rebuild against libgnutls30" Thanks, Joachim - -- System Information: Debian Release: stretch/sid APT prefers buildd-unstable APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEARECAAYFAlbqwl0ACgkQ9ijrk0dDIGxXaQCgjolWPuNlRYGBsUCD3+8xG572 YlYAoKWu6krw/4yAwr6id0Q9AMkFsb6N =jRoK -END PGP SIGNATURE- --- End Message --- --- Begin Message --- On 17/03/16 19:29, Emilio Pozuelo Monfort wrote: > On 17/03/16 15:42, Joachim Breitner wrote: >> in order to fix #814055 and #813078, and prevent auto-removal of >> git-annex in testing, without waiting for the current Haskell >> transition, I believe it should help to binNMU >> haskell-network-protocol-xmpp in testing: >> >> nmu haskell-network-protocol-xmpp_0.4.8-2 . ANY . stretch . -m "rebuild >> against libgnutls30" > > The only architecture still at 0.4.8-2 in unstable is mips64el which is not > in > testing, so that's not a problem. > > Scheduled: > > https://buildd.debian.org/status/package.php?p=haskell-network-protocol-xmpp=stretch > And accepted: libghc-network-protocol-xmpp-dev | 0.4.8-2+b1 | testing | amd64, arm64, armhf, i386, mips, mipsel, powerpc, ppc64el, s390x Cheers, Emilio--- End Message ---
Bug#818532: jessie-pu: package libdatetime-timezone-perl/1.75-2+2016b
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I've prepared an update for libdatetime-timezone-perl in jessie with the data from the Olson db 2016b. As usual, the only change is a quilt patch which adjusts the pm files containing the timezone data. (Plus a typo fix in the changelog this time.) Manually stripped down debdiff attached. Cheers, gregor -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQJ8BAEBCgBmBQJW6wntXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREMUUxMzE2RTkzQTc2MEE4MTA0RDg1RkFC QjNBNjgwMTg2NDlBQTA2AAoJELs6aAGGSaoGRHgP/jnZNENC7B4FdmlhzVlSn+AS ONitgz+BOf0VgvYVlK9YSCIinyeed4cjuT5QTKoDShKtbesiNnRawkMl8wJ90dmT ISceY4XCJyhtPJWWb7xq9Im6cHypFzX/D1NVPHlgt/nzhIgAa7ilf8jnhqDnt4uG DI+Cspy8vLySpiXsdnSnN30rQJOL/GPeGkOpP9XW67vaMzATsf7wgxreAPeZoxiT WWrSdjVzxNlezzDkzSAT6PS5F9c33SECEBhJQSg4viX9ezU3w4BxHJ1hCFrbS7Af rTizspiOWkswl4Cb1JCWJ9TsWdO6RbdGcb/OcPoueT0IvxF1x3aHLaIkHu/lNKyV NzJ17yyR35LqeEZFZgA+FVPJ1kiajQ+64dtKBg9gpR7x6PcTAaZ2lj0e4aqtCT7l pnO2RH+QNH6T/ndwl88h4OqKGXnTL4GPqw4VmmNoqIXdo2frxO3O8381WvTAb3PQ zBdtwt/Fmo3OFAD6Me7RXB9Bswhy/5PPYGbunRtgpme2hIWgnWOKtLc2ACI3tkd+ E0czGo9xtlwgZfKd+JymOaLja/6LaRsHl2E8bJr8uCIdXbqSSMASwfPnIBFh0jnh SEE+6k6Fs2LuAUdB6CGrkVNWWoXOZXtZ7uf96I7QfgEUUkDcenFPhnAJLcvmyFUI dEzPt2J2srCcdMfp7L/L =sTXA -END PGP SIGNATURE- diff -Nru libdatetime-timezone-perl-1.75/debian/changelog libdatetime-timezone-perl-1.75/debian/changelog --- libdatetime-timezone-perl-1.75/debian/changelog 2016-02-03 20:43:20.0 +0100 +++ libdatetime-timezone-perl-1.75/debian/changelog 2016-03-17 20:23:04.0 +0100 @@ -1,10 +1,22 @@ +libdatetime-timezone-perl (1:1.75-2+2016b) UNRELEASED; urgency=medium + + * Update to Olson database version 2016b. +Add patch debian/patches/olson-2016b, which updates the timezone *.pm +files, using upstream's tools/parse_olson script. +This update contains contemporary changes for Russia, Haiti, and +Palestine. + * Fix spelling of Chita in the previous changelog entry. +Thanks to Stepan Golosunov for the bug report. (Closes: #813631) + + -- gregor herrmannThu, 17 Mar 2016 20:22:46 +0100 + libdatetime-timezone-perl (1:1.75-2+2016a) jessie; urgency=medium * Update to Olson database version 2016a. Add patch debian/patches/olson-2016a, which updates the timezone *.pm files, using upstream's tools/parse_olson script. This update contains contemporary changes for the Cayman Islands, Iran, -and Chrita, Russia. +and Chita, Russia. -- gregor herrmann Wed, 03 Feb 2016 20:40:57 +0100 diff -Nru libdatetime-timezone-perl-1.75/debian/patches/olson-2016b libdatetime-timezone-perl-1.75/debian/patches/olson-2016b --- libdatetime-timezone-perl-1.75/debian/patches/olson-2016b 1970-01-01 01:00:00.0 +0100 +++ libdatetime-timezone-perl-1.75/debian/patches/olson-2016b 2016-03-17 20:23:04.0 +0100 @@ -0,0 +1,13321 @@ +Description: update to olson db 2016b +Origin: vendor +Author: gregor herrmann +Last-Update: 2016-03-17 + +--- a/lib/DateTime/TimeZone/Africa/Abidjan.pm b/lib/DateTime/TimeZone/Africa/Abidjan.pm +@@ -3,7 +3,7 @@ + # DateTime::TimeZone module distribution in the tools/ directory + + # +-# Generated from debian/tzdata/africa. Olson data version 2016a ++# Generated from debian/tzdata/africa. Olson data version 2016b + # + # Do not edit this file directly. + # +@@ -39,7 +39,7 @@ + ], + ]; + +-sub olson_version { '2016a' } ++sub olson_version { '2016b' } + + sub has_dst_changes { 0 } + +--- a/lib/DateTime/TimeZone/Catalog.pm b/lib/DateTime/TimeZone/Catalog.pm +@@ -179,6 +179,7 @@ + Asia/Baghdad + Asia/Baku + Asia/Bangkok ++ Asia/Barnaul + Asia/Beirut + Asia/Bishkek + Asia/Brunei +@@ -270,6 +271,7 @@ + EST5EDT + Europe/Amsterdam + Europe/Andorra ++ Europe/Astrakhan + Europe/Athens + Europe/Belgrade + Europe/Berlin +@@ -303,6 +305,7 @@ + Europe/Stockholm + Europe/Tallinn + Europe/Tirane ++ Europe/Ulyanovsk + Europe/Uzhgorod + Europe/Vienna + Europe/Vilnius +@@ -551,6 +554,7 @@ + Baghdad + Baku + Bangkok ++Barnaul + Beirut + Bishkek + Brunei +@@ -643,6 +647,7 @@ + 'Europe' => [ qw( + Amsterdam + Andorra ++Astrakhan + Athens + Belgrade + Berlin +@@ -676,6 +681,7 @@ + Stockholm + Tallinn + Tirane ++Ulyanovsk + Uzhgorod + Vienna + Vilnius +@@ -763,15 +769,15 @@ + ) ], + 'aq' => [ qw( + Antarctica/McMurdo +-Antarctica/Rothera +-Antarctica/Palmer +-Antarctica/Mawson +-Antarctica/Davis + Antarctica/Casey +-Antarctica/Vostok ++Antarctica/Davis + Antarctica/DumontDUrville ++Antarctica/Mawson ++Antarctica/Palmer ++Antarctica/Rothera + Antarctica/Syowa + Antarctica/Troll ++Antarctica/Vostok + ) ], + 'ar'
Re: Qt and OpenSSL transition metadata in relation to Mumble package
On 19/03/16 19:23, Chris Knadle wrote: Greetings. Executive summary: I'd like to know if there is metadata that can be added to the Qt4 and Qt5 packages (qt4-x11 and qtbase-opensource-src) which will indicate that they need to be binNMUed for OpenSSL transitions at nearly the same time that Mumble gets binNMUed. More detail: Qt (both 4 and 5) use dlopen() to load libssl/libcrypto libraries [see lines 634-654]: https://github.com/qtproject/qtbase/blob/dev/src/network/ssl/qsslsocket_openssl_symbols.cpp#L624-L727 and as a result during OpenSSL transitions where there's a library rename, two different copies of libssl/libcrypto can get loaded when running Mumble... one version Qt is compiled with, and one version Mumble is compiled with, and they may have ABI differences. This situation is non-trivial and caused Mumble to break (#804363) because the SSL library wasn't getting initialized, and we believe the patch that was used to fix this bug may be initializing both copies of SSL during the transition period, and because of the unknown of what this might cause, Mumble upstream is likely to implement code to disallow Mumble to continue running when two different copies of libssl/libcrypto are loaded: https://github.com/mumble-voip/mumble/pull/2124 We're hoping that there's some way that metadata could be added (somewhere) such that the Qt source packages and Mumble can be binNMUed/rebuilt around the same time for OpenSSL transitions. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804487#97 Is this possible? There's no way to express that kind of relationship. Not unless you get into complex territory which isn't really worth it in this case. Normally binNMUs are scheduled at the same time, so in theory this shouldn't be such a big issue. And it would only affect unstable users, only for a short amount of time. Cheers, Emilio
Bug#818666: transition: pypy
On 19/03/16 15:06, Andreas Beckmann wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi, looks like pypy 5.0 started a transition, the virtual package pypy-abi-26 changed to pypy-abi-41. There are some uninstallable rdepends now: pypy-dulwich, pypy-zmq. Maybe it's sufficient to just binNMU them (but I didn't test this): nmu dulwich_0.12.0-1 . ANY . -m "Rebuild against pypy 5.0" nmu pyzmq_15.1.0-1 . ANY . -m "Rebuild against pypy 5.0" pypy needs to build on every release architecture first... Emilio
Bug#813916: marked as done (transition: gdal)
