Bug#852818: marked as done (unblock: python-oslo.middleware/3.19.0-3 CVE-2017-2592: CatchErrors leaks sensitive values in oslo.middleware (#852742))

2017-01-31 Thread Debian Bug Tracking System 
Your message dated Wed, 01 Feb 2017 07:03:00 +
with message-id <8eb11867-736b-c0e7-3307-12c0fa75a...@thykier.net>
and subject line Re: Bug#852818: unblock: python-oslo.middleware/3.19.0-3 
CVE-2017-2592: CatchErrors leaks sensitive values in oslo.middleware (#852742)
has caused the Debian Bug report #852818,
regarding unblock: python-oslo.middleware/3.19.0-3 CVE-2017-2592: CatchErrors 
leaks sensitive values in oslo.middleware (#852742)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
852818: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852818
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

CVE-2017-2592 was reported against python-oslo.middleware/3.19.0-2. We need
python-oslo.middleware/3.19.0-3 in Stretch fast.

Please override the urgency to 5 days, so that this CVE fix can migrate
faster.

Cheers,

Thomas Goirand (zigo)
--- End Message ---
--- Begin Message ---
Niels Thykier:
> Control: tags -1 moreinfo
> 
> Thomas Goirand:
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian@packages.debian.org
>> Usertags: unblock
>>
>> Dear release team,
>>
>> CVE-2017-2592 was reported against python-oslo.middleware/3.19.0-2. We need
>> python-oslo.middleware/3.19.0-3 in Stretch fast.
>>
>> Please override the urgency to 5 days, so that this CVE fix can migrate
>> faster.
>>
>> Cheers,
>>
>> Thomas Goirand (zigo)
>>
> 
> The version has not been uploaded and accepted yet, so there is nothing
> for us to do atm.
> 
> ~Niels
> 

Done, but please let this be the last upload bumping debhelper compat
and targets stretch.

Thanks,
~Niels--- End Message ---

Bug#853809: unblock: e2fsprogs/1.43.4-2

2017-01-31 Thread Theodore Y. Ts'o 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package e2fsprogs

1.43.4 is the new upstream version of e2fsprogs which fixes a RC bug
(#840733: e2fsprogs contains non-free file).  n.b., the non-free file is
only used in a regression test and isn't actually included in any
binary.  There are also a number of important bug fixes that I'd really
like to get into stretch.  See the debian changelog or [1] for more
details.

[1] http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.43.4

Note: there is a udeb involved since this will also require a d-i
release manager unblock.  I'm unclear whether there is a separate
process for requesting that particlar unblock.  Please advise.

I just uploaded 1.43.4-2 to sid today, so it will be five days old when
the Stretch Freeze hits.  So I'm filing this bug now as a heads up,
since unless the release schedule slips, this isn't going to meet the
mandatory 10 day delay which was announced in December.


Files in second .deb but not in first
-
-rw-r--r--  root/root   /usr/share/locale/fi/LC_MESSAGES/e2fsprogs.mo
-rw-r--r--  root/root   /usr/share/locale/ms/LC_MESSAGES/e2fsprogs.mo

Files in first .deb but not in second
-
lrwxrwxrwx  root/root   /sbin/fsck.ext4dev -> e2fsck
lrwxrwxrwx  root/root   /sbin/mkfs.ext4dev -> mke2fs
lrwxrwxrwx  root/root   /usr/share/man/man8/fsck.ext4dev.8.gz -> e2fsck.8.gz
lrwxrwxrwx  root/root   /usr/share/man/man8/mkfs.ext4dev.8.gz -> mke2fs.8.gz

Control files: lines which differ (wdiff format)

Installed-Size: [-3851-] {+4022+}
Pre-Depends: e2fslibs (= [-1.43.3-1),-] {+1.43.4-2),+} libblkid1 (>= 2.17.2), 
libc6 (>= 2.14), libcomerr2 (>= 1.42~WIP-2011-10-05-1), libss2 (>= 1.34-1), 
libuuid1 (>= 2.16), util-linux (>= 2.15~rc1-1)
Version: [-1.43.3-1-] {+1.43.4-2+}

unblock e2fsprogs/1.43.4-2

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (650, 'testing'), (600, 'unstable-debug'), (600, 'unstable'), 
(500, 'testing-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-00090-g3a45c5c (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#853808: unblock: ora2pg/18.0-1

2017-01-31 Thread gustavo panizzo 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ora2pg

Hello,
I've uploaded a new version of ora2pg to experimental, it is a new
upstream release which allows us to ship it as part of main instead of
contrib as it no longer depends on Oracle libraries

It has the same dependencies as the previous version, 17.6-1 already on
sid

thanks

unblock ora2pg/18.0-1

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (900, 'testing'), (300, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#851250: marked as done (transition: mysql-5.7)

2017-01-31 Thread Debian Bug Tracking System 
Your message dated Tue, 31 Jan 2017 22:47:24 +0100
with message-id 
and subject line Re: Bug#851250: transition: mysql-5.7
has caused the Debian Bug report #851250,
regarding transition: mysql-5.7
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
851250: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851250
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Hi,

please set up a tracker for the mysql-5.6 to mysql-5.7 transition. Even
if mysql-5.7 won't go to testing, it will be good to see if mysql-5.6
(and thus libmysqlclient18) can be removed from unstable.

Ben file:

title = "mysql-5.7";
is_affected = .depends ~ /libmysqlclient[12]/;
is_good = .depends ~ /libmysqlclient20/;
is_bad = .depends ~ /libmysqlclient1/;

Andreas
--- End Message ---
--- Begin Message ---
On 13/01/17 12:36, Andreas Beckmann wrote:
> On 2017-01-13 12:23, Emilio Pozuelo Monfort wrote:
>> That tracker is bad. We already have:
>>
>> https://release.debian.org/transitions/html/mariadb.html
> 
> Ideally that tracker would go all-green at some point and the proposed
> mysql-5.7 tracker would be empty (except for mysql-x.y) in that case.
> But as it was discussed there might be packages explicitly requiring the
> oracle implementation - they would always be red in the mariadb tracker
> without distinguishing between good (-5.7) and bad (-5.6).

mysql-5.6 is gone from testing and sid. Let's close this.

Cheers,
Emilio--- End Message ---

Bug#853286: marked as done (unblock: ruby-minitar/0.5.4-3.1)

2017-01-31 Thread Debian Bug Tracking System 
Your message dated Tue, 31 Jan 2017 20:40:00 +
with message-id <51288802-e93b-486f-b2f2-e3b5af1f9...@thykier.net>
and subject line Re: Bug#853286: unblock: ruby-minitar/0.5.4-3.1
has caused the Debian Bug report #853286,
regarding unblock: ruby-minitar/0.5.4-3.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
853286: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853286
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ruby-minitar

CVE-2016-10173 has been fixed with the update.

See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853075
And diff:
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=853075;filename=ruby-minitar-0.5.4-3.1-nmu.diff;msg=10

unblock ruby-minitar/0.5.4-3.1

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Markus Frosch:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package ruby-minitar
> 
> CVE-2016-10173 has been fixed with the update.
> 
> See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853075
> And diff:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=853075;filename=ruby-minitar-0.5.4-3.1-nmu.diff;msg=10
> 
> unblock ruby-minitar/0.5.4-3.1
> 
> [...]

Unblocked and aged, thanks.

~Niels--- End Message ---

Bug#853289: marked as done (unblock: beets/1.3.19-2.1)

2017-01-31 Thread Debian Bug Tracking System 
Your message dated Tue, 31 Jan 2017 20:39:00 +
with message-id 
and subject line Re: Bug#853289: unblock: beets/1.3.19-2.1
has caused the Debian Bug report #853289,
regarding unblock: beets/1.3.19-2.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
853289: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853289
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package beets. This fixes one reported FTBFS due to
test failures with newer python-mutagen (#851016), and one unreported
FTBFS due to a different test failure with newer python-mutagen
(previously masked by the other failure), by backporting upstream fixes.

unblock beets/1.3.19-2.1

Regards,
S
diffstat for beets-1.3.19 beets-1.3.19

 changelog  |   14 
 control|4 
 patches/Test-true-FLAC-bitrate-from-Mutagen-1.35.patch |   24 +
 patches/mediafile-Cleanup-mutagen-error-handling.patch |  241 +
 patches/series |2 
 5 files changed, 283 insertions(+), 2 deletions(-)

diff -Nru beets-1.3.19/debian/changelog beets-1.3.19/debian/changelog
--- beets-1.3.19/debian/changelog	2016-08-30 06:07:14.0 +0100
+++ beets-1.3.19/debian/changelog	2017-01-23 09:41:08.0 +
@@ -1,3 +1,17 @@
+beets (1.3.19-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * d/p/mediafile-Cleanup-mutagen-error-handling.patch:
+Add patch backported from upstream to update exception handling for
+python-mutagen >= 1.33. This fixes a test failure and
+FTBFS (Closes: #851016)
+  * d/p/Test-true-FLAC-bitrate-from-Mutagen-1.35.patch:
+Add patch backported from upstream to fix a failing test with
+python-mutagen >= 1.35
+- d/control: depend and build-depend on a compatible version
+
+ -- Simon McVittie   Mon, 23 Jan 2017 09:41:08 +
+
 beets (1.3.19-2) unstable; urgency=medium
 
   * Fix occasional FTBFS due to lack of mock cleanup. Thanks Santiago Vila.
diff -Nru beets-1.3.19/debian/control beets-1.3.19/debian/control
--- beets-1.3.19/debian/control	2016-08-30 04:40:16.0 +0100
+++ beets-1.3.19/debian/control	2017-01-23 09:41:08.0 +
@@ -17,7 +17,7 @@
  python-mpd,
  python-munkres,
  python-musicbrainzngs (>= 0.4),
- python-mutagen (>= 1.27),
+ python-mutagen (>= 1.35),
  python-pathlib,
  python-pylast,
  python-rarfile,
@@ -41,7 +41,7 @@
  libjs-underscore,
  python-enum34,
  python-musicbrainzngs (>= 0.4),
- python-mutagen (>= 1.21),
+ python-mutagen (>= 1.35),
  python-pkg-resources,
  ${misc:Depends},
  ${python:Depends}
diff -Nru beets-1.3.19/debian/patches/mediafile-Cleanup-mutagen-error-handling.patch beets-1.3.19/debian/patches/mediafile-Cleanup-mutagen-error-handling.patch
--- beets-1.3.19/debian/patches/mediafile-Cleanup-mutagen-error-handling.patch	1970-01-01 01:00:00.0 +0100
+++ beets-1.3.19/debian/patches/mediafile-Cleanup-mutagen-error-handling.patch	2017-01-23 09:41:08.0 +
@@ -0,0 +1,241 @@
+From: Christoph Reiter 
+Date: Mon, 27 Jun 2016 09:43:48 +0200
+Subject: mediafile: Cleanup mutagen error handling
+
+Instead of the individial mutagen format exceptions use the
+mutagen.MutagenError exception introduced in 1.25.
+
+Since 1.33 mutagen will only raise MutagenError for load/save/delete
+and no longer raise IOError. Translate both errors to UnreadableFileError
+to support older and newer mutagen versions. Unify error handling
+in __init__(), save() and delete().
+
+Since it's no longer possible to get an IOError from MediaFile, adjust
+all callers and tests accordingly.
+
+This was tested with mutagen 1.27 and current mutagen master.
+
+[smcv: backported to 1.3.19 by replacing six.text_type with unicode]
+
+Origin: upstream, 1.4.1, commit:629241efd389bea7b4075f2591a06f2ef462dc82
+---
+ beets/library.py   |  8 +++
+ beets/mediafile.py | 65 +++---
+ beetsplug/scrub.py | 13 ++
+ test/test_mediafile.py | 23 +-
+ 4 files changed, 64 insertions(+), 45 deletions(-)
+
+diff --git a/beets/library.py b/beets/library.py
+index 3450a35a..70fff1a7 100644
+--- a/beets/library.py
 b/beets/library.py
+@@ -25,7 +25,7 @@ import re
+ from unidecode import unidecode
+ 
+ from beets import logging
+-from beets.mediafile