Your message dated Sun, 20 Mar 2016 00:09:27 +0100 with message-id <56eddc27.1050...@debian.org> and subject line Re: Bug#813916: transition: gdal has caused the Debian Bug report #813916, regarding transition: gdal to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 813916: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813916 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition For the Debian GIS team I'd like to transition to the recently released GDAL 1.11.4. Only the packages using C++ symbols need to be rebuilt. GDAL 2.0.2 was released along with 1.11.4, but we still don't have support for GDAL 2.0 in all reverse dependencies. Since the transition to GDAL 1.11.3, support for GDAL 2.0 was added to all reverse depedencies except Fiona [0]. Upstream has recently included changes for GDAL 2.0, but these differ from the initial GDAL 2.0 changes available as a patch in #802808. The improved GDAL 2.0 changes are entangled with other changes for the upcoming Fiona 1.7 release, which I've not been able to successfully backport. This will not be a blocker for the GDAL 2.0 transition, as discussed with the maintainer on the debian-gis list [1]. Because the transition for GDAL 1.11.4 is ready now, I'd like to do that first before preparing the transition to GDAL 2.0. All reverse dependencies rebuilt successfully with GDAL 1.11.4, the summary of rebuilds is included below. The spatialite->postgis->gdal->spatialite circular dependency was initially preventing the rebuild of the reverse dependencies with the new GDAL. Because this was causing more issues [3][4], I've dropped the liblwgeom dependency from spatialite in 4.3.0a-5. Because of the postgis->sfcgal->openscenegraph dependency chain, it's important to rebuild openscenegraph with the new gdal before rebuilding postgis, otherwise the old gdal will be pulled in via openscenegraph. osrm (4.9.1+ds-1~exp1) only needs to be rebuilt in experimental. libgdal-grass (1.11.3-3) doesn't need to be rebuilt, 1.11.4-1 will be uploaded instead. It requires liblas & grass to be rebuilt first. [0] https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=gdal-2.0;users=debian-...@lists.debian.org [1] https://lists.debian.org/debian-gis/2016/02/msg00018.html [2] https://lists.debian.org/debian-gis/2016/02/msg00023.html [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808606 [4] https://lists.alioth.debian.org/pipermail/pkg-grass-devel/2016-January/thread.html Only the virtual ABI package changed, so there is no automatically created transition tracker. Ben file: title = "gdal"; is_affected = .depends ~ /libgdal\.so\.1-1\.11\.[34]/; is_good = .depends ~ /libgdal\.so\.1-1\.11\.4/; is_bad = .depends ~ /libgdal\.so\.1-1\.11\.3/; Transition: gdal libgdal1i (1.11.3+dfsg-2) -> libgdal1i (1.11.4+dfsg-1~exp1) libgdal.so.1-1.11.3 -> libgdal.so.1-1.11.4 The status of the most recent rebuilds is as follows. dans-gdal-scripts (0.23-4) OK fiona (1.6.3-1) OK gazebo(6.5.0+dfsg-2) OK gmt (5.2.1+dfsg-3) OK imposm(2.6.0+ds-2) OK libcitygml(2.0-1)OK liblas(1.8.0-7) OK libosmium (2.5.4-1) OK mapcache (1.4.0-4) OK mapnik(3.0.9+ds-1) OK mapserver (7.0.0-9) OK merkaartor(0.18.2-5) OK mysql-workbench (6.3.4+dfsg-3) OK ncl (6.3.0-6) OK node-srs (0.4.8+dfsg-2) OK openscenegraph(3.2.1-9) OK osmium(0.0~20160124-b30afd3-1) OK osrm (4.9.1+ds-1~exp1) OK postgis (2.2.1+dfsg-2) OK pprepair (0.0~20150624-82a2019-1) OK prepair (0.7-4)OK qlandkartegt (1.8.1+ds-4) OK qmapshack (1.5.1-1) OK rasterio (0.31.0-2) OK saga (2.2.3+dfsg-1) OK sumo (0.25.0+dfsg1-2) OK thuban(1.2.2-9) OK vtk6
Bug#818615: jessie-pu: package gtk+2.0
HI Adam, Not Moritz here but can answer the question as well: On Fri, Mar 18, 2016 at 07:22:34PM +, Adam D. Barratt wrote: > Control: tags -1 + moreinfo > > On Fri, 2016-03-18 at 19:33 +0100, Moritz Muehlenhoff wrote: > > I'd like to fix a security issue in GTK, which doesn't really warrant > > a DSA. Debdiff below, I've been running this on my jessie > > workstation for a day now. > > > > Cheers, > > Moritz > > > > diff -Nru gtk+2.0-2.24.25/debian/changelog gtk+2.0-2.24.25/debian/changelog > > --- gtk+2.0-2.24.25/debian/changelog2015-03-03 19:39:59.0 > > +0100 > > +++ gtk+2.0-2.24.25/debian/changelog2016-03-17 23:20:16.0 > > +0100 > > @@ -1,3 +1,9 @@ > > +gtk+2.0 (2.24.25-3+deb8u1) jessie; urgency=medium > > + > > + * CVE-2013-7447 (Closes: #799275) > > The Security Tracker suggests that this isn't fixed in the version of > gtk+2.0 in unstable; is that correct? Yes it is as well unfixed there. I just have proposed a NMU in https://bugs.debian.org/799275#39 Hope this helps, Regards, Salvatore
NEW changes in stable-new
Processing changes file: amd64-microcode_2.20160316.1~deb8u1_multi.changes ACCEPT Processing changes file: cinnamon-settings-daemon_2.2.4.repack-7+deb8u1_amd64.changes ACCEPT Processing changes file: libdatetime-timezone-perl_1.75-2+2016b_amd64.changes ACCEPT Processing changes file: xvba-video_0.8.0-9+deb8u1_source.changes ACCEPT
Bug#818710: wheezy-pu: package amd64-microcode/1.20160316.1
Package: release.debian.org Severity: normal Tags: wheezy security User: release.debian@packages.debian.org Usertags: pu This is the non-free oldstable companion update for the same issue reported in #818689: Unfortunately, the microcode for the earlier AMD Piledriver processors being distributed in the amd64-microcode packages currently in non-free oldstable, stable, testing and unstable has been found to be extremely dangerous. More details: http://seclists.org/oss-sec/2016/q1/450 http://www.theregister.co.uk/2016/03/06/amd_microcode_6000836_fix/ https://www.reddit.com/r/linux/comments/47s8a8/new_amd_microcode_vulnerability_from_unprivileged/ I would like to update the packages in oldstable with the new microcode. Thank you! debdiff output: diffstat for amd64-microcode-1.20141028.1 amd64-microcode-1.20160316.1 README | 14 ++ debian/changelog | 27 +++ microcode_amd_fam15h.bin |binary microcode_amd_fam15h.bin.asc | 14 +++--- 4 files changed, 48 insertions(+), 7 deletions(-) diff -Nru amd64-microcode-1.20141028.1/debian/changelog amd64-microcode-1.20160316.1/debian/changelog --- amd64-microcode-1.20141028.1/debian/changelog 2015-01-20 11:05:42.0 -0200 +++ amd64-microcode-1.20160316.1/debian/changelog 2016-03-19 19:10:26.0 -0300 @@ -1,3 +1,30 @@ +amd64-microcode (1.20160316.1) oldstable; urgency=critical + + * Upstream release 20160316 built from linux-firmware: ++ Updated Microcodes: + sig 0x00600f20, patch id 0x0600084f, 2016-01-25 ++ This microcode updates fixes a critical erratum on NMI handling + introduced by microcode patch id 0x6000832 from the 20141028 update. + The erratum is also present on microcode patch id 0x6000836. ++ THIS IS A CRITICAL STABILITY AND SECURITY UPDATE FOR THE EARLIER + AMD PILEDRIVER PROCESSORS, including: + + AMD Opteron 3300, 4300, 6300 + + AMD FX "Vishera" (43xx, 63xx, 83xx, 93xx, 95xx) + + AMD processors with family 21, model 2, stepping 0 + * Robert Święcki, while fuzzing the kernel using the syzkaller tool, +uncovered very strange behavior on an AMD FX-8320, later reproduced on +other AMD Piledriver model 2, stepping 0 processors including the Opteron +6300. Robert discovered, using his proof-of-concept exploit code, that +the incorrect behavior allows an unpriviledged attacker on an unpriviledged +VM to corrupt the return stack of the host kernel's NMI handler. At best, +this results in unpredictable host behavior. At worst, it allows for an +unpriviledged user on unpriviledged VM to carry a sucessful host-kernel +ring 0 code injection attack. + * The erratum is timing-dependant, easily triggered by workloads that +cause a high number of NMIs, such as running the "perf" tool. + + -- Henrique de Moraes HolschuhSat, 19 Mar 2016 19:10:20 -0300 + amd64-microcode (1.20141028.1) stable; urgency=medium * Upstream release 20141028 built from linux-firmware Binary files /tmp/LkCOI20qcl/amd64-microcode-1.20141028.1/microcode_amd_fam15h.bin and /tmp/SRBRsoU9Tp/amd64-microcode-1.20160316.1/microcode_amd_fam15h.bin differ diff -Nru amd64-microcode-1.20141028.1/microcode_amd_fam15h.bin.asc amd64-microcode-1.20160316.1/microcode_amd_fam15h.bin.asc --- amd64-microcode-1.20141028.1/microcode_amd_fam15h.bin.asc 2015-01-14 11:56:07.0 -0200 +++ amd64-microcode-1.20160316.1/microcode_amd_fam15h.bin.asc 2016-03-19 19:06:27.0 -0300 @@ -1,11 +1,11 @@ -BEGIN PGP SIGNATURE- Version: GnuPG v1 -iQEcBAABAgAGBQJUTqLvAAoJEOS+UznzKK5zyaIIAKZcXmU+sBO4YGH5Aq2SdRYe -rlwE5oeYNh+AdzzLm9EqHwSC+MciFI7HqQz8PvKAsfaoD17mQjonIXga8l2/w3OW -/vIJjJnu9QB2C9XpjAiQCxS5QaMtIfEEjVld+MeHs6Ld3PwGuAXCkxKcJ2sHLZd3 -UcwwHxcm98KYouogjVZoJeb226cjz6fzUVJK9t9yi2S+SWmIvkjSZEI6W0WFoFCL -x0jM7lFNcusGtg5K6UsyAdwPwvfbBN5FoV29/DaP+/HA4GP/W/cgbQxS72skDJg5 -c/icP0ntAND2iprtTQXF9//mWdX2FLYD55eu+pShZmO8t4Qvq4tJgiVz3hJiK+U= -=KBP3 +iQEcBAABAgAGBQJW6d1MAAoJEOS+UznzKK5zSxkH+gJLffKGRM9BHe0D0/fkb0Gs +FZVp0eUNREOQoYwHJq9Ms1RebaZJkaUnd8SXCODJrqxDsxqUgunUtP6Qfh3Ru6fV +n0wgFVISKSQVLDP+I/ANFbWA2KhV5e4LuLQp5cDSItv6916kmNlM5kxtJ5QBrNXu +kr5bNReYgYTl7PSoCPuPfVILToG0ltZQMdKI1GImRCMVrYjGMbv8EyUC3r8ZbChG +Lv6K0AsULA81lXBAW0JYlxu6cNv1MJ3mxttwCswaJNcd+Y11ZQA8r2sjJoWbNSlS +nsDPLsUKE/RsW9MlMxiI2Jqo9PrZz923bu/cWMU1FPp+cJII0T7idWGUTVhQjc8= +=MTxP -END PGP SIGNATURE- diff -Nru amd64-microcode-1.20141028.1/README amd64-microcode-1.20160316.1/README --- amd64-microcode-1.20141028.1/README 2015-01-14 11:56:07.0 -0200 +++ amd64-microcode-1.20160316.1/README 2016-03-19 19:06:27.0 -0300 @@ -1,5 +1,19 @@ This amd64-microcode release was based on the linux-firmware tree. +From: Sherry Hurwitz +Subject: [PATCH 1/1] linux-firmware: Update AMD microcode patch firmware +Date: 2016-03-17 06:56:11 GMT + +linux-firmware: Update AMD
NEW changes in oldstable-new
Processing changes file: git_1.7.10.4-1+wheezy3_amd64.changes ACCEPT Processing changes file: git_1.7.10.4-1+wheezy3_armel.changes ACCEPT Processing changes file: git_1.7.10.4-1+wheezy3_armhf.changes ACCEPT Processing changes file: git_1.7.10.4-1+wheezy3_i386.changes ACCEPT Processing changes file: git_1.7.10.4-1+wheezy3_ia64.changes ACCEPT Processing changes file: git_1.7.10.4-1+wheezy3_kfreebsd-amd64.changes ACCEPT Processing changes file: git_1.7.10.4-1+wheezy3_kfreebsd-i386.changes ACCEPT Processing changes file: git_1.7.10.4-1+wheezy3_mips.changes ACCEPT Processing changes file: git_1.7.10.4-1+wheezy3_mipsel.changes ACCEPT Processing changes file: git_1.7.10.4-1+wheezy3_powerpc.changes ACCEPT Processing changes file: git_1.7.10.4-1+wheezy3_s390.changes ACCEPT Processing changes file: git_1.7.10.4-1+wheezy3_s390x.changes ACCEPT Processing changes file: git_1.7.10.4-1+wheezy3_sparc.changes ACCEPT
Bug#818620: jessie-pu: package cinnamon-settings-daemon/2.2.4.repack-7+deb8u1
Control: tags -1 + pending On Fri, 2016-03-18 at 19:50 +, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Fri, 2016-03-18 at 20:40 +0100, Margarita Manterola wrote: > > Moritz from the security team brought to the attention of the cinnamon team > > that cinnamon-settings-daemon in stable contains a minor security issue > > that has > > already been fixed in upstream. > > > > This issue doesn't warrant a DSA, as it's only a circumvention of policykit > > restrictions, but it would be good to fix it in a future point release. > > Please go ahead. Uploaded and flagged for acceptance. Regards, Adam
Processed: Re: Bug#818531: wheezy-pu: package libdatetime-timezone-perl/1.58-1+2016b
Processing control commands: > tags -1 + confirmed Bug #818531 [release.debian.org] wheezy-pu: package libdatetime-timezone-perl/1.58-1+2016b Added tag(s) confirmed. -- 818531: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818531 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#818531: wheezy-pu: package libdatetime-timezone-perl/1.58-1+2016b
Processing control commands: > tags -1 + pending Bug #818531 [release.debian.org] wheezy-pu: package libdatetime-timezone-perl/1.58-1+2016b Added tag(s) pending. -- 818531: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818531 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#815520: jessie-pu: package fglrx-driver/1:15.9-4~deb8u2 xvba-video_0.8.0-9+deb8u1
Control: tags -1 + pending On Mon, 2016-02-22 at 13:23 +, Adam D. Barratt wrote: [...] > On 2016-02-22 1:05, Andreas Beckmann wrote: > > the last fglrx-driver update in jessie brought a small regression: > > updates with xvba-va-driver installed fail due to a file overwrite > > conflict (#813427). > > xvba-va-driver is currently uninstallable in jessie. > > xvba-va-driver is no longer needed as a separate package, instead > > libfglrx-amdxvba1 brings equivalent files. > > > > We need to update both packages to fix this issue. [...] > > Let's do the discussion with this one bug here and clone it once it > > reached confirmed state. > > Looks okay to me. > > Assuming that the install and upgrade paths have been tested (I imagine > they have :-), please go ahead. xvba-video uploaded and flagged for acceptance. Regards, Adam
Bug#818531: wheezy-pu: package libdatetime-timezone-perl/1.58-1+2016b
Control: tags -1 + pending On Thu, 2016-03-17 at 22:20 +0100, gregor herrmann wrote: > On Thu, 17 Mar 2016 21:06:20 +, Adam D. Barratt wrote: > > > On Thu, 2016-03-17 at 20:47 +0100, gregor herrmann wrote: > > > I've prepared an update for libdatetime-timezone-perl in wheezy with > > > the data from the Olson db 2016b. As usual, the only change is a > > > quilt patch which adjusts the pm files containing the timezone data. > > Please go ahead. > > Thanks, uploaded. Flagged for acceptance. Regards, Adam
NEW changes in stable-new
Processing changes file: git_2.1.4-2.1+deb8u2_allonly.changes ACCEPT Processing changes file: git_2.1.4-2.1+deb8u2_amd64.changes ACCEPT Processing changes file: git_2.1.4-2.1+deb8u2_arm64.changes ACCEPT Processing changes file: git_2.1.4-2.1+deb8u2_armel.changes ACCEPT Processing changes file: git_2.1.4-2.1+deb8u2_armhf.changes ACCEPT Processing changes file: git_2.1.4-2.1+deb8u2_i386.changes ACCEPT Processing changes file: git_2.1.4-2.1+deb8u2_mips.changes ACCEPT Processing changes file: git_2.1.4-2.1+deb8u2_mipsel.changes ACCEPT Processing changes file: git_2.1.4-2.1+deb8u2_powerpc.changes ACCEPT Processing changes file: git_2.1.4-2.1+deb8u2_ppc64el.changes ACCEPT Processing changes file: git_2.1.4-2.1+deb8u2_s390x.changes ACCEPT
Processed: Re: Bug#815520: jessie-pu: package fglrx-driver/1:15.9-4~deb8u2 xvba-video_0.8.0-9+deb8u1
Processing control commands: > tags -1 + pending Bug #815520 [release.debian.org] jessie-pu: package fglrx-driver/1:15.9-4~deb8u2 Added tag(s) pending. -- 815520: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815520 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#818532: jessie-pu: package libdatetime-timezone-perl/1.75-2+2016b
Processing control commands: > tags -1 + pending Bug #818532 [release.debian.org] jessie-pu: package libdatetime-timezone-perl/1.75-2+2016b Added tag(s) pending. -- 818532: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818532 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#818689: jessie-pu: package amd64-microcode/2.20160316.1~deb8u1
Control: tags -1 + pending On Sat, 2016-03-19 at 16:30 -0300, Henrique de Moraes Holschuh wrote: > On Sat, 19 Mar 2016, Adam D. Barratt wrote: > > On Sat, 2016-03-19 at 15:50 -0300, Henrique de Moraes Holschuh wrote: > > > Unfortunately, the microcode for the earlier AMD Piledriver processors > > > being > > > distributed in the amd64-microcode packages currently in non-free > > > oldstable, > > > stable, testing and unstable has been found to be extremely dangerous. > > [...] > > > I would like to update the packages in stable, with basically the same > > > package that was already uploaded to unstable. The only difference is an > > > extra debian/changelog entry for the stable upload. > > > > Please go ahead. > > Thank you Adam! Uploaded! and flagged for acceptance in to p-u. Regards, Adam
Bug#818532: jessie-pu: package libdatetime-timezone-perl/1.75-2+2016b
Control: tags -1 + pending On Thu, 2016-03-17 at 21:04 +, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Thu, 2016-03-17 at 20:47 +0100, gregor herrmann wrote: > > I've prepared an update for libdatetime-timezone-perl in jessie with > > the data from the Olson db 2016b. As usual, the only change is a > > quilt patch which adjusts the pm files containing the timezone data. > > (Plus a typo fix in the changelog this time.) > > Please go ahead. Uploaded and flagged for acceptance. Regards, Adam
Processed: Re: Bug#818620: jessie-pu: package cinnamon-settings-daemon/2.2.4.repack-7+deb8u1
Processing control commands: > tags -1 + pending Bug #818620 [release.debian.org] jessie-pu: package cinnamon-settings-daemon/2.2.4.repack-7+deb8u1 Added tag(s) pending. -- 818620: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818620 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#818689: jessie-pu: package amd64-microcode/2.20160316.1~deb8u1
Processing control commands: > tags -1 + pending Bug #818689 [release.debian.org] jessie-pu: package amd64-microcode/2.20160316.1~deb8u1 Added tag(s) pending. -- 818689: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818689 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#818531: wheezy-pu: package libdatetime-timezone-perl/1.58-1+2016b
Control: tags -1 + confirmed On Thu, 2016-03-17 at 20:47 +0100, gregor herrmann wrote: > I've prepared an update for libdatetime-timezone-perl in wheezy with > the data from the Olson db 2016b. As usual, the only change is a > quilt patch which adjusts the pm files containing the timezone data. Please go ahead. Regards, Adam
Processed: Re: Bug#784679: jessie-pu: package rdesktop/1.8.2-3+deb8u1
Processing control commands: > tags -1 + pending Bug #784679 [release.debian.org] jessie-pu: package rdesktop/1.8.2-3+deb8u1 Added tag(s) pending. -- 784679: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784679 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#818689: jessie-pu: package amd64-microcode/2.20160316.1~deb8u1
On Sat, 19 Mar 2016, Adam D. Barratt wrote: > On Sat, 2016-03-19 at 15:50 -0300, Henrique de Moraes Holschuh wrote: > > Unfortunately, the microcode for the earlier AMD Piledriver processors being > > distributed in the amd64-microcode packages currently in non-free oldstable, > > stable, testing and unstable has been found to be extremely dangerous. > [...] > > I would like to update the packages in stable, with basically the same > > package that was already uploaded to unstable. The only difference is an > > extra debian/changelog entry for the stable upload. > > Please go ahead. Thank you Adam! Uploaded! -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