Bug#853469: marked as done (unblock: libarchive/3.2.1-6)

2017-01-31 Thread Debian Bug Tracking System 
Your message dated Tue, 31 Jan 2017 20:34:00 +
with message-id 
and subject line Re: Bug#853469: unblock: libarchive/3.2.1-6
has caused the Debian Bug report #853469,
regarding unblock: libarchive/3.2.1-6
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
853469: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853469
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package libarchive

Fixes CVE-2017-5601 by cherry-picking a single upstream commit.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853278

unblock libarchive/3.2.1-6

-- System Information:
Debian Release: 9.0
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff --git a/debian/changelog b/debian/changelog
index e1386ce6..289df2d0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+libarchive (3.2.1-6) unstable; urgency=medium
+
+  * Add 
debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
+- Cherry-pick upstream commit 98dcbbf0bf4854bf987557
+  "Fail with negative lha->compsize in lha_read_file_header_1()"
+  Secunia SA74169, CVE-2017-5601 (Closes: #853278)
+
+ -- Andreas Henriksson   Tue, 31 Jan 2017 10:25:56 +0100
+
 libarchive (3.2.1-5) unstable; urgency=medium
 
   * Cherry-pick upstream commits 7f17c791, eec077f5, e37b620f
diff --git 
a/debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
 
b/debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
new file mode 100644
index ..3b35e267
--- /dev/null
+++ 
b/debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
@@ -0,0 +1,23 @@
+From: Martin Matuska 
+Date: Thu, 19 Jan 2017 22:00:18 +0100
+Subject: Fail with negative lha->compsize in lha_read_file_header_1() Fixes a
+ heap buffer overflow reported in Secunia SA74169
+
+---
+ libarchive/archive_read_support_format_lha.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_lha.c 
b/libarchive/archive_read_support_format_lha.c
+index c359d83e..1a5617fa 100644
+--- a/libarchive/archive_read_support_format_lha.c
 b/libarchive/archive_read_support_format_lha.c
+@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha 
*lha)
+   /* Get a real compressed file size. */
+   lha->compsize -= extdsize - 2;
+ 
++  if (lha->compsize < 0)
++  goto invalid;   /* Invalid compressed file size */
++
+   if (sum_calculated != headersum) {
+   archive_set_error(>archive, ARCHIVE_ERRNO_MISC,
+   "LHa header sum error");
diff --git a/debian/patches/series b/debian/patches/series
index 24a6b0a7..68f4950f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,3 +11,4 @@ Correct-the-usage-of-PATH_MAX-as-reported-in-Issue-744.patch
 Issue-761-Heap-overflow-reading-corrupted-7Zip-files.patch
 Issue-747-and-others-Avoid-OOB-read-when-parsing-multiple.patch
 Issue-767-Buffer-overflow-printing-a-filename.patch
+Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
--- End Message ---
--- Begin Message ---
Andreas Henriksson:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package libarchive
> 
> Fixes CVE-2017-5601 by cherry-picking a single upstream commit.
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853278
> 
> unblock libarchive/3.2.1-6
> 
> [...]

Unblocked and aged, thanks.

~Niels--- End Message ---

Bug#853280: marked as done (unblock: simple-cdd/0.6.4)

2017-01-31 Thread Debian Bug Tracking System 
Your message dated Tue, 31 Jan 2017 20:32:00 +
with message-id 
and subject line Re: Bug#853280: unblock: simple-cdd/0.6.4
has caused the Debian Bug report #853280,
regarding unblock: simple-cdd/0.6.4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
853280: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853280
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: debian-b...@lists.debian.org, 
simple-cdd-de...@lists.alioth.debian.org

Please unblock package simple-cdd

The source package simple-cdd appears to be blocked due to the
simple-cdd-profiles udeb. This udeb is not used by debian-installer by
default, and the udeb hasn't changed at all since the version
currently in testing.

The new version fixes an issue in boolean handling treating any
specified value, including "false", as if it were True. It also fixes
a compatibility issue with newer versions of debian-cd. And also
supports the BOOT_TIMEOUT variable for generated CD images that use
grub2.

Thanks!

debdiff attached.

live well,
  vagrant

diff -Nru simple-cdd-0.6.3/build-simple-cdd simple-cdd-0.6.4/build-simple-cdd
--- simple-cdd-0.6.3/build-simple-cdd	2016-11-27 17:05:05.0 -0800
+++ simple-cdd-0.6.4/build-simple-cdd	2017-01-16 13:40:32.0 -0800
@@ -111,13 +111,14 @@
 for pathname in self.find_profile_files(p + ".conf"):
 self.env.read_config_file(pathname)
 
-# Set default values for various mirrors
-if not self.env.get("security_mirror") and self.env.get("use_security_mirror"):
-self.env.set("security_mirror", "http://security.debian.org/;)
-if not self.env.get("updates_mirror") and self.env.get("use_updates_mirror"):
-self.env.set("updates_mirror", self.env.get("debian_mirror"))
-if not self.env.get("backports_mirror") and self.env.get("backports"):
-self.env.set("backports_mirror", self.env.get("debian_mirror"))
+# Disable security and updates mirrors for sid, as they do not exist.
+if self.env.get("CODENAME") == "sid":
+if self.env.get("security_mirror"):
+log.info("Disabling security mirror for sid.")
+self.env.set("security_mirror", "")
+if self.env.get("updates_mirror"):
+log.info("Disabling updates mirror for sid.")
+self.env.set("updates_mirror", "")
 
 # Set defaults for debian-cd CONTRIB and NONFREE variables based on configured mirror components.
 for component in self.env.get("mirror_components") + self.env.get("mirror_components_extra"):
@@ -172,9 +173,9 @@
 for p in self.env.get("preseed_files"):
 if verify_preseed_file(p): continue
 if self.args.force_preseed:
-log.warn("preseed file invalid: %s", pathname)
+log.warn("preseed file invalid: %s", p)
 else:
-raise Fail("preseed file invalid: %s", pathname)
+raise Fail("preseed file invalid: %s", p)
 
 
 def paranoid_checks(self):
diff -Nru simple-cdd-0.6.3/debian/changelog simple-cdd-0.6.4/debian/changelog
--- simple-cdd-0.6.3/debian/changelog	2016-11-27 18:40:54.0 -0800
+++ simple-cdd-0.6.4/debian/changelog	2017-01-17 15:10:07.0 -0800
@@ -1,3 +1,20 @@
+simple-cdd (0.6.4) unstable; urgency=medium
+
+  [ Vagrant Cascadian ]
+  * tools/build/debian-cd: Set wget variable, which is used to download
+d-i daily images.
+  * Default to enabling security and updates mirrors, and remove
+use_*_mirror booleans.
+
+  [ Boskovits, Gabriel ]
+  * Add patch to support BOOT_TIMEOUT with grub2.
+
+  [ Enrico Zini ]
+  * Tested reading booleans from .conf files, and fixed parsing their
+values.
+
+ -- Vagrant Cascadian   Tue, 17 Jan 2017 15:10:07 -0800
+
 simple-cdd (0.6.3) unstable; urgency=medium
 
   * Move setting of debian-cd CONTRIB/NONFREE after setting variables from
diff -Nru simple-cdd-0.6.3/simple_cdd/env.py simple-cdd-0.6.4/simple_cdd/env.py
--- simple-cdd-0.6.3/simple_cdd/env.py	2016-11-27 17:05:05.0 -0800
+++ simple-cdd-0.6.4/simple_cdd/env.py	2017-01-16 14:23:24.0 -0800
@@ -158,7 +158,7 @@
 if isinstance(self.default, bool):
 bval = self.default
 else:
-bval = bool(super().default_to_string())
+bval = super().default_to_string() == "true"

Processed (with 1 error): ipmitool

2017-01-31 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> clone 828352 -1
Bug #828352 [src:ipmitool] ipmitool: FTBFS with openssl 1.1.0
Bug 828352 cloned as bug 853782
827061 was blocked by: 828536 828428 828300 844234 828448 828518 828430 828351 
828310 828400 828325 828566 828559 828497 828456 828367 844345 828333 828550 
828292 844945 828411 828590 844018 844271 828500 835804 828599 828489 828320 
828374 844663 836419 828597 844833 828289 846769 828512 828455 828281 828473 
828253 828229 828082 828378 850882 828272 835811 828463 828083 828482 844815 
828586 828282 828319 828343 828335 828554 828502 829465 850883 828514 828508 
828376 844366 828598 808669 828231 828240 828287 844706 828610 828283 835790 
828474 828605 828341 828381 828533 828487 828264 828452 828570 828313 828302 
835789 844664 828525 828592 828286 828479 850880 828347 828352 828316 828601 
828412 828530 828507 828370 828426 828587 835786 828388 828375 828256 828588 
843852 828438 844838 828355 828382 828458 828307 828546 828345 828466 828232 
828583 828563 828576 828504 828499 828331 828468 844948 828330 828389 843532 
828336 845106 828462 835549 828360 828492 828243 828579 828591 828326 828416 
828433 828239 828261 828531 828609 828269 828465 828574 828383 828404 828328 
828324 828365 828322 828337 828323 828303 828490 828440 828472 828509 828575 
828354 828415 828457 828548 828396 835585 844503 828616 828604 844928 828268 
828403 835794 846113 828549 828447 828290 828519 828291 845030 828555 828262 
828350 844916 828442 828364 828427 828461 828561 843682 835785 828510 835793 
828293 844906 828529 828552 828503 828346 828309 828435 828565 828127 828562 
828439 828545 828278 828392 828419 828582 828496 837960 844870 835796 828321 
828568 828585 828491 828613 845729 828342 828371 828257 844947 828527 828407 
828420 828537 844836 828450 844949 828414 828470 828362 828270 828443 828543 
828603 843871 828534 828571 828361 828397 828359 841635 828334 828558 828532 
828480 828567 828608 828521 828235 814600 844877 828431 828551 828535 829452 
828402 828379 828249 828405 828401 828296 828339 828606 828228 828453 844311 
828386 844920 828526 828255 828506 828258 828295 828271 828399 828391 828288 
828250 828394 809271 822380 828294 828445 828274 828238 828417 828259 828429 
828444 828390 828578 828385 828338 828276 828454 844926 828459 828538 828594 
828318 828246 828406 828398 828612 828344 844936 828317 828284 828523 828434 
844975 828614 828242 828340 828620 828584 828476 828372 828619 828267 828384 
828484 828418 828437 828488 828493 828280 828348 850881 828395 828600 828304 
828305 828617 828233 828252 828263 828139 828265 828460 845016 828539 828366 
828556 828516 828315 828234 828423 844347 828517 828589 828248 835798 828363 
844254 828611 828501 844301 843988 828285 828547 828369 828356 828377 828432 
844800 828410 828494 844213 828297 828308 828237 828478 844951 828602 828469 
828528 828298 828306 844904 828349 828615 828553 828524 828540 828569 828373 
844845 828573 828464 828511 828564 828260 828436 828409 828301 828314 828279 
828275 828541 844907 828515 835797 844909 828311 828424 828581 828244 828277 
828254 828595 828544 828368 828593 844534 828251 835800 828393 828596 827068 
828467 828580 828380 828577 835799 828542 828607 828422 828387 828241 828485 
828446 828495 828230 828618 828505 828421 828358 844931 828357
827061 was not blocking any bugs.
Added blocking bug(s) of 827061: 853782
> fixed 828352 1.8.18-2
Bug #828352 [src:ipmitool] ipmitool: FTBFS with openssl 1.1.0
Marked as fixed in versions ipmitool/1.8.18-2.
> close 828352
Bug #828352 [src:ipmitool] ipmitool: FTBFS with openssl 1.1.0
Marked Bug as done
> archive 828352
Bug #828352 {Done: Sebastian Andrzej Siewior } 
[src:ipmitool] ipmitool: FTBFS with openssl 1.1.0
archived 828352 to archive/52 (from 828352)
> reopen -1
Bug #853782 [src:ipmitool] ipmitool: FTBFS with openssl 1.1.0
Bug 853782 is not marked as done; doing nothing.
> retitle -1 ipmitool: Please migrate to openssl1.1 in buster
Bug #853782 [src:ipmitool] ipmitool: FTBFS with openssl 1.1.0
Changed Bug title to 'ipmitool: Please migrate to openssl1.1 in buster' from 
'ipmitool: FTBFS with openssl 1.1.0'.
> unblock 827061 with -1
Bug #827061 [release.debian.org] transition: openssl
827061 was blocked by: 828406 828238 828562 828504 835785 828596 828453 828564 
828443 828511 828364 828251 828271 828306 828593 828229 828506 828550 828234 
828597 828296 828303 828351 828601 828379 828508 828603 828445 828396 828283 
828599 828474 828405 844920 828293 828489 828553 828335 828358 844254 828399 
828516 828434 828267 850882 828509 835798 835797 828360 828530 828591 828387 
828300 828276 828465 844907 822380 828318 828426 828356 828495 828456 828542 
828545 828554 828447 828576 828583 828371 828505 828574 843682 828257 828289 
828561 829452 845729 828272 835811 828606 828533 828392 828314 828233 808669 
828417 828292 828409 828569 828472 844234 843988 828339 844909 844311 844945 
845016 828288

Bug#853760: marked as done (unblock: bzip2/1.0.6-8.1)

2017-01-31 Thread Debian Bug Tracking System 
Your message dated Tue, 31 Jan 2017 20:29:00 +
with message-id 
and subject line Re: Bug#853760: unblock: bzip2/1.0.6-8.1
has caused the Debian Bug report #853760,
regarding unblock: bzip2/1.0.6-8.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
853760: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853760
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi

Please unblock package bzip2

Ben Hutchings fixed #827744 (CVE-2016-3189) for bzip2 via a NMU to
unstable. Could you please unblock bzip2 to have the fix included in
stretch.