Bug#818689: jessie-pu: package amd64-microcode/2.20160316.1~deb8u1
Control: tags -1 + confirmed On Sat, 2016-03-19 at 15:50 -0300, Henrique de Moraes Holschuh wrote: > Unfortunately, the microcode for the earlier AMD Piledriver processors being > distributed in the amd64-microcode packages currently in non-free oldstable, > stable, testing and unstable has been found to be extremely dangerous. [...] > I would like to update the packages in stable, with basically the same > package that was already uploaded to unstable. The only difference is an > extra debian/changelog entry for the stable upload. Please go ahead. Regards, Adam
Processed: Re: Bug#818689: jessie-pu: package amd64-microcode/2.20160316.1~deb8u1
Processing control commands: > tags -1 + confirmed Bug #818689 [release.debian.org] jessie-pu: package amd64-microcode/2.20160316.1~deb8u1 Added tag(s) confirmed. -- 818689: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818689 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#818689: jessie-pu: package amd64-microcode/2.20160316.1~deb8u1
Package: release.debian.org Severity: normal Tags: jessie security User: release.debian@packages.debian.org Usertags: pu Unfortunately, the microcode for the earlier AMD Piledriver processors being distributed in the amd64-microcode packages currently in non-free oldstable, stable, testing and unstable has been found to be extremely dangerous. More details: http://seclists.org/oss-sec/2016/q1/450 http://www.theregister.co.uk/2016/03/06/amd_microcode_6000836_fix/ https://www.reddit.com/r/linux/comments/47s8a8/new_amd_microcode_vulnerability_from_unprivileged/ An urgency=critical upload to unstable is already installed, and waiting for the next mirror pulse. I would like to update the packages in stable, with basically the same package that was already uploaded to unstable. The only difference is an extra debian/changelog entry for the stable upload. Thank you! debdiff output: diffstat for amd64-microcode-2.20141028.1 amd64-microcode-2.20160316.1~deb8u1 README | 14 ++ debian/changelog | 33 + debian/control |2 +- microcode_amd_fam15h.bin |binary microcode_amd_fam15h.bin.asc | 14 +++--- 5 files changed, 55 insertions(+), 8 deletions(-) diff -Nru amd64-microcode-2.20141028.1/debian/changelog amd64-microcode-2.20160316.1~deb8u1/debian/changelog --- amd64-microcode-2.20141028.1/debian/changelog 2014-12-18 13:36:29.0 -0200 +++ amd64-microcode-2.20160316.1~deb8u1/debian/changelog2016-03-19 14:22:44.0 -0300 @@ -1,3 +1,36 @@ +amd64-microcode (2.20160316.1~deb8u1) stable; urgency=critical + + * This is exactly the same release as 2.20160316.1 + + -- Henrique de Moraes HolschuhSat, 19 Mar 2016 14:21:54 -0300 + +amd64-microcode (2.20160316.1) unstable; urgency=critical + + * Upstream release 20160316 built from linux-firmware: ++ Updated Microcodes: + sig 0x00600f20, patch id 0x0600084f, 2016-01-25 ++ This microcode updates fixes a critical erratum on NMI handling + introduced by microcode patch id 0x6000832 from the 20141028 update. + The erratum is also present on microcode patch id 0x6000836. ++ THIS IS A CRITICAL STABILITY AND SECURITY UPDATE FOR THE EARLIER + AMD PILEDRIVER PROCESSORS, including: + + AMD Opteron 3300, 4300, 6300 + + AMD FX "Vishera" (43xx, 63xx, 83xx, 93xx, 95xx) + + AMD processors with family 21, model 2, stepping 0 + * Robert Święcki, while fuzzing the kernel using the syzkaller tool, +uncovered very strange behavior on an AMD FX-8320, later reproduced on +other AMD Piledriver model 2, stepping 0 processors including the Opteron +6300. Robert discovered, using his proof-of-concept exploit code, that +the incorrect behavior allows an unpriviledged attacker on an unpriviledged +VM to corrupt the return stack of the host kernel's NMI handler. At best, +this results in unpredictable host behavior. At worst, it allows for an +unpriviledged user on unpriviledged VM to carry a sucessful host-kernel +ring 0 code injection attack. + * The erratum is timing-dependant, easily triggered by workloads that cause +a high number of NMIs, such as running the "perf" tool. + + -- Henrique de Moraes Holschuh Sat, 19 Mar 2016 14:02:44 -0300 + amd64-microcode (2.20141028.1) unstable; urgency=medium * Upstream release 20141028 built from linux-firmware: diff -Nru amd64-microcode-2.20141028.1/debian/control amd64-microcode-2.20160316.1~deb8u1/debian/control --- amd64-microcode-2.20141028.1/debian/control 2014-12-18 13:29:09.0 -0200 +++ amd64-microcode-2.20160316.1~deb8u1/debian/control 2016-03-19 14:21:48.0 -0300 @@ -10,7 +10,7 @@ XS-Autobuild: yes Package: amd64-microcode -Architecture: i386 amd64 +Architecture: i386 amd64 x32 Depends: ${misc:Depends} Breaks: intel-microcode (<< 2) Description: Processor microcode firmware for AMD CPUs Binary files /tmp/fBt3hF3hZL/amd64-microcode-2.20141028.1/microcode_amd_fam15h.bin and /tmp/Xa6pgjObby/amd64-microcode-2.20160316.1~deb8u1/microcode_amd_fam15h.bin differ diff -Nru amd64-microcode-2.20141028.1/microcode_amd_fam15h.bin.asc amd64-microcode-2.20160316.1~deb8u1/microcode_amd_fam15h.bin.asc --- amd64-microcode-2.20141028.1/microcode_amd_fam15h.bin.asc 2014-12-17 18:30:04.0 -0200 +++ amd64-microcode-2.20160316.1~deb8u1/microcode_amd_fam15h.bin.asc 2016-03-19 14:21:48.0 -0300 @@ -1,11 +1,11 @@ -BEGIN PGP SIGNATURE- Version: GnuPG v1 -iQEcBAABAgAGBQJUTqLvAAoJEOS+UznzKK5zyaIIAKZcXmU+sBO4YGH5Aq2SdRYe -rlwE5oeYNh+AdzzLm9EqHwSC+MciFI7HqQz8PvKAsfaoD17mQjonIXga8l2/w3OW -/vIJjJnu9QB2C9XpjAiQCxS5QaMtIfEEjVld+MeHs6Ld3PwGuAXCkxKcJ2sHLZd3 -UcwwHxcm98KYouogjVZoJeb226cjz6fzUVJK9t9yi2S+SWmIvkjSZEI6W0WFoFCL -x0jM7lFNcusGtg5K6UsyAdwPwvfbBN5FoV29/DaP+/HA4GP/W/cgbQxS72skDJg5
Qt and OpenSSL transition metadata in relation to Mumble package
Greetings. Executive summary: I'd like to know if there is metadata that can be added to the Qt4 and Qt5 packages (qt4-x11 and qtbase-opensource-src) which will indicate that they need to be binNMUed for OpenSSL transitions at nearly the same time that Mumble gets binNMUed. More detail: Qt (both 4 and 5) use dlopen() to load libssl/libcrypto libraries [see lines 634-654]: https://github.com/qtproject/qtbase/blob/dev/src/network/ssl/qsslsocket_openssl_symbols.cpp#L624-L727 and as a result during OpenSSL transitions where there's a library rename, two different copies of libssl/libcrypto can get loaded when running Mumble... one version Qt is compiled with, and one version Mumble is compiled with, and they may have ABI differences. This situation is non-trivial and caused Mumble to break (#804363) because the SSL library wasn't getting initialized, and we believe the patch that was used to fix this bug may be initializing both copies of SSL during the transition period, and because of the unknown of what this might cause, Mumble upstream is likely to implement code to disallow Mumble to continue running when two different copies of libssl/libcrypto are loaded: https://github.com/mumble-voip/mumble/pull/2124 We're hoping that there's some way that metadata could be added (somewhere) such that the Qt source packages and Mumble can be binNMUed/rebuilt around the same time for OpenSSL transitions. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804487#97 Is this possible? Thanks much. P.S. Please To/CC me as I'm not on the [debian-release] mailing list. -- Chris -- Chris Knadle chris.kna...@coredump.us
Bug#818620: jessie-pu: package cinnamon-settings-daemon/2.2.4.repack-7+deb8u1
Control: tags -1 + confirmed On Fri, 2016-03-18 at 20:40 +0100, Margarita Manterola wrote: > Moritz from the security team brought to the attention of the cinnamon team > that cinnamon-settings-daemon in stable contains a minor security issue that > has > already been fixed in upstream. > > This issue doesn't warrant a DSA, as it's only a circumvention of policykit > restrictions, but it would be good to fix it in a future point release. Please go ahead. Regards, Adam
Bug#814936: marked as done (transition: mpi-defaults)