Changelog:

>bzip2 (1.0.6-8.1) unstable; urgency=medium
>
>  * Non-maintainer upload.
>  * bzip2recover: Fix potential use-after-free, Closes: #827744 (CVE-2016-3189)
>
> -- Ben Hutchings   Sun, 29 Jan 2017 18:30:31 +

unblock bzip2/1.0.6-8.1

Attached is the debdiff against the version currently in testing.

Regards,
Salvatore
diff -Nru bzip2-1.0.6/debian/changelog bzip2-1.0.6/debian/changelog
--- bzip2-1.0.6/debian/changelog2015-05-19 21:37:53.0 +0200
+++ bzip2-1.0.6/debian/changelog2017-01-29 19:30:31.0 +0100
@@ -1,3 +1,10 @@
+bzip2 (1.0.6-8.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * bzip2recover: Fix potential use-after-free, Closes: #827744 (CVE-2016-3189)
+
+ -- Ben Hutchings   Sun, 29 Jan 2017 18:30:31 +
+
 bzip2 (1.0.6-8) unstable; urgency=medium
 
   * Remove Jorge Ernesto Guevara Cuenca from Uploaders, as agreed with him.
diff -Nru bzip2-1.0.6/debian/patches/bzip2recover-CVE-2016-3189.patch 
bzip2-1.0.6/debian/patches/bzip2recover-CVE-2016-3189.patch
--- bzip2-1.0.6/debian/patches/bzip2recover-CVE-2016-3189.patch 1970-01-01 
01:00:00.0 +0100
+++ bzip2-1.0.6/debian/patches/bzip2recover-CVE-2016-3189.patch 2017-01-29 
19:30:31.0 +0100
@@ -0,0 +1,17 @@
+Author: Jakub Martisko 
+Date: Wed, 30 Mar 2016 10:22:27 +0200
+Description: bzip2recover: Fix potential use-after-free
+Origin: https://bugzilla.redhat.com/attachment.cgi?id=1169843=edit
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2016-3189
+Bug-Debian: https://bugs.debian.org/827744
+
+--- a/bzip2recover.c
 b/bzip2recover.c
+@@ -472,6 +472,7 @@ Int32 main ( Int32 argc, Char** argv )
+ bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
+ bsPutUInt32 ( bsWr, blockCRC );
+ bsClose ( bsWr );
++outFile = NULL;
+  }
+  if (wrBlock >= rbCtr) break;
+  wrBlock++;
diff -Nru bzip2-1.0.6/debian/patches/series bzip2-1.0.6/debian/patches/series
--- bzip2-1.0.6/debian/patches/series   2014-07-26 17:46:24.0 +0200
+++ bzip2-1.0.6/debian/patches/series   2017-01-29 19:30:31.0 +0100
@@ -1,3 +1,4 @@
 10-bzip2.1.patch
 20-legacy.patch
 30-bzip2-harden.patch
+bzip2recover-CVE-2016-3189.patch
--- End Message ---
--- Begin Message ---
Salvatore Bonaccorso:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Hi
> 
> Please unblock package bzip2
> 
> Ben Hutchings fixed #827744 (CVE-2016-3189) for bzip2 via a NMU to
> unstable. Could you please unblock bzip2 to have the fix included in
> stretch.
> 
> Changelog:
> 
>> bzip2 (1.0.6-8.1) unstable; urgency=medium
>>
>>  * Non-maintainer upload.
>>  * bzip2recover: Fix potential use-after-free, Closes: #827744 
>> (CVE-2016-3189)
>>
>> -- Ben Hutchings   Sun, 29 Jan 2017 18:30:31 +
> 
> unblock bzip2/1.0.6-8.1
> 
> Attached is the debdiff against the version currently in testing.
> 
> Regards,
> Salvatore
> 

Unblocked, thanks.

~Niels--- End Message ---

Processed: net-snmp will stay with 1.0 for stretch

2017-01-31 Thread Debian Bug Tracking System 
Processing control commands:

> retitle -1 net-snmp: Please migrate to openssl1.1 in buster
Bug #828449 [src:net-snmp] net-snmp: FTBFS with openssl 1.1.0
Changed Bug title to 'net-snmp: Please migrate to openssl1.1 in buster' from 
'net-snmp: FTBFS with openssl 1.1.0'.
> unblock 827061 with -1
Bug #827061 [release.debian.org] transition: openssl
827061 was blocked by: 828243 844234 809271 828482 828592 828397 828528 828453 
828492 828550 828556 828363 828322 828533 828377 828606 828238 828437 828584 
828545 828250 835799 828596 828538 828542 828349 828359 828303 828269 828319 
828618 844347 828583 828515 828574 828275 828503 828422 828343 828537 828424 
828585 828311 828316 828512 828563 828272 845016 843871 828344 844951 828452 
828543 828365 844907 828590 844254 844975 844800 828420 850883 828577 844836 
828613 828409 828323 828240 828241 828614 828372 828598 828367 828376 828294 
850881 828390 828599 844845 828358 844916 829465 828360 828310 844838 828309 
828229 844366 828350 828484 828565 828380 828479 828391 828346 828258 844018 
828438 828288 828231 828330 828375 828393 828267 828354 828315 828383 828567 
835789 828280 828127 827068 828570 828443 828595 828564 828587 828576 828547 
828551 828304 844948 828410 844213 844906 828307 828442 828252 828421 828239 
835549 828234 828559 828139 828491 844926 828497 828610 828292 828430 844534 
844271 828318 828456 828489 828493 844311 828582 828233 828605 828362 828418 
835811 828573 828415 828620 828532 828394 828287 828468 828454 828242 844877 
828505 844833 828386 828523 828276 828373 835793 835785 843532 828251 828371 
828459 828248 828588 828578 828526 828603 828324 828352 828602 828396 828549 
828083 828412 828455 828340 828392 828499 828369 828569 828524 828265 828259 
828293 828616 828464 835798 828270 843988 828615 828268 844870 828535 828562 
828427 844920 844663 828500 828345 828255 828405 828447 828290 828536 828347 
828274 828348 843852 828501 828593 828277 828257 828579 844928 828504 828368 
828566 828228 828552 828283 828466 828328 828470 828291 828518 828586 828444 
828457 835790 835804 828575 837960 828476 828494 828541 828436 846113 822380 
828301 845729 828417 828488 828295 828527 828296 828460 828406 828448 828510 
828485 828253 829452 844909 828334 828458 828082 828591 828374 828399 845030 
844931 828298 828338 828235 828402 828416 844904 835794 828431 828534 828256 
828357 828403 828364 828612 828264 828289 835786 828473 828514 828581 828285 
828370 828254 828333 828506 828554 828398 828428 828331 828589 844301 828580 
828326 828282 828351 850882 828382 828529 828469 828449 828429 828355 835800 
828302 828519 828517 828555 828426 828261 828337 828434 844345 828361 828450 
828432 828540 828407 828400 828601 828553 828544 828480 828609 828509 828342 
835585 828508 828461 828608 828230 828381 835797 828401 828439 828446 828571 
828336 828414 828568 828284 844706 828531 814600 828511 850880 828435 844945 
828617 828604 828474 828378 828321 828478 828561 828341 828423 828366 835796 
828305 828419 828395 828487 828490 828244 828260 828308 828271 828385 828404 
828286 828521 828619 828263 828356 828611 828339 828313 828558 828281 828525 
836419 845106 844947 828297 828237 844949 828539 828462 828496 828306 828335 
828607 828463 828530 828507 828389 828262 828232 828445 828548 808669 843682 
828388 828433 828502 844503 828246 828472 828249 828278 844664 828300 828465 
828411 828387 828467 828320 828597 828314 828516 844936 828594 828325 828600 
828546 828379 841635 846769 828279 828440 828495 828317 844815 828384
827061 was not blocking any bugs.
Removed blocking bug(s) of 827061: 828449

-- 
827061: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827061
828449: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828449
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: libradsec

2017-01-31 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> # libradsec
> retitle 848681 libradsec: Please migrate to openssl1.1 in buster
Bug #848681 [src:libradsec] Patch to work with Openssl 1.1.0
Changed Bug title to 'libradsec: Please migrate to openssl1.1 in buster' from 
'Patch to work with Openssl 1.1.0'.
> unblock 827061 with 848681
Bug #827061 [release.debian.org] transition: openssl
827061 was blocked by: 828294 828505 828436 828515 828232 828439 828231 828428 
828530 828360 828239 828585 835793 828370 845016 828311 808669 828602 828542 
828509 828554 828464 841635 828453 837960 828444 828401 828407 828357 828603 
828354 844800 828516 828411 844920 828470 828597 828315 828561 828607 828510 
828524 835549 828358 844234 828420 844945 828359 828577 828491 828600 828390 
844345 828269 828324 828588 828567 843871 828467 828497 843682 845030 828365 
828555 828507 844815 828323 828282 828379 828489 828482 828616 828270 828397 
814600 828334 850882 844877 828429 828387 828461 828620 828302 828385 828619 
828295 844909 828553 828241 828504 828419 828267 828347 844838 828570 828274 
828479 828277 828371 844311 828526 828575 844936 828528 828286 828609 828574 
828258 828336 828591 828541 828384 828283 828447 828427 828476 828534 828608 
828402 828582 828331 828276 828275 828437 828372 828243 844213 828446 828289 
828412 828484 844975 828229 844947 828594 828386 828314 848681 844301 828496 
850881 828298 828562 828395 828423 828351 828605 828502 828445 828468 828546 
828493 828415 828617 828280 828393 828291 828519 828139 835785 828432 828369 
828391 828287 835798 828321 844836 828406 835799 828593 828527 828556 828615 
828416 828580 828352 835790 828256 828082 828614 828361 828394 828499 828297 
828424 828237 828494 828320 844018 828377 828296 844926 828389 828596 828535 
828375 828398 828452 828362 828587 828381 828380 828456 846769 828517 828127 
828430 828529 828228 828316 828383 828335 828259 828368 828382 828264 844949 
828281 828457 828568 844663 844931 828248 828293 828487 835804 828255 828306 
828346 828262 828252 844948 828249 828330 828474 828480 828442 828518 844904 
828290 828514 828367 828606 828495 828378 828508 828319 843532 828265 828307 
844951 828539 828512 846113 828448 828310 828443 828328 828610 822380 828469 
828409 828305 828438 828284 828455 809271 828435 828341 835797 828399 828318 
828544 828260 828590 828462 828350 828550 828478 828458 828611 828326 828434 
828589 828417 828304 828234 828533 844706 828244 828500 828279 828586 828240 
828465 828333 828547 828308 828364 828523 828490 828573 828301 828253 828613 
829465 828601 835796 828532 828492 828473 828460 844833 828558 850883 828344 
828396 828376 844906 828454 828583 828250 828317 828540 828506 850880 844845 
835794 844664 828356 844870 828418 828440 828348 828363 828569 828366 828300 
828564 828595 828466 828246 844503 828536 828521 828403 828268 828571 828355 
844347 828598 828579 844254 835811 828278 828345 828337 828584 828342 828303 
828392 828404 828083 828414 828576 828501 828374 828531 828472 828309 828288 
828263 828511 828548 828421 835786 844366 844271 845729 828343 828449 828235 
828388 828581 828405 828340 829452 828537 828450 828285 843852 828485 828410 
828612 828565 844928 836419 828578 828459 844916 843988 828271 828338 828400 
835800 828313 828566 828230 828543 828552 828272 828538 828257 828559 828604 
828433 828503 828261 828618 835585 828525 828339 828549 828431 845106 828463 
828325 844534 828233 828426 828373 828563 828551 835789 828545 828322 828592 
828349 828242 828488 828422 844907 828292 828238 828251 827068 828254 828599
827061 was not blocking any bugs.
Removed blocking bug(s) of 827061: 848681
> severity 848681 important
Bug #848681 [src:libradsec] libradsec: Please migrate to openssl1.1 in buster
Ignoring request to change severity of Bug 848681 to the same value.
> tags 848681 = sid buster
Bug #848681 [src:libradsec] libradsec: Please migrate to openssl1.1 in buster
Added tag(s) buster; removed tag(s) stretch and patch.
> usertag 848681 openssl-1.1-trans
User is sebast...@breakpoint.cc
There were no usertags set.
Usertags are now: openssl-1.1-trans.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
827061: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827061
848681: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848681
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed (with 1 error): libdigidoc