Your message dated Thu, 17 Mar 2016 00:55:53 +0100 with message-id <56e9f289.50...@debian.org> and subject line Re: Bug#814936: transition: mpi-defaults has caused the Debian Bug report #814936, regarding transition: mpi-defaults to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 814936: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814936 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org User: release.debian@packages.debian.org Usertags: transition Tags: confirmed Last week I switched the default openmpi implementation on s390x from mpich to openmpi. Now the default MPI implementation is the same in all release architectures, which is nice per se. From what I can see in the past there were no rebuilds for this, but (as also others pointed out elsewhere) it would only make sense. There are also packages already failing to build due to dependencies being built against mpich but now building against openmpi. According to my grepping the packages affected are a strict subset of the ones doing the openmpi transition. Though maybe a ben tracker is better for this job. I try here to forge a valid thing, but I'm not sure of what I'm writing: is_affected = .build-depends ~ /mpi-default-dev/ & ( .depends ~ /libmpich.*/ | /libopenmpi.*/ ) is_good = .depends ~ /libopenmpi.*/ is_bad = .depends ~ /libmpich.*/ I expect at least the packages listed in the attachment in #813128#135. A handful need sourceful changes, I already done a couple and I'll do the rest too. I welcome any comments on the plan, or please schedule the appropriated rebuilds. I'm sorry this caused more mess and noise than what I originally planned, but from what I can see everything goes smoothly, at least (except for the noise itself). -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: http://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature --- End Message --- --- Begin Message --- On 01/03/16 00:04, Emilio Pozuelo Monfort wrote: On 29/02/16 20:10, Mattia Rizzolo wrote: ok, it looks good. Except for mpi4py and nwchem that FTBFS, I find this transition to be cool. Do you notice something that should be take care of? Otherwise I'd call this over. Those are the remaining ones yes. As discussed on IRC, mpi4py is now good, and nwchem is sid only. So let's close this. Cheers, Emilio--- End Message ---
Bug#816198: jessie-pu: package php-dompdf/0.6.1+dfsg-2
On 19.03.2016 17:57, Julien Cristau wrote: > Yes please. Here is the current debdiff. Cheers Markus Frosch -- mar...@lazyfrosch.de / lazyfro...@debian.org http://www.lazyfrosch.de diff -Nru php-dompdf-0.6.1+dfsg/debian/changelog php-dompdf-0.6.1+dfsg/debian/changelog --- php-dompdf-0.6.1+dfsg/debian/changelog 2014-04-23 21:24:29.0 +0200 +++ php-dompdf-0.6.1+dfsg/debian/changelog 2016-03-19 18:42:01.0 +0100 @@ -1,3 +1,17 @@ +php-dompdf (0.6.1+dfsg-2+deb8u1) stable-proposed-updates; urgency=medium + + * Non-maintainer upload. + * [22610bd] Add 0.6.2 hotfix patch (Closes: #813849) + +Fixes CVE: +* CVE-2014-5011 +* CVE-2014-5012 +* CVE-2014-5013 + +This update bundles CVE hotfixes from 0.6.2 upstream release. + + -- Markus FroschSat, 19 Mar 2016 18:40:34 +0100 + php-dompdf (0.6.1+dfsg-2) unstable; urgency=medium * Document security issue fixed in last upstream version, and upload to diff -Nru php-dompdf-0.6.1+dfsg/debian/patches/0100-0.6.2-hotfix.patch php-dompdf-0.6.1+dfsg/debian/patches/0100-0.6.2-hotfix.patch --- php-dompdf-0.6.1+dfsg/debian/patches/0100-0.6.2-hotfix.patch 1970-01-01 01:00:00.0 +0100 +++ php-dompdf-0.6.1+dfsg/debian/patches/0100-0.6.2-hotfix.patch 2016-03-19 18:36:53.0 +0100 @@ -0,0 +1,713 @@ +Description: Hotfix based on 0.6.2 + This patch fixes: + * CVE-2014-2383 + * CVE-2014-5011 + * CVE-2014-5012 + * CVE-2014-5013 + . + The patch bundles code changes from 0.6.2 +Author: Brian Sweeney +Origin: upstream +Applied-Upstream: 0.6.2 +Reviewed-by: Markus Frosch +Last-Update: 2016-02-27 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/dompdf.php b/dompdf.php +@@ -130,6 +130,8 @@ + $sapi = php_sapi_name(); + $options = array(); + ++$dompdf = new DOMPDF(); ++ + switch ( $sapi ) { + + case "cli": +@@ -169,7 +171,7 @@ + if ( $file === "-" ) + $outfile = "dompdf_out.pdf"; + else +- $outfile = str_ireplace(array(".html", ".htm", ".php"), "", $file) . ".pdf"; ++ $outfile = str_ireplace(array(".html", ".htm"), "", $file) . ".pdf"; + } + + if ( isset($opts["v"]) ) +@@ -194,6 +196,8 @@ + + default: + ++ $dompdf->set_option('enable_php', false); ++ + if ( isset($_GET["input_file"]) ) + $file = rawurldecode($_GET["input_file"]); + else +@@ -220,26 +224,12 @@ + + $file_parts = explode_url($file); + +- /* Check to see if the input file is local and, if so, that the base path falls within that specified by DOMDPF_CHROOT */ +- if(($file_parts['protocol'] == '' || $file_parts['protocol'] === 'file://')) { +-$file = realpath($file); +-if ( strpos($file, DOMPDF_CHROOT) !== 0 ) { +- throw new DOMPDF_Exception("Permission denied on $file. The file could not be found under the directory specified by DOMPDF_CHROOT."); +-} +- } +- +- if($file_parts['protocol'] === 'php://') { +-throw new DOMPDF_Exception("Permission denied on $file. This script does not allow PHP streams."); +- } +- + $outfile = "dompdf_out.pdf"; # Don't allow them to set the output file + $save_file = false; # Don't save the file + + break; + } + +-$dompdf = new DOMPDF(); +- + if ( $file === "-" ) { + $str = ""; + while ( !feof(STDIN) ) +--- a/dompdf_config.custom.inc.php b/dompdf_config.custom.inc.php +@@ -1,6 +1,7 @@ +-https://github.com/dompdf/dompdf/wiki ++ */ ++//define("DOMPDF_CHROOT", DOMPDF_DIR); ++//define("DOMPDF_ENABLE_PHP", false); ++//define("DOMPDF_ENABLE_REMOTE", false); +--- a/include/abstract_renderer.cls.php b/include/abstract_renderer.cls.php +@@ -100,7 +100,7 @@ + //Therefore read dimension directly from file, instead of creating gd object first. + //$img_w = imagesx($src); $img_h = imagesy($src); + +-list($img_w, $img_h) = dompdf_getimagesize($img); ++list($img_w, $img_h) = dompdf_getimagesize($img, $this->_dompdf->get_http_context()); + if (!isset($img_w) || $img_w == 0 || !isset($img_h) || $img_h == 0) { + return; + } +--- a/include/cpdf_adapter.cls.php b/include/cpdf_adapter.cls.php +@@ -604,7 +604,7 @@ + } + + function image($img, $x, $y, $w, $h, $resolution = "normal") { +-list($width, $height, $type) = dompdf_getimagesize($img); ++list($width, $height, $type) = dompdf_getimagesize($img, $this->_dompdf->get_http_context()); + + $debug_png = $this->_dompdf->get_option("debug_png"); + +--- a/include/dompdf.cls.php b/include/dompdf.cls.php +@@ -184,6 +184,25 @@ +* @var bool +*/ + private $_quirksmode = false; ++ ++ /** ++ * Protocol whitelist ++ * ++ * Protocols and PHP wrappers allowed in URLs. Full support is not ++ * guarantee for the protocols/wrappers contained in this array. ++ * ++ * @var array ++ */ ++ private $_allowed_protocols = array(null, "", "file://", "http://;, "https://;); ++ ++ /** ++ * Local file
Processed: Re: Bug#818620: jessie-pu: package cinnamon-settings-daemon/2.2.4.repack-7+deb8u1
Processing control commands: > tags -1 + confirmed Bug #818620 [release.debian.org] jessie-pu: package cinnamon-settings-daemon/2.2.4.repack-7+deb8u1 Added tag(s) confirmed. -- 818620: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818620 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#816198: jessie-pu: package php-dompdf/0.6.1+dfsg-2
On Tue, Mar 15, 2016 at 11:13:19 +0100, Markus Frosch wrote: > I can update the diff if you like, difference only in the changelog and patch > summary. > Yes please. Cheers, Julien
Bug#818679: jessie-pu: package sus/7.20160312~deb8u1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi, sus is a downloader package and one of the external tarballs being downloaded has changed, again. This is a rebuild of the package from sid for jessie. Andreas diff -Nru sus-7.20160107~deb8u1/debian/changelog sus-7.20160312~deb8u1/debian/changelog --- sus-7.20160107~deb8u1/debian/changelog 2016-01-16 01:05:52.0 +0100 +++ sus-7.20160312~deb8u1/debian/changelog 2016-03-19 17:10:15.0 +0100 @@ -1,3 +1,20 @@ +sus (7.20160312~deb8u1) jessie; urgency=medium + + * Non-maintainer upload. + * Rebuild for jessie. + + -- Andreas BeckmannSat, 19 Mar 2016 17:08:44 +0100 + +sus (7.20160312) unstable; urgency=medium + + * The upstream tarball for SUSv4 TC1 changed; update checksum +(Closes: #817819) + * urgency=medium since susv4 is no longer installable + * debian/control: +- Bump Standards-Version to 3.9.7 (No changes needed) + + -- David Weinehall Sat, 12 Mar 2016 03:27:19 +0200 + sus (7.20160107~deb8u1) jessie; urgency=medium * Non-maintainer upload. diff -Nru sus-7.20160107~deb8u1/debian/control sus-7.20160312~deb8u1/debian/control --- sus-7.20160107~deb8u1/debian/control 2014-09-18 01:05:33.0 +0200 +++ sus-7.20160312~deb8u1/debian/control 2016-03-12 02:25:59.0 +0100 @@ -3,7 +3,7 @@ Priority: extra Maintainer: David Weinehall Build-Depends-Indep: debhelper (>= 9) -Standards-Version: 3.9.6 +Standards-Version: 3.9.7 Package: susv2 Architecture: all diff -Nru sus-7.20160107~deb8u1/debian/susv4.postinst sus-7.20160312~deb8u1/debian/susv4.postinst --- sus-7.20160107~deb8u1/debian/susv4.postinst 2016-01-07 11:21:53.0 +0100 +++ sus-7.20160312~deb8u1/debian/susv4.postinst 2016-03-10 18:35:07.0 +0100 @@ -8,7 +8,7 @@ wget -P $TEMPDIR http://pubs.opengroup.org/onlinepubs/9699919799/download/susv4tc1.tar.bz2 echo Verifying SHA512 checksum... -SHA512SUM="1cb8dc3db53508c1929ac17feb09a2b0722192900c685c4e66ccca01c1a1362a6a9356366c6070fd71b334ff38ba0515beaff46278e59195fc9454b5a558b577" +SHA512SUM="a646544074cb13b891b71d83fbe65dc23665e4bce1fdef09931f3025229eb7225e2ff620f05646d48a0256d53c12c39282d155eba2d7bba3831ab1b87d7e640b" [ x"$(sha512sum $TEMPDIR/susv4tc1.tar.bz2 | cut -f1 -d\ )" = x"$SHA512SUM" ] || (rm -rf $TEMPDIR; exit 1) echo Untarring...
Bug#818672: jessie-pu: package pgplot5/5.2.2-19+deb8u1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi, pgplot5 FTBFS in jessie due to a hardcoded non-multiarch path to zconf.h. This is a backport of the 5.2.2-19.1 NMU to sid excluding the spurious addition of some .f files in debian/. Andreas diff -Nru pgplot5-5.2.2/debian/changelog pgplot5-5.2.2/debian/changelog --- pgplot5-5.2.2/debian/changelog 2012-03-05 05:48:13.0 +0100 +++ pgplot5-5.2.2/debian/changelog 2016-03-19 16:11:09.0 +0100 @@ -1,3 +1,11 @@ +pgplot5 (5.2.2-19+deb8u1) jessie; urgency=medium + + * Non-maintainer upload. + * Use multiarch path to zconf.h (Closes: #784783) +(thanks to Edmund Grimley Evans and Vincent McIntyre) + + -- Andreas BeckmannSat, 19 Mar 2016 16:09:24 +0100 + pgplot5 (5.2.2-19) unstable; urgency=low * Change Suggests to libpng-dev instead of libpng12-dev. diff -Nru pgplot5-5.2.2/debian/patches/linker-specific-changes pgplot5-5.2.2/debian/patches/linker-specific-changes --- pgplot5-5.2.2/debian/patches/linker-specific-changes 2011-11-19 06:45:51.0 +0100 +++ pgplot5-5.2.2/debian/patches/linker-specific-changes 2015-09-10 18:36:43.0 +0200 @@ -5,9 +5,11 @@ Last-Update: 2011-11-18 a/makemake -+++ b/makemake -@@ -658,6 +658,8 @@ +Index: pgplot5-5.2.2/makemake +=== +--- pgplot5-5.2.2.orig/makemake pgplot5-5.2.2/makemake +@@ -658,6 +658,8 @@ CPGPLOT_LIB=$CPGPLOT_LIB # SHARED_LIB=$SHARED_LIB SHARED_LD=$SHARED_LD @@ -16,7 +18,7 @@ # # The libraries that the shared PGPLOT library depends upon. # This is for systems that allow one to specify what libraries -@@ -667,6 +669,7 @@ +@@ -667,6 +669,7 @@ SHARED_LD=$SHARED_LD # libraries when they link their executables. # SHARED_LIB_LIBS=$SHARED_LIB_LIBS @@ -24,7 +26,7 @@ # # Ranlib command if required # -@@ -806,7 +809,8 @@ +@@ -806,7 +809,8 @@ grexec.o: grexec.f # libraries. #--- @@ -34,7 +36,7 @@ libpgplot.a : $(PG_ROUTINES) $(PG_NON_STANDARD) $(GR_ROUTINES) \ $(DISPATCH_ROUTINE) $(DRIVERS) $(SYSTEM_ROUTINES) -@@ -816,6 +820,16 @@ +@@ -816,6 +820,16 @@ libpgplot.a : $(PG_ROUTINES) $(PG_NON_ST $(DRIVERS) $(SYSTEM_ROUTINES) | sort | uniq` $(RANLIB) libpgplot.a @@ -51,7 +53,7 @@ EOD # Emit the shared library dependency if requested. -@@ -824,7 +838,7 @@ +@@ -824,7 +838,7 @@ if test -n "$SHARED_LIB" -a -n "$SHARED_ cat >> makefile << \EOD $(SHARED_LIB): $(PG_ROUTINES) $(PG_NON_STANDARD) \ $(GR_ROUTINES) $(DISPATCH_ROUTINE) $(DRIVERS) $(SYSTEM_ROUTINES) @@ -60,16 +62,24 @@ $(PG_NON_STANDARD) $(GR_ROUTINES) $(DISPATCH_ROUTINE) \ $(DRIVERS) $(SYSTEM_ROUTINES) | sort | uniq` $(SHARED_LIB_LIBS) EOD -@@ -1025,7 +1039,7 @@ +@@ -1019,13 +1033,15 @@ EOD + + cat >> makefile << \EOD + ++DEB_HOST_MULTIARCH=$(shell dpkg-architecture -qDEB_HOST_MULTIARCH) ++ + # Miscellaneous include files required by drivers + + griv00.o : $(DRVDIR)/gadef.h $(DRVDIR)/gmdef.h $(DRVDIR)/gphdef.h grivas.o : $(DRVDIR)/gadef.h grtv00.o : $(DRVDIR)/imdef.h pgxwin.o : $(DRVDIR)/pgxwin.h -pndriv.o : ./png.h ./pngconf.h ./zlib.h ./zconf.h -+pndriv.o : /usr/include/png.h /usr/include/pngconf.h /usr/include/zlib.h /usr/include/zconf.h ++pndriv.o : /usr/include/png.h /usr/include/pngconf.h /usr/include/zlib.h /usr/include/$(DEB_HOST_MULTIARCH)/zconf.h x2driv.o figdisp_comm.o: $(DRVDIR)/commands.h -@@ -1039,6 +1053,8 @@ +@@ -1039,6 +1055,8 @@ cpg: libcpgplot.a cpgplot.h cpgdemo @echo 'will be needed.' @echo ' ' @@ -78,7 +88,7 @@ pgbind: $(SRC)/cpg/pgbind.c $(CCOMPL) $(CFLAGC) $(SRC)/cpg/pgbind.c -o pgbind -@@ -1050,6 +1066,13 @@ +@@ -1050,6 +1068,13 @@ libcpgplot.a cpgplot.h: $(PG_SOURCE) pgb $(RANLIB) libcpgplot.a rm -f cpg*.o
NEW changes in stable-new
Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u4_amd64.changes ACCEPT Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u4_arm64.changes ACCEPT Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u4_armhf.changes ACCEPT Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u4_i386.changes ACCEPT Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u4_mips.changes ACCEPT Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u4_powerpc.changes ACCEPT Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u4_ppc64el.changes ACCEPT Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u5_amd64.changes ACCEPT Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u5_arm64.changes ACCEPT Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u5_armel.changes ACCEPT Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u5_armhf.changes ACCEPT Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u5_i386.changes ACCEPT Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u5_mips.changes ACCEPT Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u5_mipsel.changes ACCEPT Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u5_powerpc.changes ACCEPT Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u5_ppc64el.changes ACCEPT Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u5_s390x.changes ACCEPT
Bug#785053: jessie-pu: package nss-pam-ldapd/0.9.4-3+deb8u1
On Sat, 2016-03-19 at 15:47 +0100, Adam D. Barratt wrote : > If you're expecting the package to have magically appeared in stable > already, that only happens at a point release. The next is planned for > early April, as per > https://lists.debian.org/debian-project/2016/03/msg00027.html Thanks for those explanations, and sorry by the way for my last message. I've misunderstanding the proposed-updates queue... Jérôme
Bug#785053: jessie-pu: package nss-pam-ldapd/0.9.4-3+deb8u1
On Sat, 2016-03-19 at 15:10 +0100, Jérôme Lebleu wrote: > Hi, > > On Sat, 13 Feb 2016 12:27:51 + "Adam D. Barratt" >wrote: > > It was actually nearer a month, but it got uploaded and I've just > > flagged it for acceptance. > > Thanks, glad to know that things are moving on! Unfortunately, nothing > changes on one month again... Any hope to see this bug fixed before the > release of Stretch please? :) I'm not really sure what you mean here. The package was uploaded to the proposed-updates queue and accepted, and is currently available in proposed-updates. If you're happy to install packages from there then you're welcome to test whether the uploaded fix works for you, as per https://www.debian.org/releases/proposed-updates If you're expecting the package to have magically appeared in stable already, that only happens at a point release. The next is planned for early April, as per https://lists.debian.org/debian-project/2016/03/msg00027.html Regards, Adam
Bug#785053: jessie-pu: package nss-pam-ldapd/0.9.4-3+deb8u1
Hi, On Sat, 13 Feb 2016 12:27:51 + "Adam D. Barratt"wrote: > It was actually nearer a month, but it got uploaded and I've just > flagged it for acceptance. Thanks, glad to know that things are moving on! Unfortunately, nothing changes on one month again... Any hope to see this bug fixed before the release of Stretch please? :) Thank you in advance! Jérôme
Bug#818666: transition: pypy
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi, looks like pypy 5.0 started a transition, the virtual package pypy-abi-26 changed to pypy-abi-41. There are some uninstallable rdepends now: pypy-dulwich, pypy-zmq. Maybe it's sufficient to just binNMU them (but I didn't test this): nmu dulwich_0.12.0-1 . ANY . -m "Rebuild against pypy 5.0" nmu pyzmq_15.1.0-1 . ANY . -m "Rebuild against pypy 5.0" Ben file: title = "pypy"; is_affected = .depends ~ /pypy-abi/; is_good = .depends ~ "pypy-abi-41"; is_bad = .depends ~ "pypy-abi-26"; Andreas
Bug#818483: nmu: haskell-network-protocol-xmpp_0.4.8-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, in order to fix #814055 and #813078, and prevent auto-removal of git-annex in testing, without waiting for the current Haskell transition, I believe it should help to binNMU haskell-network-protocol-xmpp in testing: nmu haskell-network-protocol-xmpp_0.4.8-2 . ANY . stretch . -m "rebuild against libgnutls30" Thanks, Joachim - -- System Information: Debian Release: stretch/sid APT prefers buildd-unstable APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEARECAAYFAlbqwl0ACgkQ9ijrk0dDIGxXaQCgjolWPuNlRYGBsUCD3+8xG572 YlYAoKWu6krw/4yAwr6id0Q9AMkFsb6N =jRoK -END PGP SIGNATURE-
Processed: your mail
Processing commands for cont...@bugs.debian.org: > tags 813916 pending Bug #813916 [release.debian.org] transition: gdal Added tag(s) pending. > tags 815260 pending Bug #815260 [release.debian.org] transition: libpgm Added tag(s) pending. > tags 815931 pending Bug #815931 [release.debian.org] transition: cfitsio Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 813916: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813916 815260: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815260 815931: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815931 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#813542: marked as done (transition: nvidia-cuda-toolkit)
Your message dated Sat, 19 Mar 2016 13:03:09 +0100 with message-id <56ed3ffd.8030...@debian.org> and subject line Re: Bug#813542: transition: nvidia-cuda-toolkit has caused the Debian Bug report #813542, regarding transition: nvidia-cuda-toolkit to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 813542: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813542 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Forwarded: https://release.debian.org/transitions/html/auto-nvidia-cuda-toolkit.html I'd like to move nvidia-cuda-toolkit 7.0 from experimental to unstable to make room for working on 7.5. The rdepends have been tested with the new toolkit. Since they cannot be autobuilt (B-D in non-free) this will require maintainer-provided binNMUs (or sourceful uploads), we are ready to do this. * boinc is a false positive, it depends on a long list of cuda alternatives, no action required for 7.0 * starpu-contrib overlaps with the openmpi transition, but would require a manual binNMU/upload anyway for that * eztrace-contrib (sid-only) may have to wait for 7.5. * hwloc-contrib, pycuda are ready (just verified again myself that hwloc-contrib, pycuda, starpu-contrib successfully build with nvidia-cuda-toolkit (>= 7) (and openmpi 1.10.x)) There may be a few RMs be needed in sid since i386 is no longer supported, but most i386 rdepends binaries should be gone already. Ben file: the autogenerated one looks good Andreas --- End Message --- --- Begin Message --- On 03/02/16 00:23, Emilio Pozuelo Monfort wrote: Control: tags -1 confirmed On 02/02/16 23:58, Andreas Beckmann wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Forwarded: https://release.debian.org/transitions/html/auto-nvidia-cuda-toolkit.html I'd like to move nvidia-cuda-toolkit 7.0 from experimental to unstable to make room for working on 7.5. The rdepends have been tested with the new toolkit. Since they cannot be autobuilt (B-D in non-free) this will require maintainer-provided binNMUs (or sourceful uploads), we are ready to do this. * boinc is a false positive, it depends on a long list of cuda alternatives, no action required for 7.0 * starpu-contrib overlaps with the openmpi transition, but would require a manual binNMU/upload anyway for that * eztrace-contrib (sid-only) may have to wait for 7.5. * hwloc-contrib, pycuda are ready (just verified again myself that hwloc-contrib, pycuda, starpu-contrib successfully build with nvidia-cuda-toolkit (>= 7) (and openmpi 1.10.x)) There may be a few RMs be needed in sid since i386 is no longer supported, but most i386 rdepends binaries should be gone already. Ack. This finished a while ago. Closing. Emilio--- End Message ---