2017-01-31 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> # libdigidoc
> unarchive 828391
> clone 828391 -1
Bug #828391 [src:libdigidoc] libdigidoc: FTBFS with openssl 1.1.0
Bug 828391 cloned as bug 853778
827061 was blocked by: 828605 828341 828544 828553 828383 828231 828290 828296 
828256 828244 828365 828611 829465 844311 828427 828339 828488 828265 828444 
828317 828279 828340 828609 844926 828257 828414 828582 828577 850882 828551 
843988 828526 828395 828474 844213 828250 828559 828336 828440 828367 828564 
828374 828421 828436 828412 828478 828607 828445 828536 828271 828463 828555 
828390 828285 828308 828531 828476 835796 828418 828592 828391 828343 828434 
828262 828269 828378 828538 828561 828459 835786 844815 844877 828422 828242 
828464 828458 828394 828490 828388 828495 828424 828230 828406 828443 844845 
828467 828562 844664 828617 828461 844836 828442 850880 828542 828439 828348 
828309 828466 828370 828278 828506 828512 828382 828359 841635 828598 828235 
828479 828482 828251 828347 835790 835794 828411 844503 828338 828260 828407 
828254 828568 828276 828300 828280 828423 828448 828362 835804 844870 828351 
844936 828480 828363 828302 828400 828402 828608 828397 828404 844534 828524 
828540 828487 844706 835811 828616 829452 828618 835800 828417 828419 828438 
835585 828396 828364 828501 828502 828455 828431 828566 844018 828253 828614 
845106 828398 828576 828322 828547 828318 828548 828324 828535 837960 828355 
828509 828532 828581 828349 828516 828494 828499 844366 828593 828610 844906 
836419 844663 828615 828240 828546 844345 828465 828435 828255 828541 828258 
828313 828301 828228 828507 828554 828384 848681 828283 828372 828426 828586 
828514 828237 828447 828316 828389 828588 828571 844916 828345 828450 828127 
828303 828366 828380 828323 828619 828229 828534 845729 828354 844838 828537 
828263 828497 828585 828401 828248 828603 844920 846769 828530 846113 828453 
828580 844975 828342 828594 828333 835799 828368 828575 843852 828377 828589 
828325 828261 844271 828525 843532 828246 828567 835798 828291 828602 828275 
828612 828268 844931 828493 828599 828288 828379 828587 828601 828304 828369 
828550 828584 844904 828484 828381 828429 828432 828549 828358 843682 828371 
828375 828321 828376 828523 828243 828433 828252 843871 828287 828259 828297 
828286 828503 828270 828241 828591 828139 844833 828613 828570 828469 828405 
828462 828319 828505 828232 828595 828563 844301 828385 828620 844907 844945 
828314 828392 828315 828326 828331 828529 828234 828578 828508 828249 828387 
808669 828457 828310 828281 828361 850881 828264 828533 828510 828428 828335 
828460 828306 844947 828307 828267 828517 828356 828511 844909 828295 828527 
828289 835793 828596 828409 828373 828496 828346 828292 828357 828305 814600 
828491 828272 845030 828282 828274 828233 835549 828473 828515 835789 828350 
828569 828344 828565 828328 828416 828446 828573 828410 828294 828558 828472 
809271 828337 828239 828393 828352 828334 828311 828320 828521 828399 828489 
828456 828597 844949 828403 828519 835785 828504 828238 828583 828485 828604 
828277 828556 828500 828518 844948 828545 828579 835797 828574 844951 828449 
828454 828600 844347 828298 828590 828293 828284 828543 828539 850883 822380 
828437 828415 828470 845016 844800 844928 828082 828492 827068 828452 828386 
828420 828552 828606 844234 828360 828528 828083 828430 844254 828330 828468
827061 was not blocking any bugs.
Added blocking bug(s) of 827061: 853778
> fixed 828391 3.10.1.1208+ds1-2.1
Bug #828391 [src:libdigidoc] libdigidoc: FTBFS with openssl 1.1.0
Marked as fixed in versions libdigidoc/3.10.1.1208+ds1-2.1.
> close 828391
Bug #828391 [src:libdigidoc] libdigidoc: FTBFS with openssl 1.1.0
Marked Bug as done
> archive 828391
Bug #828391 {Done: Sebastian Andrzej Siewior } 
[src:libdigidoc] libdigidoc: FTBFS with openssl 1.1.0
archived 828391 to archive/91 (from 828391)
> reopen -1
Bug #853778 [src:libdigidoc] libdigidoc: FTBFS with openssl 1.1.0
Bug 853778 is not marked as done; doing nothing.
> retitle -1 libdigidoc: Please migrate to openssl1.1 in buster
Bug #853778 [src:libdigidoc] libdigidoc: FTBFS with openssl 1.1.0
Changed Bug title to 'libdigidoc: Please migrate to openssl1.1 in buster' from 
'libdigidoc: FTBFS with openssl 1.1.0'.
> unblock 827061 with -1
Bug #827061 [release.debian.org] transition: openssl
827061 was blocked by: 828447 828384 828283 828541 828258 828591 828336 828574 
828609 828528 828286 844936 828534 828476 828427 828347 828267 828504 828419 
828241 828553 828295 844909 828619 828302 828385 828575 828526 828277 844311 
828371 828274 828479 828570 844838 850882 828334 814600 828397 828270 828616 
828482 828489 828282 828379 828620 828461 828387 828429 844877 828497 843682 
828467 843871 828567 828588 844345 828324 828269 828390 828600 828491 828323 
844815 828555 828507 828365 845030 835549 828358 828510 828524 828607 828577 
844945 828359 828420 844234 828444 837960 828453 841635 828561 828315

Processed: Re: Bug#840643: jessie-pu: package cups/1.7.5-11+deb8u1

2017-01-31 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 -moreinfo
Bug #840643 [release.debian.org] jessie-pu: package cups/1.7.5-11+deb8u1
Removed tag(s) moreinfo.

-- 
840643: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840643
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#840643: jessie-pu: package cups/1.7.5-11+deb8u1

2017-01-31 Thread Didier 'OdyX' Raboud 
Control: tags -1 -moreinfo

Hi there Adam,

Le samedi, 28 janvier 2017, 17.15:32 h CET Adam D. Barratt a écrit :
> On Tue, 2016-12-20 at 09:20 +0100, Didier 'OdyX' Raboud wrote:
> > Le samedi, 17 décembre 2016, 11.38:59 h CET Julien Cristau a écrit :
> > > The debdiff is the one we tend to look at, but it looks like it was not
> > > attached.
> > 
> > Indeed, sorry. Here it comes.
> 
> +--- a/doc/help/ref-cupsd-conf.html.in
>  b/doc/help/ref-cupsd-conf.html.in
> +@@ -2004,23 +2004,23 @@
> + variable that should be passed to child processes.
> +
> +
> +-SSLListen
> ++SSLOptions
> +
> + Examples
> +
> + 
> +-SSLListen 127.0.0.1:443
> +-SSLListen 192.0.2.1:443
> ++SSLOptions 127.0.0.1:443
> ++SSLOptions 192.0.2.1:443
> + 
> 
> This looks wrong, as do the remainder of the changes to that hunk of the
> diff.

That's Ubuntu's patch as released in their 1.7.2-0ubuntu1.7 trusty-security 
upload from Nov 2015, fixing [LP:1505328], written by Bryan Quigley and 
reviewed by their security team member Marc Deslauriers. But they arguably 
missed that wrong documentation change, indeed.

Updated debdiff attached.

-- 
OdyX

[LP:1505328] https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1505328diff -Nru cups-1.7.5/debian/changelog cups-1.7.5/debian/changelog
--- cups-1.7.5/debian/changelog	2015-06-09 09:45:50.0 +0200
+++ cups-1.7.5/debian/changelog	2016-10-10 10:05:10.0 +0200
@@ -1,3 +1,13 @@
+cups (1.7.5-11+deb8u2) jessie-security; urgency=high
+
+  * Disable SSLv3 and RC4 by default to address POODLE vulnerability
+(Closes: #839226)
+- Implement SSLOptions to permit the use of AllowSSLv3 and AllowRC4
+  respectively
+  * Refresh patches
+
+ -- Didier Raboud   Mon, 10 Oct 2016 10:05:10 +0200
+
 cups (1.7.5-11+deb8u1) jessie-security; urgency=high
 
   * Import 1.7 upstream fix for CERT VU#810572: Privilege escalation through
diff -Nru cups-1.7.5/debian/patches/cupsd-idleexittimeout.patch cups-1.7.5/debian/patches/cupsd-idleexittimeout.patch
--- cups-1.7.5/debian/patches/cupsd-idleexittimeout.patch	2015-06-09 09:36:38.0 +0200
+++ cups-1.7.5/debian/patches/cupsd-idleexittimeout.patch	2016-10-10 10:05:10.0 +0200
@@ -27,7 +27,7 @@
LaunchdTimeout = 10;
 --- a/scheduler/conf.h
 +++ b/scheduler/conf.h
-@@ -246,6 +246,9 @@
+@@ -248,6 +248,9 @@
  	/* SSL/TLS options */
  #endif /* HAVE_SSL */
  
diff -Nru cups-1.7.5/debian/patches/cupsd-idleexittimeout-systemd.patch cups-1.7.5/debian/patches/cupsd-idleexittimeout-systemd.patch
--- cups-1.7.5/debian/patches/cupsd-idleexittimeout-systemd.patch	2015-06-09 09:36:38.0 +0200
+++ cups-1.7.5/debian/patches/cupsd-idleexittimeout-systemd.patch	2016-10-10 10:05:10.0 +0200
@@ -21,7 +21,7 @@
LaunchdTimeout = 10;
 --- a/scheduler/conf.h
 +++ b/scheduler/conf.h
-@@ -251,6 +251,9 @@
+@@ -253,6 +253,9 @@
  VAR int			IdleExitTimeout		VALUE(0);
  	/* Time after which an idle cupsd will exit */
  
@@ -51,7 +51,7 @@
  #endif /* HAVE_SYSTEMD */
 --- a/man/cupsd.conf.man.in
 +++ b/man/cupsd.conf.man.in
-@@ -521,6 +521,12 @@
+@@ -528,6 +528,12 @@
  "notify-events", "notify-pull-method", "notify-recipient-uri",
  "notify-subscriber-user-name", and "notify-user-data".
  .TP 5
diff -Nru cups-1.7.5/debian/patches/log-debug-history-nearly-unlimited.patch cups-1.7.5/debian/patches/log-debug-history-nearly-unlimited.patch
--- cups-1.7.5/debian/patches/log-debug-history-nearly-unlimited.patch	2015-06-09 09:36:38.0 +0200
+++ cups-1.7.5/debian/patches/log-debug-history-nearly-unlimited.patch	2016-10-10 10:05:10.0 +0200
@@ -13,7 +13,7 @@
LogTimeFormat= CUPSD_TIME_STANDARD;
 --- a/scheduler/conf.h
 +++ b/scheduler/conf.h
-@@ -166,7 +166,7 @@
+@@ -168,7 +168,7 @@
  	/* Allow overrides? */
  			ConfigFilePerm		VALUE(0640),
  	/* Permissions for config files */
diff -Nru cups-1.7.5/debian/patches/pidfile.patch cups-1.7.5/debian/patches/pidfile.patch
--- cups-1.7.5/debian/patches/pidfile.patch	2015-06-09 09:36:38.0 +0200
+++ cups-1.7.5/debian/patches/pidfile.patch	2016-10-10 10:05:10.0 +0200
@@ -24,7 +24,7 @@
  
if (!strcmp(CUPS_DEFAULT_PRINTCAP, "/etc/printers.conf"))
  PrintcapFormat = PRINTCAP_SOLARIS;
-@@ -,6 +3335,7 @@
+@@ -3370,6 +3372,7 @@
   !_cups_strcasecmp(line, "SystemGroup") ||
   !_cups_strcasecmp(line, "SystemGroupAuthKey") ||
   !_cups_strcasecmp(line, "TempDir") ||
@@ -34,7 +34,7 @@
cupsdLogMessage(CUPSD_LOG_INFO,
 --- a/scheduler/conf.h
 +++ b/scheduler/conf.h
-@@ -245,6 +245,8 @@
+@@ -247,6 +247,8 @@
  VAR int			SSLOptions		VALUE(CUPSD_SSL_NONE);
  	/* SSL/TLS options */
  #endif /* HAVE_SSL */
diff -Nru cups-1.7.5/debian/patches/read-embedded-options-from-incoming-postscript-and-add-to-ipp-attrs.patch cups-1.7.5/debian/patches/read-embedded-options-from-incoming-postscript-and-add-to-ipp-attrs.patch
---

Bug#853770: unblock: pyro4

2017-01-31 Thread Laszlo Boszormenyi (GCS) 
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock

Hi Release Team,

I don't want to hide that due to my mistake, pyro4 package migrated to
Stretch without the selectors34 dependency of python2-pyro4 even
packaged. It was only partly fixed with importing the selectors module
instead[1] - that fixes the client mode but the multiplexed server
still fails (the user have to change to the threadpool variant).

I see the following solutions:
1) Drop the python2 variant of Pyro4 and only ship the python3 one
   (worst case).
2) Allow the packaged selectors34 module[2] to Stretch (not yet
   uploaded) as it's an one file module.
3) Add the selectors34.py to the pyro4 package, debdiff to the Stretch
   version is attached.
4) Use the upstream commit not to fail with the import, but inform the
   user to switch to the threadpool variant with a RuntimeError[3]
   when using the Python 2 variant.

Which solution would be allowed for Stretch?

Thanks,
Laszlo/GCS
[1] https://bugs.debian.org/852245
[2] dget -x http://www.barcikacomp.hu/gcs/selectors34_1.1.0-1.dsc
[3] https://github.com/irmen/Pyro4/commit/edfdbb2ce4279d929b306d00ac8fb
c6543a0807bdiff -Nru pyro4-4.53/debian/changelog pyro4-4.53/debian/changelog
--- pyro4-4.53/debian/changelog	2017-01-06 12:45:50.0 +
+++ pyro4-4.53/debian/changelog	2017-01-31 16:56:26.0 +
@@ -1,3 +1,20 @@
+pyro4 (4.53-3) unstable; urgency=medium
+
+  * Add selectors34 to Python2 package for proper Python2 compatibility
+(closes: #852245).
+
+ -- Laszlo Boszormenyi (GCS)   Tue, 31 Jan 2017 16:56:26 +
+
+pyro4 (4.53-2) unstable; urgency=medium
+
+  * Rework Python version detection.
+  * Remove requires.txt from the installed files.
+
+  [ Marcin Kulisz  ]
+  * Fix Python2 compatibility (closes: #852245).
+
+ -- Laszlo Boszormenyi (GCS)   Mon, 23 Jan 2017 21:17:56 +
+
 pyro4 (4.53-1) unstable; urgency=low
 
   * New upstream release.
diff -Nru pyro4-4.53/debian/control pyro4-4.53/debian/control
--- pyro4-4.53/debian/control	2017-01-06 12:45:50.0 +
+++ pyro4-4.53/debian/control	2017-01-31 16:56:26.0 +
@@ -33,7 +33,7 @@
 
 Package: python2-pyro4
 Architecture: all
-Depends: python2-serpent (>= 1.16), ${misc:Depends}, ${python:Depends}
+Depends: python2-serpent (>= 1.16), python-six, ${misc:Depends}, ${python:Depends}
 Conflicts: python3-pyro4
 Replaces: python3-pyro4
 Suggests: pyro4-doc, pyro4
diff -Nru pyro4-4.53/debian/copyright pyro4-4.53/debian/copyright
--- pyro4-4.53/debian/copyright	2013-07-10 18:22:45.0 +
+++ pyro4-4.53/debian/copyright	2017-01-31 16:56:26.0 +
@@ -25,6 +25,54 @@
  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  SOFTWARE.
 
+Files: debian/selectors34.py
+Copyright: Copyright (C) 2015- Berker Peksag 
+License: PSFL-2
+ 1. This LICENSE AGREEMENT is between the Python Software Foundation
+ ("PSF"), and the Individual or Organization ("Licensee") accessing and
+ otherwise using this software ("Python") in source or binary form and
+ its associated documentation.
+ .
+ 2. Subject to the terms and conditions of this License Agreement, PSF hereby
+ grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce,
+ analyze, test, perform and/or display publicly, prepare derivative works,
+ distribute, and otherwise use Python alone or in any derivative version,
+ provided, however, that PSF's License Agreement and PSF's notice of copyright,
+ i.e., "Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009,
+ 2010, 2011 Python Software Foundation; All Rights Reserved" are retained in
+ Python alone or in any derivative version prepared by Licensee.
+ .
+ 3. In the event Licensee prepares a derivative work that is based on
+ or incorporates Python or any part thereof, and wants to make
+ the derivative work available to others as provided herein, then
+ Licensee hereby agrees to include in any such work a brief summary of
+ the changes made to Python.
+ .
+ 4. PSF is making Python available to Licensee on an "AS IS"
+ basis.  PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR
+ IMPLIED.  BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND
+ DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS
+ FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT
+ INFRINGE ANY THIRD PARTY RIGHTS.
+ .
+ 5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON
+ FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS
+ A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON,
+ OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
+ .
+ 6. This License Agreement will automatically terminate upon a material
+ breach of its terms and conditions.
+ .
+ 7. Nothing in this License Agreement shall be deemed to create any
+ relationship of agency, partnership, or joint

Bug#853765: unblock: cowdancer/0.85

2017-01-31 Thread James Clarke 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package cowdancer; debdiff attached, but not yet
uploaded.

This is a fix for the single RC bug #852434. Please confirm that this is
OK before I upload to unstable.

unblock cowdancer/0.85

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-
debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
diff -Nru cowdancer-0.84/cowbuilder.8 cowdancer-0.85/cowbuilder.8
--- cowdancer-0.84/cowbuilder.8 2017-01-17 22:26:27.0 +
+++ cowdancer-0.85/cowbuilder.8 2017-01-31 14:53:05.0 +
@@ -24,28 +24,28 @@
 pbuilder manual for details.
 
 .TP
-\fB\-\-create\fR, \fBcreate\fR
+\fBcreate\fR
 Create the base.cow image.
 The directory for base.cow should be empty, or this command will fail.
 
 .TP
-\fB\-\-update\fR, \fBupdate\fR, \fBup\fR, \fBu\fR
+\fBupdate\fR, \fBup\fR, \fBu\fR
 Update the base.cow image.
 
 .TP
-\fB\-\-build\fR, \fBbuild\fR, \fBb\fR
+\fBbuild\fR, \fBb\fR
 Build a package given a .dsc file
 
 .TP
-\fB\-\-login\fR, \fBlogin\fR, \fBl\fR
+\fBlogin\fR, \fBl\fR
 Start a session within the base.cow.
 
 .TP
-\fB\-\-execute\fR, \fBexecute\fR, \fBe\fR
+\fBexecute\fR, \fBe\fR
 Execute a command within the base.cow.
 
 .TP
-\fB\-\-dumpconfig\fR, \fBdumpconfig\fR
+\fBdumpconfig\fR
 Dump configuration information, used for debugging.
 
 .SH "OPTIONS"
diff -Nru cowdancer-0.84/debian/changelog cowdancer-0.85/debian/changelog
--- cowdancer-0.84/debian/changelog 2017-01-19 14:41:27.0 +
+++ cowdancer-0.85/debian/changelog 2017-01-31 17:16:13.0 +
@@ -1,3 +1,13 @@
+cowdancer (0.85) unstable; urgency=medium
+
+  * cowbuilder.8: Don't document the option-style commands; they're confusing
+and no longer recommended
+  * parameter.c: Allow commands to come later; deprecation warnings not given,
+since at least one reverse dependency does not call cowbuilder correctly
+(Closes: #852434)
+
+ -- James Clarke   Tue, 31 Jan 2017 17:16:13 +
+
 cowdancer (0.84) unstable; urgency=medium
 
   [ James Clarke ]
diff -Nru cowdancer-0.84/parameter.c cowdancer-0.85/parameter.c
--- cowdancer-0.84/parameter.c  2017-01-18 18:46:49.0 +
+++ cowdancer-0.85/parameter.c  2017-01-31 17:14:34.0 +
@@ -401,6 +401,14 @@
{"debootstrapopts", required_argument, 0, 0},
{"debootstrap", required_argument, 0, 0},
 
+   /* Deprecated command placement; should be given first */
+   {"build", no_argument, 0, 0},
+   {"create", no_argument, 0, 0},
+   {"update", no_argument, 0, 0},
+   {"login", no_argument, 0, 0},
+   {"execute", no_argument, 0, 0},
+   {"dumpconfig", no_argument, 0, 0},
+
/* cowbuilder specific options */
{"no-cowdancer-update", no_argument, 0, 0},
{"debian-etch-workaround", no_argument, 0, 0},
@@ -480,19 +488,13 @@
}
}
 
-   if (pc.operation == pbuilder_do_nothing) {
-   log_printf(log_error, "Unknown operation: %s", av[1]);
-   return 1;
+   if (pc.operation != pbuilder_do_nothing) {
+   --ac;
+   av[1] = av[0];
+   ++av;
}
-   } else {
-   log_printf(log_error, "No operation specified");
-   return 1;
}
 
-   --ac;
-   av[1] = av[0];
-   ++av;
-
 #define PASS_TO_PBUILDER_WITH_PARAM \
PBUILDER_ADD_PARAM(cmdstr); \
PBUILDER_ADD_PARAM(strdup(optarg));
@@ -573,6 +575,27 @@
 * behavior, so ignore it, for most of the time.
 */
 
+   /* Handle deprecated command placement */
+   if (!strcmp(long_options[index_point].name, 
"build")) {
+   pc.operation = pbuilder_build;
+   break;
+   } else if 
(!strcmp(long_options[index_point].name, "create")) {
+   pc.operation = pbuilder_create;
+   break;
+   } else if 
(!strcmp(long_options[index_point].name, "update")) {
+   pc.operation = pbuilder_update;
+   break;
+   } else if 
(!strcmp(long_options[index_point].name, "login")) {
+   pc.operation = pbuilder_login;
+   break;
+

Bug#853763: unblock: astroplan/0.2-4

2017-01-31 Thread Vincent Prat 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

please unblock astroplan in the upcoming (Feb 5) freeze.