Bug#815782: marked as done (transition: libmatio)
Your message dated Sat, 19 Mar 2016 13:03:52 +0100 with message-id <56ed4028.4040...@debian.org> and subject line Re: Bug#815782: transition: libmatio has caused the Debian Bug report #815782, regarding transition: libmatio to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 815782: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815782 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Control: forwarded -1 https://release.debian.org/transitions/html/auto-libmatio.html Dear Release Team, Please schedule a transition for libmatio, whose new version (1.5.6-1) stands in experimental. All reverse deps seems to build fine, so this should normally be a smooth ride. Cheers, -- .''`.Sébastien Villemot : :' :Debian Developer `. `' http://sebastien.villemot.name `- GPG Key: 4096R/381A7594 signature.asc Description: PGP signature --- End Message --- --- Begin Message --- On 24/02/16 20:32, Sébastien Villemot wrote: Le mercredi 24 février 2016 à 18:14 +0100, Emilio Pozuelo Monfort a écrit : On 24/02/16 13:36, Sébastien Villemot wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Control: forwarded -1 https://release.debian.org/transitions/html/a uto-libmatio.html Dear Release Team, Please schedule a transition for libmatio, whose new version (1.5.6-1) stands in experimental. All reverse deps seems to build fine, so this should normally be a smooth ride. Go ahead. Uploaded. This is done. Emilio--- End Message ---
Bug#817184: marked as done (transition: sndio)
Your message dated Sat, 19 Mar 2016 13:05:13 +0100 with message-id <56ed4079.40...@debian.org> and subject line Re: Bug#817184: transition: sndio has caused the Debian Bug report #817184, regarding transition: sndio to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 817184: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817184 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition libsndio has undergone a minor SONAME bump in the latest release; there is however no consequential change in the public API that I'm aware of. The updated package is already in experimental, and all rdeps still build. There should be no action necessary for rdeps other than a rebuild. There are two rdeps in common with libcdio, which also has a transition staged in experimental; there is no reason libsndio shouldn't wait a while if that makes things easier. At least one rdep would like to wait to fix an RC bug anyway. For reference, reverse-dependencies of libsndio6.0 in unstable are: * sndiod, sndio-tools: Same source package as libsndio6.0, non-issue * libsdl2: maintainers would like to fix an RC bug first rather than binNMU * mpv, audacious-plugins: should need only a rebuild --- End Message --- --- Begin Message --- On 09/03/16 12:49, Gianfranco Costamagna wrote: Hi Please go ahead. done a few seconds ago. and this is over. Emilio--- End Message ---
Bug#761128: marked as done (transition: oce)
Your message dated Sat, 19 Mar 2016 13:09:49 +0100 with message-id <56ed418d.9060...@debian.org> and subject line Re: Bug#761128: Processed: closing 761128 has caused the Debian Bug report #761128, regarding transition: oce to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 761128: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761128 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org User: release.debian@packages.debian.org Usertags: transition Severity: normal Hello, I would like to upload oce 0.16 into unstable, it is currently in experimental. This source package provides several development libraries, their soname version have been bumped. The following packages build-depend on oce and have been successfully rebuilt without source changes: gmsh 2.8.5+dfsg-1.1 freecad 0.14.3702+dfsg-2 netgen4.9.13.dfsg-8 Ben file: title = "oce"; is_affected = .build-depends ~ /liboce-.*-dev/; is_good = .depends ~ /liboce-foundation9/; is_bad = .depends ~ /liboce-foundation8/; Thanks, Denis --- End Message --- --- Begin Message --- On 09/02/16 21:21, Emilio Pozuelo Monfort wrote: Control: reopen -1 On 07/02/16 17:18, Debian Bug Tracking System wrote: Processing commands for cont...@bugs.debian.org: close 761128 Bug #761128 [release.debian.org] transition: oce Marked Bug as done This isn't finished yet; the old libraries are still in testing. Those got out of testing. Closing. Emilio--- End Message ---
Processed: Re: Bug#818615: jessie-pu: package gtk+2.0
Processing control commands: > tags -1 + moreinfo Bug #818615 [release.debian.org] jessie-pu: package gtk+2.0 Added tag(s) moreinfo. -- 818615: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818615 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#818483: nmu: haskell-network-protocol-xmpp_0.4.8-2
On 17/03/16 15:42, Joachim Breitner wrote: in order to fix #814055 and #813078, and prevent auto-removal of git-annex in testing, without waiting for the current Haskell transition, I believe it should help to binNMU haskell-network-protocol-xmpp in testing: nmu haskell-network-protocol-xmpp_0.4.8-2 . ANY . stretch . -m "rebuild against libgnutls30" The only architecture still at 0.4.8-2 in unstable is mips64el which is not in testing, so that's not a problem. Scheduled: https://buildd.debian.org/status/package.php?p=haskell-network-protocol-xmpp=stretch I trust that you will look at haskell so packages can migrate again soon ;) Cheers, Emilio
Bug#818531: wheezy-pu: package libdatetime-timezone-perl/1.58-1+2016b
Package: release.debian.org Severity: normal Tags: wheezy User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I've prepared an update for libdatetime-timezone-perl in wheezy with the data from the Olson db 2016b. As usual, the only change is a quilt patch which adjusts the pm files containing the timezone data. Manually stripped down debdiff attached. Cheers, gregor -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQJ8BAEBCgBmBQJW6wnoXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREMUUxMzE2RTkzQTc2MEE4MTA0RDg1RkFC QjNBNjgwMTg2NDlBQTA2AAoJELs6aAGGSaoGHSEP+QGHXGXEt87l1ZP2LNv5ygtj 98UIOnkTM0Cnx6pWM/mT64YOMQk5HnTiBOfZvBSuayrplvGyqufSNZs4iE1eHSES W2/2cNk+oaIT8pSs9932qgblFlGxQgWiUwCYdH4UX706xLY3KHnZNDQsIMK9r/AN i1J4pFjvY6gvY7dNz+/QHO31/2SAvkV/PJd4gOk9l1hwbiaFtaLsXsA9di6O/Q4S TZvbpAukAcotRwmbbLeJYVW4GF9MdBtqvjxRuiFPdLGeaWeFn4nH/rvfPVdVgBVi OIjoBLbaYg4SkJmOgiaXAml7SkWu/3n1ncs6GvByQVF46i7bIT8Ibr8mnuUyAp+S aFLcHUZE43F3U0FDPU7+PD4Pj54LrJOjHkPMuuAaVuF3Ead/Aj/2aSxb9Rx4t3Sy gp+jupQ9T7dMtKZ0BMsa5ifCBAcj08g19Ek5ZgSTfn9sCPgpEUnCIrw+zljZpL7X jrt4HDp8JxMjBgyyiBxNT7tbSSY0NdeclM8+7WVbYFEQ7JlKrf4BEkl8TiiaIWNA TQrGM9Zxnhs1kgTMZOuBcIWqRG6VqaOH8BYuS65uHIqyXDPZUieLW+Mi/+yf8uVe XXFXpbeRW7r40hiMNOkeHxaoBxFzBFqvlWDI9NM3sNaAcp76t0ltkGnzbih4MIEX mNomwhA5kE9s2n03sv2B =8qxS -END PGP SIGNATURE- diff -Nru libdatetime-timezone-perl-1.58/debian/changelog libdatetime-timezone-perl-1.58/debian/changelog --- libdatetime-timezone-perl-1.58/debian/changelog 2016-02-03 20:45:11.0 +0100 +++ libdatetime-timezone-perl-1.58/debian/changelog 2016-03-17 20:35:07.0 +0100 @@ -1,3 +1,9 @@ +libdatetime-timezone-perl (1:1.58-1+2016b) UNRELEASED; urgency=medium + + * Update to Olson database version 2016b. + + -- gregor herrmannThu, 17 Mar 2016 20:34:48 +0100 + libdatetime-timezone-perl (1:1.58-1+2016a) wheezy; urgency=medium * Update to Olson database version 2016a. diff -Nru libdatetime-timezone-perl-1.58/debian/patches/olson-2016b libdatetime-timezone-perl-1.58/debian/patches/olson-2016b --- libdatetime-timezone-perl-1.58/debian/patches/olson-2016b 1970-01-01 01:00:00.0 +0100 +++ libdatetime-timezone-perl-1.58/debian/patches/olson-2016b 2016-03-17 20:35:07.0 +0100 @@ -0,0 +1,13179 @@ +Description: Update to Olson database version 2016b. +Origin: vendor +Author: gregor herrmann +Last-Update: 2016-03-17 + +--- a/lib/DateTime/TimeZone/Africa/Abidjan.pm b/lib/DateTime/TimeZone/Africa/Abidjan.pm +@@ -3,7 +3,7 @@ + # DateTime::TimeZone module distribution in the tools/ directory + + # +-# Generated from debian/tzdata/africa. Olson data version 2016a ++# Generated from debian/tzdata/africa. Olson data version 2016b + # + # Do not edit this file directly. + # +@@ -42,7 +42,7 @@ + ], + ]; + +-sub olson_version { '2016a' } ++sub olson_version { '2016b' } + + sub has_dst_changes { 0 } + +--- a/lib/DateTime/TimeZone/Catalog.pm b/lib/DateTime/TimeZone/Catalog.pm +@@ -182,6 +182,7 @@ + Asia/Baghdad + Asia/Baku + Asia/Bangkok ++ Asia/Barnaul + Asia/Beirut + Asia/Bishkek + Asia/Brunei +@@ -273,6 +274,7 @@ + EST5EDT + Europe/Amsterdam + Europe/Andorra ++ Europe/Astrakhan + Europe/Athens + Europe/Belgrade + Europe/Berlin +@@ -306,6 +308,7 @@ + Europe/Stockholm + Europe/Tallinn + Europe/Tirane ++ Europe/Ulyanovsk + Europe/Uzhgorod + Europe/Vienna + Europe/Vilnius +@@ -554,6 +557,7 @@ + Baghdad + Baku + Bangkok ++Barnaul + Beirut + Bishkek + Brunei +@@ -646,6 +650,7 @@ + 'Europe' => [ qw( + Amsterdam + Andorra ++Astrakhan + Athens + Belgrade + Berlin +@@ -679,6 +684,7 @@ + Stockholm + Tallinn + Tirane ++Ulyanovsk + Uzhgorod + Vienna + Vilnius +@@ -766,15 +772,15 @@ + ) ], + 'aq' => [ qw( + Antarctica/McMurdo +-Antarctica/Rothera +-Antarctica/Palmer +-Antarctica/Mawson +-Antarctica/Davis + Antarctica/Casey +-Antarctica/Vostok ++Antarctica/Davis + Antarctica/DumontDUrville ++Antarctica/Mawson ++Antarctica/Palmer ++Antarctica/Rothera + Antarctica/Syowa + Antarctica/Troll ++Antarctica/Vostok + ) ], + 'ar' => [ qw( + America/Argentina/Buenos_Aires +@@ -907,11 +913,11 @@ + America/Thunder_Bay + America/Iqaluit + America/Pangnirtung +-America/Resolute + America/Atikokan +-America/Rankin_Inlet + America/Winnipeg + America/Rainy_River ++America/Resolute ++America/Rankin_Inlet + America/Regina + America/Swift_Current + America/Edmonton +@@ -1425,10 +1431,13 @@ + Europe/Moscow + Europe/Simferopol + Europe/Volgograd ++Europe/Astrakhan + Europe/Samara ++Europe/Ulyanovsk + Asia/Yekaterinburg + Asia/Omsk + Asia/Novosibirsk ++Asia/Barnaul + Asia/Novokuznetsk + Asia/Krasnoyarsk + Asia/Irkutsk +@@ -1870,7 +1879,7