It solves #851437 "FTBFS: requires Internet to build", severity: serious.

Changelog entry:

astroplan (0.2-4) unstable; urgency=medium

  * Github patches + failures marked as known (Closes: #851437)

 -- Vincent Prat   Fri, 27 Jan 2017 20:57:06 +0100

The debdiff is attached. Requested commands:

unblock astroplan/0.2-4

diff -Nru astroplan-0.2/debian/changelog astroplan-0.2/debian/changelog
--- astroplan-0.2/debian/changelog  2016-12-21 13:25:25.0 +0100
+++ astroplan-0.2/debian/changelog  2017-01-27 20:57:06.0 +0100
@@ -1,3 +1,9 @@
+astroplan (0.2-4) unstable; urgency=medium
+
+  * Github patches + failures marked as known (Closes: #851437)
+
+ -- Vincent Prat   Fri, 27 Jan 2017 20:57:06 +0100
+
 astroplan (0.2-3) unstable; urgency=medium
 
   * Fix test failures. (Closes: #848750)
diff -Nru astroplan-0.2/debian/patches/disable_failing_tests.patch 
astroplan-0.2/debian/patches/disable_failing_tests.patch
--- astroplan-0.2/debian/patches/disable_failing_tests.patch1970-01-01 
01:00:00.0 +0100
+++ astroplan-0.2/debian/patches/disable_failing_tests.patch2017-01-27 
20:57:06.0 +0100
@@ -0,0 +1,40 @@
+From: Ole Streicher 
+Subject: Mark known failures
+--- a/astroplan/tests/test_scheduling.py
 b/astroplan/tests/test_scheduling.py
+@@ -6,6 +6,7 @@
+ from astropy.time import Time
+ import astropy.units as u
+ from astropy.coordinates import SkyCoord
++from astropy.tests.helper import pytest
+ 
+ from ..utils import time_grid_from_range
+ from ..observer import Observer
+@@ -103,7 +104,8 @@
+ assert np.abs(schedule.slots[0].end - new_duration - start) < 1*u.second
+ assert schedule.slots[1].start == schedule.slots[0].end
+ 
+-
++# see https://github.com/astropy/astroplan/pull/282
++@pytest.mark.xfail()
+ def test_transitioner():
+ blocks = [ObservingBlock(t, 55 * u.minute, i) for i, t in 
enumerate(targets)]
+ slew_rate = 1 * u.deg / u.second
+@@ -132,6 +134,8 @@
+ default_transitioner = Transitioner(slew_rate=1 * u.deg / u.second)
+ 
+ 
++# see https://github.com/astropy/astroplan/pull/282
++@pytest.mark.xfail()
+ def test_priority_scheduler():
+ constraints = [AirmassConstraint(3, boolean_constraint=False)]
+ blocks = [ObservingBlock(t, 55*u.minute, i) for i, t in 
enumerate(targets)]
+@@ -157,6 +161,8 @@
+ scheduler(blocks, schedule)
+ 
+ 
++# see https://github.com/astropy/astroplan/pull/282
++@pytest.mark.xfail()
+ def test_sequential_scheduler():
+ constraints = [AirmassConstraint(2.5, boolean_constraint=False)]
+ blocks = [ObservingBlock(t, 55 * u.minute, i) for i, t in 
enumerate(targets)]
diff -Nru 
astroplan-0.2/debian/patches/issues-282-Fix-more-test-failures-in-astroplan.patch
 
astroplan-0.2/debian/patches/issues-282-Fix-more-test-failures-in-astroplan.patch
--- 
astroplan-0.2/debian/patches/issues-282-Fix-more-test-failures-in-astroplan.patch
   1970-01-01 01:00:00.0 +0100
+++ 
astroplan-0.2/debian/patches/issues-282-Fix-more-test-failures-in-astroplan.patch
   2017-01-27 20:57:06.0 +0100
@@ -0,0 +1,41 @@
+From: Wilfred Tyler Gee 
+Date: Thu, 26 Jan 2017 17:34:02 +0100
+Subject: issues/282: Fix more test failures in astroplan
+
+I tried to spend some time today looking at this. I applied #273 #274
+and #281 after which there were still 6 outstanding errors. Applying
+the following reduces that to 3 errors, all in test_scheduling.py and
+all consistent with the error @olebole pointed out in
+astropy. Everything else I tried seemed to point to that error in
+astropy rather than in astroplan, but I could be wrong.
+
+URL: https://github.com/astropy/astroplan/files/726302/diff.txt
+---
+ astroplan/observer.py | 7 ++-
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/astroplan/observer.py b/astroplan/observer.py
+index 873a609..27e6b24 100644
+--- a/astroplan/observer.py
 b/astroplan/observer.py
+@@ -591,7 +591,7 @@ class Observer(object):
+ time_inds = np.array(time_inds)
+ 
+ times = [t[int(i):int(i)+2] if not np.isnan(i) else np.nan for i in 
time_inds]
+-altitudes = [alt[i, int(j):int(j)+2] if not np.isnan(j) else np.nan
++altitudes = [alt[int(i), int(j):int(j)+2] if not np.isnan(j) else 
np.nan
+  for i, j in zip(target_inds, time_inds)]
+ 
+ return times, altitudes
+@@ -706,10 +706,7 @@ class Observer(object):
+ times = _generate_24hr_grid(time, -1, 0, N)
+ 
+ altaz = self.altaz(times, target)
+-if target_is_vector:
+-altitudes = [aa.alt for aa in altaz]
+-else:
+-altitudes = altaz.alt
++altitudes = altaz.alt
+ 
+ time_limits, altitude_limits = self._horiz_cross(times,

Re: [Pkg-nagios-devel] Bug#851585: icinga2-ido-mysql: fails to upgrade from 'jessie': mysql said: ERROR 1067 (42000) at line 10: Invalid default value for 'status_update_time'

2017-01-31 Thread Markus Frosch 
Hello Release team
- top post for referencing-

I'd like to ask you about views of this bug.

We can do the following:

1) Update icinga2 to 2.6.1 which includes some other useful changes (see below)
2) stretch-ignore the bug, since MySQL 5.7 won't be included in stretch
   (Problem: backports might make a problem then)

I could also patch some of the crashing issues, but would rather prefer 2.6.1
as a cleaner update to maintain in stretch.

Note: I'm affiliated with upstream, but want to maintain the package as conform
as possible.

In my perspective the cleanest way would be to use the minor release.

Please advise me, I left the diff out since it won't be helpful in discussion.

Interesting Icinga2 2.6.1 changes:
* Fixes an internal crash bug during check execution
* SIGPIPE crash (currently fixed in sysVinit script)
* Timestamp problems with PostgreSQL (incorrect datetime)
* Updating IDO schema to conform with MySQL >= 5.7 (big diff with lots of 
fields)
* Documentation and project links (that might be helpful for users)

Full issue list: https://github.com/Icinga/icinga2/milestone/60?closed=1

On 16.01.2017 17:33, Andreas Beckmann wrote:
> Package: icinga2-ido-mysql
> Version: 2.6.0-2
> Severity: serious
> User: debian...@lists.debian.org
> Usertags: piuparts
> 
> Hi,
> 
> during a test with piuparts I noticed your package fails to upgrade from
> 'jessie'.
> It installed fine in 'jessie', then the upgrade to 'sid' fails.
> 
>>From the attached log (scroll to the bottom...):
> 
>   Setting up icinga2-common (2.6.0-2) ...
>   Installing new version of config file /etc/default/icinga2 ...
>   Installing new version of config file /etc/icinga2/conf.d/commands.conf ...
>   Installing new version of config file /etc/icinga2/conf.d/downtimes.conf ...
>   Installing new version of config file /etc/icinga2/conf.d/groups.conf ...
>   Installing new version of config file 
> /etc/icinga2/conf.d/notifications.conf ...
>   Installing new version of config file /etc/icinga2/conf.d/services.conf ...
>   Installing new version of config file /etc/icinga2/conf.d/templates.conf ...
>   Installing new version of config file /etc/icinga2/constants.conf ...
>   Installing new version of config file 
> /etc/icinga2/features-available/api.conf ...
>   Installing new version of config file /etc/icinga2/icinga2.conf ...
>   Installing new version of config file 
> /etc/icinga2/scripts/mail-host-notification.sh ...
>   Installing new version of config file 
> /etc/icinga2/scripts/mail-service-notification.sh ...
>   Installing new version of config file /etc/init.d/icinga2 ...
>   Installing new version of config file /etc/logrotate.d/icinga2 ...
>   Created symlink /etc/systemd/system/multi-user.target.wants/icinga2.service 
> → /lib/systemd/system/icinga2.service.
>   Running in chroot, ignoring request.
>   invoke-rc.d: policy-rc.d denied execution of start.
>   Setting up icinga2-bin (2.6.0-2) ...
>   Setting up icinga2-ido-mysql (2.6.0-2) ...
>   Determining localhost credentials from /etc/mysql/debian.cnf: succeeded.
>   dbconfig-common: writing config to 
> /etc/dbconfig-common/icinga2-ido-mysql.conf
>   Replacing config file /etc/dbconfig-common/icinga2-ido-mysql.conf with new 
> version
>   creating database backup in 
> /var/cache/dbconfig-common/backups/icinga2-ido-mysql_2.1.1-1.2017-01-13-09.37.09.
>   applying upgrade sql for 2.1.1-1 -> 2.2.0.
>   error encountered processing 
> /usr/share/dbconfig-common/data/icinga2-ido-mysql/upgrade/mysql/2.2.0:
>   mysql said: ERROR 1067 (42000) at line 10: Invalid default value for 
> 'status_update_time'
>   dbconfig-common: icinga2-ido-mysql configure: aborted.
>   dbconfig-common: flushing administrative password
>   dpkg: error processing package icinga2-ido-mysql (--configure):
>subprocess installed post-installation script returned error exit status 1
> 
> This was observed during a jessie->sid upgrade which picked a mysql-5.5 -> 
> mysql-5.7 upgrade for the database server.
> Feel free to downgrade the severity if this bug is specific to that weird 
> combination.
> 
> 
> cheers,
> 
> Andreas
> 
> 
> 
> ___
> Pkg-nagios-devel mailing list
> pkg-nagios-de...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-nagios-devel
> 


Cheers
Markus Frosch
-- 
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de



signature.asc
Description: OpenPGP digital signature

Bug#853760: unblock: bzip2/1.0.6-8.1

2017-01-31 Thread Salvatore Bonaccorso 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi

Please unblock package bzip2

Ben Hutchings fixed #827744 (CVE-2016-3189) for bzip2 via a NMU to
unstable. Could you please unblock bzip2 to have the fix included in
stretch.

Changelog:

>bzip2 (1.0.6-8.1) unstable; urgency=medium
>
>  * Non-maintainer upload.
>  * bzip2recover: Fix potential use-after-free, Closes: #827744 (CVE-2016-3189)
>
> -- Ben Hutchings   Sun, 29 Jan 2017 18:30:31 +

unblock bzip2/1.0.6-8.1

Attached is the debdiff against the version currently in testing.