Bug#818549: jessie-pu: package icedtea-web/1.5.3-1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi, I'd like to update icedtea-web in jessie to 1.5.3 in the next jessie point release. This fixes two security issues (CVE-2015-5234, CVE-2015-5235), which are not easily backportable, so I rather made the update to the minor point update which fixes those (similar to what we do with openjdk-7 itself). I've tested this on a jessie with various web applets I could find (fortunately finding these in the wild is becoming increasingly difficult!). The debdiff is here: https://people.debian.org/~jmm/icedtea-web.debdiff (the actual change to the debian/ directory is just the changelog entry bump). Ubuntu has also updated to those point bugfix updates in USNs for a while now. Cheers, Moritz
NEW changes in stable-new
Processing changes file: rdesktop_1.8.2-3+deb8u1_mips.changes ACCEPT
Re: Reduce required age for src:linux
On Sat, Mar 19, 2016 at 03:19:20 +, Ben Hutchings wrote: > Linux 4.4 has been kept out of testing due to regressions, most notably > in EFI support on amd64. These should all be resolved in the current > unstable version, 4.4.6-1, and I would like to get this into testing as > soon as possible, making way for 4.5 in unstable. > > Please consider reducing the required age to 2 days. > Done. Cheers, Julien
Bug#818620: jessie-pu: package cinnamon-settings-daemon/2.2.4.repack-7+deb8u1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi! Moritz from the security team brought to the attention of the cinnamon team that cinnamon-settings-daemon in stable contains a minor security issue that has already been fixed in upstream. This issue doesn't warrant a DSA, as it's only a circumvention of policykit restrictions, but it would be good to fix it in a future point release. I'm attaching the debdiff between the version currently in stable and the proposed package for the point release. Thanks! -- System Information: Debian Release: 8.2 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru cinnamon-settings-daemon-2.2.4.repack/debian/changelog cinnamon-settings-daemon-2.2.4.repack/debian/changelog --- cinnamon-settings-daemon-2.2.4.repack/debian/changelog 2014-10-25 16:14:33.0 +0200 +++ cinnamon-settings-daemon-2.2.4.repack/debian/changelog 2016-03-18 20:32:16.0 +0100 @@ -1,3 +1,10 @@ +cinnamon-settings-daemon (2.2.4.repack-7+deb8u1) stable; urgency=medium + + * Add debian/patches/csd-datetime-polkit-auth to fix a minor security bug. +http://www.openwall.com/lists/oss-security/2015/10/28/3 + + -- Margarita ManterolaFri, 18 Mar 2016 20:13:36 +0100 + cinnamon-settings-daemon (2.2.4.repack-7) unstable; urgency=medium [ Fabio Fantoni ] diff -Nru cinnamon-settings-daemon-2.2.4.repack/debian/patches/csd-datetime-polkit-auth cinnamon-settings-daemon-2.2.4.repack/debian/patches/csd-datetime-polkit-auth --- cinnamon-settings-daemon-2.2.4.repack/debian/patches/csd-datetime-polkit-auth 1970-01-01 01:00:00.0 +0100 +++ cinnamon-settings-daemon-2.2.4.repack/debian/patches/csd-datetime-polkit-auth 2016-03-18 20:32:16.0 +0100 @@ -0,0 +1,21 @@ +Description: csd-datetime forgets to authorize users +Author: https://github.com/leigh123linux +Origin: upstream, ac5e0be8c1817616dbdb056b6881cfc4660f57a8 +Bug: http://www.openwall.com/lists/oss-security/2015/10/28/3 +Last-Update: 2016-03-14 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: cinnamon-settings-daemon/plugins/datetime/csd-datetime-mechanism.c +=== +--- cinnamon-settings-daemon.orig/plugins/datetime/csd-datetime-mechanism.c 2016-03-14 20:18:33.588428169 +0100 cinnamon-settings-daemon/plugins/datetime/csd-datetime-mechanism.c 2016-03-14 20:26:56.302535208 +0100 +@@ -354,6 +354,9 @@ + int exit_status; + GError *error; + ++if (!_check_polkit_for_action (mechanism, context)) ++return FALSE; ++ + date_str = g_strdup_printf ("%02d/%02d/%d", month, day, year); + error = NULL; + diff -Nru cinnamon-settings-daemon-2.2.4.repack/debian/patches/series cinnamon-settings-daemon-2.2.4.repack/debian/patches/series --- cinnamon-settings-daemon-2.2.4.repack/debian/patches/series 2014-10-25 16:14:33.0 +0200 +++ cinnamon-settings-daemon-2.2.4.repack/debian/patches/series 2016-03-18 20:32:16.0 +0100 @@ -2,3 +2,4 @@ power-manager-upower-0.99-support calculator-mediakey.patch enable-3finger-tap.patch +csd-datetime-polkit-auth
Bug#815153: marked as done (transition: libvigraimpex)
Your message dated Fri, 18 Mar 2016 12:01:58 +0100 with message-id <56ebe026.4080...@debian.org> and subject line Re: Bug#815153: transition: libvigraimpex has caused the Debian Bug report #815153, regarding transition: libvigraimpex to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 815153: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815153 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hello, I want to register a transition of libvigraimpex[1] because there are changes in the ABI. The new version of the package has been uploaded to experimental now, it's 1.10.0+git20160211.167be93-1. The new binary package of the shared library is libvigraimpex6, and there's an SONAME bump involved)[2]. But the ABI changes are related to the package in testing (1.10.0+dfsg-11). The package currently in unstable (1.10.0+git20160120.803d5d4-1) isn't optimal, I've missed the ABI changes (additions but not the changes are mentioned in the changelog) and the SONAME bump[3], that doesn't happen again. Unfortunately the old version couldn't be reuploaded nor backported for unstable because there was a FTBFS with updated Numpy[3], maybe you have a suggestion what could be done here. There are no further ABI diffs between 1.10.0+git20160120.803d5d4-1 (unstable) and 1.10.0+git20160211.167be93-1 (the packaging of branch 1-11-rc in experimental), and we've already test build the reverse dependencies (please see [4] on that). However, libvigraimpex currently doesn't build on all official supported archs, I'm on this to get solved and upload one more package in experimental soon. Thank you, Daniel Stender Ben file: title = "libvigraimpex"; is_affected = .build_depends ~ "libvigraimpex-dev"; is_good = .depends ~ "libvigraimpex6"; is_bad = .depends ~ "libvigraimpex5v5"; [1]: https://packages.qa.debian.org/libv/libvigraimpex.html [2]: http://www.danielstender.com/uploads/compat_report.html [3]: https://bugs.debian.org/811370 (libvigraimpex: FTBFS in sid: test suite failure due to pynum 1.10) [4]: https://bugs.debian.org/813415 (libvigraimpex5v5: soname bump without package name change) -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- On 24/02/16 20:13, Emilio Pozuelo Monfort wrote: Now, the transition is started but your package still fails to build on a few release architectures. That needs fixing. This transition just finished. Cheers, Emilio--- End Message ---
Bug#810568: marked as done (transition: openexr)
Your message dated Fri, 18 Mar 2016 12:01:16 +0100 with message-id <56ebdffc.4050...@debian.org> and subject line Re: Bug#810568: transition: openexr has caused the Debian Bug report #810568, regarding transition: openexr to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 810568: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810568 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi I'd like to request a transition for openexr (and ilmbase). Ben file: title = "openexr"; is_affected = .depends ~ "libopenexr6v5" | .depends ~ "libopenexr6"; is_good = .depends ~ "libopenexr22"; is_bad = .depends ~ "libopenexr6v5"; --- End Message --- --- Begin Message --- On 09/01/16 22:59, Mathieu Malaterre wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi I'd like to request a transition for openexr (and ilmbase). These were waiting for libvigraimpex, and just finished. Cheers, Emilio--- End Message ---
NEW changes in oldstable-new
Processing changes file: wireshark_1.8.2-5wheezy18_amd64.changes ACCEPT Processing changes file: wireshark_1.8.2-5wheezy18_armel.changes ACCEPT Processing changes file: wireshark_1.8.2-5wheezy18_armhf.changes ACCEPT Processing changes file: wireshark_1.8.2-5wheezy18_i386.changes ACCEPT Processing changes file: wireshark_1.8.2-5wheezy18_ia64.changes ACCEPT Processing changes file: wireshark_1.8.2-5wheezy18_kfreebsd-amd64.changes ACCEPT Processing changes file: wireshark_1.8.2-5wheezy18_kfreebsd-i386.changes ACCEPT Processing changes file: wireshark_1.8.2-5wheezy18_mips.changes ACCEPT Processing changes file: wireshark_1.8.2-5wheezy18_mipsel.changes ACCEPT Processing changes file: wireshark_1.8.2-5wheezy18_powerpc.changes ACCEPT Processing changes file: wireshark_1.8.2-5wheezy18_s390.changes ACCEPT Processing changes file: wireshark_1.8.2-5wheezy18_s390x.changes ACCEPT Processing changes file: wireshark_1.8.2-5wheezy18_sparc.changes ACCEPT
Processed: Re: Bug#818532: jessie-pu: package libdatetime-timezone-perl/1.75-2+2016b
Processing control commands: > tags -1 + confirmed Bug #818532 [release.debian.org] jessie-pu: package libdatetime-timezone-perl/1.75-2+2016b Added tag(s) confirmed. -- 818532: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818532 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
NEW changes in stable-new
Processing changes file: rdesktop_1.8.2-3+deb8u1_armel.changes ACCEPT Processing changes file: rdesktop_1.8.2-3+deb8u1_armhf.changes ACCEPT Processing changes file: rdesktop_1.8.2-3+deb8u1_s390x.changes ACCEPT