Regards,
Salvatore
diff -Nru bzip2-1.0.6/debian/changelog bzip2-1.0.6/debian/changelog
--- bzip2-1.0.6/debian/changelog2015-05-19 21:37:53.0 +0200
+++ bzip2-1.0.6/debian/changelog2017-01-29 19:30:31.0 +0100
@@ -1,3 +1,10 @@
+bzip2 (1.0.6-8.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * bzip2recover: Fix potential use-after-free, Closes: #827744 (CVE-2016-3189)
+
+ -- Ben Hutchings   Sun, 29 Jan 2017 18:30:31 +
+
 bzip2 (1.0.6-8) unstable; urgency=medium
 
   * Remove Jorge Ernesto Guevara Cuenca from Uploaders, as agreed with him.
diff -Nru bzip2-1.0.6/debian/patches/bzip2recover-CVE-2016-3189.patch 
bzip2-1.0.6/debian/patches/bzip2recover-CVE-2016-3189.patch
--- bzip2-1.0.6/debian/patches/bzip2recover-CVE-2016-3189.patch 1970-01-01 
01:00:00.0 +0100
+++ bzip2-1.0.6/debian/patches/bzip2recover-CVE-2016-3189.patch 2017-01-29 
19:30:31.0 +0100
@@ -0,0 +1,17 @@
+Author: Jakub Martisko 
+Date: Wed, 30 Mar 2016 10:22:27 +0200
+Description: bzip2recover: Fix potential use-after-free
+Origin: https://bugzilla.redhat.com/attachment.cgi?id=1169843=edit
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2016-3189
+Bug-Debian: https://bugs.debian.org/827744
+
+--- a/bzip2recover.c
 b/bzip2recover.c
+@@ -472,6 +472,7 @@ Int32 main ( Int32 argc, Char** argv )
+ bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
+ bsPutUInt32 ( bsWr, blockCRC );
+ bsClose ( bsWr );
++outFile = NULL;
+  }
+  if (wrBlock >= rbCtr) break;
+  wrBlock++;
diff -Nru bzip2-1.0.6/debian/patches/series bzip2-1.0.6/debian/patches/series
--- bzip2-1.0.6/debian/patches/series   2014-07-26 17:46:24.0 +0200
+++ bzip2-1.0.6/debian/patches/series   2017-01-29 19:30:31.0 +0100
@@ -1,3 +1,4 @@
 10-bzip2.1.patch
 20-legacy.patch
 30-bzip2-harden.patch
+bzip2recover-CVE-2016-3189.patch

Re: Draft for taging 32 RC bugs with can-defer, will-remove or is-blocker

2017-01-31 Thread Andreas Henriksson 
Hi Niels,

On Sat, Jan 28, 2017 at 01:20:00PM +, Niels Thykier wrote:
[...]
> > 851819  flashplugin-nonfree will-remove ERROR: wget failed to 
> > download http://people.debian.org/~bartm/...
[...]

While I'm usually quite keen on removals, I'd suggest this one can be a
"can-defer". The downloader itself seems to still be working all that's
needed is a new signature for the new adobe release.
AIUI this doesn't even involve touching the package, only dropping the
signature in bartm's public_html on people.debian.org.
This can be done at any time to fix the package during stretch lifetime.
I guess the only reason this package is considered a key-package is
because it's very popular among users, so would be quite unhelpful of us
to remove it.

Just my 5c

Regards,
Andreas Henriksson

Vier Valentijnsdag thuis.

2017-01-31 Thread Champagne 
Geachte mevrouw,
Geachte heer,

Valentijnsdag: een mooie gelegenheid om Champagne te drinken.
Op www.aCongy.com bieden wij u een prachtige champagne aan
Brut Tradition
van Breton Fils
Récoltant - Manipulant in Congy (Frankrijk).

Kwaliteit gewaarborgd :
Zoals geschreven in onze algemene verkoopsvoorwaarden, nemen wij uw flessen  
terug indien u niet tevreden bent !

Met hoogachting,
Het team van www.acongy.com

Bug#853741: unblock: lilypond/2.18.2-7

2017-01-31 Thread Anthony Fok 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Please kindly unblock package lilypond.

lilypond 2.18.2-4.1 was removed from testing (stretch)
after its dependencies guile-1.8-libs and guile-1.8 were removed.

As per Bug#746005  and upstream
issue #1055 ,
the effort for LilyPond to migrate to Guile 2.0 started in 2010,
and it was originally expected that it would be complete by now.
Unfortunately, there were various issues (bugs and disagreements)
on both sides that took a while to be sorted out.
Progress has been made, slowly and surely, and it is somewhat
lilypond 2.19.x series, albeit with performance and stability issues.

The Guile 2.0 migration _will_ be complete with the future 2.20 release
,
but unfortunately not soon enough for the Debian 9 "stretch" release.
So, let's just say that LilyPond and Guile 2.0 are just not quite
ready for one another yet.

I fully agree with the removal of guile-1.8 packages from Stretch.
On the other hand, LilyPond is a such a prominent and important
free software program that it would almost be unfathomable for a
new Debian release to be without LilyPond.

So, it seems that the only way out is for the lilypond packages,
namely "lilypond" and "lilypond-data", to bundle its own private copy
of guile-1.8.  This was accomplished by:

 * importing the original DFSG-free Debian .orig.tar.bz2 as
   multiple upstream tarball (MUT) component,
   i.e. lilypond_2.18.2.orig-guile18.tar.gz;

 * importing quilt patches from the original guile-1.8 (1.8.8+1-10);

 * building guile-1.8 in the override_dh_auto_configure target
   and setting the appropriate PATH, LD_LIBRARY_PATH, GUILE_LOAD_PATH
   so that LilyPond's configure and subsequent $(MAKE) calls can find
   our own guile-1.8;

 * installing our own guile-1.8 inside lilypond's library and shared
   directories:

- /usr/lib/$(DEB_HOST_MULTIARCH)/lilypond/2.18.2/guile-1.8
(guile-1.8 executable for lilypond-invoke-editor)
- /usr/lib/$(DEB_HOST_MULTIARCH)/lilypond/2.18.2/guile/
(guile-1.8 library)
- /usr/share/lilypond/2.18.2/guile/1.8
(architecture-independent *.scm files)

 * borrowing ideas and code from upstream's generic package, i.e.
   stand-alone shar "shell archives" with bundled python, guile,
   fontconfig, etc.:
   
,
   LilyPond's own "relocate" feature and sh script wrappers are used
   to set the appropriate LD_LIBRARY_PATH and GUILE_LOAD_PATH
   and to call the correct guile-1.8 binary.

For more details, please see the commit log between debian/2.18.2-4.1
and debian/2.18.2-7:

  https://anonscm.debian.org/git/collab-maint/lilypond.git/log/?h=debian

especially commit 6a737760 "Bundle our own private copy of guile-1.8":

  
https://anonscm.debian.org/git/collab-maint/lilypond.git/commit/?h=debian=6a737760044c5a5405b5c98ffb583d85bcf2dc8d

I apologize that this was not done earlier: I only realized this
dire situation with lilypond when frescobaldi was blocked from
entering testing (see ).
I am deeply grateful for letting frescobaldi in, and I sincerely
hope that lilypond can make the cut too!

Thank you for your kind consideration.

Cheers,

Anthony

P.S. Attached are the debdiff output files between lilypond 2.18.2-4.1
(version in testing before removal) and 2.18.2-7.  The most significant
change, of course, is with the bundling of our own guile-1.8 files,
and with the addition of a couple wrapper scripts in /usr/bin/,

I also decided to stop compressing the PDF documentation, originally
done to allow acroread to open these files directly.  This has the
unexpected benefit of significant space-savings in the PDF .deb files:

$ du -csh lilypond-doc-pdf*_2.18.2-4.1_*.deb
47M lilypond-doc-pdf_2.18.2-4.1_all.deb
29M lilypond-doc-pdf-de_2.18.2-4.1_all.deb
31M lilypond-doc-pdf-es_2.18.2-4.1_all.deb
30M lilypond-doc-pdf-fr_2.18.2-4.1_all.deb
1.7Mlilypond-doc-pdf-hu_2.18.2-4.1_all.deb
29M lilypond-doc-pdf-it_2.18.2-4.1_all.deb
2.8Mlilypond-doc-pdf-nl_2.18.2-4.1_all.deb
168Mtotal

$ du -csh lilypond-doc-pdf*_2.18.2-7_*.deb
29M lilypond-doc-pdf_2.18.2-7_all.deb
16M lilypond-doc-pdf-de_2.18.2-7_all.deb
17M lilypond-doc-pdf-es_2.18.2-7_all.deb
17M lilypond-doc-pdf-fr_2.18.2-7_all.deb
1.6Mlilypond-doc-pdf-hu_2.18.2-7_all.deb
15M lilypond-doc-pdf-it_2.18.2-7_all.deb
2.5Mlilypond-doc-pdf-nl_2.18.2-7_all.deb
97M total

unblock lilypond/2.18.2-7

- -- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1,

Bug#853280: unblock: simple-cdd/0.6.4

2017-01-31 Thread Cyril Brulebois 
Hi,

Vagrant Cascadian  (2017-01-30):
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: debian-b...@lists.debian.org, 
> simple-cdd-de...@lists.alioth.debian.org
> 
> Please unblock package simple-cdd
> 
> The source package simple-cdd appears to be blocked due to the
> simple-cdd-profiles udeb. This udeb is not used by debian-installer by
> default, and the udeb hasn't changed at all since the version
> currently in testing.
> 
> The new version fixes an issue in boolean handling treating any
> specified value, including "false", as if it were True. It also fixes
> a compatibility issue with newer versions of debian-cd. And also
> supports the BOOT_TIMEOUT variable for generated CD images that use
> grub2.

No objections from me (and thanks for the cc).


KiBi.


signature.asc
Description: Digital signature

Bug#853727: unblock: limnoria/2017.01.10-1

2017-01-31 Thread Mattia Rizzolo 
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package limnoria.

It is a new upstream, yes, but
1) it's a leaf package
2) it has a very extensive testsuite
3) the changes are so minimal...
4) it fixes the only bug this package has ;)

Attached a debdiff against the current version in stretch.

unblock limnoria/2017.01.10-1

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-
diffstat for limnoria-2016.12.08 limnoria-2017.01.10

 PKG-INFO  |2 -
 debian/changelog  |9 +
 debian/rules  |1 
 plugins/Channel/plugin.py |9 +
 plugins/Debug/plugin.py   |2 +
 plugins/Google/plugin.py  |2 -
 plugins/Unix/test.py  |6 ++-
 scripts/supybot   |2 -
 scripts/supybot-test  |5 ++
 src/irclib.py |   78 ++
 src/test.py   |1 
 src/version.py|2 -
 12 files changed, 94 insertions(+), 25 deletions(-)

diff -Nru limnoria-2016.12.08/debian/changelog 
limnoria-2017.01.10/debian/changelog
--- limnoria-2016.12.08/debian/changelog2016-12-15 08:40:27.0 
+0100
+++ limnoria-2017.01.10/debian/changelog2017-01-31 11:59:27.0 
+0100
@@ -1,3 +1,12 @@
+limnoria (2017.01.10-1) unstable; urgency=medium
+
+  * New upstream version 2017.01.10.
+  * d/rules: use the new --no-setuid to skip tests that might require a
+setuid binary (like /bin/ping in some hosts without settcap) as they
+wouldn't work under libeatmydata.  Closes: #834950
+
+ -- Mattia Rizzolo   Tue, 31 Jan 2017 11:59:27 +0100
+
 limnoria (2016.12.08-1) unstable; urgency=medium
 
   * New upstream version 2016.12.08.
diff -Nru limnoria-2016.12.08/debian/rules limnoria-2017.01.10/debian/rules
--- limnoria-2016.12.08/debian/rules2016-12-04 14:48:31.0 +0100
+++ limnoria-2017.01.10/debian/rules2017-01-31 11:58:29.0 +0100
@@ -13,6 +13,7 @@
PYBUILD_TEST_ARGS="PYTHONPATH={build_dir} \
build/scripts-{version}/supybot-test \
test \
+   --no-setuid \
--no-network \
--disable-multiprocessing \
--plugins-dir={build_dir}/supybot/plugins/" \
diff -Nru limnoria-2016.12.08/PKG-INFO limnoria-2017.01.10/PKG-INFO
--- limnoria-2016.12.08/PKG-INFO2016-12-08 21:11:36.0 +0100
+++ limnoria-2017.01.10/PKG-INFO2017-01-27 00:14:32.0 +0100
@@ -1,6 +1,6 @@
 Metadata-Version: 1.1
 Name: limnoria
-Version: 2016.12.08
+Version: 2017.01.10
 Summary: A modified version of Supybot (an IRC bot and framework)
 Home-page: https://github.com/ProgVal/Limnoria
 Author: Valentin Lorentz
diff -Nru limnoria-2016.12.08/plugins/Channel/plugin.py 
limnoria-2017.01.10/plugins/Channel/plugin.py
--- limnoria-2016.12.08/plugins/Channel/plugin.py   2016-12-08 
21:11:26.0 +0100
+++ limnoria-2017.01.10/plugins/Channel/plugin.py   2017-01-27 
00:13:31.0 +0100
@@ -909,10 +909,9 @@
 # Make sure we don't elicit information about private channels to
 # people or channels that shouldn't know
 capability = ircdb.makeChannelCapability(channel, 'op')
-hostmask = irc.state.nickToHostmask(msg.nick)
 if 's' in irc.state.channels[channel].modes and \
 msg.args[0] != channel and \
-not ircdb.checkCapability(hostmask, capability) and \
+not ircdb.checkCapability(msg.prefix, capability) and \
 (ircutils.isChannel(msg.args[0]) or \
  msg.nick not in irc.state.channels[channel].users):
 irc.error(_('You don\'t have access to that information.'),
@@ -937,8 +936,7 @@
 if frm is not None:
 s += format(_(' (from %s)'), frm)
 for nick in irc.state.channels[channel].users:
-hostmask = irc.state.nickToHostmask(nick)
-if ircdb.checkCapability(hostmask, capability):
+if ircdb.checkCapability(msg.prefix, capability):
 irc.reply(s, to=nick, private=True)
 irc.replySuccess()
 
@@ -969,8 +967,7 @@
 else:
 irc.error(Raise=True)
 capability = ircdb.makeChannelCapability(channel, 'op')
-hostmask = irc.state.nickToHostmask(msg.nick)
-if not ircdb.checkCapabilities(hostmask, [capability, 'admin']):
+if not ircdb.checkCapabilities(msg.prefix, [capability, 'admin']):
 irc.errorNoCapability(capability, Raise=True)
 try:
 network = conf.supybot.networks.get(irc.network)
diff -Nru limnoria-2016.12.08/plugins/Debug/plugin.py

new RC bug in texlive-base and transition to testing

2017-01-31 Thread Norbert Preining 
Dear Release Team,

recently (within the 10 day transition period) a RC bug (853119) has
surfaced for texlive-base, which causes FTBFS of other packages.
The reason is that the update requires adjusted dependencies as
we need to pull in now fonts-lmodern.

(Technical detail: The change was to switch to a dedicate Unicode
font encoding by default on lualatex and xelatex to better support
non-ascii writing. Thus, the default font is not anymore the
CMR fonts shipped in texlive-base, but the lmodern fonts, whose
otf variants are shipped in fonts-lmodern and which are thus necessary
for processing some documents when using xelatex or lulalatex).

I am a bit in doubt how to proceed here, as there are a few options:
* forget about getting the current packages into testing
This is of course an option, and would not hurt too much
but at least a bit.
* downgrade the RC bug to allow for transition in three days, then
upload fixed packages (also fixing a in-fact-RC bug
that was filed as important by Andreas Beckmann concerning
messed up replaces/breaks, bug 852599)
* upload a new package fixing the above two bugs now, and ask 
straight ahead for a transition?

What would you suggested to do?

Thanks a lot and all the best

Norbert

--
PREINING Norbert   http://www.preining.info
Accelia Inc. +JAIST +TeX Live +Debian Developer
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13

Re: [INFO] Bug#853183: unblock: proftpd-dfsg/1.3.5b-3

2017-01-31 Thread Francesco P. Lovergine 
On Mon, Jan 30, 2017 at 02:38:57PM +0100, Francesco P. Lovergine wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package proftpd-dfsg
> 
> We fixed #820984 and #848124 here. Note that while fixing in the debdiff you
> will see a now removed debian/proftpd.conf.5 that was due to a missing cleanup
> of the debian subdir. That was incidentally introduced into the git tree on 
> alioth and
> never noted before :-/ I hope that it is not a problem.
> 

Please consider -3 instead (just uploaded), with a decent update of the NEWS 
file. 
Again debdiff is included. Sorry for the noise.

unblock proftpd-dfsg/1.3.5b-3
 
-- 
Francesco P. Lovergine

Bug#853469: unblock: libarchive/3.2.1-6

2017-01-31 Thread Andreas Henriksson 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package libarchive

Fixes CVE-2017-5601 by cherry-picking a single upstream commit.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853278

unblock libarchive/3.2.1-6

-- System Information:
Debian Release: 9.0
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff --git a/debian/changelog b/debian/changelog
index e1386ce6..289df2d0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+libarchive (3.2.1-6) unstable; urgency=medium
+
+  * Add 
debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
+- Cherry-pick upstream commit 98dcbbf0bf4854bf987557
+  "Fail with negative lha->compsize in lha_read_file_header_1()"
+  Secunia SA74169, CVE-2017-5601 (Closes: #853278)
+
+ -- Andreas Henriksson   Tue, 31 Jan 2017 10:25:56 +0100
+
 libarchive (3.2.1-5) unstable; urgency=medium
 
   * Cherry-pick upstream commits 7f17c791, eec077f5, e37b620f
diff --git 
a/debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
 
b/debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
new file mode 100644
index ..3b35e267
--- /dev/null
+++ 
b/debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
@@ -0,0 +1,23 @@
+From: Martin Matuska 
+Date: Thu, 19 Jan 2017 22:00:18 +0100
+Subject: Fail with negative lha->compsize in lha_read_file_header_1() Fixes a
+ heap buffer overflow reported in Secunia SA74169
+
+---
+ libarchive/archive_read_support_format_lha.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_lha.c 
b/libarchive/archive_read_support_format_lha.c
+index c359d83e..1a5617fa 100644
+--- a/libarchive/archive_read_support_format_lha.c
 b/libarchive/archive_read_support_format_lha.c
+@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha 
*lha)
+   /* Get a real compressed file size. */
+   lha->compsize -= extdsize - 2;
+ 
++  if (lha->compsize < 0)
++  goto invalid;   /* Invalid compressed file size */
++
+   if (sum_calculated != headersum) {
+   archive_set_error(>archive, ARCHIVE_ERRNO_MISC,
+   "LHa header sum error");
diff --git a/debian/patches/series b/debian/patches/series
index 24a6b0a7..68f4950f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,3 +11,4 @@ Correct-the-usage-of-PATH_MAX-as-reported-in-Issue-744.patch
 Issue-761-Heap-overflow-reading-corrupted-7Zip-files.patch
 Issue-747-and-others-Avoid-OOB-read-when-parsing-multiple.patch
 Issue-767-Buffer-overflow-printing-a-filename.patch
+Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch

Bug#853289: unblock: beets/1.3.19-2.1

2017-01-31 Thread Simon McVittie 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package beets. This fixes one reported FTBFS due to
test failures with newer python-mutagen (#851016), and one unreported
FTBFS due to a different test failure with newer python-mutagen
(previously masked by the other failure), by backporting upstream fixes.

unblock beets/1.3.19-2.1

Regards,
S
diffstat for beets-1.3.19 beets-1.3.19

 changelog  |   14 
 control|4 
 patches/Test-true-FLAC-bitrate-from-Mutagen-1.35.patch |   24 +
 patches/mediafile-Cleanup-mutagen-error-handling.patch |  241 +
 patches/series |2 
 5 files changed, 283 insertions(+), 2 deletions(-)

diff -Nru beets-1.3.19/debian/changelog beets-1.3.19/debian/changelog
--- beets-1.3.19/debian/changelog	2016-08-30 06:07:14.0 +0100
+++ beets-1.3.19/debian/changelog	2017-01-23 09:41:08.0 +
@@ -1,3 +1,17 @@
+beets (1.3.19-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * d/p/mediafile-Cleanup-mutagen-error-handling.patch:
+Add patch backported from upstream to update exception handling for
+python-mutagen >= 1.33. This fixes a test failure and
+FTBFS (Closes: #851016)
+  * d/p/Test-true-FLAC-bitrate-from-Mutagen-1.35.patch:
+Add patch backported from upstream to fix a failing test with
+python-mutagen >= 1.35
+- d/control: depend and build-depend on a compatible version
+
+ -- Simon McVittie   Mon, 23 Jan 2017 09:41:08 +
+
 beets (1.3.19-2) unstable; urgency=medium
 
   * Fix occasional FTBFS due to lack of mock cleanup. Thanks Santiago Vila.
diff -Nru beets-1.3.19/debian/control beets-1.3.19/debian/control
--- beets-1.3.19/debian/control	2016-08-30 04:40:16.0 +0100
+++ beets-1.3.19/debian/control	2017-01-23 09:41:08.0 +
@@ -17,7 +17,7 @@
  python-mpd,
  python-munkres,
  python-musicbrainzngs (>= 0.4),
- python-mutagen (>= 1.27),
+ python-mutagen (>= 1.35),
  python-pathlib,
  python-pylast,
  python-rarfile,
@@ -41,7 +41,7 @@
  libjs-underscore,
  python-enum34,
  python-musicbrainzngs (>= 0.4),
- python-mutagen (>= 1.21),
+ python-mutagen (>= 1.35),
  python-pkg-resources,
  ${misc:Depends},
  ${python:Depends}
diff -Nru beets-1.3.19/debian/patches/mediafile-Cleanup-mutagen-error-handling.patch beets-1.3.19/debian/patches/mediafile-Cleanup-mutagen-error-handling.patch
--- beets-1.3.19/debian/patches/mediafile-Cleanup-mutagen-error-handling.patch	1970-01-01 01:00:00.0 +0100
+++ beets-1.3.19/debian/patches/mediafile-Cleanup-mutagen-error-handling.patch	2017-01-23 09:41:08.0 +
@@ -0,0 +1,241 @@
+From: Christoph Reiter 
+Date: Mon, 27 Jun 2016 09:43:48 +0200
+Subject: mediafile: Cleanup mutagen error handling
+
+Instead of the individial mutagen format exceptions use the
+mutagen.MutagenError exception introduced in 1.25.
+
+Since 1.33 mutagen will only raise MutagenError for load/save/delete
+and no longer raise IOError. Translate both errors to UnreadableFileError
+to support older and newer mutagen versions. Unify error handling
+in __init__(), save() and delete().
+
+Since it's no longer possible to get an IOError from MediaFile, adjust
+all callers and tests accordingly.
+
+This was tested with mutagen 1.27 and current mutagen master.
+
+[smcv: backported to 1.3.19 by replacing six.text_type with unicode]
+
+Origin: upstream, 1.4.1, commit:629241efd389bea7b4075f2591a06f2ef462dc82
+---
+ beets/library.py   |  8 +++
+ beets/mediafile.py | 65 +++---
+ beetsplug/scrub.py | 13 ++
+ test/test_mediafile.py | 23 +-
+ 4 files changed, 64 insertions(+), 45 deletions(-)
+
+diff --git a/beets/library.py b/beets/library.py
+index 3450a35a..70fff1a7 100644
+--- a/beets/library.py
 b/beets/library.py
+@@ -25,7 +25,7 @@ import re
+ from unidecode import unidecode
+ 
+ from beets import logging
+-from beets.mediafile import MediaFile, MutagenError, UnreadableFileError
++from beets.mediafile import MediaFile, UnreadableFileError
+ from beets import plugins
+ from beets import util
+ from beets.util import bytestring_path, syspath, normpath, samefile
+@@ -560,7 +560,7 @@ class Item(LibModel):
+ read_path = normpath(read_path)
+ try:
+ mediafile = MediaFile(syspath(read_path))
+-except (OSError, IOError, UnreadableFileError) as exc:
++except UnreadableFileError as exc:
+ raise ReadError(read_path, exc)
+ 
+ for key in self._media_fields:
+@@ -607,14 +607,14 @@ class Item(LibModel):
+ try:
+ mediafile = MediaFile(syspath(path),
+   id3v23=beets.config['id3v23'].get(bool))
+-except (OSError, IOError, UnreadableFileError) as

Bug#853286: unblock: ruby-minitar/0.5.4-3.1

2017-01-31 Thread Markus Frosch 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ruby-minitar

CVE-2016-10173 has been fixed with the update.

See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853075
And diff:
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=853075;filename=ruby-minitar-0.5.4-3.1-nmu.diff;msg=10

unblock ruby-minitar/0.5.4-3.1

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)